Don't trust any company that sells "Swiss neutrality" in the name of security. Mitto AG is the 21st century Crypto AG, who sold secure phones to almost all countries, so that the five eyes can spy on diplomatic communications.
Phones in general are terrible for opsec. Even if you've flashed a Pixel with GrapheneOS[0] you can't reliably determine if you have malware on your device. They're totally opaque. So are computers in general: They're largely black boxes which we have no insight to and can't readily inspect what they're doing at any given moment. Also: Welcome to the Internet!<p>[0] <a href="https://grapheneos.org/" rel="nofollow">https://grapheneos.org/</a>
This isn't "breaking news" as this site claims. The source was published in 2021: <a href="https://www.bloomberg.com/news/articles/2021-12-06/this-swiss-tech-exec-is-said-to-have-operated-a-secret-surveillance-operation" rel="nofollow">https://www.bloomberg.com/news/articles/2021-12-06/this-swis...</a>
The problem of course is that accepting such a backdoor presumes there is some benevolent institution that can be trusted to fairly regulate use of the backdoor.
So it's really from the two options:<p>1. Rock solid encryption without any backdoor, protecting everyone at the cost of being unable to decrypt some vital info.<p>2. Encryption with backdoor, decrypting any message at at the cost of potentially exposing everyone.
The Russian shell company as a proof of involvement of Russian intelligence services puzzles me quite a bit. I thought this could be done remotely without the need of a local branch. It sounds more like it has been established there to sell these backdoored encryption products on their market. Or am I missing something?
I have never been under the impression that 2fa with telephone numbers was anything other than surveillance. Either by the company touting it as a security enhancement or by mitm.<p>And for the record don't think that apps that use the central messaging frameworks enforced by Google and Apple are doing anything different.
Every time I log in to my bank with Firefox or and device anywhere in the world, Google is told about it. In the real world this means that Google has to autorize my access to my bank.
The headline is editorializing beyond what’s supported by the article. That technology, SS7, wasn’t intended as a backdoor. It was about network management. As such, it may have been possible to gain access to it far easier than it would be to some intentional backdoor.