Convincing people to use apps such as Signal is hard work and most can’t be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?

The problem is these people use Signal on Android/IOS which can’t be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone’s push notifications and they do this as mass surveillance.

So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there’s the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.

So I don’t think I feel comfortable sending messages in Signal but it’s better than Whatsapp.

These were some thoughts to get the discussion started and set the context.

  • unskilled5117
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    3
    ·
    edit-2
    2 months ago

    You are just spreading misinformation! Cite your sources!

    There is a strategy used, which allows the government to find out who an account belongs to. They ask the push providers (Apple/Google) for data on the push token from e.g. a messaging app. This way they associate the account from an app with an identity.

    Nothing there about message content. It is still safely E2EE.

    I don’t know how it works in your country, but in mine, phone numbers are already associated with identities, so nothing gained as the gov can just ask signal for the phone number of an account, instead of having to ask signal and the push provider to get the identity. (Edit: apparently it’s hashed, so there seems to be a use for this.) Signal isn’t about Anonymity but Privacy. There is a difference.

    If you have another vulnerability cite it!

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      2 months ago

      They ask the push providers (Apple/Google) for data on the push token from e.g. a messaging app. This way they associate the account from an app with an identity.

      Very overlooked point. You can find privacy guides online but very few even suggest that FCM etc. might have privacy issues, let alone explain exactly why. It seems this has already been used by law enforcement in the past: https://www.wired.com/story/apple-google-push-notification-surveillance/

      The Molly-FOSS fork of Signal (which aims to be even more secure/private) actually supports self-hosted push notifications using UnifiedPush.

      I also found this comment:

      As far as I know, FCM on Android can be configured to use a notification payload (which is piped through Google’s servers). But for a release app this is discouraged, especially if you are privacy conscious. An app would normally use FCM to receive a trigger and look up the received message from the app’s own backend. See here for more information.

    • andylicious1337@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      good points altough the number is note saved. the hash of the phonenumber is hashed so Signal could not hand out your number, just the hash.

    • chappedafloat@lemmy.wtfOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      12
      ·
      2 months ago

      “spreading misinformation” is a phrase mostly used by feds when they see something they consider to be “wrong think” or not “politically correct”. They use this anti-misinformation campaign to support their censorship and mass surveillance system.

      When discussing advanced IT topics it would be more appropriate to just correct someone and say they are wrong because it’s easy to be get a detail wrong in advanced it topics.

      And I am mostly right, I just seem to have been wrong on the detail about Signal push notifications. I admit that I made a mistake on that but otherwise it is official that Apple and Google at least used to share push notification data with governments. This comes from the DOJ senator Wyden saying these corporations can secretly share this data with governments and can include the unencrypted text which is displayed in the notification.

      I think this discussion has been very constructive because when we can correct each other and learn that is great.

      • unskilled5117
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        edit-2
        2 months ago

        Misinformation is the inadvertent spread of false information without intent to harm, while disinformation is false information designed to mislead others and is deliberately spread with the intent to confuse fact and fiction. Source

        This is more than a simple mistake and I am right to call it misinformation. I appreciate that you seem open to discussion about you being wrong. Nevertheless your post is still not edited to correct the proven wrong statements. You can use strikethrough so no context is lost, like I did in the comment you are replying to, where I was wrong.

        You made a post with huge claims, basically saying that signal is unsecure and messages can be read by the goverment. This is such a big claim that it should have been researched by you beforehand and you should have provided sources. You don’t get to hide behind “discussions” because in a discussion you actually provide sources if you make claims. Especially if you are trying to start one, to give the readers a chance to read up on the topic.

        You “getting a detail wrong“ has a huge impact. Some people will stumble upon this post, read that signal is supposedly insecure and might believe it and even spread that. It hurts the adoption of a secure encrypted messenger. It is not a small detail, but the foundation of your whole post.

        And I am mostly right, I just seem to have been wrong on the detail about Signal push notifications. […] This comes from the DOJ senator Wyden saying these corporations can secretly share this data with governments and can include the unencrypted text which is displayed in the notification.

        No, you are mostly wrong about the claims you make! Again your post made the connection to signal. Push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you’re talking to. Source

        “spreading misinformation” is a phrase mostly used by feds when they see something they consider to be “wrong think” or not “politically correct”. They use this anti-misinformation campaign to support their censorship and mass surveillance system.

        I don‘t appreciate you, trying to frame my correction of your blatant misinformation as trying to censor you. Don‘t try to play the victim.

        • chappedafloat@lemmy.wtfOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          2 months ago

          You think i’m intentionally spreading misinformation and I think you are a fed. I won’t argue more against you but anyone fair and objective can see that the mistake I made was a simple mistake to make. feds have as a fact been spying on our push notifications in secret and i thought that included signal’s push notifications. Simple mistake which I already admitted to being wrong about. You are making this into a bigger deal than it has to be because you are a fed.

          You also are intentionally lying (because you are a fed) about that is the only thing the topic is about. For example, if someone is using Signal on Windows OS then I think there’s a high chance the conversation isn’t private. But I think you already know all this but you pretend not to.

          • unskilled5117
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            2 months ago

            This is hilarious and sad at the same time.

            You continue to misunderstand the word “misinformation”. It is incorrect information spread without intent. A mistake made that leads to incorrect information spreading, falls into that category. Especially as it is in the starting point of the discussion, where sources should have been provided.

            The need to feel victimized and a little bit of paranoia is strong in you, you should talk to someone about that. I am guessing that is caused by the lies and disinformation spread by your political party of choice. (I am only mentioning politics, because you brought it up with the feds conspiracy theory)

            If you went and looked at my account history, you would see that there are a few comments in german and my account is registered on a german server and coincidentally I am German. So much for your fed theory.

            My criticism has been nothing but constructive. I implore you for the future to do research using credible sources and to cite them, before making claims that could have a big impact. That goes for discussions on lemmy and as well in real life, when you are discussing or forming an opinion on an important topic.

            I hope you get the help you need!

      • douglasg14b@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        2 months ago

        “spreading misinformation” is a phrase mostly used by feds when they see something they consider to be “wrong think” or not “politically correct”. They use this anti-misinformation campaign to support their censorship and mass surveillance system.

        Immediately jumping to discredit and dismiss instead of engage by way of over generalization and accusation is not a good look my man.