this post was submitted on 28 Aug 2024
535 points (96.7% liked)

Privacy

31996 readers
524 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] yogthos@lemmy.ml -5 points 2 months ago (124 children)

Yeah, Signal is more than encrypted messaging it's a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people's connections and affiliations.

This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.

Also worth of note that it was originally funded by CIA cutout Open Technology Fund, part of Radio Free Asia. Its Chairwoman is Katherine Maher, who worked for NDI/NED: regime-change groups, and a member of Atlantic Council, WEF, US State Department Foreign Affairs Policy Board etc.

[–] sunzu2@thebrainbin.org 4 points 2 months ago (16 children)

Cross referenced you on the sister thread.

People there positing that this is no correct. Granted their info appears to be signal "disclosed" to the feds as part of a court proceed what it collects, which is only apparently when you connect to the server.

Doesnt answer the issue if they could collect your call logs though

[–] yogthos@lemmy.ml 13 points 2 months ago (15 children)

My reply from the other thread. People who claim this isn't true aren't being honest. The phone number is the key metadata. Meanwhile, nobody outside the people who are actually operating the server knows what it’s doing and what data it retains. Faith based approach to privacy is fundamentally wrong. Any data that the protocol leaks has to be assumed to be available to adversaries.

Furthermore, companies can’t disclose if they are sharing data under warrant. This is why the whole concept of warrant canary exists. Last I checked Signal does not have one.

https://en.wikipedia.org/wiki/Warrant_canary

[–] mukt@lemmy.ml 9 points 2 months ago (1 children)

phone number isn't just any metadata; it is the anchoring data around which the rest of metadata is collected, and it is also connected to govt/corporate verified real identity.

why would anyone even claim to offer privacy around such an anchor ?

[–] yogthos@lemmy.ml 9 points 2 months ago (1 children)

Exactly, especially when we're talking about the US government that has access to all the data from other large US based media companies like Google and Meta. We know this for a fact thanks to Snowden leaks. Once you have a phone number, you know the identity of the person, and you can trivially cross reference all the other data to see if that person is of interest. And thanks to their Signal connection graph, the government can easily tell what other people they communicate privately with.

[–] zingo@sh.itjust.works -2 points 2 months ago (2 children)

And thanks to their Signal connection graph, the government can easily tell what other people they communicate privately with.

So what? I'm sure your neighbor couple talk privately to each other most of the time and you know that happens. The important part is that the conversation is private.

Signal is not an anonymous messenger app. It never claimed to be. It's for you to have a private conversation where your device holds the encryption keys.

Not like WhatsApp, where Meta has access to the keys of all conversations. Also 95 % of the worlds population is on WhatsApp, so why don't you go and complain to them for lack of privacy and security?

If you want an "anonymous" chat client they are out there to use. Good luck getting more people onboard other than your savy friend.

[–] yogthos@lemmy.ml 7 points 2 months ago (1 children)

If you understand that this information is being leaked, and that's not part of your threat profile that's perfectly fine. The problem is that a lot of people don't seem to understand the implications of Signal harvesting phone numbers, and therefore make bad assumptions regarding the safety of using Signal. It's pretty clear that a lot of people aren't conscious about this in this very thread in fact.

[–] sunzu2@thebrainbin.org 3 points 2 months ago (1 children)

yes most people seem oblivious what mass bulk data collection can do.

and nobody has yet to answer, if there is something to stop Signal from collecting metadata logs of its users and their groups.

it does not seem people understand this risk.

either way, nobody produced a reasonable position on this. so presumption is that signal can farm this data and sell/give it out. since best we got is Signal's responses to US courts which would also be subject to the same conditions if national security type people got involved.

[–] yogthos@lemmy.ml 1 points 2 months ago (1 children)

Wire uses Signal protocol and doesn't harvest phone numbers, so I'm pretty sure we do actually know what the answer is. The fact that Signal made this design choice is very concerning to anybody who understand the implications of doing that.

[–] sunzu2@thebrainbin.org 2 points 2 months ago

i don' disagree with the thesis and i think the best we will get is not answer that tan effectively rebuke the position.

stupid AI said that server would know who start the connection but not back and forth. connection is static and is reset, so presumably longer convos would involve several timestamps.

I am not sure if signal would know who the recipient but that's the logical next conclusion.

[–] mukt@lemmy.ml 2 points 2 months ago

Signal's use case is "authentic communication". like when a govt person interacts with other govt person and doesn't want a second govt to snoop on the actual contents on the communication, but accepts that metadata is public.

It is whatsapp for such people, without being whatsapp.

But then why would you use whatsapp either ?

load more comments (13 replies)
load more comments (13 replies)
load more comments (120 replies)