Simple steps to take before hitting the streets

  • Simon Müller@sopuli.xyz
    link
    fedilink
    arrow-up
    9
    ·
    7 months ago

    the metadata still isn’t.

    That doesn’t quite work in the case of Signal

    The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.

    Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn’t encrypted.

    Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn’t realistic.

    *: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling…especially if you wanna stay sane whilst having a threat model

    • toastal
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      7 months ago

      With the right intel you could piece back some of the pieces, especially with some pieces from other sources, with just that metadata. With metadata, it’s about putting together lots of sources to see the picture clearly which is why Facebook bought WhatsApp for just the metadata (& address book). The thing is that you, can skip Signal & you will still have several free software messaging alternativ where nothing is on a US-based server where they can subpoena.

      • RealJoL@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        But that’d already entail control over the whole Signal AWS in- and egress as well as any VPN you may be using and/or your local ISP. And then you still have to prove the actual link to the natural person. At that point we’re speaking of a threat level assuming the US DoD as adversary. While not impossible, I think if you’re willing to pick that kind of fight, you’re clever enough not to rely on Signal (or most digital communication).

        Signal is not WhatsApp, there aren’t a lot of data points linking your communications to end points in the same way Meta does link them.

        • toastal
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          Not saying you are wrong, but I think the argument a) should mention WhatsApp in the same breath as Signal & b) stopping at Signal instead of linking to where to find more info