Secure Communication, Buried In A News App

March 9, 2026 by Lewin Day 24 Comments

Cryptography is a funny thing. Supposedly, if you do the right kind of maths to a message, you can send it off to somebody else, and as long as they’re the only one that knows a secret little thing, nobody else will be able to read it. We have all sorts of apps for this, too, that are specifically built for privately messaging other people.

Only… sometimes just having such an app is enough to get you in trouble. Even just the garbled message itself could be proof against you, even if your adversary can’t read it. Enter The Guardian. The UK-based media outlet has deployed a rather creative and secure way of accepting private tips and information, one which seeks to provide heavy cover for those writing in with the hottest scoops.

Continue reading “Secure Communication, Buried In A News App” →

Remotely Unlocking An Encrypted Hard Disk

March 6, 2026 by Al Williams 22 Comments

Can you remotely unlock an encrypted hard disk? [Jyn] needed to unlock their home server after it rebooted even if they weren’t home. Normally, they used Tailscale to remote in, but you can’t use tailscale to connect to the machine before the hard drive decrypts, right? Well, you can, sort of, and [Jyn] explains how.

The entertaining post points out something you probably knew, but never thought much about. When your Linux box boots, it starts a very tiny compressed Linux in RAM. On [Jyn’s] machine using Arch, this is the initramfs.

That’s not news, but because it is an actual limited Linux system (including systemd), you can add tools to it. In this case, adding dropbear (an ssh server) and Tailscale to the limited boot-time Linux.

Continue reading “Remotely Unlocking An Encrypted Hard Disk” →

ChatControl Gets Coup-De-Grace

November 1, 2025 by Jenny List 37 Comments

Possibly the biggest privacy story of the year for Europeans and, by extension the rest of the world, has been ChatControl. Chatcontrol is a European Union proposal backed by Denmark for a mandatory backdoor in all online communications. As always with these things, it was touted as a think-of-the-children solution to online child abuse material, but as many opposed to it have warned, that concealed far more sinister possibilities. For now, it seems we can breathe easily as the Danes are reported to have formally backed away from the proposal after it was roundly condemned by the German government, sending it firmly into the political wilderness.

Hackaday readers are likely vastly more informed on this matter than many of the general public, so you’ll have no need for a primer on the obvious privacy and security concerns of such a move. From our point of view, it also suffered from the obvious flaw of being very unlikely to succeed in its stated aim. Even the most blinkered politician should understand that criminals would simply move their traffic to newly-illegal encrypted forms of communication without government backdoors. Perhaps it speaks volumes that it was the Germans who sounded its death-knell, given that state surveillance on that level is very much within living memory for many of them.

The mood in European hackerspaces has been gloomy of late on the subject, so it’s something of a cause for celebration on the continent. If only other governments on the same side of the Atlantic could understand that intrusive measures in the name of thinking of the children don’t work.

European flags: Šarūnas Burdulis, CC BY-SA 2.0 .

Satellite Snooping Reveals Sensitive Unencrypted Data

October 27, 2025 by Maya Posch 25 Comments

In an era where running a website without HTTPS is shunned, and everyone wants you to encrypt your DNS queries, you’d expect that the telecommunications back-ends are secured tightly as well. Especially the wireless bits between terra firma and geosynchronous communication satellites.

But as recently discovered by US researchers, the opposite is actually true. The paper by [Wenyi Morty Zhang] et al. (PDF) goes into great detail on how they discovered these unencrypted IP traffic flows and what they found in these captures.

With an off-the-shelf consumer satellite dish mounted to the roof of a university building in San Diego, they performed a scan of IP traffic on 39 geosynchronous satellites. To their surprise, they found unencrypted data that belonged to companies like T-Mobile for their cellular backhaul, Internet traffic targeting airliners, and VoIP communication — all in the clear.

Even more worrying was what looked like military traffic and corporate VPN data containing unencrypted login details, corporate emails and much more. While T-Mobile immediately enabled encryption after this discovery, it remains to be seen whether anyone else will. It’s probably best to assume that any communication can be intercepted and to use e.g. PGP-encrypted emails for anything sensitive.

The researchers have made the IP encapsulation parser (in Python) for DVB-S2(X) captures available for anyone who wants to give this experiment a whirl themselves.

Chasing A Raspberry Pi Bottleneck

June 30, 2025 by Jenny List 9 Comments

The Raspberry Pi has been used for many things over its lifetime, and we’re guessing that many of you will have one in perhaps its most common configuration, as a small server. [Thibault] has a Pi 4 in this role, and it’s used to back up the data from his VPS in a data centre. The Pi 4 may be small and relatively affordable, but it’s no slouch in computing terms, so he was extremely surprised to see it showing a transfer speed in bytes per second rather than kilobytes or megabytes. What was up? He set out to find the bottleneck.

We’re treated to a methodical step-through of all the constituent parts of the infrastructure between the data centre and the disk, and all of them show the speeds expected. Eventually, the focus shifts to the encryption he’s using, both on the USB disk connected to the Pi and within the backup program he’s using. As it turns out, while the Pi is good at many things, encryption is not its strong point. Some work with htop shows the cores maxed out as it tries to work with encrypted data, and he’s found the bottleneck.

To show just how useful a Pi server can be without the encryption, we’re using an early model to crunch a massive language corpus.

Header image: macrophile, CC BY 2.0.

As The World Burns, At Least You’ll Have Secure Messaging

May 20, 2025 by Jenny List 45 Comments

There’s a section of our community who concern themselves with the technological aspects of preparing for an uncertain future, and for them a significant proportion of effort goes in to communication. This has always included amateur radio, but in more recent years it has been extended to LoRa. To that end, [Bertrand Selva] has created a LoRa communicator, one which uses a Pi Pico, and delivers secure messaging.

The hardware is a rather-nice looking 3D printed case with a color screen and a USB A port for a keyboard, but perhaps the way it works is more interesting. It takes a one-time pad approach to encryption, using a key the same length as the message. This means that an intercepted message is in effect undecryptable without the key, but we are curious about the keys themselves.

They’re a generated list of keys stored on an SD card with a copy present in each terminal on a particular net of devices, and each key is time-specific to a GPS derived time. Old keys are destroyed, but we’re interested in how the keys are generated as well as how such a system could be made to survive the loss of one of those SD cards. We’re guessing that just as when a Cold War spy had his one-time pad captured, that would mean game over for the security.

So if Meshtastic isn’t quite the thing for you then it’s possible that this could be an alternative. As an aside we’re interested to note that it’s using a 433 MHz LoRa module, revealing the different frequency preferences that exist between enthusiasts in different countries.

Continue reading “As The World Burns, At Least You’ll Have Secure Messaging” →

Radio Repeaters In The Sky

April 30, 2025 by Bryan Cockfield 10 Comments

One of the first things that an amateur radio operator is likely to do once receiving their license is grab a dual-band handheld and try to make contacts with a local repeater. After the initial contacts, though, many hams move on to more technically challenging aspects of the hobby. One of those being activating space-based repeaters instead of their terrestrial counterparts. [saveitforparts] takes a look at some more esoteric uses of these radio systems in his latest video.

There are plenty of satellite repeaters flying around the world that are actually legal for hams to use, with most being in low-Earth orbit and making quick passes at predictable times. But there are others, generally operated by the world’s militaries, that are in higher geostationary orbits which allows them to serve a specific area continually. With a specialized three-dimensional Yagi-Uda antenna on loan, [saveitforparts] listens in on some of these signals. Some of it is presumably encrypted military activity, but there’s also some pirate radio and state propaganda stations.

There are a few other types of radio repeaters operating out in space as well, and not all of them are in geostationary orbit. Turning the antenna to the north, [saveitforparts] finds a few Russian satellites in an orbit specifically designed to provide polar regions with a similar radio service. These sometimes will overlap with terrestrial radio like TV or air traffic control and happily repeat them at brief intervals.

[saveitforparts] has plenty of videos looking at other satellite communications, including grabbing images from Russian weather satellites, using leftover junk to grab weather data from geostationary orbit, and accessing the Internet via satellite with 80s-era technology.

Continue reading “Radio Repeaters In The Sky” →