The full picture is that Signal has the most important piece of information you can give anyone online: your phone number (which means your real name and current address). Also that they’re hosted in the US and have close links to the US defense industry.
Dessalines
- 29 Posts
- 196 Comments
Joined 7 years ago
Cake day: April 17th, 2019
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
People are not as stupid as these large centralized sites like signal keep telling you they are. Ppl figured out how to make accounts on different services, forums, and platforms since the internet began. It is no more difficult to make a matrix account, or install simpleX than it is anything else. My partner and I figured out simplex within 10 minutes.
none of this information ever leaves your client device, so
The phone number you gave to signal to sign up never left your device? Do you truly believe that?
When you send a message through signal, do you actually think “nothing” left your device?
These are all “trust me bro” claims.
Give me ssh access to their server so I can verify that this “sealed sender” is working correctly and not using the info you already gave them. We would demand this transparency of open source messengers, so why not signal?
102·13 hours agoAnyone who thinks Biden wouldn’t have continued the US policy of bombing the middle east, are ignorant of the fact that he already did:
when it doesn’t know who sent any message
They have your phone number. You gave it to them when you signed up.
which group chats you’re in
Signal wouldn’t know how to route messages if it didn’t store this info.
Signal stores, and has access to, no message metadata.
Phone numbers are the most important metadata you can give them, far more important than message content. It means your real identity / name and address. With phone numbers you can build social networking graphs: who talked to who, and when.
To be convinced of this, take a look at the client source code, and compile the app yourself.
Client source code is irrelevant here. Signal is a centralized service, you can’t verify what their US-based server is actually running (although they did go a full year without publishing any server updates at one point, until they received a lot of backlash for it).
None of this information ever leaves your phone without being encrypted or otherwise masked.
You gave them your phone number / real identity when you signed up. The most important piece of info they could possibly give them, you already did.
PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.
It’s hosted in the US, subject to its pervasive spying laws including national security letters.
Also I need all your phone numbers.
Also no you can’t host this yourself, I run the only server.
Everyone who uses signal and supports it, is falling for this pitch.
Signal clients implement the Pond protocol. As a result, Signals servers know who a message is for (obviously, how else do you get the message) but cannot know who it is FROM.
Give me ssh access to signal’s centralized US-hosted server so I can verify this (IE that their centralized DB doesn’t store).
Otherwise this is a “trust me bro” claim, considering they have the phone numbers of everyone who signed up, and are the routing service for the messages you send.
US workers are experiencing a 2008-style economic crisis (for at least a few years now), with low hiring, high rents, high evictions, and layoffs, and its just completely ignored by US state media.
They built in enough protections to isolate the real economy (jobs and living expenses) from the fake one (stock market and financial speculation), and re-defined the terms used for economic health, to be able to completely ignore it.
81·14 days agoIf phones did this, especially to custom-tailor ads, like I’ve seen claimed countless times, then security researchers would be perfectly capable of uncovering this behavior without someone on the inside.
When you make calls via these services, the entirety of that data is being routed through their service. What you’re asking is if google/apple actually stores that data. You should always assume they do, for a threat analysis.
I suggest reading about the Crypto AG honeypot scandal, which was a secure service that ran for over 60 years before it was revealed to be an CIA honeypot. Leaks in the future will likely reveal the same for US surveillance capital services.
Would take a whistleblower to expose these things, and usually its done many years after.
Also its not that there’s some person currently listening. Its that they’re storing and probably transcribing all communications for all time, so that at any moment in the future, they can target a person and look up that history.
Also we know google and apple have been forwarding all these to the US goverment also, since at least ~2011, via the prism program, and thanks to Snowden and Manning’s leaks.
You have no idea what code their server is running, and its impossible to host your own signal since its a centralized service.
They went a whole year without publishing server code updates also, until they got a lot of backlash for it. Still, even publishing those is moot since its a centralized service.
What’s your normal standard of trust that a hosted, open source project is running the same code that they’ve made public?
Its a centralized service, you have no idea what code they’re running. You can’t host your own.
Also they went a whole year one time without publishing any server code updates until they got a lot of backlash for it. Still, since its centralized, it can’t be trusted to be running what they say they are.
PRODUCT PITCH: Hey everyone, I have a great idea for a secure / private messaging service.
It’s hosted in the US, subject to its pervasive spying laws including national security letters.
Also I need all your phone numbers.
Also no you can’t host this yourself, I run the only server.
Everyone who uses signal and supports it, is falling for this pitch.
Your phone number is the biggest metadata you could possibly give (it means your real identity, including your current address), and signal has it.
Not true at all, you still need a phone number to sign up.
Give me ssh access to their centralized server so I can verify this “sealed sender” idea is working.
Otherwise this is a “trust me bro” claim.
Something being easy to use has nothing to do with privacy or security. Apple, just like signal, also sold it’s products as secure, yet they also were forwarding all communications to the US government as part of the prism program.
Signal is not a stepping stone, it’s a honey pot. Best to avoid US services that require your identity entirely.
This is incorrect. They also have your full name and address by extension, as well as those of everyone you communicate with.
They’re also subject to national security letters, meaning the US state can get that info without a warrant.
Just read the first article I posted, it gets into all this.
The 2nd article is the signal CEO Meredith Whitaker interviewing with lawfare, which is a US defense industry think-tank.