The original git repo has a .il tld. Hmmm… I’m just gonna throw it out there, but an app created by foreign nationals might not be a good choice for top secret communication.
this post was submitted on 04 May 2025
233 points (99.2% liked)
Technology
2624 readers
260 users here now
Which posts fit here?
Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.
Post guidelines
[Opinion] prefix
Opinion (op-ed) articles must use [Opinion] prefix before the title.
Rules
1. English only
Title and associated content has to be in English.
2. Use original link
Post URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communication
All communication has to be respectful of differing opinions, viewpoints, and experiences.
4. Inclusivity
Everyone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacks
Any kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangents
Stay on topic. Keep it relevant.
7. Instance rules may apply
If something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.
Companion communities
[email protected]
[email protected]
Icon attribution | Banner attribution
If someone is interested in moderating this community, message @[email protected].
founded 2 years ago
MODERATORS
It is if the person is a foreign asset.
It is if the official is being payed to lure fellow officials into making big security mistakes. Anyone who knows a sociopath knows they would sell their mom for a candy bar.
If its open source and audited, it doesn't matter.
Sure, but this is a very obscure project. It has few eyes holding it accountable.
The government is buying it. And cryptocurrency companies. That's a lot of money and a lot of eyes.
Clearly not enough money and eyes, because it got hacked.
Yeah. That's the story.
We need to ensure the government only uses open source tools and we need more funding for security audits.
Whaaaat
Can someone explain why this is remarkable… or not.
The source code seems to have some hardcoded credentials in there, essentially making this a back door. The git repo also seems to have Israeli surveillance roots to it, which is troubling for any sort of top secret data.
If you read the blog post one day older than this one from before he got the code, he speaks more about the Israeli ties. The CEO for TeleMessage is former IDF.
I haven't spent a lot of time looking into TeleMessage, but what I did find at a quick glance is that several of the executives on the teams page list Israeli universities in their bios, and the CEO, Guy Levit, says that, "From 1996 until 1999, Guy served as the head of the planning and development of one of the IDF’s Intelligence elite technical units."
A short while back, there was an article about a Bibi leak where he was bragging they know the US admin plans and controlled them.
You've got to be more clear about serving in the IDF. Luckily your quote gives more detail, but literally every Israeli citizen has to serve in the IDF, so former service in the IDF doesn't mean much more than just saying they're Israeli.
Thank you for making this make sense :)
From the article, direct links to the code:
Paywall bypass for the article's link on the hackers that exfiltrated message contents: https://archive.is/8kaQQ
Is there a secondary source that this is actually the app being used?
This whole thing seems very questionable
Why not just use the official signal app, if you're going to use it at all?
Apparently archives.
I guess its a legal requirement for government and the financial sector.
I archive my signal chats. But, I guess, they need an automatic way to do that. They should ask their precious Grok or whatever tf it's called.
Probably they need a way to archive it where the user can't enable or disable archiving
Yeah, that would make sense. But this is not the right use case for Signal at all. In fact (and I know I'm preaching to the choir), it defeats Signal's use case in many ways. I don't even know what they're trying to accomplish with this.
So that whole thing with the Signal group chat was done on some wacky fork on top of that??? Lmao