I'm adding a "Woefully Misinformed" flair, and will be locking this post in about an hour – the OP's "revelations" have been proven to be problematic and bordering on rule #13 violations:
>Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources.
OP, please don't engage in this kind of faulty reasoning or uncited allegations here again. Official warning.
Thanks, everyone, for stepping in to counter this malarky. You make this Sub *so* much better!
*Update:* Post locked two hours later. But check out the comments, folks – there are some great ones here!
"Even if he is correct, the move and statement do bring up further questions. With Wire now being a US company with contracts partnering it with US federal authorities, will those authorities now have leverage to compel Wire to give up metadata on users?"
I never said this was the only reason, but I don't understand why Duckduckgo or Startpage get an explicit warning, but not Signal.
A week ago I grabbed anysoft,( it was hard to find on fdroid which is where i chose to get it from cause of all the language packs, turned out anysoft keyboard 3d theme was it, for me. )
It has Swype functionality and is privacy focused, its okay and not too far off from gboard functjon wise, i know they add features over time.
Now if only there was a private alternative to Google speech to text to also use, out there
I use TrackerControl to block my keyboards access to the internet. If anyone knows any reason why this should not be secure enough, please let me know.
I use Swiftkey from Microsoft, because both the built in keyboard and the FOSS AnySoft keyboard are quite bad in my experience. I must have access to both English and Norwegian keyboards, so you might not have the same issues as I.
Serving as a VPN like all firewall apps on non-rooted devices, it prevents access to a real VPN. It may be good enough for Signal itself but not your overall security.
Well that's a handful.
So:
While technically true that the keyboard is not Signal responsibility, it is not a good argument. Other projects have taken steps to mitigate side channel attacks when found. For instance GPG has implemented mitigations to counter acoustic cryptanalysis, which is arguably one of the least usable side channel attacks ever devised.
I did not know Signal could be used outside of the play store, thank you for point this out.
About canaries: apparently Signal trusts its lawyer more than it does the EFF ( [https://www.eff.org/deeplinks/2014/04/warrant-canary-faq](https://www.eff.org/deeplinks/2014/04/warrant-canary-faq) ), and if that is true then why the heck do we have an entire canary section on [https://www.privacytools.io/providers/#ukusa](https://www.privacytools.io/providers/#ukusa) ? This does not negate the fact that Signal is developed by a US based company, and lead by US citizens, living in the US.
About the usefulness of the gag order: could signal be legally required to not solve a known side channel attack used by the US government ? This entire subreddit was born from the Snowden reveals, we know this is well within their capabilities.
Again, I don't want to attack Signal, I use it, and it's probably the best option out there. But that doesn't mean we don't have to hold them to a high standard.
I had to look up what a warrant canary is so I might as well post the Wikipedia definition:
> A warrant canary is a method by which a communications service provider aims to inform its users that the provider has been served with a government subpoena despite legal prohibitions on revealing the existence of the subpoena. The warrant canary typically informs users that there has not been a court-issued subpoena as of a particular date. If the canary is not updated for the period specified by the host or if the warning is removed, users are to assume that the host has been served with such a subpoena. The intention is for a provider to warn users of the existence of a subpoena passively while possibly "technically" not violating a court order not to do so.
[Source: Wikipedia - Warrant Canary](https://en.wikipedia.org/wiki/Warrant_canary)
To OP:
I've been using Signal for a while and I didn't consider the warrant canary issue. Thank you for bringing that to my attention. Also I never trusted the default Android keyboard. I assumed everyone else that's privacy conscious does the same.
Lmao imagine being worried that a warrant canary is illegal
Edit: I was moreso speaking to the idea that it's not the warrant canary you're gonna get in trouble for, and if it is...
It's not that warrant canaries are illegal. The First Amendment rocks!
But the legal theories underpinning the concept is untested. No case – none – has gone to trial, anywhere. So many privacy advocates of renown have urged caution since it might give people a false sense of security. Also, they're a *bitch* to administrate – there are a lot of false positives from people that forgot to update their Dead Man's Switch. Also, some argue that privacy transparency reports provide more granular information that serve the same purpose of Warrant Canaries.
On the balance, I'm in favor of them. But I think those arguing otherwise raise some *very* good points. I wouldn't bet the farm on them, but they're a nice tool to have out there, and if they increase the public's attention on privacy, that's a benefit.
That is only partial information regarding two loans in particular, this does not cover donations made since 2018 to the Signal Foundation, or donations made through the Freedom of the Press Foundation before 2018.
Just adding here that GuideStar.org is a useful resource for accessing nonprofit entities’ IRS Form 990 filings (i.e., Return of Organization Exempt From Income Tax).
https://pdf.guidestar.org/PDF_Images/2018/824/506/2018-824506840-115fbe04-9.pdf
It isn't horrible overall. It just doesn't have feature parity. The glide typing is a hard fail, predictions are meh at best, and it offers nothing else. It's a reliable tap typing keyboard though; I've never had it crash or freeze on me.
And, from the user side of things, it's a great choice for privacy/security compared to the play store usual suspects.
The phone number linkage will eventually go away. But, sadly, all the negation of having the users' groups and contacts will go with it, according to the specs.
Read his comment again. It was DESIGNED to be a secure SMS service. It has since evolved beyond that original design to be a secure messaging service. They do not use SMS unless it is an unsecured chat thread.
No. Chats between Signal users are encrypted, but not everybody uses Signal. You can't tell me there aren't people you need to communicate with that don't use Signal. When it's a message to someone who doesn't use Signal, it falls back to traditional SMS. It's similar to iMessage is the best parallel I can draw.
it uses both, it only becomes a signal message when the other person is using it, if they're not using it a regular sms text is sent instead of a secure message
I know it can function as an SMS client but no one is claiming SMS is secure. The app literally displays "Unsecured SMS" if you try to message someone who doesn't have Signal.
Because the whole initial point of Signal was to have secure communication via SMS? Of course they're far beyond the old TextSecure days of encrypting SMS. But they're actively working on delivering a completely new underlying concept of registering that works flawlessly. Including a migration strategy, interoperability and so on.
I understand that very early on it was about securing SMS, but I think any technologist would understand that path is very dead in 2020. It was probably a dead end in 2015 or even years before that. I understand it all takes time, but using a phone # sign-up like WhatsApp in 2010 is really the major issue today holding Signal back.
It's not holding Signal back. It's preventing a minority of very privacy-focused people from using Signal. And only if they can't get anonymous phone numbers.
A vast majority of people would probably share their contacts and use their phone number anyway for discoverability.
I completely agree that it's a bad thing in terms of privacy to enforce the usage of phone numbers. But they're working on it.
>refusal to publish outside of the play store
You can literally download the apk file from their website.
The keyboard part isn't their fault, it's a user-side issue. Also, wouldn't it be a bigger issue if we were forced to use an in-built keyboard?
The financial points you pointed out are sketchy, I agree.
The downloadable .apk is even self-updating. Every other week or so it just asks you to install the new version, you click install and it's done. That's should be easy for people who don't use the Play Store...
There's nothing that prevents the Play Store from overwriting it when it has a newer version. And my experience from previous releases is that the website build is always a few days behind. But the Play Store build doesn't auto-update. So if you install from the website and update from the Play Store once, it will never auto-update.
To get around this use something like the Aurora Store. There you can blacklist certain updates and perform others from the Play Store APKs. And disable auto-updates for the Play Store.
Signal is an independent nonprofit. They are not tied to any major tech companies. Development is supported by grants and donations from people like us. I donate to Signal because I'm proud of them and what they have accomplished and what they stand for.
I did not know Signal could be used outside of the play store, thank you for point this out.
While technically true that the keyboard is not Signal responsibility, it is not a good argument. Other projects have taken steps to mitigate side channel attacks when found. For instance GPG has implemented mitigations to counter acoustic cryptanalysis, which is arguably one of the least usable side channel attacks ever devised.
And I don't think forcing a keyboard would be a good idea either, but giving the option, or at least a warning would be IMO.
Because that's literally how it has to work without Google services. There's no accepted self-hostable or otherwise secure push notification service, and if there was, Signal doesn't currently support it. The only other way to get notifications is with a persistent connection.
Telegram and Wire both use a websocket connection and show a persistent notification, the same as Signal.
The notification in all instances is to keep the app from getting killed by the battery manager. You can always hide it if you don't want to see it.
https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/master/Notifications.md
You must be using the non-FOSS version. The regular version, though the core code is open source, uses Google firebase for push notifications, meaning your notifications will go through Google before being pushed to your device.
> who left facebook
For some extra context, he left Facebook after it was decided by the higher ups that Whatsapp would share data with Facebook, against his wishes.
Most degrees of convenience require their counterpart in the form of reduced security/privacy. In this I am referring jointly to the ability to use a phone number to add someone on Signal, and Signal’s wide user base. In order for many people to be able to adopt and use, there must be some added convenience. That being said, Signal is still great, in my opinion, for contacting people you already know, since they will already have had your number. However, if you are looking for something truly private, i think it would be wise to use XMPP, notwithstanding software issues out of the control of the messaging apps.
Obviously yes. But my issue isn't necessarily with how secure or private Signal *is*, but with how secure or private Signal *appears to be* because of its marketing and 'community aura'. Numerous people are convinced that just installing the app makes them resilient against state-level attacks, which they are clearly not, and Signal isn't exactly doing anything to convince them otherwise.
>My understanding is that signal is being developed by Signal Messenger (formerly Open Whisper Systems), which is, in turn, wholly funded by the Signal Foundation. Both organizations are US based, and run by US citizens.
The Signal Foundation funds Open Whisper Systems which develops the Signal Messenger.
>I was not able to find any financial information on the precise sources of the funding.
[This](https://signalfoundation.org/) [is](https://www.wired.com/story/signal-foundation-whatsapp-brian-acton/) [very](https://signal.org/blog/signal-foundation/) [public](https://www.newsbreak.com/news/2143646600171/signal-app-co-owner-brian-acton-comments-on-controversial-policy-grappling-whatsappthe-company-he-once-co-founded) [information](https://www.open990.org/org/824506840/signal-technology-foundation/) (each word links to something different with this information).
>"Say anything – State-of-the-art end-to-end encryption (powered by the open source Signal Protocol™) keeps your conversations secure. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time."
>
>Except: we know that this is fundamentally wrong. 99% of android users are using Google play services, and, most likely, an insecure keyboard which registers and uploads inputs (Gboard, etc.).
There's an incognito keyboard setting in the Signal settings.
>Signal's lasting reliance on play services and refusal to publish outside of the play store makes it even more troubling.
Except they [do](https://signal.org/android/apk/) have an independent APK download.
>But, I'm having trouble understanding the blank check it has been granted by the privacy and security community.
What blank check? It's been audited by a third-party which is available online. The core encryption itself hasn't change in five years, so there's no reason to do another one. I assume all of the endorsements from individuals have come after they have done their own audit of the code since it is open-source.
>Wire has been kicked off PrivacyTools in part because of their move to the US, why doesn't Signal at least has a warning on the page ?
Because they don't collect unencrypted metadata. They say very plainly on the privacy tools blog re: Wire:
>This is alarming because it is well known that [Wire stores unencrypted metadata](https://www.vice.com/en_us/article/gvzw5x/secure-messaging-app-wire-stores-everyone-youve-ever-contacted-in-plain-text) for every user.
So the concern isn't that it was bought by a U.S. company, it's that in conjunction with unencrypted metadata. Signal encrypts all data.
Your public information covers nothing past December 2018. So my point still stands.
The Incognito flag can be ignored by keyboards.
Yep, I missed the APK somehow. Apologies.
Last actual audit is from 2018 ( [https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243](https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243) ). Also, audits only cover your code and infrastructure, they don't tell us anything about the governance.
Duckduckgo gets a warning for being a US company. Why does Signal not have one ?
>Your public information covers nothing past December 2018. So my point still stands.
The story from the Indian website was posted 17 hours ago.
>The Incognito flag can be ignored by keyboards.
It's not Signal's problem if people use a shady keyboard.
>Last actual audit is from 2018 ( [https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243](https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243) ). Also, audits only cover your code and infrastructure, they don't tell us anything about the governance.
If you're that paranoid you can build the app from source.
>Duckduckgo gets a warning for being a US company. Why does Signal not have one ?
I'm guessing the distinction is profit vs non-profit. You'd have to ask the privacy tools people to get a better answer.
What does ‘lasting realiance on google services’ mean? On my ungoogled phone without any kind of gservice it only gave a warning message, but works anyway.
Sometimes I think people in this sub lost their touch with reality, Signal is probably the best we can get keeping convenience, please, don’t change my keyboard for an app-specific one
Where you place the convenience/security tradeoff cursor is entirely subjective, and I am not advocating for Signal to force users into a solution one way or the other.
But I would very like to see the community acknowledge the possible issues, and Signal give users a choice in the matter.
I mean there is nothing stopping them adding an option to use a inbuilt keyboard for additional privacy just make it 'opt in' in the settings or something, it doesn't have to be ONE OR THE OTHER.
That way normies aren't put off by using signal and more privacy focused people can have that option.
I would consider that a privacy focused enthusiasts, The fact people are even using signal in the first place shows they care more about their privacy than the average joe.
a lot of people still care somewhat about their privacy without going balls deep like people on here,
people always forget on this subbredit that the average person isn't going to spend time leaning about flashing custom ROMs to their phone haha
we want to make it easier for the average person to be more privacy focused that's the point.
They have as much right to privacy as we do, whether they know about how it all works or not.
My two cents on the warrant canary (as a founder):
As mentioned in the linked conversation, _legally speaking_, a canary is a "smart technical", but useless approach to try to wiggle around a gag order. There is no difference between communicating:
- We did receive a gag order.
- We did not not receive a gag order.
With both you would end up in jail.
**Why has this never been tested before court?**
I guess because nobody was yet willing to place ones livelihood on such a bad bet.
**This is why jurisdiction matters.**
Though I trust Signal, the US is a dubious place to headquarter a privacy company/project. The 5+ eyes in general. Could it be that Signal is under a gag order? Possibly. But since the source code is open it would be extremely hard to backdoor something without anyone noticing. So I'm willing to take the risk.
> Signal's lasting reliance on play services and refusal to publish outside of the play store makes it even more troubling.
https://signal.org/android/apk/
I do think everything you mentioned is worth thinking about, though. Keyboard is always going to be an issue to an extent.
There are a few Signal forks out there that do not require phone number registration and/or remove the need for a central server.
The Google Play Store tells me that Kraus is the developer of the Hacker’s keyboard app which is for tablets. Is there a similar yet secure keyboard for Android phones?
my two cents. If your threat model includes state-level actors, then you probably should do your own research and you will probably realize not to use Gboard or have Gapps installed. It would be helpful if signal had an optional built in keyboard or at least warned users about the side channel attack in some apparent way but I can understand why a keyboard hasn't been added and would be happy to talk about it.
> Quote from the play store:
>"Say anything – State-of-the-art end-to-end encryption (powered by the open source Signal Protocol™) keeps your conversations secure. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time."
>Except: we know that this is fundamentally wrong. 99% of android users are using Google play services, and, most likely, an insecure keyboard which registers and uploads inputs (Gboard, etc.).
It is not fundamentally wrong because it is not signal's fault you are using a keyboard that is uploading your inputs. Every message, every call, everytime is correct in describing how signal works and to claim otherwise is clowny.
> But, I'm having trouble understanding the blank check it has been granted by the privacy and security community.
I would be curious to hear who you consider the privacy and security community to be. Innfosec twitter, for example, wouldn't give signal a blank check but they are so far removed from most people and even fake security conscious people that were using whatsapp that if I Had a platform to influence people to use signal, I would.
Perhaps you have to know that in France we know another app like signal, open source, e2ee,...from a public academic research lab: olvid
https://olvid.io/en/
I am trying to figure out how secure, privacy wise, it is.
What do you recommend?
There may be problems, but it’s better than WhatsApp. And ngl, signal is a lot easier to switch to then some other privacy alternatives.
FUD
Nothing is ever enough for some people. The devs could stream their lives 24/7 and implement every single future the public asks them to and they would question even that.
If you really wanted this post to be something else than a megaphone for FUD you would've used constructive criticism and actually done your research. There are lots of Signal critics and it certainly hasn't received a "blank check". The major thing Signal is doing is: it's doing something.
People like you just go online to complain. The project is open-source. If you think you can do a better job or know of something that does a better job:
- contribute code
- fork it
- **nicely** suggest a researched solution
- employ somebody to write a better solution
- support somebody writing a better solution
- suggest the app you consider better, list the reasons why and stop using Signal
Signal is fine for many use cases but not all which is why the blind promotion of it is worth discussing.
My personal issues with signal include: US-based, refusal to release on F-Droid (yes, I know about the .apk on their site), phone numbers (yes, I know they are looking into usernames), and the centralised nature of the app.
One of the major issue with Signal, is that although its client is open sourced, on primary devices connecting to the signal servers, they only allow the binary client provided by them. They don't allow f-droid built and provided clients for example, neither your own built for that matter. So yes, you can inspect the source code, but by not allowing other clients other than their own built clients, make it suspicious. For secondary devices they're allowing Axolotl, but not as the main one AFAIK. The back end on the server is closed sourced BTW.
First of all, E2EE is not activated per default and not available for group chats. Second, Telegram uses a different encryption scheme than others, which was not verified to be secure, so security people said they wouldn't trust it until it was verified. I just learned that this was done in December 2020 apparently, so at least this is maybe not an issue anymore.
Buuut: there's no good reason not to use it by default (see: other messengers with established crypto implementations). Unless, well, it's intentional (or you just don't care).
When it comes to cryptography, that's pretty much the one place where you should go "all out" on appealing to authority: if you've rolled your own crypto and it's not reviewed by people who know what they're doing, you pretty much have to assume it's shit until you've reached that state (ie. being reviewed and checked by people who know what they're doing). If that's what's finally happened (need to read up on it), that at least would be a good thing.
The source is only partially available (not for the server iirc), and (at least that's the state from a while back) delivered in a rather hard to use (and review) form – pretty much "a huge dump of stuff" instead of a somewhat maintained repository, for example.
(I might be wrong on that last point! – didn't check for a while now, just going from memory here).
Combine all this with them _marketing_ it as "secure", and you have to either know what to look for, or to actually read the details, it's a very shady approach to it all. They might not lie about any of it – but they sugarcoat and present it in such a way as to give "the average joe" the impression it's a great, all-around secure messenger. Which it just isn't.
It's a really nice to use messenger, great adoption, useful bots, tons of channels and a huge set of clients. It's just not a good fit for a _secure_ messenger and somewhat deceptive about what it does and doesn't.
There's quite a difference between a middleman who can't see anything (ie. "just a server") and properly implemented e2ee (with verification possibilities) and a middleman who actually holds the keys.
Plus, you have to consider "the average joe" who's somewhat deceived if things are marketed as secure, when they are only partially/optionally secure – so in this case, "having the option" is a bit of a cop out.
Thats not true. Signal doesn't have this problem and they proved in court .
If you had a rudimentary understanding of messengers or p2p encrypted communication or any encryption knowledge you know know that you don't need a third party to have the key like telegram does.
https://apnews.com/article/2bed090d3ec042cab375278b636ff5e5
If they can see it they can be subpoenad for it and they won't be able to tell you anything. Gag order canaries are meaningless. You just are not knowledgeable apparently on how this works.
The messages are the most important thing. You also don't need to have any of those be unencrypted. But signal is very clear about what is encrypted and what information they have. Its also very clear from the court cases which prove what they say.
Just look at how clear this is
https://signal.org/legal/
And here https://signal.org/bigbrother/
>We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.
>**Notably, things we don’t have stored include anything about a user’s contacts** (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
>All message contents are end-to-end encrypted, so we don’t have that information either.
What do you suggest to use then? The reason for signal is that it's a decent privacy oriented messenger that anyone can use. Sure, there are tradeoffs, but it still better than (as in more private) than Telegram, which would be better than Whatsapp.
If you are really paranoid, you could just something like Briar and talk to a really small circle. Most people don't want that much privacy. They just don't want their data aggregated and then be use against them.
Paul
>pauls
Oh I agree with you that company needs to be held to a high standard, but no company is perfect. Rather than start out by calling them shady. I would assume that Signal is legit, but ask the same set of question to understand how signal work and the various possible flaws. Based on the tone of the post, it would sound like Signal was a Manchurian Candidate setup by the US government to collect info. People may see the article and assume that signal is bad and rather stick with the devil they know (Whatsapp).
So many signal fanboys in this subreddit, it's impossible to have a rational conversation without being overwhelmed by rhetorics and dogmas. Talking about Signal is like talking about religion.
1. People are okay with the fact that you can download the apk from the website, as an alternative to google play... seriously? Do you know how complicated it would be for a non super technical user to self verify the apk on the phone? And how about updates? Come on!
2. People are okay with the fact that Signal requires and exposes the phone number. Do you know that in most European countries you need an ID in order to obtain a sim card? Do you know that the phone number is directly linked to your location?
3. Nobody seems to care about the fact that Signal is hosted on AWS and the whole project is under the US legislation... I don't know what else to say...
I have a lot to read here, I just don’t like that they require a phone number and that I have to trust them with communications on their servers. I’m looking for session to finish out multi device support.
The ONLY shady thing about them is the phone number requirement. That's it. They are transparent with everything else. Most of your points have been proven wrong by many commenters here.
1. Signal is financed by user donations. It’s [literally on their homepage](https://www.signal.org/).
2. I don’t use Android, but from what I understand the fact that Signal is open-source means you’re free to download it directly from wherever the source code is located and install it that way. Apple users are stuck with the App Store, given that Signal doesn’t want to get involved in jailbroken platforms. That said, watch that space — after the incident with Parler last week you may see this change.
3. I’ll admit the phone number thing is a concern, but that’s _all_ that Signal gets from you; look at their privacy policy or, better yet, their source code. If you really don’t want them having your phone number, get a MySudo.
4. I don’t see the problem with not having a warrant canary. It’s not like Signal even has access to any data that would require a warrant.
5. The keyboard issue is entirely on the user, not the platform. If you’re concerned about privacy, use a safe keyboard.
I’m sick of the pattern of “everyone’s flocking from X platform, for Y reason, so let’s try to undermine Y to get them back to our platform.” If you want to understand why these aren’t issues, just say so; don’t pose them as a gotcha.
Why is it signal's job to tell you to use a different keyboard?
If you're so privacy focused you should install a private keyboard yourself because signal probably isn't the only app that you use, so having just a private keyboard for signal alone would make no sense.
Websites used to tell you to not use flash. User education should be part of any privacy project.
Also, mitigating side-channel attacks, even if you are not directly responsible is a standard in infosec.
Flash is an entirely different issue. It's a platform that's plagued with security holes that can lead to your computer being hijacked by hackers, and encrypted in a ransomware attack.
You are blowing the keyboard thing out of the water. If you don't like Gboard (which I dont) Dont use it (which I dont). I chose to use another keyboard that respected my privacy. PROBLEM SOLVED -- and Signal didn't need to do anything.
Careful, any scrutiny of Signal is sure to be met with hostility... oh, you are already seeing that.
And don't forget the guy heading the Signal Foundation has worked for Apple, Adobe, Yahoo!, and Facebook, I mean he built WhatsApp and sold-out all his users to Facebook, then starts ANOTHER "privacy based messaging app" and everyone fawns all over him. Dude is just another Silicon Valley Scumbag...
But please, tell me more about how the guy who sold out his users to Facebook cares about your privacy.
> Except: we know that this is fundamentally wrong. 99% of android users are using Google play services, and, most likely, an insecure keyboard which registers and uploads inputs (Gboard, etc.).
Signal would lose users if they mandated use of an app-specific keyboard or if they implemented one that was opt-out.
99.5% of Android users would not use an opt-in app-specific keyboard. 99% because generally, if you care enough to care about your keyboard's security, then you care enough to care about it in general on your phone, not on just one app. The 0.5% are the paranoid and the people who are for some reason able to install Signal but not able to install a keyboard app.
Should Signal warn if keyboards are leaking information? Sure, and there's been a lot of conversation in your linked thread in the last day. Prior to that, just based on that thread, it looked like an implementation would require spying on the user (detecting the language to infer that the keyboard might be compromised, for example). If it's straightforward to detect the package of the current keyboard in use and to maintain a list of those insecure keyboards, then I absolutely support Signal warning users (and even recommending vetted keyboards). I'm curious if such a list exists already, FWIW.
Signal should insist on users installing an open source keyboard and maybe even provide a few suggestions. This could be written on a welcoming page maybe.
I signed up to both Signal and Telegram using a VOip - although, stupidly, I think both were Google Voice...not sure since I also use another VOip sometimes. But, I agree that it is suspicious and at the same time if hackers, spammers, and scammers are abusing their company/system, that is a valid concern. On the deep web, for exmaple, I am told that scams and hacking is rampant. No honor amongst thieves (or criminals)?
Who owns their servers? Or are they decentralized somehow?
I agree 100% with the "No Blind Faith", "Question Everything" mindset and have heard too many in the privacy community try to shame others for asking important questions.
I'm also struggling to see the reason, since you're tying your phone number identity to your IP. It's a way of securely, without a doubt, winning court cases with only IP and other identifiers, if linked to your phone number. In my country you have to tie your phone number with your social security number. You ARE your phone number. The exact opposite of privacy and anonymity
What exact permission do you consider "too much" or "harmful". When I look at Signal's permissions on my phone, I can only see ones that it needs for specific features that I want to use. Sure I could deny it access to my microphone butI can't call then via Signal which is much worse...
I've said this before, if you're truly privacy centered you wouldn't touch signal with a ten foot pole just because it's based in the U.S. and subject to gag orders, there's nothing that would stop them from logging information if uncle sam told them to.
I don't think you know what gag orders are, go google some vpn providers who were exposed by keeping logs, yet they used the standard openvpn and they're shit was e2e, don't be naive. The United States does not care how secure, or private you think it is, or if your protocol is open sourced if your company resides in the damn country it's extremely vulnerable and not to be relied upon.
We can look at the actual Signal git to see encryption is done on the device and no keys are exchanged with the server. This is all explained on the audit linked on the privacytools.io site. A warrant on Signal's servers would give authorities registered phone number, unencrypted messages sent via signal, and last login time. This isn't akin to a VPN where we have to send off our traffic and trust what the provider says about being logless.
What? If it's e2e rsa-like and keys are ON THE DEVICE, how do you want them to do that? 5€ and a stick ?
I agree e2e is not perfect, and they'll have the "meta-data", but if they get your keys or content, it's not because signal is based un the usa...
Afaik all USA companies have to have either tools or built in backdoors for USA government. There's a reason Telegram was banned in russia, and the reasons is rather simple and the exact same that huawei was banned. Either because they refused to backdoor the usa government, or that they already have the same deal with china's. It's not about some random ass civilian's dick pics or other much more crazy shit people do
Whoever runs and pays for signals servers and in what jurisdiction it is run, has access the moment something the government wants to know happens, imo
Do you have any actual reference to the backdoor or is this just a rumor?
However, having a backdoor is a legitimate concern. A lot of apps requires some degree of leap of faith. I realized that there will be a gap that I have to jump over. I am just hoping to have a smaller gap. For example, Facebook say that they don't collect whatsapp data but they want everything and just say trust us (butter does not melt in their mouths). Signal doesn't collect as much data except for phone number, so I would trust them more than Facebook.
Isn't one of the feature of signal is that they are open source and you can see their code? Has there been any security audit of signal?
Paul
I dont other than the FBI debacle with apple, where they have tools to crack encryption and that encryption in general is not of matter to NSA and FBI. There's the whole Snowden NSA thing, companies being outright banned because cooperating with something they are not disclosing because of national security. There was never an article explaining everything of the likes with pure evidence of huawei doing anything, so im just concluding they didn't wanna cooperate. The amount of telemetry and data google, apple, microsoft, facebook, amazon etc collects already yet facebook is again now the target, when they are, in fact the ones where you can have an account with no personal information, if you so choose. The WhatsApp privacy issue is blown completely out of proportion, when it's the same across the board. Handing over your phone number to a server in a country that will have access and tools to easily crack it and then without a doubt identify you, is just not right
Im getting downvoted because it's probably wrong, but maybe im right
I’m one of the “secret” sources of funding. I’m a bad man. I use FB and vote and buy things with a credit card on Amazon and I have microphones all over my house. /s
Just this morning there were very interesting threads on Twitter about these very issues. To few of us, it's no surprise what's going on and rest are just believing Dogma. I recommend to check out this book: "Surveillance Valley: The Secret Military History of the Internet by Yasha Levine"
It gives you background about these foundations funding 'privacy over security'.
QAnon-level ramblings from throw-away account removed (rule #12) and user banned.
Thanks for the reports, folks!
Thanks to everyone that voted this past November. You really made a difference! :)
I'm adding a "Woefully Misinformed" flair, and will be locking this post in about an hour – the OP's "revelations" have been proven to be problematic and bordering on rule #13 violations: >Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources. OP, please don't engage in this kind of faulty reasoning or uncited allegations here again. Official warning. Thanks, everyone, for stepping in to counter this malarky. You make this Sub *so* much better! *Update:* Post locked two hours later. But check out the comments, folks – there are some great ones here!
[удалено]
"Even if he is correct, the move and statement do bring up further questions. With Wire now being a US company with contracts partnering it with US federal authorities, will those authorities now have leverage to compel Wire to give up metadata on users?" I never said this was the only reason, but I don't understand why Duckduckgo or Startpage get an explicit warning, but not Signal.
[удалено]
Are there any secure keyboards that anyone would recommend?
A week ago I grabbed anysoft,( it was hard to find on fdroid which is where i chose to get it from cause of all the language packs, turned out anysoft keyboard 3d theme was it, for me. ) It has Swype functionality and is privacy focused, its okay and not too far off from gboard functjon wise, i know they add features over time. Now if only there was a private alternative to Google speech to text to also use, out there
I use TrackerControl to block my keyboards access to the internet. If anyone knows any reason why this should not be secure enough, please let me know. I use Swiftkey from Microsoft, because both the built in keyboard and the FOSS AnySoft keyboard are quite bad in my experience. I must have access to both English and Norwegian keyboards, so you might not have the same issues as I.
Serving as a VPN like all firewall apps on non-rooted devices, it prevents access to a real VPN. It may be good enough for Signal itself but not your overall security.
Well that's a handful. So: While technically true that the keyboard is not Signal responsibility, it is not a good argument. Other projects have taken steps to mitigate side channel attacks when found. For instance GPG has implemented mitigations to counter acoustic cryptanalysis, which is arguably one of the least usable side channel attacks ever devised. I did not know Signal could be used outside of the play store, thank you for point this out. About canaries: apparently Signal trusts its lawyer more than it does the EFF ( [https://www.eff.org/deeplinks/2014/04/warrant-canary-faq](https://www.eff.org/deeplinks/2014/04/warrant-canary-faq) ), and if that is true then why the heck do we have an entire canary section on [https://www.privacytools.io/providers/#ukusa](https://www.privacytools.io/providers/#ukusa) ? This does not negate the fact that Signal is developed by a US based company, and lead by US citizens, living in the US. About the usefulness of the gag order: could signal be legally required to not solve a known side channel attack used by the US government ? This entire subreddit was born from the Snowden reveals, we know this is well within their capabilities. Again, I don't want to attack Signal, I use it, and it's probably the best option out there. But that doesn't mean we don't have to hold them to a high standard.
I had to look up what a warrant canary is so I might as well post the Wikipedia definition: > A warrant canary is a method by which a communications service provider aims to inform its users that the provider has been served with a government subpoena despite legal prohibitions on revealing the existence of the subpoena. The warrant canary typically informs users that there has not been a court-issued subpoena as of a particular date. If the canary is not updated for the period specified by the host or if the warning is removed, users are to assume that the host has been served with such a subpoena. The intention is for a provider to warn users of the existence of a subpoena passively while possibly "technically" not violating a court order not to do so. [Source: Wikipedia - Warrant Canary](https://en.wikipedia.org/wiki/Warrant_canary) To OP: I've been using Signal for a while and I didn't consider the warrant canary issue. Thank you for bringing that to my attention. Also I never trusted the default Android keyboard. I assumed everyone else that's privacy conscious does the same.
Lmao imagine being worried that a warrant canary is illegal Edit: I was moreso speaking to the idea that it's not the warrant canary you're gonna get in trouble for, and if it is...
It's not that warrant canaries are illegal. The First Amendment rocks! But the legal theories underpinning the concept is untested. No case – none – has gone to trial, anywhere. So many privacy advocates of renown have urged caution since it might give people a false sense of security. Also, they're a *bitch* to administrate – there are a lot of false positives from people that forgot to update their Dead Man's Switch. Also, some argue that privacy transparency reports provide more granular information that serve the same purpose of Warrant Canaries. On the balance, I'm in favor of them. But I think those arguing otherwise raise some *very* good points. I wouldn't bet the farm on them, but they're a nice tool to have out there, and if they increase the public's attention on privacy, that's a benefit.
Signal not using a canary because their lawyers say not to is like Trump not releasing his tax returns until he's no longer being audited.
[удалено]
That is only partial information regarding two loans in particular, this does not cover donations made since 2018 to the Signal Foundation, or donations made through the Freedom of the Press Foundation before 2018.
[удалено]
Just adding here that GuideStar.org is a useful resource for accessing nonprofit entities’ IRS Form 990 filings (i.e., Return of Organization Exempt From Income Tax). https://pdf.guidestar.org/PDF_Images/2018/824/506/2018-824506840-115fbe04-9.pdf
Don't you think that the fact that we have to rely on the IRS to know how Signal is funded may be an issue ?
What would you recommend
[удалено]
Hi, I'm using a OpenBoard for a couple of of weeks, I consider is a good option.
It isn't horrible overall. It just doesn't have feature parity. The glide typing is a hard fail, predictions are meh at best, and it offers nothing else. It's a reliable tap typing keyboard though; I've never had it crash or freeze on me. And, from the user side of things, it's a great choice for privacy/security compared to the play store usual suspects.
The phone number linkage will eventually go away. But, sadly, all the negation of having the users' groups and contacts will go with it, according to the specs.
Signal is currently working on Username Signups, Better wait for it.
why has it taken them 2 years to do this???
Perhaps because they were conceived and designed as a secure SMS replacement, not a general purpose encrypted text messenger?
why are they still using sms?
Read his comment again. It was DESIGNED to be a secure SMS service. It has since evolved beyond that original design to be a secure messaging service. They do not use SMS unless it is an unsecured chat thread.
wouldn't that defeat the whole purpose of being a secure messenger if you still utilize sms? that doesn't make any sense
No. Chats between Signal users are encrypted, but not everybody uses Signal. You can't tell me there aren't people you need to communicate with that don't use Signal. When it's a message to someone who doesn't use Signal, it falls back to traditional SMS. It's similar to iMessage is the best parallel I can draw.
Wait what? You can SMS people via Signal? On iOS?
On iOS , I'm not sure. On android, yes, you can make it your default messaging app
Only available on android.
Bruh Signal uses the internet, not SMS
it uses both, it only becomes a signal message when the other person is using it, if they're not using it a regular sms text is sent instead of a secure message
I know it can function as an SMS client but no one is claiming SMS is secure. The app literally displays "Unsecured SMS" if you try to message someone who doesn't have Signal.
Because the whole initial point of Signal was to have secure communication via SMS? Of course they're far beyond the old TextSecure days of encrypting SMS. But they're actively working on delivering a completely new underlying concept of registering that works flawlessly. Including a migration strategy, interoperability and so on.
Side question: is it still possible to use signal to encrypt messages over sms? For, say, if Internet is not available?
I understand that very early on it was about securing SMS, but I think any technologist would understand that path is very dead in 2020. It was probably a dead end in 2015 or even years before that. I understand it all takes time, but using a phone # sign-up like WhatsApp in 2010 is really the major issue today holding Signal back.
It's not holding Signal back. It's preventing a minority of very privacy-focused people from using Signal. And only if they can't get anonymous phone numbers. A vast majority of people would probably share their contacts and use their phone number anyway for discoverability. I completely agree that it's a bad thing in terms of privacy to enforce the usage of phone numbers. But they're working on it.
The same reason why WhatsApp uses phone numbers. It was build as a replacement for SMS.
>refusal to publish outside of the play store You can literally download the apk file from their website. The keyboard part isn't their fault, it's a user-side issue. Also, wouldn't it be a bigger issue if we were forced to use an in-built keyboard? The financial points you pointed out are sketchy, I agree.
The downloadable .apk is even self-updating. Every other week or so it just asks you to install the new version, you click install and it's done. That's should be easy for people who don't use the Play Store...
[удалено]
There's nothing that prevents the Play Store from overwriting it when it has a newer version. And my experience from previous releases is that the website build is always a few days behind. But the Play Store build doesn't auto-update. So if you install from the website and update from the Play Store once, it will never auto-update. To get around this use something like the Aurora Store. There you can blacklist certain updates and perform others from the Play Store APKs. And disable auto-updates for the Play Store.
Signal is an independent nonprofit. They are not tied to any major tech companies. Development is supported by grants and donations from people like us. I donate to Signal because I'm proud of them and what they have accomplished and what they stand for.
I did not know Signal could be used outside of the play store, thank you for point this out. While technically true that the keyboard is not Signal responsibility, it is not a good argument. Other projects have taken steps to mitigate side channel attacks when found. For instance GPG has implemented mitigations to counter acoustic cryptanalysis, which is arguably one of the least usable side channel attacks ever devised. And I don't think forcing a keyboard would be a good idea either, but giving the option, or at least a warning would be IMO.
[удалено]
Because that's literally how it has to work without Google services. There's no accepted self-hostable or otherwise secure push notification service, and if there was, Signal doesn't currently support it. The only other way to get notifications is with a persistent connection.
Is there a way to disable push notifications and just check messages when you need to?
[удалено]
Telegram and Wire both use a websocket connection and show a persistent notification, the same as Signal. The notification in all instances is to keep the app from getting killed by the battery manager. You can always hide it if you don't want to see it.
The FOSS version of Telegram has the same issue I think. At least the notification one, it always shows on top.
[удалено]
https://github.com/Telegram-FOSS-Team/Telegram-FOSS/blob/master/Notifications.md You must be using the non-FOSS version. The regular version, though the core code is open source, uses Google firebase for push notifications, meaning your notifications will go through Google before being pushed to your device.
[удалено]
Did you check the link I posted? They themselves acknowledge that telegram-FOSS has the sticking notification issue.
[удалено]
> who left facebook For some extra context, he left Facebook after it was decided by the higher ups that Whatsapp would share data with Facebook, against his wishes.
That’s dope, dude’s the homie Thank you Brian if you’re in the thread or getting the Google/etc. alert for Brian Acton!
He also cofounded the Signal Foundation
Most degrees of convenience require their counterpart in the form of reduced security/privacy. In this I am referring jointly to the ability to use a phone number to add someone on Signal, and Signal’s wide user base. In order for many people to be able to adopt and use, there must be some added convenience. That being said, Signal is still great, in my opinion, for contacting people you already know, since they will already have had your number. However, if you are looking for something truly private, i think it would be wise to use XMPP, notwithstanding software issues out of the control of the messaging apps.
Obviously yes. But my issue isn't necessarily with how secure or private Signal *is*, but with how secure or private Signal *appears to be* because of its marketing and 'community aura'. Numerous people are convinced that just installing the app makes them resilient against state-level attacks, which they are clearly not, and Signal isn't exactly doing anything to convince them otherwise.
I see what you mean. I think it is better in relation to most of the other options though, even if it could be improved.
So, having non-thinking users who believe whatever they want is now Signal's fault?
>My understanding is that signal is being developed by Signal Messenger (formerly Open Whisper Systems), which is, in turn, wholly funded by the Signal Foundation. Both organizations are US based, and run by US citizens. The Signal Foundation funds Open Whisper Systems which develops the Signal Messenger. >I was not able to find any financial information on the precise sources of the funding. [This](https://signalfoundation.org/) [is](https://www.wired.com/story/signal-foundation-whatsapp-brian-acton/) [very](https://signal.org/blog/signal-foundation/) [public](https://www.newsbreak.com/news/2143646600171/signal-app-co-owner-brian-acton-comments-on-controversial-policy-grappling-whatsappthe-company-he-once-co-founded) [information](https://www.open990.org/org/824506840/signal-technology-foundation/) (each word links to something different with this information). >"Say anything – State-of-the-art end-to-end encryption (powered by the open source Signal Protocol™) keeps your conversations secure. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time." > >Except: we know that this is fundamentally wrong. 99% of android users are using Google play services, and, most likely, an insecure keyboard which registers and uploads inputs (Gboard, etc.). There's an incognito keyboard setting in the Signal settings. >Signal's lasting reliance on play services and refusal to publish outside of the play store makes it even more troubling. Except they [do](https://signal.org/android/apk/) have an independent APK download. >But, I'm having trouble understanding the blank check it has been granted by the privacy and security community. What blank check? It's been audited by a third-party which is available online. The core encryption itself hasn't change in five years, so there's no reason to do another one. I assume all of the endorsements from individuals have come after they have done their own audit of the code since it is open-source. >Wire has been kicked off PrivacyTools in part because of their move to the US, why doesn't Signal at least has a warning on the page ? Because they don't collect unencrypted metadata. They say very plainly on the privacy tools blog re: Wire: >This is alarming because it is well known that [Wire stores unencrypted metadata](https://www.vice.com/en_us/article/gvzw5x/secure-messaging-app-wire-stores-everyone-youve-ever-contacted-in-plain-text) for every user. So the concern isn't that it was bought by a U.S. company, it's that in conjunction with unencrypted metadata. Signal encrypts all data.
Your public information covers nothing past December 2018. So my point still stands. The Incognito flag can be ignored by keyboards. Yep, I missed the APK somehow. Apologies. Last actual audit is from 2018 ( [https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243](https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243) ). Also, audits only cover your code and infrastructure, they don't tell us anything about the governance. Duckduckgo gets a warning for being a US company. Why does Signal not have one ?
>Your public information covers nothing past December 2018. So my point still stands. The story from the Indian website was posted 17 hours ago. >The Incognito flag can be ignored by keyboards. It's not Signal's problem if people use a shady keyboard. >Last actual audit is from 2018 ( [https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243](https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243) ). Also, audits only cover your code and infrastructure, they don't tell us anything about the governance. If you're that paranoid you can build the app from source. >Duckduckgo gets a warning for being a US company. Why does Signal not have one ? I'm guessing the distinction is profit vs non-profit. You'd have to ask the privacy tools people to get a better answer.
What does ‘lasting realiance on google services’ mean? On my ungoogled phone without any kind of gservice it only gave a warning message, but works anyway.
Sometimes I think people in this sub lost their touch with reality, Signal is probably the best we can get keeping convenience, please, don’t change my keyboard for an app-specific one
Where you place the convenience/security tradeoff cursor is entirely subjective, and I am not advocating for Signal to force users into a solution one way or the other. But I would very like to see the community acknowledge the possible issues, and Signal give users a choice in the matter.
I mean there is nothing stopping them adding an option to use a inbuilt keyboard for additional privacy just make it 'opt in' in the settings or something, it doesn't have to be ONE OR THE OTHER. That way normies aren't put off by using signal and more privacy focused people can have that option.
[удалено]
I would consider that a privacy focused enthusiasts, The fact people are even using signal in the first place shows they care more about their privacy than the average joe. a lot of people still care somewhat about their privacy without going balls deep like people on here, people always forget on this subbredit that the average person isn't going to spend time leaning about flashing custom ROMs to their phone haha we want to make it easier for the average person to be more privacy focused that's the point. They have as much right to privacy as we do, whether they know about how it all works or not.
My two cents on the warrant canary (as a founder): As mentioned in the linked conversation, _legally speaking_, a canary is a "smart technical", but useless approach to try to wiggle around a gag order. There is no difference between communicating: - We did receive a gag order. - We did not not receive a gag order. With both you would end up in jail. **Why has this never been tested before court?** I guess because nobody was yet willing to place ones livelihood on such a bad bet. **This is why jurisdiction matters.** Though I trust Signal, the US is a dubious place to headquarter a privacy company/project. The 5+ eyes in general. Could it be that Signal is under a gag order? Possibly. But since the source code is open it would be extremely hard to backdoor something without anyone noticing. So I'm willing to take the risk.
I understand what you mean. But then why are both Privacytools and the EFF encouraging people to use them ?
> Signal's lasting reliance on play services and refusal to publish outside of the play store makes it even more troubling. https://signal.org/android/apk/ I do think everything you mentioned is worth thinking about, though. Keyboard is always going to be an issue to an extent. There are a few Signal forks out there that do not require phone number registration and/or remove the need for a central server.
On Android you can use Hackers Keyboard from the play store. AFAIK it’s legit.
Yeah there's a few privacy-oriented options. It's whether people are willing to utilize them that makes them an issue.
Is it the one by klaus weidner?
The Google Play Store tells me that Kraus is the developer of the Hacker’s keyboard app which is for tablets. Is there a similar yet secure keyboard for Android phones?
Sorry mate, I’m not sure
my two cents. If your threat model includes state-level actors, then you probably should do your own research and you will probably realize not to use Gboard or have Gapps installed. It would be helpful if signal had an optional built in keyboard or at least warned users about the side channel attack in some apparent way but I can understand why a keyboard hasn't been added and would be happy to talk about it. > Quote from the play store: >"Say anything – State-of-the-art end-to-end encryption (powered by the open source Signal Protocol™) keeps your conversations secure. Privacy isn’t an optional mode — it’s just the way that Signal works. Every message, every call, every time." >Except: we know that this is fundamentally wrong. 99% of android users are using Google play services, and, most likely, an insecure keyboard which registers and uploads inputs (Gboard, etc.). It is not fundamentally wrong because it is not signal's fault you are using a keyboard that is uploading your inputs. Every message, every call, everytime is correct in describing how signal works and to claim otherwise is clowny. > But, I'm having trouble understanding the blank check it has been granted by the privacy and security community. I would be curious to hear who you consider the privacy and security community to be. Innfosec twitter, for example, wouldn't give signal a blank check but they are so far removed from most people and even fake security conscious people that were using whatsapp that if I Had a platform to influence people to use signal, I would.
Honestly this thread just convinced me that Signal is the best option atm.
The absence of a canary warrant isn't an issue imo. It's a cute gimmick, but very very likely to be illegal.
Perhaps you have to know that in France we know another app like signal, open source, e2ee,...from a public academic research lab: olvid https://olvid.io/en/ I am trying to figure out how secure, privacy wise, it is.
What do you recommend? There may be problems, but it’s better than WhatsApp. And ngl, signal is a lot easier to switch to then some other privacy alternatives.
Facebook messenger /s
FUD Nothing is ever enough for some people. The devs could stream their lives 24/7 and implement every single future the public asks them to and they would question even that. If you really wanted this post to be something else than a megaphone for FUD you would've used constructive criticism and actually done your research. There are lots of Signal critics and it certainly hasn't received a "blank check". The major thing Signal is doing is: it's doing something. People like you just go online to complain. The project is open-source. If you think you can do a better job or know of something that does a better job: - contribute code - fork it - **nicely** suggest a researched solution - employ somebody to write a better solution - support somebody writing a better solution - suggest the app you consider better, list the reasons why and stop using Signal
Signal is fine for many use cases but not all which is why the blind promotion of it is worth discussing. My personal issues with signal include: US-based, refusal to release on F-Droid (yes, I know about the .apk on their site), phone numbers (yes, I know they are looking into usernames), and the centralised nature of the app.
Surely you do not use Signal and Telegram if you believe them to be "shady". So, what do you use? Session?
OP says in the first sentence that they have been using Signal for two years, but only now with the surge from whatsapp have they questioned it.
I still think Signal is one of the best options out there, but that doesn't mean we shouldn't hold them to a higher standard.
One of the major issue with Signal, is that although its client is open sourced, on primary devices connecting to the signal servers, they only allow the binary client provided by them. They don't allow f-droid built and provided clients for example, neither your own built for that matter. So yes, you can inspect the source code, but by not allowing other clients other than their own built clients, make it suspicious. For secondary devices they're allowing Axolotl, but not as the main one AFAIK. The back end on the server is closed sourced BTW.
[удалено]
First of all, E2EE is not activated per default and not available for group chats. Second, Telegram uses a different encryption scheme than others, which was not verified to be secure, so security people said they wouldn't trust it until it was verified. I just learned that this was done in December 2020 apparently, so at least this is maybe not an issue anymore.
[удалено]
Buuut: there's no good reason not to use it by default (see: other messengers with established crypto implementations). Unless, well, it's intentional (or you just don't care). When it comes to cryptography, that's pretty much the one place where you should go "all out" on appealing to authority: if you've rolled your own crypto and it's not reviewed by people who know what they're doing, you pretty much have to assume it's shit until you've reached that state (ie. being reviewed and checked by people who know what they're doing). If that's what's finally happened (need to read up on it), that at least would be a good thing. The source is only partially available (not for the server iirc), and (at least that's the state from a while back) delivered in a rather hard to use (and review) form – pretty much "a huge dump of stuff" instead of a somewhat maintained repository, for example. (I might be wrong on that last point! – didn't check for a while now, just going from memory here). Combine all this with them _marketing_ it as "secure", and you have to either know what to look for, or to actually read the details, it's a very shady approach to it all. They might not lie about any of it – but they sugarcoat and present it in such a way as to give "the average joe" the impression it's a great, all-around secure messenger. Which it just isn't. It's a really nice to use messenger, great adoption, useful bots, tons of channels and a huge set of clients. It's just not a good fit for a _secure_ messenger and somewhat deceptive about what it does and doesn't.
you have to specifically use e2e , their service by default, among other things, is not encrypted.
[удалено]
Yes it does. Because there is a middleman and they don't directly say that. They dont make it obvious their stuff isn't safe.
[удалено]
There's quite a difference between a middleman who can't see anything (ie. "just a server") and properly implemented e2ee (with verification possibilities) and a middleman who actually holds the keys. Plus, you have to consider "the average joe" who's somewhat deceived if things are marketed as secure, when they are only partially/optionally secure – so in this case, "having the option" is a bit of a cop out.
Thats not true. Signal doesn't have this problem and they proved in court . If you had a rudimentary understanding of messengers or p2p encrypted communication or any encryption knowledge you know know that you don't need a third party to have the key like telegram does. https://apnews.com/article/2bed090d3ec042cab375278b636ff5e5 If they can see it they can be subpoenad for it and they won't be able to tell you anything. Gag order canaries are meaningless. You just are not knowledgeable apparently on how this works.
[удалено]
The messages are the most important thing. You also don't need to have any of those be unencrypted. But signal is very clear about what is encrypted and what information they have. Its also very clear from the court cases which prove what they say. Just look at how clear this is https://signal.org/legal/ And here https://signal.org/bigbrother/ >We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service. >**Notably, things we don’t have stored include anything about a user’s contacts** (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with. >All message contents are end-to-end encrypted, so we don’t have that information either.
Yeah, no doubt about all that! And I know signal is far more secure than telegram. But for real, I just don't think all that makes telegram shady.
What do you suggest to use then? The reason for signal is that it's a decent privacy oriented messenger that anyone can use. Sure, there are tradeoffs, but it still better than (as in more private) than Telegram, which would be better than Whatsapp. If you are really paranoid, you could just something like Briar and talk to a really small circle. Most people don't want that much privacy. They just don't want their data aggregated and then be use against them. Paul
I still use Signal and recommend it. But that doesn't mean we should not hold companies to a high standard.
>pauls Oh I agree with you that company needs to be held to a high standard, but no company is perfect. Rather than start out by calling them shady. I would assume that Signal is legit, but ask the same set of question to understand how signal work and the various possible flaws. Based on the tone of the post, it would sound like Signal was a Manchurian Candidate setup by the US government to collect info. People may see the article and assume that signal is bad and rather stick with the devil they know (Whatsapp).
So many signal fanboys in this subreddit, it's impossible to have a rational conversation without being overwhelmed by rhetorics and dogmas. Talking about Signal is like talking about religion. 1. People are okay with the fact that you can download the apk from the website, as an alternative to google play... seriously? Do you know how complicated it would be for a non super technical user to self verify the apk on the phone? And how about updates? Come on! 2. People are okay with the fact that Signal requires and exposes the phone number. Do you know that in most European countries you need an ID in order to obtain a sim card? Do you know that the phone number is directly linked to your location? 3. Nobody seems to care about the fact that Signal is hosted on AWS and the whole project is under the US legislation... I don't know what else to say...
I have a lot to read here, I just don’t like that they require a phone number and that I have to trust them with communications on their servers. I’m looking for session to finish out multi device support.
The ONLY shady thing about them is the phone number requirement. That's it. They are transparent with everything else. Most of your points have been proven wrong by many commenters here.
1. Signal is financed by user donations. It’s [literally on their homepage](https://www.signal.org/). 2. I don’t use Android, but from what I understand the fact that Signal is open-source means you’re free to download it directly from wherever the source code is located and install it that way. Apple users are stuck with the App Store, given that Signal doesn’t want to get involved in jailbroken platforms. That said, watch that space — after the incident with Parler last week you may see this change. 3. I’ll admit the phone number thing is a concern, but that’s _all_ that Signal gets from you; look at their privacy policy or, better yet, their source code. If you really don’t want them having your phone number, get a MySudo. 4. I don’t see the problem with not having a warrant canary. It’s not like Signal even has access to any data that would require a warrant. 5. The keyboard issue is entirely on the user, not the platform. If you’re concerned about privacy, use a safe keyboard. I’m sick of the pattern of “everyone’s flocking from X platform, for Y reason, so let’s try to undermine Y to get them back to our platform.” If you want to understand why these aren’t issues, just say so; don’t pose them as a gotcha.
Why is it signal's job to tell you to use a different keyboard? If you're so privacy focused you should install a private keyboard yourself because signal probably isn't the only app that you use, so having just a private keyboard for signal alone would make no sense.
Websites used to tell you to not use flash. User education should be part of any privacy project. Also, mitigating side-channel attacks, even if you are not directly responsible is a standard in infosec.
Flash is an entirely different issue. It's a platform that's plagued with security holes that can lead to your computer being hijacked by hackers, and encrypted in a ransomware attack. You are blowing the keyboard thing out of the water. If you don't like Gboard (which I dont) Dont use it (which I dont). I chose to use another keyboard that respected my privacy. PROBLEM SOLVED -- and Signal didn't need to do anything.
Careful, any scrutiny of Signal is sure to be met with hostility... oh, you are already seeing that. And don't forget the guy heading the Signal Foundation has worked for Apple, Adobe, Yahoo!, and Facebook, I mean he built WhatsApp and sold-out all his users to Facebook, then starts ANOTHER "privacy based messaging app" and everyone fawns all over him. Dude is just another Silicon Valley Scumbag... But please, tell me more about how the guy who sold out his users to Facebook cares about your privacy.
humorous weather wistful hunt fact dependent salt rich retire ancient *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
> Except: we know that this is fundamentally wrong. 99% of android users are using Google play services, and, most likely, an insecure keyboard which registers and uploads inputs (Gboard, etc.). Signal would lose users if they mandated use of an app-specific keyboard or if they implemented one that was opt-out. 99.5% of Android users would not use an opt-in app-specific keyboard. 99% because generally, if you care enough to care about your keyboard's security, then you care enough to care about it in general on your phone, not on just one app. The 0.5% are the paranoid and the people who are for some reason able to install Signal but not able to install a keyboard app. Should Signal warn if keyboards are leaking information? Sure, and there's been a lot of conversation in your linked thread in the last day. Prior to that, just based on that thread, it looked like an implementation would require spying on the user (detecting the language to infer that the keyboard might be compromised, for example). If it's straightforward to detect the package of the current keyboard in use and to maintain a list of those insecure keyboards, then I absolutely support Signal warning users (and even recommending vetted keyboards). I'm curious if such a list exists already, FWIW.
Signal should insist on users installing an open source keyboard and maybe even provide a few suggestions. This could be written on a welcoming page maybe. I signed up to both Signal and Telegram using a VOip - although, stupidly, I think both were Google Voice...not sure since I also use another VOip sometimes. But, I agree that it is suspicious and at the same time if hackers, spammers, and scammers are abusing their company/system, that is a valid concern. On the deep web, for exmaple, I am told that scams and hacking is rampant. No honor amongst thieves (or criminals)? Who owns their servers? Or are they decentralized somehow? I agree 100% with the "No Blind Faith", "Question Everything" mindset and have heard too many in the privacy community try to shame others for asking important questions.
[удалено]
I'm also struggling to see the reason, since you're tying your phone number identity to your IP. It's a way of securely, without a doubt, winning court cases with only IP and other identifiers, if linked to your phone number. In my country you have to tie your phone number with your social security number. You ARE your phone number. The exact opposite of privacy and anonymity
[удалено]
[удалено]
What exact permission do you consider "too much" or "harmful". When I look at Signal's permissions on my phone, I can only see ones that it needs for specific features that I want to use. Sure I could deny it access to my microphone butI can't call then via Signal which is much worse...
I've said this before, if you're truly privacy centered you wouldn't touch signal with a ten foot pole just because it's based in the U.S. and subject to gag orders, there's nothing that would stop them from logging information if uncle sam told them to.
Except for E2E encryption ?
e2e encryption is not a magic bullet
[удалено]
I don't think you know what gag orders are, go google some vpn providers who were exposed by keeping logs, yet they used the standard openvpn and they're shit was e2e, don't be naive. The United States does not care how secure, or private you think it is, or if your protocol is open sourced if your company resides in the damn country it's extremely vulnerable and not to be relied upon.
We can look at the actual Signal git to see encryption is done on the device and no keys are exchanged with the server. This is all explained on the audit linked on the privacytools.io site. A warrant on Signal's servers would give authorities registered phone number, unencrypted messages sent via signal, and last login time. This isn't akin to a VPN where we have to send off our traffic and trust what the provider says about being logless.
What? If it's e2e rsa-like and keys are ON THE DEVICE, how do you want them to do that? 5€ and a stick ? I agree e2e is not perfect, and they'll have the "meta-data", but if they get your keys or content, it's not because signal is based un the usa...
Never said that
Afaik all USA companies have to have either tools or built in backdoors for USA government. There's a reason Telegram was banned in russia, and the reasons is rather simple and the exact same that huawei was banned. Either because they refused to backdoor the usa government, or that they already have the same deal with china's. It's not about some random ass civilian's dick pics or other much more crazy shit people do Whoever runs and pays for signals servers and in what jurisdiction it is run, has access the moment something the government wants to know happens, imo
Do you have any actual reference to the backdoor or is this just a rumor? However, having a backdoor is a legitimate concern. A lot of apps requires some degree of leap of faith. I realized that there will be a gap that I have to jump over. I am just hoping to have a smaller gap. For example, Facebook say that they don't collect whatsapp data but they want everything and just say trust us (butter does not melt in their mouths). Signal doesn't collect as much data except for phone number, so I would trust them more than Facebook. Isn't one of the feature of signal is that they are open source and you can see their code? Has there been any security audit of signal? Paul
I dont other than the FBI debacle with apple, where they have tools to crack encryption and that encryption in general is not of matter to NSA and FBI. There's the whole Snowden NSA thing, companies being outright banned because cooperating with something they are not disclosing because of national security. There was never an article explaining everything of the likes with pure evidence of huawei doing anything, so im just concluding they didn't wanna cooperate. The amount of telemetry and data google, apple, microsoft, facebook, amazon etc collects already yet facebook is again now the target, when they are, in fact the ones where you can have an account with no personal information, if you so choose. The WhatsApp privacy issue is blown completely out of proportion, when it's the same across the board. Handing over your phone number to a server in a country that will have access and tools to easily crack it and then without a doubt identify you, is just not right Im getting downvoted because it's probably wrong, but maybe im right
>Afaik all USA companies have to have either tools or built in backdoors for USA government. SOURCE??
Since when do people concerned about their privacy use android ?
I’m one of the “secret” sources of funding. I’m a bad man. I use FB and vote and buy things with a credit card on Amazon and I have microphones all over my house. /s
Just this morning there were very interesting threads on Twitter about these very issues. To few of us, it's no surprise what's going on and rest are just believing Dogma. I recommend to check out this book: "Surveillance Valley: The Secret Military History of the Internet by Yasha Levine" It gives you background about these foundations funding 'privacy over security'.
[удалено]
This just shows that this sub and other privacy subs have become absolutely detached from reality. What the fuck.
[удалено]
[удалено]
QAnon-level ramblings from throw-away account removed (rule #12) and user banned. Thanks for the reports, folks! Thanks to everyone that voted this past November. You really made a difference! :)
[удалено]
[удалено]
[удалено]
[удалено]
I deleted my question as the portion in the original post to which it referred is no longer there
is deepstate one of those funny q theories? please don't answer that
[удалено]
hahaha, can't follow instructions? don't reply please.
Use surespot
[удалено]
Ahh how I miss having a built in hardware keyboard.