• Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    20
    arrow-down
    3
    ·
    10 months ago

    I wrote a longer one here: https://dessalines.github.io/essays/why_not_signal.html

    The short version is, that it’s a centralized, US hosted service. All of those are subject to National Security Letters, and so are inherently compromised. Even if we accept that the message content is secure, then signal’s reliance on phone numbers (and in the US, a phone number is connected to your real identity and even current address), means that the US government has social connection graphs: everyone who uses signal, who they talk to, and when.

    • livestreamedcollapse@lemmy.ml
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      10 months ago

      Building on this, I’d be curious to hear your thoughts on GrapheneOS as a whole. The OS recently bundled a new app “store”/repository, "Accrescent”, along with the usual basic apps like a calculator & camera. On Accrescent, the hardened fork of Signal, Molly, is offered on there. I’ve alsoheard one of the Graphene devs has voiced some chuddy politics.

      I’ve still installed & use Molly to chat with my closest friends who I was able to get off of big tech platforms previously used for our group chats, but I have been aware of the RFA/Signal connection for several years (your blog post really ties it together) & I do try to remind these friends about it. Really we just use Signal to shitpost and organize hangouts, so I’m not yet locking myself in a bunker over using it for those purposes, but all this has got me considering building a server & hosting a different secure chat service on it.

      I learned about possible Unit 8200 connections with the Matrix protocol within the past year or two, but don’t recall exactly what that entails. I haven’t heard much about Briar, but it being android only would make it a harder sell for getting people to switch over to it, so I suppose that leaves simpleX to proselytize.

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        8
        ·
        10 months ago

        I don’t know enough about grapeneOS to comment on it.

        Any signal app forks still have to use signals main servers, so they still got your phone number and identity.

        Matrix was originally funded by an Israeli company until it spun off, but unlike signal, it’s entirely open source, self-hostable, and can be run in a private manner. Phone numbers and identifiers are not required, so even if you connect to a malicious server, the most they get is your matrix id, and things you’ve explicitly leaked about your identity.

        The most we could say is that specific servers are compromised, but its also possible to host it outside a five-eyes country, unlike signal.

        • Kairos@lemmy.today
          link
          fedilink
          arrow-up
          2
          arrow-down
          6
          ·
          10 months ago

          Signal does not know who talks to whom. It’s kind of the main thing about the double ratchet.

          • davel [he/him]@lemmy.ml
            link
            fedilink
            English
            arrow-up
            8
            arrow-down
            4
            ·
            10 months ago

            Unless you compiled the app yourself from source code that you understand, you don’t really know what the app might be saying to Signal’s servers. Almost everyone just trusts that the pre-compiled app supplied by Apple or Google aren’t compromised. But we know from history that Big Tech and the military-intelligence-industrial complex are in bed with each other.

                  • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                    link
                    fedilink
                    arrow-up
                    5
                    arrow-down
                    3
                    ·
                    10 months ago

                    That’s nonsense, because many different people read the source and audit open source software. While it’s certainly possible to sneak malicious code in, the trust doesn’t depend on each single individual auditing it. It’s a collective effort.

          • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
            link
            fedilink
            arrow-up
            5
            arrow-down
            2
            ·
            10 months ago

            You sign up to use Signal using your phone number which is a personally identifying piece of information. Signal clients send messages to the server that routes the messages to their destination. It is not a p2p system where clients talk directly to each other. Therefore, the server must know both the sending and receiving accounts for the messages it routes, and it has the phone numbers associated with this accounts. All these things together make it trivial for the server to know which phone numbers talk to each other.

            • Pup Biru@aussie.zone
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              10 months ago

              that’s all not necessarily true

              for starters: https://signal.org/blog/sealed-sender/

              but also perhaps more academically because signal (i believe) doesn’t do this, so it’s more a comment on the information that the server “must know”

              signal uses the double ratchet protocol to derive shared keys between users already. if we extend this a little further to exchange a separate shared identifier for use in retrieving conversaiton data, and a place to store that data the the only information that the server gets is a couple of initialisation messages, and the rest is entirely opaque - there’s no way to know (other than tracing e2e messages based on IP address, and there are mitigations for that too) who is communicating with who, at what rate, etc

              there are other ways to validate things like rate limits, etc that don’t involve identity directly, or at least don’t trust any single party with all data

              • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                link
                fedilink
                arrow-up
                2
                ·
                10 months ago

                If you’re arguing that it is possible to build a system that uses a server for routing while keeping clients anonymous, then that is the case. However, what we’re talking about here is whether a malicious actor would be able to intentionally harvest metadata about the users. And my point was that since only the people operating the Signal server know what it’s actually doing, it becomes a trust based system. You have to trust that Whisper Systems is a good actor and they’re not harvesting your information.

    • Ulrich@feddit.org
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      10
      ·
      edit-2
      10 months ago

      Man I don’t even have the time to break down all these very clearly wrong insinuations. There’s no reason to believe Signal collects metadata, and every reason to believe they don’t. They’ve been served subpoenas and they shared them, as well as their responses, publicly, and the only thing they included was when the last time the user connected to their server.

      Edit: tl;dr this person believes that Signal is inherently insecure because they use servers and require a phone number, despite the fact that there is zero information connected to your phone number.

      • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
        link
        fedilink
        arrow-up
        13
        arrow-down
        1
        ·
        10 months ago

        Security cannot be based on trust. Period. If an actor is in a position to collect data then it must be assumed that they do so. You either do not understand the subject you’re opining on, or you’re intentionally spreading misinformation here.

        • Ulrich@feddit.org
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          10
          ·
          10 months ago

          It is not based on trust. It’s called “zero knowledge encryption” for a reason. You don’t have to trust them, because you give them nothing to trust them with.

          • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
            link
            fedilink
            arrow-up
            12
            arrow-down
            1
            ·
            10 months ago

            Except that it is based on trust because you have to use your phone number to create the account, and you have to trust the company operating the server in regards on how that information is used. What part of this are you struggling to understand specifically?

            • Ulrich@feddit.org
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              7
              ·
              10 months ago

              What part of “there is zero data associated with your phone number” are you struggling to understand, specifically?

              • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                link
                fedilink
                arrow-up
                11
                arrow-down
                1
                ·
                10 months ago

                The part that this is a false statement that you keep repeating. The phone number is associated with your account, that’s why it’s required to make the account.

                • Ulrich@feddit.org
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  8
                  ·
                  10 months ago

                  The phone number is not associated with your account, it IS your account. In order for there to be metadata, there would have to be other data associated with it, which we’ve already established that there is not.

                  • ☆ Yσɠƚԋσʂ ☆@lemmy.mlOP
                    link
                    fedilink
                    arrow-up
                    11
                    arrow-down
                    1
                    ·
                    10 months ago

                    Your phone number is an identifying piece of information about the person who is sending and receiving messages. That’s what metadata is. The content of the message is the data, the identifying information is metadata. Maybe spend a bit of time actually learning about the subject instead of trolling here.

      • Aria@lemmygrad.ml
        link
        fedilink
        arrow-up
        4
        ·
        10 months ago

        I’ll give you a €10 gift-card to whatever popular online store you want. I ask for nothing in return. Absolutely no stipulations. The only thing is that you have to give me your credit card number and the expiration and the numbers on the back. I’ll just verify it’s real with a €1 charge (and then return the €1). That’s it. Not gonna do anything with the data. In fact, I’ll delete the data afterwards. Want €10?

      • Dessalines@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        10 months ago

        zero information connected to your phone number.

        A phone number is tied to your real identity in most countries, especially the US. This is why phone number leaks are so dangerous, I can probably find your current and past addresses, friends, family, social media, all with just your phone number.

        • Ulrich@feddit.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Yes, your phone number is tied to your identity but it’s completely useless without any additional information. Your phone number is not supposed to be a secret. Every chat platform has some sort of unique identifier, other than SimpleX.

          • Dessalines@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            10 months ago

            That doesn’t make much sense. With a single piece of info, your phone number, I can learn hundreds of things about you. It’s one of the most linkable identifiers out there.

            Every chat platform has some sort of unique identifier, other than SimpleX.

            Of course, which is why its super-important that the id not be linked to your real identity.

            Here’s a test: I’ll give you my matrix id, and you give me your phone number. Deal?

            • Ulrich@feddit.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              I don’t understand what that has to do with anything. Yes, you can learn all kinds of information about you but you cannot learn it from Signal

                  • Dessalines@lemmy.ml
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    10 months ago

                    They still require a phone number to sign up, and its a US domiciled company (5-eyes country), so its inherently unsafe. The obama administration issued an average of 60 national security letters every single day of his administration.

                    If your answer is “I don’t think signal is giving my phone number to the US government”, then why do you have to “trust” signal to not do that? Actually private chat apps don’t ask for identifying information like phone numbers, then say “trust us”, like apple or something.