Don't let the mainstream new media convince you that #signal is a bad choice for end-to-end encryption. What the media fails to do is convince you that the state of security on end user devices ends up bad because people are prone to making bad decisions.
#opsec
9 posts9 participants0 posts today
I have seen a few posts on here regarding #opsec and protests. Particularly about posting photos from demonstrations where people's faces can be seen.
I get this.
However, and this is an honest question: if a purpose of these protests is to demonstrate how many people are participating, how should one actually do that without sharing photos? It is impossible to expect everyone protesting to be masked, and it is impossible to ask every single person in a group photo to give consent to sharing their face.
In a world of effectively no privacy, how is this all supposed to work?
Waltz’s team set up at least 20 Signal group chats for crises across the world - POLITICO https://www.politico.com/news/2025/04/02/waltzs-team-set-up-at-least-20-signal-group-chats-for-crises-across-the-world-00266845
Replied in thread
Continued thread
“Unless you are using #GPG, email is not end-to-end encrypted, & the contents of a message can be intercepted & read at many points, including on Google’s email servers,” said Eva Galperin, director of #cybersecurity at the Electronic Frontier Foundation.
#NationalSecurity experts have expressed alarm over the #Trump admin’s denial that the leaked #Signal chat contained #classified information.
Continued thread
Data #security experts have expressed alarm that US #NationalSecurity professionals are not…[just]…using the govt’s suite of secure encrypted systems for work communications such as JWICS, the Joint Worldwide Intelligence Communications System.
Most concerning, however, is the use of personal email, which is widely acknowledged to be susceptible to hacking, spearfishing & other types of digital compromise.
Continued thread
The use of personal email, even for unclassified materials, is risky given the premium value foreign #intelligence services place on the communications & schedules of senior govt ofcls, such as the #NationalSecurity adviser, experts say.
…Waltz has also created & hosted other #Signal chats w/Cabinet members on sensitive topics, including on #Somalia & #Russia’s war in #Ukraine, said a senior #Trump admin official.
Continued thread
#MikeWaltz has had less sensitive, but potentially exploitable information sent to his #Gmail, such as his schedule & other work documents, said ofcls, who, like others, spoke on the condition of anonymity to describe what they viewed as problematic handling of information. The ofcls said Waltz would sometimes copy & paste from his schedule into #Signal to coordinate meetings & discussions.
Continued thread
A snr #MikeWaltz aide used the commercial email service for highly technical conversations w/colleagues at other govt agencies involving sensitive #military positions & powerful #weapons systems relating to an ongoing conflict, acc/to emails reviewed by WaPo. While the #NSC official used his #Gmail account, his interagency colleagues used govt-issued accounts, headers from the email correspondence show.
Continued thread
The use of #Gmail, a FAR LESS secure method of communication than the encrypted messaging app #Signal [which isn’t secure enough for these kinds of comms either], is the latest example of questionable #security practices by top #NationalSecurity ofcls already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for #military ops in Yemen.
Continued thread
Members of #Trump’s #NationalSecurity Council #NSC, including WH #NationalSecurity adviser #MikeWaltz, have conducted govt business over personal #Gmail accounts, acc/to documents reviewed by WaPo & interviews with three #US officials.
Unsurprisingly, it keeps getting worse
#MikeWaltz & staff used #Gmail for government communications
#Trump’s #NationalSecurity adviser is trying to manage his way out of a crisis. But new revelations about his team’s operational security are piling up.
#Signalgate #Signal #OpSec #military #idiocracy #kakistocracy
https://www.washingtonpost.com/national-security/2025/04/01/waltz-national-security-council-signal-gmail/
The Washington Post · Waltz and staff used Gmail for government communications, officials say
The Trump Administration's astonishing security lapse may be much greater than anybody realizes... Putting Signalgate in context of Salt Typhoon.
#Espionage #Infosec #OpSec #Signal
https://www.spytalk.co/p/cia-ops-veteran-calls-signal-scandal
SpyTalk · CIA Ops Veteran Calls Signal Scandal “the tip of the iceberg”
Replied in thread
New Video: How Signal Became a National Security Threat
We cover Signalgate, Trump’s OPSEC fail, Clinton’s email server, and Obama’s Blackberry, and more! —no whataboutism, just cybersecurity facts.
https://youtu.be/e7b5_OKn7XE
#CyberSecurity #Infosec #DonaldTrump #Signalgate #Opsec #Politics #News
Twitter, #X, hit by massive data breach potentially impacting 2.8 billion users, inside job suspected - “A data leak involving a whopping 2.87 billion Twitter (X) users has surfaced on the infamous Breach Forums. According to a post by a user named ThinkingOne, the leak is the result of a disgruntled X employee who allegedly stole the data during a period of mass layoffs. If true, this would be the largest social media data leak in history, but surprisingly, neither X nor the broader public appears to be aware of it.” #DataBreach #DataPrivacy #opsec #infosec #Twitter #privacy
https://hackread.com/twitter-x-of-2-8-billion-data-leak-an-insider-job/
Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News · Twitter (X) Hit by Data Leak of 2.8 Billion Users; Allegedly an Insider JobFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Whoa, looks like BlackLock got hacked. Seriously, it just hammers home how vital good security practices are – even if you're on the *other* side of the fence! Major OPSEC blunder right there, wouldn't you say? 
And hey, this really drives home another point: relying *only* on automated scans? That's just not cutting it for real-deal pentesting, people. You absolutely have to get hands-on and dig in manually. There's no substitute for it.
Honestly, that’s the kind of thorough work our clients appreciate – when we actually probe deeper than just the surface findings. It makes a difference.
So, what’s your take? Seems like OPSEC gets overlooked way too often, doesn't it? Curious to hear your thoughts!
Replied in thread
Seems easier to just use Linux.
