I would suspect any phone designed to resist a state-level actor, that is made available to me (a regular citizen) would 100% be a honeypot for a state level actor.
This comment feels disingenuous to me, but maybe I'm misinterpreting. Security features are always a service but there are real apps that provide real security. Signal and Matrix provide real encryption for communication. There's even mainstream products that do, like iMessage or Gmail, though these tend to be more selective about what is secure and what isn't (typically through walled gardens). Apple and Google both use federated learning, which is at least a step better than your typically data "anonymization." I agree that there's not enough push for serious security, especially as a default, but I also am not pessimistic on the subject either.
Signal wants your PSTN ID = real world ID, wants contacts from your phonebook which on Google phones generally means already cloudified, and is itself distributed through Google Play. Further, IIRC it's US-based so subject to acts of intervention from on high. I would be strongly suspicious of any metadata security claims, even if it nominally provides message or session-level encryption. Metadata is bad news.
> IIRC it's US-based so subject to acts of intervention from on high.
Sure, and they have been open about what information they give. If you're talking about being forced to introduce compromised code, well I'm not aware of the US government being able to force a company to do that. Signal has said before they'll shut down and then move if this is a requirement and on top of that[1], the code is open sourced and constantly scrutinized by the security community. So sounds like a pretty difficult thing to pull off.
I don't think handing your phone number to Signal is as big of a security issue as you're making it out to be.
I have a ton of concerns with Signal. They started collecting and storing user data in the cloud while being deceptive/unclear about it in their communications leading to a ton of confusion with users. In fact they're now storing exactly the same data that they've bragged about not being able to turn over since at that time they weren't keeping it. Pretty much as soon as it was clear Signal was going to start keeping user data, users started with objections and asking for a way to opt out of the data collection and bringing up security concerns but those objections were ignored.
To this day they're violating their own privacy policy because after they started storing user data in the cloud they never bothered to update the policy.
Currently it states: "Signal is designed to never collect or store any sensitive information." while in practice they store your name, your photo, your phone number, and a list of everyone you're in contact with which is pretty damn sensitive, especially if you're an activist or a whistleblower.
I've stopped using/recommending it. To this day I run into posts where people think Signal isn't collecting any user data. I hope every user who has to learn what signal is really collecting from some random internet comment thinks long and hard about what that says about how transparent and trustworthy signal is.
I'll give Session a look! Right now I'm using silence for unsecured texting and Jami for secure communication, but both lack polish and going from signal to silence was rough. It really needs a search function.
Anyone not following all the drama at the time wouldn't have a clue, and a bunch of people who did still came away with incorrect information anyway because Signal didn't make it clear at all what they were doing and they've gone out of their way to avoid answering direct questions in a clear way ever since, instead keeping the myth that they don't collect user data alive.
There's no reason they couldn't have provided a simple opt out for the data collection and avoided the issue entirely and the fact that they wouldn't do that was red flag enough, but the mess of confusion their communications caused and their refusal to update their privacy policy should be all the evidence we need that they're not to be trusted. To be fair to the folks at Signal, they may actually be trying to communicate that very message to their users as loudly as they're legally able to.
The whole cloud data collection, and the fact that their privacy policy is now veritably incorrect for over 2 years now certainly makes it plausible there's more they're keeping away from us.
Sure. Aside from the Google phones upload contacts to cloud issue, and the encouraging contacts to be added thing, there are two clear problems: both metadata.
(1) It's the network of phone numbers - who knows who, when they added, that starts to draw a picture.
(2) If they have any infrastructure at all - update checks, contact additions, whatever, that is going to phone home or be polled or contacted whatsoever, particularly that which can facilitate a network response (generate network traffic when an ID is added) then the app effectively acts as an element that can be used for identity verification even if all traffic is encrypted. This is not a small issue.
These issues are not unique to Signal, but they should not be swept under the rug. FWIW I do not claim to have read or audited their code, I just feel the use of PSTN IDs (== highly available link to personal identification) is a total farce which introduces huge risk for nearly no benefit to users and is fundamentally incompatible with their nominal public stated goals (again haven't read the official text) of end user security if that security is supposed to be best-effort.
> Sure. Aside from the Google phones upload contacts to cloud issue
You can add contacts through Signal that aren't synced with Google. I've just understood this process as a way to initiate the social graph. You can just not give Signal access and start from scratch, but I don't think that accomplishes much.
Also, as far as I'm aware, Signal doesn't actually know your phone number.
The thing is, some percentage of your contacts will accidentally or knowingly grant permission for their contacts to go to Google. So by linking to that infrastructure Signal is making this problem worse, whether or not they actually facilitate the spying themselves.
I assume you're an FBI agent trying to encourage people to install your real cooler encrypted app that's not on the store and only available via sideloading.
Heh, nice one. Not that it's my area, but in case the above was not decodable as sarcasm to other readers, following the evidence-based / defense-in-depth strategies I'd personally recommend not using phones at all (far too little control in general) and instead recommend seeking out auditable (open source) software on actual machines you have a hope to control for secure communications. It's a deep rabbit hole with diminishing returns, though.
It's definitely tin-foil-hat level. Obviously if you're a spy you're gonna have to have next level stuff, most of us aren't Jason Bourne, even we'd like to think we are.
There are a lot of bad actors in the security space. DDG, for example. Companies like perimeter 81 I don't trust based solely on the fact that Israel regularly and frequently acts nefariously. Bitlocker replaces good drive encryption you control with something that can be unlocked by authorities. Plenty of PRISM compromised companies offer security...
sms and email are insecure-by-default protocols. Gmail/imessage extend them which necessarily will create vendor-lock in when the extension relies on some centralized service, the extensions are private, and the implementations are closed source.
Matrix fixes this, but only in the sense that they replace the whole protocol without reverse compatibility.
This comment is especially true for the majority of the VPN companies plaguing YouTube ads/sponsorships right now. It's interesting they've all pivoted more towards "get netflix content from any country" than security, and also interesting that none of the streaming services have gone after them for doing so.
Most of the people in charge, only care about what state the "bad"/"good" actors are from, so preferably, "our guys" should be able to do everything, and "theirs" nothing.
