Comment by nrabulinski
2 years ago
Because they don’t know anything except the phone number so all they have is a list of phone numbers which maybe people use. Quite different from Facebook reading everything you send, for example
2 years ago
Because they don’t know anything except the phone number so all they have is a list of phone numbers which maybe people use. Quite different from Facebook reading everything you send, for example
A list of phone numbers and little money is easily exchanged to names and addresses on black market in many countries.
And how to these black markets connect the phone numbers to names? I guess from data collected from more insecure sources. So I think Signal is being responsible with their data.
Also, you need some way to log in to your account. So you need an identifier and some way to validate that you are the owner of that identity. And next to that you want to prevent spam. So I think the choice to use a phone number as an identifier for a text-messaging app that is meant to be a secure replacement of SMS is not that weird.
But let's say they are data hoarding our phone numbers, and they can get other details about us through the black market because we use other more insecure services where we suddenly don't seem to care about privacy. Then what do you think Signal does with this data? They can't resell it because they don't have anything unique, they actually need to invest money to link their database of just phone numbers to something else. And then? What malicious things will they be able to do?
Ok, now you have a list of people's names and you know they have signal installed. Google and Apple also have this (presuming you installed it via a mobile app store). Your carrier has this (from the IP addresses on your messages).
What have you gained? What does the attack look like?
They either already store or would be able to log everything about who is sending messages to whom, and when.
That's the vast majority of what intelligence agencies actually care about. They rarely care about message contents anymore.
Nope. https://signal.org/blog/sealed-sender/
> On the opposite end of the spectrum, users who want to live on the edge can enable an optional setting that allows them to receive incoming “sealed sender” messages from non-contacts and people with whom they haven’t shared their profile or delivery token. This comes at the increased risk of abuse, but allows for every incoming message to be sent with “sealed sender,” without requiring any normal message traffic to first discover a profile key.
By default, the first message between someone and you clearly identifies who is communicating with whom. That's enough.
we know specifically that signal does not do this.
We assume they don't log this data.
We don't know whether an intelligence agency is listening in on their servers and logging this data.
Assuming an eavesdropper that can defeat TLS or is listening via DMA attacks on the signal servers,
- you can log initial signup or login, which allows you to connect user id and phone number
- you can log the first time a chat is created, which allows you to build a social graph of which person is connected to which other people
- even with sealed sender, you still know the identity of the receiver and the IP address of the sender, which is often enough to figure out who is in contact with whom
This would be enough dragnet surveillance to automatically figure out the contacts of people you've already identified as threats. You'd also have enough evidence to get a sealed court order to do targeted surveillance on these people.