Signal president Meredith Whittaker is prepared to withdraw the privacy-focused messaging app from Australia — saying she hopes it doesn’t become a “gangrenous foot” by poisoning its entire platform by forcing it to hand over its users’ encrypted data to authorities.
Ms Whittaker says Signal would take the “drastic step” of leaving any market where a government compelled it to create a “backdoor” to access its data, saying it would create a vulnerability that hackers and authoritative regimes could exploit, undermining Signals’ “reason for existing”.
Pressure has been mounting on Signal and other secure messaging platforms. ASIO director general Mike Burgess has urged tech companies to unlock encrypted messages to assist terrorism and national security investigations, saying offshore extremists use such platforms to communicate.
@sunzu2
Read the Affidavit produced here:
https://signal.org/bigbrother/santaclara/
Read Signal’s complete source code here:
https://github.com/signalapp
Once you understand the code, you’ll understand “what they can do” and what they cannot do.
When you’ve identified any flaw in the code that runs the Signal servers that would allow IP logging, let me know. I’ll be glad to file the bug report on your behalf.
@maniacalmanicmania @9tr6gyp3 @signalapp
They don’t need to log your IP, you are using a phone number tied to your identity so does person you are talking to.
Under FISA order, signal would provide logs. FISA order come with gag clause that forbids any disclosure including in federal court. That’s how national security laws work.
I am happy that you are very comfortable with signal but pretending like this is not an issue is either naive or you have other incentives to give people false sense of “security”
@sunzu2
“Under FISA order, signal would provide logs.”
How would Signal do this? Logs of what?
Corresponding parties? Messages? They don’t have them.
They’d have to rewrite their backend code to obtain them, and changes would also need to be made to the Signal client apps.
It would not matter if the FISA Court ordered that logs be produced in secret by Signal. Any such logs could not be obtained without significant changes to the way Signal works. Users would know.
Yes, Signal does have some shortcomings, but these are acceptable in most ‘use cases’ for most threat models.
Signal is best used as a private, E2EE alternative to SMS. Only a fool would use it for the *most sensitive* of communications. (Like, you know, discussing an impending military strike…)
We all know of the alternatives, including (but not limited to) SimpleX, Session, Briar, Element etc.
@maniacalmanicmania @9tr6gyp3 @signalapp
Logs of who you contact with time stamps ie meta data. That’s the information national security agencies really only care about when doing bulk data collection.