Skip Navigation

ᗪᗩᗰᑎ

@ KLISHDFSDF @lemmy.ml

Posts
20
Comments
544
Joined
5 yr. ago

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • Once again, even if this is the way things worked back in 2016 there is no guarantee they still work like that today.

    You have to trust someone. You're not building all your software and reading every line yourself are you?

    While there's no guarantees, Signal continues to produce evidence that they don't collect data. Latest publication August 8th, 2024: https://signal.org/bigbrother/santa-clara-county/

    The code is open has had a few audits: https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

    This is the whole problem with a trust based system

    Can you point me to a working trustless system? I'm not sure one exists. You might say peer-to-peer systems are trustless because there's no third party, but did you compile the code yourself? did you read every last line of code before you compiled and understood exactly what it was doing?

    It's absolutely shocking to me that people have such a hard time accepting this basic fact.

    What's shocking to me is the lack of understanding that unless you're developing the entire platform yourself, you have to trust someone at some point and Signal continues to post subpoenas to prove they collect no data, has an open source client/server, provides reproducible builds and continues to be the golden standard recommended by cryptographers.

    I would recommend to anyone reading this to rely on the experts and people who are being open and honest vs those who try to push you to less secure platforms.

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • He was specifically talking to that developer. The "You" and "You're" in that quote was specifically targeted at the LibreSignal developer.

    I recall the gurk-rs developer specifically mentioned that his client reports to Signal's servers as a non-official app. The Signal admins can see the client name and version - just like websites can tell what browser you're using - and could easily block third party clients if they wanted to but they don't.

    If Signal wanted to block third party clients, they would have blocked them already.

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • They have demonstrated history of asking third party clients to not use the signal name, and not use the signal network.

    The lead developer, nearly 10 years ago now, specifically asked LibreSignal to stop. A single event does not make a demonstrated history.

    The client that currently exists that do this do it against the wishes of the signal foundation

    If you have evidence to back this claim, I would like to see it so I can stop spreading misinformation.

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • They are doing everything they can to discourage third party app development.

    I'd say you're moving the goalpost. Other than the hostility the founder showed towards LibreSignal nearly 10 years ago now, can you source any evidence to support your claim?

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • Signal has been forced by court to provide all the information they have for specific phone numbers [0][1]. The only data they can provide is the date/time a profile was created and the last date (not time) a client pinged their server. That's it, because that's all the data they collect.

    Feel free to browse the evidence below, they worked with the ACLU to ensure they could publish the documents as they were served a gag order to not talk about the request publicly [2].

    [0] https://signal.org/bigbrother/

    [1] https://www.aclu.org/news/national-security/new-documents-reveal-government-effort-impose-secrecy-encryption

    [2] https://www.aclu.org/sites/default/files/field_document/open_whisper_documents_0.pdf#page=8

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

    Jump

  • That's outdated information:

    Go forth and contribute, fork, or create your own.

    They also refuse to distance themselves from Google’s app store.

    This link has existed forever at this point if we count in internet years: https://signal.org/android/apk/ - getting an app directly from the developer with no middleman is about as distant as you can get from Google's app store.

  • Deleted

    Permanently Deleted

    Jump

  • I feel like the difference is not that big, though.

    But the difference is massive. Telegram, because E2EE does not work for the majority of its use cases, is hoarding tons of CSAM and other illegal content. This isn't just about the "criminals" who are adding illegal content, its about Telegram's access and hoarding of this data.

    On the other hand, Signal is simply a transport vehicle for data. No illegal content is stored or accessible by Signal, its developers or anyone who may gain access to their infrastructure - the complete opposite of the situation over at Telegram. Signal cannot be implied to be storing illegal content because they simply don't store any content. Law enforcement can ask Signal to provide all the data they have on specific users, and they have, but the only data they have is when you created your account and the last day (not time) a client pinged their servers.

  • Texas State Police Gear Up for Massive Expansion of Surveillance Tech

    Jump

  • Texas reeks of freedom

    ftfy

  • French authorities arrest Telegram’s CEO

    Jump

  • It's okay to not tolerate hatred, fascists and misinformation.

    The paradox of tolerance states that if a society's practice of tolerance is inclusive of the intolerant, intolerance will ultimately dominate, eliminating the tolerant and the practice of tolerance with them.

    Source: https://en.wikipedia.org/wiki/Paradox_of_tolerance

  • French authorities arrest Telegram’s CEO

    Jump

  • The fact that Signal has not run into legal trouble when Telegram has.

    Because Signal cooperates as much as they can with law enforcement. Signal happily gives all the data they have and thankfully, for its users, the only data they have is the date/time the account was created and the date (not time) a client last pinged their servers; both in unix timestamp format, they don't even convert it to a proper date.

    Additionally, Signal has no "public groups" like Telegram. Everything's private, end-to-end encrypted by default.

    Also Signal has some really shady practices, such as rejecting and killing all third party clients.

    Yeah, so that's outdated misinformation:

    Three of these have existed for multiple years and have not been asked to stop development. The gurk-rs dev even commented (on reddit, unfortunately I can't find the source) that it reports to Signal's server as a non-official client and that if the Signal devs wanted to block it, they could easily do so.

  • Release 10.9.10 · jellyfin/jellyfin

    Jump

  • Another great release! 🚀

  • European iPhones are more fun now

    Jump

  • I want extensions

    Sounds like you do care about the rendering engine as that would basically give you a true mobile Firefox experience and access to all the extensions.

  • Deleted

    Permanently Deleted

    Jump

  • yeah that doesn't make sense, I meant private forum, public forums belong to the "public" thus nobody can be held accountable.

  • Deleted

    Permanently Deleted

    Jump

  • The law will then say E2EE is forbidden.

    They've already been trying to add backdoors to encrypted platforms already.

    next step is making Telegram as a prime example to strip out E2EE because “Look how many bad guys we can catch without E2EE”.

    It's going to be hard to ban E2EE globally. If they do propose laws to ban encryption we'll just need to fight back. The issue with Telegram is completely unrelated to E2EE as they've implemented it so poorly, I wouldn't conflate the two issues.

  • Deleted

    Permanently Deleted

    Jump

  • Does that mean if you provide an E2EE service, you are a criminal too ...

    Nope! Not if you believe privacy is a human right.

    It’s like having a mall with no surveillance or security.

    It's more like renting an apartment or office space and not being liable for crimes that you cannot see. Malls are generally viewed as a public space (think unencrypted chat rooms). If you own a Mall and have no surveillance and security and continue to allow crime to happen after you've been asked to remediate the issue, you are aiding criminals, much like Pavel and Telegram if you consider that Telegram is not encrypted and they have the ability to view everything going on in their platform.

    Apartments and business offices are more like "encrypted" chat rooms. You can't be held liable if you're unable to see crimes being committed.

  • Is Telegram really an encrypted messaging app?

    Jump

  • Doesn't the concept of using a CA (which are generally also central authorities) go against the idea of E2EE that only required to (or more) endpoints or am I missing something? Signal group messages (and the protocol/concept behind it) work without a CA. I think I'm missing something, can you connect the dots for me?

  • Is Telegram really an encrypted messaging app?

    Jump

  • CA?

  • Deleted

    Permanently Deleted

    Jump

  • So you want so start seeing platforms practice mass censorship? That’s what’s going to happen as they aren’t going to take on risk.

    Platforms are already not taking a risk and practice mass censorship. This is why you have words like "unalive" and "grape" becoming part of the American lexicon. It's not even nefarious. Advertisers don't want their content near negative content so platforms (without being asked by their government) auto-enforce these kind of policies.

    What’s worse is that spells the end of the fediverse and smaller hosted media.

    Serious doubt. All the fediverse has to do is comply with the law when asked, it really is that simple. Telegram was specifically not complying with the law, which is why illegal content is so easy to find on there, and thus why they were being targeted.

    Admins can’t moderate everything and there will always be content that is illegal somewhere.

    Frankly, if you can't keep your house in order, you're not taking your responsibility seriously enough. Nobody's forcing lemmy, mastodon, peertube, pixelfed, etc admins to give free accounts to more people than they can manage.