I don't love YAML, but for configurations I always choose it for the simple fact that it supports comments. Comments for json are almost always hacky (for example, imbedding a comment key inside the value).
Is the model of the phone known? If it's a relatively new BlackBerry running Android, and if it can be rooted:
* the main WhatsApp msgstore database in /data is not encrypted
* the msgstore backup databases (.crypt* in /sdcard) can be decrypted easily using the key file (mentioned in the article) which is also stored in /data
One could probably reverse engineer the WhatsApp APK to figure out how the key file is generated.
I would hazard a guess that Signal messages are also not stored encrypted at the source and destination (beyond the protection offered by the operating system).
Yea this is key. It's possible to have Signal on your device but not implement any device locking passcode or passcode for unlocking Signal... That would make it trivial to recover data if you have the device.
An alternative method of protecting oneself is to set an expiry timer, which makes messages in a conversation ephemeral. 1 week seems to be a fine balance between being able to look back at old messages, while also not having those you communicate with be allowed to store data on your device for too long.
Signal won't prune the messages until you open the app (or maybe the conversation) again. There've been a few releases where the changelog notes that the app didn't expire ephemeral messages properly.
That's a good idea. Even if you enable FDE and a strong passphrase, the court can still compel you to unlock it. They cannot compel you to automagically undelete expired messages (hopefully those are expired and removed in a secure mannner...)
The key difference btw Google and Microsoft is this:
If MS harmed you, you'd know. If Google intends to harm you, it looks like a stroke of bad luck.
All they have to do is hide the tree (you the person they intend to harm) within the forest (thousands of other sites/businesses) affected by the same policy change.
You could go months without finding out. And if you ever do, it's extremely difficult to prove foul play.
It is not possible truly to know one way or another at a complete level, although it is unlikely. Saying they are not this powerful is, well, simply not true. It is not possible without creating a huge skunk-works internal project binding people to secrecy.
Google doesn't have the power to bind people to secrecy in the same way that say, the CIA, FBI, or NSA do. It does not mean that they do not have the capability of doing these things.
Exactly. This makes so much sense for the city. This type of calculation doesn’t even include a fuzzy bump in technological growth for a city that’s connected with cheap fiber.
This is the case in many, many major cities. When discussing this type of rollout, it’s almost always talking about last-mile, which is the most expensive to rollout and maintain.
Ugh I read your job post months ago and I’m so interested in what you’re doing. I’m not aligned in any of the skills, just really interested about the actual work. What can you share?
Interesting idea. My hunch tells me that they’re underestimating the corrosive nature of salt water. I also wonder about vibrations, which are much more pronounced underwater.
