• The Hobbyist@lemmy.zip
    link
    fedilink
    arrow-up
    21
    arrow-down
    19
    ·
    4 months ago

    This message is definitely giving all the vibes of a disinformation/misinformation attempt. There is no metadata to harvest from signal.

    Here is an example of all the extent of data that signal has on any given user: https://signal.org/bigbrother/cd-california-grand-jury/

    It involves phone number, account creation time and last connected time. That’s it. Nothing more.

    The cross referencing of data is just nonsense. Google and meta already have your phone number. Adding signal info to it adds absolutely zero information to them. They have it all already. They know nothing of who you talk with, which groups you are part of.

    The funding of Signal did involve public grants but that’s not anything bad. Many projects and nonprofits receive public money. It does not imply that there are backdoors or anything like that. And signal was purposefully designed so that no matter who owns and operates it, the messages stay hidden independently on the server infrastructure. They did the best possible to remove themselves from the chain of trust. Expert cryptographers and auditors trust signal. Don’t listen to this random ramble of an online stranger whose intentions are just to confuse you and make you doubt.

    • ☆ Yσɠƚԋσʂ ☆
      link
      fedilink
      arrow-up
      21
      arrow-down
      9
      ·
      edit-2
      4 months ago

      It’s fascinating that these kinds of trolls come out of the woodwork any time obvious problems with Signal are brought up.

      Phone numbers very obvious are metadata. If you think that cross referencing data is nonsense then you have absolutely no clue what you’re talking about. It’s not about Google or Meta having your phone number, it’s about having a graph of people doing encrypted communication with each other over Signal. The graph of contacts is what’s valuable.

      Don’t listen to this random ramble of an online stranger whose intentions are just to confuse you and make you doubt.

      What you absolutely shouldn’t listen to are trolls who tell you to just trust that Signal is not abusing the data it’s collecting about you. The first rule of security is that it can’t be faith based.

      • The Hobbyist@lemmy.zip
        link
        fedilink
        arrow-up
        4
        arrow-down
        8
        ·
        4 months ago

        What are you talking about? you get a phone number from signal, and what will you be able to derive from it? there is no graph. signal does not hold any “relationships” information.

        • ☆ Yσɠƚԋσʂ ☆
          link
          fedilink
          arrow-up
          11
          arrow-down
          5
          ·
          4 months ago

          The phone number is a unique identifier for your account. When you send a message to another user on Signal, that message goes to the server, and then gets routed to the other party. The server therefore has to know which parties talk to each other. Let me know if you have trouble understanding this and need it explained in simpler terms.

          • The Hobbyist@lemmy.zip
            link
            fedilink
            arrow-up
            7
            arrow-down
            6
            ·
            4 months ago

            Youre right, thats how it works in almost all messaging apps. But signal implemented sealed sender specifically to counter this.

            You can read more about it here: https://signal.org/blog/sealed-sender/

            I encourage you to read the first paragraph, which is important in the context of our conversation.

            • ☆ Yσɠƚԋσʂ ☆
              link
              fedilink
              arrow-up
              10
              arrow-down
              4
              ·
              4 months ago

              I’m talking about the information the server has. The encrypted envelope has nothing to do with that. Your register with the server using your phone number, that’s a unique identifier for your account. When you send messages to other people via the server it knows what accounts you’re talking to and what their phone numbers are. The first paragraph amounts to nothing more than trust me bro because the only people who know what the Signal server actually does are the people operating it.

              • Possibly linux@lemmy.zip
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                3
                ·
                4 months ago

                You are routing your traffic over the public internet. Nothing is secure at all. That’s why we implement strong cryptography

              • ramenu
                link
                fedilink
                English
                arrow-up
                4
                arrow-down
                6
                ·
                4 months ago

                Seriously, what are you talking about? The vast majority of people don’t want anonymity. Obviously Signal isn’t cut out for that! The fact is, most people don’t care about anonymity.

                And what metadata can you harvest exactly from a UNIX timestamp and phone number? Signal can tell who is communicating to who, but they cannot read your messages.

                • ☆ Yσɠƚԋσʂ ☆
                  link
                  fedilink
                  arrow-up
                  12
                  arrow-down
                  1
                  ·
                  4 months ago

                  Most people, even in this very thread, clearly don’t understand the implications of phone number harvesting. Also do give citations for your bombastic claim that most people don’t want anonymity.

                  And what metadata can you harvest exactly from a UNIX timestamp and phone number? Signal can tell who is communicating to who, but they cannot read your messages.

                  The graph of who communicates with whom is precisely the problem. The government can easily correlate that data with all the other data they have on people, and then if somebody is identified as a person of interest it becomes easy to find other people who associate with them. So, here you just proved my point by showing that you yourself don’t understand the implications of metadata harvesting.

                  • rcbrk
                    link
                    fedilink
                    English
                    arrow-up
                    5
                    ·
                    4 months ago

                    Most people1, even in this very thread, clearly don’t […]

                    1. Signal shill-bot personas.
                  • ramenu
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    arrow-down
                    3
                    ·
                    4 months ago

                    Also do give citations for your bombastic claim that most people don’t want anonymity.

                    This is entirely dependent on the situation. Privacy is not a black or white thing where you’re completely private or not private at all. Everyone lives some part of their life publicly. I don’t have data on this unfortunately, but typically where I live, people share phone numbers to people they personally know.

                    The graph of who communicates with whom is precisely the problem. The government can easily correlate that data with all the other data they have on people, and then if somebody is identified as a person of interest it becomes easy to find other people who associate with them. So, here you just proved my point by showing that you yourself don’t understand the implications of metadata harvesting.

                    This is not within the vast majority of most peoples threat model.

            • DessalinesA
              link
              fedilink
              arrow-up
              3
              ·
              4 months ago

              Anyone who has worked with centralized databases can tell you how useless that is. With message recipients and timestamps, its trivial to find the real sender.

        • DessalinesA
          link
          fedilink
          arrow-up
          5
          ·
          4 months ago

          Give me your phone number. I’ll quickly be able to find out where you live.

    • istanbullu
      link
      fedilink
      arrow-up
      16
      arrow-down
      9
      ·
      4 months ago

      Signal’s hostility to 3rd party clients is a huge red flag.

      • The Hobbyist@lemmy.zip
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        4 months ago

        Can you further explain? A red flag to open-source, federation and such, can’t disagree. But to privacy and security? I’m not convinced.

        • ☆ Yσɠƚԋσʂ ☆
          link
          fedilink
          arrow-up
          9
          arrow-down
          5
          ·
          4 months ago

          Third party clients are the best way to verify that the protocol works as advertised.

        • istanbullu
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          4 months ago

          If you backdoored your client, then you will naturally oppose anyone else who develops a client.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      11
      ·
      4 months ago

      Its the tankies.

      Honestly if they can recommend something better I’m all for it but I haven’t heard anything.

      • Majestic
        link
        fedilink
        arrow-up
        5
        arrow-down
        4
        ·
        edit-2
        4 months ago

        Take a look here for some alternatives:

        https://dessalines.github.io/essays/why_not_signal.html#good-alternatives

        • Matrix
        • XMPP
        • Briar
        • SimpleX

        Also just because there are no alternatives doesn’t mean your default position should be we just have to trust whatever exists now because it’s good enough. Or that we can’t criticize it ruthlessly, distrust it. Call it out and as a result of that build perhaps the desire for something better, a fix as it were.

        The evidence and history clearly points towards Signal being very suspicious and likely in bed with the feds. This is not conspiracy thinking. Conspiracy thinking is thinking that the country/empire that gave away old German engima machines whose code they’d cracked to developing countries without telling them they’d cracked it in the late 40s/early 50s, that went on to establish a crypto company just to subvert its encryption. That’s done everything Snowden revealed has in fact changed suddenly for the first time in half a century for no particular reason and not to its own benefit. That’s fanciful thinking. That’s a leap of logic away from the proven trends, the pattern of behavior, and indeed the incentivizes to continue using their dominant position to maintain dominance and power. They didn’t back down on the clipper chip because they just gave up and decided to let people have privacy and rights. They gave up on it because they found better ways of achieving the same results with plausible deniability.

        Also why is everything “tankies” with you people. Privacy advocates point out the obvious and suddenly it’s a communist conspiracy. LOL

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          4 months ago
          • Matrix and XMPP are not alternatives and are worse for privacy and security

          • Simplex Chat is actually is pretty sold but isn’t the most user friendly

          • Briar is very cool but its complexity makes it hard to use. It also has problems with real time communications

          • BeeDemocracy@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            Matrix and XMPP are not alternatives and are worse for privacy and security

            XMPP is exactly as good or bad for privacy as the servers and clients you choose. It’s a protocol, not a service. Unlike Signal, which is a brand/app/service package.

              • BeeDemocracy@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                4 months ago

                The protocol is worse for privacy

                ‘Trust me bro’

                The problem is, you’re comparing apples with orchards. Analogous would be: ‘email is worse for privacy than yahoomail’. Plus in this scenario yahoomail only lets you send emails to yahoomail addresses.