Slashdot Mirror
France is Building Its Own Encrypted Messaging Service To Ease Fears That Foreign Entities Could Spy on Private Conversations (reuters.com)
The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday. From a report: None of the world's major encrypted messaging apps, including Facebook's WhatsApp and Telegram -- a favorite of President Emmanuel Macron -- are based in France, raising the risk of data breaches at servers outside the country.
About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."
About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."
Why not just audit https://xmpp.org/ and call it good?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Ok but....What's stopping the french government to eavesdrop on the communications used on this app? Or Are they willing to go as far as to implement strong crypto even they can't break?
To Ease Fears That Foreign Entities Could Spy on Private Conversations
... but enshrine the ability of the French Government to spy on private conversations.
I think it was Bruce Schneier who said "Everyone wants you to have privacy... just not from them".
Whereas were it done by a US government contractor, it'd be late, not work as intended and be around 4x over budget.
Sound Illegal already. Just give it some time.
They seemed to build their end of the Channel Tunnel in the same length of time as it took the British to do their half. In the mean time you can't get a f---ing tunnel everyone knows needs building that goes 1/20th of the distance in the US because of politics, and it'll cost 10x as much if it ever gets built. So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?
My understanding is that designing a (more or less) truly secure application is quite difficult. The encryption math can probably be handled quite easily, but there a myriad of ways to mess up the logic that goes around the math (key generation, key storage, key transport, etc).
Color me surprised. I supposed that, at least developed countries, would have specialised services for their important personnel to comunicate through.
Minitel goes secure huh...
Nullius in verba
They seemed to build their end of the Channel Tunnel in the same length of time as it took the British to do their half. In the mean time you can't get a f---ing tunnel everyone knows needs building that goes 1/20th of the distance in the US because of politics, and it'll cost 10x as much if it ever gets built. So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?
I don't know about 30hours vs 40hour workweeks- but there have been studies that show increasing work hours per week does have diminishing returns up until a point where adding more hours does actually result in lower overall productivity.
There have also been studies that show that taking a lot of vacation actually increases productivity over the year than forcing people to go to work 50 weeks a year and only have 2 weeks vacation. America's stingy vacation policy actually negatively impacts productivity. If you want your workers to be more productive over a year- give them 6 weeks off not 2.
"That's the way to do it" - Punch
There you go giggleloop, under-estimating the project again!
Anybody - a government, a group, an individual - who wants secure encrypted communications they trust can get them.
If you're just careful, you can download code from trusted sources, spin it up, and run your own servers.
If you're paranoid and have more resources, you can audit the code before using it.
if you're REALLY paranoid, you can go to the theory papers and write your own code.
Governments and law enforcement agencies have to stop dreaming about systems that are secure against everyone except them - that horse left the barn in the 1990's, never to return.
To a Lisp hacker, XML is S-expressions in drag.
So I'd say the French are fine actually with their 30 hour weeks - it seems fewer hours = more productive. Who knew?
Except the French are less productive
Of course. The EU member states (and the UK) are part of the same ilk that rules Washington, D.C. Why do you think they always tend to collaborate on war and banking?
There is no moral high ground here. The world stage basically has four players:
1. The US - EU - UK
2. China
3. Russia
4. Everybody else (the serfs of #1-3)
then the U.S. gov will effectively have a way in. It's even possible they can modify the app if it runs on Windows or macOS. The only way to be truly sure is to only run the software on Linux systems.
Now we're starting to see them.
Chunnel goes under water. No rich people there to say "NIMBY".
Meanwhile, Los Angeles really Really REALLY needs a rail tunnel under the Santa Monica Mountains from the San Fernando Valley to the Westside, but that would go under all the rich people's houses.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
assez bonne intimité
Cool.
So, assuming it is designed to be utterly and completely insecure (so that the government can access it to investigate terrorism, child porn, etc) might it be a good thing to tunnel a secure protocol through?
If you work 66% of the hours that a US worker works and gain 10-15% productivity, you are still in the negative.
I do agree that eventually you get demising returns but that involves working much more than 40 hours a week (depending on the job, of course.)
Why are government officials using services like these for "secure" messages anyway? Seriously? Government officials who do this insane thing now are going to be trusted to use some French home brew thing instead? Surely there must be rules they are breaking now by doing this?
Yeah, I heard they speak french!
Ça, c'est une façon de passer sous le radar! ;-)
Conversations, an XMPP client, now has OMEMO encryption built in. You can also use OpenPGP with it.
And it works many different hosting providers. I recently changed the XMPP host for my domain from one provider to another. France could just make certain that they have an XMPP service provider, and bam, they are done. Don't reinvent the wheel.
As if the French security services aren't dogy as all fuck.
Anything they build, their SS will want a sneaky way into.
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
You say that as if it's a bad thing. Imagine if all the evil things governments do they did efficiently and effectively. We'd all be slaves decades ago or the planet would have been wiped out.
Ranking 6th in the world in productivity per hour is not bad at all.
In particular, that is much higher than japan, and south korea which are both first world country who work a lot more.
I expect it to be called "White Flag". Thanks folks, I'll be here all week.
But then you can't relish in your peon servants' misery!
And yet, they enjoy their life while you're stuck wasting your limited time doing meaningless work. Nobody cares about your stupid values.
Instead of encrypting these services which are always being data-mined, they should saturate them with noise. Current machine-learning algorithms are easily tricked and can be led to a local minimum by spamming a few different common queries. For example, if user X wants to talk to Y about a meeting at a place Z, then all they have to do is to spam that they want to meet at Z1,...Zn , where Zi are very different types of places (amusement parks, schools, hospitals, supermarkets, etc.) , this will confuse the hell out of the algorithm. I've been trying these things already with google, I was surprised how easily it is to trick and manipulate it into messing up queries after you do this kind of "noise spam".
Except your link is not about prosuctivity ...
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Sure, as long as what you're calling "enjoying their lives" means watching their kids cycle from unemployment to unpaid trainee to bogus training programs.
Unemployment in France is sky high in the under 25 population and tends to be persistent meaning that those who are affected stay unemployed and through public assistance go on with their lives to have kids that will grow up never seeing their parents ever hold a regular job. One hopes Macron will at least make make progress on solving this after the disastrous 5 years we spent under do-nothing Hollande. Under Hollande a signifiacant part of University graduates had no better choice than to look for work outside France. All the major journals were doing pieces on how to find a job in England, Canada, Brazil, Morocco, etc anyplace but France.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Telegram might be completely accessible to Putin, and the Russian government's scorn for the service may be just a ruse to attract more users.
Good move by France.
Reminds me of a conversation I had with a french "engineer" fresh out of school, employed in a big company. ...
Him: And I will develop a new crypto system for this because it must be really secure.
Me: Ah, ok, nice will you use PGP or RSA as a base or something else?
Him: No, no, it must be REALLY secure! I will develop my own algorithm! These things, RSA and so on, the algorithm and the code is known to everybody, it's not secure enough!
Me:
And yet, they enjoy their life while you're stuck wasting your limited time doing meaningless work.
No. The French are not happier.
If you are unemployed, you are not happier because your neighbor works shorter hours.
Unemployment rate in America: 4.1%
Unemployment rate in France: 9.2%
This has happened before.
"Fine! Keep your stupid services, America and Russia! We'll build our own encrypted messaging system. With blackjack! And hookers!"
"In fact, screw the messaging system!"
Voila, you end up with Moulin Rouge.
White Flag? You mean like the Confederate Flag?
code found on the Internet
That sounds very vague.
Just use established, audited tech like PGP and OMEMO, and be upfront about it!
No, it's a white eagle on a white background!
Flood the place then, problem solved?!