Retired U.S. General on CNN claiming Signal threads can be “intercepted” and that it was “proven in Ukraine.” What does that mean? Keylogging/etc? Or is Signal itself compromised? Thoughts @Mer__edith? #encryption #signal https://www.cnn.com/2025/04/20/politics/video/leighton-singh-hegseth-second-signal-chat-nr-digvid

CNN · 1dRetired colonel reacts to reports Hegseth shared detailed military plans in second Signal chat | CNN PoliticsSecretary of Defense Pete Hegseth shared detailed plans about a military operation against the Houthis in Yemen on a second Signal group chat that included his wife, lawyer and brother, three people familiar with the chat told CNN. Former Deputy Pentagon Press Secretary Sabrina Singh and CNN military analyst retired US Air Force Col. Cedric Leighton join Jessica Dean to discuss.

**fraggle** @fraggle@1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa · 2d

fraggle @fraggle@1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa

Magicwormhole was created by developer Brian Warner as a response to the overly complex ways people transfer files securely. Introduced in the mid-2010s, it aimed to make file transfers between devices as simple and trustworthy as handing a USB stick to someone next to you.

At its core, magicwormhole uses a concept called PAKE, or Password Authenticated Key Exchange, which allows two computers to establish a secure, encrypted channel over the internet using a short one-time code. That code acts as both an identifier and a temporary password, ensuring the connection can’t be intercepted or spoofed.

The project gained popularity in privacy and open source circles for its ease of use and its ability to work across firewalls, NAT, and without user accounts. Unlike most tools, it requires no setup, servers, or third-party cloud services. It simply connects you to the other device, does the job, and vanishes.

It remains one of the cleanest examples of what simple, privacy-respecting software can look like.

#MagicWormhole #PrivacyTools #SecureTransfer

**robrich** @robrich@hachyderm.io · 3d

robrich @robrich@hachyderm.io

#Base64 is not #encryption

**Joe Ortiz** @joeo10@mastodon.sdf.org · 4d

Joe Ortiz @joeo10@mastodon.sdf.org

Sadly, this is only the beginning of a domino effect should it go into law.

https://techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/

TechCrunch · 4dFlorida draft law mandating encryption backdoors for social media accounts billed 'dangerous and dumb' | TechCrunchA digital rights group blasted the Florida bill, but lawmakers voted to advanced the draft law.

#encryption #backdoors #privacy

**Daniel Wayne Armstrong** @dwarmstrong@fosstodon.org · 4d

Daniel Wayne Armstrong @dwarmstrong@fosstodon.org

Disable password logins on the SERVER in favour of using SSH keys for authentication. Create the necessary SSH keys on a NetBSD CLIENT that will be used to secure access to remote devices:

https://www.dwarmstrong.org/netbsd-ssh-keys/

www.dwarmstrong.orgUse SSH keys on NetBSD for Passwordless Logins to Servers ☯ Daniel Wayne ArmstrongLibre all the things

#SSH #NetBSD #RunBSD

**Efani** @Efani@infosec.exchange · 4d

Efani @Efani@infosec.exchange

Android just got a quiet but powerful security upgrade: automatic reboots after 3 days of device inactivity.

Google has rolled out a new feature via Google Play Services: if an Android device remains locked for 3 consecutive days, it will now automatically reboot.

Why this matters:
Rebooting puts the phone back into the "Before First Unlock" state — where data remains fully encrypted and inaccessible without the passcode. This makes it significantly harder for anyone trying to extract sensitive data using forensic tools like Cellebrite or Magnet.

Apple introduced a similar feature last year, signaling a broader trend: both ecosystems are reinforcing protections against post-unlock data extraction, often used by law enforcement or threat actors.

This feature:

- Reduces exposure time after a phone is seized or stolen
- Restores full disk encryption status automatically
- Adds a layer of passive defense even if users don’t act

At @Efani, we advocate for security that works even when you’re not paying attention. Automatic reboots after periods of inactivity are a subtle but smart move — one that helps prevent surveillance, data harvesting, and unauthorized access.

It’s not just about convenience anymore. It’s about digital self-defense by default.

#MobileSecurity #Android #Encryption

Replied in thread

**Debacle** @debacle@framapiaf.org · 4d

Debacle @debacle@framapiaf.org

@movim @dominik

Note, that #OMEMO has been taken directly from Signal, only adapted for #XMPP.

Most modern #Jabber clients default to OMEMO for one-to-one conversations nowadays. For private groups, I believe, users still have to enable it explicitely.

I'm not aware of any public Jabber server that would still accept non-TLS connections, so you have both transport #encryption and #e2ee.

**Manuel 'HonkHase' Atug** @HonkHase@chaos.social · 5d

Manuel 'HonkHase' Atug @HonkHase@chaos.social

EU, Backdoor

**LMG Security** @LMGsecurity@infosec.exchange · 5d

LMG Security @LMGsecurity@infosec.exchange

Quantum computing is on the horizon, and it has the potential to revolutionize the way we think about cybersecurity. Join our April 23rd live session where cybersecurity experts @sherridavidoff and @MDurrin will dive into the implications of quantum technology on encryption and data security. Learn what steps security leaders should take today to prepare for this disruptive shift.

Don’t miss out on this opportunity to ask questions and stay ahead of emerging threats. Register now!

https://www.lmgsecurity.com/event/cyberside-chats-live-april25/

cyberside live hot topics expert cybersecurity insights apr 25

LMG SecurityCyberside Chats: Live! Quantum Shift: How Cybersecurity Must Evolve Now | LMG SecurityIn this quick, high-impact session, we’ll dive into the top three cybersecurity priorities every leader should focus on. From integrating AI into your defenses to tackling deepfake threats and tightening third-party risk management, this discussion will arm you with the insights you need to stay secure in the year ahead.

#QuantumComputing #Cybersecurity #Encryption

**DeadSwitch @ T0m's 1T C4fe** @TomsITCafe@mastodon.social · 5d

**frox** @frox@tooting.ch · 5d

frox @frox@tooting.ch

The #encryption topic in #InstantMesaging is popular again recently. As usual there's a lot of misunderstanding and little discussion of a #ThreatModel when giving recommendations.
If the private key is backed up with Apple or Google from your phone, then your messages may as well not be encrypted I've again seen this indirectly with contacts changing phones and their keys are the same as on their old device. Due to automatic backups I guess.
Doesn't matter if it's #WhatsApp, #Signal or #XMPP

**nemo™** @nemo@mas.to · 6d

nemo™ @nemo@mas.to

A global coalition is warning Sweden against encryption backdoor legislation. The proposed law, aimed at combating crime, could compromise digital security and force companies like Signal to leave the Swedish market. #Encryption #Privacy #Sweden #newz

https://cyberinsider.com/global-coalition-warns-sweden-against-encryption-backdoor-legislation/

CyberInsider · Apr 11Global Coalition Warns Sweden Against Encryption Backdoor LegislationA coalition of 237 orgs, security experts, and tech firms issued a letter urging Sweden's government to reject a proposed surveillance law.

**9x0rg** @9x0rg@mamot.fr · Apr 15

Apr 15

9x0rg @9x0rg@mamot.fr

If you're worried about where to host your data in Europe, remember that not all EU member states are created equal when it comes to encryption keys disclosure laws.

See the **Key Disclosure Law** page on Wikipedia[1] - the legislation that requires individuals to hand over cryptographic keys to law enforcement.

My top pick:
- Germany
- Iceland
- Belgium (see note on WP)
- Switzerland (yet)

[1]: https://en.wikipedia.org/wiki/Key_disclosure_law

en.wikipedia.orgKey disclosure law - Wikipedia

#Encryption #EE2E #NothingToHide