Signal president Meredith Whittaker is prepared to withdraw the privacy-focused messaging app from Australia — saying she hopes it doesn’t become a “gangrenous foot” by poisoning its entire platform by forcing it to hand over its users’ encrypted data to authorities.
Ms Whittaker says Signal would take the “drastic step” of leaving any market where a government compelled it to create a “backdoor” to access its data, saying it would create a vulnerability that hackers and authoritative regimes could exploit, undermining Signals’ “reason for existing”.
Pressure has been mounting on Signal and other secure messaging platforms. ASIO director general Mike Burgess has urged tech companies to unlock encrypted messages to assist terrorism and national security investigations, saying offshore extremists use such platforms to communicate.
Does Signal not have data?
@9tr6gyp3
There is NO back-door to Signal.
@signalapp is blind to all communications. (Including, probably, this toot! 🤪)
Signal itself does NOT know who has messaged whom, nor when, nor how (e.g. the IP address is NOT known.)
If Signal was subpoenaed to produce my records, they could produce:
I’m *fairly* sure that is all of it.
(Please let me know if I’m wrong.)
@sunzu2
They likely keep the logs of IP addresses they can produce tbh
National Security laws would prevent them from disclosing this. This is just “natural” vulnerability along with a kyc’d sim card ;)
@sunzu2
Nope and I was wrong.
@signalapp is only able to produce LESS information than I previously stated.
That’s it. Nothing else.
Signal does NOT log users’ IP addresses.
See this for more information:
https://signal.org/bigbrother/santaclara/
@maniacalmanicmania @9tr6gyp3 @signalapp
Under National security laws if Signal is told to log and report, will log and report.
Sure it might exit smaller market, but if us told it to log, it will log.
In fact they force you to use a phone number BC phone is essentially KYC lite.
What you are saying is a trust me bro. From technical perspective signal can generate a heat man of who you are communicating and when. Store this info and turn it over.
That’s the inherent defect when using centralized server infrastructure controlled by a company.
Go easy on the corpo kool aid and use some common sense.
SimpleX is trying to solve this issue but it ain’t ready for main stream
@sunzu2
To do the things you are suggesting that Signal could be forced to do, Signal would have to rewrite its entire codebase as well as the client apps.
Fortunately, Signal is open source, and such changes would be noticed.
As it stands, it doesn’t matter what is demanded nor by whom as the only user data, including traffic analysis, that Signal can currently reveal is insignificant.
Signal simply cannot disclose data it itself cannot access.
Yes, decentralised services are preferable, but Signal has probably the easiest onboarding experience for the average user, especially those new to the concept of E2EE.
@maniacalmanicmania @9tr6gyp3 @signalapp
Signal can’t log you pinging their servers?
@sunzu2
Signal knows *when* a user wqs last connected, but not the IP address of that connection. The system has been specifically designed to minimise the meta data available for collection.
@maniacalmanicmania @9tr6gyp3 @signalapp
You repeating their propaganda, we are not talking about what they say they do, we are talking about what they can do.
They can log your activity that’s the inherent weakness of signal along with forcing people to use KYCd phone mumbers.
I never claimed there was a backdoor…?
Your items 1, 2, 3 are data that Signal stores, as well as the encrypted blobs of our conversations.
Which means they have data, right?