I came across a post today on Mastodon encouraging folks to use Signal and the comments today by Alexandre Oliva caught my attention. He’s suggesting Signal is pointless and creates the illusion of security/privacy because all phones are compromised at the factory. His second to last comment is below. You can check the link above to read the rest of his comments in the context of the thread.
Thoughts? This seems like one of those points being made just to stir the pot. I mean, I think I understand his point but is it helpful at all? People use these devices. His suggestion seems to be simply: DON’T. Or, if you do, don’t bother with security?
all phones ship from the factory already compromised, and under remote control by multiple parties, including universal backdoors to enable the controlling parties to further their control over them.
signal’s fundamental flaw is demanding users to start their use on such compromised devices. it all starts on a compromised foundation. regaining any security or privacy after that initial misstep, through which the remote controller of the device gains full access to your credentials and control over your account, is hard for me to believe. I’d be happy to be proven wrong, i.e., that if the user switches to another secure device afterwards, and terminate access from the compromised device, they can have assurance of exclusive control to their account from the secure device. but that’s hardly relevant since most people keep on using signal from compromised devices controlled by the enemy.
It’s just typical social media nonsense, you post something with no sources that’s going to make people mad/afraid and it gets pushed to everyone. Please don’t get info from social media, it’s full of idiots regurgitating misinfo to each other and feeding into each others’ mental illnesses. The exception is people who are like security researchers or developers for the software they’re talking about, but if the person is just a rando don’t bother.
As for the claim, no, phones are actually some of the most secure devices, especially iPhones and Google pixels. They use state-of-the-art hardware security like the Secure Enclave and the Titan security chip as well as isolation between hardware components via an IOMMU. Android and iOS enforce a sandbox for all software that runs and they have much lower attack surface than your typical desktop operating system. You’re safer on an iPhone or Google Pixel than on most other platforms out there.
This statement is one of those “Well, no, but you’re not exactly wrong” kind of things.
Does a stock smartphone track everything it can and try and convince you to give everything all the permissions? Sure. Can You do some basic things to limit (not stop, just limit) the extent of that? Of course.
A stock phone running some AI BS, AFAIK, still can’t screenshot and read Signal messages. But, that being said, phones are NOT easily made very secure, and even flashing a new OS may not result in 100% security.
People telling you Signal is pointless typically are so subsumed by big tech that they make excuses like this are what they say to like 99% of their lives in the Google/Meta/MS ecosystem. In the case of people like Oliva, some people are also so jaded and paranoid that nothing is ever good enough for them. It’s a level of fatalism that conspiracy folks get into where “They” do everything and any bad decisions aren’t their own fault. Securing privacy is hard work and sometimes people just give up.
the person who suggested “all phone are compromised at factory” needs to proof this bold statement.
Some phones are compromised at factory, thats true, we saw news about Chinese backdoors on some Chinese phones (Intentional as usual), Israeli backdoors on Samsung phones (IIRC, i doubt that is intentional though). but ALL? Thats a bold claim.
Vulns and bugs are inevitableand they are not backdoors, closed source hardware and software do not equal to spyware.
Phones running AOSP based OS is highly transparent, if someone wants to mitigate risks of built-in bloatware or malware, get a phone with custom rom support, slam it with a AOSP based custom rom.
Supply chain is a risk factor, car industry being the prime example, but it is not something can be achieved universally.
Privacy also isn’t black and white, and securing your chats from the server and network by using an e2ee chat is a big improvement.
Going to Signal also just makes moving to a better device later easier. Trying to install Whatsapp without Google Play might be a pain, while Signal just provides an APK.
And like others mentioned, I highly doubt that companies like Apple and Google would collect data on Signal.
I think it’s possible, but hunches are not evidence.
Think of it like this, someone is “Probably” always watching. Meaning, don’t put stuff on the internet, do searches or type stuff into any devices you don’t want known.
I have seen it said online somewhere, and I am paraphrasing: You are better served to think of your devices as on loan from your government.
I am not sure how deep the rabbit hole is, I personally am just going through the motions with this privacy stuff diligently and keeping certain thoughts and such off of anything digital.
Just my thoughts, I am very ignorant to technology.