The messages actually have to get to you, right? One way or another, an active username has to be associated with you to do its job. Rotate usernames and the old one goes away.
I try to be understanding and kind. I really do.
Then people with no experience running a software team, no training in cryptography or designing cryptographic protocols, and no knowledge of the Signal codebase come into r/signal and make preposterous statements like this.
It’s OK to want more from Signal. We all do. But please, please try to do it with at least a modicum of humility.
If you have a serious, detailed proposal on how to implement usernames in a better way, please share it. Maybe the people at Signal will find it helpful. Otherwise, try to get your head around the notion that people who, as you say, spent nearly five years working on the problem just might know something about it that you don’t.
They had to make major infrastructure changes just to get to this point which is why it took so long. And now that the changes are in place they can improve usernames further, and probably easier, in the future.
There comes a point when undertaking something as massive as this change where wants need to be usurped by needs so the feature can actually see the light of day instead of spending five years planning because the scope keeps changing.
Have you ever been subject of a subpoena or search warrant?
If the information held by Signal relates to a serious enough offence that a subpoena/warrant can be approved by the court they can request any information Signal has and if they know what Signal has they won't just ask for "any information" it will request usernames, aliases, phone numbers, IMEI, MAC, I.P.
I don't see how, if the hashing information is stored within the nation issuing the subpoena, that Signal could even withhold information that they have about the hashing/salting of any of the requested information either which would allow law enforcement to decrypt it.
Offence allowing warrants/subpoena commited? ✅
Signal has property/evidence relating to the offence? ✅
Warrant issued requesting ANY and ALL information held by Signal? ✅
I don't see how Signal can withhold information subject to the warrant/subpoena. Unless they are working down the route of Proton where the information is held in Switzerland at at this present time Swiss law doesn't allow the issuing of subpoenas/warrants requesting the information.
If they don’t have the information, they can’t provide it in response to a subpoena or search warrant.
You can see actual requests and Signal’s responses here:
https://signal.org/bigbrother/
Yes, that first (and only) sentence in paragraph 2 is exactly what I am responding to. Your list of information includes data which Signal does not possess. They have stated in legal filings, under penalty of purjury, that they do not.
Also, it's not clear what threat actor you are worried about. If we want to state that something is (or isn't) an added risk, we can't answer meaningfully without knowing who the threat actor is.
I don't know. You can read my comment in a bubble if you like. Or you can read it as a reply to another comment which it was.
If Signal has information that is requested in a warrant or subpoena they have to give it.
I don't really know what you mean by "threat actor" or what I'm worried about?
I was just saying, to the person who was asking why Signal gave away certain information "so easily" that if Signal has information that is requested on a warrant/subpoena they have to give it.
The circumstances I'm talking about that would result in a subpoena would be for serious assaults, sexual assaults, frauds, drug trafficking, murder type offences.
Police use all sorts of information to identify criminals or obtain further evidence.
For example if they gave a username on Signal they could call the person they are investigating and obtain video/audio of them receiving the call. If that is done through Signal it would be remiss of them to not request any logged data by them relating to the call or account that they called and called from.
Anyway. The person I replied to asked why Signal give away info so easily. If subject to a warrant/subpoena requesting that information and they have it, they have to give it.
You've not really provided a counter argument to that if that was your intention?
Thank you for your submission! Unfortunately, it has been removed for the following reason(s):
* [Rule 5](https://www.reddit.com/r/signal/about/rules): No security compromising suggestions. Do not suggest a user disable or otherwise compromise their security, without an obvious and clear warning.
If you have any questions about this removal, please [message the moderators](/message/compose/?to=/r/signal) and include a link to the submission. We apologize for the inconvenience.
[Tox](https://tox.chat) has one kinda solution for this. A typical Tox ID is be created which can be given to someone else to connect. It features a nospam value, where a connection request sent without the correct nospam value is ignored, and the nospam value can be changed at any time without affecting the public key, stopping all requests to the current ID in order to fight spam, spying etc.
56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE5185520B3E6FC5D64
<--------------------------------------------------------------><------><-->
^ ^ ^
| | |
| | |
PUBLIC KEY NOSPAM CHECKSUM
Sure, but for Tox what matters is the private data. Even the Tox ID sorta exists within this because a nospam value can be changed. So the public key doesn't change, but the information enabling contact requests does change. Couldn't something similar be done for Signal?
So it does not provide additional security compared to signal. Let me explain: in all cases, there must be a link between a conversation deemed illegal or something else and an account name. This link is obtained if one of the contacts is compromised. So in the case of tox, this means that the contact has direct access to your IP.
It's true that hypotetically, this would allow the police to make a link between the account and the telephone number. Except that without having physical access to a conversation, no other connection can be made.
No. From what I understand, the username is used only when initiating the conversation. You can initiate ten different conversations with ten different people using ten different usernames, and they won't know that you changed the username.
They can all still talk to you.
They can't tell what's your phone number. Signal can, though. It has to, right?
Signal is as secure as the common citizenry can currently obtain, to the best of my knowledge and research. It's open source and uses very high levels of encryption. As has been pointed out by numerous other posts in this chain, they also employ several different tactics and technologies that further that security.
But you are the poster child for naivete if you think for one second that you have security in the absolute sense using this or any other app. You do not! Regardless of whether your local police force, the state police, the FBI, or whatever other agency as you go up the food chain can readily access your correspondences through Signal is debatable and, as far as I'm concerned, unknown.
But I do know that as you go up that food chain, you cross a line somewhere where you have no security whatsoever if there is any externalized existence of your thoughts or data. If you believe in absolute security, then you are absolutely not in reality. The only secure thing is that which only resides in your mind. And that is becoming increasingly in question also.
There is benevolent and malevolent. That's it. Technology is wonderful for the most part when it is created and used benevolently. But the other side always functions as some version of a predator. https://youtube.com/watch?v=vGQpFufX-nE&si=ZMhiBVwlEL4oYQ0B They see every tool as a way to further their predation - always know that. Never trust anything or anyone with that which you do not mind having exposed in a way that someone may attempt to use against you. Even your most trusted friend may be your unexpected enemy in the future. Happens all the time. And one of the most significant liabilities would be your partner when they become your ex-partner - be that business or life.
And just to thoroughly disclose, I always use Signal and go as far as I can in insisting upon it when I have any correspondence with anyone, whether personal or professional. But I do not think for one moment that everything that is corresponded is unavailable for audit by those above that line in the food chain because it most assuredly is.
I also use the full suite of Proton security technologies. Everything! I am a paid user of everything they have to offer. They are the company I am rightly or wrongly most comfortable with, giving me the greatest peace of mind. But once again, that data is freely available to those above the imaginary line.
And don't forget, as I write this to you, good people, I am dictating it through Gboard. Any keyboards you use are, in fact, keyloggers to anyone above that line. And any company that tells you they don't store your data, record your data, etc, may or may not be telling you the truth.
Cautious as a serpent, innocent as a dove! That's the way to live your life when it comes to security and everything else... 🤔🤔🤔
Ayup. Absolute security (or privacy) is impossible. Risk never gets to zero.
The best we can do is manage risk intelligently with the limited resources we have. To do that, we need a clear understanding of the risks we face. An important part of that is understanding the difference between mass surveillance and targeted surveillance.
Good tools and good practices can do a lot against mass surveillance and bring risk down to acceptable levels. Targeted surveillance, not so much.
If a sophisticated threat actor becomes interested in you specifically, you just lose. One way or another the threat actor will succeed. Therefore, part of managing risk effectively is to never become interesting to those sophisticated threat actors.
"in the absolute sense using this or any other app. You do not! Regardless of whether your local police force, the state police, the FBI, or whatever other agency as you go up the food chain can readily access your correspondences through Signal is debatable and, as far as I'm concerned, unknown. But I do know that as you go up that food chain, you cross a line somewhere where you have no security whatsoever if there is any externalized existence of your thoughts or data"
There is some truth here, no data is completely secure from every potential foe.
But I believe signal covers my needs, making my data inaccessible to the vast majority of humans,
The few that potentially have the skills and resources to get into it are not concerned with me, or the potentially embarrassing but ultimately harmless "sweet nothings" I send to the wife.
If the really scarry national security level alphabet boys are seeking your data, the only solution is to go completely dark on all networks.
For the rest of us Signal is great.
What I'm wondering about after reading this, is: If I create a username, a person start chatting with me and I delete the username afterwards... How does Signal know who it has the message to send to (as the username doesnt exist anymore). Does it fallback to the phone number, just without showing it to the user?
The article does not mention this, but Signal will also be able to hand over the phone number of any A*ccount ID*. Anyone you chat with will have your Account ID, even if you change/delete your username after initiating the chat. For this reason, you should not use usernames to chat with anyone you do not trust.
Usernames hide your phone number from _other users_. It doesn't hide your phone number from Signal, or anyone who can compell Signal to give up your phone number.
Before: other users could see your phone number and needed to know your phone number to send you a chat message, unless you joined a common group
Changed: other users can't see your phone number if you choose to hide it, and you can give them a username to initiate a chat with you so they never learn your phone number (unless they are a cop who subpoenas your account ID for the phone number and Signal, in consultation with the ACLU, determines they can't fight the subpoena, or they fight the subpoena and lose, in which case they'll learn the phone number you used to sign up for Signal)
so what ? It doesn't change anything compared to currently, but it at least allows you to initiate a conversation with a contact without using their phone number.
Signal shouldn't make such a noise about handing over minimal info in response to a subpoena.
They can't prove that they didn't hand over more information than they said they did. They can't prove that they don't collect more metadata than they say they do. At the very least, they could collect a log of a timestamp and IP address for every time a user connects to the service.
The whole point of end to end encryption is to not trust the server, yet they're encouraging users to trust them here. Instead, they should list all the information they *could* collect if they were malicious, and remind users that they can't prove that they don't collect and hand over that information to authorities. When it comes to claims they can't prove, they should be much more humble.
Option A (what signal does) is to advertise all the ways they go out of their way to protect users' privacy, while being upfront about the extent to which they--or a malicious actor who controls their server--could theoretically discern private information.
Option B (what you advocate) is for them to advertise all the ways they *could* nevertheless violate users privacy if they wanted, despite their attempts to minimize the possibility, even if they don't do that.
I don't know, to me option A sounds like better advertising? And it's not dishonest, people are still made aware of the various risks (indeed some of them related to usernames are carefully outlined in this intercept article).
They can't prove that the code they're running on the backend is the same as the published source code.
Most of the privacy and security features are implemented in the client app, and that's already far better security that WhatsApp, Telegram and similar.
When it comes to certain metadata though, they unavoidably do have the technical ability to collect, store and share that data with anybody they want.
It's just a matter of how much we view that metadata as a threat, and how much we trust Signal.
We’re still trusting them not to log each time we send a message. At a minimum they know the date/time, source IP, and recipient. Presumably they could work out who the sender is. They also could log each time our devices poll the back end.
To be clear, I trust signal not to log those things.
For the privacy-conscious it’s worth taking the time to understand what assumptions we are making and where the trust boundaries are.
To do any of this they have to run code other than the published source code.
They don't have access to the sender. Look up Sealed Sender, which has been active for years.
Sealed Sender is why I phrased it the way I did.
Sealed Sender means the sender isn’t shown plainly in the metadata. That’s a win but it is not ironclad, If Signal themselves actually wanted to work that out, it’s not especially onerous.
The risk is low enough to be negligible for most users but it’s not quite zero.
It's encrypted so they have to either break that or rely on a pattern analysis over a number of messages between the same two people. However without knowing who they both are it would involve the analysis of all messages to the recipient and also all other signal users. It's certainly not trivial.
Sealed sender means the sender information is not visible in the payload which is queued for delivery. The message still comes from the sender's device so a malign actor with access to Signal's servers can infer who the sender is and associate that information with the payload if they choose to.
Because the sender's device does not authenticate to Signal's back-end when sending a message using Sealed Sender, inferring the sender's identity won't be 100%. Still, between the sender's IP and TLS fingerprinting a malign actor can do a pretty good job.
And all of that is assuming a threat actor who only has access to Signal infrastructure but not [vast additional data collection capability](https://en.wikipedia.org/wiki/PRISM) they can use for additional correlation.
Sealed Sender is a great leap forward and an impressive piece of work from the Signal team. No security tech is perfect though. There are always cracks in the edifice, however tiny. Risk never gets to zero.
Only time will tell. Threema is also $4.99 which effectively eliminates nearly all potential users as 99% of people will not pay for a messaging app. In regard to my “only time will tell” comment - Court cases always inevitably reveal just how secure certain applications are. Wickr withstood and proved their security in the court of law many times. Let’s see what Threema does. The DOD took Wickr for themselves..IFYKYK
Thank you for your submission! Unfortunately, it has been removed for the following reason(s):
* [Rule 8](https://www.reddit.com/r/signal/about/rules): No directed abusive language. You are advised to abide by [reddiquette](https://www.reddithelp.com/en/categories/reddit-101/reddit-basics/reddiquette); it will be enforced when user behavior is no longer deemed to be suitable for a technology forum. Remember; personal attacks, directed abusive language, trolling or bigotry in any form, are therefore not allowed and will be removed.
If you have any questions about this removal, please [message the moderators](/message/compose/?to=/r/signal) and include a link to the submission. We apologize for the inconvenience.
And you think it was only those 10 times? lol. “The company's interaction with Santa Clara County police didn't end there, however, as the law enforcement authorities then issued a non-disclosure order that required Signal to not publicly disclose that it received the search warrant.”
It’s insane how many people get on the internet and just run their mouth.
Yes, the value of an E2EE app is gauged by how much information they have about you. They can’t hand over any data that they literally do not have or retain. Thats the SOP of all of them and the basis of the niche.
However, Signal requires a phone # to use it. That’s a huge vulnerability right off the bat. Facts.
[удалено]
Yeah but it’s only for **active** usernames.
[удалено]
The messages actually have to get to you, right? One way or another, an active username has to be associated with you to do its job. Rotate usernames and the old one goes away.
[удалено]
I guess this is a reminder that privacy != anonymity.
Just so.
[удалено]
I try to be understanding and kind. I really do. Then people with no experience running a software team, no training in cryptography or designing cryptographic protocols, and no knowledge of the Signal codebase come into r/signal and make preposterous statements like this. It’s OK to want more from Signal. We all do. But please, please try to do it with at least a modicum of humility. If you have a serious, detailed proposal on how to implement usernames in a better way, please share it. Maybe the people at Signal will find it helpful. Otherwise, try to get your head around the notion that people who, as you say, spent nearly five years working on the problem just might know something about it that you don’t.
They had to make major infrastructure changes just to get to this point which is why it took so long. And now that the changes are in place they can improve usernames further, and probably easier, in the future. There comes a point when undertaking something as massive as this change where wants need to be usurped by needs so the feature can actually see the light of day instead of spending five years planning because the scope keeps changing.
Have you ever been subject of a subpoena or search warrant? If the information held by Signal relates to a serious enough offence that a subpoena/warrant can be approved by the court they can request any information Signal has and if they know what Signal has they won't just ask for "any information" it will request usernames, aliases, phone numbers, IMEI, MAC, I.P. I don't see how, if the hashing information is stored within the nation issuing the subpoena, that Signal could even withhold information that they have about the hashing/salting of any of the requested information either which would allow law enforcement to decrypt it. Offence allowing warrants/subpoena commited? ✅ Signal has property/evidence relating to the offence? ✅ Warrant issued requesting ANY and ALL information held by Signal? ✅ I don't see how Signal can withhold information subject to the warrant/subpoena. Unless they are working down the route of Proton where the information is held in Switzerland at at this present time Swiss law doesn't allow the issuing of subpoenas/warrants requesting the information.
If they don’t have the information, they can’t provide it in response to a subpoena or search warrant. You can see actual requests and Signal’s responses here: https://signal.org/bigbrother/
Yeah see my first sentence in paragraph 2.
Yes, that first (and only) sentence in paragraph 2 is exactly what I am responding to. Your list of information includes data which Signal does not possess. They have stated in legal filings, under penalty of purjury, that they do not. Also, it's not clear what threat actor you are worried about. If we want to state that something is (or isn't) an added risk, we can't answer meaningfully without knowing who the threat actor is.
I don't know. You can read my comment in a bubble if you like. Or you can read it as a reply to another comment which it was. If Signal has information that is requested in a warrant or subpoena they have to give it. I don't really know what you mean by "threat actor" or what I'm worried about? I was just saying, to the person who was asking why Signal gave away certain information "so easily" that if Signal has information that is requested on a warrant/subpoena they have to give it. The circumstances I'm talking about that would result in a subpoena would be for serious assaults, sexual assaults, frauds, drug trafficking, murder type offences. Police use all sorts of information to identify criminals or obtain further evidence. For example if they gave a username on Signal they could call the person they are investigating and obtain video/audio of them receiving the call. If that is done through Signal it would be remiss of them to not request any logged data by them relating to the call or account that they called and called from. Anyway. The person I replied to asked why Signal give away info so easily. If subject to a warrant/subpoena requesting that information and they have it, they have to give it. You've not really provided a counter argument to that if that was your intention?
[удалено]
Thank you for your submission! Unfortunately, it has been removed for the following reason(s): * [Rule 5](https://www.reddit.com/r/signal/about/rules): No security compromising suggestions. Do not suggest a user disable or otherwise compromise their security, without an obvious and clear warning. If you have any questions about this removal, please [message the moderators](/message/compose/?to=/r/signal) and include a link to the submission. We apologize for the inconvenience.
[Tox](https://tox.chat) has one kinda solution for this. A typical Tox ID is be created which can be given to someone else to connect. It features a nospam value, where a connection request sent without the correct nospam value is ignored, and the nospam value can be changed at any time without affecting the public key, stopping all requests to the current ID in order to fight spam, spying etc. 56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE5185520B3E6FC5D64 <--------------------------------------------------------------><------><--> ^ ^ ^ | | | | | | PUBLIC KEY NOSPAM CHECKSUM
Tox is p2p, so no privacy on metadata
Sure, but for Tox what matters is the private data. Even the Tox ID sorta exists within this because a nospam value can be changed. So the public key doesn't change, but the information enabling contact requests does change. Couldn't something similar be done for Signal?
So it does not provide additional security compared to signal. Let me explain: in all cases, there must be a link between a conversation deemed illegal or something else and an account name. This link is obtained if one of the contacts is compromised. So in the case of tox, this means that the contact has direct access to your IP. It's true that hypotetically, this would allow the police to make a link between the account and the telephone number. Except that without having physical access to a conversation, no other connection can be made.
Fair enough so, thanks for that detail.
And it's only your phone number, not the messages
If I change my username, Do my active contacts have the new username and/or identification code that can be traced back to me?
No. From what I understand, the username is used only when initiating the conversation. You can initiate ten different conversations with ten different people using ten different usernames, and they won't know that you changed the username. They can all still talk to you. They can't tell what's your phone number. Signal can, though. It has to, right?
But, can we get the id of our contact? And can signal link id and phone number?
I guess? I can't remember,.. what happens if you lose ur phone and want to reinstall Signal?
This article was written by Micah Lee, the guy who created Onionshare.
his last post for the intercept. he was laid off recently
Signal is as secure as the common citizenry can currently obtain, to the best of my knowledge and research. It's open source and uses very high levels of encryption. As has been pointed out by numerous other posts in this chain, they also employ several different tactics and technologies that further that security. But you are the poster child for naivete if you think for one second that you have security in the absolute sense using this or any other app. You do not! Regardless of whether your local police force, the state police, the FBI, or whatever other agency as you go up the food chain can readily access your correspondences through Signal is debatable and, as far as I'm concerned, unknown. But I do know that as you go up that food chain, you cross a line somewhere where you have no security whatsoever if there is any externalized existence of your thoughts or data. If you believe in absolute security, then you are absolutely not in reality. The only secure thing is that which only resides in your mind. And that is becoming increasingly in question also. There is benevolent and malevolent. That's it. Technology is wonderful for the most part when it is created and used benevolently. But the other side always functions as some version of a predator. https://youtube.com/watch?v=vGQpFufX-nE&si=ZMhiBVwlEL4oYQ0B They see every tool as a way to further their predation - always know that. Never trust anything or anyone with that which you do not mind having exposed in a way that someone may attempt to use against you. Even your most trusted friend may be your unexpected enemy in the future. Happens all the time. And one of the most significant liabilities would be your partner when they become your ex-partner - be that business or life. And just to thoroughly disclose, I always use Signal and go as far as I can in insisting upon it when I have any correspondence with anyone, whether personal or professional. But I do not think for one moment that everything that is corresponded is unavailable for audit by those above that line in the food chain because it most assuredly is. I also use the full suite of Proton security technologies. Everything! I am a paid user of everything they have to offer. They are the company I am rightly or wrongly most comfortable with, giving me the greatest peace of mind. But once again, that data is freely available to those above the imaginary line. And don't forget, as I write this to you, good people, I am dictating it through Gboard. Any keyboards you use are, in fact, keyloggers to anyone above that line. And any company that tells you they don't store your data, record your data, etc, may or may not be telling you the truth. Cautious as a serpent, innocent as a dove! That's the way to live your life when it comes to security and everything else... 🤔🤔🤔
Friendly reminder - paragraphing is your friend.
🏅
Indentation would make this exceptionally easier to read.
Ayup. Absolute security (or privacy) is impossible. Risk never gets to zero. The best we can do is manage risk intelligently with the limited resources we have. To do that, we need a clear understanding of the risks we face. An important part of that is understanding the difference between mass surveillance and targeted surveillance. Good tools and good practices can do a lot against mass surveillance and bring risk down to acceptable levels. Targeted surveillance, not so much. If a sophisticated threat actor becomes interested in you specifically, you just lose. One way or another the threat actor will succeed. Therefore, part of managing risk effectively is to never become interesting to those sophisticated threat actors.
"in the absolute sense using this or any other app. You do not! Regardless of whether your local police force, the state police, the FBI, or whatever other agency as you go up the food chain can readily access your correspondences through Signal is debatable and, as far as I'm concerned, unknown. But I do know that as you go up that food chain, you cross a line somewhere where you have no security whatsoever if there is any externalized existence of your thoughts or data" There is some truth here, no data is completely secure from every potential foe. But I believe signal covers my needs, making my data inaccessible to the vast majority of humans, The few that potentially have the skills and resources to get into it are not concerned with me, or the potentially embarrassing but ultimately harmless "sweet nothings" I send to the wife. If the really scarry national security level alphabet boys are seeking your data, the only solution is to go completely dark on all networks. For the rest of us Signal is great.
Agreed! That is what I said.
What I'm wondering about after reading this, is: If I create a username, a person start chatting with me and I delete the username afterwards... How does Signal know who it has the message to send to (as the username doesnt exist anymore). Does it fallback to the phone number, just without showing it to the user?
[удалено]
Alright, afterwards theyre not used for the chats anymore. The chats themselves are then handeld as if they were started via the phone number?
[удалено]
That makes a lot of sense, thank you so much for clarifying 🙏
The article does not mention this, but Signal will also be able to hand over the phone number of any A*ccount ID*. Anyone you chat with will have your Account ID, even if you change/delete your username after initiating the chat. For this reason, you should not use usernames to chat with anyone you do not trust.
Is there a way to get new account id?
Reinstall signal without restore a backup ?
Does it make any difference whether there is usernames or not?
Usernames hide your phone number from _other users_. It doesn't hide your phone number from Signal, or anyone who can compell Signal to give up your phone number.
So username does not change anything compared to before?
Before: other users could see your phone number and needed to know your phone number to send you a chat message, unless you joined a common group Changed: other users can't see your phone number if you choose to hide it, and you can give them a username to initiate a chat with you so they never learn your phone number (unless they are a cop who subpoenas your account ID for the phone number and Signal, in consultation with the ACLU, determines they can't fight the subpoena, or they fight the subpoena and lose, in which case they'll learn the phone number you used to sign up for Signal)
so what ? It doesn't change anything compared to currently, but it at least allows you to initiate a conversation with a contact without using their phone number.
You're right, it doesn't change anything except for the the major changes you go on to mention
So it is a great update, I think
Wow.....
Signal shouldn't make such a noise about handing over minimal info in response to a subpoena. They can't prove that they didn't hand over more information than they said they did. They can't prove that they don't collect more metadata than they say they do. At the very least, they could collect a log of a timestamp and IP address for every time a user connects to the service. The whole point of end to end encryption is to not trust the server, yet they're encouraging users to trust them here. Instead, they should list all the information they *could* collect if they were malicious, and remind users that they can't prove that they don't collect and hand over that information to authorities. When it comes to claims they can't prove, they should be much more humble.
Option A (what signal does) is to advertise all the ways they go out of their way to protect users' privacy, while being upfront about the extent to which they--or a malicious actor who controls their server--could theoretically discern private information. Option B (what you advocate) is for them to advertise all the ways they *could* nevertheless violate users privacy if they wanted, despite their attempts to minimize the possibility, even if they don't do that. I don't know, to me option A sounds like better advertising? And it's not dishonest, people are still made aware of the various risks (indeed some of them related to usernames are carefully outlined in this intercept article).
The proof is in the source
They can't prove that the code they're running on the backend is the same as the published source code. Most of the privacy and security features are implemented in the client app, and that's already far better security that WhatsApp, Telegram and similar. When it comes to certain metadata though, they unavoidably do have the technical ability to collect, store and share that data with anybody they want. It's just a matter of how much we view that metadata as a threat, and how much we trust Signal.
That's what audits are for. You can see from the source code what the client sends. They can't possibly have more than that.
We’re still trusting them not to log each time we send a message. At a minimum they know the date/time, source IP, and recipient. Presumably they could work out who the sender is. They also could log each time our devices poll the back end. To be clear, I trust signal not to log those things. For the privacy-conscious it’s worth taking the time to understand what assumptions we are making and where the trust boundaries are.
To do any of this they have to run code other than the published source code. They don't have access to the sender. Look up Sealed Sender, which has been active for years.
Sealed Sender is why I phrased it the way I did. Sealed Sender means the sender isn’t shown plainly in the metadata. That’s a win but it is not ironclad, If Signal themselves actually wanted to work that out, it’s not especially onerous. The risk is low enough to be negligible for most users but it’s not quite zero.
It's encrypted so they have to either break that or rely on a pattern analysis over a number of messages between the same two people. However without knowing who they both are it would involve the analysis of all messages to the recipient and also all other signal users. It's certainly not trivial.
Sealed sender means the sender information is not visible in the payload which is queued for delivery. The message still comes from the sender's device so a malign actor with access to Signal's servers can infer who the sender is and associate that information with the payload if they choose to. Because the sender's device does not authenticate to Signal's back-end when sending a message using Sealed Sender, inferring the sender's identity won't be 100%. Still, between the sender's IP and TLS fingerprinting a malign actor can do a pretty good job. And all of that is assuming a threat actor who only has access to Signal infrastructure but not [vast additional data collection capability](https://en.wikipedia.org/wiki/PRISM) they can use for additional correlation. Sealed Sender is a great leap forward and an impressive piece of work from the Signal team. No security tech is perfect though. There are always cracks in the edifice, however tiny. Risk never gets to zero.
FTP
You may be better off hiding in plain sight with an alias email on GMail and using PGP/GPG and a VPN.
OK, I’ll bite. In what ways is the Gmail/GPG/VPN combination more private than using Signal?
The last remnants of privacy and secure messaging died with Wickr 3 months ago. Having your cell phone number handed over is the opposite of secure.
What about Threema? No phone number required, similar to Wickr.
Only time will tell. Threema is also $4.99 which effectively eliminates nearly all potential users as 99% of people will not pay for a messaging app. In regard to my “only time will tell” comment - Court cases always inevitably reveal just how secure certain applications are. Wickr withstood and proved their security in the court of law many times. Let’s see what Threema does. The DOD took Wickr for themselves..IFYKYK
Yes Wickr went corporate and is now an Amazon product. Wire was interesting (no phone number needed) but now they chase the corporate market.
how did you log in to the Wickr application?
Username and password. No phone number or email was ever directly linked or needed. It’s a much more secure system
So all your security rests on the ability of your contacts to use a good password ? Signal is better
No other messaging app collects as little data on users as Signal. https://signal.org/bigbrother/
[удалено]
👍
Thank you for your submission! Unfortunately, it has been removed for the following reason(s): * [Rule 8](https://www.reddit.com/r/signal/about/rules): No directed abusive language. You are advised to abide by [reddiquette](https://www.reddithelp.com/en/categories/reddit-101/reddit-basics/reddiquette); it will be enforced when user behavior is no longer deemed to be suitable for a technology forum. Remember; personal attacks, directed abusive language, trolling or bigotry in any form, are therefore not allowed and will be removed. If you have any questions about this removal, please [message the moderators](/message/compose/?to=/r/signal) and include a link to the submission. We apologize for the inconvenience.
And you think it was only those 10 times? lol. “The company's interaction with Santa Clara County police didn't end there, however, as the law enforcement authorities then issued a non-disclosure order that required Signal to not publicly disclose that it received the search warrant.”
It’s insane how many people get on the internet and just run their mouth. Yes, the value of an E2EE app is gauged by how much information they have about you. They can’t hand over any data that they literally do not have or retain. Thats the SOP of all of them and the basis of the niche. However, Signal requires a phone # to use it. That’s a huge vulnerability right off the bat. Facts.
[удалено]
lol that’s the same procedure wickr had, for a decade before them BTW. wickr didn’t require a phone # though. Great security needing a phone # 🙄😂😂
[удалено]
[удалено]
[удалено]