Some are quick to promote apps as being safe for your use just because they are encrypted. I will talk about how many of the popular apps that are commonly t...
I think an important difference is that we are comparing companies that definitely sell your metadata to companies that could sell your meta data but where there is no known case (to me) that they actually do, e.g Signal. So it comes down to trust.
Note that while this is about Telegram, this problem of reverse phone-number lookup also exists AFAIK with Signal.
Where is the source for Signal?
Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source
That’s not enough to know which of the Signal accounts actually belongs to a demografic any more specific than “it uses Signal”. It’s definitely much less significant than all the datamining you can do in Facebook/Whatsapp and Telegram.
The only reason it has any significance is because not a lot of people use Signal, same as how using Matrix, XMPP or any form of non-standard communication puts you in a non-mainstream demografic.
With a big enough “it uses Signal” democrafic , you wouldn’t even be able to benefit much from knowing a number is in Signal… if every phone had a Signal account that metadata would be virtually useless.
Sure, it’s a leak, but it’s one leak that also exists in Whatsapp and Telegram, along with many others leaks that those other messengers have and Signal doesn’t.
I’m definitely not a fan of Signal (or Moxie’s views) myself, but I would definitely much rather people use it instead of having billions of them continue in Whatsapp or Telegram. The whole point being made is that there’s a big difference between using Signal and using those, we aren’t implying that any particular form of communication is perfect. None are. It’s just some are better than others.
You are missing the point. If you have a big list of suspect phone-numbers you can put them into Signal and it will show all that have their phone numbers registered with Signal.
Yes. That’s exactly what you get. A list of Signal users.
That is a metadata leak and quite a significant one.
Why is a user list in itself “a significant metadata leak”.
You would need other information for that, like groups, contacts, online times or anything else. But you don’t get that, so I can only repeat my question: what is the problem with it?
You (as aggressor) scan all your known mobile numbers agains let’s say Signal and discover that some numbers use Signal. That I understand. But now what? Unless you are the company Signal you would not have access to further data, or ?
Sure you can easily get further data by for example asking the phone companies for cell-tower log-in location and times. This you can then narrow down against your list of Signal using suspects and either remotely infect their phones with a trojan or simply snatch up the hardware at a “random” police check and access the already decrypted messages with identifiable phone-numbers of all the group-members.
What the fuck? Sure, you could also just being tortured till you tell them everything you know, but fking tracing over cell companies is not a security flaw in an app.
They could also just as well decrypt your self hosted emails that are cached on your device.
What does having Signal installed has to do with tracking down and installing a Trojan?
I don’t think that they will track only track you down for using Signal, and if they are they still will install a Trojan even without Signal installed on your phone.
When it comes to states spying you then there is no safety. The state can always just send someone over to put a gun on your head (or the legal equivalent) and voila, you yourself give them your data.
And I understand that states are very different in their (perceived) legal integrity, but if I should guess ( no evidence) then all the encryption and safety development benefit criminals most. Also some journalists and dissidents but mostly criminals to do their criminal business and in the whole, if you have the fortune to live in a state that can be mostly trusted I prefer that Police has some lever identity this kind communication. Not in-similar to when Police is allowed to tap your phone (after a judge signed off). Not many people where concerned about that.
So so in the end I feel the bigger threat are private companies who sell all your data for the highest bidder regards of the bidders intention. And provided you trust Signal, ProtonMail and Tutanota then they definitely reduce the risk there (imho).
Even with a gun to your head you can still make the choice to say “no”. This is always the case - you always have the choice to refuse, you just have to be prepared to live with the consequences.
I needed to be police vetted for a job and they wanted to know lots of stuff about me, including who I’d slept with in the last five years (becaue, allegedly, this information could be used to blackmail so… Well so why would I tell the rozzers, exactly…? Anyway, getting off my point). I refused to tell them because the people I’d slept with hadn’t given their consent. I was refused the job *shrug
deleted by creator
deleted by creator
deleted by creator
The only time he mentions email in the vid is to say that its not secure and you shouldn’t use it. Email was definitely not the focus of the vid.
deleted by creator
deleted by creator
deleted by creator
I think an important difference is that we are comparing companies that definitely sell your metadata to companies that could sell your meta data but where there is no known case (to me) that they actually do, e.g Signal. So it comes down to trust.
deleted by creator
deleted by creator
deleted by creator
Where is the source for Signal? Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source
deleted by creator
That’s not enough to know which of the Signal accounts actually belongs to a demografic any more specific than “it uses Signal”. It’s definitely much less significant than all the datamining you can do in Facebook/Whatsapp and Telegram.
The only reason it has any significance is because not a lot of people use Signal, same as how using Matrix, XMPP or any form of non-standard communication puts you in a non-mainstream demografic.
With a big enough “it uses Signal” democrafic , you wouldn’t even be able to benefit much from knowing a number is in Signal… if every phone had a Signal account that metadata would be virtually useless.
Sure, it’s a leak, but it’s one leak that also exists in Whatsapp and Telegram, along with many others leaks that those other messengers have and Signal doesn’t.
I’m definitely not a fan of Signal (or Moxie’s views) myself, but I would definitely much rather people use it instead of having billions of them continue in Whatsapp or Telegram. The whole point being made is that there’s a big difference between using Signal and using those, we aren’t implying that any particular form of communication is perfect. None are. It’s just some are better than others.
Yes. That’s exactly what you get. A list of Signal users.
Why is a user list in itself “a significant metadata leak”. You would need other information for that, like groups, contacts, online times or anything else. But you don’t get that, so I can only repeat my question: what is the problem with it?
Ok, out of interest, how does this work?
You (as aggressor) scan all your known mobile numbers agains let’s say Signal and discover that some numbers use Signal. That I understand. But now what? Unless you are the company Signal you would not have access to further data, or ?
deleted by creator
What the fuck? Sure, you could also just being tortured till you tell them everything you know, but fking tracing over cell companies is not a security flaw in an app.
They could also just as well decrypt your self hosted emails that are cached on your device.
deleted by creator
What does having Signal installed has to do with tracking down and installing a Trojan?
I don’t think that they will track only track you down for using Signal, and if they are they still will install a Trojan even without Signal installed on your phone.
When it comes to states spying you then there is no safety. The state can always just send someone over to put a gun on your head (or the legal equivalent) and voila, you yourself give them your data.
And I understand that states are very different in their (perceived) legal integrity, but if I should guess ( no evidence) then all the encryption and safety development benefit criminals most. Also some journalists and dissidents but mostly criminals to do their criminal business and in the whole, if you have the fortune to live in a state that can be mostly trusted I prefer that Police has some lever identity this kind communication. Not in-similar to when Police is allowed to tap your phone (after a judge signed off). Not many people where concerned about that.
So so in the end I feel the bigger threat are private companies who sell all your data for the highest bidder regards of the bidders intention. And provided you trust Signal, ProtonMail and Tutanota then they definitely reduce the risk there (imho).
Even with a gun to your head you can still make the choice to say “no”. This is always the case - you always have the choice to refuse, you just have to be prepared to live with the consequences.
I needed to be police vetted for a job and they wanted to know lots of stuff about me, including who I’d slept with in the last five years (becaue, allegedly, this information could be used to blackmail so… Well so why would I tell the rozzers, exactly…? Anyway, getting off my point). I refused to tell them because the people I’d slept with hadn’t given their consent. I was refused the job *shrug
I wouldn’t give the job to a rapist either. 🙃
To be clear, I meant consent for me to share their love-life with the police!
You’re a naughty person! But you did make me laugh.
I hope he just made a mistake when typing haha