sandworm101

This document is classified U//FOUO (unclassified//for official use only). The actual abilities of the FBI/NSA and like agencies are surely classified to some higher level.

vmception

The real question is if you actually believe what this document writes about Wickr.

Wickr is set up like an expected honeypot would be set up. So for people that don't or aren't willing to understand that, I'm wondering if this document validates them, or if the skepticism of this document's classification level validates the idea Wickr should be avoided for sensitive communications.

champagnois

Considering endpoints are compromised like swiss cheese in 2021 and third party apps are all compromised, people should be of the belief that they cannot trust anything they didn't write and build themself.

lazide

Or even if they did build the software, anything running on hardware they don’t have a similar level of knowledge about. Which good luck with that.

Which leaves anyone planning on doing something the US gov’t (or China, or Russia if within their reach) wouldn’t like left with some unpalatable and inefficient options.

Either they blend in enough to not get any attention, or don’t seem “dangerous” enough in the sense they are likely to get anywhere, or don’t use any technology more complicated than a piece of paper and a #2 pencil.

The last one was what osama bin laden was doing, and they still found him - it just took awhile.

As long as the folks being targeted are legitimately out to do harm against innocents, these capabilities are ‘ok’ (scare quotes intentional here).

They’re going to be turned against political opponents or people that just seem ‘bad’ though at some point, and almost certainly already have been for years.

champagnois

There are ways to create secure communications if need be. I have thought of ways that would work to accomplish doing it.

I won't detail the designs here, but we are talking very cheap to build and design.

I am sure such devices exist and are in the wild, being used by spies.

That said -- I am mostly disappointed with the degree to which our intelligence agencies are inwardly focused rather than breaking up foreign spy rings and operations.

There are some scarey, harmful, and extremely complicated foreign spy rings on US soil. They have people working for all major tech companies and they are embedded in key positions.

The FBI should be making "see something? say something" pushes in tech companies. They should have better followup and reward systems.

maqp
There are indeed. It's not just spies. My work wrt endpoint secure comms is FOSS and free for anyone to use https://github.com/maqp/tfc (the HW costs a bit naturally but in other respects).