tell that to salt typhoon who collected copious amounts of data on all of us.
https still uses unencrypted client hello's (ECH) across the vast majority of the internet, showing which domain the client is visiting in plaintext for multi-site servers to do SNI. DNS is still plaintext on most consumer routers/models provided by ISPs, stingray technology exists in the wild and is widely used to mimic cell towers. E2EE is not popular in consumer applications, even Telegram isn't E2EE and the main ones that claim they are like X's new Chat they have the keys on; Matrix having E2EE still shows meta data in plain text, room names in plain text.
While iMessages, RCS, Signal are mostly mainstream, most people are unaware of the need for E2EE. RCS is its own set of issues.
Pegasus, Cellbright, I can go on and on with the spyware companies that can just send a text message and infect devices with 0click exploits.
We can have E2EE but if they can just see the screen or hook in to the messaging app's memory doesn't mean much.
Pick up your cell phone, is it connected to Wifi? Can it see other Wifis? Apps track those nearby SSIDs and report to major databases to have accurate geo-location data down to the spot we stand.
Don't get me started on Ad-Tech.
The EU wants to install backdoors on everybody's devices and get rid of encryption entirely.
Zero Trust Technologies are a fun thing to read in to, especially the need for them.
> tell that to salt typhoon who collected copious amounts of data on all of us.
That is not a US government program.
You also brought up ECH, DoH, DoT, Android's fake cell tower detection, and Android's NEARBY_WIFI_DEVICES permission that also demonstrate a strong industry-wide push to limit mass surveillance, contributing to my argument that GGP's assertion that nothing has changed is incorrect.
> The EU wants to install backdoors on everybody's devices and get rid of encryption entirely.
No, it doesn't. Just because someone proposes something doesn't mean the EU wants it, especially when the EU completely removes that proposal from the table.
You're right, it isn't. It's a foreign one (allagedly) and they used the tools telecoms and agencies use to monitor data, sms, call logs with IMEI/IMS mapping. Those, do belong to government agencies.
> You also brought up ECH, DoH, DoT, Android's fake cell tower detection, and Android's NEARBY_WIFI_DEVICES permission that also demonstrate a strong industry-wide push to limit mass surveillance, contributing to my argument that GGP's assertion that nothing has changed is incorrect.
This sounds more like you want to be correct; data brokers and mass surveillance are at an all time high, with platform providers requiring biometrics, ID uploads, data being sold, re-sold, re-sprinkled.
Android devices that can not utilize the latest Android OS (16+) to my knowledge can not access these features, by default DoH, DoT are not enabled by default. Whether the device itself can show if a fake cell tower is being used is only one step. The telecom and infrastructure companies that provide 5g have more tech layered on top of it that is indeed vulnerable, salt typhoon sat dormant in major telecom and internet backbone devices for over a year before being discovered.
We don't know whos cyber campaigns or who's involved in surveillance. I'll often get customers sharing the same stories where they call their ISPs and the ISP operator will list all the websites the customer viewed in casual conversation over the phone; which is scary.
> No, it doesn't. Just because someone proposes something doesn't mean the EU wants it, especially when the EU completely removes that proposal from the table.
Yes, it does. Many countries are in favor of it in the EU and even if it fails, they keep proposing it until it'll pass.
The U.N. just signed a multi-nation treaty with 72 countries, including Russia, China, and Iran to swap data with other intelligence and law enforcement agencies with the data its collected as its joint mission to, on paper look like a good thing but broaden surveillance and share that data among countries.
https://vp.net/l/en-US/blog/72-Nations-Create-Global-Surveil...
The U.S. isn't involved with that, but here in the U.S. states are just now proposing VPN bans and requiring logging for major AI providers.
Most things are walled gardens.
The claims that it's getting better need all of us to put in a lot more work. Security, privacy, data integrity all go hand in hand.
Those SSIDs have among them, tracking that tracks MAC addresses, which can also be scanned out of the air using basic tools like aircrack-ng
A simple 'Share Your Location with this website' popup on a browser is more than enough to geo-locate you and provides enough information to geo-locate others on the same network.
It getting better is just not true. I wish that were the case, but it's going to take a lot of work for all of us.
> they used the tools telecoms and agencies use to monitor data, sms, call logs with IMEI/IMS mapping.
Telecoms use that data for billing. The government, notably, is not allowed to request this data en-masse post-Snowden.
> data brokers and mass surveillance are at an all time high, with platform providers requiring biometrics, ID uploads, data being sold, re-sold, re-sprinkled.
On the contrary, after GDPR, sharing of this data has become severely restricted, limiting this information to first parties.
> Android devices that can not utilize the latest Android OS (16+) to my knowledge can not access these features, by default DoH, DoT are not enabled by default
This permission was added in Android 13, also post-Snowden, representing a change limiting mass surveillance. DoH rolled out as the default to all Firefox and Chrome users in the U.S. in 2020.
> Yes, it does. Many countries are in favor of it in the EU and even if it fails, they keep proposing it until it'll pass.
Speculation. Mass surveillance is more difficult now than it was pre-Snowden, as I asserted. Maybe in 100 years, it will be different, but I made no claims about mass surveillance in the 22nd century.
> Those SSIDs have among them, tracking that tracks MAC addresses, which can also be scanned out of the air using basic tools like aircrack-ng
Android has defaulted MAC address randomization since version 10 and iOS since 14. This is yet another feature that made mass surveillance harder since Snowden.
https still uses unencrypted client hello's (ECH) across the vast majority of the internet, showing which domain the client is visiting in plaintext for multi-site servers to do SNI. DNS is still plaintext on most consumer routers/models provided by ISPs, stingray technology exists in the wild and is widely used to mimic cell towers. E2EE is not popular in consumer applications, even Telegram isn't E2EE and the main ones that claim they are like X's new Chat they have the keys on; Matrix having E2EE still shows meta data in plain text, room names in plain text.
While iMessages, RCS, Signal are mostly mainstream, most people are unaware of the need for E2EE. RCS is its own set of issues.
Pegasus, Cellbright, I can go on and on with the spyware companies that can just send a text message and infect devices with 0click exploits.
We can have E2EE but if they can just see the screen or hook in to the messaging app's memory doesn't mean much.
Pick up your cell phone, is it connected to Wifi? Can it see other Wifis? Apps track those nearby SSIDs and report to major databases to have accurate geo-location data down to the spot we stand.
Don't get me started on Ad-Tech.
The EU wants to install backdoors on everybody's devices and get rid of encryption entirely.
Zero Trust Technologies are a fun thing to read in to, especially the need for them.