- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
You must log in or # to comment.
ill happily say it again.
SIGNAL IS SECURE
BUT every pipe leaks at both ends. If you have a snitch in the group chat, or someone gets access to a phone of an activist, then they’re in.
one reason why disappearing messages is so important.
fuck fudHegseth’s Razor - anyone you invite into the secure chat will make the chat less secure.
i like this… i think this should be added to the official rules of the internet… (don’t look up rule 35.)
Disappearing messages are only good for all the messages that have been deleted already because they will just copy all of the new messages someplace else as soon as they have access.
right, but if the cops get ahold of a phone they won’t be able to copy all of the past messages….
it’s kinda obvious that they can copy messages as they receive them.
This is the answer.
They say the leak came from a well-informed source. That source I promise you is a member of that chat room. They probably have somebody, entirely possibly a deep cover federal agent, who is posing as an activist in order to gather intel.Deep cover? Hah. No, I’m sure they just clicked a join link from social media while sitting in their office. There’s no super secret squirrel shit going on here.
Y’know what’s secure? No comms.
Everyone have their assignments? Great, we’ll meet back here after the glorious implementation of fully gay space communisms.
Aaaand - break!
glorious implementation of fully gay space communisms.
I’m not gay, but this seems like a worthy cause. I’m in!
…and $20 is $20.
Just as vulnerable to traitors as signal.
Typical FBI always on the wrong side of any civil rights struggle and always one of the main powers targeting and further oppressing those trying to bring positive change.
What if… group owner can post messages with different versions? So for random group A they see one version and random group B they see a different version. If the owner does this periodically, they can quickly find out who leaked the history based on binary search.
Some corporations do this with product releases. If misinformation leaks, they can narrow it down. Moreover, since no one knows for sure their info is genuine, they’re less likely to leak. It’s usually trivial things that won’t impact performance but sometimes stuff like video game endings and stuff, lol.
If you need serious security, use Briar.
Edit: What the fuck is wrong with me? I was thinking of Telegram. 😭
About a year ago, Telegram put out a release which proudly stated that they were used by people fighting for their freedom or something similar. In the same release, they mentioned that they always comply with legal governmental subpoenas. This is what I was remembering, and I got it mixed up with Signal. My mistake.
I’ve gotten into an argument about this before, and people down voted me to hell, but I’ll happily say it again: SIGNAL IS NOT SECURE. They require identifiable information on sign-up, log it permanently, and they will and do happily provide it upon police request. Even if they don’t provide direct access to your conversations, should a corrupt government get ahold of them, they are only one or two steps from putting your name on them.Edit: Predicable response. Love how no one has commented on the actual point of my response yet. You know, the part where they collect, permanently log and willingly disseminate personal phone numbers? Something that can often be used to de-anonymize chat logs? The part that’s actually a big fucking deal.Edit 2: Removing the cynical speculation (literally three words) because you people can’t seem to focus on anything else. This is about them provably logging and providing personal phone numbers, which can then be associated with both chats and identities.questionable at this point
They can be audit as they are open source. Its a bit academically dishonest to just say they are insecure and handing over chats when they are an open source project. I get there are so many things to test and review, but Signal is not going with the proprietary trust me bro.
You know where else these communities will be? WhatsApp. Don’t make good be the enemy of perfect.
Don’t make good be the enemy of perfect.
well said, signal is by far the best secure messaging app out there.
the only way they spied on this group must’ve been by stealing a phone from one of the activists… and then bad opsec by the activists who didn’t noticeYou know where else these communities will be? WhatsApp. Don’t make good be the enemy of perfect.
No they will be on Telegram.
Edit: What the fuck is wrong with me? I was thinking of Telegram.
So, speculation on the speculative part of my message as opposed to commentary about the actual point, huh? Cool, cool.No worries. I do wish Signal could be used without a number. I think my fellow lefties and anarchists forget that we go to war with the army we have not the one we want.
It’s way more likely they have an informant in the chat or the phone itself is compromised. End to end encryption doesn’t protect the "end"s.
Edit: What the fuck is wrong with me? I was thinking of Telegram.
So, speculation on the speculative part of my message as opposed to commentary about the actual point, huh? Cool, cool.
Dude, kudos for keeping, striking, and correcting each of your replies.
Yeah, I fucked up, but I think it’s better to be transparent.
I hope we can all grow up to be half as self reflective.
They require identifiable information on sign-up, log it permanently.
you no longer need a phone number to sign up (the only identifiable info they USED to require, and they don’t log it forever.
and they will and do happily provide it upon police request.
nope.
Even if they don’t provide direct access to your conversations (questionable at this point),
they literally can’t. it’s encrypted, open source, and the code has passed peer review many times.
should a corrupt government get ahold of them, they are only one or two steps from putting your name on them.
you are imagining shit.
deleted by creator
you no longer need a phone number to sign up
My comment may have been a mistaken identity with Telegram, but you only have to download Signal to see that it still requires a phone number.
you can use a secondary or virtual number to keep your primary number private, ALL other services require a real phone number
signal is literally the best option, even the Secretary of War uses it for war plans… and that was only leaked because he added a leak to the group chat.
same thing happened here.
because you’re lying or you have no understanding of what you’re talking about
Is there a meaningful alternative?
It depends.
Signal is probably the easiest way for most people to communicate with a very low risk of mass surveillance, and some resistance to targeted surveillance. There are certainly other options for encrypted messaging. Matrix can be self-hosted. SimpleX requires no registration. Both are a more challenging UX for people without a tech background.
From context, however, this is not a problem with Signal’s security, but an informant in the group likely gave the FBI access to the messages.
Xmpp has been suggested to me.
The FBI’s report from August, prepared by its New York division, does not make clear how the bureau accessed the Signal group. The Signal platform, widely used by activists, is known for its end-to-end encryption; typically, the only way law enforcement can access messages is if they are directly included in the chat, are sent copies from a participant or have access to a member’s unlocked phone.
The FBI said the information came from a “sensitive source with excellent access” and introduced the report as a warning about “extremist actors targeting law enforcement officers and federal facilities”.
Yeah who knows how they got access to the chat. Could be they cracked the encryption or got access to someones phone who is in the chat. Either way I don’t think signal is secure enough (overall) for this kind of activity.
who knows how they got access to the chat.
I think it’s obvious that a “sensitive source with excellent access” means an informant inside the group gave them a copy of the messages.
Edit: What the fuck is wrong with me? I was thinking of Telegram.
Three words borne of cynicism. Everyone here is focusing on exactly three words as opposed to the point of my message. Signal logs phone numbers required on sign-up and associates them with user accounts. A “legal” warrant can easily acquire this information and potentially nullify any anonymization Signal provides. Signal doesn’t have to require or retain this potentially identifiable information, but they do anyway.
high chances, FBI uses trojans/malware like NSO’s Pegasus to spy on their targets.
FUD
Weird-ass thing to get on your high horse about. If you’re so concerned about phone numbers, get a burner and a sim card with cash. Or, you know, use a communication method designed with anonymity in mind.
Would it be better to have anonymous sign up? Sure. But if you’re on a Google or apple device and got Signal from the first party store, your app usage is probably already enough to fingerprint you.
Signal was never about anonymous chat, it’s built for secure e2e chat between known parties. If you have a different threat model then there’s other options for you.
As I said, I was mistaking Signal for Telegram, who had made a big deal about how their platform is used by people who were fighting for their freedom in the same breath that they said they would kowtow to any legal subpoena.
You know what they say about the FBI. Signal isn’t safe… nothing is
I was told by crypto bros that this was impossible 🤷♂️
I’d try to explain the fallacy of this but I noticed you’re from .ml so I’ll save my breath
