Some are quick to promote apps as being safe for your use just because they are encrypted. I will talk about how many of the popular apps that are commonly t...
The video was mainly about how a lot of these platforms tie your real identity to your user, then use contact lists to leak what users you’re connected to.
He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.
The key link was phone number identifiers, which are easily traced to your real identity, and which is the backbone of signal’s id system.
Signal is also hosted in the US, which makes it subject to NSL laws: its illegal for signal to tell you if they’ve been compromised. Sure, the US gov might not have message content, but they likely have real people’s identities in a connection graph, with dates and times of contact.
He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.
The only thing the fed is doing here is checking if number x has signal installed. How is ‘having signal installed’ connected to ‘being a hacker/criminal’?
Hackers are more likely to use encrypted messengers, and signal will gladly tell the world, even people you don’t know that you use it via contact lists. Anyone in law enforcement is going to consider someone who uses encrypted messengers a more likely suspect than someone who doesn’t.
Meta-data analysis is all about collecting many different data-points that together form a clear picture but individually don’t mean much.
Having Signal installed, or rather having your phone-number registered with the Signal service, which in turn leaks this fact to anyone asking via their app, is a vital data-point in such a meta-data analysis.
The video was mainly about how a lot of these platforms tie your real identity to your user, then use contact lists to leak what users you’re connected to.
He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.
The key link was phone number identifiers, which are easily traced to your real identity, and which is the backbone of signal’s id system.
Signal is also hosted in the US, which makes it subject to NSL laws: its illegal for signal to tell you if they’ve been compromised. Sure, the US gov might not have message content, but they likely have real people’s identities in a connection graph, with dates and times of contact.
The only thing the fed is doing here is checking if number x has signal installed. How is ‘having signal installed’ connected to ‘being a hacker/criminal’?
Hackers are more likely to use encrypted messengers, and signal will gladly tell the world, even people you don’t know that you use it via contact lists. Anyone in law enforcement is going to consider someone who uses encrypted messengers a more likely suspect than someone who doesn’t.
Meta-data analysis is all about collecting many different data-points that together form a clear picture but individually don’t mean much.
Having Signal installed, or rather having your phone-number registered with the Signal service, which in turn leaks this fact to anyone asking via their app, is a vital data-point in such a meta-data analysis.