• ☆ Yσɠƚԋσʂ ☆@lemmy.ml
    link
    fedilink
    arrow-up
    21
    arrow-down
    9
    ·
    edit-2
    4 months ago

    It’s fascinating that these kinds of trolls come out of the woodwork any time obvious problems with Signal are brought up.

    Phone numbers very obvious are metadata. If you think that cross referencing data is nonsense then you have absolutely no clue what you’re talking about. It’s not about Google or Meta having your phone number, it’s about having a graph of people doing encrypted communication with each other over Signal. The graph of contacts is what’s valuable.

    Don’t listen to this random ramble of an online stranger whose intentions are just to confuse you and make you doubt.

    What you absolutely shouldn’t listen to are trolls who tell you to just trust that Signal is not abusing the data it’s collecting about you. The first rule of security is that it can’t be faith based.

    • The Hobbyist
      link
      fedilink
      arrow-up
      4
      arrow-down
      8
      ·
      4 months ago

      What are you talking about? you get a phone number from signal, and what will you be able to derive from it? there is no graph. signal does not hold any “relationships” information.

      • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
        link
        fedilink
        arrow-up
        11
        arrow-down
        5
        ·
        4 months ago

        The phone number is a unique identifier for your account. When you send a message to another user on Signal, that message goes to the server, and then gets routed to the other party. The server therefore has to know which parties talk to each other. Let me know if you have trouble understanding this and need it explained in simpler terms.

        • The Hobbyist
          link
          fedilink
          arrow-up
          8
          arrow-down
          6
          ·
          4 months ago

          Youre right, thats how it works in almost all messaging apps. But signal implemented sealed sender specifically to counter this.

          You can read more about it here: https://signal.org/blog/sealed-sender/

          I encourage you to read the first paragraph, which is important in the context of our conversation.

          • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
            link
            fedilink
            arrow-up
            10
            arrow-down
            4
            ·
            4 months ago

            I’m talking about the information the server has. The encrypted envelope has nothing to do with that. Your register with the server using your phone number, that’s a unique identifier for your account. When you send messages to other people via the server it knows what accounts you’re talking to and what their phone numbers are. The first paragraph amounts to nothing more than trust me bro because the only people who know what the Signal server actually does are the people operating it.

            • Possibly linux
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              3
              ·
              4 months ago

              You are routing your traffic over the public internet. Nothing is secure at all. That’s why we implement strong cryptography

            • ramenu@lemmy.ml
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              6
              ·
              4 months ago

              Seriously, what are you talking about? The vast majority of people don’t want anonymity. Obviously Signal isn’t cut out for that! The fact is, most people don’t care about anonymity.

              And what metadata can you harvest exactly from a UNIX timestamp and phone number? Signal can tell who is communicating to who, but they cannot read your messages.

              • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
                link
                fedilink
                arrow-up
                12
                arrow-down
                1
                ·
                4 months ago

                Most people, even in this very thread, clearly don’t understand the implications of phone number harvesting. Also do give citations for your bombastic claim that most people don’t want anonymity.

                And what metadata can you harvest exactly from a UNIX timestamp and phone number? Signal can tell who is communicating to who, but they cannot read your messages.

                The graph of who communicates with whom is precisely the problem. The government can easily correlate that data with all the other data they have on people, and then if somebody is identified as a person of interest it becomes easy to find other people who associate with them. So, here you just proved my point by showing that you yourself don’t understand the implications of metadata harvesting.

                • rcbrk@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  ·
                  4 months ago

                  Most people1, even in this very thread, clearly don’t […]

                  1. Signal shill-bot personas.
                • ramenu@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  3
                  ·
                  4 months ago

                  Also do give citations for your bombastic claim that most people don’t want anonymity.

                  This is entirely dependent on the situation. Privacy is not a black or white thing where you’re completely private or not private at all. Everyone lives some part of their life publicly. I don’t have data on this unfortunately, but typically where I live, people share phone numbers to people they personally know.

                  The graph of who communicates with whom is precisely the problem. The government can easily correlate that data with all the other data they have on people, and then if somebody is identified as a person of interest it becomes easy to find other people who associate with them. So, here you just proved my point by showing that you yourself don’t understand the implications of metadata harvesting.

                  This is not within the vast majority of most peoples threat model.

                  • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
                    link
                    fedilink
                    arrow-up
                    11
                    arrow-down
                    1
                    ·
                    4 months ago

                    I never suggested privacy was black and white. What I actually said was that a lot of people aren’t making an informed choice. And whenever these threads come up, people pile on to dismiss legitimate problems with the way Signal works which makes it harder for people to make informed choices by spreading noise and misinformation. This very thread is full of wrong claims and dismissals.

                    Majority of people don’t even need Signal because they’re not talking about anything anybody cares about. At that point you can use whatever messenger that’s convenient and your circle of friends uses. However, people shove Signal down other people’s throat claiming that it’s a privacy focused app which it demonstrably is not.

                  • otp@sh.itjust.works
                    link
                    fedilink
                    arrow-up
                    5
                    ·
                    4 months ago

                    people share phone numbers to people they personally know.

                    This is about Signal having the phone numbers. I don’t think anybody “personally knows” Signal…

          • Dessalines@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            4 months ago

            Anyone who has worked with centralized databases can tell you how useless that is. With message recipients and timestamps, its trivial to find the real sender.