> “Signal has not complied with the guidelines. Services like iMessage do not fall under the traceability clause since the significant social media intermediaries in the nature of messaging services have to comply,” said an official, requesting anonymity.
What does “Services like iMessage do not fall under the traceability clause since the significant social media intermediaries in the nature of messaging services have to comply” mean?
They probably have a method to trace message metadata using the application provider's infrastructure.
It's sort of like a home phone. Law enforcement officials can contact Verizon to learn who you called and who called you, what time, duration of the call, etc.
Hopefully yes, but that's a separate matter. The important part is that it's technically feasible and you can then use whatever legal (or otherwise) mechanisms to get the metadata.
Warrants have legal meaning but little practical impact. They can be requested and granted very easily. The process offers very little protection. If the cops ask for warrant to request the list of numbers called, they will get it.
That said, warrants are not always needed. The logic goes that the phone company already knows who you have called. They needed that information when they connected the calls. They store that information for billing purposes. So connection/metadata isn't private because you have already shared it with the phone company. In many countries that is sufficient to moot the entire warrant debate. (This logic then extends to other data used to make connections and route internet traffic such as IP addresses.) And if the phone company/ISP is a state-owned/backed/licensed enterprise there is little privacy left to argue over.
> Warrants have legal meaning but little practical impact. They can be requested and granted very easily. The process offers very little protection. If the cops ask for warrant to request the list of numbers called, they will get it.
What are you basing this on? Warrants require probable cause (in the US at least). Are you saying that that the probable cause requirement still allows warrants to be granted very easily? Or that the probable cause requirement is not being followed?
> Are you saying that that the probable cause requirement still allows warrants to be granted very easily? Or that the probably cause requirement is not being followed?
Well, both.
Warrants may be granted very easily via the FISA courts [0]. They are unenforced in the warrantless wiretap programs [1]. If your wiretap happened to be illegal, and you want to work around this to win the court case anyway, you use parallel construction to build a case that does not rely on the secret wiretap [2]:
> Because the SOD's work is classified, DEA cases that began as NSA leads can't be seen to have originated from a NSA source.
> So what does the DEA do? It makes up the story of how the agency really came to the case in a process known as "parallel construction."
You are talking about a particular type of warrant. I don't think the average local police force is getting FISA warrants for their day-to-day police work (maybe I'm wrong? I would like to see numbers on that before I change my mind though), and OP did not limit their statment to FISA warrants.
The news sources I've encountered seem to imply otherwise. The linked Washington Post article was an early hint at this, and built on original material from [0]. Now we have other sources backing this up, such as [1], and detailed breakdowns of this practice with lots of evidence as seen in [2]. Just search for the word "local" or "state" in [2] if you need the details.
The problem is that no warrant is needed if the phone company complies without asking for one.
Basically the government says "hey can we see this users data? (And if you say no, we'll get a warrant that requires you to do extra work)", and then the phone company turns over your data without requiring the warrant because they don't care about you.
I was specifically addressing OP's statement that the warrant requirement does not offer much protection - I'm not talking about situations where a warrant is not required. I think I probably agree with you that over-compliance by phone companies is a problem, but that's not what I was asking about.
>> Are you saying that that the probable cause requirement still allows warrants to be granted very easily?
Yes. Probable cause is not a significant burden and can be met with "evidence" that would normally never be admitted. Cops regularly rely on unnamed out-of-court CIs. For telephone call records, the simple fact that a phone number appeared during an investigation is likely enough for a warrant to see which other numbers it has connected to.
Third-party doctrine had eroded the need for warrants for a long time. Luckily there's been progress in slowly clawing back our rights in the last decade or so.
I think it makes a bit more sense as "significant social media platforms in the guise of messaging services" , since iMessage doesn't function as a social media platform.
They're going to get banned from the AppStore then. The end result will be Signal being forced underground with far fewer users. There's nothing Signal can do, really.
Add: and Signal's centralized server IPs banned. Signal is really weak here; shouldn't have been centralized to begin with.
Signal can pull a Durov and start hopping popular cloud hostings and CDNs, pushing latest server IPs via FCM. This worked for a year in Russia - they banned several large subnets of AWS and DigitalOcean, millions of IPs and smaller subnets, temporarily banned Google, but in the end still gave up after a year.
The decentralization argument comes up fairly often in similar discussions. Assuming it was Matrix and not Signal, what advantage would there be in the current situation?
India has banned gazillion apps - they were mostly of Chinese origin, so no problem, right? Well, sooner or later 'Swadeshi' will come to many of the apps in App Store.
Indian had "draconian" terrorist laws under INC, remember TADA ? No one called Indian Government FACIST then.. i wonder why ?
I thought Modi and RSS were already fascists according their detractors but 'turning fully fascist' is a thing for me.
Indian government from 1950 to this day has been ham fisted, this won't be the last time.. and this has more or less nothing to do with party in power. All this useless 'fascist' talk is useless talking points and assigned opinions.
Well, clearly you haven't been paying attention to the absolute assault on free speech happening in India and the sheer number of journalists who have been killed in India, the number of people being illegally detained etc.
What about the number of people being arrested for just criticizing the Modi govt's criminally pathetic handling of the covid crisis which is estimated to have killed at least a million people?
https://indianexpress.com/article/india/anti-pm-posters-arre...
This false fear mongering is something that I really hate. I have been living in India and an ascertain the fact that quality of life has gone up in the past 10 years. People keep talking about Fascist Government and not having freedom to express thrir opinions but whole media is completely filled with nothing but hate for the current Government. People post on Twitter Facebook Instagram left and right against the Government in power and then call them Fascist. What kind of a Fascist Government allows this? How is the freedom of speech violated if you are contact ranting against Government?
Also, do your due diligence and read about other journalists who have lost their lives due to unnatural reasons over the past 20 years. And also pay attention to the fact that why only handful of them make the news while others are given no importance.
Also, just to give you a reality check, at the ground level the Government's approval rating has gone up specially due to their handling of the pandemic.
The "ground level" ratings that you quote - can you please state your sources? I have given my sources clearly.
FYI, over 230 million people have been pushed into abject poverty in India because of Modi's inept handling of the Covid crisis. People around the world have seen the visuals of bodies floating down rivers, people dying on the streets etc.
Lots of steps taken in right direction. And lot of major problems ignores too by this government.
But that doesn't change the fact that the approval rating has gone up. So, whatever you have shared doesn't really mean anything in response to the comment I posted.
Also, may I add that over 230 million people have been pushed into abject poverty in India because of Modi's inept handling of the Covid crisis. People around the world have seen the visuals of bodies floating down rivers, people dying on the streets etc.
Oh yes. Dead bodies are floating in rivers everywhere. Yes 230 millilion people gave been pushed to poverty. Economy of every other country in the world is thriving. Nobody lost a job in any other part of the world except India.
Dude, please use your brain along side the news you read. Every major business has taken a hit and labor class is the main class that has taken a hit. Do I need to remind you of much of population of India falls in that category?
This is a quick way to further increase Signal's user base. If someone in India does not know about Signal, this type of "don't use it! it's noncompliant!" government behavior will drive more users to the platform.
DNS injection can be relatively easily bypassed by using DNS over HTTPS/TLS.
ISPs usually block websites by terminating the connection on seeing a blacklisted SNI which is part of the TLS handshake (So the server can respond with the appropriate TLS certificate). The only way to bypass is either to use domain-fronting (aka using different SNI/Host, not standard-compliant, doesn't work with most CDNs), or use a different protocol. (Not that practical)
ECH/eSNI plan [1] to make the SNI encrypted, and therefore uncensorable in future. (The draft is now in it's later stages). Ofcourse this can end up with government potentially blocking all ECH traffic.
Many have tried Signal in the past few months here in India because of WhatsApp's privacy policy changes which managed to create quite a buzz. None of my friends stuck around though. Everyone is back to WhatsApp.
It's well known that the Indian government is no friend of an uncensored Internet. Look at the great many well documented instances of them messing around with it:
Indian government is just the reflection of the majority in India. They can do these things because they know that the majority don't care about these issues. Take the same bunch of people in the government and put them in Germany and they would be making pro privacy laws left and right all day.
A "reflection of the majority in India" assumes that everyone in India votes or can vote which I find to be extremely unlikely given most of the population live in rural areas and are uneducated.
India's literacy rate is around 70%. So the majority is not uneducated.
The voter turnout for 2019 Indian election was 67% compared to 66.7% of 2020 US election. So your rural areas and uneducated theory leads to less votes doesn't hold much essence :)
sorry if the source is old, i couldnt find a fresh one. the argument still holds, india is counting being a "literate" as someone who can write his/her name or read passages from 2nd grade. if that is what is passing as being literate then yeah, india is a literate country. if not then don't trust these figures
They vote. All 1.4 billion of them. Right down to the smallest and poorest villages. It fields a vast array of parties and political ideologies. India well deserves its title as "the world's greatest democracy".
Indian election rules state "no voter should have to travel more than 1.24 miles to vote."[1] It's irrelevant that most of the population is rural. They can all vote.
This is the major downside of centralised app stores. On the plain old internet, nobody had to care about the whims of regressive governments. Worst case, the government would try to block the website and often fail and/or face public backlash. Now, the government can just tell google or apple that they don't like the app, and the problem is solved. This is quite tragic for an app like signal because it really does not deal with the country's currency in any shape nor does it have any presence in the country, but because google/apple have to do business in the country, signal takes the fall.
It definitely becomes tiresome than downloading an alternative chat app from Playstore. Signal has been gaining ground in India since Whatsapp came up with its new terms. A ban on Playstore will hinder that progress.
If you want to piggy back on Google's centralized notification system (which saves network and battery usage), you have to distribute via the play store. I have no idea whether signal does this, but it would make sense for them to.
Signal has a means of delivering push notifications using their own infrastructure via websockets. It has a higher battery drain than using Google's push infrastructure, but it works.
You don't. You do need to create an app in the Google API console to obtain the key to send GCM notifications, but that's completely independent from the Play Store.
There has been speculation that in a future Android version, Google will extend features of its Advanced Protection program to all devices. One of those is that sideloading of APKs will no longer be possible unless you do it over the command line via ADB. Only a tiny percentage of the population, techies like us, would be comfortable doing that. So, "you can still sideload" might not be a thing for long.
A blockchain allows developers to out-source the running of a globally-available append-only log. Such a log is useful for building something like Trillian:
Ok but how does a globally-available append-only log help distribute applications ? The technology is probably interesting, but it doesn't help solve the problem at hand
If you can securely distribute the hash of the binary, you can probably also distribute a set of URLs representing where the binary can be downloaded from.
Bittorrent would fit well as a way of distributing the apps themselves, as that ecosystem already uses magnet links, and developers could quite cheaply run a node which acts as a seed of last resort.
Bittorrent has everything you'd need for distributing apps: of course the distribution of binaries is there, but it also has storing of arbitrary information, even mutable (http://bittorrent.org/beps/bep_0044.html). This way once you have a version you can fetch further versions by periodically polling the hash that contains the latest version.
No need for a blockchain. Distributed software distribution has been around forever, whether it was handing out disks back in the day or streaming warez over BitTorrent now. The problem is trust.
Blockchain enabled transaction processing where the parties to the transaction don't need to trust each other, as long as they are only transacting in goods stored on the blockchain. Once you get into the world of one party having to physically deliver something the other party will use, you're back to the problem of trust.
So until all software runs on the blockchain, no, as long as you still need to install it onto your device, you need to be able to trust the delivery network. You certainly don't need a central authority for that. Normal desktop devices work perfectly fine with people relying on PGP signatures in common Linux distros or something like Chocolatey on Windows and Brew on Mac. But you don't need a blockchain, either, nor does it add any value.
This is one of the big reasons I've chosen to use Android where I can install apks on my device. Though I may not have the "blue bubble" of iMessage so many in the USA seem to associate with higher status
It sounds as if Signal could comply with this by removing the "forward" button in India, right? Then there is no "first originator" as seen by Signal.
There still is, of course. Cut and paste works, and android's share works, but both of those send the message out of Signal (and perhaps back into Signal).
They say that honest and nonviolent people have no need for self-keyed cryptography, that using it just enables criminals. This is true, but nobody is self-encrypting to help others to prey upon them. They are doing it to prevent becoming a victim. Guess who the predator is….
The cipherpunk future is fundamentally a dystopia. Trust in authority would be a wonderful thing. I actually thought the authoritarian future would be more subtle and well-tolerated, like “Brave New World”, but it’s shaping up a lot like “1984”, and I can’t understand why a central-authority would self-destruct like that, under no force of occupation.
On whitepapes, I surmised that WhatsApp is supposedly meta-connection secured (unless reconstruction is being done by WhatsApp backend).
All the while with Signal app, I’m fairly certain that message content is most secured (than Whatsapp) but is operationally resistant to providing meta-connection info.
Interestingly enough, I find that Matrix (Element iOS app) to be strongest in both aspect of connection metadata and secured message content.
98 comments
[ 2.5 ms ] story [ 184 ms ] threadWhat does “Services like iMessage do not fall under the traceability clause since the significant social media intermediaries in the nature of messaging services have to comply” mean?
It's sort of like a home phone. Law enforcement officials can contact Verizon to learn who you called and who called you, what time, duration of the call, etc.
That said, warrants are not always needed. The logic goes that the phone company already knows who you have called. They needed that information when they connected the calls. They store that information for billing purposes. So connection/metadata isn't private because you have already shared it with the phone company. In many countries that is sufficient to moot the entire warrant debate. (This logic then extends to other data used to make connections and route internet traffic such as IP addresses.) And if the phone company/ISP is a state-owned/backed/licensed enterprise there is little privacy left to argue over.
What are you basing this on? Warrants require probable cause (in the US at least). Are you saying that that the probable cause requirement still allows warrants to be granted very easily? Or that the probable cause requirement is not being followed?
Well, both.
Warrants may be granted very easily via the FISA courts [0]. They are unenforced in the warrantless wiretap programs [1]. If your wiretap happened to be illegal, and you want to work around this to win the court case anyway, you use parallel construction to build a case that does not rely on the secret wiretap [2]:
> Because the SOD's work is classified, DEA cases that began as NSA leads can't be seen to have originated from a NSA source.
> So what does the DEA do? It makes up the story of how the agency really came to the case in a process known as "parallel construction."
[0]: https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...
[1]: https://en.wikipedia.org/wiki/NSA_warrantless_surveillance_(...
[2]: https://www.washingtonpost.com/news/the-switch/wp/2013/08/05...
[0]: https://www.reuters.com/article/us-dea-sod/exclusive-u-s-dir...
[1]: https://theintercept.com/2018/01/09/dark-side-fbi-dea-illega...
[2]: https://www.hrw.org/report/2018/01/09/dark-side/secret-origi...
Yes. Probable cause is not a significant burden and can be met with "evidence" that would normally never be admitted. Cops regularly rely on unnamed out-of-court CIs. For telephone call records, the simple fact that a phone number appeared during an investigation is likely enough for a warrant to see which other numbers it has connected to.
https://en.wikipedia.org/wiki/Third-party_doctrine
How ironic
edit: removed editorializing.
Not that I agree with it. Signal and iMessage have way more in common than they do differently, but at least it’s a coherent sentence.
Well that seems pretty idiotic. It should be interesting to see how all this works out.
Add: and Signal's centralized server IPs banned. Signal is really weak here; shouldn't have been centralized to begin with.
Here is Moxie's talk about this very subject, and why he thinks that decentralized products can be much weaker products.
https://www.youtube.com/watch?v=Nj3YFprqAr8
Indian had "draconian" terrorist laws under INC, remember TADA ? No one called Indian Government FACIST then.. i wonder why ?
Indian government from 1950 to this day has been ham fisted, this won't be the last time.. and this has more or less nothing to do with party in power. All this useless 'fascist' talk is useless talking points and assigned opinions.
Well, clearly you haven't been paying attention to the absolute assault on free speech happening in India and the sheer number of journalists who have been killed in India, the number of people being illegally detained etc.
India is now listed as one of the most dangerous places in the world to be journalist - along with countries like Afghanistan, Iraq etc! https://indianexpress.com/article/world/2020-dozens-of-journ...
India also leads the world in Internet shutdowns - with more shutdowns than the rest of the world combined! https://www.accessnow.org/keepiton-report-india-shuts-down-i...
What about the number of people being arrested for just criticizing the Modi govt's criminally pathetic handling of the covid crisis which is estimated to have killed at least a million people? https://indianexpress.com/article/india/anti-pm-posters-arre...
Also, do your due diligence and read about other journalists who have lost their lives due to unnatural reasons over the past 20 years. And also pay attention to the fact that why only handful of them make the news while others are given no importance.
Also, just to give you a reality check, at the ground level the Government's approval rating has gone up specially due to their handling of the pandemic.
FYI, over 230 million people have been pushed into abject poverty in India because of Modi's inept handling of the Covid crisis. People around the world have seen the visuals of bodies floating down rivers, people dying on the streets etc.
https://www.business-standard.com/article/economy-policy/230...
About the quality of life, let me give you some more information:
1. India has dropped in the UN Human Development Index.
https://www.hindustantimes.com/india-news/india-slips-a-spot...
2. 50% of the manufacturing jobs have been lost in just 5 years https://www.financialexpress.com/economy/make-in-india-half-...
3. India has slipped 26 spots in Economic Freedom index.
https://www.business-standard.com/article/economy-policy/ind...
4. India has slipped to the bottom in Emerging Markets - this is before the second wave hit and the carnage that followed.
https://www.livemint.com/news/india/india-slips-to-bottom-of...
5 India has slipped in the corruption index:
https://timesofindia.indiatimes.com/india/india-slips-in-glo...
6. India has dropped in the democracy index rankings
https://www.hindustantimes.com/india-news/india-slips-two-po...
7. India has slipped 28 places in the WEF Gender Gap index showing rapid deterioration in the overall environment for women in India
https://www.thehindubusinessline.com/news/india-slips-28-pla...
8. India has slipped in the Sustainable Development Goals
https://www.indiatoday.in/india/story/india-slips-two-spots-...
9. India has the lowest ranking level in the UN religious freedom index https://www.thehindu.com/news/national/uscirf-downgrades-ind...
But that doesn't change the fact that the approval rating has gone up. So, whatever you have shared doesn't really mean anything in response to the comment I posted.
https://www.business-standard.com/article/economy-policy/230...
Dude, please use your brain along side the news you read. Every major business has taken a hit and labor class is the main class that has taken a hit. Do I need to remind you of much of population of India falls in that category?
[1] https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni
https://en.wikipedia.org/wiki/Internet_censorship_in_India
https://youtube.com/watch?v=RWldvqO4AIY
The voter turnout for 2019 Indian election was 67% compared to 66.7% of 2020 US election. So your rural areas and uneducated theory leads to less votes doesn't hold much essence :)
sorry if the source is old, i couldnt find a fresh one. the argument still holds, india is counting being a "literate" as someone who can write his/her name or read passages from 2nd grade. if that is what is passing as being literate then yeah, india is a literate country. if not then don't trust these figures
1. https://www.washingtonpost.com/world/asia_pacific/election-w...
Makes me wonder...are there blockchain-based app stores that could serve as a viable alternative?
https://transparency.dev/#trillian
Bittorrent would fit well as a way of distributing the apps themselves, as that ecosystem already uses magnet links, and developers could quite cheaply run a node which acts as a seed of last resort.
Blockchain enabled transaction processing where the parties to the transaction don't need to trust each other, as long as they are only transacting in goods stored on the blockchain. Once you get into the world of one party having to physically deliver something the other party will use, you're back to the problem of trust.
So until all software runs on the blockchain, no, as long as you still need to install it onto your device, you need to be able to trust the delivery network. You certainly don't need a central authority for that. Normal desktop devices work perfectly fine with people relying on PGP signatures in common Linux distros or something like Chocolatey on Windows and Brew on Mac. But you don't need a blockchain, either, nor does it add any value.
Wasn't X forced to not have encryption built in due to the US's horrible encryption laws at the time?
There still is, of course. Cut and paste works, and android's share works, but both of those send the message out of Signal (and perhaps back into Signal).
The cipherpunk future is fundamentally a dystopia. Trust in authority would be a wonderful thing. I actually thought the authoritarian future would be more subtle and well-tolerated, like “Brave New World”, but it’s shaping up a lot like “1984”, and I can’t understand why a central-authority would self-destruct like that, under no force of occupation.
All the while with Signal app, I’m fairly certain that message content is most secured (than Whatsapp) but is operationally resistant to providing meta-connection info.
Interestingly enough, I find that Matrix (Element iOS app) to be strongest in both aspect of connection metadata and secured message content.