Email or username:

Password:

Forgot your password?
Yogthos

While Signal messages might be e2e encrypted, people tend to forget that the platform collects phone numbers of its users, which can be used to identify people.

This makes Signal an effective metadata collection tool that resides on a central server in the US.

By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people's connections and affiliations.

#signal #privacy

๐Ÿงต

10 comments
Yogthos

This allows identifying people of interest and building detailed graphs of their relationships.

Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.

It was originally funded by CIA cutout Open Technology Fund, part of Radio Free Asia.

Its Chairwoman is Katherine Maher, who worked for NDI/NED: regime-change groups, and a member of Atlantic Council, WEF, US State Department Foreign Affairs Policy Board etc.

Dr. Quadragon โŒ

@yogthos Just to play Devil's advocate:

What are the alternatives?

XMPP might be, but they haven't been able to get their shit together for a decade and a half regarding... well, everything. Jabber is in shambles, especially regarding E2EE:

soatok.blog/2024/08/04/against

Matrix just has awful protocol design that crumbles under its own weight. Don't believe me? Try visiting #matrix:matrix.org.

So... We're kinda screwed, aren't we.

Artั‘m

@drq @yogthos joining #matrix:matrix.org took 2 roughly seconds. Nothing special for the MUC of 62K people.

Dr. Quadragon โŒ

@krom Well, that explains it.

Try joining from another server. Preferably, from some server you don't particularly like. They don't call this room "a server killer" for nothing.

@yogthos

Yogthos

@drq I'd say it really depends on your threat profile, for vast majority of people it really doesn't matter all that much.

Honestly, the best practice is to just not do any sensitive communication online in the first place.

I'd also argue if you do want to do that then running your own server for people you know personally might be the best option.

Being in control of the server removes the concern about e2ee as well.

Brahn

@drq @yogthos everyone overlooks Wire. It's signal protocol without the registration requirements, and it doesn't store your decryption key in plain text on desktop!

Dmitri | ๐Ÿ‡บ๐Ÿ‡ฆ

@drq @yogthos Re "what are the alternatives", as far as I can tell, Quiet (tryquiet.org/ ) for group chats, but also cwtch.im/ for everything else.

Dr. Quadragon โŒ

@dmitri Yeah. P2P stuff.

It always semi- kinda- works- ish.

Until you get into multiple devices and offline messaging.

That's where you start storing state, and p2p networks are famously horrible at it.

And people expect those.

@yogthos

Go Up