On its 10th anniversary, Signal’s president wants to remind you that the world’s most secure communications platform is a nonprofit. It’s free. It doesn’t track you or serve you ads. It pays its engineers very well. And it’s a go-to app for hundreds of millions of people.
Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.
This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.
Also worth of note that it was originally funded by CIA cutout Open Technology Fund, part of Radio Free Asia. Its Chairwoman is Katherine Maher, who worked for NDI/NED: regime-change groups, and a member of Atlantic Council, WEF, US State Department Foreign Affairs Policy Board etc.
People there positing that this is no correct. Granted their info appears to be signal “disclosed” to the feds as part of a court proceed what it collects, which is only apparently when you connect to the server.
Doesnt answer the issue if they could collect your call logs though
My reply from the other thread. People who claim this isn’t true aren’t being honest. The phone number is the key metadata. Meanwhile, nobody outside the people who are actually operating the server knows what it’s doing and what data it retains. Faith based approach to privacy is fundamentally wrong. Any data that the protocol leaks has to be assumed to be available to adversaries.
Furthermore, companies can’t disclose if they are sharing data under warrant. This is why the whole concept of warrant canary exists. Last I checked Signal does not have one.
Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.
This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.
Strictly speaking, the social graph harvesting portion would be under the Google umbrella, as, IIRC, Signal relies on Google Play Services for delivering messages to recipients. Signal’s sealed sender and “allow sealed sender from anyone” options go part way to addressing this problem, but last I checked, neither of those options are enabled by default.
However, sealed sender on its own isn’t helpful for preventing build-up of social graphs. Under normal circumstances, Google Play Services knows the IP address of the sending and receiving device, regardless of whether or not sealed sender is enabled. And we already know, thanks to Snowden, that the feds have been vacuuming up all of Google’s data for over a decade now. Under normal circumstances, Google/the feds/the NSA can make very educated guesses about who is talking to who.
In order to avoid a build-up of social graphs, you need both the sealed sender feature and an anonymity overlay network, to make the IP addresses gathered not be tied back to the endpoints. You can do this. There is the Orbot app for Android which you can install, and have it route Signal app traffic through the Tor network, meaning that Google Play Services will see a sealed sender envelope emanating from the Tor Network, and have no (easy) way of linking that envelope back to a particular sender device.
Under this regime, the most Google/the feds/the NSA can accumulate is that different users receive messages from unknown people at particular times (and if you’re willing to sacrifice low latency with something like the I2P network, then even the particular times go away). If Signal were to go all in on having client-side spam protection, then that too would add a layer of plausible deniability to recipients; any particular message received could well be spam. Hell, spam practically becomes a feature of the network at that point, muddying the social graph waters further.
That Signal has
Not made sealed sender and “allow sealed sender from anyone” the default, and
Not incorporated anonymizing overlay routing via tor (or some other network like I2P) into the app itself, and
Is still in operation in the heart of the U.S. empire
tells me that the Feds/the NSA are content with the current status quo. They get to know the vast, vast majority of who is talking (privately) to who, in practically real time, along with copious details on the endpoint devices, should they deem tailored access operations/TAO a necessary addition to their surveillance to fully compromise the endpoints and get message info as well as metadata. And the handful of people that jump through the hoops of
Enabling sealed sender
Enabling “allow sealed sender from anyone”
Routing app traffic over an anonymizing overlay network (and ideally having their recipients also do so)
can instead be marked for more intensive human intelligence operations as needed.
Finally, the requirement of a phone number makes the Fed’s/the NSA’s job much easier for getting an initial “fix” on recipients that they catch via attempts to surveil the anonymizing overlay network (as we know the NSA tries to). If they get even one envelope, they know which phone company to go knocking on to get info on where that number is, who it belongs to, etc.
This too can be subverted by getting burner SIMs, but that is a difficult task. A task that could be obviated if Signal instead allowed anonymous sign-ups to its network.
That Signal has pushed back hard on every attempt to remove the need for a phone number tells me that they have already been told by the Feds/the NSA that that is a red line, and that, should they drop that requirement, Signal’s days of being a cushy non-profit for petite bourgeois San Francisco cypherpunks would quickly come to an end.
Anyone who has any experience with centralized databases, would be able to tell you how useless sealed sender is. With message recipients and timestamps, it’d be trivial to discover who the senders are.
Also, signal has always had a cozy relationship with the US (radio free asia was it’s initial funder) . After yasha levine posted an article critical of signal a few years back, RFA even tried to do damage control at a privacy conference on signal s behalf:
Libby Liu, president of Radio Free Asia stated:
Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.
These are high-up US government employees trying to further spread signal.
Strictly speaking, you can download it directly from their website, but IIRC, the build will still default to trying to use Google Play Services, and only fall back to a different service if Google Play Services is not on the device. Signal really, really wants to give Google insight into who is messaging who.
It involves phone number, account creation time and last connected time. That’s it. Nothing more.
The cross referencing of data is just nonsense. Google and meta already have your phone number. Adding signal info to it adds absolutely zero information to them. They have it all already. They know nothing of who you talk with, which groups you are part of.
The funding of Signal did involve public grants but that’s not anything bad. Many projects and nonprofits receive public money. It does not imply that there are backdoors or anything like that. And signal was purposefully designed so that no matter who owns and operates it, the messages stay hidden independently on the server infrastructure. They did the best possible to remove themselves from the chain of trust. Expert cryptographers and auditors trust signal. Don’t listen to this random ramble of an online stranger whose intentions are just to confuse you and make you doubt.
It’s fascinating that these kinds of trolls come out of the woodwork any time obvious problems with Signal are brought up.
Phone numbers very obvious are metadata. If you think that cross referencing data is nonsense then you have absolutely no clue what you’re talking about. It’s not about Google or Meta having your phone number, it’s about having a graph of people doing encrypted communication with each other over Signal. The graph of contacts is what’s valuable.
Don’t listen to this random ramble of an online stranger whose intentions are just to confuse you and make you doubt.
What you absolutely shouldn’t listen to are trolls who tell you to just trust that Signal is not abusing the data it’s collecting about you. The first rule of security is that it can’t be faith based.
What are you talking about? you get a phone number from signal, and what will you be able to derive from it? there is no graph. signal does not hold any “relationships” information.
Also just because there are no alternatives doesn’t mean your default position should be we just have to trust whatever exists now because it’s good enough. Or that we can’t criticize it ruthlessly, distrust it. Call it out and as a result of that build perhaps the desire for something better, a fix as it were.
The evidence and history clearly points towards Signal being very suspicious and likely in bed with the feds. This is not conspiracy thinking. Conspiracy thinking is thinking that the country/empire that gave away old German engima machines whose code they’d cracked to developing countries without telling them they’d cracked it in the late 40s/early 50s, that went on to establish a crypto company just to subvert its encryption. That’s done everything Snowden revealed has in fact changed suddenly for the first time in half a century for no particular reason and not to its own benefit. That’s fanciful thinking. That’s a leap of logic away from the proven trends, the pattern of behavior, and indeed the incentivizes to continue using their dominant position to maintain dominance and power. They didn’t back down on the clipper chip because they just gave up and decided to let people have privacy and rights. They gave up on it because they found better ways of achieving the same results with plausible deniability.
Also why is everything “tankies” with you people. Privacy advocates point out the obvious and suddenly it’s a communist conspiracy. LOL
Matrix and XMPP are not alternatives and are worse for privacy and security
XMPP is exactly as good or bad for privacy as the servers and clients you choose. It’s a protocol, not a service. Unlike Signal, which is a brand/app/service package.
The problem is, you’re comparing apples with orchards. Analogous would be: ‘email is worse for privacy than yahoomail’. Plus in this scenario yahoomail only lets you send emails to yahoomail addresses.
Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.
This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.
Also worth of note that it was originally funded by CIA cutout Open Technology Fund, part of Radio Free Asia. Its Chairwoman is Katherine Maher, who worked for NDI/NED: regime-change groups, and a member of Atlantic Council, WEF, US State Department Foreign Affairs Policy Board etc.
Cross referenced you on the sister thread.
People there positing that this is no correct. Granted their info appears to be signal “disclosed” to the feds as part of a court proceed what it collects, which is only apparently when you connect to the server.
Doesnt answer the issue if they could collect your call logs though
My reply from the other thread. People who claim this isn’t true aren’t being honest. The phone number is the key metadata. Meanwhile, nobody outside the people who are actually operating the server knows what it’s doing and what data it retains. Faith based approach to privacy is fundamentally wrong. Any data that the protocol leaks has to be assumed to be available to adversaries.
Furthermore, companies can’t disclose if they are sharing data under warrant. This is why the whole concept of warrant canary exists. Last I checked Signal does not have one.
https://en.wikipedia.org/wiki/Warrant_canary
Strictly speaking, the social graph harvesting portion would be under the Google umbrella, as, IIRC, Signal relies on Google Play Services for delivering messages to recipients. Signal’s sealed sender and “allow sealed sender from anyone” options go part way to addressing this problem, but last I checked, neither of those options are enabled by default.
However, sealed sender on its own isn’t helpful for preventing build-up of social graphs. Under normal circumstances, Google Play Services knows the IP address of the sending and receiving device, regardless of whether or not sealed sender is enabled. And we already know, thanks to Snowden, that the feds have been vacuuming up all of Google’s data for over a decade now. Under normal circumstances, Google/the feds/the NSA can make very educated guesses about who is talking to who.
In order to avoid a build-up of social graphs, you need both the sealed sender feature and an anonymity overlay network, to make the IP addresses gathered not be tied back to the endpoints. You can do this. There is the Orbot app for Android which you can install, and have it route Signal app traffic through the Tor network, meaning that Google Play Services will see a sealed sender envelope emanating from the Tor Network, and have no (easy) way of linking that envelope back to a particular sender device.
Under this regime, the most Google/the feds/the NSA can accumulate is that different users receive messages from unknown people at particular times (and if you’re willing to sacrifice low latency with something like the I2P network, then even the particular times go away). If Signal were to go all in on having client-side spam protection, then that too would add a layer of plausible deniability to recipients; any particular message received could well be spam. Hell, spam practically becomes a feature of the network at that point, muddying the social graph waters further.
That Signal has
tells me that the Feds/the NSA are content with the current status quo. They get to know the vast, vast majority of who is talking (privately) to who, in practically real time, along with copious details on the endpoint devices, should they deem tailored access operations/TAO a necessary addition to their surveillance to fully compromise the endpoints and get message info as well as metadata. And the handful of people that jump through the hoops of
can instead be marked for more intensive human intelligence operations as needed.
Finally, the requirement of a phone number makes the Fed’s/the NSA’s job much easier for getting an initial “fix” on recipients that they catch via attempts to surveil the anonymizing overlay network (as we know the NSA tries to). If they get even one envelope, they know which phone company to go knocking on to get info on where that number is, who it belongs to, etc.
This too can be subverted by getting burner SIMs, but that is a difficult task. A task that could be obviated if Signal instead allowed anonymous sign-ups to its network.
That Signal has pushed back hard on every attempt to remove the need for a phone number tells me that they have already been told by the Feds/the NSA that that is a red line, and that, should they drop that requirement, Signal’s days of being a cushy non-profit for petite bourgeois San Francisco cypherpunks would quickly come to an end.
Anyone who has any experience with centralized databases, would be able to tell you how useless sealed sender is. With message recipients and timestamps, it’d be trivial to discover who the senders are.
Also, signal has always had a cozy relationship with the US (radio free asia was it’s initial funder) . After yasha levine posted an article critical of signal a few years back, RFA even tried to do damage control at a privacy conference on signal s behalf:
Libby Liu, president of Radio Free Asia stated:
These are high-up US government employees trying to further spread signal.
You can read more about this here.
Incidentally, this explains why Signal insists that the app has to be installed through the Play store as opposed to f-droid.
Strictly speaking, you can download it directly from their website, but IIRC, the build will still default to trying to use Google Play Services, and only fall back to a different service if Google Play Services is not on the device. Signal really, really wants to give Google insight into who is messaging who.
exactly, vast majority of users will be going through Google’s store when installing it
This message is definitely giving all the vibes of a disinformation/misinformation attempt. There is no metadata to harvest from signal.
Here is an example of all the extent of data that signal has on any given user: https://signal.org/bigbrother/cd-california-grand-jury/
It involves phone number, account creation time and last connected time. That’s it. Nothing more.
The cross referencing of data is just nonsense. Google and meta already have your phone number. Adding signal info to it adds absolutely zero information to them. They have it all already. They know nothing of who you talk with, which groups you are part of.
The funding of Signal did involve public grants but that’s not anything bad. Many projects and nonprofits receive public money. It does not imply that there are backdoors or anything like that. And signal was purposefully designed so that no matter who owns and operates it, the messages stay hidden independently on the server infrastructure. They did the best possible to remove themselves from the chain of trust. Expert cryptographers and auditors trust signal. Don’t listen to this random ramble of an online stranger whose intentions are just to confuse you and make you doubt.
It’s fascinating that these kinds of trolls come out of the woodwork any time obvious problems with Signal are brought up.
Phone numbers very obvious are metadata. If you think that cross referencing data is nonsense then you have absolutely no clue what you’re talking about. It’s not about Google or Meta having your phone number, it’s about having a graph of people doing encrypted communication with each other over Signal. The graph of contacts is what’s valuable.
What you absolutely shouldn’t listen to are trolls who tell you to just trust that Signal is not abusing the data it’s collecting about you. The first rule of security is that it can’t be faith based.
What are you talking about? you get a phone number from signal, and what will you be able to derive from it? there is no graph. signal does not hold any “relationships” information.
Give me your phone number. I’ll quickly be able to find out where you live.
Its the tankies.
Honestly if they can recommend something better I’m all for it but I haven’t heard anything.
Take a look here for some alternatives:
https://dessalines.github.io/essays/why_not_signal.html#good-alternatives
Also just because there are no alternatives doesn’t mean your default position should be we just have to trust whatever exists now because it’s good enough. Or that we can’t criticize it ruthlessly, distrust it. Call it out and as a result of that build perhaps the desire for something better, a fix as it were.
The evidence and history clearly points towards Signal being very suspicious and likely in bed with the feds. This is not conspiracy thinking. Conspiracy thinking is thinking that the country/empire that gave away old German engima machines whose code they’d cracked to developing countries without telling them they’d cracked it in the late 40s/early 50s, that went on to establish a crypto company just to subvert its encryption. That’s done everything Snowden revealed has in fact changed suddenly for the first time in half a century for no particular reason and not to its own benefit. That’s fanciful thinking. That’s a leap of logic away from the proven trends, the pattern of behavior, and indeed the incentivizes to continue using their dominant position to maintain dominance and power. They didn’t back down on the clipper chip because they just gave up and decided to let people have privacy and rights. They gave up on it because they found better ways of achieving the same results with plausible deniability.
Also why is everything “tankies” with you people. Privacy advocates point out the obvious and suddenly it’s a communist conspiracy. LOL
Matrix and XMPP are not alternatives and are worse for privacy and security
Simplex Chat is actually is pretty sold but isn’t the most user friendly
Briar is very cool but its complexity makes it hard to use. It also has problems with real time communications
XMPP is exactly as good or bad for privacy as the servers and clients you choose. It’s a protocol, not a service. Unlike Signal, which is a brand/app/service package.
The protocol is worse for privacy
Is that better?
‘Trust me bro’
The problem is, you’re comparing apples with orchards. Analogous would be: ‘email is worse for privacy than yahoomail’. Plus in this scenario yahoomail only lets you send emails to yahoomail addresses.