Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: https://text.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases
Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it’s important.
https://xcancel.com/hannahcrileyy/status/2034273723667161480#m
A reminder that your phone number is metadata. And people who think metadata is “just” data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.
By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand.
So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that it operates using a centralized server located in the US should worry people far more than it seems to.
The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal’s intentions are pure, we’d never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.
In theory warrant canaries could have been used, but Marlinspike has an excuse for everything.
yeah that makes the whole thing even more sketch, I love how he never replies to the EFF link too
We’re supposed to take privacy advice from someone posting on X?
Surprised that they didn’t link straight to Telegram.
- How does it feel to be on my nuts? 2. I get Telegram channels through RSS and let you work out the rest. I will if I want to.
Were you to be so lucky.
Lol this looks like the regular X app to you does it?
The domain of the person’s handle is literally “x.com”
More anti-signal propaganda? Who is claiming it can’t be associated to a user. The messages are private, not anonymous.
It does use deniable encryption, but that stops working as a defense the second they take your phone and copy all logs from your device.
And large group chats relies on how well you can vet participants more than it relies on encryption itself, and if they’re too large they may as well not be encrypted.
That’s what Molly is for, right?
And graphene
I really don’t get the big “use signal” push at this point in time because even if it’s private and the encryption is solid, it’s a fucking American company. It’s so easy for letter agencies to get information on their users from them, don’t you realize that they can’t refuse to give out your number if they ask for it and that once they have that your identity and location are immediately and thoroughly compromised? If you are subject to US jurisdiction and could be seen in any way as opposing its government, I really don’t think you should be using it.
All giving out your number provides is that you have ever used Signal.
They’re saying ever using a private chat service is terrorism. That’s not really on Signal.
All your phone number provides is that you have ever used signal? Not what tower you’re connected to and therefore approximate realtime location? Your full identity via your telco? Social graph and history of your calls and texts?
I’m not saying it’s their fault or that they are volunteering any information, but that’s how it is for any US-based corporation (doesn’t matter if it’s a nonprofit, any legal entity that can be subpoenaed)
The government already has access to every phone number in existence. They can already track every phone to figure out who attended a protest or whatever. Filtering down to “all phone numbers who’ve ever connected to Signal” doesn’t exactly narrow anything down. They don’t have any metadata about who you were chatting with.
The government already has access to every phone number in existence
They used to publish them in big books, even
deleted by creator
This is fundamentally not how Signal works, but you are generally correct in that a phone number has been shown to provide a lot of context for a person (or a device, at least). But Signal (the app) only uses a phone number for initial verification of an account. You have a lot of options to break that association with you - use a landline and get a call verification code, use a VoIP number (assuming you trust the provider), use a burner SIM, etc.
Once you have an account, you can choose to identify yourself on the network solely via username so the registration number is not presented to other users. The Signal protocol itself is well-audited and generally secure.
If your issue is with Signal the American company, use an open source fork like Molly with your own UnifiedPush instance. Then you’re only trusting them with transport of your encrypted messages, which again have shown to be secure at least in public audits.
it all does not matter when most people register with their primary phone number that is already tied to their name
I still don’t get it. What is bad about signing up with your phone number? All readable Info that governments can force out of Signal is. “Yep this guy uses Signal, signed up last year” so nothing is lost (except if they use that as a sign you are a terrorist, but then they just wanted to monitor you anyway in the first place)
except if they use that as a sign you are a terrorist, but then they just wanted to monitor you anyway in the first place
exactly. what is the question?
also its not “monitor me” and “monitor you”, but “monitor whoever is using the service” more closely, and as it seems, retaliate against them.
The question is: What privacy do I loose by signing up to Signal with a phone number instead of hypothetically a username.
If you are being monitored, they know your phone number. With that they know you are using Signal, but nothing more. Messaging through Signal is safe.
If you are not being monitored, nobody knows you are using Signal. Messaging through Signal is safe
I was putting my kid on Signal to join the family chat, he didn’t have service, so we just used wifi. I don’t know for sure that this hasn’t changed, but when I tried, they refused a google voice account and also refused an sms api acct. I dug into it some more and it appears you have to install it on a phone with cellular service, it needs to read your phone’s ID.
I tried deactivating my phone, activating his acct on my phone with Google Voip, then moving it to his tablet. It would work for about a week then stop.
I dug through a bunch of reddit and group threads on it, you simply could not activate it without a real SMS and a cellular link with all the ID’s.
We eventually got him an apple watch with service, and it allowed that SMS in concert with my phone. Then I installed on his tablet and put my phone back to me. Once in a blue moon, it’ll make him reverify with SMS from the watch, but it works and doesn’t require my phone with service anymore.
It might just be something about google’s voip which a lot places refuse, but it also refused twillio.
If the only data surfacable from Signal is the phone number, not the crypto conversation, they didn’t source you on signal and get your number, they got your number through other means and used it to prove you use signal.
They can’t see the conversation to contents to supoena the number to id.
Because its one of the only popular secure methods of communication thats app based.
deleted by creator
We know it’s an op, RFA does damage control for signal:
Libby Liu, president of Radio Free Asia stated:
Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s critical] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.
Because the other options most people are aware of are by and large even worse? Would you prefer people were sending this shit over Facebook messenger?
Privacy is proof of terrorism. The state, and it’s corporate allies, need to have access to your innermost thoughts, the things about you even you don’t know, for national security reasons. This is totally normal and not something to resist. Vote republican.
worn black to a protest
used Signal
carried a first aid kit
lol
The laws are made up and we’ve always been fucked. We always knew that
every goth tech nurse is a terrorist
Consider prison an organizing opportunity
Non whites know they make up shit all the time to put people in prison, nothing new here for the shit hole country
What evidence do you have that Signal collects anything? Traffic logs from the app or something?
Signal doesn’t need to, you need to trust the whole chain. You’ll need to trust AWS, you need to trust Intel SGX, etc
At that point you can rely on nothing but Tor or I2P
Nothing else hides metadata better than Signal, without involving large networks of independent nodes that participate in Sybil resistant routing. The only thing that gets close is threshold schemes where you still need multiple independent entities running servers.
It uses a phone number.
Phone numbers havent been required for at least like a year or so
Hm now I wonder what to do about that, as they have had my number for a while now.
That isn’t true. You still need a phone number to sign up.
Do they let you sign up purely with username and password? Or do they make you use insecure email?
You can check if a number is registered with Signal just by having Signal and starting a chat with that number
Even if the number is set as hidden in settings?
No, idk wth they’re talking abt
They changed that. You can make yourself undiscoverable by just the number now
This is as shady as Telegram to me tbqh
The Prairieland case was an important case for the capitalist state of US Imperialism. It was a litmus test, a threat, to all people who dare criticize and challenge its rule within the belly of the beast. Just like the Iran war, which is about control over the region, and beating back any neo-colonial governments who don’t fall in line with the wishes of US Imperialism….this is the US government waging similar class war at home.
deleted by creator
Jitsi requires authentication from big tech companies now, or at least person hosting call.
deleted by creator
Love simplex, also good if you have children and they have a tablet but not a phone
Removed by mod
They will come for all colors one by one until disliking the government is illegal.
The places tyrants can’t see into is where the threats come from.
Some people are very protective of Signal.
- Reason: Disinformation
- Reason: privacy rule #3: “Try to keep things on topic”
- Reason: Misinfo, alarmism
- Reason: This is harmful disinformation
Oh well if Dessalines says so it must be true
deleted by creator
The essay being linked to was posted (authored?) by dessalines from lemmy.ml
You may have missed the sarcasm.
Everyone should just wear all blue or some other colour
