I can’t understand all of what’s mentioned here in that I’m not 100% sure of what I’m understanding is even right.
Folks who know more and are technically adept, please share your views and commentary on this for the teach savvy and the average person to understand it right and for a balanced take away.
I found this here:
I can’t comment on the technicalities, but he is basically saying Signal *could * retrace who you are talking to using traffic analysis of messages sending.
That’s really not news, and neither is it a reason not to trust Signal. It’s pretty mild. This means AWS could technically retrace which IPs are communicating with each other. This would instantaneously ruin their reputation as a cloud provider. Maybe LE could get access to AWS servers, but again this would likely be a card they use very sparcely.
This article, as far as I am concerned, is doing what we dutch call “kicking in an open door”. I don’t know anyone who believed that Signal couldn’t see who is messaging whom with ip analyses, thats rather obvious.
Sealed sender is just another layer they made to make it harder, not impossible. Signal was never going to be the end all be all of anonymous messengers., what it is however, is a very good tool that provides normal people an end to end encrypted open source messenger, hosted by a non profit whoes business model does not depend on collecting and selling your data. Sure a Briar or Simplex might be better, but youre 80 year old uncle jerry is never going to use those, and signal is already a hell of an improvement over whatsapp or god forbid, facebook messenger.
Is it still better though, with all the crypto and NFT stuff they’re getting into?
–
But otherwise I take it there’s nothing to “worry” or worry about and that this is mostly non news?
Currently, yes if you ask me.
And yes, this is mostly non news, just a person stating the obvious after looking at sealed sender implementation.
Signal can , with some effort, do an analyses of who is talking with whom. If anything, we should praise them that they are trying to innovate, even when the results are not perfect. But we have no reason to believe they are doing it right now, and its a big improvement over a lot of other big tech option which a lot of people currently use. Lets not do what the privacy and security community always does, and make perfect be the enemy of good.
I mean, even ISPs and governments can do analogous things even when folks use VPNs (hence we have DAITA from Mullvad as a mitigating feature).
But got it, thank you!
From a US legal perspective I think it’s important to also note that (at least so far) US courts have agreed that the government cannot force a company to put in “some effort.”
Signal can be required to turn over information they already collect. Many Signal protections like sealed sender are built around this and we see they are effective in the real world even if not technically 100% foolproof.
I think people forget that in the grand scheme of things the “problems” with most privacy tools are irrelevant when you take into account that most people are using things like Windows, WhatsApp, and Gmail.
So from what i get it they actually don’t know, but with significant effort might could get to know.
Also why are we discussing an article from 2023?