Some are quick to promote apps as being safe for your use just because they are encrypted. I will talk about how many of the popular apps that are commonly t...
Note that while this is about Telegram, this problem of reverse phone-number lookup also exists AFAIK with Signal.
Where is the source for Signal?
Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source
You are missing the point. If you have a big list of suspect phone-numbers you can put them into Signal and it will show all that have their phone numbers registered with Signal.
Yes. That’s exactly what you get. A list of Signal users.
That is a metadata leak and quite a significant one.
Why is a user list in itself “a significant metadata leak”.
You would need other information for that, like groups, contacts, online times or anything else. But you don’t get that, so I can only repeat my question: what is the problem with it?
That’s not enough to know which of the Signal accounts actually belongs to a demografic any more specific than “it uses Signal”. It’s definitely much less significant than all the datamining you can do in Facebook/Whatsapp and Telegram.
The only reason it has any significance is because not a lot of people use Signal, same as how using Matrix, XMPP or any form of non-standard communication puts you in a non-mainstream demografic.
With a big enough “it uses Signal” democrafic , you wouldn’t even be able to benefit much from knowing a number is in Signal… if every phone had a Signal account that metadata would be virtually useless.
Sure, it’s a leak, but it’s one leak that also exists in Whatsapp and Telegram, along with many others leaks that those other messengers have and Signal doesn’t.
I’m definitely not a fan of Signal (or Moxie’s views) myself, but I would definitely much rather people use it instead of having billions of them continue in Whatsapp or Telegram. The whole point being made is that there’s a big difference between using Signal and using those, we aren’t implying that any particular form of communication is perfect. None are. It’s just some are better than others.
We are not comparing Signal with “messengers that do not use phone-numbers” (which often leak other info instead). We are comparing it to messengers in the level of Telegram and Whatsapp, because the point was that placing it all on the same level isn’t accurate or fair. Reality isn’t Black&White.
Signal has flaws, but I’d much rather have people asking me to communicate via Signal than through Telegram/Whatsapp as they usually do. I do wish Signal was able to catter to that demografic.
Because “slightly less” is a subjective measure that’s relative to how pedantic we want to get.
Even XMPP is a “slightly less” bad option, in the sense that you are still targetable when using a sufficiently advanced method, and you are still not free of risk. Even hosting your own instance you give away the IP, if you don’t host it then you do have to trust the host to keep the metadata safe (and more metadata than Signal).
I thought we were talking about security and privacy in general, applied to messaging platforms. Specifically, comparing Telegram/Whatsapp with Signal.
If you want to talk exclusively about phone numbers then it’s obvious that if a messaging system doesn’t use phone numbers there’s no risk that metadata related to phone number is the one that’ll get leaked.
Whether you want to make them be “a completelly different league” based on that distinction alone is an arbitrary separation. By that logic XMPP would be in the same “league” as unencrypted email.
Where is the source for Signal? Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source
deleted by creator
Yes. That’s exactly what you get. A list of Signal users.
Why is a user list in itself “a significant metadata leak”. You would need other information for that, like groups, contacts, online times or anything else. But you don’t get that, so I can only repeat my question: what is the problem with it?
deleted by creator
That’s not enough to know which of the Signal accounts actually belongs to a demografic any more specific than “it uses Signal”. It’s definitely much less significant than all the datamining you can do in Facebook/Whatsapp and Telegram.
The only reason it has any significance is because not a lot of people use Signal, same as how using Matrix, XMPP or any form of non-standard communication puts you in a non-mainstream demografic.
With a big enough “it uses Signal” democrafic , you wouldn’t even be able to benefit much from knowing a number is in Signal… if every phone had a Signal account that metadata would be virtually useless.
Sure, it’s a leak, but it’s one leak that also exists in Whatsapp and Telegram, along with many others leaks that those other messengers have and Signal doesn’t.
I’m definitely not a fan of Signal (or Moxie’s views) myself, but I would definitely much rather people use it instead of having billions of them continue in Whatsapp or Telegram. The whole point being made is that there’s a big difference between using Signal and using those, we aren’t implying that any particular form of communication is perfect. None are. It’s just some are better than others.
deleted by creator
And yet Telegram and Whatsapp do that and more.
We are not comparing Signal with “messengers that do not use phone-numbers” (which often leak other info instead). We are comparing it to messengers in the level of Telegram and Whatsapp, because the point was that placing it all on the same level isn’t accurate or fair. Reality isn’t Black&White.
Signal has flaws, but I’d much rather have people asking me to communicate via Signal than through Telegram/Whatsapp as they usually do. I do wish Signal was able to catter to that demografic.
deleted by creator
Because “slightly less” is a subjective measure that’s relative to how pedantic we want to get.
Even XMPP is a “slightly less” bad option, in the sense that you are still targetable when using a sufficiently advanced method, and you are still not free of risk. Even hosting your own instance you give away the IP, if you don’t host it then you do have to trust the host to keep the metadata safe (and more metadata than Signal).
deleted by creator
I thought we were talking about security and privacy in general, applied to messaging platforms. Specifically, comparing Telegram/Whatsapp with Signal.
If you want to talk exclusively about phone numbers then it’s obvious that if a messaging system doesn’t use phone numbers there’s no risk that metadata related to phone number is the one that’ll get leaked.
Whether you want to make them be “a completelly different league” based on that distinction alone is an arbitrary separation. By that logic XMPP would be in the same “league” as unencrypted email.