Signal: Jegliche Kommunikation erfolgt über Tech-Giganten wie Amazon, Microsoft, Google und Cloudflare
www.kuketz-blog.de
external-link
Bei Signal erfolgt jegliche Kommunikation über verschiedene Tech-Giganten wie Amazon, Microsoft, Google und Cloudflare. Aufgesplittet nach Domains ergibt sich das folgende Bild: Amazon: textsecure-service.whispersystems.org, cdn.signal.org,…

Translated main part:

At Signal, all communication takes place via various tech giants such as Amazon, Microsoft, Google and Cloudflare. Broken down by domains, the following picture emerges:

Amazon: textsecure-service.whispersystems.org, cdn.signal.org, sfu.voip.signal.org
Google: storage.signal.org, contentproxy.signal.org
Microsoft: api.directory.signal.org, api.backup.signal.org
Cloudflare: cdn2.signal.org

Message exchange (textsecure-service.whispersystems.org) is done via Amazon AWS, for example, while Google Data Servers (storage.signal.org) are responsible for creating and managing the groups. This means that all communication is handled via central servers of the tech giants. Especially privacy-sensitive users may be put off by this, which I can understand. However, at least from an IT security perspective, I think the use of the rented servers is negligible, since Signal works with the zero-knowledge principle. Certainly, it would be desirable if the Signal Foundation hosted the servers itself. However, this would not necessarily mean a security gain. Nevertheless, this is a point of criticism, since this naturally also flushes money into the coffers of the tech data octopuses.

Dreeg Ocedam
link
28M

To me, the main concern is indeed that it flushes money to Google/AWS, but since pretty much nothing goes to the services unencrypted, and with minimal metadata. It’s not an issue. The only thing that Google/AWS can get from you is your IP and that you use Signal, so if you use a VPN, you’re pretty much as safe as you can be.

I prefer them doing this kind of choices and being able to scale rapidly, while also keeping new features coming, so that the app is accessible to the majority.

@TheAnonymouseJoker
mod
creator
link
38M

IP address might not be a huge concern with dynamic IPs as you can make the case for plausible deniability, plus if content is encrypted, they can have no basis to point out your IP from the millions of IP addresses since there exists no metric to point it out.

@mrmanman
link
18M

Why wouldn’t they use IPFS?

Dreeg Ocedam
link
15M

IPFS doesn’t make servers appear out of thin air.

privatelife - privacy, security, freedom advocacy
!privatelife

    This community is meant to advocate privacy, security and freedom in an concise manner, free of prejudice bias, free of politics, free of cultist thoughts.

    Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say. - Edward Snowden

    Telegram: t.me/r_privatelife

    Reddit: reddit.com/r/privatelife

    READ THE RULES

    1. Opinions are welcome, facts more so. Attack arguments, not people. Hating, baiting, trolling, flaming will be dealt with strictly.

    2. Discuss closed source software with caution. Advocating for it strongly (cult brigading) can be treated as violation of this rule.

    3. Editing titles of article links is strictly prohibited, unless and until the summarisation remains accurate to the context of the article or paper. Such link post will be removed without questioning.

    4. Targeting of any country, person or nation is strictly prohibited without valid reasoning. Evidence if not presented against the specific company/corporation/individual will be treated as personal attack and/or hate speech. This will result in a warning, then ban system.

    5. NO PERMA BANS! Ban system will work as follows:

    1 day --> 3 day --> 1 week --> 2 weeks --> 3 weeks --> 1 month --> 3 months --> 6 months

    Severity of the ban system will be dealt with based on degree of violation and circumstances.

    1. NO FACT-LESS EVIDENCES, NO FALSE RHETORIC Evidence has to be credible. The onus of this lies on the claimant. The same applies on the user who questions proven evidence. Violation of this rule will be dealt with strictly.

    2. Copycat posts serve to litter the community, increasing quantity and decreasing quality of posts. As such, posts will be removed. Repeated attempts will receive warning.

    • 0 users online
    • 2 users / day
    • 2 users / week
    • 3 users / month
    • 25 users / 6 months
    • 391 subscribers
    • 173 Posts
    • 327 Comments
    • Modlog