Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong
www.wired.com
external-link
On its 10th anniversary, Signal’s president wants to remind you that the world’s most secure communications platform is a nonprofit. It’s free. It doesn’t track you or serve you ads. It pays its engineers very well. And it’s a go-to app for hundreds of millions of people.
lnxtx
link
fedilink
563M

I hope they don’t arrest them too.

The very fact that there have never been any attempts in the west to stop Signal from operating says volumes in my opinion.

Possibly linux
link
fedilink
-3
edit-2
3M

She’s in the US

Say what you will about US but they are pouring money into the cyber security industry

Dude, it’s a non-profit, and their biggest contribution is money that was made by selling WhatsApp to Facebook. Cuz the guy just couldn’t live with what happened to his creation.

She has her hand in too many strategic places, unlike Telegram.

employed at Google for 13 years

speaker at the 2018 World Summit

written for the American Civil Liberties Union

advised the White House, the FCC, the FTC, the City of New York, the European Parliament, and many other governments and civil society organizations

It’s a pleasing thought, of course, that an influential person may have morals and good goals (and nice looks).

But since there’s no way to know for sure, I think I’ll just stop trying to classify those names into good and evil.

@TCB13@lemmy.world
link
fedilink
-29
edit-2
3M

They won’t there’s no need. Their clients are garbage and they’re most likely backdoored anyways. This action against Telegram is only happening because they can’t get inside it, they can’t backdoor it nor corrupt anyone. If they were able to do that they wouldn’t be doing this.

Telegram isn’t even E2EE

@TCB13@lemmy.world
link
fedilink
1
edit-2
3M

If you don’t turn on the secret chat feature it wont be, yes. However if E2EE was the only deciding factor for a gov to go against an App then they woudln’t be going after Telegram. The fact that govts are going so hard at telegram simply proves that even when the company has access to all our chats they don’t actually provide them to said govts.

I’m not saying telegram is good from a security perspective, I’m just saying that event without E2EE and all the modern wonders govts can’t still get in because the company doesn’t indulge their requests.

No matter how good the protocol or client encryption, your privacy is only as good as your own physical security for the device in question.

Given that if you lose your private key, there is no recovery, I would be surprised if there were real back doors in the clients. Maybe unintentional ways to leak data, but you can go look for yourself: https://github.com/signalapp/Signal-Android

They have one for each client.

As an example of this, I believe SexyCyborg got in trouble for reporting on leaks via people’s 3rd party Chinese language keyboards. So her theory is that the keyboard apps people had installed leaked data when Hong Kong protesters were communicating with the press, rather than the actual Signal app. But… as stated above, people have to take responsibility for their device and in this case, they had chosen to install apps with leak issues into the communication process.

socsa
link
fedilink
53M

This is precisely why opsec is more than just an app.

Leaky keyboards are a possibility, but what is actually far more likely is just that someone on the signal group chat was a mole who was archiving the traffic for the party. Signal has since made efforts to bring anonymous accounts to the platform, which will help thwart such attacks. Though against a state actor it is still not enough unless you take additional measures to obfuscate traffic. And then that still doesn’t protect you against some CCP brownshirt from tailing you and then snatching your phone out of your hand when you unlock it.

Leaky keyboards are more than a possibility. Sogou, the biggest one for Chinese typing, got found out a year or so ago for having terrible client-server encryption. They fixed it in an update, but many people didn’t get the update - not to mention it’s still sending every keystroke to Tencent (are the owners I think?) so they could also be saving and analysing private typing anyway.

deleted by creator

Maybe unintentional ways to leak data,

Yeah, that’s what I think it may be. Just like Apple reporting on all apps you open on un-encrypted HTTP calls and a few other things.

sunzu2
link
fedilink
23M

are you talking about phone notification bullshit and google got caught reporting to government with no warrants.

Signal’s defaults are pretty good about that. Push notifications are both opt-in and the information they send can be selected by the user. You can have it say “new message” and that’s it. Or the senders name. Or the whole message.

I agree that it’s not intuitive that that’s a leak to most people, but push notifications are kind of wonky how they work.

Not that the action against Telegram is right, but there’s a big difference between what Signal and Telegram is doing.

Indeed there is, one is an op funded by US intelligence agencies and the other is a platform that the US has no control over.

Telegram is available on F-Droid. Signal is not. Whatever is Signal doing, it’s pretty bad.

The folks at F-Droid have said that Signal would certainly qualify, but Signal doesn’t want multiple channels out there. F-Droid is just honoring their wishes.

Are you developing your opinions based on vibes or have you actually audited their software yourself (you are free to do so both client and federation server code)?

If you audited it, have you produced an actual report with metrics and points of reference for your data points?

Doesn’t take away the fact that not being on F-droid is a huge issue and says a lot about how much they care about privacy and security.

This person has been running around spreading FUD in every post about this

It’s what Ive come to expect from the lemmy.ml instance and I finally blocked the entire instance.

But you still post in lemmy.ml/privacy?

It’s actually sad, even though I’m a libertarian, tankies and in general marxists could have made a good input into our future. But if they can believe in Telegram being secure because of vibes and not even doing basic research, they’ve already lost.

Heeey I am also a libertarian, I just tend towards left libertarian. Back to the point of discussion, I find it difficult to ha e a meaningful conversation with the tankies or in general anyone from lemmy.ml . The discussions tend to lack any real data and feel entirely vibe based OR it’s apologist bullshit for Russia.

Like it’s cool if you like communism and have a philosophy based around why you think it’ll help humanity. I can politely disagree but still listen and discuss. It’s quite another to just be a complete dipshit and say “Ukraine had the invasion coming” (actual quote I’ve seen).

I’m actually sympathetic to anyone having an ideology not to help their identity, but trying to imagine a structure that works.

Ancaps are expected to be good in that regard, tankies are expected to be bad in that regard, but in general there are good and bad people in any group. I’ve met almost (the premise of racial difference in quality is still wrong obviously) reasonable Nazis, and not alt-rights at that, but real honest Nazis.

I’ve been excited about Trotskyism at some point, because while there are problems with their proposed ideal state (which is similar to what’s described in Norbert Wiener’s “Cybernetics”), they have a proposed mechanism and it’s been even tested in Rojava (their bigger issue is with armed apes around them though, and also with the USA abandoning them after not needing them against ISIS).

Otter
link
fedilink
343M

Would you have more info on the differences? I was wondering the same thing, but I don’t know enough about Telegram to compare

She responds to this point in the interview.

Signal always responds to authorities when they ask for data, and they give them all they have: the day they registered, their phone number and the timestamp they last used the app.

Telegram has unencrypted channels of drug dealing, and what I heard is a lot of illegal porn too. The authorities want information on certain users there and Telegram doesn’t comply. This is directly against the law Signal is not breaking, because they always send all the data they have to the law enforcement.

Is it time stamp of last usage, or time stamp of all messages?

Hilarious that it’s impossible. They don’t even horde your data.

Telegram is a propaganda weapon in some sense, between two worldviews - one is “a good service doesn’t require trust, because they physically can’t sell you”, another is “a good service you can trust because they won’t sell you”. And Telegram helps the latter.

So frankly - kill it with fire. Sadly I’m in Russia and everybody uses it here.

sunzu2
link
fedilink
103M

while not wrong context matters, US social media companies also enable human, weapons, and drug trafficking. they play a role in a few genocides too.

but the western regime does not care.

Pasta Dental
link
fedilink
2
edit-2
3M

All of the illegal stuff like that that I’ve seen around on social media always linked to telegram channels. Most of the time what you see on regular social media are bots advertising the telegram channels, where the real people are at

But they give their data when the officials ask. That is all that matters. And I seriously hope none of us uses Telegram or WhatsApp to any discussions. Use Signal because that is so far pretty unbreakable.

Telegram is already in the hands of that tiny Russian old man and WhatsApp is owned by a lizard.

Yeah, try telling your family, friends, colleagues, therapist to use Signal.

Did so years ago. Everybody uses it from my family and friends. I’ve had a very active group chat there for eight years with friends. My mom uses it actively, even calls me using Signal. My partner knows it is the best chat app and actively uses it.

I just asked ages ago for everybody to switch to signal, they valuated the features and for a group chat automatically deleted messages and strong encryption were really interesting for everybody. Now we can shoot shit in a group chat without needing to worry that the logs are stored somewhere forever.

Yeah, I’m trying to convince everyone to start using signal before the slide towards fascism turns into a drop

Same. I also sell the fact that it works xPlatform perfectly, so no more Android/SMS/iMessage fuckery happening.

I’m no authority on it but from what I’ve read it seems to have more to do with the social features of telegram where lots of content is being shared, both legal and illegal. Signal doesn’t have channels that support hundreds of thousands of people at once, nor media hosting to match.

And it’s sad that it doesn’t. Because that’s why people use Telegram.

Media hosting - we-ell, I suppose something similar to bittorrent (or just sharing encrypted files over bittorrent) would do to back such a system?

Telegram’s channels are like blogs, they have reactions and comment links leading to a groupchat associated with a channel.

It’s basically a social network in an instant messenger format.

Telegram is socially , in terms of finding a market niche, the smartest thing of what’s happened in the Internet recently. Durov really is a good businessman.

socsa
link
fedilink
14
edit-2
3M

Right, the French authorities are going to present evidence that this dude was aware of specific illegal activity and refuse to comply with a legal warrant involving said actively, making him guilty of obstruction at best, and possibly conspiracy. Signal complies with warrants, they just don’t have anyone’s keys. Telegram has everyone’s keys, and theoretically could turn them over but they refuse. That’s a huge difference from a legal perspective.

Thank you. I’m going to restate your explanation to be sure I’ve got it:

  • authorities want platforms to comply with legal requests
  • when Signal gets a subpoena, they open the key locker and show that it’s empty. They provide the metadata they can (sign up date and last seen date, full stop) and tell authorities they can’t do better.
  • when Telegram gets a subpoena, they open the key locker and show all the keys, then slam it shut in the face of the investigator, telling them to get bent.
  • conclusion: it’s easier to never have the keys in the first place than to tease the government with them

It’s easier, but Telegram’s authors are from Russia. They psychologically can’t accept that “never have the keys” thing. They want to have control and they want to be able to tell “yes” to the investigator, possibly for something in return.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3K Posts
  • 75.4K Comments
  • Modlog