Does that mean that other apps like signal for example have back doors?
Do criminals have a knowledge of exploits in the recommended messaging apps?
The average criminal is no dumber or smarter than the average non-criminal. As such they’re every bit as subject to marketing ploys and mis/disinformation. so if their criminal buddies are using BaddieApp Pro, they probably will too. Or if they hear that Bill Gates is using the Signal app for mind control, there’s a good chance they’ll believe it.
You’re missing the #1 reason organized criminals prefer their own service. To have trusted staff who control everything — the servers, code development & deployment — whom can’t be ordered by a court to shut off access to individuals at any time, or provide metadata, eavesdrop, etc.
The weakest link with legal services like Signal is that they can be compelled by law enforcement, the judicial system, and government… That’s an enormous risk for any organized crime operation. Even a minimal amount of metadata collection can do a lot of damage, especially if it’s analyzed over months/years, and especially when performed by an advanced persistent threat actor like a nation state.
Theoretically signal only has your phone number and time of sign up which means theoretically it shouldn’t matter if the legal system asks them for information.
… theoretically. In practice if the NSA used a secret court order that banned them from talking about it and made them update the app to reveal plaintext for one particular person, I don’t see how they could get out of that (other than by breaking the law and risking jail).
I think the chances of that are very small though.
…that’s a terrifying but also plausible prospect. Guess it’s a reason not to use the published app and instead build it yourself.
There is legislation in Australia that allows precicely this. Then 5 eyes or Interpol or whatever for everyone else.
Yea and if a nation-state knows your phone number, they can track your exact whereabouts in real-time. Let’s not pretend like we know better than them about what information matters :)
I disagree, stupid self developed systems leak so much more, I think the number 1 reason is, surprise surprise, stupid people.
Also plenty of criminals and organized crime also use standard tools like telegram (which is way worse then signal)
That’s a very simplistic way of arguing or thinking about the issue. You are in fact not surrounded by idiots. Not everybody has expertise in your field (or the field you believe to be an expert in), so to you, it might seem obvious, but them, it’s not.
Ridiculing others for “omg that was so obvious” is a failure on your part to see the obvious: they have other shit going on. I’d like to see you become a successful drug lord, escape capture for decades, and be an expert in computing at the same time. It wouldn’t surprise me if you’d utterly fail at the drug lord part and make basic mistakes that a drug lord would call you an idiot for.
Look, no one needs to be an expert on everything, in the context of running a drug ring, being stupid means not having the roght experts for the right tasks.
If I was a drug lord I would start by hiring someone who has done it in the past.
If you approach cyber security with the mindset that it is simple and you don’t need an expert, then you are an idiot. Same as if you approached almost any subject with dire consequences if done poorly.
So yeah, if your “cyber security expert” is your computer guy who does everything, unless he is actually a cyber security expert, you are an idiot.
I think you’re both right. I think the non-stupid people with successful self-developed systems simply aren’t talked about, because they don’t get caught, because they’re not stupid.
I’ve definitely also thought about, if our government gets taken over by fascists, how do you organize a rebellion?
And yeah, Signal definitely has some weird fucking shit going on. As far as I’m aware, they don’t allow you to use their centralized servers, if you don’t use their provided build of the app. They don’t seem to have a mechanism to enforce that, so you could still use a self-compiled build, but if all your friends are on a compromised client, you can’t talk to anyone anyways.
Well, and then there’s also the great stupidity that Signal requires a phone number. In my country, you can’t sign up to a mobile phone plan without revealing your full identity. If the fascist government realizes that I’m part of the rebellion, they can make my phone number disappear in unfortunate circumstances.
So, yeah, I’d at least want to self-host the communication platform. I’d probably use an existing open-source solution, but would try to audit at least part of it…
Just use a XMPP client, instead of signal
And talk with the dozens of people on it.
Could say the same on lemmy, a decentralized social network. But i guess a decentralized protocol for instant messaging is a no no for you
Pretty sure Signal supports usernames now.
I thought I heard so, too, but when I tried to research it, all that came up is that you can publicly hide your phone number and instead give people your username, but you still need the phone number for sign-up. I really do not know, though, if search engines are failing me again…
That’s correct, you still need a phone number for sign up. between contacts you can use usernames.
So Signal has your phone number, your contacts only have it if you use your number instead ofgiving them a username.
