Trump staffers using app that deletes their messages: report - Polidicks

[IMG]http://thehill.com/sites/default/files/styles/article_full/public/genericphone_getty.jpg?itok=Atsq5SWI[/IMG] [Quote] Trump administration staffers are reportedly communicating by using an encrypted messaging app that erases messages shortly after they have been received. The Washington Post reported on Tuesday that officials were using the app, called Confide, to avoid being caught talking to the media, as President Trump moves to crack down on leaks. The Post report followed a report from Axios last week that reported Confide had become a favorite app for Republican staffers. [/Quote] [URL="http://thehill.com/policy/technology/319478-trump-staffers-reportedly-communicating-through-app-that-automatically"]The Hill[/URL] B-but it's okay when the GOP does it!!!

everything is terrible

But--But her emails?! [highlight](User was banned for this post ("Meme reply, was just banned" - Craptasket))[/highlight]

[IMG]http://i.imgur.com/8E2iKVa.png[/IMG] [t]http://i.imgur.com/naAwRGS.png[/t] pretty cool messaging app, easy to see why they are using it

[QUOTE=Wii60;51823310][IMG]http://i.imgur.com/8E2iKVa.png[/IMG] [t]http://i.imgur.com/naAwRGS.png[/t] pretty cool messaging app, easy to see why they are using it[/QUOTE] Still goes through a 3rd party server.

it's amazing how much dirt can be dug up in 24 hours

It doesn't read like the White House is advocating this kind of business, more like they're trying to discourage it. Trump has a definite interest in avoiding the kinds of leaks that hurt Hillary in the campaign, but the folks using this app appear to be doing so of their own prerogative. I wonder why?

[QUOTE=Sam Za Nemesis;51823355]Have fun breaking their individual private key[/QUOTE] You're foolish if you don't think there's a backdoor.

[QUOTE=Sam Za Nemesis;51823355]Have fun breaking their individual private key[/QUOTE] man-in-the-middle attack. Malware on the phone. Phishing. Physically just taking a picture over their shoulder, even.

[QUOTE=Wii60;51823310][IMG]http://i.imgur.com/8E2iKVa.png[/IMG] [t]http://i.imgur.com/naAwRGS.png[/t] pretty cool messaging app, easy to see why they are using it[/QUOTE] Most of that screenshot protection can in theory still be circumvented with a custom client, but if they use good encryption (e.g. Signal protocol (or just plain PGP without signing, but that's less secure due to not rotating keys and doesn't authenticate the session)) that alone is still effectively the same as someone taking notes by hand really quickly. Capturing absolute proof would be difficult, to say the least.

Sure, your android could get malware. But who is left to blame for that? These apps (see [URL]https://rumuki.com/[/URL] too, was recently on Hacker News) are as secure as they can get

[QUOTE=RocketSnail;51823433]Sure, your android could get malware. But who is left to blame for that? These apps (see [URL]https://rumuki.com/[/URL] too, was recently on Hacker News) are as secure as they can get[/QUOTE] So you're saying you're cool if their phones get malware that can compromise national security cause that's their fault?

[QUOTE=Llamaguy;51823367]You're foolish if you don't think there's a backdoor.[/QUOTE] That can be ruled out with client-side security review, actually. End-to-end encryption that lets you manually verify the keys/signatures through a side channel can't be backdoored if the clientside code is known. All that said, this one doesn't seem to have that validation feature (as far as I can tell from the website), so it's possible for them to push fraudulent public keys. It wouldn't be unobservable if they did that and may leave behind evidence, though.

[QUOTE=Tamschi;51823394]Most of that screenshot protection can in theory still be circumvented with a custom client, but if they use good encryption (e.g. Signal protocol (or just plain PGP without signing, but that's less secure due to not rotating keys and doesn't authenticate the session)) that alone is still effectively the same as someone taking notes by hand really quickly. Capturing absolute proof would be difficult, to say the least.[/QUOTE] Or just use another phone to record the screen while receiving the message, if someone really wanted hard proof, all the encryption and screenshot protection in the world only goes so far.

so basically there is no way of getting those messages

Looks like we are about to find out how secure this app is as they now have a massive sign saying SECRET US GOVERNMENT DOCUMENTS GO THROUGH OUR SERVERS COME HACK US

[QUOTE=jordguitar;51823930]Looks like we are about to find out how secure this app is as they now have a massive sign saying SECRET US GOVERNMENT DOCUMENTS GO THROUGH OUR SERVERS COME HACK US[/QUOTE] Not to mention the US intelligence community going "u wot m8" at violation of data retention laws with probably wholly unauthorized software and suddenly escalating cracking/compromising it themselves.

pretty sure thats supremely illegal...

[URL="http://www.politico.com/story/2017/02/federal-workers-encrypted-messaging-apps-congress-235012"]Well this is just hypocritical of them now isnt it[/URL]

[QUOTE=ElectroMagnet;51823676]Or just use another phone to record the screen while receiving the message, if someone really wanted hard proof, all the encryption and screenshot protection in the world only goes so far.[/QUOTE] OTR comes with a tool to really easily forge logs for this reason, you only need plausible deniability in cases like these. Doing it for this app would be a bit more complicated, but a traceless 'let me receive a fake message from x in 5 minutes' function would go a long way.

[QUOTE=Tamschi;51823394]Most of that screenshot protection can in theory still be circumvented with a custom client, but if they use good encryption (e.g. Signal protocol (or just plain PGP without signing, but that's less secure due to not rotating keys and doesn't authenticate the session)) that alone is still effectively the same as someone taking notes by hand really quickly. Capturing absolute proof would be difficult, to say the least.[/QUOTE] Sooo take a photo of the messages and the phone with a camera while viewing?

1) The app is being used to communicate with media, not send confidential information. 2) This is not official policy in the White House. The article says "some" staffers have used the app. Is that 2? 3? 10? Who knows. 3) There is no a single citation, not even an anonymous one, for this in the original WP article.

Isn't this a blatant violation of the freedom of information act?

Now don't get me wrong, I love seeing shit his administration does get put out into the light. But this just seems like basic opsec, I'd be surprised if the bush and obama administration didn't also do something similar with their messages.

[QUOTE=garychencool;51824941]Sooo take a photo of the messages and the phone with a camera while viewing?[/QUOTE] [QUOTE=Tamschi;51824670]OTR comes with a tool to really easily forge logs for this reason, you only need plausible deniability in cases like these. Doing it for this app would be a bit more complicated, but a traceless 'let me receive a fake message from x in 5 minutes' function would go a long way.[/QUOTE] [editline]15th February 2017[/editline] [QUOTE=Crimor;51825084]Now don't get me wrong, I love seeing shit his administration does get put out into the light. But this just seems like basic opsec, I'd be surprised if the bush and obama administration didn't also do something similar with their messages.[/QUOTE] I'm almost certain it's illegal to use this for anything official, because it gets rid of the paper trail used to investigate possible malpractice. The people in question don't do that though (and doing this would actually be massively insecure compared to just using physical memos or an internat email server for that purpose). They're using it because they're leaking info to the media very much outside of what their bosses want them to do. I'm pretty sure neither Bush nor Obama had this problem to anywhere close to the same extent.