Comment by ddtaylor

In past instances where Signal has complied with warrants, such as the 2021 and 2024 Santa Clara County cases, the records they provided included phone numbers to identify the specific accounts for which data was available. This was necessary to specify which requested accounts (identified by phone numbers in the warrants) had associated metadata, such as account creation timestamps and last connection dates.

Which of those links actually say that your phone number is private from Signal? If anything, this passage makes it sound like it's the reverse, because they specifically call out usernames not being stored in plaintext, but not phone numbers.

>We have also worked to ensure that keeping your phone number private from the people you speak with doesn’t necessitate giving more personal information to Signal. Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts.

> it'd be extremely non trivial

Extremely non trivial. What I'm hearing is "security by obfuscation".

If you follow the X chatter on this, some folks got into the groups and tracked all the numbers, their contributions, and when they went "on shift" or "off".

I don't really think Signal tech has anything to do with this.

[flagged]

Your point is correct but irrelevant to this conversation.

The question here is NOT "if Signal didn't leak your phone number could you still get screwed?" Of course you could, no one is disputing that.

The question is "if you did everything else perfect, but use Signal could the phone number be used to screw you?" The answer is ALSO of course, but the reason why we're talking about it is that this point was made to the creator of Signal many many times over the years, and he dismissed it and his fanboys ridiculed it.

Is there any reason they didn't use email? It seems like something that would have been easier to keep some anonymity., while still allowing the person to authenticate.

I have no idea if that was true 20 years ago, but it's not true now. XMPP doesn't have this problem; your host instance knows your IP but you can connect via Tor.

Briar and Session are the better encrypted messengers.

I remember listening to his talks and had some respect for him. He could defeat any argument about any perceived security regarding any facet of tech. Not so much any more. He knows as well as I do anything on a phone can never be secure. I get why he did it. That little boat needed an upgrade and I would do it too. Of course this topic evokes some serious psychological responses in most people. Wait for it.

I think the deal is you marry the strong crypto with a human mediated security process which provides high confidence the message sender maps to the human you think they are. And even if they are, they could be a narc. Nothing in strong crypto prevents narcs in whom ill-advised trust has been granted from copying messages they're getting over the encrypted channel and forwarding them to the man.

And even then, a trusted participant could not understand they're not supposed to give their private keys out or could be rubber-hosed into revealing their key pin. All sorts of ways to subvert "secure" messaging besides breaking the crypto.

I guess what I'm saying is "Strong cryptography is required, but not sufficient to ensure secure messaging."

Yes. Cheap–identity systems such as Session and SimpleX are trivially vulnerable to this, and your only defence is to not give out your address as they are unguessable. If you have someone's address, you can spam them, and they can't stop it except by deleting the app or resetting to a new address and losing all their contacts.

SimpleX does better than Session because the address used to add new contacts is different from the address used with any existing contact and is independently revocable. But if that address is out there, you can receive a full queue of spam contacts before you next open the SimpleX app.

Both Session and SimpleX are trivially vulnerable to storage DoS as well.

There are a lot of solutions to denial of service attacks than to collect personal information. Plus, you know, you can always delete an account later? If what Signal says is true, then this amounts to a few records in their database which isn't cause for concern IMO

> which prevents the government from bringing a case

Genuinely, from outside, it seems like your government doesn't give a damn on what they are and aren't allowed to do.

They'll just threaten to throw the book at you if you don't unlock your phone, and if you aren't rich, your lawyer will tell you to take the plea deal they offer because it beats sitting in prison until you die.

All they have to do is pretend to be a concerned neighbor who wants to help give mutual aid and hope that someone in the group chat takes the bait and adds them in. No further convincing is needed.

If you aren't saving people's phone numbers in your own contacts, signal isn't storing them in group chats (and even if you are, it doesn't say which number, just that you have a contact with them).

Signal doesn't share numbers by default and hasn't for a few years now. And you can toggle a setting to remove your number from contact discovery/lookup entirely if you are so inclined.

> it is beyond the ability of even most parts of the US government to look inside.

I'm sure the Israeli spyware companies can help with that.

Although then they'd have to start burning their zero days to just go after protestors, which I doubt they're willing to do. I imagine they like to save those for bigger targets.

There are multiple companies that can get different amounts of information off of locked phones including iPhones, and they work with LE.

I’m also curious what they could get off of cloud backups. Thinking in terms of auth, keys, etc. For SMS it’s almost as good as phone access, but I am not sure for apps.

or convince one member of a group chat to show their group chat...

I'm confident the people executing non-complaint people in the street would be capable of compelling a citizen.

Or just let the guy to enter the country after unlocking her phone.

https://xkcd.com/538/

Which is just a redux of what I find myself saying constantly: privacy usually isn't even the problem. The problem is the people kicking in your door.

If you're willing to kick in doors to suppress legal rights, then having accurate information isn't necessary at all.

If your resistance plan is to chat about stuff privately, then by definition you're also not doing much resisting to you know, the door kicking.

Is the message on storage zero'd out or just deleted?

It's worth noting that the way Signal's architecture is set up, Signal the organisation doesn't have access to users' phone numbers.

They technically have logs from when verification happens (as that goes through an SMS verification service) but that just documents that you have an account/when you registered. And it's unclear whether those records are available anymore since no warrants have been issued since they moved to the new username system.

And the actual profile and contact discovery infra is all designed to be actively hostile to snooping on identifiable information even with hardware access (requiring compromise of secure enclaves + multiple levels of obfuscation and cryptographic anti-extraction techniques on top).

Note that Threema has had a recent change in ownership to a German investment firm. Supposedly nothing will change but I can’t help but be wary

The literal point of civil disobedience is accepting that you may end up in jail:

"Any man who breaks a law that conscience tells him is unjust and willingly accepts the penalty by staying in jail to arouse the conscience of the community on the injustice of the law is at that moment expressing the very highest respect for the law."

-- Letter from the Birmingham Jail, MLK Jr: https://people.uncw.edu/schmidt/201Stuff/F14/B%20SophistSocr...

> protestors behaving legally or practicing civil disobedience can still have their lives ruined by people in power.

They surely can. But the point was more than the people in power don't really need Signal metadata to do that. On the lists of security concerns modern protestors need to be worrying about, Signal really just isn't very high.

This is the price we pay to defend our rights. I would also expect any reasonable grand jury to reject such charges given how flagrantly the government has attempted to bias the public against protesters.

Palantir steps in indeed

If they could arrest people for what they've been doing, they would have already arrested people. And they have arrested a few here and there for "assault" (things like daring to react when being shoved by an annoyed officer), but the thing that's really pissing DHS off is that the protesters and observers are not breaking the law.

Conspiracy requires an agreement to commit an illegal act, and entering into that agreement must be intentional.

> make it seem like the participants have access to some sort of ALPR data to track vehicles

The whole reason cops love ALPR data is anyone's allowed to collect it, so they don't need a warrant.

I was replying specifically to this:

> This seems like a good example of that being enough metadata to be a big problem

I was not saying it's not a problem that the feds are doing this, because that's not what I was replying to.

That seems like a weak argument.

I mean, carrying a weapon is a 2nd amendment right, but if I bring it to a protest and then start intimidating people with it, the police going after me is not "Government intimidation of the practice of constitutional rights".

Protesting is a constitution right, but if you break the law while protesting, you're fair game for prosecution.

> Signal can have a stigma "I don't do anything illegal, so why should I bother ..."

Aside: I see similar attitudes when I mention I use VPN all of the time