As Signal get your phone number. Can we considerate this application as private ? What’s your thoughts about it ? I’m also using SimpleX, ElementX, Threema, but not much people using it…
Cheers
Blog post about Threema that changed my mind against it: https://soatok.blog/2021/11/05/threema-three-strikes-youre-out/
Oh yeah, same. Great writeup, comprehensive and well written, have it bookmarked in case I need to talk to people about Threema.
Love it thank you for sharing. Awesome blog and so much relevant information. it’s now on RSS feed :)
Why is this furry-themed?
It’s a furry blog that happens to write about security a lot, and the author usually has very well-founded takes.
Chill out and enjoy it – you might learn something new. I usually do :D
Why not? Its nice to have fun with your website.
Why not?
owo
I dislike Signal because they are many google play services, and do not try to distribute their app beyond Google Play Store.
https://signal.org/android/apk/
and if you want, you can use molly-foss to remove google notification services
Just switched to molly-foss and am using mollysocket and have no issues
Was it just a simple switch or would I have to convince everyone to use Molly instead of Signal all over again? Like can I just get Molly and transfer over my contacts and history and all that?
Molly was easy enough, switching the notifications was a bit more painful. I found that the airgapped solution worked more seamlessly than the web server though
I agree that there are workarounds, but I find it frustrating that Signal devs are ignoring very obvious security and privacy issues like this. It erodes trust and my enthusiasm to use Signal.
Signal is in F-Droid and works completely degoogled on Graphene with no Google Play. The annoyance is no notifications, but if you’re rolling completely Google Play free, you’re probably used to needing to just check several things a day for lack of notifications on multiple apps, since everyone under the sun is trying to shovel all your notification contents to Google (I assume for bribes of some sort from Google).
It is not on Fdroid https://search.f-droid.org/?q=signal&lang=en
It’s in the Guardian repo ala torbrowser
Many programs are in 3rd party fdroid repos, you can literally create a fdroid repo for Gmail and Gemini, you just upload apks to the server and run an indexer.
Being included in f-droid.org means the app had to meet some basic standards with regard to privacy. Being included in a 3rd party repo means that someone has uploaded it. And it’s a case with the Guardian-distributed Signal, AFAIK it’s the original version.
OP meant Signal not making any effort to be included in the f-droid.org repo, not Guardian not making effort to upload the apk from signal.org
I assume for bribes of some sort from Google
This one is stick, not carrot: apps are generally required to use Google’s notification system to be allowed in the Play Store.
Signal gets notifications without GMS. I think battery use and latency are a little higher. Molly, a fork can use UnifiedPush for better results.
The annoyance is no notifications
Not true. I have GrapheneOS with no Google blobs in a profile where I have Signal from play store (via Aurora) and notifications work perfectly. Signal itself will turn on the no google mode for notifications if not available.
Signal is the gold standard of secure messengers. If you’re looking for decentralized go with xmpp and/or matrix.
Hosted in the US on amazon servers, subject to national security letters.
If it was hosted outside the US and not on AWS, would you use it then?
No because I don’t think centralized services are a good idea for communications platforms.
US is the gold standard in surveillance and spying. I will not use any cloud services based in the US.
My brother, you clearly haven’t read much about the CCP’s surveillance efforts.
Also remind me which region is actively attempting to end encryption as a whole?
Read on articles written by usa?
Gullible
Depends on your threat model, as always. If you require absolute anonymity, it’s tricky, because it uses phone number during the onboarding process, so get an anonymous pre-paid number and discard it after registration. After onboarding you don’t need the number.
For the rest, it’s about as “private” as you make it. It supports group messaing, calls and video, so obviously you need to be careful while using it. Everything is e2e encrypted and stays on your local device, the source is available and has been extensively audited. The company itself is non-profit and has sensible privacy policy.
But yeah, your threat model is the key answer to your question
so get an anonymous pre-paid number
That’s not something that exists in many countries. SIM-cards have to be attached to a real world identity by law.
It exists on the internet, so it exists in every country.
Signal is a stop gap measure on the way to simplex
It did its job of providing privacy of content but meta data a d KYCd phones was a honeypot. Glowies got their relationship heat maps which is really all they wanted.
Once they need content, they will brick your end point with million zero day back doors caked onto everything.
Pegasus cellebrite etc is now used against normal targets.
5 years ago you would have to be a national security concern for such royal treament
Imo signal protocol is mostly fairly robust, signal service itself is about the best middle ground available to get the general public off bigtech slop.
It compares favorably against whatsapp while providing comparable UX/onboarding/rendevous, which is pretty essential to get your non-tech friends/family out of meta’s evil clutches.
Just the sheer number of people signal’s helped to protect from eg. meta, you gotta give praise for that.
It is lacking in core features which would bring it to the next level of privacy, anonymity and safety. But it’s not exactly trivial to provide ALL of the above in one package while retaining accessibility to the general public.
Personally, I’d be happier if signal began to offer these additional features as options, maybe behind a consent checkbox like “yes i know what i’m doing (if someone asked you to enable this mode & you’re only doing it because they told you to, STOP NOW -> ok -> NO REALLY, STOP NOW IF YOU ARE BEING ASKED TO ENABLE THIS BY ANYONE -> ok -> alright, here ya go…)”.
This is kind of useless fear-mongering suited to no one’s threat model.
Are messages truly E2EE and they don’t share meta data? Yes? Then you’re fine. It needs a phone number for registration? OK, well buy a burner SIM card (you of course have several, right?) to register it if you’re that worried. Because if you’re already at a level where you’re THAT concerned about your phone number pinging for using a widely popular messaging app, then you have lost the game by even having a phone or sending messages to other humans who are the weakest link in the security chain anyway.
Considering that the Feds tried to make some government-compliant front end for Signal for idiot Hegseth to use to talk about national security stuff with the Vice President, I’d say that it’s probably fine for you to buy weed or whatever.
OK, well buy a burner SIM card
Illegal in many countries. SIM cards are attached to your real world identity.
And we shouldn’t depend on such archaic highly centralized technology like phone numbers from techinical perspective either, it is only like this because it is deeply entrenched and a very easily a suprisingly reliable form of identification and deanomization
Signal has too many red flags, but the biggest one is phone numbers and SIM cards. No application that wants to be secure against nation state spying relies on these.
I’ll add that if someone knowing your phone number is an actual threat to your safety, you should already know better about using something more anonymous.
Privacy ≠ anonymity
No, and they are supported by US gov (last check), so no good can come of that.
Do you’ve reference about it ?
Quick googling comes up with only people refuting this claim.
Sure, we had signal gate, but the way that was received should make it pretty clear that it’s not supported for official use.
Not supported for official use because it leaves no trace for the formal record. Not because Signal is insecure.
deleted by creator
people will still expect you to share phone numbers to talk in signal in my personal experience, I really don’t understand how they get so attached to such an archaic technology and often will refuse to use the alias system completely because remembering a random string of numbers is “simpler” somehow
deleted by creator
Signal has a backdoor - like many other apps. It’s private in most situations but not for all… The backdoor is there, and as such, it will never be as secure and private as it could, or should, be…
What are you referring to? I’ve read many security breakdowns of signal and nobody who knows what they’re talking about has ever mentioned a back door
Can you point it out so we can close it asap?
https://github.com/signalapp
(Iirc it’s up to date?)Thx!
(I’m critical of Signal, but “in this economy” is the best I can hope to switch my friends to.)
I don’t understand this & need some explanations (I’ve heard about the dev, it’s just USA stuff, much like Telegram mentioned Russian). Where exactly are the backdoors/the encryption compromised?
Sorry mate. I really don’t want to spend time writing exactly what I linked, and then explaining it in another way. English is not my main language, and I don’t want to spend a lot of time on it. I will recommend that you read this link a couple of times, and maybe the other link posted also - they explain it very well.
No worries, it’s not my main (or second) language either, it’s just that no backdoor is explained in that link.
I was just curious.
Oh, you think that they show you the actual door? They don’t - ever. But read the article again. Do you think that any agency will post millions into an app, where they don’t have a backdoor? The article clearly describes how the privacy part has been weakened.
Isn’t it open source?
Oh, you think that they show you the actual door? They don’t - ever.
In open source projects they indeed do show the backdoor. That’s is one of the key points of open source (along with free-ish terms of use). Closed source projects just say “there aren’t any” without showing anything.
I’ve said many times I’m critical of Signal & ready to switch, but backdoor seems unconfirmed. Even if probable on some level.
The biggest security issue in Signal is the requirement for phone numbers and SIM cards. This basically forces all Signal users to identify themselves, and makes Signal highly vulnerable to government spying.
Can I get the ETA for fixing this?
Requiring a Sim is not a backdoor and does not enable “spying”. I does allow knowing who is on the platform, who talks to who, when, and probably some more metadata issues. But its not a backdoor
It’s a huge security vulnerability that Signal devs refuse to fix.
Not more than using username and password. Phone number is a security risk be cause you can get Sim swapped. If you have the registration password it’s safe, but a government can request a bypass. However, if you had no phone number and used username and password, governments could still request a bypass
No, phone number is a risk because a phone number uniquely identifies a person. You need a government ID to get a phone number.
Then it’s a privacy issue. Not security
Does it really? Iirc, you can determine: when the account was made, and when the last message was sent. This doesn’t sound ‘highly vulnerable’ to me… Doesn’t permit inspection of metadata e.g. contacts, so as vulnerabilities go it’s pretty weak sauce
A phone number uniquely identifies a person because in most of the world you need a government ID to get a phone number or a SIM card.
Which means that if one account is compromised, then everyone that person talked to is also compromised. You know what they talked with whom. It’s an incredible security risk that Signal devs refuse to acknowledge or fix.
If your threat model is deanonymisation of chat users via phone numbers after one chat is fully compromised, then yeah I guess you need to register the accounts with relatively ‘untracable’ phone numbers (ie unregistered or incorrectly registered burner sims), but that’s not my threat model. I’m more concerned about server-side broad-spectrum government surveillance than I am about targeted device seizures. And of course there are mitigations even with data access on device seizure, provided you’re unwilling to provide device passwords. But, like, if you’re cooperating to the point of providing passwords you’re probably sharing what you know about other users identities anyway, so it’s a very niche case this applies to.
It’s the threat model. E2E encryption is a niche ‘nice to have’. Protecting the anonymity of people who have said nasty things about politicians is the most important thing a chat app needs to do. Signal is security theater until they fix this.
No the most important thing a chat app needs to do is send messages between the intended recipients making them unavailable to anyone else. Signal does this. You’re worried about ppl receiving messages and knowing who they’re from. Generally knowing where a message is from is considered a feature – if you want anonymous broadcast, pick a different technology that’s geared towards that
Afaik you don’t need a phone number for Signal (a “username” can substitute it, a few years back they added it).
(Also the phone number & IP was the security risk, not the messages, afaik.)
This however was a debate about a supposed backdoor (I otherwise agree about Signal & its USA basedness, I just remain glad it exists despite it
manyfew blemishes).You need a number to register, but not to comunicate
I tried to make a new account for my child recently. You need a number. It wouldn’t even work as a first signup on a wifi only tablet.
I tried to uninstall on my phone, set him up a new acct with a VoIP number then move the account to his tablet. It constantly failed when I uninstalled and put my account back on my phone.
You can only use one cellphone. Of you switch between two, it has to deactivate on the other.
Then you can have 4 or 5 other devices but that acct is tied to an activated cell phone and it gets screwy if you change that phone.
Molly (fork of Signal) allows you to use multiple phones https://github.com/mollyim/mollyim-android
So those posts they implemented this were lies?
Sad :(.
They implemented usernames to identify people so we could stop using numbers to find each other.
They still use numbers (cell and possibly device/network ids) they say to identify and secure (or so they say).
The idea is without access to your cell phone, nobody’s going to get access to decrypt your data.
Yeah, no, I get & like that, I just somehow specifically (obviously mis-)remember that they did away with phone number as a prerequisite for creating an account (everything still the same, just that the account can’t be reset).
:(
try to get a Signal account without a phone number. let me know if it works (hint: it won’t work).
crazy that no one’s posted the dessalines article yet https://github.com/dessalines/essays/blob/main/why_not_signal.md
hi. Do you have any suggestions for an app to replace it?
unfortunately not. matrix is probably a no because of this thread. i hear a lot of people saying briar is good but idk anything about it
Ok. Thanks anyway!
Briar is… Signal if you turned security up to 11. It comes with drawbacks, like if you are offline, you miss messages. You can get around it by using their mailbox, but that brings other issues (Securing a server).
do you know of any good in-depth analyses of its security? every time i decide on a new chat app someone has to point out something that totally ruins it lol
Like this?
https://www.opentech.fund/security-safety-audits/briar-security-audit/
Or more a techie in-depth review?
I can attest: Briar requires no PII to create an account, operates over the Tor network (Your device becomes an onion service, basically, for chat). And, it integrates with Ripple, an emergency wipe button app (As does signal).
I like it, because you can keep a blog, create forums, group chats, and a few other really cool features. It sucks down your battery life, though (It’s the notifs, and keeping an always-on server running).
i don’t want to make you do my googling for me but if you have anything else just on-hand i’d love to read it. i can’t trust the open tech fund because of its ties to the cia (see this paragraph by dessalines) but i’ll definitely look into briar
I would disregard, at least, that line of thinking. I mean, Tor was heavily funded by the CIA… However, it’s secure. Linux kernel is largely funded by the US government. However, it’s secure.
What dessalines is doing is called “poisoning the well”.
However, I’ll find some more, as I recently was looking into this.
Right now signal is the best. I’ve basically tried them al and at least for me, the known good confidentiality of messages is worth the lack of anonymous accounts. All the other options have issues or have not been properly verified / audited.
When simplex is ready, it will be the best by a lot. But right now you might randomly lose contacts and a few different
Secure and private or anonymous are very different things and nearly impossible to do both at the same time and still make it user friendly. Signal is secure, not fully private or anonymous.
Signal is secure, not fully private or anonymous.
Why do people think this secure vs private distinction is in any way meaningful. I don’t want a US service to have my phone number, or spy on me, and have social network graphs, period.
Why is the US government being able to spy on me considered “secure”?
Because you trade privacy for convenience. You could have a totally private communication platform, but you’d need to trade current IP addresses of your devices if there’s no users and no centralized routing server or at least a list of what device is associated what person.
It’s secure because people can’t read the content of your message. It’s not private because people can find you with your phone number or username and associate encrypted message packages with the sender and receiver so they know who you called and when, but not what you said.
So if your contacts are tech savvy enough to call you to get your current unique IPv6 address, something that Android doesn’t really support out of the box, and IPv4 often won’t work due to layers of routing caused by the world running out of addresses, or some other unique network identifier, and there are no firewalls between you or they’ve all been configured appropriately to allow the particular message protocol then you could send simple IP Messages to each other.
But as long as you want to use a system that routes messages and has a user database, that central location will always be a privacy hole.
Anything that touches greed-incentivizing cr*ptocurrencies turns to shit. Use Matrix, XMPP, or Tox instead.
✍︎ arscyni.cc: modernity ∝ nature.
I couldn’t find any sources regarding this topic
