this post was submitted on 08 Jul 2023
28 points (68.9% liked)

Privacy

32156 readers
720 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Why do people assume Signal messenger isn't spying on you? Yes, it has open source code, yes it uses end-to-end encryption. But we can't check which code runs in the version from Google Play or the App Store. And also their APK (IPA) build process is essentially a black box, it doesn't use GitHub Actions or some other transparent build system. I also heard from Techlore that they add a proprietary part to the apk to filter bots. The only thing I can assume is that people scanned the traffic coming from the app (Android), phone (iOS) and checked whether encryption keys were being sent to Signal or not. But it seems to me that this can be also circumvented. What do you think?

P.S. I myself use Signal to communicate with relatives and friends. Definetly not a hater.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

Thank you for the detailed comment!

Well, I think that in such a case it would be possible to bypass the correct accounting of funds. Financial fraud has not been canceled. But this is more of a counterargument, unlikely.

I didn't know about Google notifications, cool implementation!

Yes, metadata encryption is cool, absolutely!

The question is also how to check the traffic on the iPhone, if there are even no monitoring tools there.

[–] [email protected] 1 points 1 year ago (1 children)

it would be possible to bypass the correct accounting of funds. Financial fraud

Well, sure but it'll be quite difficult to hide a large increase in revenue still. Large unussual transactions generally have to be flagged by banks, so receiving and moving around revenue of sold data from your non-profit wouldn't be thát easy unless they only allow crypto or cash. Surely it's possible, but financial fraud on that level is quite difficult and often falls trough sooner or later. Or, the other option is that they don't earn that much from it making it easy to hide, but that sounds like a lot of effort and potential risk for little gain.

Either way, the financial numbers is just one of the reasons. But trust is never build on one thing, it's built on the combination of them. With all things I mentioned, I don't exactly get the feeling it's all hanging on finacial fraud.

The question is also how to check the traffic on the iPhone, if there are even no monitoring tools there.

Use a network you controll (like your home WiFi) and check in- and outgoing traffic network wide instead of on-device.

You cannot check other peoples stuff all the time, but I'd suggest not sending sensitive information to people you don't trust as they could leak it (be it on purpose or not). And depending on level of sensitivity, just speak face-to-face in a private place. There is always a form of digital footprint when doing stuff digital. In the end, you should always assume that nothing is 100% safe, and anything cán be hacked. Trusting digital communication to be 100% safe is foolish. Look at situations like the Encrochat debacle for example. The question is more, which risks are worth it in your threat model. For most people, Signal is good enough as the risks it does have aren't in their threat model at all.

[–] [email protected] 1 points 1 year ago

Thank you! Really good points ❤️