Comment by jvanderbot
1 day ago
If you follow the X chatter on this, some folks got into the groups and tracked all the numbers, their contributions, and when they went "on shift" or "off".
I don't really think Signal tech has anything to do with this.
Yeah. It's notable they didn't crack the crypto. In the 90s when I was a young cypherpunk, I had this idea that when strong crypto was ubiquitous, certainly people would be smart enough to understand its role was only to force bad guys to attack the "higher levels" like attacking human expectations of privacy on a public channel. It was probably unrealistic to assume everyone would automatically understand subtle details of technology.
As a reminder... if you don't know all the people in your encrypted group chat, you could be talking to the man.
That’s really interesting extra context, thanks!
[flagged]
My Session and Briar chats don't give out the phone numbers of other users.
Yes, but they have their own weaknesses. For instance, Briar exposes your Bluetooth MAC, and there's a bunch of nasty Bluetooth vulns waiting to be exploited. You can't ever perfectly solve for both security and usability, you can only make tradeoffs.
Briar has multiple modes of operation. The Bluetooth mode is not the default mode of operation and is there for circumstances where Internet has been shut down entirely.
For users who configure Briar to connect exclusively over Tor using the normal startup (e.g., for internet-based syncing) and disable Bluetooth, there is no Bluetooth involvement at all, so your Bluetooth MAC address is not exposed.
Neither does Signal.
Both Session and Briar are decentralized technologies where you would never be able to approach a company to get any information. They operate over DHT-like networks and with Tor.
Signal does give out phone numbers when the law man comes, because they have to, and because they designed their system around this identifier.
1 reply →