the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure
the program takes advantage of numerous “loopholes” in federal privacy law
the DAS program has been used to produce location information on criminal suspects and their known associates, a practice deemed unconstitutional without a warrant
(This website is a bit annoying.)
Yeah but can you trust the people you talk with not to install shitty stupid apps, or click on stupid links that compromise their device that then lead to accesa to your measages and phone number?
That’s a great question to ask! The biggest weakness of any “mathematically private” communication channel is not mathematical, but simply humans (users): Alice, Bob, and also the channel itself implemented by a human coder Chris.
While we don’t need to be paranoid but as a matter of fact, even assuming Alice does everything right, Bob may be sloppy, saving decrypted plain text in a random place (even uploading his own secret key to “cloud” or something, assuming it’s good idea to have a back-up of important files). Also the channel might have a hidden backdoor, perhaps side-channel, unknown to Chris.
It seems important to be aware of these possible human factors.
Also there is this big problem of metadata (this AT&T thing seems to be also largely about metadata).
[Additionally, though less importantly, most cryptography is based on unproven mathematical conjectures, like y=f(x) is easy to compute but it’s hard to get x from y. Which may be relevant when the one-wayness is based on the difficulty of factorization as in RSA.]
You can’t, but the threat exists regardless of what service you use.
Regarding my phone number being leaked, I’m okay with that risk. It’s relatively easy to ignore/block unknown contacts and I’m not in any threat should someone discover it. For anyone who absolutely needs anonymity, they may want to wait until user names are rolled out and use another service for now.
For anyone who absolutely needs anonymity, simplex may already be better.
What’s important when you’d like to have absolute privacy or anonymity is, to realize that you can’t. “Use this, and no one can read your message.” is a typical mistake. “This service is world most secure” etc. is just a lie. Anyone who claims that privacy can be simple/easy is either a liar or doesn’t know what they’re talking about.
A rare example of honest/true statements, on the other hand, can be seen on the Cock.li website: http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/
In this specific case about the US, though, what’s most important is obviously to somehow stop this unconstitutional surveillance by the government (only making AT&T happy and rich). Please, don’t waste a lot of money to invade normal people’s privacy when you already have trillions of debts 😢
While I agree with your statement in general, I think its still early and dangerous to be recommending simplex as a viable alternative. It hasn’t stood the test of time nor been independently audited. I’m keeping my eye on it as it seems like a viable alternative, but I’d hesitate to recommend it to anyone who may be at risk.
Hence the “may already…” depending on use case obviously. You can’t really recommend anything to someone who may be at risk, certainly not Signal. Not that I have anything against Signal (I use it daily and have been for years) but anonymous it isn’t, not in big part of the world anyway.