| ▲ | ddtaylor 13 hours ago |
| I don't know signal very well but when I have spoken to others about it they mention that the phone number is the only metadata they will have access to. This seems like a good example of that being enough metadata to be a big problem. |
|
| ▲ | causalscience 11 hours ago | parent | next [-] |
| I've been hearing for years people say "Signal requires phone number therefore I don't use it", and I've been hearing them mocked for years. Turns out they were right. |
| |
| ▲ | OneDeuxTriSeiGo 10 hours ago | parent | next [-] | | They weren't though? Signal requires a phone number to sign up and it is linked to your account but your phone number is not used in the under the hood account or device identification, it is not shared by default, your number can be entirely removed from contact disovery if you wish, and even if they got a warrant or were tapping signal infra directly, it'd be extremely non trivial to extract user phone numbers. https://signal.org/blog/phone-number-privacy-usernames/ https://signal.org/blog/sealed-sender/ https://signal.org/blog/private-contact-discovery/ https://signal.org/blog/building-faster-oram/ https://signal.org/blog/signal-private-group-system/ | | |
| ▲ | ddtaylor 10 hours ago | parent | next [-] | | In past instances where Signal has complied with warrants, such as the 2021 and 2024 Santa Clara County cases, the records they provided included phone numbers to identify the specific accounts for which data was available. This was necessary to specify which requested accounts (identified by phone numbers in the warrants) had associated metadata, such as account creation timestamps and last connection dates. | | |
| ▲ | OneDeuxTriSeiGo 10 hours ago | parent | next [-] | | Yep however that only exposes a value of "last time the user registered/verified their account via phone number activation" and "last day the app connected to the signal servers". There isn't really anything you can do with that information. The first value is already accessible via other methods (since the phone companies carry those records and will comply with warrants). And for pretty much anyone with signal installed that second value is going to essentially always be the day the search occurred. And like another user mentioned, the most recent of those warrants is from the day before they moved to username based identification so it is unclear whether the same amount of data is still extractable. | | |
| ▲ | ddtaylor 9 hours ago | parent [-] | | I would think being able to subpoena records for all active signal users would be a cause for concern. Ironically enough Reddit seems to have a pretty good take on this: https://www.reddit.com/r/law/comments/1qogc2g/comment/o21aeh... I was genuinely surprised when I went to Reddit and saw that as the most voted comment on the story. | | |
| ▲ | OneDeuxTriSeiGo 6 hours ago | parent [-] | | I think that's a fair assessment on their part however it's worth noting that your phone number does not serve as your account ID. It can be used to look up an account but there are caveats to that. The lookups go through a secure enclave, the system is architected to limit the number of lookups that can be done, and the system has some fairly extensive anti-exfiltration cryptographic fuckery running inside the secure enclave to further limit the extent to which accounts can be efficiently looked up. And of course you can also remove your phone number from contact discovery (but not from the acct entirely) but I'm not sure how that interacts with lookup for subpoenas. If they use the same system that contact discovery uses, it may be an undocumented way to exclude your account from subpoena responses. The rest of what they say however is pretty spot on. The priority for signal is privacy, not anonymity. They try to optimise anonymity when they can but they do give up a little anonymity in exchange for anti-spam and user-friendliness. So of course the ending notes of "use a VPN, configure the settings to maximise anonymity, and maybe even get a secondary phone number to use with it" are all perfectly reasonable suggestions. |
|
| |
| ▲ | smeej 10 hours ago | parent | prev [-] | | This was before Signal switched to a username system. | | |
| ▲ | ddtaylor 9 hours ago | parent [-] | | Others mention you must still register with a phone, although you can remove it from your account after you go through the username stuff? Usually HN is pretty good about identifying that the default path is the path and that opt-out like behavior of this means very little for mass usage. | | |
| ▲ | OneDeuxTriSeiGo 6 hours ago | parent [-] | | It's not that you can remove it from your account entirely. Your account is still linked to that number. It's that you can remove the number from contact discovery. And re: defaults the default behavior on signal is that your phone number is hidden from other users but it can be used to do contact discovery. Notably though you can turn contact discovery off (albeit few people do). |
|
|
| |
| ▲ | gruez 9 hours ago | parent | prev | next [-] | | Which of those links actually say that your phone number is private from Signal? If anything, this passage makes it sound like it's the reverse, because they specifically call out usernames not being stored in plaintext, but not phone numbers. >We have also worked to ensure that keeping your phone number private from the people you speak with doesn’t necessitate giving more personal information to Signal. Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts. | |
| ▲ | causalscience 7 hours ago | parent | prev [-] | | > it'd be extremely non trivial Extremely non trivial. What I'm hearing is "security by obfuscation". |
| |
| ▲ | rainonmoon 11 hours ago | parent | prev | next [-] | | Absolutely nothing in this article is related to feds using conversation metadata to map participants, so, no they weren’t. | | |
| ▲ | jvanderbot 10 hours ago | parent | next [-] | | If you follow the X chatter on this, some folks got into the groups and tracked all the numbers, their contributions, and when they went "on shift" or "off". I don't really think Signal tech has anything to do with this. | | |
| ▲ | OhMeadhbh 10 hours ago | parent | next [-] | | Yeah. It's notable they didn't crack the crypto. In the 90s when I was a young cypherpunk, I had this idea that when strong crypto was ubiquitous, certainly people would be smart enough to understand its role was only to force bad guys to attack the "higher levels" like attacking human expectations of privacy on a public channel. It was probably unrealistic to assume everyone would automatically understand subtle details of technology. As a reminder... if you don't know all the people in your encrypted group chat, you could be talking to the man. | |
| ▲ | rainonmoon 10 hours ago | parent | prev | next [-] | | That’s really interesting extra context, thanks! | | | |
| ▲ | ddtaylor 10 hours ago | parent | prev [-] | | My Session and Briar chats don't give out the phone numbers of other users. | | |
| ▲ | overfeed 10 hours ago | parent | next [-] | | Yes, but they have their own weaknesses. For instance, Briar exposes your Bluetooth MAC, and there's a bunch of nasty Bluetooth vulns waiting to be exploited. You can't ever perfectly solve for both security and usability, you can only make tradeoffs. | | |
| ▲ | ddtaylor 9 hours ago | parent [-] | | Briar has multiple modes of operation. The Bluetooth mode is not the default mode of operation and is there for circumstances where Internet has been shut down entirely. For users who configure Briar to connect exclusively over Tor using the normal startup (e.g., for internet-based syncing) and disable Bluetooth, there is no Bluetooth involvement at all, so your Bluetooth MAC address is not exposed. |
| |
| ▲ | lynndotpy 8 hours ago | parent | prev [-] | | Neither does Signal. | | |
| ▲ | ddtaylor 6 hours ago | parent [-] | | Both Session and Briar are decentralized technologies where you would never be able to approach a company to get any information. They operate over DHT-like networks and with Tor. Signal does give out phone numbers when the law man comes, because they have to, and because they designed their system around this identifier. | | |
| ▲ | lynndotpy 4 hours ago | parent [-] | | This changed about two years ago, when they added usernames. ( https://signal.org/blog/phone-number-privacy-usernames/ ) Signal can still tell law enforcement (1) whether a phone number is registered with Signal, and (2) when that phone number signed up and (3) when it was last active. That's all, and not very concerning to me.
To prevent an enumeration attack (e.g. an attacker who adds every phone number to their system contacts), you can also disable discovery my phone number. While Session prevents that, Session lacks forward secrecy. This is very serious- it's silly to compare Session to Signal when Session is flawed in its cryptography. (Details and further reading here https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ ). Session has recently claimed they will be upgrading their cryptography in V2 to be up to Signal's standard (forward secrecy and post-quantum security), but until then, I don't think it's worth considering. I agree that Briar is better, but unfortunately, it can't run on iPhones. I'm in the United States and that excludes 59% of the general population, and about 90% of my generation. It's not at fault of the Briar project, but it's a moot point when I can't use it to talk to people I know. |
|
|
|
| |
| ▲ | causalscience 11 hours ago | parent | prev [-] | | [flagged] | | |
| ▲ | gosub100 11 hours ago | parent [-] | | We don't do the "duct-tape an insult to the end to drive your point harder" gimmick here. It will lead to loss of your account. | | |
| ▲ | dylan604 11 hours ago | parent | next [-] | | whoa, losing access to a throwaway account created for specifically posting trolling comments? i'm sure they're shaking in their boots at the prospect | | |
| ▲ | causalscience 10 hours ago | parent [-] | | This throwaway account wasn't created specifically for posting trolling comments, this is just my personality :-( |
| |
| ▲ | causalscience 10 hours ago | parent | prev [-] | | [flagged] |
|
|
| |
| ▲ | BugsJustFindMe 10 hours ago | parent | prev | next [-] | | Signal's use of phone numbers is the least of your issues if you've reached this level of inspection. Signal could be the most pristine perfect thing in the world, and the traffic from the rest of your phone is exactly as exposing as your phone number is when your enemy is the US government who can force cooperation from the infrastructure providers. | | |
| ▲ | causalscience 10 hours ago | parent [-] | | Your point is correct but irrelevant to this conversation. The question here is NOT "if Signal didn't leak your phone number could you still get screwed?" Of course you could, no one is disputing that. The question is "if you did everything else perfect, but use Signal could the phone number be used to screw you?" The answer is ALSO of course, but the reason why we're talking about it is that this point was made to the creator of Signal many many times over the years, and he dismissed it and his fanboys ridiculed it. |
| |
| ▲ | OhMeadhbh 10 hours ago | parent | prev | next [-] | | I talked to Moxie about this 20 years ago at DefCon and he shrugged his shoulders and said "well... it's better than the alternative." He has a point. Signal is probably better than Facebook Messenger or SMS. Maybe there's a market for something better. | | |
| ▲ | venusenvy47 5 hours ago | parent | next [-] | | Is there any reason they didn't use email? It seems like something that would have been easier to keep some anonymity., while still allowing the person to authenticate. | |
| ▲ | causalscience 10 hours ago | parent | prev | next [-] | | I have no idea if that was true 20 years ago, but it's not true now. XMPP doesn't have this problem; your host instance knows your IP but you can connect via Tor. | | |
| ▲ | ddtaylor 10 hours ago | parent | next [-] | | OTR has been on XMPP for so long now | | |
| ▲ | causalscience 10 hours ago | parent [-] | | Is that good? According to the wikipedia page it seems last stable release was 9 years ago. Is anyone using that? Last time I had a look at XMPP everybody was using OMEMO. | | |
| ▲ | blurb4969 9 hours ago | parent [-] | | OMEMO has its own flaws too https://soatok.blog/2024/08/04/against-xmppomemo/ | | |
| ▲ | causalscience 8 hours ago | parent [-] | | Sorry, I don't pay attention to anyone who disses PGP. I don't care if it's easy to misuse. I focus on using it well instead of bitching about misusing it. If there's one thing we learned from Snowden is that the NSA can't break PGP, so these people who live in the world of theory have no credibility with me. | | |
| ▲ | ddtaylor 6 hours ago | parent [-] | | Before my arrest (CFAA) I operated on Tor and PGP for years. I had property seized and I had a long look at my discovery material, as I was curious which elements they had obtained. I never saw a single speck of anything I ever sent to anyone via PGP in there. They had access to my SIGAINT e-mail and my BitMessage unlocked, but I used PGP for everything on top of that. Stay safe! | | |
| ▲ | michaelmcdonald 5 hours ago | parent [-] | | Would be curious to know (if you're willing to share) how you were found if you were working to obscure / encrypt your communications. What _was_ it that ultimately gave you away or allowed them to ID you? |
|
|
|
|
| |
| ▲ | zxcvasd 9 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | ddtaylor 10 hours ago | parent | prev | next [-] | | Briar and Session are the better encrypted messengers. | | | |
| ▲ | Bender 10 hours ago | parent | prev [-] | | I remember listening to his talks and had some respect for him. He could defeat any argument about any perceived security regarding any facet of tech. Not so much any more. He knows as well as I do anything on a phone can never be secure. I get why he did it. That little boat needed an upgrade and I would do it too. Of course this topic evokes some serious psychological responses in most people. Wait for it. | | |
| ▲ | ddtaylor 10 hours ago | parent [-] | | > He knows as well as I do anything on a phone can never be secure I assume because of the baseband stuff to be FCC compliant? Last I checked that meant DMA channels, etc. to access the real phone processor. All easily activated over the air. | | |
| ▲ | Bender 10 hours ago | parent | next [-] | | All easily activated over the air. Indeed. The only reason this is not used by customer support for more casual access, firmware upgrades and debugging is a matter of policy and the risk of mass bricking phones and as such this is not exposed to them. There are other access avenues as well including JTAG debugging over USB and Bluetooth. | |
| ▲ | direwolf20 7 hours ago | parent | prev | next [-] | | I don't think the FCC requires DMA channels. That's done out of convenience because it's how PCIe works. | | |
| ▲ | ddtaylor 6 hours ago | parent [-] | | The FCC doesn't require DMA channels, but the baseband processor may have access to it among anything else. | | |
| |
| ▲ | hsbauauvhabzb 10 hours ago | parent | prev [-] | | Any citation on this? I’ve never heard that. | | |
| ▲ | ddtaylor 9 hours ago | parent | next [-] | | 47 CFR Part 2 and Part 15 FCC devices are certified / allowed to use a spectrum, but you must maintain compliance. If you're a mobile phone manufacturer you have to be certain that if a bug occurs, the devices don't start becoming wifi jammers or anything like that. This means you need to be able to push firmware updates over the air (OTA). These must be signed to avoid just anyone to push out such an OTA. The government has a history of compelling companies to push out signed updates. | |
| ▲ | Bender 10 hours ago | parent | prev [-] | | There are hobbyist groups that tinker with these things. They are just as lazy as me and do not publish much. One has to find and participate in their semi-private .onion forums. Not my cup of tea. Most of it goes over my head and requires special hardware I am not interested in tinkering with. |
|
|
|
| |
| ▲ | giancarlostoro 6 hours ago | parent | prev | next [-] | | I could have sworn Signal adopted usernames sometime back, but in my eyes its a little too late. | |
| ▲ | gosub100 11 hours ago | parent | prev [-] | | Suppose they didn't require that. Wouldn't that open themselves up to DDoS? An angry nation or ransom-seeker could direct bots to create accounts and stuff them with noise. | | |
| ▲ | OhMeadhbh 10 hours ago | parent | next [-] | | I think the deal is you marry the strong crypto with a human mediated security process which provides high confidence the message sender maps to the human you think they are. And even if they are, they could be a narc. Nothing in strong crypto prevents narcs in whom ill-advised trust has been granted from copying messages they're getting over the encrypted channel and forwarding them to the man. And even then, a trusted participant could not understand they're not supposed to give their private keys out or could be rubber-hosed into revealing their key pin. All sorts of ways to subvert "secure" messaging besides breaking the crypto. I guess what I'm saying is "Strong cryptography is required, but not sufficient to ensure secure messaging." | |
| ▲ | direwolf20 7 hours ago | parent | prev | next [-] | | Yes. Cheap–identity systems such as Session and SimpleX are trivially vulnerable to this, and your only defence is to not give out your address as they are unguessable. If you have someone's address, you can spam them, and they can't stop it except by deleting the app or resetting to a new address and losing all their contacts. SimpleX does better than Session because the address used to add new contacts is different from the address used with any existing contact and is independently revocable. But if that address is out there, you can receive a full queue of spam contacts before you next open the SimpleX app. Both Session and SimpleX are trivially vulnerable to storage DoS as well. | |
| ▲ | ddtaylor 10 hours ago | parent | prev [-] | | There are a lot of solutions to denial of service attacks than to collect personal information. Plus, you know, you can always delete an account later? If what Signal says is true, then this amounts to a few records in their database which isn't cause for concern IMO |
|
|
|
| ▲ | charliebwrites 11 hours ago | parent | prev | next [-] |
| The steps to trouble: - identify who owns the number - compel that person to give unlocked phone - government can read messages of _all_ people in group chat not just that person Corollary: Disappearing messages severely limits what can be read |
| |
| ▲ | SR2Z 11 hours ago | parent | next [-] | | Unless they compel people at gunpoint (which prevents the government from bringing a case), they will probably not have much luck with this. As soon as a user sets up a passcode or other lock on their phone, it is beyond the ability of even most parts of the US government to look inside. It's much more likely that the government convinces one member of the group chat to turn on the other members and give up their phone numbers. | | |
| ▲ | midasz 11 hours ago | parent | next [-] | | > which prevents the government from bringing a case Genuinely, from outside, it seems like your government doesn't give a damn on what they are and aren't allowed to do. | | |
| ▲ | ncallaway 8 hours ago | parent | next [-] | | Yes, but I’m not going to unlock my phone with a passcode, and unlike biometric unlock they have no way to force me to unlock my phone. The district courts will eventually back me up on this. Our country has fallen a long way, but the district courts have remained good, and my case is unlikely to be one that goes up to appellate courts, where things get much worse. There’s an important distinction: the government doesn’t care about what it is allowed to do, but it is still limited by what it is not capable of doing. It’s important to understand that they still do have many constraints they operate under, and that we need to find and exploit those constraints as much as possible while we fight them | | |
| ▲ | direwolf20 7 hours ago | parent [-] | | They are capable of putting you in prison until you unlock your phone, or simply executing you. | | |
| ▲ | tclancy 5 hours ago | parent | next [-] | | Feels like the latter would be counter-productive unless there's an app for that. | |
| ▲ | ncallaway 5 hours ago | parent | prev [-] | | They are, but again, district courts have been pretty good, and I would be out of jail in <30 days, unless my case goes up on appeal. And if I die in jail because I won’t unlock my phone: fuck ‘em, they’ll have to actually do it. I don’t plan on being killed by the regime, but I don’t think I would’ve survived as a German in Nazi Germany, either. I’m not putting my survival above everything else in the world. |
|
| |
| ▲ | dylan604 11 hours ago | parent | prev | next [-] | | Looks that way from the inside as well. | | |
| ▲ | nyc_data_geek 10 hours ago | parent [-] | | Yes and all of the credulous rubes still whinging about how they "can't imagine" how it's gotten this bad or how much worse it can get, or how "this is not who we are" at some point should no longer be taken as suckers in good faith, and at some point must rightly be viewed as either willfully complicit bad faith interlocuters, or useful idiots. | | |
| ▲ | dylan604 10 hours ago | parent [-] | | Learning about WWII in high school, I often wondered how the people allowed the Axis leaders gain power. Now I know. However, I feel we're worse for allowing it to happen because we were supposed to "never again". | | |
| ▲ | causalscience 10 hours ago | parent | next [-] | | Worse, I often wondered how some people collaborated. Now I know that many people would rather have a chunk of the population rounded up and killed than lose their job. | | |
| ▲ | nyc_data_geek 10 hours ago | parent [-] | | "Whoever can make you believe absurdities, can make you commit atrocities."
and
"It is difficult to get a man to understand something, when his salary depends on his not understanding it." etc, etc. So it goes |
| |
| ▲ | nyc_data_geek 10 hours ago | parent | prev | next [-] | | Agreed. To see "Never Again" morphed into "Never Again for me, Now Again for thee" has been one of the most heartwrenching, sleep depriving things I've witnessed since some deaths in my family. | |
| ▲ | Zak 10 hours ago | parent | prev [-] | | Watching it in real time, I still don't understand it. I could see how Trump won the first time around; Hillary Clinton was unpopular with most people outside of her party's leadership, but the second just seems insane. The kinds of things that would happen were obvious to me, and I am no expert. | | |
| ▲ | dylan604 10 hours ago | parent | next [-] | | Two party system. As many people didn't like Hillary, clearly there were a lot of people unhappy with Biden->Harris. When you don't like the current admin's direction and/or their party, there's only one other party to select. I think there were plenty of voters that truly did not believe this would be the result of that protest vote. | | |
| ▲ | mikkupikku 10 hours ago | parent | next [-] | | Protest votes are probably overstated, I think most of it comes down to people staying home. Everybody in America already knows what side they're on, and they either vote for that side or not at all. Virtually all political messaging is either trying to moralize your side or demoralize the other, to manipulate the relative ratios of who stays home on election day. | | |
| ▲ | dylan604 9 hours ago | parent [-] | | > I think most of it comes down to people staying home Obama was able to get people motivated. Neither Biden nor Harris had anywhere near that motivating ability. I don't know that the Dems have anyone as motivating as Obama line up. The Dems seem to be hoping that enough people will be repulsed by the current admin to show up. | | |
| ▲ | 7 hours ago | parent | next [-] | | [deleted] | |
| ▲ | mikkupikku 9 hours ago | parent | prev [-] | | Newsom is an extremely strong candidate. Vance has several critical vulnerabilities that can demoralize right wing voters if the election is handled properly, and the Republicans really don't have anybody else. Rubio maybe, but Rubio won't be able to get ahead of Vance. | | |
| ▲ | SV_BubbleTime 2 hours ago | parent | next [-] | | > Newsom is an extremely strong candidate. For what office? President? Do you live in California? | |
| ▲ | dylan604 9 hours ago | parent | prev [-] | | Trump had more than several critical vulns as well which did not dissuade voters. The electorate isn't as predictable as many try to make it sound | | |
| ▲ | mikkupikku 9 hours ago | parent [-] | | Trump was able to moralize his voters, despite his weaknesses, by using a kind of charisma that Vance utterly lacks. | | |
|
|
|
| |
| ▲ | Zak 9 hours ago | parent | prev [-] | | Prior to 2020, I usually voted for third parties so I do understand that kind of thinking. The danger Trump represented was not obvious until well after he took office; it seemed early on like congress and institutional norms would restrain him. To swing the popular vote in the 2024 election, almost all of the third party votes would have needed to go to Harris, so I don't think that's sufficient to explain it. By the end of his first term, the danger was hard to miss, and the attempt to remain in power after losing the election should have cemented it for everyone. I was unhappy with Biden and Harris. I voted for them in 2020 and 2024 anyway because I understood the alternative. | | |
| ▲ | dpkirchner 6 hours ago | parent | next [-] | | > The danger Trump represented was not obvious until well after he took office I don't get it, was there anything surprising about him after his inauguration? He sure sounded dangerous on the campaign trail. | | |
| ▲ | Zak 5 hours ago | parent [-] | | The norm in 2016 was that candidates didn't make a serious attempt to do the more outlandish things they talked about in their campaign. When they did, advisers would usually talk them into a saner version of it, or congress wouldn't allow it. |
| |
| ▲ | dylan604 8 hours ago | parent | prev [-] | | > The danger Trump represented was not obvious until well after he took office; I just do not understand this sentence at all. The writing was clearly on the wall. All of the Project 2025 conversations told us exactly what was going to happen. People claiming it was not obvious at best were not paying attention at all. For anyone paying attention, it was horrifying see the election results coming in. | | |
| ▲ | Zak 8 hours ago | parent [-] | | Project 2025 did not exist in 2016. We are in agreement about 2024. |
|
|
| |
| ▲ | mikkupikku 10 hours ago | parent | prev [-] | | Not the second time, the third time. Remember that Biden whooped Trump's ass once and could have whooped his ass a second time, but the donor class (career retards) got cold feet when they were forced to confront his senility, and instead of letting the election be one senile old man against another senile old man, they replaced Biden with the archetype of an HR bitch. I hope nobody thinks it a coincidence that the two times Trump won were the two times he was up against a woman. Americans don't want to vote for their mother-in-law, nor for the head of HR. And yes, that certainly is sexist, but it is what it is. I just pray they run Newsom this time. Despite his "being from California" handicap, I think he should be able to easily beat Vance by simply being a handsome white man with a white family. Vance is critically flawed and will demoralize much of the far right IFF his opponent doesn't share those same weaknesses. |
|
|
|
| |
| ▲ | ModernMech 10 hours ago | parent | prev | next [-] | | You have to remember that "the government" is not a monolith. Evidence goes before a judge who is (supposed to be) independent, and cases are tried in front of a jury of citizens. In the future that system may fall but for now it's working properly. Except for the Supreme Court... which is a giant wrench in the idea the system still works, but that doesn't mean a lower court judge won't jettison evidence obtained by gunpoint. | | |
| ▲ | cperciva 9 hours ago | parent | next [-] | | Evidence goes before a judge What evidence went before a judge prior to the two latest executions in Minneapolis? | | |
| ▲ | gruez 9 hours ago | parent [-] | | There's a pretty big difference between getting killed in an altercation with ICE, and executing someone just because they refuse to give up their password. | | |
| ▲ | direwolf20 7 hours ago | parent [-] | | Not really. ICE breaks into your home — remember they don't need a warrant for this. Demands to see your phone. It's locked. Holds a gun to your head and demands you unlock it. You refuse. Pulls the trigger. Does it really seem that far–fetched when compared to the other ICE murders? | | |
| ▲ | gruez 6 hours ago | parent [-] | | >Does it really seem that far–fetched when compared to the other ICE murders? No, not really, because in the two killings you can vaguely argue they felt threatened. Pointing a gun to someone's head and demanding the password isn't anywhere close to that. Don't get me wrong, the killings are an affront to civil liberties and should be condemned/prosecuted accordingly, but to think that ICE agents are going around and reenacting the opening scene from Inglorious Bastards shows that your worldview can't handle more nuance than "fascism? true/false". | | |
| ▲ | youarentrightjr 6 hours ago | parent [-] | | > but to think that ICE agents are going around and reenacting the opening scene from Inglorious Bastards shows that your worldview can't handle more nuance than "fascism? true/false". Precisely. There's no question that ICE is daily trampling civil liberties (esp 4th amendment). But in both killings there is a reasonable interpretation that they feared for their lives. Now should they have is another question. With better training, a 6v1 < 5ft engagement can easily disarm anyone with anything less than a suicide vest. But still, we aren't at the "run around and headshot dissenters" phase. | | |
| ▲ | worthless-trash 4 hours ago | parent | next [-] | | The old 'shoot em in the leg' defense. | |
| ▲ | direwolf20 6 hours ago | parent | prev [-] | | > there is a reasonable interpretation that they feared for their lives ... Did you watch the videos from multiple people filming? | | |
| ▲ | youarentrightjr 6 hours ago | parent | next [-] | | > ... Did you watch the videos from multiple people filming? Yeah, did you? Any more substantive discourse you'd like to add to the conversation? To be clear about the word "reasonable" in my comment, it's similar to the usage of the very same word in the phrase "beyond a reasonable doubt". The agents involved in the shootings aren't claiming that: - the driver telepathically communicated their ill intent - they saw Pretti transform into a Satan spawn and knew they had to put him down They claim (unsurprisingly, to protect themselves) that they feared for their life because either a car was driving at them or they thought Pretti had another firearm. These are reasonable fears, that a reasonable person has. That doesn't mean the agents involved are without blame. In fact, especially in Pretti's case, they constructed a pretext to began engagement with him (given that he was simply exercising his 1st amendment right just prior). But once in the situation, a reasonable person could have feared for their lives. | | |
| ▲ | defrost 4 hours ago | parent [-] | | > once in the situation, a reasonable person could have feared for their lives. Sure, all things being equal, a person on the Clapham omnibus, yada, yada. However, specifically in this situation it is very frequently not "median people" in the mix, it is LEO-phillic wannabe (or ex) soldier types that are often exchanging encrypted chat messages about "owning the libs", "goddamn <insert ethic slur>'s" and exchange grooming notes on provoking "officer-induced jeopardy" .. how to escalate a situation into what passes for "justified homicide" or least a chance to put the boot in. Those countries that investigate and prosecute shootings by LEO's often find such things at the root of wrongful deaths. | | |
| |
| ▲ | avcloudy 4 hours ago | parent | prev [-] | | [flagged] |
|
|
|
|
|
| |
| ▲ | short_sells_poo 9 hours ago | parent | prev [-] | | The courts may (still) be independent, but it feels like they are pointless because the government just wholesale ignores them anyway. If the executive branch doesn't enforce, or selectively enforces court judgements, you may as well shutter the courts. |
| |
| ▲ | mothballed 10 hours ago | parent | prev [-] | | They haven't for a long time, just that most of the time they were doing things we thought was for good (EPA, civil rights act, controlled substance act, etc) and we thereby entered a post-constitutional world to let that stuff slide by despite the 10th amendment limiting the federal powers to enumerated powers. Eventually we got used to letting the feds slide on all the good things to the point everything was just operating on slick ice, and people like Trump just pushed it to the next logical step which is to also use the post-constitutional world to his own personal advantage and for gross tyranny against the populace. | | |
| |
| ▲ | heavyset_go 3 hours ago | parent | prev | next [-] | | They'll just threaten to throw the book at you if you don't unlock your phone, and if you aren't rich, your lawyer will tell you to take the plea deal they offer because it beats sitting in prison until you die. | |
| ▲ | mrWiz 10 hours ago | parent | prev | next [-] | | All they have to do is pretend to be a concerned neighbor who wants to help give mutual aid and hope that someone in the group chat takes the bait and adds them in. No further convincing is needed. | | | |
| ▲ | OneDeuxTriSeiGo 10 hours ago | parent | prev | next [-] | | If you aren't saving people's phone numbers in your own contacts, signal isn't storing them in group chats (and even if you are, it doesn't say which number, just that you have a contact with them). Signal doesn't share numbers by default and hasn't for a few years now. And you can toggle a setting to remove your number from contact discovery/lookup entirely if you are so inclined. | |
| ▲ | thewebguyd 10 hours ago | parent | prev | next [-] | | > it is beyond the ability of even most parts of the US government to look inside. I'm sure the Israeli spyware companies can help with that. Although then they'd have to start burning their zero days to just go after protestors, which I doubt they're willing to do. I imagine they like to save those for bigger targets. | | | |
| ▲ | xmcp123 10 hours ago | parent | prev | next [-] | | There are multiple companies that can get different amounts of information off of locked phones including iPhones, and they work with LE. I’m also curious what they could get off of cloud backups. Thinking in terms of auth, keys, etc. For SMS it’s almost as good as phone access, but I am not sure for apps. | |
| ▲ | hedayet 11 hours ago | parent | prev | next [-] | | or convince one member of a group chat to show their group chat... | |
| ▲ | ddtaylor 10 hours ago | parent | prev | next [-] | | I'm confident the people executing non-complaint people in the street would be capable of compelling a citizen. | |
| ▲ | neves 11 hours ago | parent | prev | next [-] | | Or just let the guy to enter the country after unlocking her phone. | |
| ▲ | pixl97 11 hours ago | parent | prev | next [-] | | https://xkcd.com/538/ | | |
| ▲ | janalsncm 10 hours ago | parent | next [-] | | This is accurate, but the important point is that threatening people with wrenches isn’t scalable in the way mass surveillance is. The problem with mass surveillance is the “mass” part: warrantless fishing expeditions. | | |
| ▲ | OhMeadhbh 10 hours ago | parent [-] | | hunh. we haven't even started talking about stingray, tracking radios and so forth. |
| |
| ▲ | fruitworks 10 hours ago | parent | prev [-] | | it is difficult to wrench someone when you do not know who they are | | |
| ▲ | heavyset_go 3 hours ago | parent | next [-] | | Someone knows who they are and they can bash different skulls until one of them gives them what they're looking for. | | | |
| ▲ | pixl97 9 hours ago | parent | prev [-] | | I mean they have a lot of tools to figure out who you are if they catch you at a rally or something like that. Cameras and facial identification, cell phone location tracking and more. What they also want is the list of people you're coordinating with that aren't there. |
|
| |
| ▲ | XorNot 6 hours ago | parent | prev [-] | | Which is just a redux of what I find myself saying constantly: privacy usually isn't even the problem. The problem is the people kicking in your door. If you're willing to kick in doors to suppress legal rights, then having accurate information isn't necessary at all. If your resistance plan is to chat about stuff privately, then by definition you're also not doing much resisting to you know, the door kicking. |
| |
| ▲ | mrWiz 11 hours ago | parent | prev | next [-] | | It's even easier than that. They're simply asking on neighborhood Facebook (and other services too, I assume) groups to be added to mutual aid Signal groups and hoping that somebody will add them without bothering to vet them first. | |
| ▲ | OhMeadhbh 10 hours ago | parent | prev | next [-] | | I think disappearing messages only works if you activate it on your local device. And if the man compromises someone without everyone else knowing, they get all messages after that. But yes... it does limit what can be read. My point is it's not perfect. | | | |
| ▲ | Bender 10 hours ago | parent | prev [-] | | compel that person to give unlocked phone Celebrite or just JTAG over bluetooth or USB. It's always been a thing but legally they are not supposed to use it. Of course laws after the NSA debacle are always followed. Pinky promise. |
|
|
| ▲ | tptacek 11 hours ago | parent | prev | next [-] |
| Presumably this is data taken from interdicted phones of people in the groups, not, like, a traffic-analytic attack on Signal itself. |
| |
| ▲ | plorg 9 hours ago | parent | next [-] | | It appears to be primarily getting agents into the chats. To me the questionable conduct is their NPSM-7-adjacent redefining of legal political categories and activities as "terrorists/-ism" for the purpose of legal harassment or worse. Whether that is technically legal or not it should be outrageous to the public. | |
| ▲ | tucnak 11 hours ago | parent | prev [-] | | I wonder whether the protesters could opt for offshore alternatives that don't require exposing their phone number to a company that could be compelled to reveal it by US law. For example, there is Threema[1], a Swiss option priced at 5 euros one-time. It is interesting on Android as you can pay anonymously[2], therefore it doesn't depend on Google Play and its services (they offer Threema Push services of their own.) If your threat model includes traffic analysis, likely none of it would make much difference as far as US state-side sigint product line is concerned, but with Threema a determined party might as well get a chance! Arguably, the US protest organisers must be prepared for the situation to escalate, and adjust their security model accordingly: GrapheneOS, Mullvad subscription with DAITA countermeasures, Threema for Android, pay for everything with Monero? [1] https://threema.com/ [2] https://shop.threema.ch/en | | |
| ▲ | OneDeuxTriSeiGo 10 hours ago | parent | next [-] | | It's worth noting that the way Signal's architecture is set up, Signal the organisation doesn't have access to users' phone numbers. They technically have logs from when verification happens (as that goes through an SMS verification service) but that just documents that you have an account/when you registered. And it's unclear whether those records are available anymore since no warrants have been issued since they moved to the new username system. And the actual profile and contact discovery infra is all designed to be actively hostile to snooping on identifiable information even with hardware access (requiring compromise of secure enclaves + multiple levels of obfuscation and cryptographic anti-extraction techniques on top). | | |
| ▲ | tucnak 10 hours ago | parent [-] | | Perhaps you're right that they couldn't be compelled by law to reveal it, then! However, I can still find people on Signal using their phone number, by design. If they can do that, surely there is sufficient information, and appropriate means, for US state-side signals intelligence to do so, too. I don't think Signal self-hosts their infrastructure, so it wouldn't be much of a challenge considering it's a priority target. Now, whether FBI and friends would be determined to use PII obtained in this way to that end—is a point of contention, but why take the chance? Better yet, don't expose your PII to third parties in the first place. | | |
| ▲ | OneDeuxTriSeiGo 9 hours ago | parent [-] | | Yeah it should be technically feasible to do "eventually" but it's non trivial. I linked a bunch of their blogs on how they harden contact discovery, etc. And of course you can turn contact discovery off entirely in the settings. Settings > Privacy > Phone Number > Who can find me by number > Nobody https://news.ycombinator.com/item?id=46786794 |
|
| |
| ▲ | chocolatkey 11 hours ago | parent | prev [-] | | Note that Threema has had a recent change in ownership to a German investment firm. Supposedly nothing will change but I can’t help but be wary | | |
| ▲ | dylan604 10 hours ago | parent [-] | | Just being owned by an offshore company doesn't mean that they still can't be infiltrated. But as you pointed out, just because Company A creates an app does not mean that Company B can't come in later to take control. | | |
| ▲ | tucnak 10 hours ago | parent [-] | | The alarming extent of US-affiliated signals intelligence collection is well-documented, but in the case of Threema it's largely inconsequential; you can still purchase the license for it anonymously, optionally build from source, and actively resist traffic analysis when using it. That is to say: it allows a determined party to largely remain anonymous even in the face of upstream provider's compromise. |
|
|
|
|
|
| ▲ | spankalee 13 hours ago | parent | prev | next [-] |
| I don't think it's much of a problem at all. Many of the protesters and observers are not hiding their identities, so finding their phone number isn't a problem. Even with content, coordinating legal activities isn't a problem either. |
| |
| ▲ | fusslo 13 hours ago | parent | next [-] | | I would never agree with you. protestors behaving legally or practicing civil disobedience can still have their lives ruined by people in power. https://www.phoenixnewtimes.com/news/arizona-supreme-court-s... | | |
| ▲ | scoofy 11 hours ago | parent | next [-] | | The literal point of civil disobedience is accepting that you may end up in jail: "Any man who breaks a law that conscience tells him is unjust and willingly accepts the penalty by staying in jail to arouse the conscience of the community on the injustice of the law is at that moment expressing the very highest respect for the law." -- Letter from the Birmingham Jail, MLK Jr: https://people.uncw.edu/schmidt/201Stuff/F14/B%20SophistSocr... | | |
| ▲ | jjk166 10 hours ago | parent | next [-] | | That's not the point of civil disobedience, it's an unfortunate side effect. You praise a martyr for their sacrifice, you deplore that the sacrifice was necessary. | | |
| ▲ | avcloudy 4 hours ago | parent [-] | | It's not that the point of breaking a law is that you go to jail, it's that breaking the law without any intention of going to jail isn't a sacrifice. 'Martyrs' who don't give anything up, who act without punishment aren't celebrated, they're just right. |
| |
| ▲ | estearum 11 hours ago | parent | prev | next [-] | | Yeah, that doesn't make it "not a problem." | | |
| ▲ | EA-3167 11 hours ago | parent [-] | | It makes it a problem that's inherently present for any act of civil disobedience, unless you truly believe that you can hide from the US government. I'm pretty sure that all of the technical workarounds in the world, all of the tradecraft, won't save you from the weakest link in your social network. That's life, if you can't take that heat stay out of the kitchen. It's also why elections are a much safer and more reliable way to enact change in your country than "direct action" is except under the most dire of circumstances. | | |
| ▲ | estearum 10 hours ago | parent [-] | | Sure? Can't tell what the point of this comment is. No one is arguing that people who practice civil disobedience can expect to be immune from government response. |
|
| |
| ▲ | mattnewton 6 hours ago | parent | prev | next [-] | | This works when protesting an unjust law with known penalties. King knew he would be arrested and had an approximate idea on the range of time he could be incarcerated for. I don't know if it's the same bargain when you are subjecting yourself to an actor that does not believe it is bound by the law. | | |
| ▲ | habinero 6 hours ago | parent [-] | | What? No, he didn't. The police went after peaceful civil rights protesters with clubs and dogs. They knew they could be badly hurt or killed and did it anyway. | | |
| ▲ | mattnewton an hour ago | parent [-] | | Oh, apologies, I'm not saying that King didn't risk considerable injury or death. I'm saying that I don't think he is talking about that in this particular passage. The passage gp quoted is about how accepting lawful penalties from an unjust law venerates and respects the rule of law. I think it's different with illegal "penalties" like being mauled by a dog or an extrajudicial killing. While those leaders of the civil rights movement faced those risks, I don't think King is asking people to martyr themselves in that passage, but to respect the law. In contrast to accepting punishments from unjust laws, I think there is no lawless unjust punishment you should accept. |
|
| |
| ▲ | mothballed 11 hours ago | parent | prev | next [-] | | If you let the government stomp on your constitutional rights and willingly go to jail on unconstitutional grounds, then that's not respect for the law. That's respect for injustice. Accepting jail over 1A protected protests only proves you're weak (not in the morally deficient way, just from a physical possibilities way) enough to be taken. No one thinks more highly of you or your 'respect for the law' for being caught and imprisoned in such case, though we might not think lesser of you, since we all understand it is often a suicide mission to resist it. | | |
| ▲ | scoofy 10 hours ago | parent | next [-] | | >If you let the government stomp on your constitutional rights and willingly go to jail on unconstitutional grounds, then that's not respect for the law. That's respect for injustice. My point is about civil disobedience, not disobedience generally. The point of civil disobedience is to bring attention to unjust laws by forcing people to deal with the fact they they are imprisoning people for doing something that doesn't actually deserve prison. Expecting to not end up in prison for engaging in civil disobedience misses the point. It's like when people go on a "hunger strike" by not eating solid foods. The point is self-sacrifice to build something better for others. https://www.kqed.org/arts/11557246/san-francisco-hunger-stri... If that's not what you're into -- and it's not something I'm into -- then I would suggest other forms of disobedience. Freedoms are rarely granted by asking for them. | | |
| ▲ | theossuary 9 hours ago | parent [-] | | Using your 1st, 2nd, and 4th amendment rights is considered civil disobedience at this point; keep up. | | |
| ▲ | scoofy 8 hours ago | parent [-] | | If your point is to ignore the history and political philosophy of civil disobedience because "times are different now," then just grab your gun and start your civil war already... because that's where you've concluded we're at. I'm not even really sure why I'm getting so much pushback here. I've thought this administration should have been impeached and removed within a week of the inauguration in 2017. I just am not sure where all this "why won't you admit that things are so bad, and shouldn't be this way" is helpful, when Trump was democratically elected. When you have a tyranny from a majority, the parallels to MLK are very clear, and you can't expect that change with come without sacrifice. Civil disobedience is only nice and easy when you're sect is already in power, which -- when we're talking about people who generally support liberal democracy -- it has been since probably the McCarthy Era. |
|
| |
| ▲ | Amezarak 10 hours ago | parent | prev [-] | | Materially impeding law enforcement operations, interfering with arrests, harassing or assault officers, and so forth is not 1A protected and is illegal. There’s lots of this going on and some of it is orchestrated in these chats. They may nevertheless be civil disobedience, maybe even for a just cause, but I have no problem with people still being arrested for this. You obviously cannot have a civil society where that is legally tolerated. It isn’t just people walking around holding signs or filming ICE. Can we please distinguish these cases? |
| |
| ▲ | peyton 11 hours ago | parent | prev | next [-] | | Importantly this definition references an individual’s conscience. Seditious conspiracy is another matter. Here is the statute: > If two or more persons in any State or Territory, or in any place subject to the jurisdiction of the United States, conspire to overthrow, put down, or to destroy by force the Government of the United States, or to levy war against them, or to oppose by force the authority thereof, or by force to prevent, hinder, or delay the execution of any law of the United States, or by force to seize, take, or possess any property of the United States contrary to the authority thereof, they shall each be fined under this title or imprisoned not more than twenty years, or both. A group chat coordinating use of force may be tough. | |
| ▲ | snarky_dog 11 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | ajross 11 hours ago | parent | prev | next [-] | | > protestors behaving legally or practicing civil disobedience can still have their lives ruined by people in power. They surely can. But the point was more than the people in power don't really need Signal metadata to do that. On the lists of security concerns modern protestors need to be worrying about, Signal really just isn't very high. | |
| ▲ | mrtesthah 13 hours ago | parent | prev [-] | | This is the price we pay to defend our rights. I would also expect any reasonable grand jury to reject such charges given how flagrantly the government has attempted to bias the public against protesters. |
| |
| ▲ | cyberge99 12 hours ago | parent | prev | next [-] | | How do you connect a strangers face to a phone number? Or does it require the ELITE app? | | | |
| ▲ | ruined 13 hours ago | parent | prev | next [-] | | conspiracy charges are a thing, and they'll only need a few examples of manifestly illegal interference. it will be quite easy for a prosecutor to charge lots of these people. it's been done for less, and even if the case is thrown out it can drag on for years and involve jail time before any conviction. | | |
| ▲ | spankalee 13 hours ago | parent | next [-] | | If they could arrest people for what they've been doing, they would have already arrested people. And they have arrested a few here and there for "assault" (things like daring to react when being shoved by an annoyed officer), but the thing that's really pissing DHS off is that the protesters and observers are not breaking the law. | | |
| ▲ | missingcolours 11 hours ago | parent | next [-] | | Remember that most of the participants in J6 walked away and were later rounded up and arrested across the country once the FBI had collected voluminous digital and surveillance evidence to support prosecution. | | |
| ▲ | spankalee 11 hours ago | parent | next [-] | | The J6 insurrectionists committed real crimes, and it's very good that they were rounded up, but afaiu most of the evidence had to do with them provably assaulting officers, damaging property, and breaking into a government building. Not that they messaged other people when they were legally demonstrating before the Capital invasion. The real protection for the legal protesters and observers in MN is numbers. They can't arrest and control and entire populace. | | |
| ▲ | missingcolours 11 hours ago | parent [-] | | People were also charged for coordinating and supporting J6 without being there, e.g. Enrique Tarrio of the "Proud Boys" was charged with seditious conspiracy based on activity in messaging apps. If people in these Signal chats were aware that people were using force to inhibit federal law enforcement, which some of the leaked training materials suggest is most likely true and easy to prove, and there are messages showing their support or coordination of those actions, I assume they could face the same charges. | | |
| ▲ | spankalee 10 hours ago | parent [-] | | They had a lot more than metadata on Enrique Tarrio. | | |
| ▲ | missingcolours 4 hours ago | parent [-] | | Right, usually law enforcement gets chat logs from a participant (search warrant for a phone, informants, undercover FBI agents, etc) and uses the metadata to connect messages to a real person's identity. |
|
|
| |
| ▲ | SR2Z 11 hours ago | parent | prev | next [-] | | Fortunately for us (or really unfortunately for us) most of the competent FBI agents have been fired or quit, with the new bar simply being loyalty to the president. The FBI is weak now compared to what it was even two years ago. | | |
| ▲ | mikkupikku 10 hours ago | parent [-] | | Most are probably just keeping their heads down, trying to wait out this administration. When you're in that kind of cushy career track, you'd have to be very dumb or very selfless to give it up. |
| |
| ▲ | direwolf20 11 hours ago | parent | prev [-] | | That was a different, Biden's, FBI | | |
| |
| ▲ | ruined 13 hours ago | parent | prev [-] | | one person walking away from a police encounter doesn't mean police think that person did not break the law. prosecutors may take their time and file charges at their leisure. | | |
| ▲ | JohnFen 12 hours ago | parent [-] | | That may be true in the abstract (although it doesn't matter if the cops think you're breaking the law. What matters is whether or not a judge does). However, neither Border patrol nor ICE have been exhibiting thoughtfulness or patience, so I doubt they're playing any such long game. |
|
| |
| ▲ | jjk166 9 hours ago | parent | prev [-] | | Conspiracy requires an agreement to commit an illegal act, and entering into that agreement must be intentional. |
| |
| ▲ | ls612 11 hours ago | parent | prev | next [-] | | Some of the signal messages I've seen screenshotted (granted screenshots can be altered) make it seem like the participants have access to some sort of ALPR data to track vehicles that they think are ICE. That would probably be an illegal use of that data if true. | | |
| ▲ | ceejayoz 10 hours ago | parent [-] | | > make it seem like the participants have access to some sort of ALPR data to track vehicles The whole reason cops love ALPR data is anyone's allowed to collect it, so they don't need a warrant. | | |
| ▲ | mikkupikku 10 hours ago | parent | next [-] | | The government falling victim to ALPR for once might actually be the push we need to get some reform. That said, they'll probably try to ban it for everybody but themselves. Never before have they had such comprehensive surveillance and I don't expect them to give it up easily. | |
| ▲ | ls612 9 hours ago | parent | prev [-] | | It’s probably illegal for a state law enforcement official (presumably) to share it with randos on the internet though. | | |
| ▲ | ceejayoz 9 hours ago | parent [-] | | I remember having to explain to you that the CFAA doesn't apply to German citizens in Germany committing acts against a German website, so I'll take that legal advice with a few Dead Seas worth of salt. Tow trucks have ALPR cameras to find repossessions. Plenty of private options for obtaining that sort of data; you can buy your own for a couple hundred bucks. https://linovision.com/products/2-mp-deepinview-anpr-box-wit... |
|
|
| |
| ▲ | Psillisp 13 hours ago | parent | prev [-] | | Government intimidation of the practice of constitutional rights... what ever could go wrong. | | |
| ▲ | spankalee 13 hours ago | parent | next [-] | | I was replying specifically to this: > This seems like a good example of that being enough metadata to be a big problem I was not saying it's not a problem that the feds are doing this, because that's not what I was replying to. | | |
| ▲ | Psillisp 13 hours ago | parent [-] | | You are going to need to clarify more. I have no idea what you are for. | | |
| |
| ▲ | refurb 4 hours ago | parent | prev [-] | | That seems like a weak argument. I mean, carrying a weapon is a 2nd amendment right, but if I bring it to a protest and then start intimidating people with it, the police going after me is not "Government intimidation of the practice of constitutional rights". Protesting is a constitution right, but if you break the law while protesting, you're fair game for prosecution. |
|
|
|
| ▲ | UncleOxidant 11 hours ago | parent | prev | next [-] |
| Was starting to think about setting up a neighborhood Signal group, but now thinking that maybe something like Briar might be safer... only problem is that Briar only works on Android which is going to exclude a lot of iPhone users. |
| |
| ▲ | bsimpson 9 hours ago | parent | next [-] | | I spent a dozen years in SF, where my friend circles routinely used Signal. It's my primary messaging app, including to family and childhood friends. I live in NY now. Just today, I got a message from a close friend who also did SF->NY "I'm deleting Signal to get more space on my phone, because nobody here uses it. Find me on WhatsApp or SMS." To a naïve audience, Signal can have a stigma "I don't do anything illegal, so why should I bother maintaining yet-another messenger whose core competency is private messaging?" Signal is reasonably mainstream, and there are still a lot of people who won't use it. I suspect you'll have an uphill battle using something even more obscure. | | |
| ▲ | not_a_bot_4sho 7 hours ago | parent [-] | | > Signal can have a stigma "I don't do anything illegal, so why should I bother ..." Aside: I see similar attitudes when I mention I use VPN all of the time |
| |
| ▲ | jaxefayo 10 hours ago | parent | prev | next [-] | | What about BitChat? | |
| ▲ | adolph 10 hours ago | parent | prev [-] | | Why wouldn't you just use random abandoned forums or web article message threads? Iirc this is what teenagers used to do when schools banned various social media but not devices. Just put the URL in a discrete qr code that only a person in the neighborhood could see. |
|
|
| ▲ | suriya-ganesh 11 hours ago | parent | prev | next [-] |
| but this is not a technical attack that returns the metadata. much more closer to the $5 wrench attack https://xkcd.com/538/ |
|
| ▲ | tehjoker 6 hours ago | parent | prev | next [-] |
| I highly recommend this book. It goes into who funds these things. https://www.amazon.com/Surveillance-Valley-Military-History-... |
|
| ▲ | 11 hours ago | parent | prev [-] |
| [deleted] |
