this post was submitted on 02 Oct 2024
171 points (95.2% liked)

Technology

59374 readers
7416 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 month ago* (last edited 1 month ago) (1 children)

It's bad for privacy no matter how you sell it.

I mean it's not ideal but as long as it's not tied to literally any other information, the way Signal does it, it's "fine", and certainly not "bad" and especially not "pure bullshit".

So if a government agency comes along saying "Hey, we know this account sent this message and you have to give us everything you have about this account,"

They have done this several times, they give them nothing because they have nothing.

[–] [email protected] 0 points 1 month ago* (last edited 1 month ago) (1 children)

Says right there in the subpoena "You are required to provide all information tied to the following phone numbers." This means that the phone number requirement has already created a leak of private information in this instance, Signal simply couldn't add more to it.

Additionally, that was posted in 2021. Since then, Signal has introduced usernames to "keep your phone number private." Good for your average Joe Blow, but should another subpoena be submitted, now stating "You are required to provide all information tied to the following usernames," this time they will have something to give, being the user's phone number, which can then be used to tie any use of Signal they already have proof of back to the individual.

Yeah, it's great that they don't log what you send, but that doesn't help if they get proof in any other way. The fact is, because of the phone number requirement, anything you ever send on Signal can easily be tied back to you should it get out, and that subpoena alone is proof that it does.

[–] [email protected] 9 points 1 month ago* (last edited 1 month ago) (1 children)

This means that the phone number requirement has already created a leak of private information

What information? The gov already had the phone number. They needed it to make the request.

Additionally, that was posted in 2021.

Here's a more recent one.. Matter of fact, here's a full list of all of them. Notice the lack of any usernames provided.

Also note that a bunch of the numbers they requested weren't even registered with Signal, so the gov didn't even know if they were using the app and were just throwing shit at the wall and seeing what sticks.

You are required to provide all information tied to the following usernames

They can't respond to requests for usernames because they don't know any of them. From Signal: "Once again, Signal doesn’t have access to your messages; your calls; your chat list; your files and attachments; your stories; your groups; your contacts; your stickers; your profile name or avatar; your reactions; or even the animated GIFs you search for – and it’s impossible to turn over any data that we never had access to in the first place."

What else ya got?

but that doesn't help if they get proof in any other way.

If they're getting evidence outside of Signal, that's outside the scope of this discussion.

because of the phone number requirement, anything you ever send on Signal can easily be tied back to you should it get out

...no. It can't.

that subpoena alone is proof that it does.

It's proof that it doesn't.