Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The other article I read about this is that law enforcement compromised the service's servers and pushed an update to the clients, making them send unencrypted messages, which allowed law enforcement to read them as they came through in real time.


Devil's advocate: Is there evidence law enforcement didn't start and run the project from the beginning? If they did, I wouldn't expect them to come out and acknowledge it.

I'm similarly skeptical of popular VPN apps.


Humans are often the weak link here. The most common scenario is that the police had some control over the project due to a compromised person. I'd wager that the police did not start the project, but soon after it was being used for crime, they took over it.

I'm not sure it's possible to me to develop and run something with the assumption that even if I turned police intelligence asset, that the product would be untouched. Open source would help, and some kind of distributed, decentralised thing maybe


I agree. That seems more likely. I doubt we'll be told, but I'd be interested in the specifics. It seems like it might have ethical implications to take over it without the blessing of the owner(s) of the company. After all, I doubt they will be able to get many more customers now that it's widely known that it was compromised by law enforcement. Arguably law enforcement destroyed this company, which the owners might normally not be happy about.

It may be as simple as: the business wasn't making money and the owners wanted out, so law enforcement bought it or paid them off. Then law enforcement isn't really "compromising" the company--they're in control of it (whether the employees know or not). At that point they can have the existing devs modify it however they want, or just hire a few new devs.


Think there may be some legal/ethical issues with law enforcement starting/running a honeypot that is actively being used to plan (and probably carry out) murder, while they just sat back and watched.


Yeah, police are just not that entrepreneurial in enabling crime.

It's like trying to design something to go viral -- harder than it looks. Probably easier just to find informers.


Yeah, any VPN that doesn't mind paying YouTubers to advertise I run far away from.


But in that case why wouldn't the system's owners alert everyone about that fact? It's pretty obvious when your system is sending updates and your domains are getting seized.


According to the Vice article, they did notify users on multiple occasions about the compromise. They even pushed out software updates and worked with a 3rd party SIM provider to try and fix the issue. Apparently, even after they pushed out updates the “hackers” were somehow able to repeatedly regain access.


Do you have a link?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: