03-01-15 07:13 AM
98 ... 234
tools
  1. Bluenoser63's Avatar
    I'm not sure how seriously I should be taking you. If you think that the primary purposes of online freedom and privacy is for child porn, criminals and terrorists... I'm sorry.

    What nonprofits make more than $2 million? Most of the ones that anyone has heard of.

    As stated in the article you linked to, the Facebook/Google money was for the settlement of a class-action lawsuit for alleged privacy violations. A portion of the settlement went to the EFF, a privacy advocate that is on the side of Net Neutrality, as is Google. None of this changes the score cards or reveals why you think the study is wrong, so remind me again what you're taking issue with?
    If you think that online freedoms means that everything should be private and untouchable including child porn, criminals and terrorists, then that is your position. EFF fought against a law that would convict people of spreading revenge porn.

    https://www.eff.org/mention/should-g...n-revenge-porn

    Do you support EFF's position that laws that prevent revenge porn should be struck down and banned?

    How about cyber bulling? Should laws against that be banned also in the name of online freedom?

    Suicide of Rehtaeh Parsons - Wikipedia, the free encyclopedia

    I would still like to know which foundations donated over 2 million dollars to EFF. Do you know what they are?

    I am trying to point out that EFF supports privacy, but took a million dollars from Google who is all about invading your privacy. And their positions are black and white and the world is not. EFF is not as good a some people make them out to be. You always need to question sources and methodology and the intentions of groups. EFF is one that needs to be scrutinized and not given a free pass.
    11-12-14 12:14 AM
  2. mornhavon's Avatar
    If you think that online freedoms means that everything should be private and untouchable including child porn, criminals and terrorists, then that is your position.
    It's not my position, it's not even the position of the EFF. You're sure going out of your way to paint the EFF poorly. If I support a bill preventing unlawful detainment, or illegal search & seizure, does that put me on the side of the terrorists, criminals and child predators as well?

    Do you support EFF's position that laws that prevent revenge porn should be struck down and banned?
    https://www.eff.org/mention/state-se...w-revenge-porn
    "The Electronic Frontier Foundation agrees the revenge porn problem needs to be addressed, just not the way Senator Cannella is going about it." Also, do I need to agree with their stance on EVERYTHING to agree with ANYTHING they do, including a fact-based privacy study?

    I would still like to know which foundations donated over 2 million dollars to EFF. Do you know what they are?
    https://www.eff.org/thanks
    The John D. and Catherine T. MacArthur Foundation
    Open Society Foundations

    I am trying to point out that EFF supports privacy, but took a million dollars from Google who is all about invading your privacy.
    As a small portion of a class-action lawsuit settlement relating to privacy, which is why the EFF contribution was appropriate.

    We're WAY off topic. You seem to have a bone to pick with the EFF, Google and corporations in general (except BlackBerry?). Maybe you should start your own thread, this one is discussing the study that you don't seem to be commenting on.
    Last edited by mornhavon; 11-12-14 at 01:42 AM.
    sentimentGX4, schmeat and Eumaeus like this.
    11-12-14 12:45 AM
  3. Jonny-R's Avatar
    Judging by their ability to hand over the contents of BBM messages to law enforcement, I'd say yes.
    Example: http://www.ctvnews.ca/mobile/sci-tec...pted-1.1866154

    The EFF's criteria for this study was made clear, they've also shown their willingness to correct the score card if new information is brought to their attention. From what I can tell, their marks for BBM are correct. If you can prove that the score card for BBM is wrong, contact the EFF with your proof and get it fixed. Otherwise, be thankful for a non-profit watchdog that's trying to hold tech companies to a higher standard. Maybe BBM should put a few of these items on their "to do" list.
    Did you actually read that article? It says PIN to PIN messages, which are DES global key scrambled. They would have been using legacy devices. BBM is now TLS encrypted end - end with the key on top further. The DES scrambling is NOT encryption and can be reverted. BlackBerry doesn't tout PIN to PIN as secure. The other times BBM has been intercepted was again when it used to just be scrambled.

    Posted via CB10
    Last edited by Jonny-R; 11-12-14 at 04:39 AM.
    mornhavon likes this.
    11-12-14 04:23 AM
  4. mornhavon's Avatar
    Did you actually read that article? It says PIN to PIN messages, which are DES global key scrambled. They would have been using legacy devices. BBM is now TLS encrypted end - end with the key on top further. The DES scrambling is NOT encryption and can be reverted. BlackBerry doesn't tout PIN to PIN as secure. The other times BBM has been intercepted was again when it used to just be scrambled.
    The article mentioned BBM messages being intercepted in 2013, I hadn't realized BBM's encryption had changed since then. Thanks for the correction, I just learned something new.

    The EFF seems to believe BlackBerry is capable of reading BBM messages. If it can be proven that they are not, that should give them another point on the score card.
    Last edited by mornhavon; 11-12-14 at 08:19 AM.
    11-12-14 08:08 AM
  5. Komoto's Avatar
    My guess is that the tests were chosen to show the results that they show.

    There is very little mention of the NSA backdoor in Facebook and apple servers.

    I would imagine blackberry is more secure than it has been made out to be, but due to a number of technicalities they will have to keep the x's where they are.

    Just a thought.

    Posted via CB10
    11-12-14 08:38 AM
  6. dguy123's Avatar
    Yes, but auditing one's own product might not be considered very above board.
    Well if BBM was audited 13 months ago it doesn't count.
    So if they're audited for fips and pass, they are fips certified. You don't become uncertified unless you mess with the related code.
    But in this checklist, that audit/cert that wouldn't count.
    Posted via CB10
    11-12-14 08:56 AM
  7. THBW's Avatar
    The EFF isn't a fly-by-night "research" firm, they don't take donations in exchange for biased research. They're very forthcoming about where their money comes from, and almost none of it is from corporations (aside from the Humble Bundle, if you call that a corporation).
    Source: https://www.eff.org/about/annual-reports-and-financials
    If you have a problem with their findings, disprove them. It's a checklist, not a touchy-feely essay.
    Okay, then just publish it with the article. It's called full disclosure and foundations are supposed to practice it continuously; not once a year in a general operating budget that lacks details. You would be surprised how you can filter this stuff through think tanks, foundations and university. Your living in la la land if you don't think it happens.

    So tell me, how did the EEF miss the fact that BlackBerry does publish it's encryption procedures? You must admit, there is a degree of irony knowing that the EEF doesn't know how to use the Internet. And then there's the completely incorrect assumption that all encryption is sort of equal. And how about Whatsapp sloppy use of phone numbers that are a security nightmare. Oh right that's OK. Funny how all the things BlackBerry excels at to maximize security are forgotten, dismissed or considered unimportant. I've seen this play before and I don't buy one bit of it.

    Posted via CB10
    11-13-14 02:31 AM
  8. mornhavon's Avatar
    Okay, then just publish it with the article. It's called full disclosure and foundations are supposed to practice it continuously; not once a year in a general operating budget that lacks details. You would be surprised how you can filter this stuff through think tanks, foundations and university. Your living in la la land if you don't think it happens.
    You're assuming that the EFF works like a pay-for-result think tank, I'd call that being jaded. If ANYONE (especially an involved party) paid for this study to be done, it absolutely should have been specifically stated. But since the EFF has no history of pay-for-study behaviour from what I could tell, I don't believe that was the case here. 2/3 of the donations they receive are from individuals, do you believe they're required to state that "Greg Martel's no-strings-attached $50 donation allowed us to perform this unsolicited study"? That's bush league, and many would consider it a breach of privacy for the individual.

    So tell me, how did the EEF miss the fact that BlackBerry does publish it's encryption procedures? You must admit, there is a degree of irony knowing that the EEF doesn't know how to use the Internet.
    Did you read their criteria for determining this at the bottom of the score card page? There doesn't seem to be ENOUGH documentation about BBM's encryption to meet their requirement. I was able to find better information about BBM Protected, which earned an EFF check mark for that category, but the details for BBM are more sparse. If you find better documentation for normal BBM that meets their criteria, let me know where it is and I'll PERSONALLY take it up with the EFF. They've already shown they are willing to correct the score card if they are contacted.

    And then there's the completely incorrect assumption that all encryption is sort of equal. And how about Whatsapp sloppy use of phone numbers that are a security nightmare. Oh right that's OK. Funny how all the things BlackBerry excels at to maximize security are forgotten, dismissed or considered unimportant. I've seen this play before and I don't buy one bit of it.
    The criteria could have been expanded and would have been even more useful (isn't that the case with every study ever performed?), but it's intended to be a yes/no checklist with few columns to make it easily readable, not an in-depth study of each. "Can the company read/hand over your messages" is deemed more important than listing how many years it would take for a 3rd party to crack it (if they were able to intercept the traffic and couldn't simply ask for the unencrypted data).
    app_Developer likes this.
    11-13-14 09:44 AM
  9. jpvj's Avatar
    "BlackBerry sets the record straight on BBM security" - http://utbblogs.com/bbm/blackberry-s...-bbm-security/

    Some of you need to brush up on your BBM knowledge before you impart incorrect facts, judging by a quick browse of the comments.

    For example BlackBerry DO list BBM's security features very openly on their own website. IE that is end-end TLS encryption, extra DES key scrambling (on top of TSL encryption) for BlackBerry devices and man in the middle attacks being (probably?) impossible due to certificate pinning (which iMessage and WhatsApp for instance don't employ).

    Posted via CB10
    Hi Johny

    Thx. I stand (a bit) corrected with regards to the added TLS layer.

    However I think you read the TLS part incorrectly:
    BlackBerry states the devices transmits data through the BBI via an TLS connection. Since the devices both connects to the BBI I *assume* it is not an end-to-end encryption but the BBM data is transmitted between two independent TLS tunnels (=still 3DES scrambled and definitely readable by BlackBerry).

    If end-to-end encryption was in place, I can assure you BlackBerry would tell us loud and clear.

    Posted via CB10
    11-13-14 05:13 PM
  10. kfh227's Avatar
    Yes, but auditing one's own product might not be considered very above board.
    Internal reviews are the cornerstone to the embedded systems I work on. We are SEI level 3 but that is just some smokescreen garbage we need to do certain got contracts.


    Posted via CB10
    11-13-14 06:52 PM
  11. jpvj's Avatar
    Internal reviews are the cornerstone to the embedded systems I work on. We are SEI level 3 but that is just some smokescreen garbage we need to do certain got contracts.


    Posted via CB10
    ;-)



    Posted via CB10
    11-14-14 02:55 AM
  12. dbollman423's Avatar
    BlackBerry did not turn over information until a court of competent jurisdiction issued a warrant. Also, a police agency has to prove probable cause for the court to believe that the search will yield evidence that a crime was being or has been committed (or an ongoing criminal organization exists).

    Absent BlackBerry giving out PINs/BBIDs to all devices, the scope of the privacy violation was very minimal. These are "legitimate" police endeavors. I used quotation marks because I personally believe that they were going fishing.

    The search probably took place at BlackBerry Headquarters.

    Posted via CB10
    Last edited by dbollman423; 11-15-14 at 10:32 AM.
    11-15-14 10:15 AM
  13. mornhavon's Avatar
    BlackBerry did not turn over information until a court of competent jurisdiction issued a warrant. Also, a police agency has to prove probable cause for the court to believe that the search will yield evidence that a crime was being or has been committed (or an ongoing criminal organization exists).

    Absent BlackBerry giving out PINs/BBIDs to all devices, the scope of the privacy violation was very minimal. These are "legitimate" police endeavors. I used quotation marks because I personally believe that they were going fishing.

    The search probably took place at BlackBerry Headquarters.
    If it's so difficult to get BlackBerry to turn over customer data, you'd think they would be proud to publish transparency reports like most of their competition.
    http://www.zdnet.com/blackberry-has-...ts-7000028298/
    11-15-14 11:32 AM
  14. dbollman423's Avatar
    If it's so difficult to get BlackBerry to turn over customer data, you'd think they would be proud to publish transparency reports like most of their competition.
    http://www.zdnet.com/blackberry-has-...ts-7000028298/
    It's time consuming and not productive.

    In addition, it would likely violate court orders to not disseminate such information.
    Posted via CB10
    Last edited by dbollman423; 11-15-14 at 05:17 PM.
    11-15-14 05:05 PM
  15. dbollman423's Avatar
    It is actually a compliment that BlackBerry had to receive a warrant. The ALL powerful police had to go after phone records. They were a HUGE drug trafficking ring.

    The police could not catch anyone with drugs? They were trafficking cocaine in Europe and the United States.

    All they (the police), had to do, is catch someone, anyone, with a little drugs.

    Posted via CB10
    11-15-14 05:53 PM
  16. mornhavon's Avatar
    It's time consuming and not productive. In addition, it would likely violate court orders to not disseminate such information.
    Transparency reports are generally simple and are not specific enough to violate most mandated terms, they also state that they only include requests that they're permitted to publish the stats of. I think the more likely conclusion is that BlackBerry gives up more data than many here would believe, and that transparency has never been their strong suit.

    It is actually a compliment that BlackBerry had to receive a warrant. The ALL powerful police had to go after phone records. They were a HUGE drug trafficking ring.
    The police could not catch anyone with drugs? They were trafficking cocaine in Europe and the United States.
    All they (the police), had to do, is catch someone, anyone, with a little drugs.
    Do you think that all it takes to shut down a multinational criminal organization is to catch "anyone with a little drugs" and the whole thing falls apart? Police spend years on operations like that and vacuum up every scrap of information they can to use in court, or in case it might be useful at some point in the investigation, it would be irresponsible of them to not request as much pertinent information as they could from any third parties, including BlackBerry. I don't think bring served with a warrant is a compliment, I think it's just a fact of life. Warrants for information from tech companies are not rare, especially in large cases like this.
    11-15-14 09:45 PM
  17. dbollman423's Avatar
    Posted via CB10
    Last edited by dbollman423; 11-18-14 at 09:39 PM.
    11-17-14 08:58 PM
  18. SportsIndexUK's Avatar
    Agreed.
    Me too..
    11-21-14 11:44 AM
  19. Rootbrian's Avatar
    Of course, it must be bull if it reveals BB flaws...tell me if it were so secure why Blackberry released BBM Protected?
    Because BlackBerry Messenger protected is for enterprise?

    Sent from my BlackBerry Bold 9900 using Tapatalk
    11-23-14 05:28 AM
  20. Tornado99's Avatar
    Was this rating report ever refuted in BlackBerry FactChecker? If not, what are we left to read into that?



    Posted via CB10
    11-24-14 11:16 AM
  21. mornhavon's Avatar
    Was this rating report ever refuted in BlackBerry FactChecker? If not, what are we left to read into that?
    I wasn't able to find any official response by BlackBerry, and more importantly, BlackBerry was in contact with the EFF to correct the scorecard for BBM Protected, but didn't change anything for standard BBM.

    Since I haven't seen any factual reasons stated here of why any of the points are incorrect, I think it's safe to assume that the scorecards for BBM & BBM Protected are correct, and that this wasn't a conspiracy or smear campaign orchestrated by Apple or anyone else.
    11-24-14 11:54 AM
  22. Rustybronco's Avatar
    Wonder why BlackBerry does not encrypt the messages using the recipients PIN as the cypher key? Certainly would add another level of secureity. The recipient would then unencrypt the message using the PIN and as we know that the PINs are unique and burned into the hardware it would make it very difficult to intercept.

    Of course it would be horrible to implement in a group chat, but then the group ID could be used as the cypher key I guess.....
    Which brings me up to ask why Sachesi has a change pin exploit? Does it actually change the PIN?

    http://berryleaks.wikia.com/wiki/Sachesi
    Ferrari430Spider likes this.
    02-26-15 08:51 AM
  23. Ferrari430Spider's Avatar
    I know my BlackBerry is more secure than an iPhone and an android

    The media over the years has done so much to ensure BlackBerry crumble.

    BlackBerry is gonna rise again.

    I just cannot wait for the time when handsets will come with built in hardware device to device encryption which sits on top of the mobile operators. This will be nice.

    F*** the NSA and GCHQ

    Posted via CB10
    03-01-15 07:13 AM
98 ... 234

Similar Threads

  1. no icon to make call over bbm
    By bilinguin in forum General BBM Chat
    Replies: 15
    Last Post: 12-16-14, 03:33 PM
  2. PlayBook NOT dead... Bridge has just been updated!
    By Prem WatsApp in forum General BlackBerry Discussion
    Replies: 67
    Last Post: 11-07-14, 11:01 AM
  3. BBM Stickers overpriced?
    By talberry in forum General BBM Chat
    Replies: 7
    Last Post: 11-06-14, 07:52 AM
  4. BBM voice and video not working
    By marvini in forum BlackBerry Passport
    Replies: 5
    Last Post: 11-05-14, 07:41 AM
  5. Strange bbm call behaviour
    By greatgretschsound in forum BB10 Leaked/Beta OS
    Replies: 9
    Last Post: 11-04-14, 11:50 PM
LINK TO POST COPIED TO CLIPBOARD