ChatControl Gets Coup-De-Grace

November 1, 2025 by Jenny List 37 Comments

Possibly the biggest privacy story of the year for Europeans and, by extension the rest of the world, has been ChatControl. Chatcontrol is a European Union proposal backed by Denmark for a mandatory backdoor in all online communications. As always with these things, it was touted as a think-of-the-children solution to online child abuse material, but as many opposed to it have warned, that concealed far more sinister possibilities. For now, it seems we can breathe easily as the Danes are reported to have formally backed away from the proposal after it was roundly condemned by the German government, sending it firmly into the political wilderness.

Hackaday readers are likely vastly more informed on this matter than many of the general public, so you’ll have no need for a primer on the obvious privacy and security concerns of such a move. From our point of view, it also suffered from the obvious flaw of being very unlikely to succeed in its stated aim. Even the most blinkered politician should understand that criminals would simply move their traffic to newly-illegal encrypted forms of communication without government backdoors. Perhaps it speaks volumes that it was the Germans who sounded its death-knell, given that state surveillance on that level is very much within living memory for many of them.

The mood in European hackerspaces has been gloomy of late on the subject, so it’s something of a cause for celebration on the continent. If only other governments on the same side of the Atlantic could understand that intrusive measures in the name of thinking of the children don’t work.

European flags: Šarūnas Burdulis, CC BY-SA 2.0 .

Satellite Snooping Reveals Sensitive Unencrypted Data

October 27, 2025 by Maya Posch 25 Comments

In an era where running a website without HTTPS is shunned, and everyone wants you to encrypt your DNS queries, you’d expect that the telecommunications back-ends are secured tightly as well. Especially the wireless bits between terra firma and geosynchronous communication satellites.

But as recently discovered by US researchers, the opposite is actually true. The paper by [Wenyi Morty Zhang] et al. (PDF) goes into great detail on how they discovered these unencrypted IP traffic flows and what they found in these captures.

With an off-the-shelf consumer satellite dish mounted to the roof of a university building in San Diego, they performed a scan of IP traffic on 39 geosynchronous satellites. To their surprise, they found unencrypted data that belonged to companies like T-Mobile for their cellular backhaul, Internet traffic targeting airliners, and VoIP communication — all in the clear.

Even more worrying was what looked like military traffic and corporate VPN data containing unencrypted login details, corporate emails and much more. While T-Mobile immediately enabled encryption after this discovery, it remains to be seen whether anyone else will. It’s probably best to assume that any communication can be intercepted and to use e.g. PGP-encrypted emails for anything sensitive.

The researchers have made the IP encapsulation parser (in Python) for DVB-S2(X) captures available for anyone who wants to give this experiment a whirl themselves.

Chasing A Raspberry Pi Bottleneck

June 30, 2025 by Jenny List 9 Comments

The Raspberry Pi has been used for many things over its lifetime, and we’re guessing that many of you will have one in perhaps its most common configuration, as a small server. [Thibault] has a Pi 4 in this role, and it’s used to back up the data from his VPS in a data centre. The Pi 4 may be small and relatively affordable, but it’s no slouch in computing terms, so he was extremely surprised to see it showing a transfer speed in bytes per second rather than kilobytes or megabytes. What was up? He set out to find the bottleneck.

We’re treated to a methodical step-through of all the constituent parts of the infrastructure between the data centre and the disk, and all of them show the speeds expected. Eventually, the focus shifts to the encryption he’s using, both on the USB disk connected to the Pi and within the backup program he’s using. As it turns out, while the Pi is good at many things, encryption is not its strong point. Some work with htop shows the cores maxed out as it tries to work with encrypted data, and he’s found the bottleneck.

To show just how useful a Pi server can be without the encryption, we’re using an early model to crunch a massive language corpus.

Header image: macrophile, CC BY 2.0.

As The World Burns, At Least You’ll Have Secure Messaging

May 20, 2025 by Jenny List 45 Comments

There’s a section of our community who concern themselves with the technological aspects of preparing for an uncertain future, and for them a significant proportion of effort goes in to communication. This has always included amateur radio, but in more recent years it has been extended to LoRa. To that end, [Bertrand Selva] has created a LoRa communicator, one which uses a Pi Pico, and delivers secure messaging.

The hardware is a rather-nice looking 3D printed case with a color screen and a USB A port for a keyboard, but perhaps the way it works is more interesting. It takes a one-time pad approach to encryption, using a key the same length as the message. This means that an intercepted message is in effect undecryptable without the key, but we are curious about the keys themselves.