Signal president Meredith Whittaker is prepared to withdraw the privacy-focused messaging app from Australia — saying she hopes it doesn’t become a “gangrenous foot” by poisoning its entire platform by forcing it to hand over its users’ encrypted data to authorities.
Ms Whittaker says Signal would take the “drastic step” of leaving any market where a government compelled it to create a “backdoor” to access its data, saying it would create a vulnerability that hackers and authoritative regimes could exploit, undermining Signals’ “reason for existing”.
Pressure has been mounting on Signal and other secure messaging platforms. ASIO director general Mike Burgess has urged tech companies to unlock encrypted messages to assist terrorism and national security investigations, saying offshore extremists use such platforms to communicate.
@sunzu2
Nope and I was wrong.
@signalapp is only able to produce LESS information than I previously stated.
That’s it. Nothing else.
Signal does NOT log users’ IP addresses.
See this for more information:
https://signal.org/bigbrother/santaclara/
@maniacalmanicmania @9tr6gyp3 @signalapp
deleted by creator
@sunzu2
To do the things you are suggesting that Signal could be forced to do, Signal would have to rewrite its entire codebase as well as the client apps.
Fortunately, Signal is open source, and such changes would be noticed.
As it stands, it doesn’t matter what is demanded nor by whom as the only user data, including traffic analysis, that Signal can currently reveal is insignificant.
Signal simply cannot disclose data it itself cannot access.
Yes, decentralised services are preferable, but Signal has probably the easiest onboarding experience for the average user, especially those new to the concept of E2EE.
@maniacalmanicmania @9tr6gyp3 @signalapp
deleted by creator
@sunzu2
Signal knows *when* a user wqs last connected, but not the IP address of that connection. The system has been specifically designed to minimise the meta data available for collection.
@maniacalmanicmania @9tr6gyp3 @signalapp
deleted by creator
@sunzu2
Read the Affidavit produced here:
https://signal.org/bigbrother/santaclara/
Read Signal’s complete source code here:
https://github.com/signalapp
Once you understand the code, you’ll understand “what they can do” and what they cannot do.
When you’ve identified any flaw in the code that runs the Signal servers that would allow IP logging, let me know. I’ll be glad to file the bug report on your behalf.
@maniacalmanicmania @9tr6gyp3 @signalapp
deleted by creator
@sunzu2
“Under FISA order, signal would provide logs.”
How would Signal do this? Logs of what?
Corresponding parties? Messages? They don’t have them.
They’d have to rewrite their backend code to obtain them, and changes would also need to be made to the Signal client apps.
It would not matter if the FISA Court ordered that logs be produced in secret by Signal. Any such logs could not be obtained without significant changes to the way Signal works. Users would know.
Yes, Signal does have some shortcomings, but these are acceptable in most ‘use cases’ for most threat models.
Signal is best used as a private, E2EE alternative to SMS. Only a fool would use it for the *most sensitive* of communications. (Like, you know, discussing an impending military strike…)
We all know of the alternatives, including (but not limited to) SimpleX, Session, Briar, Element etc.
@maniacalmanicmania @9tr6gyp3 @signalapp