Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: https://text.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases

Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it’s important.

https://xcancel.com/hannahcrileyy/status/2034273723667161480#m

  • jabberwock@lemmy.dbzer0.com
    8·
    3 days ago

    This is fundamentally not how Signal works, but you are generally correct in that a phone number has been shown to provide a lot of context for a person (or a device, at least). But Signal (the app) only uses a phone number for initial verification of an account. You have a lot of options to break that association with you - use a landline and get a call verification code, use a VoIP number (assuming you trust the provider), use a burner SIM, etc.

    Once you have an account, you can choose to identify yourself on the network solely via username so the registration number is not presented to other users. The Signal protocol itself is well-audited and generally secure.

    If your issue is with Signal the American company, use an open source fork like Molly with your own UnifiedPush instance. Then you’re only trusting them with transport of your encrypted messages, which again have shown to be secure at least in public audits.

    • rumba@lemmy.zipEnglish
      1·
      1 day ago

      I was putting my kid on Signal to join the family chat, he didn’t have service, so we just used wifi. I don’t know for sure that this hasn’t changed, but when I tried, they refused a google voice account and also refused an sms api acct. I dug into it some more and it appears you have to install it on a phone with cellular service, it needs to read your phone’s ID.

      I tried deactivating my phone, activating his acct on my phone with Google Voip, then moving it to his tablet. It would work for about a week then stop.

      I dug through a bunch of reddit and group threads on it, you simply could not activate it without a real SMS and a cellular link with all the ID’s.

      We eventually got him an apple watch with service, and it allowed that SMS in concert with my phone. Then I installed on his tablet and put my phone back to me. Once in a blue moon, it’ll make him reverify with SMS from the watch, but it works and doesn’t require my phone with service anymore.

      It might just be something about google’s voip which a lot places refuse, but it also refused twillio.

    • WhyJiffie@sh.itjust.worksEnglish
      4·
      3 days ago

      it all does not matter when most people register with their primary phone number that is already tied to their name

      • Paulemeister@feddit.org
        2·
        2 days ago

        I still don’t get it. What is bad about signing up with your phone number? All readable Info that governments can force out of Signal is. “Yep this guy uses Signal, signed up last year” so nothing is lost (except if they use that as a sign you are a terrorist, but then they just wanted to monitor you anyway in the first place)

        • WhyJiffie@sh.itjust.worksEnglish
          2·
          2 days ago

          except if they use that as a sign you are a terrorist, but then they just wanted to monitor you anyway in the first place

          exactly. what is the question?

          also its not “monitor me” and “monitor you”, but “monitor whoever is using the service” more closely, and as it seems, retaliate against them.

          • Paulemeister@feddit.org
            1·
            2 days ago

            The question is: What privacy do I loose by signing up to Signal with a phone number instead of hypothetically a username.

            If you are being monitored, they know your phone number. With that they know you are using Signal, but nothing more. Messaging through Signal is safe.

            If you are not being monitored, nobody knows you are using Signal. Messaging through Signal is safe

            • WhyJiffie@sh.itjust.worksEnglish
              2·
              2 days ago

              The question is: What privacy do I loose by signing up to Signal with a phone number instead of hypothetically a username.

              if you could sign up with a username, your account couldn’t be linked to a real world identity. also the government wouldn’t have a phone number to send state malware to (unlike signal the telephony system is full of security vulnerabilities)

              If you are being monitored, they know your phone number.

              if you personally are monitored then yes they know your phone number. but here it’s the other way around. you became a person of interest because you use signal.

              If you are not being monitored, nobody knows you are using Signal.

              no. everybody who has the power to issue data requests to signal, and also has access to a database binding phone numbers to identities, knows that you are using signal.

              • Paulemeister@feddit.org
                1·
                2 days ago

                Ah ok now I get what you mean. Hashing for phone numbers is ineffective so it’s a two way lookup. Is the population using Signal small enough that this doesn’t just equate to surveiling everybody?