HackerTrans
TopNewTrendsCommentsPastAskShowJobs

itsibitzi

no profile record

comments

itsibitzi
·10 เดือนที่ผ่านมา·discuss
What tool or ecosystem does this well, in your opinion?
itsibitzi
·ปีที่แล้ว·discuss
SecureDrop is great and we still will be using it at the Guardian for the foreseeable future. At the very least just to support sources who want to blow the whistle but don't use our app.

In terms of how it's different. We attain anonymity without requiring a user to install Tor Browser, which we think is significant. Building this feature into our news app lowers the barrier of entry for non-technical sources quite significantly, and we think helps them achieve good OPSEC basically by default.

CoverDrop (aka Secure Messaging) has a few limitations right now that we'll be working to overcome in the next few months. Primarily that we don't support document upload due to the fact that our protocol only sends a few KB per day. Right now a journalist has the option to pivot the user onto another platform e.g. Signal. This is already better since the journalist can assess the quality of, and risks posted to, the source before giving their Signal number.

The current plan to improve this within the CoverDrop system is to allow a journalist to assess the risk posted to a source and, if they deem it acceptable, send them a invite link to upload documents which the client will encrypt with their keys before sending. This affects anonymity of course so we'll be investigating ways in which we can do this while doing our best to keep the source anonymous. There are a few techniques we could use here, for example making the document drop look like an encrypted email attachment being sent to a GMail account. I like this[1] paper as an example of an approach we could take that is censorship resistant.

Another limitation is that the anonymity of our system is largely predicated on the large install base of our app. In the UK/US/AU we have a pretty large install base so the anonymity properties provided by the protocol are nice, but if another smaller news agency were to pick up our tech as it stands right now then they wouldn't have this property. That said, in practice just having our plausibly deniable storage approach is a pretty big improvement over other whistleblowing approaches (PGP, Tor based, etc), even if you're the only person in the set of possible sources using the app.

[1] https://petsymposium.org/popets/2022/popets-2022-0068.pdf
itsibitzi
·ปีที่แล้ว·discuss
On spam:

We’ve got some basic filtering for full on DoS type attacks already.

The difficulty here is that a user can produce a reasonable amount of spam from a spread of IP addresses which would be disruptive to our journalist users but below threshold to be considered a DoS attack.

It’s tricky because we can’t have anything that could link a given message to a given user as that would break anonymity.

We’ve got some ideas with anonymous credentials from app attentions for the more long term. E.g. if you’re expected to submit 1 message an hour from your queue you can request 24 single use tokens from the API by performing an attestation that you’re running a genuine app. You then spend these as you send messages. We don’t have a full spec for this right now such that it can be fully anonymous but that’s the general idea.

There’s also some possible spam detection we can do in the journalist GUI which we’re interested in exploring. Right now the spam control is quite basic (muting) but the message rate is low due to the threshold mixer anyways so not so bad.

On key management:

Each journalist has an encrypted vault which requires a key derived from a password. If this password is lost and the journalist has no backup then it’s game over. We need to regenerate their identity in the key hierarchy as if they were a new user and messages they’ve not seen are lost, there is no way to pick up those sources again.

We have some plans on using MLS as an inter-journalist protocol which should enable having multiple actual humans per journalist/desk listed in the app. That would depend on the journalists agreeing to have their vault be shared of course. Once multiple humans are backing a single vault then the risk of password loss becomes smaller as if one journalist loses their password the other journalist should be able to share their back messages to them.
itsibitzi
·ปีที่แล้ว·discuss
I agree, it should certainly be front-and-centre, either the landing page or the on-boarding carousel.

I'll see if we can get something together before the next app release. Thanks again!
itsibitzi
·ปีที่แล้ว·discuss
Tech lead on the project here.

I would certainly recommend that readers not use a work phone, not only for the reasons you've stated but also that a lot of work devices use mobile device management software which is functionally spyware. To your point, dealing with having a very small anonymity set is tricky regardless of the technology used.

We do go to great lengths to make usage of the app to blow the whistle plausibly deniable. Data is segmented to "public" and "secret" repositories, where any secret data is stored within a fixed-sized/encrypted vault protected by a KDF technique that was developed by one of the team in Cambridge (https://eprint.iacr.org/2023/1792.pdf)

But of course, all this could be for nothing if you've just got corporate spyware on your device.

This is certainly something we've talked about internally but I've double checked the in-app FAQs and I think we could be more clear about recommending users not use on a work device, especially with MDM. We'll get that updated as soon as possible. Thanks!

-- edit

I should add that we do some basic detection devices that have been rooted or are in debug mode and issue a warning to the user before they continue. I'd be interested in what we can do to detect MDM software but I fear it might become a cat-and-mouse game so it's preferable that folks not use their work devices at all.
itsibitzi
·ปีที่แล้ว·discuss
Project lead here, the Secure Messaging part of the app is accessible without a subscription through the main menu.
itsibitzi
·ปีที่แล้ว·discuss
Out of interest, how did you stream the video data to the frontend?
itsibitzi
·ปีที่แล้ว·discuss
The elite Silicon Valley venture capitalist class has made it pretty clear which side they're on.
itsibitzi
·ปีที่แล้ว·discuss
I think people really don't understand the effort, care and risk that goes into producing quality reporting.

I work with investigative reporters on stories that take many months to produce. Every time we receive a leak there is an extensive process of proving public interest before we can even start looking at the material. Once we can see it in we have to be extremely careful with everything we note down to make sure that our work isn't seen as prejudiced if legal discovery happens. We're constantly going back and forth with our editorial legal team to make sure what we're saying is fair and accurate. And in the end, the people we're reporting are given a chance to refute any of the facts we're about to present. Any mistakes can result in legal action that can ruin the lives of reporters and shut down companies.

Now, imagine I were to go to a reporter who has spent 6 months working on a story about, for example, a high profile celebrity sexually assaulted multiple women, how the royal family hides their wealth and are exempt from laws, or how multinational corporations use legal loopholes to avoid paying taxes, and said, "oh, 1% of people reading this will likely be given some totally made up details".

Given that stories often have more than a million impressions, this would lead tens of thousands of people with potentially libellous "hallucinations".

It simply should not be allowed.

LLMs have their place, for sure, but presenting the news is not it.
itsibitzi
·ปีที่แล้ว·discuss
As someone who works in the news industry I find it pretty sad that we've just capitulated to big tech on this one. There are countless examples of AI summaries getting things catastrophically wrong, but I guess Google has long since decided that pushing AI was more important than accurate or relevant results, as can also be seen with their search results that simply omit parts of your query.

I can only hope this data is being incorporated in some way that makes hallucinations less likely.
itsibitzi
·2 ปีที่แล้ว·discuss
I think we can be pretty confident that he wasn't shot because an AI product wasn't accurate.
itsibitzi
·2 ปีที่แล้ว·discuss
I would agree and expand on this and say such hyper-luddites tend to make picking up new technology a self-fulfilling bad idea. Even if you can present a fantastic business case for something they don't want to learn new things so if you do introduce it they will refuse to learn and progress will suffer as a result.
itsibitzi
·3 ปีที่แล้ว·discuss
Disclosure: I'm an engineer working at the Guardian on investigations tools.

In your opinion, what can newspapers and their technology teams do to improve the process of whistleblowing. Any perspective is really interesting!
itsibitzi
·3 ปีที่แล้ว·discuss
As a software engineer in the UK I'm very much in the same bubble. It's almost unreal to me how much Windows has managed to enshittify. It's hard to know at what point (if ever) they'll turn the ship around and make an OS that's actually pleasant to use. I'm guessing there are basically no economic incentives to do so.

I've personally moved to an entirely MacBook based workflow where I have a dock on my table and plug in either my work or personal MBP depending on what I'm doing.
itsibitzi
·3 ปีที่แล้ว·discuss
Is this role open to remote workers from the UK?
itsibitzi
·3 ปีที่แล้ว·discuss
In case you're not aware, Signal has a chat called "Notes to Self" that should be more or less the same thing, except without having to create a group.
itsibitzi
·3 ปีที่แล้ว·discuss
This tracks.

I live very close to several HS2 construction sites in London and frequently see dozens of people just stood around doing nothing.
itsibitzi
·3 ปีที่แล้ว·discuss
One thing that drove me mad about Oblivion was the level scaling of items which meant it sometimes made sense to be strategic about when you completed a quest in order to best optimise/metagame the mechanic.

I really love it when a game is completely happy to allow you to innocently wonder into a zone far above your level and let you get completely squashed by the monsters you find there.
itsibitzi
·3 ปีที่แล้ว·discuss
You can jump straight to search using {Cmd,Ctrl}-L the same as a web browser, but for folks who're not used to key commands the decision to hide the search bar is absolutely deranged.
itsibitzi
·4 ปีที่แล้ว·discuss
It's literally a quote in the article hence the quotation marks.