Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: https://text.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases

Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it’s important.

https://xcancel.com/hannahcrileyy/status/2034273723667161480#m

  • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
    614·
    25 days ago

    A reminder that your phone number is metadata. And people who think metadata is “just” data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.

    By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.

    Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.

    Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand.

    So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that it operates using a centralized server located in the US should worry people far more than it seems to.

    The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal’s intentions are pure, we’d never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.

  • theherk@lemmy.world
    409·
    25 days ago

    More anti-signal propaganda? Who is claiming it can’t be associated to a user. The messages are private, not anonymous.

    • Natanael@slrpnk.net
      101·
      25 days ago

      It does use deniable encryption, but that stops working as a defense the second they take your phone and copy all logs from your device.

      And large group chats relies on how well you can vet participants more than it relies on encryption itself, and if they’re too large they may as well not be encrypted.

      • MeowZedong@lemmygrad.mlEnglish
        4·
        25 days ago

        Orgs in my town have seen this first-hand. People are out here learning secure comm practices the hard way.

  • floquant@lemmy.dbzer0.com
    377·
    25 days ago

    I really don’t get the big “use signal” push at this point in time because even if it’s private and the encryption is solid, it’s a fucking American company. It’s so easy for letter agencies to get information on their users from them, don’t you realize that they can’t refuse to give out your number if they ask for it and that once they have that your identity and location are immediately and thoroughly compromised? If you are subject to US jurisdiction and could be seen in any way as opposing its government, I really don’t think you should be using it.

    • ☂️-@lemmy.ml
      121·
      25 days ago

      i’m convinced the big push for signal is a CIA op. not that it’s necessarily signal’s fault, it could be and it could not, but setting signal as the defacto private alternative is weird.

      better than whatsapp at least i guess, but that’s a low ass bar to clear.

      • Dessalines@lemmy.ml
        81·
        25 days ago

        We know it’s an op, RFA does damage control for signal:

        Libby Liu, president of Radio Free Asia stated:

        Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s critical] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.

    • mister_flibble@sh.itjust.works
      41·
      24 days ago

      Because the other options most people are aware of are by and large even worse? Would you prefer people were sending this shit over Facebook messenger?

  • minorkeys@lemmy.world
    26·
    24 days ago

    Privacy is proof of terrorism. The state, and it’s corporate allies, need to have access to your innermost thoughts, the things about you even you don’t know, for national security reasons. This is totally normal and not something to resist. Vote republican.

  • Natanael@slrpnk.net
    206·
    25 days ago

    What evidence do you have that Signal collects anything? Traffic logs from the app or something?

    • wildbus8979@sh.itjust.works
      113·
      25 days ago

      Signal doesn’t need to, you need to trust the whole chain. You’ll need to trust AWS, you need to trust Intel SGX, etc

      • Natanael@slrpnk.net
        82·
        25 days ago

        At that point you can rely on nothing but Tor or I2P

        Nothing else hides metadata better than Signal, without involving large networks of independent nodes that participate in Sybil resistant routing. The only thing that gets close is threshold schemes where you still need multiple independent entities running servers.

    • akilou@sh.itjust.works
      413·
      25 days ago

      You can check if a number is registered with Signal just by having Signal and starting a chat with that number

  • RosaLuxemburgsGhost@lemmy.mlEnglish
    12·
    24 days ago

    The Prairieland case was an important case for the capitalist state of US Imperialism. It was a litmus test, a threat, to all people who dare criticize and challenge its rule within the belly of the beast. Just like the Iran war, which is about control over the region, and beating back any neo-colonial governments who don’t fall in line with the wishes of US Imperialism….this is the US government waging similar class war at home.

  • davel [he/him]@lemmy.mlEnglish
    1812·
    25 days ago

    Some people are very protective of Signal.

    • Reason: Disinformation
    • Reason: privacy rule #3: “Try to keep things on topic”
    • Reason: Misinfo, alarmism
    • Reason: This is harmful disinformation

    Why not Signal?

    • DJ Putler@lemmy.mlOPB
      4·
      25 days ago

      I wouldn’t bet my life on GrapheneOS in person despite being a fan of the project due to wanting to treat my phone as a computer

      *actually forgot to mention they charged the duress password guy with destruction of evidence this isn’t speculative at all lmao

      • f3nyx@lemmy.ml
        3·
        25 days ago

        personally, my bet is that they don’t have anyone qualified enough to pull off an exploit like that (on me).

        the problem with my bet: what we’ve seen is that they won’t care, and accuse individuals of terrorism based off the color of their clothes.

        • DJ Putler@lemmy.mlOPB
          1·
          24 days ago

          I just refuse to believe Google doesn’t have some kind of hardware backdoor, or that Motorola won’t once that is up and running.

          • f3nyx@lemmy.ml
            1·
            24 days ago

            hardware vulnerabilities undoubtedly exist, whether intentional or not. its simply the nature of designing these complex semiconductors.

            that said, if one company intentionally creates a backdoor, won’t they all? what phone do you buy at that point?

            any startup or small phone company may not have intentional backdoors, but I can guarantee their hardware security on all other levels pales to what apple and google can accomplish. I think the question then becomes are you more worried about google having a backdoor, or about third party compromises?

            im not a fan of our choices, there is no silver bullet.

            • Salah [ey/em]@hexbear.net
              2·
              23 days ago

              It’s about knowing that any phone can have a backdoor and being careful on how you use it. Don’t bring your phone to a protest.

      • gnuthing [they/them]@lemmygrad.mlEnglish
        2·
        22 days ago

        Yeah tails does have graphene beat, but a lot of folks see a phone as a necessity. Graphene is best if you’re gonna have a phone. It can turn off the USB port where it can’t even be charged without being off. It can reboot itself if not unlocked frequently enough, putting the phone back into a BFU state.

        Now it’s possible that there’s some exploit a state knows that is not public, but the software they generally use does not work on graphene as long as you are not running a pre-2022 version of graphene. Someone else mentioned rubber-hose cryptanalysis, but like if I’m getting beat for my unlock, then what do I care about getting charged with destruction of evidence?

      • gnuthing [they/them]@lemmygrad.mlEnglish
        1·
        22 days ago

        If you have info about someone getting a graphene phone to turn the USB back on, please share as I’d like to read about it.

        I don’t think saying the state can torture us for info is a phone security issue per se. Especially since the only way to avoid imperial state violence is to shut up and do nothing and hope they don’t come for you anyway