Re: WhatsApp's New Policy Has...

2021-01-09 Thread Rich Kulawiec 
On Fri, Jan 08, 2021 at 01:31:56PM -0600, Dave Phelps wrote:
> Keybase was purchased by Zoom (
> https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html).
> >From what I've gathered, Zoom is too tight with, owned by, or run by China,
> so I believe there was a similar mass exodus from Keybase for lack of trust.

I've been maintaining a page of relevant links concerning Zoom since
late winter 2020.  It's here:

Zoom
http://www.firemountain.net/zoom.html

I need to add a link there concerning the complaint filed in the EDNY,
USA v. Xinjiang Jin (JIN).  As pointed out by File411, there are repeated
references in that complaint to "under 1 minute", as in:

Employee-1 explained that "The current requirement" -- apparently
referring to Company-1's internal restrictions -- "is that domestic
engineers cannot access the data of us clusters" -- indicating
that PRC-based software engineers were not permitted to access user
data stored on U.S.-based servers.  JIN responded "Net Security's
requirement is that [the employer] must have the authority to
directly handle it, and it must be handled within one minute.
For example, including U.S. users, if the issue of June 4th is
being discussed in a meeting, it must be handled within one minute
of [the meeting being reported], otherwise will be [rate] as
security non-compliant."

("June 4th" refers to Tiananmen Square - June 4, 1989.)

It's unclear yet exactly what this means/implies, but my working assumption
for the moment is that everything passing through Zoom is being made
available in real or close-to-real time to the PRC.

Also in the complaint:

JIN wrote in an electronic messages to other individuals who are
Company-1 employees stating that, even if other U.S. social media
and search companies had no business in the PRC, they still terminated
accounts and posted at the request of the "CN zf".  Based on open
source information and my training and experience, the "CN" in "CN zf"
refers to "China" (the PRC) and "zf" is shorthand for zhengfu,
a Chinese word for government.

---rsk

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Valdis Klētnieks 
On Fri, 08 Jan 2021 14:10:41 -0600, Richard Porter said:

> I missed that... *he says as he deletes Keybase*

Hopefully not before you told your Keybase contacts where you were going. :)


pgpytCcsAjPkH.pgp
Description: PGP signature

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Richard Porter 
Thanks Dave,
I missed that... *he says as he deletes Keybase*

On Fri, Jan 8, 2021 at 1:36 PM Dave Phelps  wrote:

> Keybase was purchased by Zoom (
> https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html).
> From what I've gathered, Zoom is too tight with, owned by, or run by China,
> so I believe there was a similar mass exodus from Keybase for lack of trust.
>
> On Fri, Jan 8, 2021 at 1:17 PM Richard Porter 
> wrote:
>
>> Has anyone considered or used Keybase?
>>
>> On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka  wrote:
>>
>>>
>>>
>>> On 1/8/21 19:26, Drew Weaver wrote:
>>>
>>> > This might be anecdotal but there is a ton of debate about whether or
>>> not Telegram is encrypted.
>>> >
>>> > This is not anecdotal though, on Wednesday night I saw an interview
>>> with a security expert on CNBC and he indicated that they knew that the
>>> riots in DC were going to happen because they had been "monitoring the
>>> extremists Telegram groups". What they didn't say was whether or not they
>>> were simply members of those groups, or monitoring from a
>>> "networking/technology" sense. I'm not sure if Signal does groups the same
>>> way that Telegram does but that one is widely believed to be much better
>>> than Telegram as far as privacy and security.
>>> >
>>> > Telegram is a tremendously useful (and free service) for connecting to
>>> Elastalert for all manner of notifications, but we have since moved to
>>> Teams for that just because we can't really be sure what is going on under
>>> the hood with Telegram.
>>> >
>>> > Just some things that I have observed, not trying to start a holy war.
>>>
>>> My rudimentary understanding of Telegram is that group messages are
>>> client-server, which is why new members can read old posts when they
>>> join a group.
>>>
>>> Signal, on the other hand, is p2p for members within the group. No
>>> messages are ever sent to their cloud.
>>>
>>> Mark.
>>>
>>

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Mike Bolitho 
Zoom bought Keybase.
Keybase also has a bit of technical overhead that prevents casual users
from adopting. It's why my group chats are migrating to Signal. Having
non-tech friends generate key strings and all that... definitely not going
to happen.

- Mike Bolitho


On Fri, Jan 8, 2021 at 12:17 PM Richard Porter 
wrote:

> Has anyone considered or used Keybase?
>

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Dave Phelps 
Keybase was purchased by Zoom (
https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html).
>From what I've gathered, Zoom is too tight with, owned by, or run by China,
so I believe there was a similar mass exodus from Keybase for lack of trust.

On Fri, Jan 8, 2021 at 1:17 PM Richard Porter 
wrote:

> Has anyone considered or used Keybase?
>
> On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka  wrote:
>
>>
>>
>> On 1/8/21 19:26, Drew Weaver wrote:
>>
>> > This might be anecdotal but there is a ton of debate about whether or
>> not Telegram is encrypted.
>> >
>> > This is not anecdotal though, on Wednesday night I saw an interview
>> with a security expert on CNBC and he indicated that they knew that the
>> riots in DC were going to happen because they had been "monitoring the
>> extremists Telegram groups". What they didn't say was whether or not they
>> were simply members of those groups, or monitoring from a
>> "networking/technology" sense. I'm not sure if Signal does groups the same
>> way that Telegram does but that one is widely believed to be much better
>> than Telegram as far as privacy and security.
>> >
>> > Telegram is a tremendously useful (and free service) for connecting to
>> Elastalert for all manner of notifications, but we have since moved to
>> Teams for that just because we can't really be sure what is going on under
>> the hood with Telegram.
>> >
>> > Just some things that I have observed, not trying to start a holy war.
>>
>> My rudimentary understanding of Telegram is that group messages are
>> client-server, which is why new members can read old posts when they
>> join a group.
>>
>> Signal, on the other hand, is p2p for members within the group. No
>> messages are ever sent to their cloud.
>>
>> Mark.
>>
>

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Saku Ytti 
On Fri, 8 Jan 2021 at 21:18, Richard Porter  wrote:

> Has anyone considered or used Keybase?

Didn't they sell their customers recently. I may be talking out of my posterior.

But on a more serious note, which of these are provably correct?

One of them used to offer you a local message and outgoing data
(signal?) so you could independently verify that they send the correct
data out, reflecting the algorithmic choice you have. So instead of
trusting that(signal?) you have to trust the algorithm, which they
don't control.




>
> On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka  wrote:
>>
>>
>>
>> On 1/8/21 19:26, Drew Weaver wrote:
>>
>> > This might be anecdotal but there is a ton of debate about whether or not 
>> > Telegram is encrypted.
>> >
>> > This is not anecdotal though, on Wednesday night I saw an interview with a 
>> > security expert on CNBC and he indicated that they knew that the riots in 
>> > DC were going to happen because they had been "monitoring the extremists 
>> > Telegram groups". What they didn't say was whether or not they were simply 
>> > members of those groups, or monitoring from a "networking/technology" 
>> > sense. I'm not sure if Signal does groups the same way that Telegram does 
>> > but that one is widely believed to be much better than Telegram as far as 
>> > privacy and security.
>> >
>> > Telegram is a tremendously useful (and free service) for connecting to 
>> > Elastalert for all manner of notifications, but we have since moved to 
>> > Teams for that just because we can't really be sure what is going on under 
>> > the hood with Telegram.
>> >
>> > Just some things that I have observed, not trying to start a holy war.
>>
>> My rudimentary understanding of Telegram is that group messages are
>> client-server, which is why new members can read old posts when they
>> join a group.
>>
>> Signal, on the other hand, is p2p for members within the group. No
>> messages are ever sent to their cloud.
>>
>> Mark.



-- 
  ++ytti

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Richard Porter 
Has anyone considered or used Keybase?

On Fri, Jan 8, 2021 at 1:14 PM Mark Tinka  wrote:

>
>
> On 1/8/21 19:26, Drew Weaver wrote:
>
> > This might be anecdotal but there is a ton of debate about whether or
> not Telegram is encrypted.
> >
> > This is not anecdotal though, on Wednesday night I saw an interview with
> a security expert on CNBC and he indicated that they knew that the riots in
> DC were going to happen because they had been "monitoring the extremists
> Telegram groups". What they didn't say was whether or not they were simply
> members of those groups, or monitoring from a "networking/technology"
> sense. I'm not sure if Signal does groups the same way that Telegram does
> but that one is widely believed to be much better than Telegram as far as
> privacy and security.
> >
> > Telegram is a tremendously useful (and free service) for connecting to
> Elastalert for all manner of notifications, but we have since moved to
> Teams for that just because we can't really be sure what is going on under
> the hood with Telegram.
> >
> > Just some things that I have observed, not trying to start a holy war.
>
> My rudimentary understanding of Telegram is that group messages are
> client-server, which is why new members can read old posts when they
> join a group.
>
> Signal, on the other hand, is p2p for members within the group. No
> messages are ever sent to their cloud.
>
> Mark.
>

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Mark Tinka 




On 1/8/21 19:26, Drew Weaver wrote:


This might be anecdotal but there is a ton of debate about whether or not 
Telegram is encrypted.

This is not anecdotal though, on Wednesday night I saw an interview with a security expert on CNBC 
and he indicated that they knew that the riots in DC were going to happen because they had been 
"monitoring the extremists Telegram groups". What they didn't say was whether or not they 
were simply members of those groups, or monitoring from a "networking/technology" sense. 
I'm not sure if Signal does groups the same way that Telegram does but that one is widely believed 
to be much better than Telegram as far as privacy and security.

Telegram is a tremendously useful (and free service) for connecting to 
Elastalert for all manner of notifications, but we have since moved to Teams 
for that just because we can't really be sure what is going on under the hood 
with Telegram.

Just some things that I have observed, not trying to start a holy war.


My rudimentary understanding of Telegram is that group messages are 
client-server, which is why new members can read old posts when they 
join a group.


Signal, on the other hand, is p2p for members within the group. No 
messages are ever sent to their cloud.


Mark.

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Mark Tinka 




On 1/8/21 19:00, Ge DUPIN wrote:

There is also Telegram, which is quite good 


My rough formula:

    Signal > Telegram > iMessage > WhatsApp

Mark.

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Mark Tinka 




On 1/8/21 18:56, Andy Ringsmuth wrote:


Same boat here. I don’t even have a FB account but I am in a handful of 
WhatsApp groups.


Ditched my Facebook account in 2012, after some glitch posted private 
messages to one's time line. Never looked back.


Mark.

RE: WhatsApp's New Policy Has...

2021-01-08 Thread Drew Weaver 
Personally it was the inability to set policies/controls on usage and not 
having any visibility with what Telegram was doing.

But again, everyone should do whatever everyone wants to do.



-Original Message-
From: Saku Ytti  
Sent: Friday, January 8, 2021 1:24 PM
To: Drew Weaver 
Cc: Ge DUPIN ; Andy Ringsmuth ; 
nanog@nanog.org
Subject: Re: WhatsApp's New Policy Has...

On Fri, 8 Jan 2021 at 20:05, Drew Weaver  wrote:

> Everyone can and should use whatever signals they want to make their own 
> decisions.

Sorry, I'm still confused. What was the signal that you used to change from 
Telegram to Teams?

--
  ++ytti

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Saku Ytti 
On Fri, 8 Jan 2021 at 20:05, Drew Weaver  wrote:

> Everyone can and should use whatever signals they want to make their own 
> decisions.

Sorry, I'm still confused. What was the signal that you used to change
from Telegram to Teams?

-- 
  ++ytti

RE: WhatsApp's New Policy Has...

2021-01-08 Thread Drew Weaver 
Well, I suppose you can't really know for sure that Teams is following any sort 
of best practices but Teams does let you set standards for security and privacy 
in the admin center a couple of other points:

A) It seems like if there is an issue with Teams they have more of an 
imperative to fix it (as well as financial and technical resources)
B) If you do a few searches on your favorite search engine regarding Telegram 
there appears to be debate about what it's doing in regards to security, 
privacy, storage/custody of data, etc.

Everyone can and should use whatever signals they want to make their own 
decisions.



-Original Message-
From: Saku Ytti  
Sent: Friday, January 8, 2021 12:36 PM
To: Drew Weaver 
Cc: Ge DUPIN ; Andy Ringsmuth ; 
nanog@nanog.org
Subject: Re: WhatsApp's New Policy Has...

On Fri, 8 Jan 2021 at 19:29, Drew Weaver  wrote:


> Telegram is a tremendously useful (and free service) for connecting to 
> Elastalert for all manner of notifications, but we have since moved to Teams 
> for that just because we can't really be sure what is going on under the hood 
> with Telegram.

For my education, how is Teams doing this better, and can I independently 
verify it?

--
  ++ytti

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Saku Ytti 
On Fri, 8 Jan 2021 at 19:29, Drew Weaver  wrote:


> Telegram is a tremendously useful (and free service) for connecting to 
> Elastalert for all manner of notifications, but we have since moved to Teams 
> for that just because we can't really be sure what is going on under the hood 
> with Telegram.

For my education, how is Teams doing this better, and can I
independently verify it?

-- 
  ++ytti

RE: WhatsApp's New Policy Has...

2021-01-08 Thread Drew Weaver 
This might be anecdotal but there is a ton of debate about whether or not 
Telegram is encrypted. 

This is not anecdotal though, on Wednesday night I saw an interview with a 
security expert on CNBC and he indicated that they knew that the riots in DC 
were going to happen because they had been "monitoring the extremists Telegram 
groups". What they didn't say was whether or not they were simply members of 
those groups, or monitoring from a "networking/technology" sense. I'm not sure 
if Signal does groups the same way that Telegram does but that one is widely 
believed to be much better than Telegram as far as privacy and security. 

Telegram is a tremendously useful (and free service) for connecting to 
Elastalert for all manner of notifications, but we have since moved to Teams 
for that just because we can't really be sure what is going on under the hood 
with Telegram.

Just some things that I have observed, not trying to start a holy war.



-Original Message-
From: NANOG  On Behalf Of Ge 
DUPIN
Sent: Friday, January 8, 2021 12:00 PM
To: Andy Ringsmuth 
Cc: nanog@nanog.org
Subject: Re: WhatsApp's New Policy Has...

There is also Telegram, which is quite good 

Ge Dupin

> Le 8 janv. 2021 à 17:56, Andy Ringsmuth  a écrit :
> 
> Same boat here. I don’t even have a FB account but I am in a handful of 
> WhatsApp groups. Most are family related but one is a tight-knit men’s group 
> at church where privacy is important. The “hey men, I’m struggling with 
>  and I need support” type group.
> 
> We’re ditching WhatsApp likely for Signal as well. I trust satan himself more 
> than I trust Zuckerburg.
> 
> 
> Andy Ringsmuth
> 5609 Harding Drive
> Lincoln, NE 68521-5831
> (402) 304-0083
> a...@andyring.com
> 
> “Better even die free, than to live slaves.” - Frederick Douglas, 1863
> 
>> On Jan 8, 2021, at 10:00 AM, Mark Tinka  wrote:
>> 
>> ... finally been the final push all my friends needed to dump it and move to 
>> Signal.
>> 
>> Several of the WhatsApp groups I'm on have, as of this morning, been 
>> disbanded and re-launched on Signal.
>> 
>> Facebook say the new policy applies to business accounts, but heck, the 
>> cat's out the bag and gone.
>> 
>> What's most amazing to me is that a lot more people seem to be a tad more 
>> concerned about their privacy, when they ordinarily wouldn't have.
>> 
>> Mark.
>

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Ge DUPIN 
There is also Telegram, which is quite good 

Ge Dupin

> Le 8 janv. 2021 à 17:56, Andy Ringsmuth  a écrit :
> 
> Same boat here. I don’t even have a FB account but I am in a handful of 
> WhatsApp groups. Most are family related but one is a tight-knit men’s group 
> at church where privacy is important. The “hey men, I’m struggling with 
>  and I need support” type group.
> 
> We’re ditching WhatsApp likely for Signal as well. I trust satan himself more 
> than I trust Zuckerburg.
> 
> 
> Andy Ringsmuth
> 5609 Harding Drive
> Lincoln, NE 68521-5831
> (402) 304-0083
> a...@andyring.com
> 
> “Better even die free, than to live slaves.” - Frederick Douglas, 1863
> 
>> On Jan 8, 2021, at 10:00 AM, Mark Tinka  wrote:
>> 
>> ... finally been the final push all my friends needed to dump it and move to 
>> Signal.
>> 
>> Several of the WhatsApp groups I'm on have, as of this morning, been 
>> disbanded and re-launched on Signal.
>> 
>> Facebook say the new policy applies to business accounts, but heck, the 
>> cat's out the bag and gone.
>> 
>> What's most amazing to me is that a lot more people seem to be a tad more 
>> concerned about their privacy, when they ordinarily wouldn't have.
>> 
>> Mark.
>

Re: WhatsApp's New Policy Has...

2021-01-08 Thread Andy Ringsmuth 
Same boat here. I don’t even have a FB account but I am in a handful of 
WhatsApp groups. Most are family related but one is a tight-knit men’s group at 
church where privacy is important. The “hey men, I’m struggling with  and I need support” type group.

We’re ditching WhatsApp likely for Signal as well. I trust satan himself more 
than I trust Zuckerburg.


Andy Ringsmuth
5609 Harding Drive
Lincoln, NE 68521-5831
(402) 304-0083
a...@andyring.com

“Better even die free, than to live slaves.” - Frederick Douglas, 1863

> On Jan 8, 2021, at 10:00 AM, Mark Tinka  wrote:
> 
> ... finally been the final push all my friends needed to dump it and move to 
> Signal.
> 
> Several of the WhatsApp groups I'm on have, as of this morning, been 
> disbanded and re-launched on Signal.
> 
> Facebook say the new policy applies to business accounts, but heck, the cat's 
> out the bag and gone.
> 
> What's most amazing to me is that a lot more people seem to be a tad more 
> concerned about their privacy, when they ordinarily wouldn't have.
> 
> Mark.

WhatsApp's New Policy Has...

2021-01-08 Thread Mark Tinka 
... finally been the final push all my friends needed to dump it and 
move to Signal.


Several of the WhatsApp groups I'm on have, as of this morning, been 
disbanded and re-launched on Signal.


Facebook say the new policy applies to business accounts, but heck, the 
cat's out the bag and gone.


What's most amazing to me is that a lot more people seem to be a tad 
more concerned about their privacy, when they ordinarily wouldn't have.


Mark.