this post was submitted on 09 Jan 2025
106 points (99.1% liked)
Privacy
32784 readers
1015 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I know Lemmy hates telegram but it should be common knowledge that all platforms process requests from authorities.
https://www.malwarebytes.com/blog/news/2021/12/heres-what-data-the-fbi-can-get-from-whatsapp-imessage-signal-telegram-and-more
The repeated posting of this story the last few days seems artificial.
I don't really have any special hate for Telegram myself, and I never saw it as a secure communication platform. I have more problem with Signal because people treat it like it's paragon of privacy and security.
I'd be curious to hear your criticisms of Signal! While I haven't seen anyone describing it as a "paragon of privacy and security" I do think it is a highly accessible SMS replacement that is also open source, end-to-end encrypted, and operated by a nonprofit.
The most obvious one that has been explained to death here is that Signal collects vast amounts of metadata. It's also a centralized service that's operated in the US, and it doesn't even make reproducible builds for the Android client.
Where did you read that they are collecting vast amounts of metadata? Not challenging your claim just that I have been trying to find more info and came up empty. Signal says "we don’t collect analytics or telemetry data" but that's about it.
You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.
In my book a single data point (a phone number) is not "vast amounts of metadata". Again, I have never seen someone describing Signal as a “paragon of privacy and security”, Signal itself certainly does not say that (It's presented as an improvement over SMS).
It's the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I've seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.
Because it is the gold standard, and recognized by many as much.
Allow me to explain: by making people feel unsafe using it, you are actually making them less safe.
thank you for providing a concrete example of the nonsense I'm referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.
Thank you for continuing to not put forward any sort of legitimate retort and responding only with insults instead. Super helpful.
What possible legitimate retort is there to give to some body using ad populum fallacy as a form of argument.
How about literally any form of evidence?
Evidence of what?
I agree it's a problem, but not for any of the reasons you listed. A phone number is not metadata, it's just data. In order to request information associated with your phone number, they would have to know it already, because there's no other identifier. In order to be metadata, there would have to be other information connected to that data, which there isn't (in Signal), other than the date you signed up and the last time you connected to their server. They don't know who you talk to or when, thus no network connections.
Phone numbers are metadata, and the fact that you don't even understand this shows that you have no business making uninformed comments on this subject. Metadata is understood to be data that's associated with messages being sent, but isn't the content of the messages themselves.
One has to be an incredibly gullible individual to actually believe this. You have no way to audit the server, and security cannot be based on trust. If a company has a way to store and use the information it collects it has to be assumed that it is doing so. Signal is very obviously in a position to do this. Once the phone number is collected, it's associated with your account. Any time you send a message through signal to another account that's a connection in the graph of your social network.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US. If they have a person of interest and they know their identity, they can trivially use the metadata collected by Signal to see whom this person wants to have private conversations with.
Ignorant people such as yourself confidently speaking on subjects they don't understand present a public danger to society.
That's incorrect. Metadata is literally "data about the data". There is not data associated with the phone number (data). The fact that you don't even understand this shows that you have no business making uninformed comments on this subject.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
Yes, the phone number is data about the user sending the message. Let me know if you need me to use smaller words to explain this to you.
This has nothing to do with encryption. The phone number is being handed over by the user to the server. You're making it very clear that have absolutely no clue regarding the subject you're attempting to debate here.
Signal server has to keep a graph of connections between the accounts in order to route messages between them. The messages are not delivered peer to peer.
No, my entire argument is based on basic security practices that anybody who's ever dealt with security would understand. Please stop embarrassing yourself.
No it isn't. If someone gets information associated with that phone number, they get it from somewhere else, not Signal. Let me know if you need me to use smaller words to explain this to you.
No it doesn't. You're making it very clear that have absolutely no clue regarding the subject you're attempting to debate here.
No it isn't. Please stop embarrassing yourself.
Unless you're in a position to audit what the Signal server does with that data, which you're not, then you're just spewing nonsense here. You do not know what the server does with the information it collects.
You are in no position to make that claim because you do not know what the server is doing with that data. The fact that you keep repeating this nonsense over and over isn't going to make it true baby Goebbels.
The fact that you don't understand that security isn't based on trust, clearly shows who's actually embarrassing themselves.
I don't have to be. Lots of people, public and private, who are far more knowledgeable than me, already have. You're assuming they're doing something nefarious but you have zero evidence to back that up. You're just spewing nonsense here. The fact that you keep repeating this nonsense over and over isn't going to make it true baby Goebbels.
The fact that you don't understand there is no trust, clearly shows who's actually embarrassing themselves.
Literally nobody outside Whisper has access to the server, and therefore nobody outside Whisper knows what the server does. The fact that you don't understand this basic fact is frankly embarrassing.
As I've repeatedly explained to you in this thread, security cannot be based on trust. If data is available to an attacker then the system has to be assumed to be compromised. If you understood first thing about security you'd understand that this is a fundamental point.
The fact that you just keep regurgitating back what I write to you shows that you have all the intellectual capacity of a chat bot.
Many Signal alternatives also have security issues of their own, often making them less secure than Signal. This includes Matrix and XMPP. In the blog post regarding XMPP+OMEMO, the author replies to a question about which would be better than Signal, Matrix, and XMPP with this suggestion:
In regards to Ricochet, not having a mobile app version makes it difficult to recommend to less tech savvy people.
Sure, every platform has its own set of problems, and it's fine to make an informed decision that you're willing to accept the deficiencies of a particular platform you're using. The issue I have is with people pretending that Signal doesn't have the problems that it has as we can see happening in this very thread.
I'm with you there. This wasn't meant as an argument against your statement. I brought up the issues regarding Matrix and XMPP as they are often recommended as alternatives to Signal, and after learning about this blog in a previous conversation I had about this topic, I thought it would be a good resource to bring up so people can be informed about those platforms and some alternatives that may be better than Signal while being metadata resistant.
Matrix, even if it was a siv, would be better than Signal, because it doesn't know your phone and passport numbers.
I'm not denying that major flaw of Signal, in which part, yes exposing your phone number tied to your Signal account basically negates Signal's security, as well as Signal's centralized server being proprietary. Nevertheless, when using Matrix, you need to ensure you and everyone you communicate with uses a client that isn't still using the deprecated libolm cryptography backend (and that it uses vodozemac).
I think the point is not that Telegram (the company) sucks, it is that Telegram (the app) sucks. A proper messenger like Signal leaves the provider with no information to hand over.
Many people still seem to be under the false impression that Telegram is private, so it's worth spreading around.
Idk why you're being downvoted when u said the truth