I’d be curious to hear your criticisms of Signal! While I haven’t seen anyone describing it as a “paragon of privacy and security” I do think it is a highly accessible SMS replacement that is also open source, end-to-end encrypted, and operated by a nonprofit.
The short version is, that it’s a centralized, US hosted service. All of those are subject to National Security Letters, and so are inherently compromised. Even if we accept that the message content is secure, then signal’s reliance on phone numbers (and in the US, a phone number is connected to your real identity and even current address), means that the US government has social connection graphs: everyone who uses signal, who they talk to, and when.
Building on this, I’d be curious to hear your thoughts on GrapheneOS as a whole. The OS recently bundled a new app “store”/repository, "Accrescent”, along with the usual basic apps like a calculator & camera. On Accrescent, the hardened fork of Signal, Molly, is offered on there. I’ve alsoheard one of the Graphene devs has voiced some chuddy politics.
I’ve still installed & use Molly to chat with my closest friends who I was able to get off of big tech platforms previously used for our group chats, but I have been aware of the RFA/Signal connection for several years (your blog post really ties it together) & I do try to remind these friends about it. Really we just use Signal to shitpost and organize hangouts, so I’m not yet locking myself in a bunker over using it for those purposes, but all this has got me considering building a server & hosting a different secure chat service on it.
I learned about possible Unit 8200 connections with the Matrix protocol within the past year or two, but don’t recall exactly what that entails. I haven’t heard much about Briar, but it being android only would make it a harder sell for getting people to switch over to it, so I suppose that leaves simpleX to proselytize.
I don’t know enough about grapeneOS to comment on it.
Any signal app forks still have to use signals main servers, so they still got your phone number and identity.
Matrix was originally funded by an Israeli company until it spun off, but unlike signal, it’s entirely open source, self-hostable, and can be run in a private manner. Phone numbers and identifiers are not required, so even if you connect to a malicious server, the most they get is your matrix id, and things you’ve explicitly leaked about your identity.
The most we could say is that specific servers are compromised, but its also possible to host it outside a five-eyes country, unlike signal.
Man I don’t even have the time to break down all these very clearly wrong insinuations. There’s no reason to believe Signal collects metadata, and every reason to believe they don’t. They’ve been served subpoenas and they shared them, as well as their responses, publicly, and the only thing they included was when the last time the user connected to their server.
Edit: tl;dr this person believes that Signal is inherently insecure because they use servers and require a phone number, despite the fact that there is zero information connected to your phone number.
I’ll give you a €10 gift-card to whatever popular online store you want. I ask for nothing in return. Absolutely no stipulations. The only thing is that you have to give me your credit card number and the expiration and the numbers on the back. I’ll just verify it’s real with a €1 charge (and then return the €1). That’s it. Not gonna do anything with the data. In fact, I’ll delete the data afterwards. Want €10?
Security cannot be based on trust. Period. If an actor is in a position to collect data then it must be assumed that they do so. You either do not understand the subject you’re opining on, or you’re intentionally spreading misinformation here.
It is not based on trust. It’s called “zero knowledge encryption” for a reason. You don’t have to trust them, because you give them nothing to trust them with.
Except that it is based on trust because you have to use your phone number to create the account, and you have to trust the company operating the server in regards on how that information is used. What part of this are you struggling to understand specifically?
The part that this is a false statement that you keep repeating. The phone number is associated with your account, that’s why it’s required to make the account.
The phone number is not associated with your account, it IS your account. In order for there to be metadata, there would have to be other data associated with it, which we’ve already established that there is not.
You sign up to use Signal using your phone number which is a personally identifying piece of information. Signal clients send messages to the server that routes the messages to their destination. It is not a p2p system where clients talk directly to each other. Therefore, the server must know both the sending and receiving accounts for the messages it routes, and it has the phone numbers associated with this accounts. All these things together make it trivial for the server to know which phone numbers talk to each other.
Unless you compiled the app yourself from source code that you understand, you don’t really know what the app might be saying to Signal’s servers. Almost everyone just trusts that the pre-compiled app supplied by Apple or Google aren’t compromised. But we know from history that Big Tech and the military-intelligence-industrial complex are in bed with each other.
The most obvious one that has been explained to death here is that Signal collects vast amounts of metadata. It’s also a centralized service that’s operated in the US, and it doesn’t even make reproducible builds for the Android client.
Where did you read that they are collecting vast amounts of metadata? Not challenging your claim just that I have been trying to find more info and came up empty. Signal says “we don’t collect analytics or telemetry data” but that’s about it.
You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.
I agree it’s a problem, but not for any of the reasons you listed. A phone number is not metadata, it’s just data. In order to request information associated with your phone number, they would have to know it already, because there’s no other identifier. In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the date you signed up and the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.
Phone numbers are metadata, and the fact that you don’t even understand this shows that you have no business making uninformed comments on this subject. Metadata is understood to be data that’s associated with messages being sent, but isn’t the content of the messages themselves.
In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.
One has to be an incredibly gullible individual to actually believe this. You have no way to audit the server, and security cannot be based on trust. If a company has a way to store and use the information it collects it has to be assumed that it is doing so. Signal is very obviously in a position to do this. Once the phone number is collected, it’s associated with your account. Any time you send a message through signal to another account that’s a connection in the graph of your social network.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US. If they have a person of interest and they know their identity, they can trivially use the metadata collected by Signal to see whom this person wants to have private conversations with.
Ignorant people such as yourself confidently speaking on subjects they don’t understand present a public danger to society.
Metadata is understood to be data that’s associated with messages being sent
That’s incorrect. Metadata is literally “data about the data”. There is not data associated with the phone number (data). The fact that you don’t even understand this shows that you have no business making uninformed comments on this subject.
One has to be an incredibly gullible individual to actually believe this.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
That’s incorrect. Metadata is literally “data about the data”.
Yes, the phone number is data about the user sending the message. Let me know if you need me to use smaller words to explain this to you.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
This has nothing to do with encryption. The phone number is being handed over by the user to the server. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Signal server has to keep a graph of connections between the accounts in order to route messages between them. The messages are not delivered peer to peer.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
No, my entire argument is based on basic security practices that anybody who’s ever dealt with security would understand. Please stop embarrassing yourself.
the phone number is data about the user sending the message
No it isn’t. If someone gets information associated with that phone number, they get it from somewhere else, not Signal. Let me know if you need me to use smaller words to explain this to you.
Signal server has to keep a graph of connections between the accounts in order to route messages between them.
No it doesn’t. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
No, my entire argument is based on basic security practices that anybody who’s ever dealt with security would understand.
In my book a single data point (a phone number) is not “vast amounts of metadata”. Again, I have never seen someone describing Signal as a “paragon of privacy and security”, Signal itself certainly does not say that (It’s presented as an improvement over SMS).
It’s the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I’ve seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.
What’s funny is this is pretty out in the open, and ppl don’t realize it. When Yasha Levine criticized signal, the president of Radio Free Asia (a US government propaganda org), sent this out, openly pushing Signal to european internet freedom communities:
Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.
thank you for providing a concrete example of the nonsense I’m referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.
I’d be curious to hear your criticisms of Signal! While I haven’t seen anyone describing it as a “paragon of privacy and security” I do think it is a highly accessible SMS replacement that is also open source, end-to-end encrypted, and operated by a nonprofit.
I wrote a longer one here: https://dessalines.github.io/essays/why_not_signal.html
The short version is, that it’s a centralized, US hosted service. All of those are subject to National Security Letters, and so are inherently compromised. Even if we accept that the message content is secure, then signal’s reliance on phone numbers (and in the US, a phone number is connected to your real identity and even current address), means that the US government has social connection graphs: everyone who uses signal, who they talk to, and when.
Building on this, I’d be curious to hear your thoughts on GrapheneOS as a whole. The OS recently bundled a new app “store”/repository, "Accrescent”, along with the usual basic apps like a calculator & camera. On Accrescent, the hardened fork of Signal, Molly, is offered on there. I’ve alsoheard one of the Graphene devs has voiced some chuddy politics.
I’ve still installed & use Molly to chat with my closest friends who I was able to get off of big tech platforms previously used for our group chats, but I have been aware of the RFA/Signal connection for several years (your blog post really ties it together) & I do try to remind these friends about it. Really we just use Signal to shitpost and organize hangouts, so I’m not yet locking myself in a bunker over using it for those purposes, but all this has got me considering building a server & hosting a different secure chat service on it.
I learned about possible Unit 8200 connections with the Matrix protocol within the past year or two, but don’t recall exactly what that entails. I haven’t heard much about Briar, but it being android only would make it a harder sell for getting people to switch over to it, so I suppose that leaves simpleX to proselytize.
I don’t know enough about grapeneOS to comment on it.
Any signal app forks still have to use signals main servers, so they still got your phone number and identity.
Matrix was originally funded by an Israeli company until it spun off, but unlike signal, it’s entirely open source, self-hostable, and can be run in a private manner. Phone numbers and identifiers are not required, so even if you connect to a malicious server, the most they get is your matrix id, and things you’ve explicitly leaked about your identity.
The most we could say is that specific servers are compromised, but its also possible to host it outside a five-eyes country, unlike signal.
Cheers, helpful stuff & thank you for developing Lemmy!
No probs!
Man I don’t even have the time to break down all these very clearly wrong insinuations. There’s no reason to believe Signal collects metadata, and every reason to believe they don’t. They’ve been served subpoenas and they shared them, as well as their responses, publicly, and the only thing they included was when the last time the user connected to their server.
Edit: tl;dr this person believes that Signal is inherently insecure because they use servers and require a phone number, despite the fact that there is zero information connected to your phone number.
I’ll give you a €10 gift-card to whatever popular online store you want. I ask for nothing in return. Absolutely no stipulations. The only thing is that you have to give me your credit card number and the expiration and the numbers on the back. I’ll just verify it’s real with a €1 charge (and then return the €1). That’s it. Not gonna do anything with the data. In fact, I’ll delete the data afterwards. Want €10?
Security cannot be based on trust. Period. If an actor is in a position to collect data then it must be assumed that they do so. You either do not understand the subject you’re opining on, or you’re intentionally spreading misinformation here.
It is not based on trust. It’s called “zero knowledge encryption” for a reason. You don’t have to trust them, because you give them nothing to trust them with.
Except that it is based on trust because you have to use your phone number to create the account, and you have to trust the company operating the server in regards on how that information is used. What part of this are you struggling to understand specifically?
What part of “there is zero data associated with your phone number” are you struggling to understand, specifically?
The part that this is a false statement that you keep repeating. The phone number is associated with your account, that’s why it’s required to make the account.
The phone number is not associated with your account, it IS your account. In order for there to be metadata, there would have to be other data associated with it, which we’ve already established that there is not.
You are literally incorrect.
You have provided literally nothing to back up your assertion.
Signal does not know who talks to whom. It’s kind of the main thing about the double ratchet.
You sign up to use Signal using your phone number which is a personally identifying piece of information. Signal clients send messages to the server that routes the messages to their destination. It is not a p2p system where clients talk directly to each other. Therefore, the server must know both the sending and receiving accounts for the messages it routes, and it has the phone numbers associated with this accounts. All these things together make it trivial for the server to know which phone numbers talk to each other.
Unless you compiled the app yourself from source code that you understand, you don’t really know what the app might be saying to Signal’s servers. Almost everyone just trusts that the pre-compiled app supplied by Apple or Google aren’t compromised. But we know from history that Big Tech and the military-intelligence-industrial complex are in bed with each other.
Okay. You tell me what the double ratchet is, since you’re so smart.
The double ratchet algo is irrelevant if the app is doing something else altogether.
Compiling the app is irrelevant if I don’t read the source.
The most obvious one that has been explained to death here is that Signal collects vast amounts of metadata. It’s also a centralized service that’s operated in the US, and it doesn’t even make reproducible builds for the Android client.
Where did you read that they are collecting vast amounts of metadata? Not challenging your claim just that I have been trying to find more info and came up empty. Signal says “we don’t collect analytics or telemetry data” but that’s about it.
You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.
I agree it’s a problem, but not for any of the reasons you listed. A phone number is not metadata, it’s just data. In order to request information associated with your phone number, they would have to know it already, because there’s no other identifier. In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the date you signed up and the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.
Phone numbers are metadata, and the fact that you don’t even understand this shows that you have no business making uninformed comments on this subject. Metadata is understood to be data that’s associated with messages being sent, but isn’t the content of the messages themselves.
One has to be an incredibly gullible individual to actually believe this. You have no way to audit the server, and security cannot be based on trust. If a company has a way to store and use the information it collects it has to be assumed that it is doing so. Signal is very obviously in a position to do this. Once the phone number is collected, it’s associated with your account. Any time you send a message through signal to another account that’s a connection in the graph of your social network.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US. If they have a person of interest and they know their identity, they can trivially use the metadata collected by Signal to see whom this person wants to have private conversations with.
Ignorant people such as yourself confidently speaking on subjects they don’t understand present a public danger to society.
That’s incorrect. Metadata is literally “data about the data”. There is not data associated with the phone number (data). The fact that you don’t even understand this shows that you have no business making uninformed comments on this subject.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
Yes, the phone number is data about the user sending the message. Let me know if you need me to use smaller words to explain this to you.
This has nothing to do with encryption. The phone number is being handed over by the user to the server. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
Signal server has to keep a graph of connections between the accounts in order to route messages between them. The messages are not delivered peer to peer.
No, my entire argument is based on basic security practices that anybody who’s ever dealt with security would understand. Please stop embarrassing yourself.
No it isn’t. If someone gets information associated with that phone number, they get it from somewhere else, not Signal. Let me know if you need me to use smaller words to explain this to you.
No it doesn’t. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
No it isn’t. Please stop embarrassing yourself.
In my book a single data point (a phone number) is not “vast amounts of metadata”. Again, I have never seen someone describing Signal as a “paragon of privacy and security”, Signal itself certainly does not say that (It’s presented as an improvement over SMS).
It’s the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I’ve seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.
What’s funny is this is pretty out in the open, and ppl don’t realize it. When Yasha Levine criticized signal, the president of Radio Free Asia (a US government propaganda org), sent this out, openly pushing Signal to european internet freedom communities:
And I remember you mentioned before, Meredith Whittaker, president of the Signal Foundation, holds interviews with US defense-department think tanks.
Because it is the gold standard, and recognized by many as much.
because by making people feel unsafe using it, you are actually making them less safe.
thank you for providing a concrete example of the nonsense I’m referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.
Thank you for continuing to not put forward any sort of legitimate retort and responding only with insults instead. Super helpful.