this post was submitted on 09 Jan 2025

83 points (98.8% liked)

Privacy

32653 readers

553 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Telegram Hands U.S. Authorities Data on Thousands of Users (www.404media.co)

submitted 18 hours ago by [email protected] to c/[email protected]

103 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 10 points 11 hours ago (2 children)

You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.

[–] [email protected] -3 points 3 hours ago* (last edited 3 hours ago) (1 children)

I agree it's a problem, but not for any of the reasons you listed. A phone number is not metadata, it's just data. In order to request information associated with your phone number, they would have to know it already, because there's no other identifier. In order to be metadata, there would have to be other information connected to that data, which there isn't (in Signal), other than the date you signed up and the last time you connected to their server. They don't know who you talk to or when, thus no network connections.

[–] [email protected] 5 points 3 hours ago (1 children)

Phone numbers are metadata, and the fact that you don't even understand this shows that you have no business making uninformed comments on this subject. Metadata is understood to be data that's associated with messages being sent, but isn't the content of the messages themselves.

In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.

One has to be an incredibly gullible individual to actually believe this. You have no way to audit the server, and security cannot be based on trust. If a company has a way to store and use the information it collects it has to be assumed that it is doing so. Signal is very obviously in a position to do this. Once the phone number is collected, it's associated with your account. Any time you send a message through signal to another account that's a connection in the graph of your social network.

Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US. If they have a person of interest and they know their identity, they can trivially use the metadata collected by Signal to see whom this person wants to have private conversations with.

Ignorant people such as yourself confidently speaking on subjects they don't understand present a public danger to society.

[–] [email protected] -3 points 3 hours ago (1 children)

Metadata is understood to be data that's associated with messages being sent

That's incorrect. Metadata is literally "data about the data". There is not data associated with the phone number (data). The fact that you don't even understand this shows that you have no business making uninformed comments on this subject.

One has to be an incredibly gullible individual to actually believe this.

No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.

Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US

Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.

Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.

[–] [email protected] 4 points 3 hours ago (1 children)

That’s incorrect. Metadata is literally “data about the data”.

Yes, the phone number is data about the user sending the message. Let me know if you need me to use smaller words to explain this to you.

No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.

This has nothing to do with encryption. The phone number is being handed over by the user to the server. You're making it very clear that have absolutely no clue regarding the subject you're attempting to debate here.

Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.

Signal server has to keep a graph of connections between the accounts in order to route messages between them. The messages are not delivered peer to peer.

Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.

No, my entire argument is based on basic security practices that anybody who's ever dealt with security would understand. Please stop embarrassing yourself.

[–] [email protected] -3 points 3 hours ago (1 children)

the phone number is data about the user sending the message

No it isn't. If someone gets information associated with that phone number, they get it from somewhere else, not Signal. Let me know if you need me to use smaller words to explain this to you.

Signal server has to keep a graph of connections between the accounts in order to route messages between them.

No it doesn't. You're making it very clear that have absolutely no clue regarding the subject you're attempting to debate here.

No, my entire argument is based on basic security practices that anybody who's ever dealt with security would understand.

No it isn't. Please stop embarrassing yourself.

[–] [email protected] 3 points 3 hours ago (1 children)

If someone gets information associated with that phone number, they get it from somewhere else, not Signal.

Unless you're in a position to audit what the Signal server does with that data, which you're not, then you're just spewing nonsense here. You do not know what the server does with the information it collects.

No it doesn’t. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.

You are in no position to make that claim because you do not know what the server is doing with that data. The fact that you keep repeating this nonsense over and over isn't going to make it true baby Goebbels.

No it isn’t. Please stop embarrassing yourself.

The fact that you don't understand that security isn't based on trust, clearly shows who's actually embarrassing themselves.

[–] [email protected] -3 points 3 hours ago (1 children)

Unless you're in a position to audit what the Signal server does with that data, which you're not

I don't have to be. Lots of people, public and private, who are far more knowledgeable than me, already have. You're assuming they're doing something nefarious but you have zero evidence to back that up. You're just spewing nonsense here. The fact that you keep repeating this nonsense over and over isn't going to make it true baby Goebbels.

The fact that you don't understand there is no trust, clearly shows who's actually embarrassing themselves.

[–] [email protected] 3 points 2 hours ago

I don’t have to be. Lots of people, public and private, who are far more knowledgeable than me, already have.

Literally nobody outside Whisper has access to the server, and therefore nobody outside Whisper knows what the server does. The fact that you don't understand this basic fact is frankly embarrassing.

You’re assuming they’re doing something nefarious but you have zero evidence to back that up.

As I've repeatedly explained to you in this thread, security cannot be based on trust. If data is available to an attacker then the system has to be assumed to be compromised. If you understood first thing about security you'd understand that this is a fundamental point.

The fact that you just keep regurgitating back what I write to you shows that you have all the intellectual capacity of a chat bot.

[–] [email protected] -1 points 9 hours ago* (last edited 9 hours ago) (1 children)

In my book a phone number is not "vast amounts of metadata" but I see your point. Again, I have never seen someone describing Signal as a “paragon of privacy and security” 9usually it's presented as an improvement over SMS) but if they do I will put on my Trilby and correct them.

[–] [email protected] 8 points 8 hours ago (2 children)

It's the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I've seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.

[–] [email protected] 7 points 6 hours ago (1 children)

fed

[–] [email protected] 6 points 4 hours ago

What's funny is this is pretty out in the open, and ppl don't realize it. When Yasha Levine criticized signal, the president of Radio Free Asia (a US government propaganda org), sent this out, openly pushing Signal to european internet freedom communities:

Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.

And I remember you mentioned before, Meredith Whittaker, president of the Signal Foundation, holds interviews with US defense-department think tanks.

[–] [email protected] -4 points 3 hours ago* (last edited 3 hours ago) (1 children)

I've seen plenty of people advocate using Signal as the best option for privacy.

Because it is the gold standard, and recognized by many as much.

And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.

because by making people feel unsafe using it, you are actually making them less safe.

[–] [email protected] 4 points 3 hours ago (1 children)

thank you for providing a concrete example of the nonsense I'm referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.

[–] [email protected] -3 points 3 hours ago (1 children)

Thank you for continuing to not put forward any sort of legitimate retort and responding only with insults instead. Super helpful.

[–] [email protected] 3 points 3 hours ago (1 children)

What possible legitimate retort is there to give to some body using ad populum fallacy as a form of argument.

[–] [email protected] -3 points 3 hours ago (1 children)

How about literally any form of evidence?

[–] [email protected] 3 points 3 hours ago

Evidence of what?