• poVoq
    link
    fedilink
    arrow-up
    5
    arrow-down
    3
    ·
    edit-2
    2 years ago

    deleted by creator

    • marcuse1w
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      I think an important difference is that we are comparing companies that definitely sell your metadata to companies that could sell your meta data but where there is no known case (to me) that they actually do, e.g Signal. So it comes down to trust.

      • poVoq
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        edit-2
        2 years ago

        deleted by creator

          • poVoq
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            2 years ago

            deleted by creator

            • Palaress@lemmy.161.social
              link
              fedilink
              arrow-up
              1
              ·
              3 years ago

              Note that while this is about Telegram, this problem of reverse phone-number lookup also exists AFAIK with Signal.

              Where is the source for Signal? Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source

              • poVoq
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                edit-2
                2 years ago

                deleted by creator

                • Palaress@lemmy.161.social
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  3 years ago

                  You are missing the point. If you have a big list of suspect phone-numbers you can put them into Signal and it will show all that have their phone numbers registered with Signal.

                  Yes. That’s exactly what you get. A list of Signal users.

                  That is a metadata leak and quite a significant one.

                  Why is a user list in itself “a significant metadata leak”. You would need other information for that, like groups, contacts, online times or anything else. But you don’t get that, so I can only repeat my question: what is the problem with it?

                • Ferk
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  3 years ago

                  That’s not enough to know which of the Signal accounts actually belongs to a demografic any more specific than “it uses Signal”. It’s definitely much less significant than all the datamining you can do in Facebook/Whatsapp and Telegram.

                  The only reason it has any significance is because not a lot of people use Signal, same as how using Matrix, XMPP or any form of non-standard communication puts you in a non-mainstream demografic.

                  With a big enough “it uses Signal” democrafic , you wouldn’t even be able to benefit much from knowing a number is in Signal… if every phone had a Signal account that metadata would be virtually useless.

                  Sure, it’s a leak, but it’s one leak that also exists in Whatsapp and Telegram, along with many others leaks that those other messengers have and Signal doesn’t.

                  I’m definitely not a fan of Signal (or Moxie’s views) myself, but I would definitely much rather people use it instead of having billions of them continue in Whatsapp or Telegram. The whole point being made is that there’s a big difference between using Signal and using those, we aren’t implying that any particular form of communication is perfect. None are. It’s just some are better than others.

                  • poVoq
                    link
                    fedilink
                    arrow-up
                    2
                    arrow-down
                    1
                    ·
                    edit-2
                    2 years ago

                    deleted by creator

        • marcuse1w
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          Ok, out of interest, how does this work?

          You (as aggressor) scan all your known mobile numbers agains let’s say Signal and discover that some numbers use Signal. That I understand. But now what? Unless you are the company Signal you would not have access to further data, or ?

            • Palaress@lemmy.161.social
              link
              fedilink
              arrow-up
              2
              ·
              3 years ago

              Sure you can easily get further data by for example asking the phone companies for cell-tower log-in location and times. This you can then narrow down against your list of Signal using suspects and either remotely infect their phones with a trojan or simply snatch up the hardware at a “random” police check and access the already decrypted messages with identifiable phone-numbers of all the group-members.

              What the fuck? Sure, you could also just being tortured till you tell them everything you know, but fking tracing over cell companies is not a security flaw in an app.

              They could also just as well decrypt your self hosted emails that are cached on your device.

                • Palaress@lemmy.161.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  3 years ago

                  What does having Signal installed has to do with tracking down and installing a Trojan?

                  I don’t think that they will track only track you down for using Signal, and if they are they still will install a Trojan even without Signal installed on your phone.