Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong
Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong
On its 10th anniversary, Signal’s president wants to remind you that the world’s most secure communications platform is a nonprofit. It’s free. It doesn’t track you or serve you ads. It pays its engineers very well. And it’s a go-to app for hundreds of millions of people.
You're viewing part of a thread.
Once again, even if this is the way things worked back in 2016 there is no guarantee they still work like that today.
You have to trust someone. You're not building all your software and reading every line yourself are you?
While there's no guarantees, Signal continues to produce evidence that they don't collect data. Latest publication August 8th, 2024: https://signal.org/bigbrother/santa-clara-county/
The code is open has had a few audits: https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
This is the whole problem with a trust based system
Can you point me to a working trustless system? I'm not sure one exists. You might say peer-to-peer systems are trustless because there's no third party, but did you compile the code yourself? did you read every last line of code before you compiled and understood exactly what it was doing?
It's absolutely shocking to me that people have such a hard time accepting this basic fact.
What's shocking to me is the lack of understanding that unless you're developing the entire platform yourself, you have to trust someone at some point and Signal continues to post subpoenas to prove they collect no data, has an open source client/server, provides reproducible builds and continues to be the golden standard recommended by cryptographers.
I would recommend to anyone reading this to rely on the experts and people who are being open and honest vs those who try to push you to less secure platforms.
You have to trust someone. You’re not building all your software and reading every line yourself are you?
No, you don't have to trust anyone. That's literally the point of having secure protocols that don't leak your personal data. 🤦
Signal made an intentional choice to harvest people's phone numbers. The rationale for doing that is very thin, and plenty of other messengers avoid doing this. The fact that Signal insists on doing that is a huge red flag all of its own.
The code is open has had a few audits
Only people who are actually operating the server know what's running on it. The fact that Signal aggressively prevents use of third party clients and refuses to implement federation that would allow other servers to run is again very suspect.
Can you point me to a working trustless system?
SimpleX, Matrix, Briar, and plenty of other chat systems do not collect personal data.
You might say peer-to-peer systems are trustless because there’s no third party, but did you compile the code yourself? did you read every last line of code before you compiled and understood exactly what it was doing?
The discussion in this thread is specifically about Signal harvesting phone numbers. Something Signal has no technical reason to do.
What’s shocking to me is the lack of understanding that unless you’re developing the entire platform yourself, you have to trust someone at some point and Signal continues to post subpoenas to prove they collect no data, has an open source client/server, provides reproducible builds and continues to be the golden standard recommended by cryptographers.
Kind of ironic that you've exposed yourself as being utterly clueless on the subject while accusing me of lack of understanding.
I would recommend to anyone reading this to rely on the experts and people who are being open and honest vs those who try to push you to less secure platforms.
I would recommend anyone reading this to rely on rational thinking and ignore trolls who tell you to just trust Signal. Privacy and security are not based on trust, and if you ask any actual expert in the field they will tell you that.
No, you don’t have to trust anyone. That’s literally the point of having secure protocols that don’t leak your personal data. 🤦
Unless you're reading all the code, understand the protocols, and compiling yourself you are placing your trust in someone else to do it for you. There's no way around this fact.
You suggest SimpleX, Matrix, and Briar (which I believe are great projects btw, I've used them all and continue to use SimpleX and Matrix) but have you read the code, understand the underlying protocols, and compiled the clients yourself or are you placing your trust in a third party to do it for you? Be honest.
I will agree though, if you absolutely do not trust Signal, you should use Briar or SimpleX, but neither are ready for "every day" users. Briar doesn't support iPhones so its basically dead in the water unless you can convince family/friends to switch their entire platform. SimpleX is almost there but it still continues to fail to notify me of messages, continues to crash, and the UX needs significant improvement before people are willing to put up with it.
The discussion in this thread is specifically about Signal harvesting phone numbers. Something Signal has no technical reason to do.
Let me give you a history lesson, since you seem to have no clue about where Signal started and why they use phone numbers. Signal started as an encryption layer over standard text/SMS named TextSecure. They required phone numbers because that's how encrypted messages were being sent. In 2014, TextSecure migrated to using the internet as a data channel to allow them to obscure additional metadata from cell phone providers, as well as provide additional features like encrypted group chats. Signal continued to use phone numbers because it was a text message replacement which allowed people to install the app and see all their contacts and immediately start talking to them without having to take additional action - this helps with onboarding of less technical users. Fast forward to today and Signal is only using phone numbers as a spam mitigation filter and to create your initial profile that is no longer being shared with anyone unless you opt into it.
Now, you can say they're collecting phone numbers for other nefarious purposes but they publish evidence that they don't. Will they ever get rid of phone numbers? Unlikely unless they figure out a good alternative to block spam accounts.
Privacy and security are not based on trust
You're 100% right. If you read the code, understand the protocols, and build the clients from source, you don't have to trust anyone 😊
Unless you’re reading all the code, understand the protocols, and compiling yourself you are placing your trust in someone else to do it for you. There’s no way around this fact.
That's why you have a lot of eyes on the code and security experts who dedicate their research to finding flaws and breaking algorithms. It's certainly a very different scenario from simply trusting people who run a server. The fact that this even needs to be said is frankly phenomenal. There's also a concept of reproducible builds, so even if you're not compiling everything yourself you can be reasonably sure that what's package in the binary was in fact compiled from the source. Again, these are solved problems.
SimpleX is almost there but it still continues to fail to notify me of messages, continues to crash, and the UX needs significant improvement before people are willing to put up with it.
If people genuinely care about privacy then it's important to promote apps that actually care about privacy by design and invest in improving these apps instead of just perpetuating the problem by recommending Signal. Even Matrix is far better in terms of privacy and it's plenty mature at this point.
Let me give you a history lesson, since you seem to have no clue about where Signal started and why they use phone numbers.
I'm well aware of the history, and the justifications. The fact remains is that I simply do not trust Signal knowing where it originates.
Fast forward to today and Signal is only using phone numbers as a spam mitigation filter and to create your initial profile that is no longer being shared with anyone unless you opt into it.
The correct statement is that Signal claims to do this, there is no way for an outside party to verify that this is actually the case, hence why it comes down to you taking what people operating Signal say on faith.
You’re 100% right. If you read the code, understand the protocols, and build the clients from source, you don’t have to trust anyone 😊
Trusting countless researchers an security experts to read the code, understand the protocols, and provide reproducible builds, is a lot better than trusting a sketchy US company that was started by the CIA and NED. I guess that's a concept that's difficult for some to wrap their head around though.
Even Matrix is far better in terms of privacy and it’s plenty mature at this point.
I would disagree, this guy's been finding issues and reporting them to Matrix for a while now and appears to find them every time he glances at the project. I LOVE Matrix. I would recommend it over Discord, Telegram etc, but I would not recommend Matrix over Signal.
The fact remains is that I simply do not trust Signal knowing where it originates.
This is fair. No critique against this stance.
Trusting countless researchers an security experts to read the code, understand the protocols, and provide reproducible builds,
I agree! Trust the countless researchers, security and cryptography experts.
... is a lot better than trusting a sketchy US company that was started by the CIA and NED.
You're gonna have to cite your sources.
I would disagree, this guy’s been finding issues and reporting them to Matrix for a while now and appears to find them every time he glances at the project.
Issues being found with technology is perfectly normal, and in fact contradicts your whole previous argument. People do find flaws, and then these flaws get fixed, and things get more secure in the process. That's how things work. However, the key difference is that Matrix doesn't harvest metadata like phone numbers by design while Signal does. That's not a problem that has been identified but cannot be fixed because Signal is central server that's controlled by a US company.
I agree! Trust the countless researchers, security and cryptography experts.
I love how I've addressed this numerous times but you're still unable to understand the difference. Trusting that the protocol works correctly is different from trusting people operating a server. Clearly this is a concept that is beyond your comprehension.
You’re gonna have to cite your sources.
Maybe go read up on where Signal comes from instead of spending your time trolling here. http://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia
Matrix doesn’t harvest metadata like phone numbers by design while Signal does.
You're right, Matrix doesn't ask for a phone number but it damn sure leaks metadata like a sieve. Unless things have significantly changed in the last year, here's a list of things Matrix can see about you in an encrypted room, that an app like Signal cannot:
- Your content
- Your username
- Your display name
- Your avatar
- Your rank within the room (admin, moderator, etc)
- The Sent date of every message
- A link to every message you responded to (the contents of which are encrypted)
- Every emoji reaction you send, and to which message
- (If on your home server) your IP address
- The room content
- The room name
- The room icon
- The room description
- The room membership
- Your changes
- The time and message ID of messages you edit
- The time and message ID of messages you delete
- A history of rank changes (promotions, demotions) and who changes your rank
- A history of things you do to other users, if appropriate
- Room changes
- Who enters the room and when
- Who leaves the room and when
- Who gets promoted/demoted and when
- Changes to the room name, avatar, description, etc - when they happened-
I love how I’ve addressed this numerous times but you’re still unable to understand the difference. Trusting that the protocol works correctly is different from trusting people operating a server. Clearly this is a concept that is beyond your comprehension.
I clearly understand the difference, what you fail to address is that at the end of the day you are placing your trust in a third party, whether its the code, the protocols or a back-end server. Matrix removes the server if you host your own and never interact with other instances, but otherwise, you're still trusting the code and the protocols and that - as I've pointed out above - that what you're recommending isn't already leaking tons of data. And don't get it twisted, I'm ROOTING for Matrix, it just has a long way to go to address issues that Signal clearly identified early on would hold back the platform (federation + third party clients).
Maybe go read up on where Signal comes from instead of spending your time trolling here. http://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia
I know what you're talking about but you don't want to bring it up because its all tinfoil hat wearing flat-earth conspiracy theory web of poorly connected dots. Your response is the MAGA equivalent of "do your research". I've done my research. The onus is on you to bring forth the evidence. To quote Carl Sagan, "Extraordinary claims require extraordinary evidence". Don't try and connect dots that don't back up your claim and stand proud behind what's at best poorly thought out misinformation.
You’re right, Matrix doesn’t ask for a phone number but it damn sure leaks metadata like a sieve. Unless things have significantly changed in the last year, here’s a list of things Matrix can see about you in an encrypted room, that an app like Signal cannot:
None of the thing you listed are personally identifying information. I have to ask at this point, do you even understand what personally identifiable information is?
I clearly understand the difference, what you fail to address is that at the end of the day you are placing your trust in a third party, whether its the code, the protocols or a back-end server.
If you can't understand the fundamental difference between trusting that an algorithm is provably safe mathematically vs putting trust into some random people then it's clear that a rational discussion is not possible with you.
I know what you’re talking about but you don’t want to bring it up because its all tinfoil hat wearing flat-earth conspiracy theory web of poorly connected dots.
Imagine saying that without a hint of irony after Snowden revelations. Either you're a troll or the most gullible person to have ever walked this planet.
I'm going to stop replying to you here because I've said all there is to say on the issue and we're just going in circles. I think that you understand the problems with Signal perfectly well, as will anybody reading this thread. It's pretty clear that you're intentionally trolling, and there's no point continuing to engage with you. People can make their own mind whether they want to put their trust into a CIA outfit or not.
Imagine saying that without a hint of irony after Snowden revelations
Funny enough, "Edward Snowden has reiterated his faith in the Signal app by saying that he uses it every day." - published 2021.
I’m going to stop replying to you here because I’ve said all there is to say on the issue and we’re just going in circles.
Same here, lets end this amicably and find common ground. I think we're both pushing for what we believe is best in attempts to guide people towards a secure platform, can we both at least agree that SimpleX is superior under more threat models compared to other messengers, even if it does have a few UX issues it needs fix?
I do think we can agree that SimpleX approach is the way to go long term. Cheers.
- Your content