Where I speak some advantages Signal has over the bigger richer rest of tech:
“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”
I wonder what "leave the EU" technically means? Will the app be removed from the AppStore/PlayStore if the phone number is identified to be a European one? Will existing installations refuse to work?
But in the end I hope this won't happen and the @EU_Commission does not follow China's and Russia's example on how to spy on their citizens.
As far as I know it is possible for publishers to limit the regions in the appstore ... but sideloading and forks like #mollyim should not be impacted. Not sure if signal will use barriers in the app/server itself.
@drakenblackknight
The mass surveillance (aka "chat control") is being advertised with the pretense to fight child abuse. Matti's point is that those criminals can easily avoid the chat control by self hosting secure messengers. So the whole thing is stupid.
It seems the @EU_Commission prefers to listen to lobbyist and take the money rather then listen to the experts to understand that the whole thing won't prevent any crime, but violates human rights.
@lobingera@Mer__edith
Because I can't trust Signal as a private messaging service. As long as their server infrastructure is centralised nobody knows how they really handle user data.
They publish server source code but there is no guarantee it's running unaltered. They use E2E encryption but a lot of metadata may be unprotected.
Signal's server infrastructure is a giant corporate black box, no different from Facebook's WhatsApp for example.
@lobingera@Mer__edith
In other words, Signal may claim to be more trustworthy than Facebook, but with an infrastructure like that it will never be more than a claim.
@ki
But... Signal has proven through court requests and records that they don't have anything of value to hand over, in the form of metadata or content data, if my understanding is correct.
One example: https://signal.org/bigbrother/eastern-virginia-grand-jury/ (I guess it is just a claim?)
I agree with you though, I dislike Signal's reliance on a phone number, Intel SGX (still?), centralized US hosting, and lack of server-side transparency (hard I guess)... but it is better than WhatsApp or Telegram for friends/family, IMO.
@kkarhan@Mer__edith@signalapp Signal is still collecting too much data? Could you please list them?
And what do you mean by "collect" exactly, plain or encrypted?
@fla@kkarhan@Mer__edith@signalapp signal end to end encrypts the actual content of your messages, yes, but it doesn't encrypt the metadata of your messages — including who sends each message, who receives it, what date and time the message was sent on, whether it was received, and stuff like that, which can be used to do all kinds of analysis (in fact metadata is all that the surveillance agencies in the US even use when just passively surveilling people cuz you can actually figure out a fuck ton from just metadata). Not to mention the fact that it requires you to have a phone number for your account and that isn't encrypted either so each account is linked to your legal identity unless you have a burner phone. Signal has been promising they will set up usernames instead of phone numbers for accounts for something like 5 years now and maybe they'll release it soon but it's still a problem in the meantime.
Don't get me wrong, I use Signal to talk to my friends, but that doesn't mean that it isn't important to recognize the flaws that it does have
Also #Signal collects #PhoneNumbers which are hard if not illegal to obtain anonymously depending on one's juristiction and those ain't even #TechnicallyNecessary unlike #Apps that do #E2EE with #OpenPGP on #SMS where it makes sense to offer people the convenience of a #Keyserver offered by the maintainers.
Which is why I deployed #Zulip for several clients as they've to comply with #GDPR, #BDSG, #GoBD & #HGB and that means having full control and auditability of all electronic communications.
Whereas with #Signal I can neither be shure of the integrity of said data nor provide auditors access to said comms if ordered by a court to do so - which is something one must evidence per documentation to be capable of doing!
@kkarhan@fla@Mer__edith@signalapp the thing is that signal is way easier to use then whatever crusty outdated xmpp app you found (this isn't meant to be an attack) lol. Session is good tho.
@jabberati@kkarhan@fla@Mer__edith@signalapp I like Session bc it explicitly focuses on not leaking metadata, including using a decentralized onion router network as its servers to hide who you're talking to. It doesn't use any centralized or proprietary server stuff. In fact I think it's more decentralized than even XMPP because you don't need to join or self host a server to use it, your phone is your server, and the onion router network is just used to anonymize stuff and route data packets from one server to another. In fact if you're on the same wifi connection as someone and text them, the phones will literally just talk directly!!
This is perfectly wrong, especially the "who sends each message". The only metadata you can get from a phone number is, does it have a Signal account, when was this account created, and when was the last time this account logged in. That's it. Nothing else.
Signal is state of the art. 10 times more secure than anything else, including XMPP + OMEMO mentioned below. The only problem it has is, it's centralized.
I wished I was wrong but I guarantee you the moment @Mer__edith or anyone from @signalapp is being threatened by LEAs with jailtime if they don't rat out a user [which don't even pay them a dime, let's be honest!] they'll all cave in...
After all, @signalapp does in fact comply with #Cyberfacist demands of the U.S. government and restricts #Signal's functionality based of "striclty unnecessary" data like #PhoneNumbers!
Whereas @torproject is specifically designed to be incapable of doing so, even if all their maintainers were simultaneously held at gunpoint.
@Mer__edith Thank you for being authentic and earnest and trying to help make things better. It is really unusual especially for someone in a tech leadership position. I have never actually seen someone in your position who is honest and trying to help and who also speaks out as a public advocate.
Add comment