this post was submitted on 10 Aug 2024
587 points (98.5% liked)

Privacy

32103 readers
547 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

"Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries..."

you are viewing a single comment's thread
view the rest of the comments
[–] dessalines@lemmy.ml 11 points 3 months ago (3 children)

Smart move, considering Signal is a US-hosted centralized service that has to comply with US NSL laws.

These comments below seem to be unaware of all the issues privacy advocates have of signal.

[–] ivn@jlai.lu 18 points 3 months ago (1 children)

I don't get it, are you really arguing that Russia and Venezuela are blocking Signal to protect their citizens from American snooping?

[–] dessalines@lemmy.ml 24 points 3 months ago (3 children)

All countries should ban US-domiciled companies like signal, or any communication platform hosted in Five-eyes countries, and especially ones domiciled in the US, which has to adhere to National Security Letters.

https://www.eff.org/issues/national-security-letters/faq

[–] QuadratureSurfer@lemmy.world 10 points 3 months ago* (last edited 3 months ago) (3 children)

Isn't the whole point of something like End-to-End Encryption so that not even the company themselves can read your messages?

In that case it wouldn't matter even if they did turn the info over.

Edit: I read more into the page you linked. Looks like those NSLs can't even be used to request the contents either way:

Can the FBI obtain content—like e-mails or the content of phone calls—with an NSL?

Not legally. While each type of NSL allows the FBI to obtain a different type of information, that information is limited to records—such as “subscriber information and toll billing records information” from telephone companies.

[–] dessalines@lemmy.ml 10 points 3 months ago (1 children)

You can read my article, or Drew Devaults on why he doesn't trust signal, which get more into this, but the short version is that US security forces don't have time to read the content of everyone's message anyway, they care more about the metadata: message timestamps and social graphs.

Signal stores all that data (via required phone numbers, meaning its linked to your real name and address), and via the US's key disclosure laws, it would be illegal for them to tell you that the US government is hoovering up that data.

[–] fira959@lemmy.ml 1 points 3 months ago* (last edited 3 months ago)

Most security experts who actually know what they are talking about do recommend Signal for most users, including [https://twitter.com/Snowden/status/661313394906161152](Edward Snowden), [https://www.schneier.com/blog/archives/2018/06/russian_censors.html] (Bruce Schneier) and [https://linktr.ee/glenngreenwald](Glenn Greenwald). Eveyone should consider whether they would rather follow the advise of people who have literally fought the NSA and read the entire Snowden documents or belive in the FUD spread by some people here.

[–] XTL@sopuli.xyz 3 points 3 months ago

The company, or any middleman, can read your messages if they have the keys. In many services, the keys come from the company. EEE is only as trustworthy as the clients and processes you use.

[–] possiblylinux127@lemmy.zip 6 points 3 months ago* (last edited 3 months ago) (1 children)

Mass censorship is never good for civil liberties. Let people decide on there own.

[–] dessalines@lemmy.ml 0 points 3 months ago* (last edited 3 months ago) (1 children)

As I commented below, US security forces aren't that interested in message content anyway, since they don't have time to parse through every message to construct meaning. Signal does require your phone number tho, as well as message timestamps, meaning they can build social graphs of real people. Tons of metadata living on a single US-based server.

[–] possiblylinux127@lemmy.zip 5 points 3 months ago

It doesn't matter if it is US based. You shouldn't trust the server.

Signal has known issues. That doesn't mean it is entirely bad though. Saying things like Signal is insecure is simply untrue. It has weaknesses but it also has the benefit of protecting your messages completely and being well established.

[–] ivn@jlai.lu 4 points 3 months ago (1 children)

My question was more about the motives in this case.

[–] dessalines@lemmy.ml 14 points 3 months ago (1 children)

Well IMO all countries should have the motivation to prevent US spying on their country's populations. You generally don't know about honey pots before they get exposed.

[–] ivn@jlai.lu 6 points 3 months ago (1 children)

The question of what should be done can be interesting, but that was not my question. It's obvious this is not the motive here.

If you are in your own country opposition it's better to use a foreign tool, even better if it's in a country that's not gonna collaborate with yours.

[–] LarmyOfLone@lemm.ee 3 points 3 months ago

I imagine just using metadata you can look for people who are discontent, then provides list of those people to the opposition to contact and mobilize them and get them to protest.

Or target them with stories and bots to turn them into a revolutionary force, but that would be more useful for social media networks instead of signal.

[–] possiblylinux127@lemmy.zip 4 points 3 months ago

Signal has strong cryptographic protocols that are not easily broken. It pioneered the use of double ratchet encryption. (Different keys for each message)

It does expose phone numbers to Signal and the US government but that may or may no be a concern depending on what your threat model is.

[–] marcie@lemmy.ml 4 points 3 months ago* (last edited 3 months ago) (1 children)

they hated him because he spoke the truth smh

use matrix, briar, simplex in that order

also what email platforms + vpns do you recommend, out of curiosity?

[–] possiblylinux127@lemmy.zip 0 points 3 months ago* (last edited 3 months ago) (1 children)

Matrix isn't as good as Simplex Chat. Briar is good as it is very hard to censor but it does use battery and requires you to be only all the time. (unless you count Briar mailbox)

[–] marcie@lemmy.ml 0 points 3 months ago* (last edited 3 months ago)

sure, simplex is very private, but its also a pain in the ass to use currently. i feel like matrix makes a decent tradeoff between easy use and privacy