Yep. It works and it’s awesome. I use conversations on android devices and dino and gajim on desktops, various family members use siskin on iOS.
With zero app or server-software or provider lock-in, and an actual in-practice diversity of apps and providers, the whole thing seems pretty immune to enshittification.
Well within the budget of a private investigator or burglar or peeping-tom or abusive ex-partner.
No need to scale; plenty of privacy/security incursions don’t require mass-surveillance.
That said, I’d suggest that the attack does scale economically . Think war-driving but with one of these setups – cruising around in a van through a dense neighbourhood collecting short clips of cctv footage looking for something of interest.
[…] the attack is an extremely expensive nation state level operation that doesn’t scale.
About $250 at most. Quoting the linked page:
Below is a list of equipment we used for the experiments.
- (1) Software Defined Ratio (SDR): Ettus USRP B210 USRP, ~$2100.
- (2) Low Noise Amplifier (LNA): Foresight Intelligence FSTRFAMP06 LNA, ~$200.
- (3) Directional Antenna: A common outdoor Log-periodic directional antenna (LPDA), ~$15.
- (4) A laptop, of course.
Note that the equipment can be replaced with cheaper counterparts. For example, USRP B210 can be replaced with RTL-SDR that costs ~$30.
To reproduce the attack: our GitHub repository provides the codes and instructions for reproducing and understanding the attack. We have prepared a ready-to-use software tool that can produce real-time reconstructions of the eavesdropped videos with EM signal input from the USRP device.
No, the “distributor” is the part which runs on your portable device, receives the push notifications, and wakes up the target apps as necessary.
Conversations can be a unified push distibutor: https://unifiedpush.org/users/distributors/conversations/
…and I’d trust it (battery-wise) with that. I have an old tablet with conversations running without battery restrictions on it, and if I’m not actually picking it up and using it it regularly goes 1-2 weeks on an 80% battery charge before it dies, the whole time giving audible notifications for XMPP messages/calls (which I attend to on other devices).
To be clear though: by E2EE here I mean browser-side encryption with zero-knowledge on the server side.
Etherpad is still encrypted in transit with https; only the server can snoop.
Cryptpad and other web-based E2EE services can still be completely compromised server-side by serving malicious code to the browser, and practically the user would never know.
Cryptpad:
Etherpad:
PrivateBin:
Sorry everyone, I did try searching the lemmyverse for any previous postings of this article using “signal” in the search feature on my instance, but it turned up nothing at the time.
Lemmy.world seems to have a handle on all the cross posts: https://lemmy.world/post/9121235