Technical summary: it seems OK against an observer who can see the network traffic but hasn’t infiltrated the phone of the source or the computer of the news organization.

Any real message is stored locally on the smartphone by the CoverDrop module and sent as the next CoverDrop message, i.e. replacing the dummy message which would otherwise have been sent. Consequently a network observer cannot determine whether any communication is taking place and CoverDrop therefore provides the potential source with plausible deniability.

The CoverNode and each journalist has their own public-private key pair. These keys are published by the news organization and available to the CoverDrop module directly so the user does not need know about them. When the CoverDrop module is used for the first time, it generates a new, random public-private key pair for the user.

All real CoverDrop messages sent by the CoverDrop module to the CoverNode include the text written by the potential source as well as their own public key. The message is first encrypted using the public key of the journalist who will ultimately receive the message, then encrypted a second time using the public key of the CoverNode. All dummy CoverDrop messages are encrypted using the public key of the CoverNode. All messages, real or dummy, are arranged to be the same, fixed length. Encryption and length constraints ensure that only the CoverNode can distinguish between real and dummy messages.

They’re probably not joking, TOX IDs are like that. :) Mine is:

CA9A4C1968AA38CC93CB32F31F3682AB897ABA42C90E6F0EA5E1FB541930FD64138B4CC09AD*

(*the number opposite to the first is the number that comes after one, to hinder any spam bots)

You can use Signal with a different client.

Can you advise, which one would be a good one? Because I actually use Signal too, it’s just misbehaving a lot recently.

I have had endless difficulties with Signal forcing upgrades on me and requiring to sign in on the phone, under threat of deactivating my account (I use it on a PC).

Commentary:

You’re linking to the Times of Israel. Since the news outlet operates in Israel, it is subject to censorship by the IDF, and they have chosen to use their power to censor the article and omit weapon types.

If you want information about assassinations of Iranian nuclear scientists, get their list from Wikipedia and google each of their names, looking for descriptions.

https://en.wikipedia.org/wiki/Assassinations_of_Iranian_nuclear_scientists

My guess: guided missile or drone strikes. All the assassinations happened at a time of Israeli air strikes over Iran. Whatever weapon was used, was deployed from airplanes. Given the high profile of the targets, Israeli intelligence agencies did their job this time (in Gaza, they seem to be feeding their troops low quality AI slop).

I will use the opportunity to remind that Signal is operated by a non-profit in the jurisdiction called “the US”. This could have implications.

A somewhat more anarchist option might be TOX. There is no single client, TOX is a protocol, you can choose from half a dozen clients. I personally use qTox.

Upside: no phone number required. No questions asked.

Downside: no servers to store and forward messages. You can talk if both parties are online.

Thanks for correcting. You’re right, I should have written something else than “probably yes” about Israel under Netanyahu. :(

Tankies are going to hate this comment.

They already are. :) I didn’t quite expect this effect, but I welcome it. :)

How many times can you list russia/ussr? Give me a break with this lib imperialism.

I may list it as many times as I need. I was born there and grew up there, and have a whole lot of information about how life was.

There’s a book on the subject written by Srdja Popovic.

https://en.wikipedia.org/wiki/Blueprint_for_Revolution

Summary: protests that start (and try to remain) non-violent have a greater chance to succeed, because they can attract more people to their cause.

Critique: with some regimes, it’s not possible to non-violently protest. For non-violent protest to work, the environment must respect a minimum amount of human rights.

Case samples:

• US during the civil rights movement era: yes
• USSR under Gorbachev: yes
• Serbia under Milosevic: yes, with difficulty on every step (Popovic was there doing it)
• Israel under Netanyahu: probably yes
• China under Xi: practically no (not for long)
• USSR under Kruschev/Brezhnev/Andropov/Chernenko: not really
• Russia under Putin: no, don’t even hold a blank sheet of paper
• Iran under Khamenei: only if you’re doing a bread riot
• Saudi Arabia, USSR under Stalin, NK under the Kim dynasty: no, and execution would be a possible outcome

…etc. In some places, you can’t organize. Then your only option is to fight. As long as you can publicly organize, definitely do so - it’s vastly preferable. :)

• Not providing a platform for activities that harm society (e.g. scams, disinformation).
• Not providing a platform for activities that will get you sued or prosecuted (e.g. piracy, child porn).
• They had to pay a considerable amount for the service.

On social media, putting the burden of blocking on a million users is naive because:

• Blocks can be worked around with bots, someone has to actively fight circumvention.
• Some users don’t have the time to block, simply conclude “this is a hostile environment” and leave.
• Some users fall for scams / believe the disinfo.

I have once helped others build an anonymous mix network (I2P). I’m also an anarchist. On Lemmy however, support decentralization, defederating from instances that have bad policies or corrupt management, and harsh moderation. Because the operator of a Lemmy instance is fully exposed.

Experience has shown that total freedom is a suitable policy for apps that support 1-to-1 conversations via short text messages. Everything else invites too much abuse. If it’s public, it will have rules. If it’s totally private, it can have total freedom.

Thanks for the info, a healthy amount of real life awaits then. :)

I knew it was running on solar energy and old hardware so I guessed something like this had happened.

If you need fail-over to awaken a backup system when the primary fails, things can be designed. :)

In our modern times, Ea-Nasir still has some bars of aluminum to sell you. Quite several, in fact. :)

But who would buy such hardware? :)

so good luck hiding a VPN client.

In my imagination, there is no VPN client. The whole network is behind a VPN router and the internet gateway is where it needs to be.

how did you do it?

In the BIOS options of that specific server (nothing fancy, a generic Dell with some Xeon processor) the option to enable/disable ME was just plainly offered.

Chipset features > Intel AMT (active management technology) > disable (or something similar, my memory is a bit fuzzy). I researched the option, got worried about the outcomes if someone learned to exploit it, and made it a policy of turning it off. It was about 2 years ago.

P.S.

I’m sure there exist tools for the really security-conscious folks to verify whether ME has become disabled, but I was installing a boring warehouse system, so I didn’t check.

please read up on intel management engine

I’m already familiar with it. On the systems I buy and intall, if they are Intel based, ME gets disabled since I haven’t found a reasonable use for it.

Oh yeah, ARM also has something similar.

Since this is more relevant to me (numerically, most of the systems that I install are Raspberry Pi based robots), I’m happy to announce that TrustZone is not supported on Pi 4 (I haven’t checked about other models). I haven’t tested, however - don’t trust my word.

Who would you buy from in this case?

From the Raspberry Pi Foundation, who are doubtless ordering silicon from TSMC for the Pico series and ready-made CPUs for their bigger products, and various other services from other companies. If they didn’t exist, I would likely fall back on RockChip based products from China.

https://www.cryptomuseum.com/covert/bugs/nsaant/firewalk/index.htm

Wow. :) Neat trick. (Would be revealed in competent hands, though. Snap an X-ray photo and find excess electronics in the socket.)

However, a radio transceiver is an extremely poor candidate for embedding on a chip. It’s good for bugging boards, not chips.

The first and central provision of the bill is the requirement for tracking technology to be embedded in any high-end processor module or device that falls under the U.S. export restrictions.

As a coder with some hardware awareness, I find the concept laughable.

How does he think they (read: the Taiwanese, if they are willing to) would go about doing it?

Add a GPS receiver onto every GPU? Add an inertial navigation module to every GPU? Add a radio to every GPU? :D

The poor politician needs a technically competent advisor forced on him. To make him aware (preferably in the most blunt way) of real possibilities in the real world.

In the real world, you can prevent a chip from knowing where it’s running and you can’t add random shit onto a chip, and if someone does, you can stop buying bugged hardware or prevent that random addition from getting a reading.

If he continues ruling like that, he’s going to need more floor space. :)

If it were another house, I’d recommend a statue of a small crowd of Soviet citizens heroically overwhelming a man who missed Brezhnev with a pistol. The statue should be equipped with audio, so if a visitor approaches, the audio should play and multilingual translations should run on a screen, narrating the approximate dialogue:

<bang>
you missed him
<bang>
really poor shot
<bang>
hey, let me try
<bang>
give me the gun
<bang>
you're wasting ammo, give me the damn gun
<bang>
stop resisting, I will take the gun from you now

(sadly it’s based on an anecdote, no such historical event has occurred)

I think Elon was having the opposite kind of problems, with Grok not validating its users nearly enough, despite Elon instructing employees to make it so. :)

From the article (emphasis mine):

Having read his chat logs, she only found that the AI was “talking to him as if he is the next messiah.” The replies to her story were full of similar anecdotes about loved ones suddenly falling down rabbit holes of spiritual mania, supernatural delusion, and arcane prophecy — all of it fueled by AI. Some came to believe they had been chosen for a sacred mission of revelation, others that they had conjured true sentience from the software.

/…/

“It would tell him everything he said was beautiful, cosmic, groundbreaking,” she says.

From elsewhere:

Sycophancy in GPT-4o: What happened and what we’re doing about it

We have rolled back last week’s GPT‑4o update in ChatGPT so people are now using an earlier version with more balanced behavior. The update we removed was overly flattering or agreeable—often described as sycophantic.

I don’t know what large language model these people used, but evidence of some language models exhibiting response patterns that people interpret as sycophantic (praising or encouraging the user needlessly) is not new. Neither is hallucinatory behaviour.

Apparently, people who are susceptible and close to falling over the edge, may end up pushing themselves over the edge with AI assistance.

What I suspect: someone has trained their LLM on somethig like religious literature, fiction about religious experiences, or descriptions of religious experiences. If the AI is suitably prompted, it can re-enact such scenarios in text, while adapting the experience to the user at least somewhat. To a person susceptible to religious illusions (and let’s not deny it, people are suscpecptible to finding deep meaning and purpose with shallow evidence), apparently an LLM can play the role of an indoctrinating co-believer, indoctrinating prophet or supportive follower.

As an Eastern European drone developer, I’m OK with donating even to people who might be called tankies …if what they do is building Lemmy. :)

(As a side note, “riseup.net” needs donations too. Anarchist-run e-mail service doesn’t come for free.)