this post was submitted on 07 Jul 2023
292 points (99.3% liked)

Technology

59341 readers
4753 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

VPN services and other security tools won't be able to protect people from this kind of state-surveillance. What's next for France's justice reform bill?

top 28 comments
sorted by: hot top controversial new old
[–] [email protected] 48 points 1 year ago (1 children)

France is really at a point of breaking. This is especially sad since France was the de facto leader of libre/foss movement in Europe.

[–] [email protected] 4 points 1 year ago (2 children)

Most other countries already have these sort of laws. In the US you’d just need a warrant from a Judge - which is laughably easy, especially with FISA warrants.

[–] [email protected] 14 points 1 year ago

The US really is not the standard any country should set for themselves

[–] [email protected] 10 points 1 year ago (2 children)

As far as I know, police cannot activate your phone's camera or microphone to spy on you in the US, even with a warrant. Do you know of something that says otherwise?

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

The ANT catalog[a] (or TAO catalog) is a classified product catalog by the U.S. National Security Agency (NSA) ... DROPOUTJEEP .... "A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted."

https://en.wikipedia.org/wiki/ANT_catalog

[–] [email protected] 3 points 1 year ago (1 children)

Then you know wrong. The FBI has been doing it for as long as phones have had cameras.

Article from 2013, and even then it wasn’t new: https://www.washingtonpost.com/business/technology/2013/12/06/352ba174-5397-11e3-9e2c-e1d01116fd98_story.html

[–] [email protected] 1 points 1 year ago

Thde only new thing is the technology allowing them to better spy on us.

[–] [email protected] 20 points 1 year ago

Louis Rossman has an interesting take on this

[–] [email protected] 11 points 1 year ago (1 children)

How is this supposed to work? Won't real criminals just buy more secure devices to circumvent this surveillance?

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (2 children)

This isn’t going to be regularly used. For the average iPhone user you’d probably need to use Pegasus, which costs something insane like US$60k per target device.

The more likey vector will be things like Ring doorbells - we already know Amazon will handover footage to Police without even requiring a warrant.

[–] [email protected] 6 points 1 year ago (1 children)

This isn’t going to be regularly used.

(눈‸눈)

[–] [email protected] 4 points 1 year ago (1 children)

I’m not saying they won’t want to use it, but Police have limited budgets like everyone else. A quick google shows the average salary of a police office in France is US$57k. Pegasus is $60k per use. If a police department has to choose between spying on 10 phones or hiring 10 more cops, I think they’re going to choose the extra manpower almost every time.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

A few things. How do we know it's going to be Pegasus? How do you know the price, why is it so expensive (and why would anyone assume it to stay so)?

Because if it actually is Pegasus, the main problem with this bill isn't surveillance (although it is most definitely a problem),
but the tacit endorsement of this unregulated infoweapon.

As the poet said: doubleplusungood.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I assume the French also gained access to stuff like DROPOUTJEEP after signing the secret Lustre treaty.

[–] [email protected] 11 points 1 year ago

Que Macron aille se faire enculer

[–] [email protected] 9 points 1 year ago (1 children)

I can't even imagine the protests that will erupt due to this.

[–] [email protected] 7 points 1 year ago
[–] [email protected] 6 points 1 year ago (1 children)

Anyone knows how they going to technically implement this?

[–] [email protected] 1 points 1 year ago

No. They don't grant police that power. The judicial system has that power. Just like it has the power to imprison people.

[–] [email protected] 1 points 1 year ago (1 children)

Can someone explain why VPN services can't protect people from that

[–] [email protected] 3 points 1 year ago (1 children)

https://www.techtarget.com/searchsecurity/news/252464873/Google-Triada-backdoors-were-pre-installed-on-Android-devices

Also, you're connecting to a nearby cell tower which then relays your connection to the wider web, with an exit point at your VPN provider.

If the nearby cell tower is compromised, they can try MITM attacks which might not need SSL authentication (e.g. you might have a backdoor on your device that does not require an external certificate to access it (in fact I would be surprised if it would)).

Doing this before would be illegal. Now it is legal.

[–] [email protected] 2 points 1 year ago (1 children)

MITM would break any remotely decent VPN. The article talks about being able to activate cameras and what not but offers no explanation of how. This would almost certainly require software to be installed on the target device. I don't see how this will accomplish any more than making it easier to get geolocation data.

[–] [email protected] 1 points 1 year ago (1 children)

The baseband firmware on your phone has access to all hardware resources and can be modified over the cellular connection without your cooperation or knowledge.

[–] [email protected] 3 points 1 year ago (1 children)

It can't be done by a third party without extreme effort. This requires the cell phone manufacturer to participate along with the cellular service company as well.

[–] [email protected] 1 points 1 year ago

Sorry for the late reply but I'd just like to warn you that it doesn't take a lot of effort. It takes some time, some knowledge of programming, electronics and communication protocols and a few hundred $$$ of equipment. DIY cell phone tower

load more comments
view more: next ›