I don't agree with this. Encryption is a feature of Signal, but it's not the only reason to use it. The bigger reason to use it is that it is independent from Meta, so you can use it without having Facebook track you.
I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does, and even if, there is no way to know that the recipients are as careful as you are. If there is something I don't want others to find out, I just don't write it down. No encryption is fool proof.
I agree, and that's a major part of why I use Signal, but I just want to say that most of my friends (and even family) use Signal, so at this point it's also a network effect for me.
Also, is SMS even that secure anyway? There are security attacks surrounding SMS (hence why SMS is looked down as an OTP method from security standpoint).
Is that a joke? Any data that is stored about you can be used against you.
We know that Meta tracks everything you do in a pretty invasive manner. We know they use this data to target ads, and while they claim not to share data with advertisers, we do know that people have figured out ways to leak some of that data.
Since they share data with a lot of 3rd party tracking companies, we would have to trust all of them to keep our data safe. It is highly likely that some of these companies employ malicious actors.
Now, maybe you think you have nothing to hide. But the political landscape changes all the time, and things that were legal one day might be criminalised the next day, or some terrorist organisation gets a hand on your data and figures that you are an enemy of their god for some reason, ...
The only way to protect against these things is to not store the data in the first place.
Ok, a specific example: by a weird twist of fate, my country outlawed abortion (in most cases). Currently it's easy for affected women to travel somewhere and get help. Some people don't like it. With widespread tracking, it will be possible to target and punish women for breaking the law by getting abortion.
I worry about future use of my data. If it’s not e2e encrypted, future despots (or, less extreme, insurance companies, which tend to be only slightly less evil than despots anyway) can mine it (with not very good AI) to see if I am a good servant to the state , even though my remarks might be from 15 years ago and not related.
In Austria there was a case where protestors were jailed for months because mobile phone records placed them close to a house that burned down. Only after the trial showed that the house burned down because of an electrical fault the day before the case was thrown out. But the people's life was ruined already -- being put in jail for no reason fucks you up.
Western democracy doesn't help much when a higher up wants to get you.
And then there are all the crazy bastards beating up people for their religion or their sexual orientation. It's been shown that Facebook leaks some personal data to advertisers with carefully crafted campaigns.
And if that doesn't worry you, there's also all the fraud that is spread via Facebook ads: "Better Ads" means "More convincing cons". Con men use ad targeting to deliver exactly the kind of fraud you are most likely to fall for. A relative of mine fell for a finance scam -- it seemed perfectly legit, and thanks to Facebooks accurate targeting the campaign was delivered exactly to the right person that would fall for it.
When I need to buy something I look for research, reviews, competition, people who actually used the thing for some time and comment on the thing's weaknesses.
I want to control when I start being interested in something, and when I stop also.
When I need to buy something I need knowledge (weaknesses) and control. Advertisements are exactly the opposite of that.
Companies harvesting the data and using it to build extremely correct psychological profiles, which will then be used to successfully manipulate election results.
This isn’t about rigging elections. Nobody thought the 2016 election was rigged. What happened was hyper specific advertising profiles for voters, generated from all the info on Facebook, were used to customize person-specific political campaigns. If you were in a key swing district, you would’ve got nonstop ads for Trump that told you he was going to do X, Y, and Z, where those happened to be the exact three political issues you cared most about. It is widely believed in political science circles to have been what led to the surprise Trump victory.
This isn’t rigging an election because real votes were cast and counted. However is it still a fair election if the electorate doesn’t have access to sufficient information so as to make an informed choice? That is the issue at stake here.
I’d like to add that it is not just about governments (democratic or otherwise). Large corporations wield disproportionate powers, in comparison with individuals, and may have a presence across countries and continents. Even if they don’t use the data directly, they may pass it to some other entity. I’m not comfortable with the idea that anything I read or write today may be made available one day to my current or future employer, customers, providers etc. ...
In a way I have already internalized this idea. These days every time I use an electronic device I behave as if an unintended recipient was peeking above my shoulder. So my behavior isn’t as free is it was, say, in the 90s, before networked communication was so ubiquitous.
I remind you Turings fate by his own government for being gay not 60 years ago. Today being gay or straight is a non issue in most countries, and Turing life would have been different.
My take is the following: we have governments because we tolerate them. Constitutions are nothing more than a social agreement, and they could be torn apart and remade at any point in time.
Politicians are our employees - we hire them, we pay them, we can fire them. Sadly in the past 80 years we have started seeing them as our saviors and forgot their power emanates from us.
I don’t want my employee (the government) telling me what to do and tracking me. It’s irrelevant whether I have or not something to hide.
The OP, and that’s how it started, said he switched to signal due to “data harvesters” like Meta.
I feel like the conversation here diverged from that to something different.
PS: I absolutely follow the logic of restricting politicians. Unfortunately these people are versed with power and how to use it. Otherwise they would have not ended at the top…
1. This is default expectation (to have privacy, to have doors)
2. If you go abstract, it’s not too useful (its good to have of control of information sharing/ it’s good having control who access your house)
3. It seems impractical to go into details, due to very many different scenarios, details, expectations.
Take a set of different “motivations” (incompetence+personal gain+for terror+for ideology push), multiply it by types of actors (phone manufacturer, government, enemy state, criminals), mix in the possibility that law and approach can be changed/ expanded, while keeping in mind that motivations and actors will change year to year. (One thing when such tool is available for consertive gov., other thing when such tool is available for extreeme right/left gov.)
Parallels do diverge eventually, with door if somebody breaks it you most probably can see it immediately. While negative effects of privacy breach can take years to surface.
For me it’s a very bad analogy avoiding to give an answer.
Doors and how they’re used is highly cultural and has evolved. There’s nothing “fundamental” you can derive from your mental model of today.
Same goes with bike locks and the like. I used to live in a student town where people simply never locked their bikes. It was a custom of that time and place.
Well, nothing interesting can happen in short-term, but not sure about long-term given how much surveillance is being built under our noses.
Currently, only issue I face is, due to unlimited text/calls benefit in Germany, I also receive a lot of scam/phishing sms or random sales sms about some random agency offering digital marketing, webdev, wordpress etc irrelevant service unsolicited. I noticed that, somehow when such sms arrives, I am very proactive in immediately blocking those numbers, but may be by evening, I start seeing adverts all around the web creepily related to those same sms(mostly different vendors but related business area).
Thanks to the garbage that LLM is, now I suspect Google SMS as well as other Android based sms apps are also scanned and profiled to feed to advertisers, which I can't prove but my experience above is definitely not the Frequency Fallacy.
Rich messaging with images and videos is not universally available without signal or WhatsApp etc... And it's very easy (at least here in the UK) to end up sending an mms message which still costs an arm and a leg.
Interesting. In the USA at least MMS is zero cost on every plan I’m aware of, and the user experience of Signal is pretty much the same as MMS on iOS. Usually the rest of the world is ahead of North America on these sorts of things, so I thought the era of being charged for a SMS/MMS was behind us.
> there is no way to verify that it works in the way that it does
Since we're specifically talking about Signal, I think that it's worth mentioning that Signal is uniquely predictable here. They published their entire cryptosystem, it's been extensively inspected by the cryptography community, there are multiple open-source implementations that agree with the published mathematics, and I strongly suspect that more than a few people have sat down to verify that the bytes coming out of the app are actually produced by the published protocols. Claiming that that's not "working the way it does" is reaching out into territory along the lines of Trusting Trust, the unproven existence of trapdoor functions, and the Problem of Induction.
No. Signal locks not not just third party software but also builds of their own "open source" code via timebombed forced updates. It's somewhat impractical to use signal except via blinding accepting updates from them.
As a result every signal user is sadly quite vulnerable to getting pushed a bad update, particular since app store policy changed to require the app store itself being able to sign updates.
Signal could mitigate this by allowing third party clients and/or not timebombing support.
Right. There is no way for me to verify that the Signal app isn't actually a trojan created by a US agency with a clever marketing team. It sounds far fetched, but it wouldn't be the first secure messenger that was later revealed to be a covert spying device.
I still use the app, because I trust Signal more than Facebook, but the encryption isn't why I trust them.
> I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does
Totally. Not everyone is a cryptographer to review the code and ensure the app they're downloading is what was compiled by the aforementioned vetted code. That's what F-Droid and cybersecurity audits attempt to solve (and Apple's vetting process, though I think their mandatory $100/yr developer license is what drives malware off the platform).
The one reason to use Signal is privacy, and its replacement of Meta apps is under that umbrella.
I use iCloud Keychain for passwords. It's a trade-off between security and convenience.
Passwords aren't as critical in my opinion, because I can always change them. Sure, it would suck if someone broke into my hosting account or my bank account, but I could probably fix it somehow. I was more thinking about secrets that I don't want people to find out, because there is no way to make people forget something they learned about me that I wanted to hide.
Some secrets are worthless without communications. Think of the poor extortionists. They took a compromising pictures, they would have to sent it via mail without proper encryption. How retrograde.
I’m joking around but I did get your point. I just think secrets cannot be categorised simply in “stuff I don’t want anyone ever to learn about” (why would someone use signal for that though) and “stuff I don’t care if anyone learns about”. 99% of the information I send over signal is actually neither, it’s in-between. I don’t want the whole world to see pictures and names of my family. I do want other members of my family to have them. Hence I use Signal for this, because I trust them most (or I distrust them least, depending on the point of view).
I agree. What I was trying to say was that encryption was not the most important part for me. Facebook or Twitter DMs would be secure enough for family photos in my opinion, if they didn't use invasive ad tracking. The fact that Signal is independent is why I use it, not because of superior encryption.
Being independent means little to me. FBI can swoop in and take all the drives based on some vague suspicions. They can be hacked. They could decide to start selling my data tomorrow.
End it end encryption make me worry less about this. I’m not a very trustful person simply put.
But I agree that everyone need to evaluate their convenience vs. risk ratio individually. I use VPNs, I wouldn’t dare to ask my family to do the same, it’s highly inconvenient.
I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does, and even if, there is no way to know that the recipients are as careful as you are. If there is something I don't want others to find out, I just don't write it down. No encryption is fool proof.