- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
A British man accused of public disorder after joking about blowing up a flight has gone on trial in Spain.
Aditya Verma made the comment on Snapchat on his way to the island of Menorca with friends in July 2022.
The message, sent before Mr Verma departed Gatwick airport, read: “On my way to blow up the plane (I’m a member of the Taliban).” Mr Verma told a Madrid court on Monday: “The intention was never to cause public distress or cause public harm.”
If found guilty, the university student faces a hefty bill for expenses after two Spanish Air Force jets were scrambled.
Mr Verma’s message was picked up by the UK security services who flagged it to Spanish authorities while the easyJet plane was still in the air.
A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick’s Wi-Fi network.
Appearing in court on Monday, Mr Verma - who is now studying economics at Bath University - said the message was “a joke in a private group setting”.
“It was just sent to my friends I was travelling with on the day,” he said. Pressed about the purpose of the message, Mr Verma said: “Since school, it’s been a joke because of my features… It was just to make people laugh.”
So no one involved in the private Snapchat message reported this to Spanish authorities, the UK government intercepted private communications, read it, and misinterpreted a private joke as real threat.
Just imagine how western media reporting on this if it happened in China.
Not really? It was the internal network on the public wifi that detected several redflag words and flagged the message. EVERYTHING you do on public wifi is visible to the owner of the network. Yes, that means that if they went to take the time, a cafe owner could figure out what you were looking up at a certain time.
It’s probably understandable that the system at an airport would flag messages being sent from inside the airport about guns, the Taliban, explosions, and destroying planes.
Contents of tls and end to end encrypted requests should not be visible to the owner
Snapchat messages and text are not end to end encrypted.
They are encrypted because of TLS though
“The platform uses end-to-end encryption for photographs exchanged between Snapchat users. Text messages and other messages transmitted using Snapchat are not encrypted in the same way. Because Snapchat doesn’t release much information about the encryption it employs, it might be difficult to fully comprehend what happens to your messages after they reach Snap’s servers.”
There is obviously some sort of plain text inspection going on. This is obvious.
Never trust advertising.
That has nothing to do with TLS, TLS just means it’s encrypted while in transit to Snapchats servers, so nobody on the local network or any router it hops through can snoop on it, but Snapchat obviously will still get the message and do with it what they want.
This is what ppl are saying, it’s probably not on the local network, since that would be prevented by using TLS which almost everything uses by default these days, but Snapchat itself eavesdropping and sending it along to law enforcement
There’s no “probably” about it; this was not intercepted on the local AP, period. As you said, this was done through the five-eyes endpoints dedicated to intelligence agencies on snapchat’s server side.
Oh yeah absolutely, I just hate being forceful like that lol
like what if I am wrong though
I don’t know for a fact, but almost certainly, Snapchat encrypts messages, because otherwise it’s not just the owner of the wifi network, but also other users who could read everything you write. This is most likely Snapchat sharing your chats with the UK state in real time.
Snapchat text messages are not e2e encrypted. If they were, the state should not be able to read them without compromising or searching the device or having a rat in the group chat.
They transit encrypted to Snapchat’s servers, which then can read them and forward them to NSA/GCHQ as they please (let’s be honest it’s probably on tap for them without any request). Snapchat itself was always extremely sus to me, because its business model makes no sense and it’s the perfect place to get snaps of confidential company info as workers think they’re just sending streaks to friends, and also kompromat.
Snapchat messages and text are not end to end encrypted.
They aren’t end to end encrypted. But they’re still TLS encrypted to the snapchat server.
And you trust the company to be truthful with this… why?
They’re obviously lying.
?
It’s a verifiable fact go download Wireshark.
Going back. Then how did the airport wifi detect and flag the message if the encryption is a verifiable fact? It’s obviously not encrypted if that’s what happened, or the encryption means nothing if the network was able to read it.
I am like three replies deep and people keep saying this. It doesn’t have to be end to end encrypted, just encrypted on its way to Snapchat servers in the most mild manner possible. It would be totally idiotic to have it any other way. Do you know if Snapchat messages are literally sent as plain .txt for anybody to eavesdrop? Can anyone demonstrate this? It sounds easy. Even my Hexbear messages are encrypted and hidden from view from other people on my network.
Snapchat messages and text are not end to end encrypted.
That’s not how the internet works. Your example is also wrong. As long as you’re visiting sites that use HTTPS with TLS, the cafe owner will not be able to see the exact page or index that you are on, just that you visited the website. So for instance, the cafe owner will be able to see that you visited lemmygrad.ml, but they will not be able to see what threads or posts you were viewing on lemmygrad.ml.
What probably happened here is that Snapchat itself picked up the message, because as you have previously said, Snapchat has no end to end encryption policy for text messages, so they themselves, in theory, can access them. Therefore, they were able to pick up on some key words (probably using an automated system or internal tool) in the message, and alert the relevant law enforcement agencies.
This is flat wrong. Any OS made in the last 10 years (at least) will alert you if you connect to an unencrypted AP.
That’s not how end to end encryption works
Snapchat messages and text are not end to end encrypted.
Not end to end encrypted /=/ not encrypted at all.
End to end encryption = service owner cannot decrypt and read the contents of transmitted data, it’s encrypted on source device, decrypted on end device, encrypted throughout transit with keys/information that the transiting devices and network do not possess.
What we’re talking about here is normal web encryption or client to server (transit) encryption.
Let the equals signs indicate encrypted data transmission and <> indicate the end of such encryption at connection endpoints.
ClientA (sender of message) <==> Snapchat Servers <==> other clientB (recipient of message) (There are two distinction connections here, one from clientA, the other from clientB, they do not directly connect in this example)
The snapchat servers establish the encrypted connections to both end user devices for relaying messages. However the messages are not encrypted when they reach the servers, the servers and snapchat infrastructure and personnel can see the messages and act upon them like any other data.
MITM’ing the connection 2000s style is not necessary. Snapchat and nearly any other large company that doesn’t provide end2end encrypted messaging has both automated systems which scan for keywords and sentiment as well as manual review teams to review flagged content and send tips on it quickly to national and local police. In addition many participate in sharing all data with intelligence agencies in the NATO EYES network of agencies such as NSA and GCHQ who themselves perform scanning and sentiment analysis and such on the content.
As to subverting e2e if you control the code you can just have the applications look for certain flags or indicators on the messages once received/sent (and decrypted as apps must be able to decrypt them themselves) and then open connections (TLS web cert transit encrypted) to the company servers and re-transmit the decrypted data along with associated metadata. There’s also stuff with key management for systems that allow multiple devices for users without manual approval where the company could have something that silently adds a special GCHQ/NSA box as an additional device for every single account and generates keys for it and forwards all messages to it but does not disclose this to the user and in such a way the company could technically be unable to access such data themselves while still providing access to intelligence agencies and call that e2e (and it would be just not what we consider properly implemented e2e).
Wait for real? That’s hilariously ironic given their entire purpose.
They say that picture and video snaps are, but they refuse to reveal how unlike other services.
They are extremely dodgy in answering if text messages are encrypted, and from what I’ve seen it looks like pure advertising.
This would be case in point of a public network was somehow able to read and flag the message.
That did not happen - snapchat would refuse to connect to its server completely if the cert wasn’t recognized, so even with one of these awful MITM inspection gateways present (by itself unlikely anyway in an airport AP / outside of a corporate network, because they couldn’t deploy their custom CA to the clients) it would’ve been impossible.
This was obtained through snapchat itself providing the logs real time to GCHQ.