Post ABcmdXrFnLPggSNKOO by wiecek@point.community
(DIR) More posts by wiecek@point.community
(DIR) Post #ABb5SxUbefZZoeWmW0 by icedquinn@blob.cat
2021-09-21T20:21:25.705908Z
1 likes, 0 repeats
I wonder why.
(DIR) Post #ABb5aU0HB9nKfoveZk by RobinWils@gleasonator.com
2021-09-21T20:22:48.603477Z
0 likes, 0 repeats
@icedquinn Because your device isn't private, a literal FBI agent is hidden inside the battery of your phone.
(DIR) Post #ABb5tCmbQdhelcScwy by vae@programming.socks.town
2021-09-21T20:25:45.885308Z
1 likes, 1 repeats
@icedquinn >Signal Private Messenger>"Say "hello" to privacy">requires a phone number:flittersuspicious:
(DIR) Post #ABbBB9yh5zt73DUtE0 by abloo@fedi.absturztau.be
2021-09-21T21:25:28.068176Z
2 likes, 0 repeats
@vae @icedquinn > discriminates against people who don't have ios or android
(DIR) Post #ABbBGP28XykdC0bjDE by icedquinn@blob.cat
2021-09-21T21:26:23.784780Z
0 likes, 0 repeats
@abloo @vae there are pc versions but yeah i only use it to talk to ~1 person
(DIR) Post #ABbBK7QtvZDplPxkkC by abloo@fedi.absturztau.be
2021-09-21T21:27:04.727235Z
1 likes, 0 repeats
@icedquinn @vae IIRC you need to install it on a phone first in order to even create an account
(DIR) Post #ABbBTd5haopgYWa9c8 by icedquinn@blob.cat
2021-09-21T21:28:47.497511Z
0 likes, 0 repeats
@abloo @vae there is always psyc :blobcatadorable: ** but not really :blobcatpleading:
(DIR) Post #ABbBj8pfrRcDLOTwBs by a_breakin_glass@chaos.social
2021-09-21T21:30:55Z
0 likes, 0 repeats
@icedquinn @abloo @vae thankfully,,,
(DIR) Post #ABbBj9Jo3Piaqqa09o by icedquinn@blob.cat
2021-09-21T21:31:35.119955Z
0 likes, 0 repeats
@a_breakin_glass @abloo @vae why? psyc is decent :blobcatshrug2: it's like xmpp if it wasn't made by xml fetishists.
(DIR) Post #ABbrBxrDqDCFpA4J7Y by tommi@mastodon.uno
2021-09-21T21:53:58Z
0 likes, 0 repeats
@vae @icedquinn come on, it is the only thing they have. I am totally ok to giving it up.
(DIR) Post #ABbrByIWCj1zBoq6fQ by vae@programming.socks.town
2021-09-22T05:16:08.326378Z
0 likes, 0 repeats
@tommi @icedquinn I don't know about your country, but in some countries you can't use a phone number without it being directly tied to your government ID (in Kazakhstan for example you need to have both your IMEI and your SIM registered to the same ID, if they don't match your SIM won't work), in Russia mobile operators have full right to cut the service for you if they suspect you use someone else's SIM (though I don't know if that does happen much). and many people have one or at most two phone numbers and getting more is problematic, so most online accounts that require a phone are bound to those numbers, trying them closely together. see: https://hongkongfp.com/2019/07/07/hong-kong-protesters-embrace-telegram-will-messaging-app-fix-one-biggest-security-flaws/in telegram, your account:1. can be found by your phone number when imported from contact book2. can be compared with accounts in public/private protest groupsso, all the police has to do is to make a telegram account, join protest groups, add hundreds of local residents phone numbers to the list, import contacts, get a bunch of user profiles and check "common groups" and then just search by sender in such groups. with the number they already have all the info needed to identify a person.having a phone number requirement makes such things possible and this is fucked up. services that don't allow you to register using no extra identifying data (or at least using a fake email) can go burn in hell
(DIR) Post #ABcNoxNAm35u9EeLmC by tommi@mastodon.uno
2021-09-22T11:18:22Z
0 likes, 0 repeats
@icedquinn @vae As I understand, then, the problem is the link to Telegram, not Signal itself!I believe the problem is using Telegram to join protesting groups, not Signal asking for the phone number.
(DIR) Post #ABcNoy6Y3LOGPxsaVE by icedquinn@blob.cat
2021-09-22T11:21:48.842704Z
0 likes, 0 repeats
@tommi @vae as i sometimes shitpost, the inability to spoop is strongly superior to promising not to spoop.if it was not for mobile platforms making push notifications a major pain in the ass for fedi systems, it would be strictly better to run XMPP* or Matrix for your uh, neughty disobediences :blobcateyes: * i'm partial to psyc but its not usable rn
(DIR) Post #ABcO1ppo709mX8BUCO by vae@programming.socks.town
2021-09-22T11:24:05.961369Z
0 likes, 0 repeats
@tommi @icedquinn the problem is that a phone number is essentially a government ID and you give that number to register on a "privacy focused" messenger. does this not sound strange to you? so signals servers know 1. your phone number2. who you're talking to3. when you're talking to them4. other metadata you may think ofwhile they may not know the contents of the message themselves, that metadata is already enough to know who's connected and talking to who and people who have that data can abuse it.and while you may say "signal doesn't store any of that" - how do you know? they say they don't, but you can't know because they can log any request on their side and you will NEVER know about it until it either gets leaked or used publicly by the government or a corporation.
(DIR) Post #ABcOseVqw98uld2IHQ by vae@programming.socks.town
2021-09-22T11:33:39.124638Z
0 likes, 0 repeats
@tommi @icedquinn is the data being sent to signal servers? yes, obviously - to allow communication. what data is it? your phone number, your contacts phone numbers, encrypted messages (with time&date AT LEAST and maybe flags like has attachments? how many? what size? has stickers? which ones? etc and in worst case even more)does signal store it? maybe no, because they promise that they don't. is that promise worth anything? up to you, but I wouldn't take a corporate word for that. you can as well trust WhatsApp not to spy on you because they say the messages are encrypted.this is why calling signal private is a misnomer and harms the perception of privacy. it's not private, it's just SUBJECTIVELY more trustworthy than telegram, whatsapp, facebook messenger etc and it has an open client app but you still don't know what is happening on the server. so it isn't any more private than telegram's secret chats for example. by perceiving signal as a private messenger you just construct a false sense of privacy for yourself and people you manage to convince to trust signal with their data - it's not privacy, it's just an illusion of privacy and a lot of smoke and mirrors.
(DIR) Post #ABcPtnQDOlrEdrVZWy by vae@programming.socks.town
2021-09-22T11:45:05.340965Z
0 likes, 0 repeats
@tommi @icedquinn I know it's two wall of texts already, but - even if you trust signal to not store your data as they promise - and even if they are honest and don't intentionally store that - how do you know that this won't change in the future?remember that they are a US company:they could silently start to log data on a request from NSA or whatever and you will never know because they're legally not allowed to tell you. their servers could have been backdoored by said three-letter agency and you would never know. their servers could have been backdoored by some random hackers and you would never know.and they have your phone number and phone numbers of your friends, and unless you use a burner SIM just for signal (which I assume not a huge % of signal users do) - they have your (and people you've been talking to) full identity. so in order to actually have privacy in that "say hello to privacy" messenger - you have to prepare by having a burner SIM phone and have all your contacts do the same, and also have all your contacts NOT name your phone number in their contact book as something identifying, and also NOT name your friends something identifying because that data from the contacts could be leaked by other apps, and also you have to not use that SIM to register anywhere else where you could be identified and also you have to anonymously maintain that SIM so the number won't be returned to circulation. and you also either have to use an online service to get that number - or a separate burner phone that you will only use for activation and throw away after you do that.so why bother with all of that when you could host a XMPP or Matrix server and not have to trust a US-based company on maintaining your privacy when you use a phone-number-linked account?
(DIR) Post #ABcmbv7OLJJGFG9I1Y by wiecek@point.community
2021-09-22T15:40:02Z
1 likes, 0 repeats
> 2. who you're talking toWrong. Signal server's owners can't know "you" in "who you're talking to" due to "Sealed Sender" feature. It does not hide sender's identity per se, though (you need to connect via Tor at least), and seems to be vulnerable to statistical disclosure attacks but is still effective for securing short, e-mail-like sessions.> 4. other metadata you may think ofWrong. You may look through the client's source code and see for yourself that the only metadata sent is the destination user and the message timestamp (or I'm blatantly lying and you may see the opposite).
(DIR) Post #ABcmdXrFnLPggSNKOO by wiecek@point.community
2021-09-22T15:46:05Z
1 likes, 0 repeats
Fix: I'm already lying, the client also sends the user's credentials and the last login timestamp.