Technology @lemmy.world Davriellelouna @lemmy.world 2d ago

The Guardian and Cambridge University's Department of Computer Science unveil new secure technology to protect sources

www.theguardian.com The Guardian launches Secure Messaging, a world-first from a media organisation, in collaboration with the University of Cambridge

Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism. The Guardian has published the open source code for this important tech to enable adoption by other media organisations.

The Guardian launches Secure Messaging, a world-first from a media organisation, in collaboration with the University of Cambridge

Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf

Open Source @lemmy.ml Davriellelouna @lemmy.world 1d ago

The Guardian and Cambridge University scientists deploy new open source technology

www.theguardian.com /gnm-press-office/2025/jun/09/the-guardian-launches-secure-messaging-a-world-first-from-a-media-organisation-in-collaboration-with-the-university-of-cambridge

Cybersecurity @sh.itjust.works Davriellelouna @lemmy.world 1d ago

The Guardian and Cambridge University's Department of Computer Science unveil new secure technology to protect sources

www.theguardian.com /gnm-press-office/2025/jun/09/the-guardian-launches-secure-messaging-a-world-first-from-a-media-organisation-in-collaboration-with-the-university-of-cambridge

You're viewing part of a thread.

Show Context

48 comments

It's called traffic analysis
- It's called encryption
  
  Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.
  
  This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.
  
  Packet data has headers that can identify where it's coming from and where it's going to
  
  Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
  
  This is also why something like Tor manages to circumvent packet sniffing
  
  TOR is what their already-existing tip tool uses.
  
  Wouldn’t you have to have some sort of MITM to be able to inspect that traffic?
  
  That, or a court order telling your ISP or mobile operator to allow the sniffing. Or just the police wanting to snoop your stuff because they can. Not every country cares about individual or human rights, you know
  
  TOR is what their already-existing tip tool uses.
  
  Yes, but tor can be blocked at a firewall level, its packets are easy to identify. "Nations like China, Iran, Belarus, North Korea, and Russia have implemented measures to block or penalize Tor usage"
  
  Would you? Are the headers encrypted?
  
  Does it matter? How would you get access to such information?
  
  If the header isn't encrypted it'd be easy to inspect, and thus easy to determine where it goes, which is why it matters.
  
  Based on your questions, it sounds like you're expecting the network traffic itself to be encrypted, as if there were a VPN. Does signal offer such a feature? My understanding is that the messages themselves are encrypted, but the traffic isn't, but I could be wrong.
  
  If the header isn't encrypted it'd be easy to inspect
  
  Easy for whom? How are you getting access to the traffic info?
  
  You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
  
  I'd say it's a pretty reasonable suggestion to say we start with those guys. If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
  
  You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
  
  LOL no? I'd never blow the whistle on my employer from my desk. Even if I did, I would connect to a different network.
  
  I recognize other people are not as conscious as I am of that vulnerability but you asked about me, specifically.
  
  If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
  
  Any number of other people. Primarily the government.
  
  Any number of other people. Primarily the government.
  
  Right, so if the header isn't encrypted, it'd be trivial for them to see who you're sending to, which is why that's important.
  
  You never answered my question - do you think the network connection itself is encrypted? Or just the content of the messages?
  
  Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
  
  You mean like your workplace wifi that you're blowing the whistle at?
  
  How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you're trying to hand-waive away by saying "encryption means you're good!"
  
  Cyber security is not my thing, but my understanding is that you'd still see network traffic - you just wouldn't know what it says.
  
  I run a cryptography forum
  
  Encryption doesn't hide data sizes unless you take extra steps

48 comments