Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism. The Guardian has published the open source code for this important tech to enable adoption by other media organisations.
But like the ice tracker, wouldn’t download and use the app expose the potential user lists to surface if local authority can ask for such information?
Not only that, but every app will constantly appear to be sending messages, so real messages are greatly obfuscated. That’s honestly the real innovative part of the product IMHO.
No it’s a bit complex. The transmissions are sent constantly at regular intervals and are a very specific size and are then combined later. So it’s not “instant” messaging. It’s closer to email.
So encrypted, periodical interval to mask out any incoming/out going variance in traffic I wonder how they mitigate the backend part as there might be a ton of wasted traffic to hide the actual traffic. since they obviously need a lot of users to hide the whistle blower, but that also mean their backend needs to be pretty smart to handle lots of traffic and still consume energy to decrypt and then throw away the “noise” data.
But like the ice tracker, wouldn’t download and use the app expose the potential user lists to surface if local authority can ask for such information?
I think they are bundling this into their regular app, so they’d have to put every guardian read on the list😅
Yep, that’s the point described in the linked paper - traffic goes via the same domains used for their app, and the messenger is embedded in their app
Not only that, but every app will constantly appear to be sending messages, so real messages are greatly obfuscated. That’s honestly the real innovative part of the product IMHO.
that’s really cool. Does the message part work as regular p2p message app?
No it’s a bit complex. The transmissions are sent constantly at regular intervals and are a very specific size and are then combined later. So it’s not “instant” messaging. It’s closer to email.
So encrypted, periodical interval to mask out any incoming/out going variance in traffic I wonder how they mitigate the backend part as there might be a ton of wasted traffic to hide the actual traffic. since they obviously need a lot of users to hide the whistle blower, but that also mean their backend needs to be pretty smart to handle lots of traffic and still consume energy to decrypt and then throw away the “noise” data.