The most obvious one that has been explained to death here is that Signal collects vast amounts of metadata. It’s also a centralized service that’s operated in the US, and it doesn’t even make reproducible builds for the Android client.
Where did you read that they are collecting vast amounts of metadata? Not challenging your claim just that I have been trying to find more info and came up empty. Signal says “we don’t collect analytics or telemetry data” but that’s about it.
You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.
I agree it’s a problem, but not for any of the reasons you listed. A phone number is not metadata, it’s just data. In order to request information associated with your phone number, they would have to know it already, because there’s no other identifier. In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the date you signed up and the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.
Phone numbers are metadata, and the fact that you don’t even understand this shows that you have no business making uninformed comments on this subject. Metadata is understood to be data that’s associated with messages being sent, but isn’t the content of the messages themselves.
In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.
One has to be an incredibly gullible individual to actually believe this. You have no way to audit the server, and security cannot be based on trust. If a company has a way to store and use the information it collects it has to be assumed that it is doing so. Signal is very obviously in a position to do this. Once the phone number is collected, it’s associated with your account. Any time you send a message through signal to another account that’s a connection in the graph of your social network.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US. If they have a person of interest and they know their identity, they can trivially use the metadata collected by Signal to see whom this person wants to have private conversations with.
Ignorant people such as yourself confidently speaking on subjects they don’t understand present a public danger to society.
Metadata is understood to be data that’s associated with messages being sent
That’s incorrect. Metadata is literally “data about the data”. There is not data associated with the phone number (data). The fact that you don’t even understand this shows that you have no business making uninformed comments on this subject.
One has to be an incredibly gullible individual to actually believe this.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
That’s incorrect. Metadata is literally “data about the data”.
Yes, the phone number is data about the user sending the message. Let me know if you need me to use smaller words to explain this to you.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
This has nothing to do with encryption. The phone number is being handed over by the user to the server. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Signal server has to keep a graph of connections between the accounts in order to route messages between them. The messages are not delivered peer to peer.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
No, my entire argument is based on basic security practices that anybody who’s ever dealt with security would understand. Please stop embarrassing yourself.
the phone number is data about the user sending the message
No it isn’t. If someone gets information associated with that phone number, they get it from somewhere else, not Signal. Let me know if you need me to use smaller words to explain this to you.
Signal server has to keep a graph of connections between the accounts in order to route messages between them.
No it doesn’t. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
No, my entire argument is based on basic security practices that anybody who’s ever dealt with security would understand.
If someone gets information associated with that phone number, they get it from somewhere else, not Signal.
Unless you’re in a position to audit what the Signal server does with that data, which you’re not, then you’re just spewing nonsense here. You do not know what the server does with the information it collects.
No it doesn’t. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
You are in no position to make that claim because you do not know what the server is doing with that data. The fact that you keep repeating this nonsense over and over isn’t going to make it true baby Goebbels.
No it isn’t. Please stop embarrassing yourself.
The fact that you don’t understand that security isn’t based on trust, clearly shows who’s actually embarrassing themselves.
In my book a phone number is not “vast amounts of metadata” but I see your point. Again, I have never seen someone describing Signal as a “paragon of privacy and security” 9usually it’s presented as an improvement over SMS) but if they do I will put on my Trilby and correct them.
It’s the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I’ve seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.
What’s funny is this is pretty out in the open, and ppl don’t realize it. When Yasha Levine criticized signal, the president of Radio Free Asia (a US government propaganda org), sent this out, openly pushing Signal to european internet freedom communities:
Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.
thank you for providing a concrete example of the nonsense I’m referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.
The most obvious one that has been explained to death here is that Signal collects vast amounts of metadata. It’s also a centralized service that’s operated in the US, and it doesn’t even make reproducible builds for the Android client.
Where did you read that they are collecting vast amounts of metadata? Not challenging your claim just that I have been trying to find more info and came up empty. Signal says “we don’t collect analytics or telemetry data” but that’s about it.
You need a phone number to sign up. Phone numbers are metadata that uniquely identifies people, and this data constitutes a network of connections. If this metadata is shared with the government, then it can be trivially correlated with all the other information collected about people.
I agree it’s a problem, but not for any of the reasons you listed. A phone number is not metadata, it’s just data. In order to request information associated with your phone number, they would have to know it already, because there’s no other identifier. In order to be metadata, there would have to be other information connected to that data, which there isn’t (in Signal), other than the date you signed up and the last time you connected to their server. They don’t know who you talk to or when, thus no network connections.
Phone numbers are metadata, and the fact that you don’t even understand this shows that you have no business making uninformed comments on this subject. Metadata is understood to be data that’s associated with messages being sent, but isn’t the content of the messages themselves.
One has to be an incredibly gullible individual to actually believe this. You have no way to audit the server, and security cannot be based on trust. If a company has a way to store and use the information it collects it has to be assumed that it is doing so. Signal is very obviously in a position to do this. Once the phone number is collected, it’s associated with your account. Any time you send a message through signal to another account that’s a connection in the graph of your social network.
Anybody with a functioning brain can understand that this graph is highly valuable to intelligence agencies in the US. If they have a person of interest and they know their identity, they can trivially use the metadata collected by Signal to see whom this person wants to have private conversations with.
Ignorant people such as yourself confidently speaking on subjects they don’t understand present a public danger to society.
That’s incorrect. Metadata is literally “data about the data”. There is not data associated with the phone number (data). The fact that you don’t even understand this shows that you have no business making uninformed comments on this subject.
No, one just needs a rudimentary understanding of how encryption works. Actually looking at the subpoenas sent from Signal is helpful, though.
Anybody who actually pays attention can see that there is no graph. A graph has interconnected points. There are no connections in Signal.
Your entire argument is based on wild hypotheticals and conspiracy theories and you have zero evidence of anything nefarious, or you would have provided it already.
Yes, the phone number is data about the user sending the message. Let me know if you need me to use smaller words to explain this to you.
This has nothing to do with encryption. The phone number is being handed over by the user to the server. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
Signal server has to keep a graph of connections between the accounts in order to route messages between them. The messages are not delivered peer to peer.
No, my entire argument is based on basic security practices that anybody who’s ever dealt with security would understand. Please stop embarrassing yourself.
No it isn’t. If someone gets information associated with that phone number, they get it from somewhere else, not Signal. Let me know if you need me to use smaller words to explain this to you.
No it doesn’t. You’re making it very clear that have absolutely no clue regarding the subject you’re attempting to debate here.
No it isn’t. Please stop embarrassing yourself.
Unless you’re in a position to audit what the Signal server does with that data, which you’re not, then you’re just spewing nonsense here. You do not know what the server does with the information it collects.
You are in no position to make that claim because you do not know what the server is doing with that data. The fact that you keep repeating this nonsense over and over isn’t going to make it true baby Goebbels.
The fact that you don’t understand that security isn’t based on trust, clearly shows who’s actually embarrassing themselves.
In my book a phone number is not “vast amounts of metadata” but I see your point. Again, I have never seen someone describing Signal as a “paragon of privacy and security” 9usually it’s presented as an improvement over SMS) but if they do I will put on my Trilby and correct them.
It’s the volumes of phone numbers collected collectively that constitute vast amounts of metadata. Meanwhile, I’ve seen plenty of people advocate using Signal as the best option for privacy. And any time there is a criticism of Signal then then brigades of people inexplicably appear to vigorously defend it.
What’s funny is this is pretty out in the open, and ppl don’t realize it. When Yasha Levine criticized signal, the president of Radio Free Asia (a US government propaganda org), sent this out, openly pushing Signal to european internet freedom communities:
And I remember you mentioned before, Meredith Whittaker, president of the Signal Foundation, holds interviews with US defense-department think tanks.
Because it is the gold standard, and recognized by many as much.
Allow me to explain: by making people feel unsafe using it, you are actually making them less safe.
thank you for providing a concrete example of the nonsense I’m referring to. The only ones who make people less safe are the ones who blindly advocate for a platform while ignoring real and tangible problems associated with it. Signal users are a cult.
Thank you for continuing to not put forward any sort of legitimate retort and responding only with insults instead. Super helpful.
What possible legitimate retort is there to give to some body using ad populum fallacy as a form of argument.