The article says this, however, which I don't really understand:
> He suggested one of the chat's other members could have warned the police, but if that were the case, that other member would have to be charged, not Verma.
Can anyone help explain this?
If you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
(Normally we'd revert the title, but the comments in this thread have been so skewed by submitted title that the thread won't make sense anymore if I do that.)
The truth is, it isn't public knowledge how this unfolded and anything suggesting otherwise is conjecture.
Also, this post doesn't' reflect the article title, "Spanish judge clears British teen of Menorca flight bomb hoax charges".
This is arguably even creepier than government surveillance, since it implies Snapchat employees are looking at the content of private chats and the user may never know.
"we may need to enforce our Terms and other policies. In some cases, we may also use or share your information to cooperate with law enforcement requests, escalate safety issues to law enforcement, industry partners, or others, or comply with our legal obligations."
There is no mystery or need for intelligence skullduggery here.
This doesn't make sense to me. Why would that other member be charged for reporting a threat?
I'm not suggesting they should be, but just following the same logic as your comment.
If you are a comedian working on a joke and write one about a political assassination in your private journal, certainly you can't be charged with communicating a threat, because you did not communicate it. But if a friend/enemy finds your notebook, knows you have no intent to harm, but reports the journal to authorities out of spite anyways, then the friend could be culpable for communicating a false threat, even though the joke is in your handwriting. Maybe they were getting at something like that?
In any case, it was very awkward wording at best for a report from Reuters, it should have been either explained or left out.
What more do you need to know?
"somehow" is doing a lot of heavy lifting there. There are multiple routes to alert the authorities by the public that don't involve randomly intercepting internet traffic.
(Although in the background, fuckups are always possible and they did send a fighter jet initially so there was some pressure to follow through. Still not enough to risk a major secret.)
100% zuck is ratting me out. every message.
considering xkeyscore and prism are over 10 years old. can only imagine what things are like now.
also by relying on the whatsapp metadata (the one where you can export by urself), it should be already good enough for feds agent to locate u.
for the E2E itself, as non crypto guy, seems the open whisper paper implemented on whatsapp alr good enough?
i think wikileaks showed us that we cannot really trust anything when it comes to the sophistication of tech surveillance.
Though ideally I should expect privacy from the electronics I own.
These fuckups should be paid for out of their budget.
If the intelligence agency revealed they were involved then not only could the person involved sue to get his own charges dismissed, but more importantly he could also sue the NSA to try to get the entire program scrapped. Countless entities (Wikimedia, EFF, and others) have tried to sue the NSA for this but it always ends the same way. They can't prove they were hurt by spying, or even that they were spied on, so the cases get tossed for lack of standing.
So they are actually being honest when they say they don't want to give away their capabilities, but that's because what they're doing is probably illegal. At least in the US, but I assume the UK must have something akin to the 4th amendment. To not have a government randomly spying on everybody is one of the foundations of a Free society. We were supposed to learn from KGB, Stasi, and so on. And maybe we did, but not the right lessons.
---
[1] - https://en.wikipedia.org/wiki/Parallel_construction
[2] - https://web.archive.org/web/20130806082051/http://www.reuter...
It seems the link stopped working some time in the past 2 weeks or so.
"We messed up, send the Spanish authorities to scramble a jet to escort the flight, but he should pay for that"
The balls on these guys.
Presumably, the "We" is British intelligence, but it's Spanish prosecutors that were asking for the kid to reimburse the Spanish government for the cost of scrambling the fighter jet.
Those aren't the same people, though.
1. The /feds/ broke Snapschat's end to end encryption and they're monitoring for all traffic with designated stopwords, or...
2. One of his friends reported him, one way or another, or..
3. Snapchat's end to end encryption is... not. I can't find any definitive statement that the chat messages themselves are E2EE, only that photos and videos are encrypted and the key is exchanged between users[1]. This means that Snapchat can monitor for text messages or decrypt uploaded attachments when necessary, since they have access to the message that contains the key for the attachment.
Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
Snap doesn't mention encryption in regards to chat, only in "my memories"
I don't think anyone has "broken" proper encryption that any major service is using, but I believe there is proof that the encryption is being bypassed in one of multiple ways.
One way could be through things like Pegasus, the Israeli spyware that can be silently installed on mobile phones. How this gets onto the device in the first place is not disclosed, but with the major app stores already having the capability to remotely install apps without your permission, this is obviously a very easy way to do it.
There have also been leaked US government documents stating that they have systems in place to monitor unencrypted messages from major proprietary apps like Facebook, Whatsapp, Instagram etc. I think any time you don't have the source code to at least the client program, there's no guarantee it's properly encrypting things in the first place.
Also it's possible the Whatsapp and similar programs are simply compromised by design, to where even though messages DO use E2EE, the client program itself could still be intercepting the messages secretly BEFORE they're encrypted and then doing who knows what with them. Without the source it's hard to know.
And with UK being part of Five Eyes I don't doubt at least some of this tech is shared with them.
On device content scanning notifies Snapchat of a certain type of threat, that + metadata goes to a real-time law-enforcement system which combines it with other sources to decide whether a lawful intercept is warranted - if so, Snapchat pulls the cached messages off the device and forwards them on.
It’s arguable that would be reasonable and legal, depending on the watchlist.
The kid was using airport wifi for this right? I'd guess public airport wifi installs some backdoored SSL cert and is generally monitored (and you probably agree to this ToS when you use it) - you may even agree to not make jokes about planes - I wouldn't be surprised.
I've implemented E2EE in group chats using Olm/Megolm and it's not easy to scale and comes with a ton of limitations.
If I was running Snapchat, I wouldn't see the point in dedicating that many resources and infrastructure to it.
Not if it was architected properly from the beginning.
Reminds me of whenever I used to phone a friend during my teenage years I would always start with "BOMB QUEEN, BOMB QUEEN."
Snapchat text is often used to prosecute people, I think the message being forwarded is a likely explanation, despite chats not being thoroughly encrypted and the article saying it would be unlikely. Could have been an anonymous tip.
This is an interesting theory, if it's technically possible would be it. For sure airports would watch such traffic if they technically can.
"It was previously thought the WiFi network at London Gatwick Airport could have intercepted it, but an airport spokesperson told the BBC it didn't have that capability."
Else it's the 'friends'
I mean... joking about bomb threats at an airport is not "not doing anything wrong".
Should we throw the person in prison for it? No, of course not. Is it a dumb thing to do? I think so. Very dumb.
> you should always use E2E encrypted communication
I agree with that.
This isn't just Snapchat surveillance. Most of the people joking about "bombs" aren't at the airport. If they knew he both joked, and was currently at the airport, then the surveillance has to be much more pervasive somehow.
in a private message to friends? it most definitely is.
also what does airports have to do with anything? are you implying its okay to do if the target is a rural farmhouse, but not an airport?
There was a lot of laughter and it made me far less annoyed about the delay. It was hilarious.
