Technology

37705 readers

95 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

246

Privacy is Priceless, but Signal is Expensive (signal.org)

submitted 11 months ago* (last edited 11 months ago) by [email protected] to c/[email protected]

113 comments fedilink hide all child comments

We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 20 points 11 months ago (1 children)

It's difficult to maintain privacy in a P2P environment. In naive implementations, your IP address will be visible to all the peers you connect to. This is the case in e.g. BitTorrent.

Signal has this issue with video/voice calls as well; by default they operate on a P2P basis for performance reasons, and they expose your IP address to the second party. Signal has an option in the settings to relay voice/video calls through their servers specifically to mitigate this.

There are some workarounds for anonymizing P2P, like routing through Tor or I2P. Tor, however, has known exploits and is probably not suitable if you need to hide your activity from advanced adversaries like world governments (e.g. political dissidents, journalists, etc.)

I2P sounds interesting but I'm not deeply familiar with it. I understand that I2P clients also act as relay nodes, which puts an additional bandwidth burden on users. I'm not sure if I2P is more resilient against government-level attacks than Tor. I'd be interested to hear from anyone who is more familiar with the protocol.

[+] [email protected] 10 points 11 months ago* (last edited 1 week ago) (3 children)

[deleted]

[–] [email protected] 11 points 11 months ago

If you're using it for personal correspondence with people you know and trust, that's probably fine. However, a secure and private communications platform should support more extreme use cases as well.

If you're a journalist, for example, you might need to communicate with people you do not know or trust. You could realistically be talking to someone who wants to kill you, or who is being monitored by people who want to kill you, particularly if you are covering high-profile political issues or working with whistleblowers (or are yourself a whistleblower). Even revealing information as broad as what city you're in (which would be revealed by your IP address) could be a risk to your physical safety.

Even though I do not personally face such high-level threats in my life, I feel better using services that allow for the possibility. Privacy is a habit, and who knows what tomorrow might bring?

[–] [email protected] 3 points 11 months ago

A MitM sniffer would be able to see the source and destination IP addresses, not just the person you're chatting with. Even if the data is encrypted, P2P is still vulnerable to a layer 3 attack.

[–] [email protected] 1 points 11 months ago (1 children)

Will the same apply if you're in a lot of open group chats though?