More Countries are Demanding Backdoors to Encrypted Apps

Last month, I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating backdoors. Both initiatives are attempting to scare people into supporting backdoors, which are—of course—are terrible idea.

Also: “A Feminist Argument Against Weakening Encryption.”

EDITED TO ADD (4/14): The French proposal was voted down.

Tags: , , ,

Posted on March 24, 2025 at 6:38 AM36 Comments

Comments

Random Geek March 24, 2025 12:03 PM

I think that many governments are waiting to see the outcome of such back-doors policy. Soon, there may be many more governments demanding back-doors for all popular social media apps.

Their argument will be if you can do it in UK, why can you do it here as well ?

Bob March 24, 2025 12:25 PM

Our so-called “leaders” simply cannot accept a world in which we’re able to keep any secrets from them. Secrets are only allowed for them.

Clive Robinson March 24, 2025 2:38 PM

@ Bruce,

Az @Ren has indicated the French politicians voted it down

But they apparently did not look like that was likely.

Thus those who had been pushing for it thought mistakenly they’d

“Got the ball across the line”

When in fact they had not.

In part we know this was down to the failure that was the US “Communications Assistance for Law Enforcement Act”(CALEA) –pushed past Bill Clinton in 1994– that even US Security Agencies were significantly embarrassed by recently due to “assumed” Chinese State Aligned entities getting into the system and using it against US Citizens.

Perhaps it would be a good time to show how the man who became the fifth Director of the US FBI Louis Freeh who so desperately wanted not just phone wire taps but a whole lot more. But could not persuade US lawmakers so even went on a “grand european tour” at tax payers expense trying to convince other countries to be first so he could use them as examples to convince US Lawmakers. But again he was not successful.

So what changed the view? Some say it was fortuitously for Freeh and others that late in December 1988 Pan Am Flight 103 from London with nearly 200 US Citizens on it going home for Xmas exploded over the little town of Lockerbie in Scotland.

What we now know is that it was “dressed up” by the FBI and UK Security Services and very much questionable evidence was used in the process.

Which it’s been claimed the massive FBI driven false narrative arguments given to US MSM etc finally started putting sufficient pressure on US law makers.

Then in 1992 a plot was started that resulted in the Feb 1993 World Trade Center Bombing. And again it’s known that the lack of wiretapping and similar claims were made. It’s also said that it was this that got the lawmakers sufficiently “on side”.

We know the FBI narrative about the usefulness of wiretapping was not true in part because 9/11 happened something that the pro arguments for CALEA said it would prevent.

Since then there have been a number of claims made about the FBI using intelligence to stop bomb plots. However, most were suspect and looked more like entrapment of the mentally deficient. In fact some claimed that not only were they entrapment they were actually “Fund Raisers” orchestrated by the FBI to get increased resources of various kinds.

The quite successful bombing of the AT&T switching/data center in late December 2020 again showed that what had been claimed by the FBI for drastically increased surveillance really was not true. But also further highlighted that the earlier alleged FBI successes may well have been entrapment / “Fund Raisers” that strangely had just stopped…

We simply do not know about any of this but when the MSM start writing about it as though it were fact, you can be reasonably certain their lawyers signed off on it being sufficiently factual to be defendable.

So whilst France has had more than it’s share of Terrorist attacks it’s noticable that they do not appear to have been persuasive at this time, whilst other arguments against were.

Especially as France has a very long history of being “anti-encryption” going back over a hundred years at least.

But I’ll be honest whilst we might win this battle, we are about to loose it’s replacement.

I and others have proved that backdoors in E2EE can be fairly easily defeated and there is nothing that can be done about it.

We already know Governments have changed tactics and are doing “end run attacks” around on-device E2EE by exploiting OS deficiencies to put in I/O device “shims”.

This has been given various names such as “See What You See”(SWYS) and device/client side scanning. We also know that Apple put the basics in their OS supposedly in the fight against CSAM, and got pilloried for it. Allegedly they took it out… But it’s been said that like “BLE Beaconing” the low level code in the OS remains, just requiring something to “drop on the hooks”.

It was this idea of “build in the base in the OS” that with Ericson Telco Switches and CALEA that gave us what is now called “The Greek Olympics Wiretap Tragedy”… Where the CIA and NSA bugged over 100 Greek politicians and officials and a Vodafone employee was “suicided” (see Greek Gov enquire findings).

As I’ve repeatedly pointed out for several years here these “End Run Attacks” are only possible because the “Communications Endpoint” can be extended around past the “Security Endpoint” by an attacker.

With the complicity of the OS supplier for the user device SWYS attacks are always going to be possible with the “Security Endpoint” being “on-device”.

Which means that if we want any kind of privacy and security from criminals then we have to take the “Security Endpoint” “Off-Device” in a way that stops any “End Run Attacks”.

However considerable care has to be taken because of “covert side channels” (I mentioned this the other day so it can be easily looked up just search for “snake oil”)

John Smith March 25, 2025 2:58 AM

ResearcherZero, I read the article in THE ATLANTIC you linked to.

If true, it was an astounding breach of security and, in a normal country with normal checks and balances, would cause mass firings of those involved, as well as criminal trials, followed by lengthy prison sentences.

Imagine if any randomly selected Democratic administration had done something so egregious: the MAGA folks would be screaming for blood. But when they do it?

[sound of crickets chirping]

Mark March 25, 2025 9:21 AM

@Bob
Our so-called “leaders” simply cannot accept a world in which we’re able to keep any secrets from them. Secrets are only allowed for them.

@Clive Robinson
and a Vodafone employee was “suicided” (see Greek Gov enquire findings)

That happens when a low level person knows about secrets allowed only for the governments.

Who? March 25, 2025 1:36 PM

Those government requests are just stating the obvious: we cannot trust on corporations to protect our communications, our data, and our privacy.

Mandated backdoors are just another [small] step… I see it this way: without a backdoor the service provider will have access to our data, with a backdoor both the service provider and governments around the word have access to it.

They are, perhaps, doing us a huge favor showing that our data is not safe on the hand of data-driven business.

Indeed, I know there is room to backdoor a personal server or a decentralized service. But at least it will require governments to spend efforts spying a given citizen, replacing mass surveillance with targeted surveillance.

Thinking on government mandated backdoors to service providers as a treat to our privacy is comparable to considering the recent change of mind of Google with relation to fingerprinting as a treat: it is not—fingerprinting has been with us for years, nothing has changed.

Business have been accessing our data for years (e.g. Meta and Alphabet).
Governments (not only U.S., China too) have been accessing our communications through CALEA backdoors for years too.

Seriously, what has changed?

not important March 25, 2025 7:06 PM

What is the Signal messaging app and how secure is it?

https://www.bbc.com/news/articles/c1kjd091019o

=At the core of that is end-to-end encryption (E2EE).

Simply put, it means only the sender and the receiver can read messages – even Signal itself cannot access them.

A number of other platforms also have E2EE – including WhatsApp – but Signal’s security

features go beyond this.

For example, the code that makes the app work is open source – meaning anybody can check it

to make sure there are no vulnerabilities that hackers could exploit.

Its owners say it collects far less information from its users, and in particular does not

store records of usernames, profile pictures, or the groups people are part of.

But even that level of security is considered insufficient for very high level

conversations about extremely sensitive national security matters.

!That is because there is a largely unavoidable risk to communicating via a mobile phone: it is only as secure as the person that uses it.

If someone gains access to your phone with Signal open – or if they learn your password
they’ll be able to see your messages.

And no app can prevent someone peeking over your shoulder if you are using your phone in a public space.

Signal, like many other messaging apps, allows its users to set messages to disappear after a set period of time.

This may violate laws around record-keeping – unless those using the app forwarded on their
messages to an official government account.

Various administrations have wanted to create a so-called backdoor into messaging services
that use it so they can read messages they think might pose a national security threat.

Apps including Signal and WhatsApp have previously fought attempts to create such a
backdoor, saying it would eventually be used by bad actors.

!!!no level of security or legal protection matters if you simply share your confidential data with the wrong person.

Or as one critic more bluntly put it: “Encryption can’t protect you from stupid.”=

Human is the weakest link.

ResearcherZero March 25, 2025 11:47 PM

Governments do both, mass surveillance and targeted surveillance. As soon as mail services began, governments began opening all of them mail and inspecting the contents. The history
of bugging or recruiting and placing covert operatives inside government buildings is also a very long one. To discover the plans of the decision makers within the central administration is the primary targeting objective of espionage operations.

You might believe you are transmitting information securely by encrypted channels, but it can be collected, retained then eventually decrypted. Other attacks such as side channels, certificate substitution and device level or covert passive surveillance, can obtain all content of an exchange, through the targeting of just a single participant. This is why you don’t make calls outside of SCIFs of this kind of classified nature.

Being part of a society obliges us to own up to and admit our mistakes, then face the consequences honorably and take responsibility for our failings, be that through punishment if necessary. That some no longer feel the need to resign, demonstrates a weakened legal system and a lack of appropriate consequence for those in positions of power who defy it.

Without law, human rights would be an abstract concept, rendering agreement, obligation and ownership meaningless. If elected members and officials ignore their obligations to the law, then are not held to account by the legal enforcement mechanisms, this breaks the social contract with the public that we are all obliged to follow. Law becomes meaningless.

‘https://plato.stanford.edu/entries/legal-obligation/

ResearcherZero March 26, 2025 12:06 AM

…all of the mail I should have said, and today, all of our communications metadata.

Other governments, including the adversarial ones, are also collecting this data en mass.
This allows the mapping of our social networks to pinpoint who, what, where and when to target – in order to discover and gain access to sensitive and important information.

If the cohesion of a nation is destroyed – it can be defeated without a single shot fired.

‘https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/

ResearcherZero March 26, 2025 12:47 AM

If your elected representatives undermine and openly defy the Espionage Act, along with other laws, then they encourage law breaking, criminality and corruption, which then encourages adversarial nations to take advantage – risking both public and national safety.

Given that the administration has fired thousands of personnel in key safety and security positions, this is incredibly foolish and introduces unforeseen and unmitigated risk.

“Those employees work on reassembling warheads, one of the most sensitive jobs across the nuclear weapons enterprise, with the highest levels of clearance.”

‘https://apnews.com/article/nuclear-doge-firings-trump-federal-916e6819104f04f44c345b7dde4904d5

Many of these firings have also damaged the programs underpinning key scientific advances.
The White House has relegated the U.S. to a position where it can no longer be a leader in research and development, or effectively challenge the advance of authoritarian powers.

As a result, the decline of democratic governance around the world will only accelerate.

https://www.wired.com/story/nist-doge-layoffs-atomic-spectroscopy/

ResearcherZero March 27, 2025 12:26 AM

@not important

You might be right. It may be that they were using Signal to avoid public record accountability. This could be something that they do regularly to avoid FOI requests.

They are now attempting to escape the consequences of their actions by losing their memory.

Russia has been supplying satellite information to the Houthi rebels for targeting of ships that traverse through the Red Sea. Russia and China also provide military and economic support to the Houthis. There have also been U.S. intelligence warnings that Russia was planning on supplying anti-ship missiles to the Houthis and that the GRU were in Yemen assisting with developing intelligence sharing and assisting in training their assets.

Given another two members of an alleged Russian network were caught, who had been booking seats next to their targets on planes so that they could observe them typing on their phones, it may be a good idea for administration officials to take a bit more care with classified information and refrain from communicating it via their personal devices.

It would not be difficult for hostile foreign intelligence to gain access. Russia does have spyware capability, a market which provides zero days for popular messaging platforms and a dedicated interception program specifically targeting internet and mobile infrastructure.

‘https://www.spiegel.de/international/world/hegseth-waltz-gabbard-private-data-and-passwords-of-senior-u-s-security-officials-found-online-a-14221f90-e5c2-48e5-bc63-10b705521fb7

Jan Marsalek, former COO of Wirecard, ran the multiple spying operations.
https://theins.ru/en/politics/269612

Members of the ‘sleeper cell’ have been discovered operating alongside a larger group who were convicted of planning to kidnap and kill people living in the UK. Other cells are believed to be continuing operations despite the arrests. The Russian “sleeper cell” also allegedly ran a large-scale disinformation campaign in Austria and Europe.

‘https://www.bbc.com/news/articles/cqx0v599wqvo

“For Russia, any flare-up anywhere is good news, because it takes the world’s attention further away from Ukraine.” – Alexander Gabuev, director of Carnegie Russia Eurasia Center

Israeli forces had found “state-of-the-art” Russian weapons in searches of Hezbollah bases.
https://www.twz.com/news-features/russians-helped-houthis-target-international-shipping-report

ResearcherZero March 27, 2025 2:34 AM

FamousSparrow is deploying a new modular version of SparrowDoor in America and Mexico.

‘https://www.welivesecurity.com/en/eset-research/you-will-always-remember-this-as-the-day-you-finally-caught-famoussparrow/

FamousSparrow is a separate espionage group from Earth Estries and GhostEmperor, with some possible links to Salt Typhoon. Microsoft, which named the Salt Typhoon cluster, has not yet provided technical details to assist with the attribution.
https://www.trendmicro.com/en_sg/research/24/k/earth-estries.html

Infrastructure Map

Salt Typhoon is said to have shared infrastructure with GhostEmperor and FamousSparrow and is reportedly overseen by the Ministry of State Security.
https://research.cert.orangecyberdefense.com/hidden-network/report.html

Salt Typhoon is unique in focusing primarily on counterintelligence targets.

A hearing will be held on April 2nd 2025 by the House Committee on Oversight.

‘https://oversight.house.gov/hearing/salt-typhoon-securing-americas-telecommunications-from-state-sponsored-cyber-attacks/

Who? March 27, 2025 8:37 AM

@ not important

What is the Signal messaging app and how secure is it?

I do not know how secure Signal is, but it is an app running on a device that is far from being secure. In the case of Signal, the weakest point is the device it is running the app.

<

blockquote>A number of other platforms also have E2EE – including WhatsApp – but Signal’s security features go beyond this.

<

blockquote>

E2EE is not secure itself; let us consider the case encryption keys are generated by a third-party and distributed to both ends on the communication channel. Technically it can be considered E2EE, but there is a third-party (the one that generated the keys) able to read, process and store all communications. E2EE must be implemented in the right way, there should not be a third-party implied in key management.

Another possible abuse is keys being generated on the ends of the communication channel, but the app itself having a backdoor for its developer. It is true E2EE, where keys are managed by those that will communicate, but the app allows a third-party to read the decrypted messages.

Oh, and perhaps the most controversial point:

For example, the code that makes the app work is open source – meaning anybody can check it

Ok, the app can be open source, and it can be audited. It does not mean the binaries distributed by the developer (call them “apps”) are built from the very same source code. In most cases, builts are not “reproducible” in the sense the same binary built three times using the same source code will provide three different checksums.

An example? OpenBSD has a public source code repository. In fact, it was the first open source project that let users see in near real-time all changes done to the source code repository. However, -current snapshots have sometimes changes that have not been committed to the source code tree, experimental changes that need as wide testing as possible before being committed. So, distributed snapshots sometimes contain experimental code that has not been committed yet.

Do not think that availability of source code means binaries can be trusted.

Clive Robinson March 27, 2025 9:28 AM

@ Bruce, ALL,

There is a report doing the rounds that the current DNI said all issued computers came with Signal on them…

https://www.politico.com/news/2025/03/26/gabbard-signal-government-devices-cybersecurity-00250731

“Director of National Intelligence Tulsi Gabbard testified to House Intelligence Committee members Wednesday that encrypted messaging app Signal comes “pre-installed” on government devices”

Apparently as a result about “all should use E2EE” warnings over alleged Chinese State associated attacks and entry into the US and other Nations telephone systems due to the US mandated CALEA “backdoor”.

However… It’s known that the US Military and Intelligence entities tend to move at “glacial speeds”…

Thus “Call me suspicious” for not just doubting this, but thinking this is an “engineered excuse” as in effect part of a “cover-up” tactic.

That said I can see the current POTUS making the use of Signal a requirement for cabinet members despite it’s known shortcomings…

Because he is not one to follow the rules, and the legislative requirement for all communications to be recorded, thus could be used against him and friends at a later time, would be something that would stick in his craw…

Clive Robinson March 27, 2025 11:37 PM

@ not important, ALL,

With regards your observation of,

“Simply put, it means only the sender and the receiver can read messages – even Signal itself cannot access them.”

You might want to think about that statement when it comes to “group chats/messages”.

It’s why “silent participants” are a real security problem.

Who? March 28, 2025 6:35 AM

@ Clive Robinson

You noted that ”Director of National Intelligence Tulsi Gabbard testified to House Intelligence Committee members Wednesday that encrypted messaging app Signal comes “pre-installed” on government devices.

That is ok, but what is a “government device”? Does the POTUS has the same “government device” as the FLOTUS? Do they have the same “government devices” as an NSA employee? What about government employees working on —let us say— mail classification or buildings maintenance?

I do not think there is a “government device,” with the same security requirements for all government employees.

To me, Mr. Gabbard is just sending a signal (pun intended) that this app, and the corporation behind it, can be trusted. To me it shows they have some sort of backdoor on it, and try people think it is safe using Signal.

It is not the first time it happens. We had examples in the past of cryptographic devices, sell to governments around the world, that were backdoored by NSA (e.g., by using broken pseudo-random number generators) or CIA (the supposedly secure Crypto AG encryption devices).

We have learned nothing from the Clipper chip. We are at the same point we were in the nineties, but at least three decades ago privacy had a value for human beings. In current times, were privacy has no value at all to most people, it is clear we will lose the battle against backdoored devices as this time there will be no resistance. We will get our Clipper chip at last.

Next step? Declare illegal the use of strong cryptography by those of us that appreciate the difference between OpenSSH and a Juniper backdoored VPN.

Who? March 28, 2025 6:47 AM

… I’m afraid that, in a few years, Canada will be part of the United States. It will be fun when OpenBSD (and, as a consequence, OpenSSH) can be considered a “U.S.-based software project controllable my means of a NSL.”

But I trust on the OpenBSD development team to do the right thing if it happens.

Clive Robinson March 28, 2025 8:36 AM

@ Who?

With regards,

“Mr. Gabbard is just sending a signal”

I know Mrs Tulsi Gabbard is married for the second time, but I don’t know if other of her male relatives are sending signals.

https://en.m.wikipedia.org/wiki/Tulsi_Gabbard

Any way that aside I can only go by what has been said in what is a public forum.

As she is a reserve Lte Col. I would assume she has some working knowledge of systems issued to “the boots” at various levels.

Also that currently she can “set policy”.

As an argument to consider,

Various militaries around the world have realised that they can not put the genie of “personal communications” back in the bottle. Troops go into combat with their $1000+ Apple mobile etc in their button down pocket. They even have apps developed by other serving personnel that have the entire documentation they need to know as specialist service men on them (some of it technically classified).

The leaders also know that most of “The Boots” are human thus will use their phones to keep in contact with their families etc.

Thus this causes a major security headache.

On solution is to accept the inevitable and “guide it”.

Thus when you say,

“… that this app, and the corporation behind it, can be trusted. To me it shows they have some sort of backdoor on it, and try people think it is safe using Signal.”

The answer is that Signal’s use of crypto algorithms is as far as we know secure.

BUT that does not mean it does not have a “back door” it has two that are known off and they are the sane as all supposed “Secure Message” Apps. They are to do with “KeyManagment”(KeyMan).

The first is that “Key Material”(KeyMat) is such that it is so large it has to sit in Core RAM on a device in one form or another to be usable. I’ve talked of “end run” attacks using the fact that a device with an App on it can do a “See What You See” attack to the UI thus the plaintext. Well the same applies to the Core RAM and KeyMat in most cases.

The second backdoor that effects all “Secure Message” Apps is “KeyMan for Groups” and thus “silent participants”.

E2EE is generally viewed as secure because only the 1st and 2nd parties know the key…

Whilst it is possible to have every member of a group have E2EE it’s grossly inefficient as the number of keys and comms channels would go up at a N^2 rate where N is the number of members in a group. It also quickly becomes unmanageable technically as well as practically.

I detailed this back at the begining of lockdown about why Zoom and other meetings apps could not be secure.

Thus the KeyMat gets shared by the KeyMan system amongst all the group participants. But you need to ask the question,

“Who or What decides a member in a group?”

Well ask yourself,

“What if the user management is not secure?”

Because mostly it’s not. The group members are “a database entry” and anyone with access to that database can change the included members.

Thus the database controls the KeyMan and who gets a copy of the KeyMat for group chats…

Clive Robinson March 29, 2025 1:58 AM

@ Who?, ALL,

Under the second backdoor of,

“KeyMan for Groups”

I forgot to add a link to the NSA document,

https://www.scribd.com/document/843124910/NSA-full

They talk about it in terms of “devices” but logically it’s actually a part of the “group issue” when it come to “KeyManagment”(KeyMan) because as far as the technology is concerned there are no “users” but “Devices of users”.

So the Russians or who ever become a “silent participant” by way of their device and so get a copy of the “KeyMaterial”(KeyMat) on their device.

As I noted this is not a crypto algorithm backdoor but a key managment backdoor “by intentional design” due to trying to make things efficient and scalable.

And it’s an issue with all “group” chats be they “groups of devices” or “groups of users”. So applies not just to Signal, but all messaging and meeting apps and any communications security they employ.

When we talk about E2EE we really are quite unclear as to what it is we mean. Most people think of “users” technologists of “devices” and the more in-depth security people of “security end points”. The first two are physical objects, the latter however being in effect a “method” or “process” is a logical concept rather than something you can reach out and physically touch. It is the “Demarcation line”(Demarc) between the red and green zones or insecure and secure interfaces.

E2EE starts at one “security end point” “process” –encryption– and ends at another “security end point” “process” –decryption– and only the single Shannon Channel between them is secure. The first process has two inputs “plaintext” and “KeyMat” and “ciphertext” as it’s output. The second process likewise has two inputs “ciphertext” and “KeyMat” and “plaintext” as it’s output.

At each end there are at least three processes for “Plaintext” another for “KeyMat” both of which have to be secure and the third for communicating the ciphertext which is assumed to be “in public”.

Thus the aim of an adversary in the journalists thus subsequent public eye used to be to put a back door in the endpoint process that is in the crypto algorithms.

Some few Journalists are starting to wake up to the idea of “device side scanning” or “See What You See”(SWYS). Which is putting a backdoor in the “Plaintext Process”.

Whilst not much spoken about but definitely under attack is the “KeyMan” process that,

“Should keep KeyMat secure.”

But as can be seen does not in most cases, for reasons built into the “system” design for “usability” and “scalability” along with “efficiency”. Importantly though it’s “the management algorithms” not the “crypto algorithms” that are at fault. Almost always such faults trace back to a “database” authorization failure.

All of this is much easier for most people to get their head around if they draw it up on a whiteboard or write it down on a piece of paper as a simple succession of diagrams.

Clive Robinson March 29, 2025 5:28 AM

@ Rontea, Bruce, All,

With regards,

“The link to “A Feminist Argument Against Weakening Encryption.” is broken”

It’s not “the link” that is broken.

It appears that the late Prof Ross Anderson’s,

“lightbluetouchpaper.org”

Blog is down or has been taken down for some reason, as it’s returning a “503 Service Unavailable” error.

Hopefully it’s not the administration going through with a broom…

lurker March 31, 2025 1:43 PM

@Bruce, Clive Robinson, ALL

re “A Feminist Argument Against Weakening Encryption.”

whois lightbluetouchpaper.org

returns the strings: Updated Date: 2025-01-10T20:04:48Z

and for all site relevant info: “REDACTED FOR PRIVACY” …

Estate planning for online assets is often overlooked. I know of at least one site which was regularly updated two or three times a week, but never since early in the pandemic, yet still online.

What would we do without the Wayback Machine? The article in question is available at

https://web.archive.org/web/20250324192722/https://www.lightbluetouchpaper.org/2025/02/11/a-feminist-argument-against-weakening-encryption/#more-56645

ResearcherZero April 3, 2025 1:46 AM

There is a presentation on counter surveillance for women via CCC.

‘https://media.ccc.de/v/38c3-escaping-big-brother-or-your-ex-counter-surveillance-for-women-s-shelters

There is also another presentation about the current state of surveillance.

‘https://media.ccc.de/v/38c3-state-of-surveillance-a-year-of-digital-threats-to-civil-society

There is little evidence that governments deliver security or safety through surveillance.
https://www.tandfonline.com/doi/full/10.1080/2474736X.2022.2101380#abstract

lastofthev8's April 3, 2025 11:07 PM

Every time i see another ‘headline’ threatening another tech company with big big numbers in fines at this stage it doesn’t seem to matter ‘why or how’ to me now days idk why i cant put my finger on it? i mean i just saw for the first time to my knowledge anyway the word “Billion”($$$) what on gods earth would constitute this? just thinking out loud hats all…anyway
peace everyone.

ResearcherZero April 4, 2025 5:12 AM

@lastofthev8’s

This was likely all caused by typing stupid prompts into chat bots.

“we are launching today an important initiative to better tackle security threats”

‘https://www.theregister.com/2025/04/03/eu_backdoor_encryption/

Recommend some people to fire from the NSA and the National Security Council.
https://www.nytimes.com/2025/04/03/us/politics/nsa-cyber-command-chief-fired.html

Recommend crackpot formulas and economic advice based on dumb s–t people say online.
https://eu.usatoday.com/story/money/2025/04/03/apple-iphone-prices-trump-tariffs/82799644007/

Recommend likely vulnerabilities for rooting edge devices while the US is in chaos.
https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/

Are PENGUINS responsible for the the HUGE and DEADLY FENTANYL TRADE? Do a deep dive.
https://www.nytimes.com/2025/02/05/business/tariffs-de-minimis-trump-china.html

ResearcherZero April 4, 2025 5:23 AM

It was penguins after all. Apparently they were involved in currency manipulation.

‘https://globalnews.ca/news/11113939/donald-trump-tariffs-remote-territories-islands/

Ado April 15, 2025 7:12 AM

Still recall yourself, the late and great Ross Anderson, Zimmerman and others fighting the crypto wars. Clipper chip redux.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.