That app supports this, which can be granular
Natanael
joined 1 year ago
Usually 128 or 256 bit root keys for symmetric keys, almost always 256 bits for ECC for asymmetric keys these days (used to be RSA between 1024 and 2048 bit)
Default is between 4-8 (your choice) and you can set a password too
On recent almost all Androids from the last decade+ you can reboot them to force a PIN requirement, and lockdown mode is available on most recent Android phones, not just Pixel
But then you run into the issue of incredibly trivial impersonation on any email service which doesn't reserve all variants of registered names
It doesn't, that's FTC / anticompetitive law territory
It's a shitty company who happen to be in the right side of one lawsuit at the moment
FYI, SNI is a thing (included encrypted SNI these days) and you absolutely can share an IP among many many unrelated domains.
Domain lookups have a TTL (time to live) and they stop advertising IPs which they'll stop using a little bit before those IP addresses are taken out of rotation. That's why it doesn't break even when addresses keep changing.
Signal have an active incentive NOT to use static IP addresses!
https://support.signal.org/hc/en-us/articles/360007320291-Firewall-and-Internet-settings
The underlying IPs are constantly changing, so it'd be hard to define accurate firewall rules.
Realistically if you don't want the government to know you're using Signal... Do you want them to know you use Tor?
Probably not, but you don't need to run the Tor client on the phone, you can run an anonymous proxy and point your phone at it.
There's not enough unique IP addresses to distinguish Signal servers, if you don't explicitly set up static IP addresses you're going to share an IP pool
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html#aws-ip-download
Sure they could tap into AWS (but it would be even easier to try to get data from Google Play Store on who has it installed).
Signal has native support for proxying via Tor in that case.
They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon's servers to see you're connecting specifically to Signal
Doing it before you're under custody isn't a crime, and they also can't prevent you from deleting non-evidence but otherwise private data which you don't want to see misused (proving that is a whole other issue, though)