this post was submitted on 30 Aug 2023
21 points (58.5% liked)

Privacy

31939 readers
675 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Wow I didn't realize that Signal is run on Amazon's servers and that they contract with the CIA. This article has some interesting points to mitigate the privacy concerns of this real popular service: https://simplifiedprivacy.com/signal-messenger-guide-to-avoid-privacy-mistakes/

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 58 points 1 year ago (2 children)

Signal takes steps to reduce the amount of metadata visible, like sealed sender which makes it so that Signal doesn't know who sent a message. Even your payment information for donations is separated from your identity so that they know you are a donor, but not how you donated.

It desn't matter if Signal were hosted on Putin's personal servers. Its security is in its protocol, it's not trust based.

[–] [email protected] -1 points 1 year ago (2 children)

That would be true if it was implemting forward secrecy.

The problem is that signal knows exactly who you know. I would use simplex chat or session

[–] [email protected] 3 points 1 year ago (1 children)

If that was the case then how come the FBI subpoenaed signal for that information and didn't get it

[–] [email protected] 0 points 1 year ago (1 children)

They did though. Individuals who are on the contact lists of on on individual can get investigated

[–] [email protected] 4 points 1 year ago (1 children)

The contact list built into your phone? Because that isn't encrypted of course they would get it

[–] [email protected] 1 points 1 year ago

Last time I checked signal had phone numbers in there servers.

[–] [email protected] 2 points 1 year ago

It does use PFS. Signal's protocol is based on the double ratchet algorithm.

[–] [email protected] -2 points 1 year ago (1 children)

Thanks for the reply but please check the article:

Sealed Sender is Flawed

Signal has a flawed system called “Sealed Sender”, which encrypts the metadata of who sent the message inside the encrypted packets. However, cybersecurity researchers from the University of Colorado Boulder, Boston University, George Washington University, and U.S. Naval Academy, found that Sealed Sender could be compromised by a malicious cloud host in as few as 5 messages to reveal who is communicating with who. In this paper published by NDSS, headed by Ian Martiny, these researchers found that Signal’s “read receipts”, which lets the sender know that the receiver got the message can be used as an attack vector to analyze traffic because it sends data packets right back to the sender. Therefore, our recommendation to increase metadata protection is turn off read receipts, which can be toggled in the security settings.

Source used: Improving Signal’s Sealed Sender Ian Martiny∗, Gabriel Kaptchuk†, Adam Aviv‡, Dan Roche§, Eric Wustrow∗ ∗, {ian.martiny, ewust}@colorado.edu †Boston University, [email protected] ‡George Washington University, [email protected] §U.S. Naval Avademy, [email protected]

https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/ & Paper PDF: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf