Even State Department-funded Human Rights Watch admits that authorities combine legal and illegal methods to obtain convictions: https://text.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases

Combining dragnet surveillance with device hacking is intended in the design of both tools. Hence, State Department-funded Signal dupes you into handing over your identity as part of the population-centric mapping. In custody, your phone will be hacked when it is taken away if it’s important.

https://xcancel.com/hannahcrileyy/status/2034273723667161480#m

  • minorkeys@lemmy.world
    1·
    11 minutes ago

    Privacy is proof of terrorism. The state, and it’s corporate allies, need to have access to your innermost thoughts, the things about you even you don’t know, for national security reasons. This is totally normal and not something to resist. Vote republican.

  • floquant@lemmy.dbzer0.com
    27·
    9 hours ago

    I really don’t get the big “use signal” push at this point in time because even if it’s private and the encryption is solid, it’s a fucking American company. It’s so easy for letter agencies to get information on their users from them, don’t you realize that they can’t refuse to give out your number if they ask for it and that once they have that your identity and location are immediately and thoroughly compromised? If you are subject to US jurisdiction and could be seen in any way as opposing its government, I really don’t think you should be using it.

    • ☂️-@lemmy.ml
      8·
      5 hours ago

      i’m convinced the big push for signal is a CIA op. not that it’s necessarily signal’s fault, it could be and it could not, but setting signal as the defacto private alternative is weird.

      better than whatsapp at least i guess, but that’s a low ass bar to clear.

      • Dessalines@lemmy.ml
        2·
        2 hours ago

        We know it’s an op, RFA does damage control for signal:

        Libby Liu, president of Radio Free Asia stated:

        Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s critical] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.

    • rumba@lemmy.zipEnglish
      20·
      7 hours ago

      All giving out your number provides is that you have ever used Signal.

      They’re saying ever using a private chat service is terrorism. That’s not really on Signal.

      • floquant@lemmy.dbzer0.com
        6·
        5 hours ago

        All your phone number provides is that you have ever used signal? Not what tower you’re connected to and therefore approximate realtime location? Your full identity via your telco? Social graph and history of your calls and texts?

        I’m not saying it’s their fault or that they are volunteering any information, but that’s how it is for any US-based corporation (doesn’t matter if it’s a nonprofit, any legal entity that can be subpoenaed)

        • jabberwock@lemmy.dbzer0.com
          2·
          1 hour ago

          This is fundamentally not how Signal works, but you are generally correct in that a phone number has been shown to provide a lot of context for a person (or a device, at least). But Signal (the app) only uses a phone number for initial verification of an account. You have a lot of options to break that association with you - use a landline and get a call verification code, use a VoIP number (assuming you trust the provider), use a burner SIM, etc.

          Once you have an account, you can choose to identify yourself on the network solely via username so the registration number is not presented to other users. The Signal protocol itself is well-audited and generally secure.

          If your issue is with Signal the American company, use an open source fork like Molly with your own UnifiedPush instance. Then you’re only trusting them with transport of your encrypted messages, which again have shown to be secure at least in public audits.

        • xthexder@l.sw0.com
          9·
          5 hours ago

          The government already has access to every phone number in existence. They can already track every phone to figure out who attended a protest or whatever. Filtering down to “all phone numbers who’ve ever connected to Signal” doesn’t exactly narrow anything down. They don’t have any metadata about who you were chatting with.

          • SpookyBogMonster@lemmy.ml
            6·
            5 hours ago

            The government already has access to every phone number in existence

            They used to publish them in big books, even

          • ☂️-@lemmy.ml
            2·
            45 minutes ago

            government already has access to every phone number in existence

            that’s precisely why you should not trust services that require it as private. phone number = identification.

            plus apparently your government considers you a terrorist if you do.

        • rumba@lemmy.zipEnglish
          1·
          3 hours ago

          If the only data surfacable from Signal is the phone number, not the crypto conversation, they didn’t source you on signal and get your number, they got your number through other means and used it to prove you use signal.

          They can’t see the conversation to contents to supoena the number to id.

      • floquant@lemmy.dbzer0.com
        5·
        5 hours ago

        Sorry but both points are irrelevant, nonprofit foundations can still be forced to turn over user information. That is part of following the law so nothing that would need to be hidden to auditors, unless you were talking about encryption audits which is completely besides the point

        • xthexder@l.sw0.com
          7·
          5 hours ago

          The audits determined they don’t have any user information to provide. You can see this in previous government requests where the only thing provided was a timestamp of last connection to the network.

        • syzygy@lemmy.mlEnglish
          7·
          5 hours ago

          What data is there for Signal to turn over? Can you prove that they’re keeping messages or logs on their servers that have ‘disappeared’ from all the associated devices?

          • Dessalines@lemmy.ml
            2·
            2 hours ago

            Your entire social network graphs, and timestamped message history.

            No one can “prove” signal doesn’t store everything. If you give me ssh access to their server, then I can verify. Otherwise it’s “just trust me bro”.

  • davel [he/him]@lemmy.mlEnglish
    17·
    9 hours ago

    Some people are very protective of Signal.

    • Reason: Disinformation
    • Reason: privacy rule #3: “Try to keep things on topic”
    • Reason: Misinfo, alarmism
    • Reason: This is harmful disinformation

    Why not Signal?

  • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
    53·
    13 hours ago

    A reminder that your phone number is metadata. And people who think metadata is “just” data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.

    By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.

    Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a “person of interest” for any reason, they instantly have your entire social circle mapped out.

    Worse, the act of seeking out encrypted communication is itself a red flag. It’s a perfect filter: “Show me everyone paranoid enough to use crypto.” You’re basically raising your hand.

    So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that it operates using a centralized server located in the US should worry people far more than it seems to.

    The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal’s intentions are pure, we’d never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.

  • James R Kirk@startrek.websiteEnglish
    127·
    16 hours ago

    This is total alarmist misinformation. The “evidence of terrorism” was not “using Signal” or “carrying a first aid kit”, it was taking part in an armed assault on an immigration facility where a dozen people set off fireworks and shot a police officer with an AR-15.

    The prosecution used the presence of the first aid kit they carried during their armed assault, along with actual messages (not metadata) from a Signal chat to make the case that the attackers planned on using violence.

    There are a lot of problems with this case, IMO the most dangerous part here is that adds legitimacy the (false) idea that “antifa” is an organization that exists. Something the Trump administration has been struggling to prove. This X post takes small details out of context.

    1. Don’t trust anything ever posted to X. Especially something that discourages the use of private messaging apps.

    2. I highly recommend everyone report this this post to your admins and strongly recommend all instance admins ban/warn accounts like OP. If we want the fediverse to catch on it needs to be more factual, not knee jer.

    • 0_o7@lemmy.dbzer0.comEnglish
      1·
      3 hours ago

      along with actual messages (not metadata) from a Signal chat to make the case that the attackers planned on using violence

      How did they get the actual messages? Signal chats and groups are supposed to be encrypted. I’m curious.

    • DJ Putler@lemmy.mlOP
      3·
      5 hours ago

      IDK why it is alarmist misinformation to point out that the people doing this have the strongest spyware/phone cracking tools in the world, information about who owns phone numbers, access to AWS (a US military contractor currently being affected by a not insignificant missile-induced service outages), access to Firebase and Apple Websocket (latter has poor encryption and I have heard the former is also insecure), and the ability to physically bring you into custody, then lie about how they got all of these elements together in whatever order to get you behind bars. But of course the idea of actually doing something about the gestapo in your country just fills you with indignation apparently.

      X is actually the only place that you can still hear from a lot of people, like Julie K Brown a Miami Herald journalist writing about Jeffrey Epstein’s associates and their victims, thousands of foreign journalists. That probably isn’t important to you since it isn’t about Star Trek and toys. I get all of the posts through a server called RSSHub combined with numerous other websites (like this one), which are piped directly into an actually secure messaging service. I encourage any admins to get my posts hidden from their entire instance. Don’t let your users come into my mentions! I wish that blocking instances actually WORKED. 💀

    • Skullgrid@lemmy.world
      45·
      16 hours ago

      it was taking part in an armed assault on an immigration facility where a dozen people set off fireworks and shot a police officer with an AR-15.

      based

    • Miles O'Brien@startrek.websiteEnglish
      43·
      16 hours ago

      The prosecution used the presence of the first aid kit they carried

      Insane bullshit.

      I have a kit with me every day of my life, and I’ve had to refill it many times due to using it on others.

      It would be pure coincidence that I happen to be carrying a first aid kit on any given day, and if I’m going to a peaceful protest I’m bringing my trauma kit because the entire fucking world knows how cops treat protesters.

      • James R Kirk@startrek.websiteEnglish
        16·
        15 hours ago

        I agree that bringing a first aid kit to a peaceful protest is not evidence that someone is planning violence.

        I disagree that bringing a first aid kit along with explosives and assault weapons to a planned confrontation is evidence someone was attending a peaceful protest.

        • Feyd@programming.dev
          24·
          15 hours ago

          You completely dodged the actual question. Is a first aid kit evidence of planned terrorism?

          • PapaStevesy@lemmy.world
            1·
            4 hours ago

            Depends on context. Is a fire extinguisher evidence of planned arson? Depends, was it just sitting there on its own or was it found next to a pile of fire accelerant, a box of matches, the blueprints to the nearby currently burning building, and a piece of paper with “Arson Plan” written on the top and “don’t forget fire extinguisher, just in case!” scrawled on the side? Obviously this is hyperbole, but I think my point is equally obvious.

          • James R Kirk@startrek.websiteEnglish
            4·
            7 hours ago

            I’m saying by focusing on the irrelevant first aid kit you are playing into the hands of those who seek to discourage the use of private messaging apps.

          • arrow74@lemmy.zip
            7·
            11 hours ago

            They didn’t dodge anything. They answered your question quite clearly. The answer is context matters.

            A first aid kit alone is not proof of that. The commentor did not claim that nor did the prosecution of the case. When taken in context with the other evidence and the actual actions they were able to use it as supporting evidence.

            Now in my opinion their actions were based, but obviously illegal. If I were on the jury I would have let them walk, but that’s all beside the point.

            • James R Kirk@startrek.websiteEnglish
              3·
              7 hours ago

              The fact that anyone is even debating the (completely irrelevant) first aid kit means the disinformation campaign is working.

              • arrow74@lemmy.zip
                4·
                4 hours ago

                Shockingly I can proccess more than one view at a time. While I thought the first aid kit discussion was interesting I’m still aware of other factors of the case, I’m still aware that Trump is a child rapist, and I’m still aware that we are invading Iran.

                Discussing something isn’t falling for a “disinformation campaign”.

    • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
      12·
      14 hours ago

      Thing is that there are actual privacy respecting messaging apps like SimpleX Chat. Signal isn’t one of them. It’s run by people associated with US intelligence, it’s hosted on a single server based in the US, and it actively harvests phone numbers. It’s incredible that people look at this and still claim it’s a private messaging app.

  • theherk@lemmy.world
    40·
    16 hours ago

    More anti-signal propaganda? Who is claiming it can’t be associated to a user. The messages are private, not anonymous.

    • Natanael@slrpnk.net
      9·
      13 hours ago

      It does use deniable encryption, but that stops working as a defense the second they take your phone and copy all logs from your device.

      And large group chats relies on how well you can vet participants more than it relies on encryption itself, and if they’re too large they may as well not be encrypted.

  • Natanael@slrpnk.net
    21·
    16 hours ago

    What evidence do you have that Signal collects anything? Traffic logs from the app or something?