Comment by Goleniewski
1 day ago
Think about it.. You don't even have to be an Apple user to be affected by this issue. If someone backs up their conversations with you to apple cloud, your exchange is now fair game. You get no say in it either.
We all lose.
That's why it's important to use apps like Signal where you can set the retention of your messages. I've got everybody I know using it now!
Setting a retention time out is playing with fire. If the police get ahold of the other party's device, and present an exhibit which they say contains the true conversation, you could be worse off than if you retained the conversation. The fact that you have since deleted it could be incriminating.
In some jurisdiction, yes, legally, such evidence might not be probative, but you might still convicted because of it.
message retention has literally NEVER been used as incrimination in a court of law. So you are wrong.
5 replies →
Ephemeral messaging is not a crime.
The retention time can be set by individual conversation not just the whole app.
Given historical backups are the norm here, retention only does so much.
Really, apps should encrypt their own storage with keys that aren't stored in the backups. That's how you get security/privacy back.
> That's how you get security/privacy back.
Nothing an app does on a device guarantees you security or privacy if you don't trust or fully control the device.
1 reply →
Many people want control over whether they back up conversations with others, and think it would be crazy for sender to control the retention policy instead of receiver.
I think sender should just be able to send a recommended preference hint on retention and you could have an option to respect it or not.
In a world where they cancel encryption they can't access... doesn't Signal and its CIA funded origins concern you?
Nope. I actually think that would bring more scrutiny and so I feel safer knowing it's not be cracked.
4 replies →
I use a patched Signal client that disables retention deletion and remote delete messages.
and that's awfully rude of you, but if you were concerned about message retention you wouldn't do that. so what's your point?
Very similar to sites like LinkedIn, which ask you to share your personal info & contact list.
I don't want to share my contact details, but the second someone I know decides to opt in, I lose all rights to my own data as they've shared it on my behalf.
Maybe they have other info, such as birthday, home address, other emails or phone #s, etc. stored for me, which is all fair game, as well.
If you are in EU, request your data be redacted.
Security hinges on trust. The only real privacy tool is PGP which uses a web of trust model. But it only works if people own their own computers and storage devices. What they've done is got everyone to rent their computers and storage instead. There's no security model that works for the users here.
Scary - I try to use signal as much as possible now for this reason.
Signal can't evade this law either.
Why not? Signal was willing to run all kinds crazy setups to evade foreign laws, like domain fronting.
https://signal.org/blog/doodles-stickers-censorship/
2 replies →