Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong
www.wired.comOn its 10th anniversary, Signal’s president wants to remind you that the world’s most secure communications platform is a nonprofit. It’s free. It doesn’t track you or serve you ads. It pays its engineers very well. And it’s a go-to app for hundreds of millions of people.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.82K Posts
- 70.7K Comments
- Modlog
No matter how good the protocol or client encryption, your privacy is only as good as your own physical security for the device in question.
Given that if you lose your private key, there is no recovery, I would be surprised if there were real back doors in the clients. Maybe unintentional ways to leak data, but you can go look for yourself: https://github.com/signalapp/Signal-Android
They have one for each client.
As an example of this, I believe SexyCyborg got in trouble for reporting on leaks via people’s 3rd party Chinese language keyboards. So her theory is that the keyboard apps people had installed leaked data when Hong Kong protesters were communicating with the press, rather than the actual Signal app. But… as stated above, people have to take responsibility for their device and in this case, they had chosen to install apps with leak issues into the communication process.
This is precisely why opsec is more than just an app.
Leaky keyboards are a possibility, but what is actually far more likely is just that someone on the signal group chat was a mole who was archiving the traffic for the party. Signal has since made efforts to bring anonymous accounts to the platform, which will help thwart such attacks. Though against a state actor it is still not enough unless you take additional measures to obfuscate traffic. And then that still doesn’t protect you against some CCP brownshirt from tailing you and then snatching your phone out of your hand when you unlock it.
Leaky keyboards are more than a possibility. Sogou, the biggest one for Chinese typing, got found out a year or so ago for having terrible client-server encryption. They fixed it in an update, but many people didn’t get the update - not to mention it’s still sending every keystroke to Tencent (are the owners I think?) so they could also be saving and analysing private typing anyway.
deleted by creator
Yeah, that’s what I think it may be. Just like Apple reporting on all apps you open on un-encrypted HTTP calls and a few other things.
are you talking about phone notification bullshit and google got caught reporting to government with no warrants.
Signal’s defaults are pretty good about that. Push notifications are both opt-in and the information they send can be selected by the user. You can have it say “new message” and that’s it. Or the senders name. Or the whole message.
I agree that it’s not intuitive that that’s a leak to most people, but push notifications are kind of wonky how they work.
Not only that, https://sneak.berlin/20201112/your-computer-isnt-yours/