Greetings!
A friend of mine wants to be more secure and private in light of recent events in the USA.
They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.
But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! ✨
I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!
Thank you! ✨
Your data is routed through Signal servers to establish connections. Signal absolutely can does provide social graphs, message frequency, message times, message size. There’s also nothing stopping them from pushing a snooping build to one user when that user is targeted by the NSA. The specific user would need to check all updates against verified hashes. And if they’re on iOS then that’s not even an option, since the official iOS build hash already doesn’t match the repo.
Do you have anything to back this up?
They have to. They can’t route your messages otherwise.
They have to know who the message needs to go to, granted. But they don’t have to know who the message comes from, hence why the sealed sender technique works. The recipient verifies the message via the keys that are exchanged if they have been communicating with that correspondent before or else it is a new message request.
So I don’t see how they can build social graphs if they don’t know who the sender if all messages are, they can only plot recipients which is not enough.
Anyone who’s worked with centralized databases can tell you that even if they did add something like that, with message timestamps, it’d be trivial to find the real sender of a message. You have no proof that they even use that, because the server is centralized, and closed source. Again, if their response is “just trust us”, then its not secure.
From what I understand, sealed sender is implemented on the client side. And that’s what’s in the github repo.
How does that work? I wasn’t able to find this. Can you find documentation or code that explains how the client can obscure where it came from?
https://signal.org/blog/sealed-sender/ explains the feature.
https://github.com/signalapp/Signal-Android/issues/13842 has some links into the code base showing where sealed sender is implemented.
Your link lists all the things they don’t share. The only reasonable reading is that anything not explicitly mentioned is shared. It’s information they have, and they’re legally required to share what they have, also mentioned in your link in the documents underneath their comment.
If you open the latest instance, from August 2024, you will find a California government request, for a number of phone numbers.
The second paragraph of that very page says:
They respond to the request with the following information:
The redacted values are the phone numbers.
That is the full extent of their reply. No other information is provided, to the government request.
We can’t verify that. They have a vested interest in lying, and occasionally are barred from disclosing government requests. However, using this as evidence, as I suggested in my previous comment, we can use it to make informed guesses as to what data they can share. They can’t share the content of the message or calls – This is believable and assumed. But they don’t mention anything surrounding the message, such as whom they sent it to (and it is them who receives and sends the messages), when, how big it was, etc. They say they don’t have access to your contact book – This is also very likely true. But that isn’t the same as not being able to provide a social graph, since they know everyone you’ve spoken to, even if they don’t know what you’ve saved about those people on your device. They also don’t mention anything about the connection they might collect that isn’t directly relevant to providing the service, like device info.
Think about the feasibility of interacting with feds in the manner they imply. No extra communication to explain that they can’t provide info they don’t have? Even though they feel the need to communicate that to their customers. Of course this isn’t the extent of the communication, or they’d be in jail. But they’re comfortable spinning narratives. Consider their whole business is dependant on how they react to these requests. Do you think it’s likely their communication of how they handled it is half-truths?
California does not issue NSLs, the US federal government does. And those come with gag orders that means you will go to federal prison if you tell anyone that you’ve been asked to spy on your users.
Are you implying that Signal is withholding information from the Californian Government? And only providing the full extent of their data to the government?
This comes back to the earlier point that there is no proof Signal even has more data than they have shared.
If you don’t know what an NSL is, then you definitely shouldn’t be speaking about privacy.
It’s unfortunate that you react like this. I don’t claim to be an expert, never have. I’ve only been asking for evidence, but all we get to are assumptions and they all seem to stem from the fact that allegedly the CIA has indirectly funded Signal (I’m not disputing nor validating it).
The concern is valid, and it has caused a lot of distrust in many companies due to the Snowden leaks, but that distrust is founded in the leaks. But so far there is no evidence that Signal is part of any of it. And given the continued endorsement by security experts, I’m inclined in trusting them.
Snowden explicitly endorsed Signal, too - and as far as I know he’s never walked that endorsement back.
I think Dessalines most recent comment is fair even if it’s harsh. You should understand the nature of a “national security letter” to have the context. The vast majority of (USA) government requests are NSLs because they require the least red tape. When you receive one, it’s illegal to disclose that you have, and not to comply. It requires you to share all metadata you have, but they routinely ask for more.
Here’s an article that details the CIA connection https://www.kitklarenberg.com/p/signal-facing-collapse-after-cia
The concern doesn’t stem from the CIA funding. It’s inherit to all services operating in or hosted in the USA. They should be assumed compromised by default, since the laws of that country require them to be. Therefore, any app you trust has to be completely unable to spy on you. Signal understands this, and uses it in their marketing. But it isn’t true, they’ve made decisions that allow them to spy on you, and ask that you trust them not to. Matrix, XMPP and SimpleX cannot spy on you by design. (It’s possible those apps were made wrong, and therefore allow spying, but that’s a different argument).