| ▲ | kodyo 14 hours ago | |||||||
CISA recommended Signal for encrypted end-to-end communications for "highly targeted individuals." https://www.cisa.gov/sites/default/files/2024-12/guidance-mo... | ||||||||
| ▲ | Cornbilly 12 hours ago | parent | next [-] | |||||||
The best part is that, in trying to comply with this guidance, the government chose Telemessage to provide the message archiving required by the Federal Records Act. The only problem is that Telemessage was wildly insecure and was transmitting/storing message archives without any encryption. | ||||||||
| ▲ | paulryanrogers 12 hours ago | parent | prev | next [-] | |||||||
Recommendations to the private sector don't condone violating security and retention laws for people working in the public sector. | ||||||||
| ||||||||
| ▲ | Scrounger 6 hours ago | parent | prev | next [-] | |||||||
I don't think I agree with the following from this guide: > Do not use a personal virtual private network (VPN). Personal VPNs simply shift residual risks from your internet service provider (ISP) to the VPN provider, often increasing the attack surface. Many free and commercial VPN providers have questionable security and privacy policies. However, if your organization requires a VPN client to access its data, that is a different use case. | ||||||||
| ||||||||
| ▲ | thomasrognon 12 hours ago | parent | prev [-] | |||||||
Come on, man. We're talking about classified information, not general OPSEC advice. I worked in a SCIF. Literally every piece of equipment, down to each ethernet cable, has a sticker with its authorized classification level. This system exists for a reason, like making it impossible to accidently leak information to an uncleared contact in your personal phone. What Hegseth did (and is doing?) is illegal. It doesn't even matter what app is used. | ||||||||