Comment by tamimio
2 years ago
> Signal protects you from eavesdropping and data hoarding
Do they?! We can ask Tucker Carlsons about that https://www.reddit.com/r/signal/comments/16evuej/did_the_nsa...
As long as you can’t host and use your own server, you should never assume that.
> There are benefits of the choices they’ve made, namely ensuring that most users of the service are “real people”
You communicate with your colleagues and clients over emails and you know they are real, you probably play games too and use discord and you know they are real, meanwhile you can be talking to bot in twitter that they are registered with a “real” phone number.
> Do they?! We can ask Tucker Carlsons about that https://www.reddit.com/r/signal/comments/16evuej/did_the_nsa...
A lot of people in the comments have things to say about that video.
Personally, I wouldn't trust anything that comes out of Tucker's mouth.
Focus on the issue, not the person (Tucker), you might not trust a person which is fair, but you are still trusting Signal’s server, you can NEVER know if they have a memory injection backdoor running in there, you can audit the code as much as you want and it still passes, yet, the messages are compromised.
There are ways of getting messages without breaking Signal or using a backdoor. One of them is getting the messages from the other party(ies) involved. You can't protect yourself from this even if you self host. Something else that might happen is you ending up with your phone hacked because you're talking with someone close to Putin.
The only way to know for sure is for you to create an alternative service, write all code yourself, and host everything without ever leaving your server alone. And even then you can't be sure you haven't been hacked.
On a side note, if we're getting information from someone that lies a lot and often leaves out details that don't fit the narrative, then perhaps we should also look at the person, not just the issue.
1 reply →
Signal makes the app open source and you can build it yourself and use it. The messages are E2EE so we don't need to trust the server in the same way because they aren't being decrypted there. They can't have the key. They could be logging the messages and metadata, but that's a different argument. And it really would come down to the NSA being able to hack AES with a quantum encryption (though I don't think this was out at that time). So I have pretty good reason to trust signal despite there still being some gray areas that I could still want more light on. It's just that we're the shadows are I'm unconvinced it could undermine the whole system. You can't fit an elephant in the shadow of a mouse.
On the other hand Tucker isn't even being consistent in his telling of the story. He says that he hasn't told anyone and makes a big deal to even mention his wife, so we think even his closest confidants. But then what message did he send over signal that was extracted? The personal notes? There's also much more reasonable pathways for the NSA to get that information. If he's researching and just storing notes on signal he's still leaving breadcrumbs somewhere. He's a popular news host so I'd be surprised if the NSA hasn't tried to compromise his whole phone, and signal only protects your messages in transit. The only evidence we have is his word that someone from the NSA told him. Which itself would be really weird because it'd completely undermine that capability or imo a more likely explanation is someone is lying. Gov does disinformation all the time and convincing people a secure channel isn't seems pretty useful since they'll turn to easier methods.
So I don't have to rely on my distrust of Tucker or his history of misinformation. If this was my only and first encounter there's more than enough for me to be suspicious in just his telling.
[dead]