The claimed features (see pg 5 of https://www.wyden.senate.gov/imo/media/doc/wyden_hemisphere_...) operate at a cell service level, so as long as your phone is still connecting to base stations the answer would be "no." Take, for example, "Linking multiple devices/phone numbers to an identified target" -- even if you use Signal on two phones and never do regular text/call, if the two devices travel together (e.g. connect to the same carrier base stations) one can make a guess that they are related. This has much wider applicability than the drug investigation mandate: e.g. you could use such capability to identify who is meeting with which investigative journalist.
I think most privacy-conscious people have a pretty good idea about how to maintain proper private key hygiene (key should never leave the device, use FDE + a passphrase or a hardware token, etc). But we've been leaking metadata (such as mail headers) left and right ever since PGP was a hot new thing, something which should've been our primary concern no later than since Snowden/2013.
It would be good to have a proper field guide written down, that's a little more in-depth than "leave your phone at home", weighing risks vs convenience, going into detail on what kinds of metadata you might be leaking, etc. Most of us have some rough idea but it isn't at all obvious the way we know "MD5 is broken".
AT&T would know where you are from connections to the towers. They wouldn't normally know who was on the other side of the jabber connection, particularly if one or more or the involved servers was not where AT&T could see any traffic.
If you want generic advice, it's "Faraday bag or pull the battery". "Off" isn't "Everything is off and nothing will communicate via any radio" on every handset, and some will connect to towers without a SIM in case you need to make an emergency call.
I use signal but, most of my contacts do not. I've opted for porting my phone number to JMP.chat which does offer E2EE. However, the recipient must also have an encrypted Jabber account.
Is that why Signal collects your phone number? Hah.
Any E2E app that doesn't collect your phone number or any identifiable info that you can use as a standalone app on the desktop and E2EE is the only way it works (not optional or opportunistic like jabber/xmpp, whatsapp, matrix, telegram,etc...) and is developed ouside the US by a well known/reputed dev(s). Is what I recommed.
Check out wire and briar if they meet these requirements. Personally, I would not use digital media if I don't want the US gov knowing about it entirely. The solution is legislative not technical. Kind of like how you get a free TSA body massage at the airport, the people have willed it.
“End-to-end encrypted” and “private identity mapping” are orthogonal properties: a chat system can have both, but doing so is significantly harder (both in terms of engineering complexity and teaching users to operate the system safely).
Signal chooses (or more accurately chose, since they’re working on eliminating it) to depend on telephone numbers for identity mapping, which was and is a reasonable design constraint given their target audience.
Bullshit! When you compromise the phone of someone you find out the phone numbers of everyone they talked to. I won't even get into how signal can abuse this willingly or against their will.
Signal is no better than just using imessage or whatsapp. The terribly deceptive thing about it is that it is marketed as a super secure messaging app better than alternatives but in the most important way that matters: not crypto but metadata and plausible deniability it makes such compromises. Explain to me why signal on the desktop can't function without a mobile app?! Governments have complete control over mobile phone infrastructure and can perform targeted compromises by using signal contacts for target selection.
Do not use signal thinking it will protect you better than any other encrypted app. Governments and private partires are not out there cracking the crypto itself.
Do you have something _in evidence_ indicating that Signal is abusing contact information?
The rest of this is scattershot: what matters for the overwhelming majority of use cases is end-to-end encryption between parties that know each others' identities but aren't necessarily technically proficient enough to play key management games. This is the user story that matters for dissidents, journalists, public figures, and ordinary people: if you aren't servicing those people, then it's extremely likely that you're (1) servicing nobody at all, or (2) servicing people who treat security as a LARP rather than a practical concern.
> between parties that know each others' identities
And Signal needs to collect their identities and reveal them to each other despite the risk of one of them getting compromised?
> This is the user story that matters for dissidents, journalists, public figures, and ordinary people
When you are outed as a source, as the romantic partner of an estranged spouse, as the public figure losing an election because of an embarassing message,etc... it matters. And you have not given me a technical reason why Signal can't protect people as they expect it to. None of these people are concerned about the FBI doing a forensic investigation or wiretapping them.
> servicing people who treat security as a LARP rather than a practical concern.
Or normal people who don't know enough to think about security and threat models who simply trust you the tech savvy person recommending them Signal which will protect them, you know, the general population. Matter of fact I would bet good money most signal users don't even know you have to verify each other's codes in person for the e2ee to even mean anything other than false security!
Non-technical users, including people who don’t know what “end-to-end encryption” means. The right to privacy isn’t just for dorks who practice keyring bonsai.
And those people assume their phone number will not be revealed to random contacts and their contacts! A phone number on its own is PII! It is in some contexts more dangerous than knowing your drivers license or social security number.
What utter deception! And why i distrust signal even more! The entire world uses whatsapp which has its own identifiers as do most messaging apps. Signal deviated and went out of its way to collect the one piece of information even more identifying than your full name and address! Lol
I don't know anybody who thinks this. If you use a standard population distribution: it's safe to assume a slight majority of Signal's user base remembers when phone numbers were publicly accessible through printed phone books. Contact sharing is a substantially less problematic subset of that.
But when you use any messaging app they show your nick (and signal lets you set your name), the natural assumption which I too had was that phone numbers are used for sms only to invite others but on singal my name/nick is used like whatsapp, viber,etc..
> Contact sharing is a substantially less problematic subset of that.
HN rate limits me so please look at other comments i made on this thread about why this is decidedly more dangerous than just about any insecurity you know about. Nothing is more dangerous than false security especially when most people don't think in detail about security, they just assume signal will take care of it. I have an example about sources being revealed when a journalist's phone is compromised (many more examples).
For the general population, are you saying man in the middle attacks are of a greater risk than the other person's phone being compromised? Because if so I would strongly disagree with that and can provide sources to back that up (but save me time and look into all the pegasus pwnages and mobile stealers). In which case, in the threat model that matters most to the general polulation, signal compromised by sharing the one piece of information that is so good at identifying people it is the most popular anti-fraud identifier: phone numbers!
My trust in it is even lesser by how everyone rallies in defense of signal and downvotes any critique of it like with this thread. Be wary of crap you're not allowed to question!
> the natural assumption which I too had was that phone numbers are used for sms only to invite others but on singal my name/nick is used like whatsapp, viber,etc..
I don't know about Viber, but this isn't true for WhatsApp. If someone sends you a message on WhatsApp, you can see their phone number.
Again: the overwhelming threat model is here is "two individuals that already know each other want to communicate privately." That's what Signal facilitates, and it does so pretty well given the purity compromises that need to happen to do that for non-technical users. They're not worried about leaking phone numbers, because they're already shared.
Finally: there's a good chance you being downvoted here because (1) these comments are indistinguishable from FUD, and (2) you're making claims (and now talking about examples) without citing them. I'll lead by example here: we know that the FBI can only retrieve minimal metadata from Signal[1], and various foreign intelligence services have more luck deploying malware to phones[2] than they do actually breaking anything about Signal's design. Nation state adversaries don't have trouble finding peoples' phone numbers.
> Again: the overwhelming threat model is here is "two individuals that already know each other want to communicate privately." That's what Signal facilitates, and it does so pretty well given the purity compromises that need to happen to do that for non-technical users. They're not worried about leaking phone numbers, because they're already shared.
Well there is no justification for that threat model beyond "our leader said so". Especially when they expressly fight state level censorship and interference but something as simple as someone shoulder surfing you defeats it. Threat models are for security professionals not regular people. Regular people don't model threat or assess securitu risk properly. They don't know encryption is useless if you don't authenticate. And signal's refusal to be independntly usable outside of smartphones given how much law enforcement and spies love to abuse mobile phone infrastructure leaves me to be very suspicious of their intent. Making phone numbers opt-out just makes you less discoverable at best. They have 50 million dollars and various projects no one asked for yet this is too difficult and complex? You still have't given me a reason to accept that beyond "trust me, i know".
> Finally: there's a good chance you being downvoted here because (1) these comments are indistinguishable from FUD, and (2) you're making claims (and now talking about examples) without citing them.
Disagreeing with you is FUD? What claims did i make that need citing? Please challenge me then?
For anyone who reada this thread, do you really want to use Signal given the hostility a person would get for questioning their terribly questionable choices?
> know that the FBI can only retrieve minimal metadata from Signal[1], and various foreign intelligence services have more luck deploying malware to phones[2] than they do actually breaking anything about Signal's design. Nation state adversaries don't have trouble finding peoples' phone numbers.
Do you freaking realize that you are making my point for me here? The problem is being able to connect signal messages with phone numbers. Of course they know everyone's phone numbers! But reporter A talking to source B is all they need to know because they can get access to either's phones! There are very few cases where a real life adversary cannot at some point access one party's phone over time.
If the only protection is against man in the middle attacks then signal is by far the weakest app in that category because wire, briar,etc.. i can just use them on any device.
I had advocated for signal for many years and have gotten burned by it more than any other messaging app. The worst security tools are the ones that lead you to trust them more than you should, the more cultishly supportive their supporters are the more wary of them you should be.
For the target audience of signal, imessage on an iphone is a better choice. For the real users of signals that need higher security wire and briar are better. Signal compromises on too much and then claims too much security guarantees.
> The right to privacy isn’t just for dorks who practice keyring bonsai.
I never said anything contrary to that.
I know that normal people are part of the intended audience - I'm interested in whether you think that Signal's target audience includes or excludes "keyring bonsai" users (which, admittedly, is an amusing and not entirely inaccurate way of describing much of the security community).
If it includes those users - then why Signal couldn't have been designed such that use of phone numbers for identification are optional (but the default)?
I think the short version is that doing so substantially complicates Signal’s design (meaning more edge cases, more complicated threat models, more exploitable bugs) for a marginal user case. Parsimony is a significant virtue in E2EE designs.
But for those users: you can effectively use Signal without a phone number by using a virtual number or similar for the one-time registration process. That’s clunky and not ideal, but IMO is a reasonable hurdle for “bonsai” users.
> I think the short version is that doing so substantially complicates Signal’s design (meaning more edge cases, more complicated threat models, more exploitable bugs) for a marginal user case.
Marginal users are just as human as the rest of us. Can you show examples of how this complicates Signal's design? The idea in my head requires only marginally more complexity to serve ~hundreds of thousands of more users.
Closer to tens of thousands, if you use other “keyring bonsai” metrics (such as maintaining a PGP key). Signal’s intended userbase is O(humanity).
The complexity here is in crossing domains: Signal will need to decide how to communicate which “kind” of identity a user has, what that means, etc. They’ll need to decide whether to use random-but-intelligible identifiers (easy to make errors with) or allow people to configure identifies (which means storing more personal data, plus impersonation risks). And so forth.
> Closer to tens of thousands, if you use other “keyring bonsai” metrics
I'm talking about users that have the understanding and desire/need to disconnect their Signal identity from their phone number. That's hundreds of thousands, minimum, if not millions.
> Signal’s intended userbase is O(humanity).
This doesn't obviously interfere with Signal's ability to create Good privacy mechanisms, e.g. disassociation between identity and phone number.
> The complexity here is in crossing domains: Signal will need to decide how to communicate which “kind” of identity a user has, what that means, etc. They’ll need to decide whether to use random-but-intelligible identifiers (easy to make errors with) or allow people to configure identifies (which means storing more personal data, plus impersonation risks)
None of these obviously "substantially complicates Signal’s design" as you claimed earlier.
> communicate which “kind” of identity a user has
Tell the user that other users either have a "phone number" identity or a "certificate" identity. Done. They're already responsible for verifying that the phone number matches the person they think it does.
> what that means
Tell users that a "certificate identity" just means that that person isn't using a phone number. And they need to be extremely careful when interacting with people using these, and absolutely should verify them using a secure channel. Or just disable these entirely until the user taps the "about signal" button in the settings menu 7 times or something.
I don't see any problems here that can't be overcome with a very modest amount of engineering. And, because it's the right thing, they should invest that effort.
No, that's the deception of signal. The general population is already using other identifiers like whatsapp and viber numbers (which almost every country outside the US use even more than sms). Signal refuses to opt-out of phone number collection and usage. With the tens of millions at their disposal and with the time they spend on mobile payments, crypto,etc... you are telling me they can't auto-generate identifiers as alternative to phone numbers? They can't make it alphanumeric and consider any id that is all numbers a phone?
It's all culting around tech/crypto personalities and ignoring the obvious things that don't pass the smell test.
Explain to me why Signal is special as opposed to more popular apps made for the general population that also do E2EE? Explain to me specifically why phone numbers and mobile usage is not optional? Even after like a decade of people begging for it?
This is a lot like PGP email, the same circles of people promoted it (still do in some cases) but the government loves it because email metadata is unencrypted and tech circles insist on email dependency on every app because of the same cult mindset even though hostile middle parties love it. Everything I do in amazon, netflix, uber, slack you name it you can tell my whole life pattern just looking at email subjecte in the clear on an MTA! All because of tech sector refusal to apply critical thinking and creativity when it comes to these things.
So again I ask, if I am allowed to criticaly examine Signal: why is it special and unique that it needs phone numbers no matter what? Especially given device compromise of people you talk to is not in their threat model. e.g.: you are a source and the journalist's phone is compromised, that is exactly what governments do! If signal didn't collect phone numbers all they would see on the journalist's phone would be your nick or in-app id, but thanks to signal they can find out who the source is, and using exploit kits like pegasus this way is not uncommon! Real people are put in danger by signal.
Look at all my downvotes and tell me this is not tech sector conspiracy or at best culting after personalities.
You could easily snoop who is messaging whom, but it's very different than knowing what is being messaged. End to end encryption would protect the second. Carrying a second phone intuitively protects the first, but in reality does not.
its the meta-data they are accessing not the call itself, which means the title is somewhat misleading as no one would ever need a warrant in the first place!
