Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong
www.wired.com
On its 10th anniversary, Signal’s president wants to remind you that the world’s most secure communications platform is a nonprofit. It’s free. It doesn’t track you or serve you ads. It pays its engineers very well. And it’s a go-to app for hundreds of millions of people.
  • @perestroika@lemm.ee
    210 months ago

    As a happy user of Signal (no bugs or incidents from my viewpoint), I regardless chime in to say a word for decentralization. :)

    Signal is centralized:

    • there is a single Signal implementation, with a single developing entity
    • you have to install its mobile version before you may run the desktop version

    There exist protocols like Tox which go a step beyond Signal and offer more freedom -> have multiple clients from diverse makers (some of them unstable), don’t have centralized registration, and don’t rely on servers to distribute messages - only to distribute contact information.

    In the grand comparison table of protocols (not clients), Tox is among the few lines that’s all green (Signal has one red square).

  • ☆ Yσɠƚԋσʂ ☆
    110 months ago

    Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.

    This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.

    Also worth of note that it was originally funded by CIA cutout Open Technology Fund, part of Radio Free Asia. Its Chairwoman is Katherine Maher, who worked for NDI/NED: regime-change groups, and a member of Atlantic Council, WEF, US State Department Foreign Affairs Policy Board etc.

    • sunzu2
      010 months ago

      Cross referenced you on the sister thread.

      People there positing that this is no correct. Granted their info appears to be signal “disclosed” to the feds as part of a court proceed what it collects, which is only apparently when you connect to the server.

      Doesnt answer the issue if they could collect your call logs though

      • ☆ Yσɠƚԋσʂ ☆
        110 months ago

        My reply from the other thread. People who claim this isn’t true aren’t being honest. The phone number is the key metadata. Meanwhile, nobody outside the people who are actually operating the server knows what it’s doing and what data it retains. Faith based approach to privacy is fundamentally wrong. Any data that the protocol leaks has to be assumed to be available to adversaries.

        Furthermore, companies can’t disclose if they are sharing data under warrant. This is why the whole concept of warrant canary exists. Last I checked Signal does not have one.

        https://en.wikipedia.org/wiki/Warrant_canary

    • Preston Maness ☭English
      010 months ago

      Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.

      This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.

      Strictly speaking, the social graph harvesting portion would be under the Google umbrella, as, IIRC, Signal relies on Google Play Services for delivering messages to recipients. Signal’s sealed sender and “allow sealed sender from anyone” options go part way to addressing this problem, but last I checked, neither of those options are enabled by default.

      However, sealed sender on its own isn’t helpful for preventing build-up of social graphs. Under normal circumstances, Google Play Services knows the IP address of the sending and receiving device, regardless of whether or not sealed sender is enabled. And we already know, thanks to Snowden, that the feds have been vacuuming up all of Google’s data for over a decade now. Under normal circumstances, Google/the feds/the NSA can make very educated guesses about who is talking to who.

      In order to avoid a build-up of social graphs, you need both the sealed sender feature and an anonymity overlay network, to make the IP addresses gathered not be tied back to the endpoints. You can do this. There is the Orbot app for Android which you can install, and have it route Signal app traffic through the Tor network, meaning that Google Play Services will see a sealed sender envelope emanating from the Tor Network, and have no (easy) way of linking that envelope back to a particular sender device.

      Under this regime, the most Google/the feds/the NSA can accumulate is that different users receive messages from unknown people at particular times (and if you’re willing to sacrifice low latency with something like the I2P network, then even the particular times go away). If Signal were to go all in on having client-side spam protection, then that too would add a layer of plausible deniability to recipients; any particular message received could well be spam. Hell, spam practically becomes a feature of the network at that point, muddying the social graph waters further.

      That Signal has

      1. Not made sealed sender and “allow sealed sender from anyone” the default, and
      2. Not incorporated anonymizing overlay routing via tor (or some other network like I2P) into the app itself, and
      3. Is still in operation in the heart of the U.S. empire

      tells me that the Feds/the NSA are content with the current status quo. They get to know the vast, vast majority of who is talking (privately) to who, in practically real time, along with copious details on the endpoint devices, should they deem tailored access operations/TAO a necessary addition to their surveillance to fully compromise the endpoints and get message info as well as metadata. And the handful of people that jump through the hoops of

      1. Enabling sealed sender
      2. Enabling “allow sealed sender from anyone”
      3. Routing app traffic over an anonymizing overlay network (and ideally having their recipients also do so)

      can instead be marked for more intensive human intelligence operations as needed.

      Finally, the requirement of a phone number makes the Fed’s/the NSA’s job much easier for getting an initial “fix” on recipients that they catch via attempts to surveil the anonymizing overlay network (as we know the NSA tries to). If they get even one envelope, they know which phone company to go knocking on to get info on where that number is, who it belongs to, etc.

      This too can be subverted by getting burner SIMs, but that is a difficult task. A task that could be obviated if Signal instead allowed anonymous sign-ups to its network.

      That Signal has pushed back hard on every attempt to remove the need for a phone number tells me that they have already been told by the Feds/the NSA that that is a red line, and that, should they drop that requirement, Signal’s days of being a cushy non-profit for petite bourgeois San Francisco cypherpunks would quickly come to an end.

      • Dessalines
        210 months ago

        Anyone who has any experience with centralized databases, would be able to tell you how useless sealed sender is. With message recipients and timestamps, it’d be trivial to discover who the senders are.

        Also, signal has always had a cozy relationship with the US (radio free asia was it’s initial funder) . After yasha levine posted an article critical of signal a few years back, RFA even tried to do damage control at a privacy conference on signal s behalf:

        Libby Liu, president of Radio Free Asia stated:

        Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.

        These are high-up US government employees trying to further spread signal.

        You can read more about this here.

      • Possibly linuxEnglish
        010 months ago

        Law enforcement doesn’t request data frequently enough in order to build a social graph. Also they probably don’t need to as Google and Apple likely have your contacts.

        Saying that it is somehow a tool for mass surveillance is frankly wrong. It has its issues but it also balances ease of use. It is the most successful secure messager out there. (WhatsApp doesn’t count)

        Sure it has problems. I personally don’t understand there refusal to be on F-droid. However, phone numbers are great for ease of use and help prevent spam. You need to give your personal information to get a phone number. Signal also has very nice video calls which no other messager can seem to replicate.

        • Preston Maness ☭English
          010 months ago

          Law enforcement doesn’t request data frequently enough in order to build a social graph. Also they probably don’t need to as Google and Apple likely have your contacts.

          They don’t need to request data. They have first-class access to the data themselves. Snowden informed us of this over a decade ago.

          Saying that it is somehow a tool for mass surveillance is frankly wrong.

          Signal per se is not the mass surveillance tool. Its dependence on Google is the mass surveillance tool.

          However, phone numbers are great for ease of use and help prevent spam.

          And there’s nothing wrong with allowing that ease-of-use flow for users that don’t need anonymity. The problem is disallowing anonymous users.

          • Possibly linuxEnglish
            010 months ago

            Signal is not dependent on Google. Also to my knowledge Signal isn’t part of AT&T

                • Preston Maness ☭English
                  110 months ago

                  If that were the case Molly FOSS wouldn’t exist

                  I’m not speaking of hard dependence as in “the app can’t work without it.” I’m speaking to the default behavior of the Signal application:

                  1. It connects to Google
                  2. It does not make efforts to anonymize traffic
                  3. It does makes efforts to prevent anonymous sign-ups

                  Molly FOSS choosing different defaults doesn’t change the fact that the “Signal” client app, which accounts for the vast majority of clients within the network, is dependent on Google.

                  And in either case – using Google’s Firebase system, or using Signal’s websocket system – the metadata under discussion is still not protected; the NSA doesn’t care if they’re wired into Google’s data centers or Signal’s. They’ll be snooping the connections either way. And in either case, the requirement of a phone number is still present.

                  Perhaps I should restate my claim:

                  Signal per se is not the mass surveillance tool. Its dependence on Google design choices of (1) not forcing an anonymization overlay, and (2) forcing the use of a phone number, is the mass surveillance tool.

      • ☆ Yσɠƚԋσʂ ☆
        -110 months ago

        Incidentally, this explains why Signal insists that the app has to be installed through the Play store as opposed to f-droid.

        • Preston Maness ☭English
          010 months ago

          Strictly speaking, you can download it directly from their website, but IIRC, the build will still default to trying to use Google Play Services, and only fall back to a different service if Google Play Services is not on the device. Signal really, really wants to give Google insight into who is messaging who.

    • @ZeroHora@lemmy.mlEnglish
      010 months ago

      It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.

      That’s fuck up. I always found bad to have the phone number as requirement but that’s make a lot of sense.

  • @ByteOnBikes@slrpnk.net
    110 months ago

    This is a very rude question, but on this subject of being lean, I looked up your 990, and you pay yourself less than … well, you pay yourself half or a third as much as some of your engineers.

    Yes, and our goal is to pay people as close to Silicon Valley’s salaries as possible, so we can recruit very senior people, knowing that we don’t have equity to offer them. We pay engineers very well. [Leans in performatively toward the phone recording the interview.] If anyone’s looking for a job, we pay very, very well.

    But you pay yourself pretty modestly in the scheme of things.

    I make a very good salary that I’m very happy with.

    That’s pretty cool. But knowing the number would matter.

    • @rottingleaf@lemmy.world
      110 months ago

      Maybe the US government (or even “deep state” or something) has realized that making everyone use insecure devices for easier surveillance is as smart as forbidding fire exits so that people would be easier to arrest.

      I haven’t heard too many bad things about Signal.

      Various dictatorships want to simply read correspondence because the social graphs producing actual value and keeping stability in our world, and also protecting their embezzled value stored abroad, are all abroad too, and they won’t hurt these. Some politicians in the west want to invade privacy for the same reason - what they embezzle is stored in ways unaffected by insecure communications in their own countries.

      But if you are part of some establishment, even if not well-meaning, you are interested to protect the system from outright erosion, meaning secure communications.

      Other than that, WhatsApp and FB Messenger are owned by Zuck and he’s become too big to tolerate, Telegram is an African brothel with no protection and plenty of diseases, and in general it’s all corporate around.

      Let’s please also remember that there are people of various views and interests in every organization and force.

    • ☆ Yσɠƚԋσʂ ☆
      010 months ago

      I find it intriguing that the people will scrutinize messaging platforms such as Telegram, and explain in detail how one should not entrust their messages’ encryption keys to these services. Yet, these same people seem unable to comprehend the concerns regarding Signal server having access to phone numbers of its users. The fact that these people are able to perceive potential vulnerabilities in one platform while remaining oblivious to similar concerns on another highlights that their arguments are more ideological than rational.

      • Dessalines
        110 months ago

        For sure. I’m convinced signal is supported mainly for the same reason’s apple products are: it’s got a shiny user interface and it’s simple to use. That let’s them overlook all the privacy dangers behind the curtain.

        A gigantic US-based service based on phone-number(meaning real identity) identifiers.

        • ☆ Yσɠƚԋσʂ ☆
          110 months ago

          Exactly, it takes a lot of credulity to believe that the US government would just altruistically develop and fund a messaging platform that genuinely respects privacy. I recall somebody was talking about how collecting metadata is basically equivalent to having a private investigator follow you around, and I think that’s a great analogy. People tend to fixate on the content of the conversations, but the reality is that knowing who talks to whom is just as valuable.

    • @refalo@programming.dev
      110 months ago

      She has her hand in too many strategic places, unlike Telegram.

      employed at Google for 13 years

      speaker at the 2018 World Summit

      written for the American Civil Liberties Union

      advised the White House, the FCC, the FTC, the City of New York, the European Parliament, and many other governments and civil society organizations

    • @mipadaitu@lemmy.worldEnglish
      010 months ago

      Not that the action against Telegram is right, but there’s a big difference between what Signal and Telegram is doing.

      • OtterEnglish
        010 months ago

        Would you have more info on the differences? I was wondering the same thing, but I don’t know enough about Telegram to compare

        • @unconfirmedsourcesDOTgov@lemmy.sdf.org
          110 months ago

          I’m no authority on it but from what I’ve read it seems to have more to do with the social features of telegram where lots of content is being shared, both legal and illegal. Signal doesn’t have channels that support hundreds of thousands of people at once, nor media hosting to match.

          • socsaEnglish
            110 months ago

            Right, the French authorities are going to present evidence that this dude was aware of specific illegal activity and refuse to comply with a legal warrant involving said actively, making him guilty of obstruction at best, and possibly conspiracy. Signal complies with warrants, they just don’t have anyone’s keys. Telegram has everyone’s keys, and theoretically could turn them over but they refuse. That’s a huge difference from a legal perspective.

            • @unconfirmedsourcesDOTgov@lemmy.sdf.org
              110 months ago

              Thank you. I’m going to restate your explanation to be sure I’ve got it:

              • authorities want platforms to comply with legal requests
              • when Signal gets a subpoena, they open the key locker and show that it’s empty. They provide the metadata they can (sign up date and last seen date, full stop) and tell authorities they can’t do better.
              • when Telegram gets a subpoena, they open the key locker and show all the keys, then slam it shut in the face of the investigator, telling them to get bent.
              • conclusion: it’s easier to never have the keys in the first place than to tease the government with them
        • @pimeys@lemmy.nauk.io
          010 months ago

          Signal always responds to authorities when they ask for data, and they give them all they have: the day they registered, their phone number and the timestamp they last used the app.

          Telegram has unencrypted channels of drug dealing, and what I heard is a lot of illegal porn too. The authorities want information on certain users there and Telegram doesn’t comply. This is directly against the law Signal is not breaking, because they always send all the data they have to the law enforcement.

          • sunzu2
            110 months ago

            while not wrong context matters, US social media companies also enable human, weapons, and drug trafficking. they play a role in a few genocides too.

            but the western regime does not care.

            • @pimeys@lemmy.nauk.io
              110 months ago

              But they give their data when the officials ask. That is all that matters. And I seriously hope none of us uses Telegram or WhatsApp to any discussions. Use Signal because that is so far pretty unbreakable.

              Telegram is already in the hands of that tiny Russian old man and WhatsApp is owned by a lizard.

          • @rottingleaf@lemmy.world
            -210 months ago

            Telegram is a propaganda weapon in some sense, between two worldviews - one is “a good service doesn’t require trust, because they physically can’t sell you”, another is “a good service you can trust because they won’t sell you”. And Telegram helps the latter.

            So frankly - kill it with fire. Sadly I’m in Russia and everybody uses it here.

        • @gedaliyah@lemmy.world
          110 months ago

          The folks at F-Droid have said that Signal would certainly qualify, but Signal doesn’t want multiple channels out there. F-Droid is just honoring their wishes.

        • @toasteecup@lemmy.worldEnglish
          010 months ago

          Are you developing your opinions based on vibes or have you actually audited their software yourself (you are free to do so both client and federation server code)?

          If you audited it, have you produced an actual report with metrics and points of reference for your data points?

          • southsamurai
            010 months ago

            This person has been running around spreading FUD in every post about this

              • @rottingleaf@lemmy.world
                010 months ago

                It’s actually sad, even though I’m a libertarian, tankies and in general marxists could have made a good input into our future. But if they can believe in Telegram being secure because of vibes and not even doing basic research, they’ve already lost.

                • @toasteecup@lemmy.worldEnglish
                  110 months ago

                  Heeey I am also a libertarian, I just tend towards left libertarian. Back to the point of discussion, I find it difficult to ha e a meaningful conversation with the tankies or in general anyone from lemmy.ml . The discussions tend to lack any real data and feel entirely vibe based OR it’s apologist bullshit for Russia.

                  Like it’s cool if you like communism and have a philosophy based around why you think it’ll help humanity. I can politely disagree but still listen and discuss. It’s quite another to just be a complete dipshit and say “Ukraine had the invasion coming” (actual quote I’ve seen).

    • ☆ Yσɠƚԋσʂ ☆
      010 months ago

      The very fact that there have never been any attempts in the west to stop Signal from operating says volumes in my opinion.

    • @TCB13@lemmy.worldEnglish
      -110 months ago

      They won’t there’s no need. Their clients are garbage and they’re most likely backdoored anyways. This action against Telegram is only happening because they can’t get inside it, they can’t backdoor it nor corrupt anyone. If they were able to do that they wouldn’t be doing this.

      • @ArchAengelus@lemmy.dbzer0.com
        110 months ago

        No matter how good the protocol or client encryption, your privacy is only as good as your own physical security for the device in question.

        Given that if you lose your private key, there is no recovery, I would be surprised if there were real back doors in the clients. Maybe unintentional ways to leak data, but you can go look for yourself: https://github.com/signalapp/Signal-Android

        They have one for each client.

        • @TCB13@lemmy.worldEnglish
          -110 months ago

          If you don’t turn on the secret chat feature it wont be, yes. However if E2EE was the only deciding factor for a gov to go against an App then they woudln’t be going after Telegram. The fact that govts are going so hard at telegram simply proves that even when the company has access to all our chats they don’t actually provide them to said govts.

          I’m not saying telegram is good from a security perspective, I’m just saying that event without E2EE and all the modern wonders govts can’t still get in because the company doesn’t indulge their requests.

  • @istanbullu@lemmy.ml
    010 months ago

    Signal’s hostility to third party clients is a huge red flag.

    They also refuse to distance themselves from Google’s app store.

    • ᗪᗩᗰᑎ
      110 months ago

      That’s outdated information:

      Go forth and contribute, fork, or create your own.

      They also refuse to distance themselves from Google’s app store.

      This link has existed forever at this point if we count in internet years: https://signal.org/android/apk/ - getting an app directly from the developer with no middleman is about as distant as you can get from Google’s app store.

  • @sumguyonline@lemmy.world
    -110 months ago

    Signal is compleletly compromised through spell check on 99% of OEM smart devices. Spell check can see what your typing word by word, and signal uses it. Feds are 100% using spell check to view your private messages. And by feds I mean every government on earth with a computer.

  • @coolusername@lemmy.ml
    -210 months ago

    0% chance that the feds don’t have Signal backdoors, otherwise Wired wouldn’t be promoting it. fyi everyone Proton is CIA. It’s modern cryptoAG.