this post was submitted on 23 Jun 2025
342 points (99.4% liked)

Technology

71922 readers
5954 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
342
The Guardian and Cambridge University's Department of Computer Science unveil new secure technology to protect sources (www.theguardian.com)
submitted 3 days ago* (last edited 3 days ago) by [email protected] to c/[email protected]
59 comments fedilink hide all child comments
 

Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 2 days ago (4 children)

It's called encryption

[–] [email protected] 4 points 2 days ago (1 children)

Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.

This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.

[–] [email protected] 0 points 2 days ago* (last edited 2 days ago) (3 children)

Packet data has headers that can identify where it's coming from and where it's going to

Wouldn't you have to have some sort of MITM to be able to inspect that traffic?

This is also why something like Tor manages to circumvent packet sniffing

TOR is what their already-existing tip tool uses.

[–] [email protected] 2 points 2 days ago

Wouldn't you have to have some sort of MITM to be able to inspect that traffic?

You mean like your workplace wifi that you're blowing the whistle at?

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

Wouldn’t you have to have some sort of MITM to be able to inspect that traffic?

That, or a court order telling your ISP or mobile operator to allow the sniffing. Or just the police wanting to snoop your stuff because they can. Not every country cares about individual or human rights, you know

TOR is what their already-existing tip tool uses.

Yes, but tor can be blocked at a firewall level, its packets are easy to identify. "Nations like China, Iran, Belarus, North Korea, and Russia have implemented measures to block or penalize Tor usage"

[–] [email protected] 1 points 1 day ago (1 children)

Would you? Are the headers encrypted?

[–] [email protected] 1 points 1 day ago (1 children)

Does it matter? How would you get access to such information?

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago) (1 children)

If the header isn't encrypted it'd be easy to inspect, and thus easy to determine where it goes, which is why it matters.

Based on your questions, it sounds like you're expecting the network traffic itself to be encrypted, as if there were a VPN. Does signal offer such a feature? My understanding is that the messages themselves are encrypted, but the traffic isn't, but I could be wrong.

[–] [email protected] 0 points 1 day ago (1 children)

If the header isn't encrypted it'd be easy to inspect

Easy for whom? How are you getting access to the traffic info?

[–] [email protected] 1 points 1 day ago (1 children)

You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?

I'd say it's a pretty reasonable suggestion to say we start with those guys. If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?

[–] [email protected] 0 points 1 day ago (1 children)

You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?

LOL no? I'd never blow the whistle on my employer from my desk. Even if I did, I would connect to a different network.

I recognize other people are not as conscious as I am of that vulnerability but you asked about me, specifically.

If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?

Any number of other people. Primarily the government.

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

Any number of other people. Primarily the government.

Right, so if the header isn't encrypted, it'd be trivial for them to see who you're sending to, which is why that's important.

You never answered my question - do you think the network connection itself is encrypted? Or just the content of the messages?

[–] [email protected] 3 points 2 days ago* (last edited 2 days ago)

How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you're trying to hand-waive away by saying "encryption means you're good!"

Cyber security is not my thing, but my understanding is that you'd still see network traffic - you just wouldn't know what it says.

[–] [email protected] 3 points 2 days ago

I run a cryptography forum

Encryption doesn't hide data sizes unless you take extra steps