there are probably also a few other, more recent examples that i just can’t find. but the theory is the same, signal only knows a phone number in association with an account creation date and the last sent message date. everything else is encrypted. the signal protocol has been formally verified to be secure: https://cryspen.com/post/pqxdh/. signal all in all is a very competent messenger, and there’s a reason it’s being used by dissidents, journalists and activists, even if most of those people do not actually have the energy or skills to verify the internals. what does easily get you in trouble (assuming what you’re doing is troubling) is if you have a leaky contact. it’s not hard to just screenshot messages and then publish them elsewhere.
signal only knows a phone number in association with an account creation date and the last sent message date. everything else is encrypted.
Thats not really possible. If thats all they give out, then that just means that is all that they decide to save. They have access to the servers that everyones messages pass through. They could log the IP and date for every single message sent if they wanted to, but just decide not to do it. This model fails however as soon as they are forced to save more than that.
Thats the dumbest shit ive ever heard. Every server that isnt yours is compromised. The general assumption in computer security is always that anything outside of your physical possession is compromised, especially when your opponent is the best equipped government on the planet.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
But signal knows it so they will hand it over to the police if requested…
signal doesn’t know which phone numbers contact which other phone numbers
Do you have a source for that? How would the server know who to deliver data to without being aware of the group member list?
https://signal.org/bigbrother/central-california-grand-jury/
there are probably also a few other, more recent examples that i just can’t find. but the theory is the same, signal only knows a phone number in association with an account creation date and the last sent message date. everything else is encrypted. the signal protocol has been formally verified to be secure: https://cryspen.com/post/pqxdh/. signal all in all is a very competent messenger, and there’s a reason it’s being used by dissidents, journalists and activists, even if most of those people do not actually have the energy or skills to verify the internals. what does easily get you in trouble (assuming what you’re doing is troubling) is if you have a leaky contact. it’s not hard to just screenshot messages and then publish them elsewhere.
Thats not really possible. If thats all they give out, then that just means that is all that they decide to save. They have access to the servers that everyones messages pass through. They could log the IP and date for every single message sent if they wanted to, but just decide not to do it. This model fails however as soon as they are forced to save more than that.
compromised servers are a known threat model, and not a threat in signal’s case
Thats the dumbest shit ive ever heard. Every server that isnt yours is compromised. The general assumption in computer security is always that anything outside of your physical possession is compromised, especially when your opponent is the best equipped government on the planet.