from Hacker News

Anom Encrypted App Analysis

by CPAhem on 6/8/21, 10:17 AM with 69 comments

  • by skissane on 6/8/21, 11:06 AM

    Archived versions: https://archive.is/jtJvK

    https://web.archive.org/web/20210608102417/https://webcache....

    (Since, as we all know, Google’s webcache won’t last)

  • by ______- on 6/8/21, 1:48 PM

    Maybe I'm missing something vital here, but why trust these `drug dealer` phones? What's wrong with using Signal on an encrypted Android device?

    Since the Encrochat scare I would imagine no dealer in their right mind would ever use a crimephone again.

  • by GekkePrutser on 6/8/21, 1:00 PM

    This 'analysis' seems to be more PR speak by another similar network? I wouldn't put much trust in people using terms such as 'ENTERPRISE MILITARY GRADE', of course in all caps to emphasize the effect. Has snake oil written all over it.

    I thought this article would be a genuine analysis by a security researcher as a tie-in to the news today:)

  • by sarnowski on 6/8/21, 11:56 AM

  • by bcraven on 6/8/21, 10:55 AM

    "STAY AWAY FROM ANOM IF YOU VALUE YOUR PRIVACY & SAFEY, THEY ARE COMPROMISED, LIARS AND YOUR DATA IS RUNNING VIA USA – Passed onto LAW ENFORCEMENT and other Entities"

  • by vmception on 6/8/21, 3:25 PM

    > STAY AWAY FROM ANOM IF YOU VALUE YOUR PRIVACY & SAFEY, THEY ARE COMPROMISED, LIARS AND YOUR DATA IS RUNNING VIA USA – Passed onto LAW ENFORCEMENT and other Entities

  • by captainmuon on 6/8/21, 12:00 PM

    Maybe it is not normal, but when I read about these gangsterphones I think, hmm I want to make my own (legit) secure phone :-)

    It seems they use off-the-shelf phones and put a custom ROM on them. Can anybody recommend a state of the art phone that has good custom ROM support (close to mainline Linux if possible; custom images have full hardware support)?

    I imagine to use it for "citizen journalism", i.e. safely taking pictures and posting them anonymously to social media. For that reason the PinePhone would be out - it doesn't have a very good camera and doesn't run social media apps.

  • by thieving_magpie on 6/8/21, 2:03 PM

    I've never considered JIRA would be used by the FBI or intelligence agencies. The user stories would be fun to read.

    I wonder why this blog was deleted by the author. Get a phone call from the FBI?

  • by yawaworht1978 on 6/8/21, 1:21 PM

    Wow, is this really all true? How could he find out the hosting was on AWS? How did none of the criminals get to see this blog? Did the police intervene and had him remove the blog?

  • by jeltz on 6/8/21, 11:47 AM

    Is there any reason to believe that CIPHR is not just yet another police honeypot? This could just be two police agencies shitting on each other's honeypots.

  • by na85 on 6/8/21, 3:26 PM

    >This is an ENTERPRISE MILITARY GRADE Encrypted setup.

    I'll take "Signs someone doesn't know what they are talking about for 200, Alex"

  • by Yeri on 6/8/21, 10:54 AM

    Guess this person was right :)

  • by nix23 on 6/8/21, 11:21 AM

    >Stock Android Operating system with special Enterprise level Encryption

    OHOOO Enterprise level encryption...FIPS :)

    Stay away from both.

  • by tomcooks on 6/8/21, 1:14 PM

    > "in ROMANIA which is a third world country"

    Classic.

    No matter how powerful the infrastructure or skilled the local personnel, some countries are doomed to be put always in the same bucket by certain people from certain other countries.

  • by hkyigkfnrj on 6/8/21, 1:23 PM

    4D chess theory:

    This analysis was written by law enforcement in advance of the takedown to promote the next backdoored app.

  • by layoutIfNeeded on 6/8/21, 12:35 PM

    "Encrypted Military Grade Encryption" - LOL