Privacy

42411 readers

587 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

If it ask for your phone number its not private. (lemmy.ml)

submitted 1 day ago by lunatique@lemmy.ml to c/privacy@lemmy.ml

75 comments fedilink hide all child comments

Nowadays, a majority of apps require you to sign up with your email or even worse your phone number. If you have a phone number attached to your name, meaning you went to a cell service/phone provider, and you gave them your ID, then no matter what app you use, no matter how private it says it is, it is not private. There is NO exception to this. Your identity is instantly tied to that account.

Signal is not private. I recommend Simplex or another peer to peer onion messaging app. They don't require email or phone number. So as long as you protect your IP you are anonymous

you are viewing a single comment's thread
view the rest of the comments

[–] dasgewisseextra@sh.itjust.works 0 points 1 day ago (1 children)

https://en.wikipedia.org/wiki/Tor_(network)#History

[–] corvus@lemmy.ml -4 points 1 day ago* (last edited 1 day ago) (2 children)

Since when is encryption dependent on the service’s jurisdiction?

The US has a law that applies to any US company operating within its borders: it is illegal to tell your users that the US government has asked your company to spy on their behalf. This is called a key disclosure law, and the US's version of it, called National Security Letters, underwent an expansion with the PATRIOT act; by 2013, President Obama’s Intelligence Review Group reported issuing on average, nearly 60 NSLs every day.

Companies that don't comply with this law are forced to shut themselves down, or remain open, and grant access to user communications to the US government. The Signal foundation is a US domiciled company and must comply with this law without being able to disclose that they have been issued an NSL letter.

Luckily we don’t yet live in that world

Comply with the government order of granting access to messages or shut down implies that we are already in that world, long ago. What makes you think that what happened to Lavavit and Silent Circle would not happen to Signal? Only wishfull thinking can make you think that, evidence tells you otherwise.

[–] Mensh123@lemmy.world 3 points 17 hours ago

Signal is free and open-source. It cannot be denied that basically everything, including minor details like usernames, is end-to-end encrypted and kept secure. The Signal protocol has been proven to be secure by many independent experts and thus it is mathematically impossible for Signal to gain access to your sensitive information (except for your phone number, obviously).

A phone number alone just won't do much.

[–] PowerCrazy@lemmy.ml 12 points 1 day ago* (last edited 1 day ago) (1 children)

Ok government here are the messages i'm legally required to provide you.

U2FsdGVkX1/FEry+/NeyfmzA3icvpchwSo5qySzajv87f9PwhJyog+zS1Qv+j8bzYXG5sCLZMbFqUJn9Cp7RkVY79wuUArUaxE59LtdO0LKT+0+d220DxFVioHe8Vlaq

[+] corvus@lemmy.ml -6 points 1 day ago* (last edited 1 day ago) (1 children)

If it's so easy why Lavabit and Silent Circle had to shutdown?

[–] dysprosium@lemmy.dbzer0.com 6 points 1 day ago (1 children)

Do you understand what encryption means? Genuine question.

If a company is compelled to spy on its users, it doesn't mean hack them. (although perhaps there are same edge cases where you have to wonder the exact definition of hacking)

[–] corvus@lemmy.ml -3 points 17 hours ago* (last edited 17 hours ago) (1 children)

Obviously you are missing the point. Even Gmail is private if you are going to do the job of encrypting your messages by yourself, but that's irrelevant with what we are discussing here.

What we are discussing here is that if you are a company offering a service of encrypted communications located in the US, the government has all the power to force you to shut down if you don't give them access to what they want. And that's not speculation, they're actively doint it because they are backed by the law.

Why people are so naive thinking that the government are not going to do something to get what they want when the law is on their side, when sometimes they don't hesitate to do it even when it's blatantly illegal?

The only way to avoid surveillance is with free, open source and descentralized software. If there is a company in charge of running the software that's a vulnerability and, like the cases already mentioned, those in power are going to exploit it shutting the service down if the company doesn't comply.

It doesn't matter how much you like or trust the service, there's simply no reason why they wouldn't do it again when they already dit it successfuly. Why some people who care about privacy can't see this obvious fact is beyond my understanding.

[–] dysprosium@lemmy.dbzer0.com 1 points 1 hour ago

Alright I think I know what you mean, but I'm still not sure we're actually on the same page regarding encryption.

If a company is forced to do whatever ths government commands it to do, that's only valid within certain constraints.

For example, the company cannot be forced to grow wings snd fly to thr heavens. That's physically impossible.

Similarly, it also cannot provide the decrypted messages of its users because it (like Signal) does not have the KEYS that are absolutely 100% necessary for decrypting the encrypted messages of its users. So, again, it's physically impossible to hand over either the keys or the decrypted messages.

However, there is one remedy that Signal CAN do, if somehow forced. That's changing the Signal program. It certainly can push an update that sends Signal the keys for decryption.

However, at that point, the source code at github doesn't match the compiled binary of the program anymore, and very good chance people would notice, and thereby people would lose trust in Signal.

I'm not sure about the examples you gave about the government being successful in obtaining user details of a company. Were those details encrypted as well? Was the source code publically available? Was the program popular?