this post was submitted on 30 Jun 2025
348 points (99.4% liked)

Technology

72285 readers
2563 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] captain_aggravated@sh.itjust.works 1 points 1 day ago (1 children)

There's a difference between encryption and encoding, and that difference is intent.

Encoding is the process of imparting a digital message onto the radio carrier. A simple example is Morse code; transmitted by keying a continuous wave on and off in pre-determined patterns of long and short pulses with long and short gaps between. Frequency shift keying and bodot code are the encoding scheme behind RTTY, etc. Hams are permitted to experiment with novel encoding schemes, and have invented a few, PSK31 comes to mind, a phase shift keying standard designed to use commonly available PC sound cards as a modem.

Encryption is the process of obscuring the message for all but the intended recipient. There is one specific case the law calls out when this is permissible in Amateur radio service, and that's control signals of Amateur radio satellites. A novel encoding scheme, like making up your own alphabet instead of the standard Morse one, or ciphers of any kind that are intended to make the message secret, is illegal.

It's not uncommon to hear encrypted communiques on the ham bands; I've picked them up myself. You want a fun rabbit hole to fall down, look up numbers stations. Some serious cold war james bond bullshit.

I don't believe it is legal to send a PGP encrypted message over the air (on ham radio, go ahead and send it over Wi-Fi, you can encrypt the shit out of that) even if you've posted your private key on your website. What would even be the point of that? tilts head It might be legal to send a PGP signed message over ham radio; if I understand correctly that's basically a checksum that can guarantee the sender's possession of a private key.

[–] MangoCats@feddit.it 1 points 1 day ago (1 children)

difference is intent.

And intent is functionally impossible to prove, but endlessly arguable and a judge can make a finding based on their judgement - something very different from proof.

send a PGP signed message over ham radio; if I understand correctly that’s basically a checksum that can guarantee the sender’s possession of a private key.

Correct.

[–] captain_aggravated@sh.itjust.works 1 points 1 day ago (1 children)

Oh the legal system is pretty good at deciding intent, I mean what's the difference between manslaughter and murder?

Thing is, it's not like there's radio police that are going to pull you over for encrypting. Other hams might turn you in if you're being annoying. If you send an encrypted email over Hamlink once, or say something like "Beefy Burrito this is Enchilada, the tamales are in the basket" on 33cm once, probably nobody's gonna notice.

There's only ~3.7MHz worth of bandwith on the HF bands, another 4MHz on 6m. There's a lot of attention on the bands that propagate. If you want to secretly communicate with people, use Reddit, or the Fediverse.

You know r/kitty? One of a trillion cat subreddits that had a gimmick that the only written word allowed was "kitty." All post titles and comments had to consist only of "Kitty." Arrange with the leaders of the other terrorist cells you're working for that if u/chudmuffin posts a picture of an orange cat, we attack at dawn, and if he posts a picture of a grey cat, lay low they're onto us.

Encryption is legal and standard on the internet, where there's many orders of magnitude more traffic than on the ham bands. I can't send an encrypted email over Hamlink with a license, but I can host a Tor site without one.

[–] MangoCats@feddit.it 1 points 14 hours ago (1 children)

Oh the legal system is pretty good at deciding intent

I wouldn't say it's good at determining actual intent, just good at deciding what intent is going to be assigned by the system.

If you send an encrypted email over Hamlink once, or say something like “Beefy Burrito this is Enchilada, the tamales are in the basket” on 33cm once, probably nobody’s gonna notice.

I've always wondered how much steganography is in practice - if it's being practiced well, nobody knows. Setup a HAM station that snaps a photo at sunset and a couple of other random times per day. Transmit the photo in a standard, open digital mode, but hide your message in the noisy lower bits of the 3 color channels 0-255 R G and B, you can easily modify 6 bits per pixel without visually distorting the image, drop that to 1 bit per pixel and nobody who doesn't know your scheme could ever find it. To the local hams, it's three chirps a day, with a reliable pretty picture of the sunset and a couple of more varied times. As a utility channel, that's three opportunities per day to secretly communicate something to a listener that nobody can identify. If the picture is just 2MP, that's 250kBytes of bandwidth per image.

If you want to secretly communicate with people, use Reddit, or the Fediverse.

Absolutely, though the "listeners" there are more readily identified, even via Tor.

[–] captain_aggravated@sh.itjust.works 1 points 8 hours ago (1 children)

Well on some popular image board like one of the hundreds of cat subs on Reddit, how do you identify a "listener" who is looking for a particular user to upload a picture of an orange cat? Thousands of people will view that post perfectly innocently.

[–] MangoCats@feddit.it 1 points 5 hours ago (1 children)

The point is: IP addresses that download the content are traceable (and spoofable, but that leaves trails too...) Yeah, you might be one of thousands, but every day you log in you increase your odds of being spotted.

Listening to longwave radio? Yeah, basically anybody anywhere on the planet with a receiver. Even local broadcasts it is nigh impossible to know who is listening where within the broadcast radius and the average person walks around with several radio receivers on them all the time now.

So...let's actually set up a pretend scenario here. Pretend. We are pretend red teaming here; any resemblance to actual terrorist plots living or dead is purely coincidental.

Let's pretend our terrorist cell is going to spit up, travel to 10 places around the United States, and we're going to do a coordinated strike on 10 government buildings. Probably the smartest thing to do is just...do it at a planned time and not communicate after we split up. But for some convoluted Ocean's Umpteen reason we need to communicate and coordinate. I see 3 possible scenarios here:

  1. Leader just needs to say GO to the rest of the team, expecting no reply. So one, very brief, one-way communique.
  2. Leader needs to send several detailed instructions over a long period of time, expecting no reply. Repeated, large, one-way communiques.
  3. The team is going to gather some intelligence and report back, and based on all their observations the leader will say go. Full on two-way communication.

In all three cases, the internet is the better tool for this.

You are correct in that it is difficult or impossible to remotely detect radio receivers, no matter what the BBC tells you. There's no machinery making a log of who accesses what over analog radio. But the realities of radio equipment and propagation are going to eat into that advantage somewhat.

If we're talking truly coast-to-coast, you're going to need HF. MF/longwave won't reach far enough, you need skywave propagation, and you get that on HF...mostly at night mostly during favorable sunspot activity.

I bet you're imagining most of the team using one of those handheld commodity shortwave receivers that does AM/FM and shortwave, about the size of a pencil case with one of those telescoping whip antennas. That might do for 1 and 2, people hear hams on those sometimes.

The bosses transmitter would need to be a reasonably serious bit of kit. At the very least something like an Icom 706 mobile HF rig plus power supply and at least a two element yagi for 20 or 40m. This is an antenna that's 30 to 60 feet wide. Hams do routinely make do with less, but when you're talking to someone with those crappy little antennas, probably inside a building, I'd want to focus my beam at least a bit. A wire in a tree ain't gonna do.

Oh, and, let's say Boss is in Washington DC. It's possible he can make himself heard in Los Angeles but not Wichita, because the "optics" of the ionosphere doesn't bounce his signal down to the ground in the middle of the continent.

One communique of "Baker this is Oven: Preheat complete, insert the bread. Repeat: Insert the bread." might not be noticed. Or some ham somewhere will hear it and go "What the hell, who's horsing around?" If you don't transmit again, you're probably not going to be direction found. But that big radio tower you've got is a weird thing to have.

If you need to make routine transmissions, well now you're going to have to try some steganography crap. They did recently relax the baud restrictions on HF, but you're still talking about 2.8kHz of analog bandwidth that MIGHT get through. It's gonna look really weird if you're repeatedly sending digital pictures to...no one in particular on a regular basis. Now, to blend in, you'll need some genuine callsigns, because the FCC amateur radio license database is a matter of public record. You use a bogus callsign and you'll be found out. If you're transmitting a lot, people will find you, possibly out of curiosity.

Especially if you're talking about everyone in the terrorist cell communicating, well now EVERYONE has to have an amateur radio license from the government, and fairly large, fairly conspicuous radio hardware. There have been spies caught with shortwave radio equipment, and said equipment was used as evidence against them. Entering the US with a smart phone and laptop is utterly normal, entering the US with a shortwave radio is weird.

OR

Get accounts on Reddit, and post cat memes. Compared to sitting around listening to static on an HF set, that looks way more normal these days. Yes, there probably is a log of what IP addresses sent and received what, but it's really easy to make two-way secret communications look like perfectly legitimate traffic. The equipment required doesn't draw as much attention. Keep the steganography subtle or a matter of "which picture I post" and not doctor them at all, well now it's 100% indistinguishable from people having casual fun. Some guy posts a picture of an orange cat, it gets 30,000 views 975 likes and 75 comments, and ten IRS buildings explode. Do you think the authorities make the connection to the cat meme in the first place?