(citizenlab.ca)

157 points lladnar | 1 comments | 16 Oct 24 20:06 UTC | HN request time: 0s | source

Show context

dtquad ◴[16 Oct 24 20:54 UTC] No.41863765[source]▶

The Chinese government has direct access to the WeChat backend so it's unlikely that these weaknesses were government mandated. Probably just the result of overworked 996 developers:

>The name 996.ICU refers to "Work by '996', sick in ICU", an ironic saying among Chinese developers, which means that by following the "996" work schedule, you are risking yourself getting into the ICU (Intensive Care Unit)

https://github.com/996icu/996.ICU

replies(8): >>41863871 #>>41863929 #>>41866186 #>>41866291 #>>41867063 #>>41867793 #>>41869162 #>>41869396 #

chvid ◴[17 Oct 24 06:52 UTC] No.41867063[source]▶

>>41863765 #

Yes. The Chinese government likely have "front door" access rather than having to rely on capturing network traffic and exploit some hidden weakness in a protocol.

But why are Chinese companies making their own security protocol / libraries rather adopting "cryptographic best practices"? Do they actually think that common crypto libraries are flawed? Or is this a part of China's deep tech / self-sufficient efforts?

replies(3): >>41867621 #>>41869526 #>>41874721 #

1. randomNumber7 ◴[17 Oct 24 08:45 UTC] No.41867621[source]▶

>>41867063 #

Probably they think more control is still better.

↑

Should We Chat, Too? Security Analysis of WeChat's Mmtls Encryption Protocol