You're missing the #1 reason organized criminals prefer their own service. To have trusted staff who control everything — the servers, code development & deployment — whom can't be ordered by a court to shut off access to individuals at any time, or provide metadata, eavesdrop, etc.
The weakest link with legal services like Signal is that they can be compelled by law enforcement, the judicial system, and government... That's an enormous risk for any organized crime operation. Even a minimal amount of metadata collection can do a lot of damage, especially if it's analyzed over months/years, and especially when performed by an advanced persistent threat actor like a nation state.
I think you're both right. I think the non-stupid people with successful self-developed systems simply aren't talked about, because they don't get caught, because they're not stupid.
It probably depends on the level of the criminals and organized crime groups. I saw this Youtube video a couple weeks ago that talks about the history of how organized crime groups were using encrypted communication https://www.youtube.com/watch?v=gigIOc_0PKo (And how they were honey-potted by the FBI to use an FBI-hosted service, lol)
Organized crime groups that make 100s of millions should be capable enough to hire skilled developers and sysops to host self-managed services. At some point if they make enough money, investing in self-managed communication becomes preferable over using telegram or signal.
There are multi million companies that get hacked left and right, money does not mean intelligent security measures.
Also, best option is the big ones, anyone who wants real security and privacy should use something that already exists. Sure, maybe not signal (even though for anything less then a state actor it is plenty) but there are plenty of self-hosted or decentralized communication apps out there.
Anyone who builds their own app is very likely making a bad decision.
Just a reminder that one of the most wanted man in the world by the most capable state in the world (Snowden) is using signal
Theoretically signal only has your phone number and time of sign up which means theoretically it shouldn't matter if the legal system asks them for information.
... theoretically. In practice if the NSA used a secret court order that banned them from talking about it and made them update the app to reveal plaintext for one particular person, I don't see how they could get out of that (other than by breaking the law and risking jail).
I think the chances of that are very small though.
Yea and if a nation-state knows your phone number, they can track your exact whereabouts in real-time. Let's not pretend like we know better than them about what information matters :)
...yeah and if they went to signal to ask about you they're going to provide signal your phone number as it's the only identifier they have in their system...so the nation state already had that to begin with, it isn't sensitive info despite what it can be used for.
You're missing the #1 reason organized criminals prefer their own service. To have trusted staff who control everything — the servers, code development & deployment — whom can't be ordered by a court to shut off access to individuals at any time, or provide metadata, eavesdrop, etc.
The weakest link with legal services like Signal is that they can be compelled by law enforcement, the judicial system, and government... That's an enormous risk for any organized crime operation. Even a minimal amount of metadata collection can do a lot of damage, especially if it's analyzed over months/years, and especially when performed by an advanced persistent threat actor like a nation state.
I disagree, stupid self developed systems leak so much more, I think the number 1 reason is, surprise surprise, stupid people.
Also plenty of criminals and organized crime also use standard tools like telegram (which is way worse then signal)
I think you're both right. I think the non-stupid people with successful self-developed systems simply aren't talked about, because they don't get caught, because they're not stupid.
It probably depends on the level of the criminals and organized crime groups. I saw this Youtube video a couple weeks ago that talks about the history of how organized crime groups were using encrypted communication https://www.youtube.com/watch?v=gigIOc_0PKo (And how they were honey-potted by the FBI to use an FBI-hosted service, lol)
Organized crime groups that make 100s of millions should be capable enough to hire skilled developers and sysops to host self-managed services. At some point if they make enough money, investing in self-managed communication becomes preferable over using telegram or signal.
There are multi million companies that get hacked left and right, money does not mean intelligent security measures.
Also, best option is the big ones, anyone who wants real security and privacy should use something that already exists. Sure, maybe not signal (even though for anything less then a state actor it is plenty) but there are plenty of self-hosted or decentralized communication apps out there.
Anyone who builds their own app is very likely making a bad decision.
Just a reminder that one of the most wanted man in the world by the most capable state in the world (Snowden) is using signal
Theoretically signal only has your phone number and time of sign up which means theoretically it shouldn't matter if the legal system asks them for information.
... theoretically. In practice if the NSA used a secret court order that banned them from talking about it and made them update the app to reveal plaintext for one particular person, I don't see how they could get out of that (other than by breaking the law and risking jail).
I think the chances of that are very small though.
There is legislation in Australia that allows precicely this. Then 5 eyes or Interpol or whatever for everyone else.
...that's a terrifying but also plausible prospect. Guess it's a reason not to use the published app and instead build it yourself.
Yea and if a nation-state knows your phone number, they can track your exact whereabouts in real-time. Let's not pretend like we know better than them about what information matters :)
...yeah and if they went to signal to ask about you they're going to provide signal your phone number as it's the only identifier they have in their system...so the nation state already had that to begin with, it isn't sensitive info despite what it can be used for.