(citizenlab.ca)

157 points lladnar | 1 comments | 16 Oct 24 20:06 UTC | HN request time: 0.21s | source

Show context

dtquad ◴[16 Oct 24 20:54 UTC] No.41863765[source]▶

The Chinese government has direct access to the WeChat backend so it's unlikely that these weaknesses were government mandated. Probably just the result of overworked 996 developers:

>The name 996.ICU refers to "Work by '996', sick in ICU", an ironic saying among Chinese developers, which means that by following the "996" work schedule, you are risking yourself getting into the ICU (Intensive Care Unit)

https://github.com/996icu/996.ICU

replies(8): >>41863871 #>>41863929 #>>41866186 #>>41866291 #>>41867063 #>>41867793 #>>41869162 #>>41869396 #

daghamm ◴[16 Oct 24 21:16 UTC] No.41863929[source]▶

>>41863765 #

WeChat is basically one of the tools the communist party uses to control the population. If something is on there it is most likely by design.

Off topic (or is it?): While back a western journalist in China reported that her wechat account was banned 10 minutes after changing her password to "fuckCCP"...

replies(5): >>41863953 #>>41864287 #>>41865365 #>>41865635 #>>41866132 #

1. lucw ◴[17 Oct 24 03:21 UTC] No.41866132[source]▶

>>41863929 #

The server-side store a full plain text archive with government access is by design. the weak encryption is NOT by design. It's due to incompetent programmers.

↑

Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol