Attached: 1 image
Basically, a good way to never trust "it's okay, the data is anonymized" again is simply knowing what the "Hemisphere Program" is.
https://www.eff.org/cases/hemisphere
In short, the US government got access to number from, number to, datetime, length and sometimes location information for every call passing through AT&T's network from 1987 to today.
Then they ran an algorithm to de-anonymize every burner phone based on behavior. They did this because maybe some of those burners were used by drug dealers.
What’s with all the hate on Signal on here? I see probably one post a week trying to bash it because of some unproven conspiracy about it.
It’s a non-profit whose goal is to provide encrypted private chat.
Signal’s subpar user experience is a feature from this perspective.
Signal is literally just a chat service. The user experience is on par with any other service, except it’s backed by a trust in the company to not sell out on the end user because it’s a non-profit and isn’t beholden to any shareholders.
I mean, I can see why it’s brewed an anti crowd. Founded by Radio Free Asia, a USA propaganda arm, and was funded up until late last year.
Additionally they have been aggressively pushed by the NED, an organization created to effectively conduct CIA color revolution in the overt.
And finally, compared to the other major US developed and funded project Tor, it is very centralized. It requires a phone number to use. The open source code is very oftenly neglected with the repository being out of date compared to the code being pushed out in updates.
Not every non-profit is your friend. Especially not non-profits that recieve funding largely from an agressive state that fashions itself as world police.
Now, I do use it as the US government is not currently in my threat model and I’m in need of an accessible messaging platform that I can get friends, family, and coworkers onto. But if for instance, the next administration extends transphobic policies federally you best believe I’m keeping that information off Signal.
Signal throws users who need anonymity (refugees, victims of domestic abuse, etc) under the bus by refusing to let users create accounts without phone numbers.
There’s no technical restriction. Signal just doesn’t care about helping these people.
Signal throws users who need anonymity (refugees, victims of domestic abuse, etc) under the bus by refusing to let users create accounts without phone numbers.
Spam. If you implemented other ways of stopping it, it would be even worse for privacy.
It’s a non-profit whose goal is to provide encrypted private chat.
It’s a non-profit run by ex-CIA people that’s hosted centrally in US, and being aggressively marketed as the only legitimate means of secure communication. Any time somebody points out the many problems associated with Signal, people swarm in to defend it as the one perfect secure chat platform that everybody should be using. Weird!
I feel like it being founded by ex CIA people is really not important. They aren’t actively working for the CIA and chances are they know the threat they face. Best to just ignore that part and focus on the technical details. At the end of the day any server you don’t control shouldn’t be trusted.
I feel like it’s very important in terms of understanding the potential goals and motivations of people working on a particular piece of technology. Just because they say they’re ex-CIA absolutely does not mean they’re not actively working for them. While technical issues are obvious here, that’s not always the case. For example, there’s a famous case where NSA suggested using a particular configuration that made SSH vulnerable. There was nothing that would jump out at anybody as being nefarious because you had to already know that a particular exploit existed to notice it. However, questioning the intentions of the NSA in this scenario would’ve helped avoid the exploit.
I think if you really care about privacy then you basically have to run your own for people you know and trust. At that point it doesn’t really matter what it is. It also depends on your threat profile. If you don’t actually care that people know your contact network, then Signal or any other app is perfectly fine. For vast majority of people it really doesn’t matter. The point is that Signal isn’t a good solution for people who do genuinely care about privacy.
Running your own isn’t a great answer as that doesn’t necessarily mean it is secure. I personally like Simplex Chat and Briar. Matrix would be on the list if it was a little bit more stable.
Running your own server doesn’t necessarily mean it’s secure, but it’s a lot more likely to be secure than a server somebody else runs. The very fact that the server is only used by a handful of people you know and trust makes it infinitely more secure. Also as you say in your other reply:
At the end of the day any server you don’t control shouldn’t be trusted.
Yup, I got dogpiled with smarmy comments downplaying my pointing out that the Open Technology Fund (that’s affiliated with Radio Free Asia) audited the Signal Protocol. I still try to get people to switch to it from SMS or Whatsapp (with limited success, an ex was one of the few who already had it installed prior… cuz of their dealer), but it’s not like I have any illusions of organizing the revolution on the app
This dudes a Russian national with a cold war attitude. There is no convincing them as there views a set in stone. They are the opposite of people here in the US who think Russia is the devil itself.
With that being said, they are right in some respects. Companies really want to know who your friends are as it is very useful for advertising. Google messager and contacts keep a close eye on who you are talking to and when. The same goes for WhatsApp and any other messager that doesn’t protect metadata. I think the metadata is actually more valuable than the raw text. It also is concerning that Mobile carriers have complete access to everything about you including location, communication logs, communication metadata, internet traffic, SS number, and so much more. I don’t believe Signal to be harmful and it is definitely better than SMS and phone. Signal also has the advantage of being more reliable and popular than many apps. For instance, Signal calls are way better than Simplex Chat. Signal is also good for contacts you normally would use with regular phone service. You would use there phone number anyway so you aren’t losing anything.
The TL;DR is that Signal does not protect metadata which can be a problem. However, if you are using Google or Apple messaging it doesn’t really matter
What’s with all the hate on Signal on here? I see probably one post a week trying to bash it because of some unproven conspiracy about it.
It’s a non-profit whose goal is to provide encrypted private chat.
Signal is literally just a chat service. The user experience is on par with any other service, except it’s backed by a trust in the company to not sell out on the end user because it’s a non-profit and isn’t beholden to any shareholders.
I mean, I can see why it’s brewed an anti crowd. Founded by Radio Free Asia, a USA propaganda arm, and was funded up until late last year.
Additionally they have been aggressively pushed by the NED, an organization created to effectively conduct CIA color revolution in the overt.
And finally, compared to the other major US developed and funded project Tor, it is very centralized. It requires a phone number to use. The open source code is very oftenly neglected with the repository being out of date compared to the code being pushed out in updates.
Not every non-profit is your friend. Especially not non-profits that recieve funding largely from an agressive state that fashions itself as world police.
Now, I do use it as the US government is not currently in my threat model and I’m in need of an accessible messaging platform that I can get friends, family, and coworkers onto. But if for instance, the next administration extends transphobic policies federally you best believe I’m keeping that information off Signal.
Signal throws users who need anonymity (refugees, victims of domestic abuse, etc) under the bus by refusing to let users create accounts without phone numbers.
There’s no technical restriction. Signal just doesn’t care about helping these people.
Spam. If you implemented other ways of stopping it, it would be even worse for privacy.
That’s there excuse. They also say F-droid is insecure which is not true these days
deleted by creator
Bullshit.other services have anonymous accounts yet no issues with spam
That’s due to privacy hostile captchas and others absolutely horrendous techniques.
Nope, none of that is needed for Wire
It’s a non-profit run by ex-CIA people that’s hosted centrally in US, and being aggressively marketed as the only legitimate means of secure communication. Any time somebody points out the many problems associated with Signal, people swarm in to defend it as the one perfect secure chat platform that everybody should be using. Weird!
I feel like it being founded by ex CIA people is really not important. They aren’t actively working for the CIA and chances are they know the threat they face. Best to just ignore that part and focus on the technical details. At the end of the day any server you don’t control shouldn’t be trusted.
I feel like it’s very important in terms of understanding the potential goals and motivations of people working on a particular piece of technology. Just because they say they’re ex-CIA absolutely does not mean they’re not actively working for them. While technical issues are obvious here, that’s not always the case. For example, there’s a famous case where NSA suggested using a particular configuration that made SSH vulnerable. There was nothing that would jump out at anybody as being nefarious because you had to already know that a particular exploit existed to notice it. However, questioning the intentions of the NSA in this scenario would’ve helped avoid the exploit.
https://thehackernews.com/2015/10/nsa-crack-encryption.html
So what is your suggested platform?
I think if you really care about privacy then you basically have to run your own for people you know and trust. At that point it doesn’t really matter what it is. It also depends on your threat profile. If you don’t actually care that people know your contact network, then Signal or any other app is perfectly fine. For vast majority of people it really doesn’t matter. The point is that Signal isn’t a good solution for people who do genuinely care about privacy.
Running your own isn’t a great answer as that doesn’t necessarily mean it is secure. I personally like Simplex Chat and Briar. Matrix would be on the list if it was a little bit more stable.
Running your own server doesn’t necessarily mean it’s secure, but it’s a lot more likely to be secure than a server somebody else runs. The very fact that the server is only used by a handful of people you know and trust makes it infinitely more secure. Also as you say in your other reply:
and this Matrix? https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part1/README.md
Matrix has a habit of eating my chats. They will suddenly be all “message can’t be decrypted”
I like Simplex Chat
Yup, I got dogpiled with smarmy comments downplaying my pointing out that the Open Technology Fund (that’s affiliated with Radio Free Asia) audited the Signal Protocol. I still try to get people to switch to it from SMS or Whatsapp (with limited success, an ex was one of the few who already had it installed prior… cuz of their dealer), but it’s not like I have any illusions of organizing the revolution on the app
This dudes a Russian national with a cold war attitude. There is no convincing them as there views a set in stone. They are the opposite of people here in the US who think Russia is the devil itself.
With that being said, they are right in some respects. Companies really want to know who your friends are as it is very useful for advertising. Google messager and contacts keep a close eye on who you are talking to and when. The same goes for WhatsApp and any other messager that doesn’t protect metadata. I think the metadata is actually more valuable than the raw text. It also is concerning that Mobile carriers have complete access to everything about you including location, communication logs, communication metadata, internet traffic, SS number, and so much more. I don’t believe Signal to be harmful and it is definitely better than SMS and phone. Signal also has the advantage of being more reliable and popular than many apps. For instance, Signal calls are way better than Simplex Chat. Signal is also good for contacts you normally would use with regular phone service. You would use there phone number anyway so you aren’t losing anything.
The TL;DR is that Signal does not protect metadata which can be a problem. However, if you are using Google or Apple messaging it doesn’t really matter