215
Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: https://text.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases
Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it's important.
https://xcancel.com/hannahcrileyy/status/2034273723667161480#m
I really don't get the big "use signal" push at this point in time because even if it's private and the encryption is solid, it's a fucking American company. It's so easy for letter agencies to get information on their users from them, don't you realize that they can't refuse to give out your number if they ask for it and that once they have that your identity and location are immediately and thoroughly compromised? If you are subject to US jurisdiction and could be seen in any way as opposing its government, I really don't think you should be using it.
i'm convinced the big push for signal is a CIA op. not that it's necessarily signal's fault, it could be and it could not, but setting signal as the defacto private alternative is weird.
better than whatsapp at least i guess, but that's a low ass bar to clear.
We know it's an op, RFA does damage control for signal:
All giving out your number provides is that you have ever used Signal.
They're saying ever using a private chat service is terrorism. That's not really on Signal.
All your phone number provides is that you have ever used signal? Not what tower you're connected to and therefore approximate realtime location? Your full identity via your telco? Social graph and history of your calls and texts?
I'm not saying it's their fault or that they are volunteering any information, but that's how it is for any US-based corporation (doesn't matter if it's a nonprofit, any legal entity that can be subpoenaed)
This is fundamentally not how Signal works, but you are generally correct in that a phone number has been shown to provide a lot of context for a person (or a device, at least). But Signal (the app) only uses a phone number for initial verification of an account. You have a lot of options to break that association with you - use a landline and get a call verification code, use a VoIP number (assuming you trust the provider), use a burner SIM, etc.
Once you have an account, you can choose to identify yourself on the network solely via username so the registration number is not presented to other users. The Signal protocol itself is well-audited and generally secure.
If your issue is with Signal the American company, use an open source fork like Molly with your own UnifiedPush instance. Then you're only trusting them with transport of your encrypted messages, which again have shown to be secure at least in public audits.
The government already has access to every phone number in existence. They can already track every phone to figure out who attended a protest or whatever. Filtering down to "all phone numbers who've ever connected to Signal" doesn't exactly narrow anything down. They don't have any metadata about who you were chatting with.
They used to publish them in big books, even
that's precisely why you should not trust services that require it. phone number = identification.
Because its one of the only popular secure methods of communication thats app based.
It's not a company it's a nonprofit foundation. And they've been audited many times by independent auditors.
Sorry but both points are irrelevant, nonprofit foundations can still be forced to turn over user information. That is part of following the law so nothing that would need to be hidden to auditors, unless you were talking about encryption audits which is completely besides the point
What data is there for Signal to turn over? Can you prove that they're keeping messages or logs on their servers that have 'disappeared' from all the associated devices?
Your entire social network graphs, and timestamped message history.
The audits determined they don't have any user information to provide. You can see this in previous government requests where the only thing provided was a timestamp of last connection to the network.