Post · bonfire.cafe

Post

Signal President Meredith Whittaker warns AI agents embedded in OSes are eroding end-to-end encryption's real-world security, despite its mathematical soundness. With root-like access to messages & data, they bypass E2EE isolation—urgent rethink needed! 🔒🤖❌
https://cyberinsider.com/signal-president-warns-ai-agents-are-making-encryption-irrelevant/
#AI #Privacy #Cybersecurity #Newz #Signal

CyberInsider

Signal president warns AI agents are making encryption irrelevant

Signal president Meredith Whittaker said AI agents embedded within operating systems are eroding the practical security guarantees of E2EE.

Johannes Ernst

@j12t@j12t.social · 4 weeks ago

From an attack perspective, OS-level AI agents are the best trojan ever, right?

@nemo

Maya

@yama@tech.lgbt · 4 weeks ago

@nemo Ah, this was always a given...
With kernel level access, you can do literally anything.

Stock phones were always vulnerable, as they generally do not allow this kind of access to consumers.

Those with a tad more room to breathe at this point are those who go their hands on some slightly older hardware (pre 2020) that allows for bootloader unlock without any hassle.

Flash a custom ROM, use magisk to give yourself root access, set up your own security, etc.

Then you only need to practically worry about stuff you fetch from the internet.
Although, with root access and various isolation apps, a good firewall... Should be fine.

Or at the very least orders of magnitude better than remaining on your google powered stock device.

nemo™ 🇺🇦

@nemo@mas.to · 4 weeks ago

@yama Ever tried GapheneOS? That one is very cool, from what I've heard. What do you think about it? 🤔 Please tell me :D

Thomas H Jones

@ferricoxide@blahaj.zone · 4 weeks ago

@nemo@mas.to @yama@tech.lgbt

Biggest "problem" with Graphene is device-support. If you want other than Google hardware, Graphene is a non-option.

diana 🏳️‍⚧️🦋🌱

@dianea@lgbtqia.space · 4 weeks ago

@ferricoxide @nemo @yama

The other remaining problem of GraphineOS is it is vulnerable to the rubber hose exploit. If ICE agents have you in a room with a steel chair and a rubber hose, they may compel you to log in and see there's other user accounts plainly visible, "log into that, please or we'll use the rubber hose again."

Normally, you want secured account usernames hidden. What ICE does not know won't hurt them.

Thomas H Jones

@ferricoxide@blahaj.zone · 4 weeks ago

@dianea@lgbtqia.space @nemo@mas.to @yama@tech.lgbt

Back when I was still going into datacenters, some of my customers had "emergency PIN" enabled on their cipher-pads. Adding specific numbers to your base PIN placed the datecenter into lockdown (hostage) mode.

That was 17 years ago. I'm surprised there doesn't seem to be "emergency PIN" implementations for mobile phones that cause the device to brick itself.

Mayel

@mayel@sunbeam.city · 4 weeks ago

@ferricoxide @nemo you mean something like the duress PIN in @GrapheneOS ? https://grapheneos.org/features#duress

GrapheneOS

GrapheneOS features overview

Overview of GrapheneOS features differentiating it from the Android Open Source Project (AOSP).

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.29 no JS en

Federation disabled