I’m not sure i agree with a lot of these complaints. Of course potential terrorist groups will abuse any service they can, but I don’t see that as a reason to create said service. If anything refusing to will just allow them to be outcompeted as someone else steps in to fill that niche and disrupting them.
Same for the crypto concerns. Criminals and bad actors are going to use crypto to exchange money regardless so what’s the point in not adding it to your platform?
I was expecting the abuse to be from state agencies, not an encryption company literally spewing the same anti-encryption rhetoric we’ve heard for years.
The narrative is being set to end end to end encryption. Expect more hypothetical articles like this going forward. The powers want to control the narrative. I would bet that there will be laws rolled out in the next few years.
Seems that there is a compelling argument that the First Amendment precludes the government from passing laws that prohibit encrypted communications (between US citizens, the US constitution does not apply to foreigners). Not sure the extent that has been tested in court, though. Regulations on exporting encryption still exist in the US to some degree, though Bernstein v. United States was a turning point in that regard (holding that publishing encryption algorithm source code, including electronically, cannot be restricted by the Government).
There's an idealogical collision course between safely offering usernames+financial transactions and maintaining an absolutist stance on encryption.
Within minutes, you'll have people going by @ElonMusk and @JeffBezos running scams to millions of non tech-savvy users. Are you going to try to stop that in any way? Can you, while maintaining full encryption?
I can appreciate Moxie sticking to his guns, but he'll need a better plan than "we'll deal with the problem when it comes." if he doesn't want to get deplatformed by Apple/Google or face government scrutiny.
Would an alternative be to offer auto-generated usernames that you have one-shot to generate a password for and if you lose that password you're gone? Something like opposite-dwindling-zodiac, casino-smile-widget, or creative-crumpled-dismiss?
If you choose to add a phone number as a recovery (and for contact finding) that's your optional choice.
There absolutely are mitigations from a technical standpoint, some with privacy trade-offs and some with UI trade-offs. But the key is to have those mitigations in place before you launch a feature with potential attack vectors.
Moxie's statement in that article claims they have no plans to address it.
Key phrase here is - "we are not algorithmically amplifying content"
Trump (or Obama for that matter and such characters who suddenly appear out of nowhere due to their pandering to a fan club skills) cannot be propped up at light speed without algorithmic amplification. Read that again Trump and Obama are not possible without the Like Button and the algo amplification it enables.
That is the main lesson from the last 15 years. And apps that don't have reward mechanisms that prop up time wasting Pandering section of the population are not going to produce the side effects Youtube, Twitter and Facebook did.
I dumped signal less over the data collection they've started doing and more for the fact that they've been less than transparent about it. Nearly a year ago their forums were filled with objections, security concerns, and questions and for months they went ignored. When they finally made setting a pin optional they were equally unclear that it would just set a random one for you and that this didn't prevent your data from being uploaded to the cloud.
I took it as a sign that they were telling us not to trust them as clearly as they were allowed. For secure communications I'm using Jami now and I've been very impressed. For SMS/MMS in general I'm still looking. I've tried a few alternatives and frankly I'm not really happy with any of them.
Edited my response to be less sarcastic. But honestly it’s hard for me to read something like this and believe you aren’t being deliberately misleading.
All this stuff is only stored in an encrypted form that signal never has the keys for.
And all this stuff is only applicable if you choose to set it.
Yes, for Alice to see Bobs profile Alice has to download some bytes. Those bytes live somewhere.
The difference is that, unlike every other app, signal spent a ton of time making this work in a way that The signal service can’t read your data, even if they wanted to.
You can choose not to set a profile photo but you can't choose not to set the list of contacts you've been in touch with. Opting out of setting a pin won't prevent the data from being saved to their servers. The fact that's encrypted doesn't matter. There are a number of potential issues with collecting it in the first place. You can see some of the security concerns which were brought up on their forums here:
Can you point to specific evidence of i happening? All I see are rumors on the Internet and that they weren't disproved - and event that is just a rumor on the Internet. Turtles all the way down, as is often the case on the Internet.
Every communication app 'collects' info, as you must at least transfer the target and content of the communication. Signal is designed to make that data unavailable to Signal itself.
> Can you point to specific evidence of i happening?
Specific evidence of what exactly? You mean an example of data stored on signal's servers after you opt out of setting a pin? That's something that takes place in the background without notice to the user. We also don't have access to the data stored on Signal's sever. What we do have is the source code and we can see it still uploads data. When asked about this directly a lead developer at signal confirmed that this was happening by design here: https://community.signalusers.org/t/beta-feedback-for-the-up...
> The change was to never upload the encrypted master key to SVR. We still create a master key locally and derive a storage key from the master key. That storage key is still used to encrypt data that is uploaded to storage service. Storage service is still necessary for future features involving linked devices. That data is encrypted with a 256-bit key that remains only on your devices.
So when opting out a setting a pin, Signal still encrypts and uploads your data, but doesn't use the key for their secure value recovery service. As far as "internet rumors" go, the fact that signal is collecting this data is highly verifiable. They just aren't being clear about this data collection to users. In fact they've been highly misleading when asked
(see https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)
> Every communication app 'collects' info
Not true (see Jami), but even if it were, what matters most is that it's always 100% clear to people what data is being collected under what circumstances and Signal has failed in that. Signal markets their app to people like whistle blowers and human rights activists who have a critical need for privacy, but doesn't give them the information they need to make an assessment of their risk.
> Signal is designed to make that data unavailable to Signal itself.
It's not clear how secure this data actually is from Signal, or from the type of agencies that have already requested this data from Signal in the past. Back in 2006 they were very proud to say they don't collect the kinds of data being requested (https://signal.org/bigbrother/eastern-virginia-grand-jury/)
> Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
Note that this website hasn't been updated to say so, but they are in fact now storing a list of your contacts and who you've been communicating with and there is no way to opt out of this data collection. It might take an exploit to get at that data, but even after facing months of backlash on their own forums from users about this, they still insist on collecting that data and are being less than transparent about that fact.
The interesting question is, how can they prevent abuse?
1. Spoofed names to perpetrated scams.
2. Groups promoting evil (however it's defined).
IIRC by default ny contact must be whitelisted, which helps a bit with scams. But if people get a contact request by their bank or employer, what will they do?
For the latter, Signal could incorporate messages in their app that undermines that behavior - for example, promoting tolerance, providing resources for people to report criminal activity, providing encouragement and resources for people to escape cult-like behavior, etc. I wonder how effective that would be.
22 comments
[ 2.6 ms ] story [ 55.5 ms ] threadSame for the crypto concerns. Criminals and bad actors are going to use crypto to exchange money regardless so what’s the point in not adding it to your platform?
I was expecting the abuse to be from state agencies, not an encryption company literally spewing the same anti-encryption rhetoric we’ve heard for years.
because someone else doing something that you consider wrong doesn't give you a license to do the same thing. After all criminals also dodge taxes.
Lawful Access to Encrypted Data
Within minutes, you'll have people going by @ElonMusk and @JeffBezos running scams to millions of non tech-savvy users. Are you going to try to stop that in any way? Can you, while maintaining full encryption?
I can appreciate Moxie sticking to his guns, but he'll need a better plan than "we'll deal with the problem when it comes." if he doesn't want to get deplatformed by Apple/Google or face government scrutiny.
If you choose to add a phone number as a recovery (and for contact finding) that's your optional choice.
Moxie's statement in that article claims they have no plans to address it.
They're not parler.
Trump (or Obama for that matter and such characters who suddenly appear out of nowhere due to their pandering to a fan club skills) cannot be propped up at light speed without algorithmic amplification. Read that again Trump and Obama are not possible without the Like Button and the algo amplification it enables.
That is the main lesson from the last 15 years. And apps that don't have reward mechanisms that prop up time wasting Pandering section of the population are not going to produce the side effects Youtube, Twitter and Facebook did.
I took it as a sign that they were telling us not to trust them as clearly as they were allowed. For secure communications I'm using Jami now and I've been very impressed. For SMS/MMS in general I'm still looking. I've tried a few alternatives and frankly I'm not really happy with any of them.
See here for more info:
https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...
All this stuff is only stored in an encrypted form that signal never has the keys for.
And all this stuff is only applicable if you choose to set it.
Yes, for Alice to see Bobs profile Alice has to download some bytes. Those bytes live somewhere.
The difference is that, unlike every other app, signal spent a ton of time making this work in a way that The signal service can’t read your data, even if they wanted to.
https://community.signalusers.org/t/proper-secure-value-secu...
Every communication app 'collects' info, as you must at least transfer the target and content of the communication. Signal is designed to make that data unavailable to Signal itself.
Specific evidence of what exactly? You mean an example of data stored on signal's servers after you opt out of setting a pin? That's something that takes place in the background without notice to the user. We also don't have access to the data stored on Signal's sever. What we do have is the source code and we can see it still uploads data. When asked about this directly a lead developer at signal confirmed that this was happening by design here: https://community.signalusers.org/t/beta-feedback-for-the-up...
> The change was to never upload the encrypted master key to SVR. We still create a master key locally and derive a storage key from the master key. That storage key is still used to encrypt data that is uploaded to storage service. Storage service is still necessary for future features involving linked devices. That data is encrypted with a 256-bit key that remains only on your devices.
So when opting out a setting a pin, Signal still encrypts and uploads your data, but doesn't use the key for their secure value recovery service. As far as "internet rumors" go, the fact that signal is collecting this data is highly verifiable. They just aren't being clear about this data collection to users. In fact they've been highly misleading when asked (see https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...)
> Every communication app 'collects' info
Not true (see Jami), but even if it were, what matters most is that it's always 100% clear to people what data is being collected under what circumstances and Signal has failed in that. Signal markets their app to people like whistle blowers and human rights activists who have a critical need for privacy, but doesn't give them the information they need to make an assessment of their risk.
> Signal is designed to make that data unavailable to Signal itself.
that's extremely questionable. You can read over some of the security concerns here: https://community.signalusers.org/t/proper-secure-value-secu...
It's not clear how secure this data actually is from Signal, or from the type of agencies that have already requested this data from Signal in the past. Back in 2006 they were very proud to say they don't collect the kinds of data being requested (https://signal.org/bigbrother/eastern-virginia-grand-jury/)
> Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
Note that this website hasn't been updated to say so, but they are in fact now storing a list of your contacts and who you've been communicating with and there is no way to opt out of this data collection. It might take an exploit to get at that data, but even after facing months of backlash on their own forums from users about this, they still insist on collecting that data and are being less than transparent about that fact.
1. Spoofed names to perpetrated scams.
2. Groups promoting evil (however it's defined).
IIRC by default ny contact must be whitelisted, which helps a bit with scams. But if people get a contact request by their bank or employer, what will they do?
For the latter, Signal could incorporate messages in their app that undermines that behavior - for example, promoting tolerance, providing resources for people to report criminal activity, providing encouragement and resources for people to escape cult-like behavior, etc. I wonder how effective that would be.