Some are quick to promote apps as being safe for your use just because they are encrypted. I will talk about how many of the popular apps that are commonly t...
He is saying that encryption makes you a target:
Well, WhatsApp is encrypted. So with approximately 2 billion people that all are getting targeted, being targeted isn’t bad anymore, because there are so many targets.
Signal can track metadata: Where is the proof, where is the reference, where is anything of that?
Moxie Marlinspike showed all his metadate in a talk of his. The only metadata there is to read is “lastSeen” and “accountCreated” which says basically nothing. No groups, no contacts, no everything.
Bold assertion to say otherwise without any kind of proof.
To push back on this as well, encryption only makes you a target where encryption is abnormal/illegal. For example, making an encrypted phone call in UAE via FaceTime would get flagged immediately since it’s illegal. Use of encryption in most countries is incredibly common since it’s used for banking, general websites, etc. It’s not just about messaging. Even if it was, your point stands.
Signal can track metadata
This YouTuber is actually notorious for not posting sources to his claims. Which is just goofy since he considers himself to be a source of non-mainstream information on privacy.
This YouTuber is actually notorious for not posting sources to his claims. Which is just goofy since he considers himself to be a source of non-mainstream information on privacy.
From my (very limited) point of view, he is just talking a lot of bullshit.
Its even counterproductive, because he is putting quite good (even tho maybe not perfect) applications on the same level as Facebook’s application, which are so different that I can’t discribe it.
Yeah definitely. He’s the type of dude to bring up a privacy concern without being realistic. It’s why I prefer Techlore. They at least talk about pros and cons in a realistic manner and understand that a lot of what we want to do with our devices will not be 100% private. It’s more so about finding they least privacy-violating service.
He annoys me so much. It’s awesome that he points out privacy issues and raises awareness. But he always points out things which are possible in theory as facts which are already happening at large. Like after some researchers showed that it might be possible to keep track of location data by using the gyroscope feature, he started to say that all non foss apps are doing that.
The video was mainly about how a lot of these platforms tie your real identity to your user, then use contact lists to leak what users you’re connected to.
He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.
The key link was phone number identifiers, which are easily traced to your real identity, and which is the backbone of signal’s id system.
Signal is also hosted in the US, which makes it subject to NSL laws: its illegal for signal to tell you if they’ve been compromised. Sure, the US gov might not have message content, but they likely have real people’s identities in a connection graph, with dates and times of contact.
He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.
The only thing the fed is doing here is checking if number x has signal installed. How is ‘having signal installed’ connected to ‘being a hacker/criminal’?
Hackers are more likely to use encrypted messengers, and signal will gladly tell the world, even people you don’t know that you use it via contact lists. Anyone in law enforcement is going to consider someone who uses encrypted messengers a more likely suspect than someone who doesn’t.
Meta-data analysis is all about collecting many different data-points that together form a clear picture but individually don’t mean much.
Having Signal installed, or rather having your phone-number registered with the Signal service, which in turn leaks this fact to anyone asking via their app, is a vital data-point in such a meta-data analysis.
Signal can track metadata: Where is the proof, where is the reference, where is anything of that? Moxie Marlinspike showed all his metadate in a talk of his. The only metadata there is to read is “lastSeen” and “accountCreated” which says basically nothing. No groups, no contacts, no everything. Bold assertion to say otherwise without any kind of proof.
You made me watch the video again and he does not make such a claim anywhere as far as I can tell.
But for what it is worth… there is a difference between storing metadata (which Signal probably doesn’t do, at least not on regular basis and only on a very limited scale) and being able to access metadata in real-time. The latter Signal can easily do and it can also easily be forced to do so with a gag-order by US authorities.
I don’t know…
He is saying that encryption makes you a target: Well, WhatsApp is encrypted. So with approximately 2 billion people that all are getting targeted, being targeted isn’t bad anymore, because there are so many targets.
Signal can track metadata: Where is the proof, where is the reference, where is anything of that? Moxie Marlinspike showed all his metadate in a talk of his. The only metadata there is to read is “lastSeen” and “accountCreated” which says basically nothing. No groups, no contacts, no everything. Bold assertion to say otherwise without any kind of proof.
To push back on this as well, encryption only makes you a target where encryption is abnormal/illegal. For example, making an encrypted phone call in UAE via FaceTime would get flagged immediately since it’s illegal. Use of encryption in most countries is incredibly common since it’s used for banking, general websites, etc. It’s not just about messaging. Even if it was, your point stands.
This YouTuber is actually notorious for not posting sources to his claims. Which is just goofy since he considers himself to be a source of non-mainstream information on privacy.
From my (very limited) point of view, he is just talking a lot of bullshit.
Its even counterproductive, because he is putting quite good (even tho maybe not perfect) applications on the same level as Facebook’s application, which are so different that I can’t discribe it.
Yeah definitely. He’s the type of dude to bring up a privacy concern without being realistic. It’s why I prefer Techlore. They at least talk about pros and cons in a realistic manner and understand that a lot of what we want to do with our devices will not be 100% private. It’s more so about finding they least privacy-violating service.
He annoys me so much. It’s awesome that he points out privacy issues and raises awareness. But he always points out things which are possible in theory as facts which are already happening at large. Like after some researchers showed that it might be possible to keep track of location data by using the gyroscope feature, he started to say that all non foss apps are doing that.
Yeah, without a doubt. That classifies him really well.
The video was mainly about how a lot of these platforms tie your real identity to your user, then use contact lists to leak what users you’re connected to.
He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.
The key link was phone number identifiers, which are easily traced to your real identity, and which is the backbone of signal’s id system.
Signal is also hosted in the US, which makes it subject to NSL laws: its illegal for signal to tell you if they’ve been compromised. Sure, the US gov might not have message content, but they likely have real people’s identities in a connection graph, with dates and times of contact.
The only thing the fed is doing here is checking if number x has signal installed. How is ‘having signal installed’ connected to ‘being a hacker/criminal’?
Hackers are more likely to use encrypted messengers, and signal will gladly tell the world, even people you don’t know that you use it via contact lists. Anyone in law enforcement is going to consider someone who uses encrypted messengers a more likely suspect than someone who doesn’t.
Meta-data analysis is all about collecting many different data-points that together form a clear picture but individually don’t mean much.
Having Signal installed, or rather having your phone-number registered with the Signal service, which in turn leaks this fact to anyone asking via their app, is a vital data-point in such a meta-data analysis.
You made me watch the video again and he does not make such a claim anywhere as far as I can tell.
But for what it is worth… there is a difference between storing metadata (which Signal probably doesn’t do, at least not on regular basis and only on a very limited scale) and being able to access metadata in real-time. The latter Signal can easily do and it can also easily be forced to do so with a gag-order by US authorities.
well, that was maybe true back in the days, or if using the tor network or smth, but like you said, nowadays billions of ppl use encrypted messengers