Comment by eimrine
2 years ago
> Signal protects you from eavesdropping and data hoarding
How on Earth collecting a phone number may be considered as not data hoarding?
2 years ago
> Signal protects you from eavesdropping and data hoarding
How on Earth collecting a phone number may be considered as not data hoarding?
It's a lot less like data hoarding than keeping a separate copy of your social graph. What is an adversary going to do with a list of phone numbers that are known to have signal accounts and nothing else?
Hoarding =/= collecting the bare necessities. Signal needs one piece of data to distinguish users from each other, and collects that. Hoarding would be to collect (significantly) more pieces of identifying data, more than needed to distinguish users. Signal does not appear to be doing that.
Because they don’t know anything except the phone number so all they have is a list of phone numbers which maybe people use. Quite different from Facebook reading everything you send, for example
A list of phone numbers and little money is easily exchanged to names and addresses on black market in many countries.
And how to these black markets connect the phone numbers to names? I guess from data collected from more insecure sources. So I think Signal is being responsible with their data.
Also, you need some way to log in to your account. So you need an identifier and some way to validate that you are the owner of that identity. And next to that you want to prevent spam. So I think the choice to use a phone number as an identifier for a text-messaging app that is meant to be a secure replacement of SMS is not that weird.
But let's say they are data hoarding our phone numbers, and they can get other details about us through the black market because we use other more insecure services where we suddenly don't seem to care about privacy. Then what do you think Signal does with this data? They can't resell it because they don't have anything unique, they actually need to invest money to link their database of just phone numbers to something else. And then? What malicious things will they be able to do?
Ok, now you have a list of people's names and you know they have signal installed. Google and Apple also have this (presuming you installed it via a mobile app store). Your carrier has this (from the IP addresses on your messages).
What have you gained? What does the attack look like?
They either already store or would be able to log everything about who is sending messages to whom, and when.
That's the vast majority of what intelligence agencies actually care about. They rarely care about message contents anymore.
Nope. https://signal.org/blog/sealed-sender/
1 reply →
we know specifically that signal does not do this.
1 reply →
Are you misunderstanding what data hoarding means on purpose or do you really think it’s equivalent to the business model of say Google or Meta?