Privacy

41591 readers

687 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Is Signal messaging really private? (lemmy.ml)

submitted 2 days ago by harfang@slrpnk.net to c/privacy@lemmy.ml

181 comments fedilink hide all child comments

As Signal get your phone number. Can we considerate this application as private ? What's your thoughts about it ? I'm also using SimpleX, ElementX, Threema, but not much people using it...

Cheers

you are viewing a single comment's thread
view the rest of the comments

[–] herseycokguzelolacak@lemmy.ml 1 points 1 day ago (1 children)

It's the threat model. E2E encryption is a niche 'nice to have'. Protecting the anonymity of people who have said nasty things about politicians is the most important thing a chat app needs to do. Signal is security theater until they fix this.

[–] silasmariner@programming.dev 0 points 1 day ago* (last edited 1 day ago) (1 children)

No the most important thing a chat app needs to do is send messages between the intended recipients making them unavailable to anyone else. Signal does this. You're worried about ppl receiving messages and knowing who they're from. Generally knowing where a message is from is considered a feature -- if you want anonymous broadcast, pick a different technology that's geared towards that

[–] herseycokguzelolacak@lemmy.ml 1 points 1 day ago (1 children)

this xkcd is always relevant: https://xkcd.com/538/

The most dangerous thread vector is the government forcing you to unlock your phone, and reading your messages. At which point using phone numbers becomes a huge problem.

Fancy encryption doesn't matter when it's obstruction of justice to refuse to unlock.

[–] silasmariner@programming.dev 1 points 1 day ago (1 children)

Ok but a messaging app that doesn't let you know who a message is from is completely pointless? I feel like you're not really addressing this issue here

[–] herseycokguzelolacak@lemmy.ml 1 points 1 day ago (1 children)

You don't need phone numbers for that.

[–] silasmariner@programming.dev 0 points 1 day ago (1 children)

Right. Exactly my point? Phone numbers are not, like, the only way to identify a user. You have to know who they are. You posted an xkcd but failed to derive the conclusion that if a user is 'compromised' and they know who they're talking to, then so are the people they're talking to, regardless of whether phone numbers are involved. There's no practical way to mitigate against that, it becomes a paranoid's nightmare.

[–] herseycokguzelolacak@lemmy.ml 1 points 20 hours ago

Signal has a huge vulnerability: because Signal uses phone numbers, it leaves Signal users wide open to government retaliations and crackdowns. I can not recommend Signal to anyone living in authoritarian regimes.

This is the core issue. Signal devs refuse to acknowledge or fix this, which discourages people from using Signal.

You don't need phone numbers to find people. Usernames have been a thing long before phone numbers crept into the internet.