GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 02:38:01 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:

    #Signal #Lifehack. When you register as new user, Signal asks you to provide "a" phone number where it can send a confirmation code to finalise the setup.

    Know that it asks for "a" phone number that can receive messages. It doesn't have to be YOUR phone number. This is not a new feature, it has always been like that. I registered my Signal account using the phone number of a prepaid SIM in a cheap burner phone. I have never used that number since.

    In conversation about 4 months ago from social.wildeboer.net permalink
    • alcinnz, carl marks and Christine Lemmer-Webber and 2 others repeated this.
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 02:46:16 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to

      The only thing Signal stores about you is

      - When did you register your account (UNIX timestamp)
      - When was the last time your account contacted a Signal server (UNIX Timestamp)

      That's it. That's all Signal can produce about you when they are forced to by authorities. There is no history, no call log, no data beyond that.

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 02:54:23 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Martin

      @martin I guess you have never used Signal? That's not how any of this works. Even if you get my phone number, you cannot take over my account. And even if you can create a new account with that number and somehow would know my contacts and send them messages, they will show up as a new contact and a big warning that the security code has changed.

      In conversation about 4 months ago permalink
    • Embed this notice
      Martin (martin@social.mdosch.de)'s status on Sunday, 26-Jan-2025 02:54:24 JST Martin Martin
      in reply to
      @jwildeboer@social.wildeboer.net
      Will this block from reregistering that number? Otherwise there is a chance that someone gets that number and 'steals' your account. I know of cases where this happened to WhatsApp users who did not change their WhatsApp number after getting a new phone number.
      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 03:01:24 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Arjen Haayman

      @haayman When you register with Signal, you can allow it to have access to your contacts. It will then create hashes of your contacts based on their phone number. These hashes do not allow to trace back said phone number. Now if one of your contacts registers with signal, his phone number will be hashed again and a match will occur. Thus Signal can now tell you that one of your contacts is also using Signal.

      In conversation about 4 months ago permalink
    • Embed this notice
      Arjen Haayman (haayman@todon.nl)'s status on Sunday, 26-Jan-2025 03:01:26 JST Arjen Haayman Arjen Haayman
      in reply to

      @jwildeboer how then is it possible Signal can message me one of my contacts has a Signal account now? I don't assume every new account is broadcast all over the world so every phone can check their contact list?

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 03:06:24 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Martin

      @martin No. My signal account won't be disabled when the phone number used for registering gets disabled or reused. Proof: my Signal works since years on currently three devices with completely different phone numbers and the original number has been disabled around 5 years ago.

      In conversation about 4 months ago permalink
    • Embed this notice
      Martin (martin@social.mdosch.de)'s status on Sunday, 26-Jan-2025 03:06:26 JST Martin Martin
      in reply to
      @jwildeboer@social.wildeboer.net
      I have used Signal but that was many years ago.
      That's not what I meant. I meant if the provider gives me the number you use for signal your account will be disabled as I am now e.g. +491710000000 and register with signal. So I won't get your contacts but your account is gone and you need to register with another number and tell this new number to your contacts out of band. So you lose your account .
      In conversation about 4 months ago permalink
    • Embed this notice
      BeauBoboBonobo (beaubobobonobo@mastodon.social)'s status on Sunday, 26-Jan-2025 03:09:11 JST BeauBoboBonobo BeauBoboBonobo
      in reply to

      @jwildeboer
      Thank you for this moment of laughter.

      That's why the French authorities have arrested one of the founders of Signal...

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 03:09:11 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • BeauBoboBonobo

      @BeauBoboBonobo The French authorities arrested one of the founders from *Telegram*, not Signal. Please don't spread misinformation. https://www.theguardian.com/technology/article/2024/aug/27/what-does-the-telegram-founders-arrest-mean-for-the-regulation-of-social-media-companies-pavel-durov

      In conversation about 4 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: i.guim.co.uk
        What the Telegram founder’s arrest means for the regulation of social media firms
        from https://www.theguardian.com/profile/alex-hern
        In this week’s newsletter: Pavel Durov’s detention by French authorities is a major break from the norm – but his low-moderation, non-encrypted app is an anomaly
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 03:22:24 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Martin

      @martin In my case: I cannot be discovered by phone number, as I have disabled that option in the Signal privacy settings. I can be added using my Signal username only, which I happily give to people that ask friendly but I don't publish it anywhere. Seems to work just fine.

      In conversation about 4 months ago permalink
    • Embed this notice
      Martin (martin@social.mdosch.de)'s status on Sunday, 26-Jan-2025 03:22:25 JST Martin Martin
      in reply to
      @jwildeboer@social.wildeboer.net
      OK, funny. I wonder how they do that.
      So, you register using a number from prepaid that you let go. Someone else gets this number now and also registers to signal.
      I put that number in my phone book and open signal. Whom of you will I add? Will I presented with a choice as two signal accounts are linked to that number?
      I can't really comprehend right now. For WhatsApp I know people who were angry as their WhatsApp account was suddenly no more functioning as they didn't bother to change it to the new number and after a while someone else got their old number and registered WhatsApp on it.
      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 03:52:19 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Michael Vera

      @michael Wow. Wild ad hominem attacks and accusations out of nowhere just to dismiss my arguments? Welcome to my blocklist.

      In conversation about 4 months ago permalink
    • Embed this notice
      Michael Vera (michael@mastodon.michaelvera.org)'s status on Sunday, 26-Jan-2025 03:52:20 JST Michael Vera Michael Vera
      in reply to

      @jwildeboer I disagree with the assertion that Signal only stores this minimal information. While the platform may not retain message logs, it still associates accounts with phone numbers, which inherently ties users to their broader network connections. Even if Signal itself doesn’t store these associations, the phone number link can’t be dismissed as irrelevant.

      Does Signal pay you to try to share this misinformation? Or the NSA?

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 03:56:06 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Arjen Haayman
      • Sebastian

      @haayman Thing with Signal is: you do not HAVE to share your contact with the App. And when you do, you can be assured (as long as you trust Signal to have implemented what they have described) that no real phone numbers from your contacts are stored anywhere in their systems.

      I decided from the start to NOT share my contacts with Signal and only connect with people I know. A little bit paranoid, I admit, but works GoodEnough for me and my risk calculation. @moehrenfeld

      In conversation about 4 months ago permalink
    • Embed this notice
      Arjen Haayman (haayman@todon.nl)'s status on Sunday, 26-Jan-2025 03:56:07 JST Arjen Haayman Arjen Haayman
      in reply to
      • Sebastian

      @moehrenfeld I get how it works. My point is, there are more data stored then implied. I don't mind, but "no data beyond that" is not true. And I know some people didn't really like it that their contact lists were sent to Signal, although I understand from @jwildeboer that this is optional now.
      Anyways, we're good

      In conversation about 4 months ago permalink
    • Embed this notice
      Sebastian (moehrenfeld@social.karotte.org)'s status on Sunday, 26-Jan-2025 03:56:09 JST Sebastian Sebastian
      in reply to
      • Arjen Haayman

      @haayman @jwildeboer They don’t store data about YOU. You can find an explanation how they match phone numbers without storing the actual numbers on their website.

      In conversation about 4 months ago permalink
    • Embed this notice
      Arjen Haayman (haayman@todon.nl)'s status on Sunday, 26-Jan-2025 03:56:10 JST Arjen Haayman Arjen Haayman
      in reply to

      @jwildeboer so it does store more than was mentioned before. I'm not saying that it's not safe, but it's the second time this week that i saw mentioned how little Signal stores, which is simply not true

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 04:15:09 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Erik van Straten

      @ErikvanStraten And that is perfectly fine with me, as long as they use Signal for sharing what they don't think they need to hide ;)

      In conversation about 4 months ago permalink
    • Embed this notice
      Erik van Straten (erikvanstraten@infosec.exchange)'s status on Sunday, 26-Jan-2025 04:15:10 JST Erik van Straten Erik van Straten
      in reply to

      @jwildeboer : unfortunately, most people believe that they have nothing to hide.

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 05:00:52 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • John Ulrik

      @ujay68 If you mean the number of accounts per phone number, it is one. If you mean the number of devices allowed to use the same account, I honestly don't know and can only tell you that I have 6 devices using the same Signal account right now.

      Also: the phone number is only needed to create the account. The devices using said account can have different phone numbers.

      In conversation about 4 months ago permalink
    • Embed this notice
      John Ulrik (ujay68@mastodon.world)'s status on Sunday, 26-Jan-2025 05:00:53 JST John Ulrik John Ulrik
      in reply to

      @jwildeboer Do you happen to know whether they limit the number of accounts that you can create with ONE phone number? Google does that: I once tried to register a couple of private team accounts under one number, and they blocked it after around five accounts or so.

      In conversation about 4 months ago permalink
    • Embed this notice
      Erik van Straten (erikvanstraten@infosec.exchange)'s status on Sunday, 26-Jan-2025 05:10:20 JST Erik van Straten Erik van Straten
      in reply to
      • Petr Tesarik

      @ptesarik : thank you, but Jan and I are definitely aware of that!

      We'd wish that the majority of people using the internet would understand that privacy is about risks. I don't know about Jan, but often I feel like I'm talking to walls.

      In fact, the problem is *that* big, that some people stop listening if they hear the word "privacy". It's for child abusers and other criminals, those using TOR and VPN's.

      @jwildeboer

      #Privacy #DefinitionOfPrivacy

      In conversation about 4 months ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        http://walls.In/
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 05:10:20 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Petr Tesarik
      • Erik van Straten

      @ErikvanStraten IMHO: The mission we developers have is to create solutions that allow people that don't care nor understand the implications of technology to still be safe by default. When we developers expose our users to risks they simply are not aware of, that's on us. We must do better. @ptesarik

      In conversation about 4 months ago permalink
    • Embed this notice
      Petr Tesarik (ptesarik@fosstodon.org)'s status on Sunday, 26-Jan-2025 05:10:21 JST Petr Tesarik Petr Tesarik
      in reply to
      • Erik van Straten

      @jwildeboer @ErikvanStraten Arguing that you don't care about the right to privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say.

      In conversation about 4 months ago permalink
      Janneke repeated this.
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Sunday, 26-Jan-2025 07:15:24 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • sn 🐦‍⬛

      @sn IMHO you shouldn’t have backups. Chats are ephemeral to me. Anything stored beyond a few days is an additional risk should someone be able to get hold of its content.

      In conversation about 4 months ago permalink
    • Embed this notice
      sn 🐦‍⬛ (sn@mastodon.ping.de)'s status on Sunday, 26-Jan-2025 07:15:25 JST sn 🐦‍⬛ sn 🐦‍⬛
      in reply to

      @jwildeboer the problem with signal on iOS us that it won't ket you make a backup of your signal chats. If your phone is lost, so are your chats. It sucks.

      In conversation about 4 months ago permalink
    • Embed this notice
      babble_endanger (babble_endanger@freeradical.zone)'s status on Monday, 27-Jan-2025 03:43:23 JST babble_endanger babble_endanger
      in reply to

      @jwildeboer Actually I think Signal also stores the groups server-side https://github.com/signalapp/storage-service/blob/b05957bf87c27429681ed1bc1f591e5e78b9c5cd/src/main/java/org/signal/storageservice/storage/GroupsTable.java

      In conversation about 4 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        storage-service/src/main/java/org/signal/storageservice/storage/GroupsTable.java at b05957bf87c27429681ed1bc1f591e5e78b9c5cd · signalapp/storage-service
        Contribute to signalapp/storage-service development by creating an account on GitHub.
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 03:43:23 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • babble_endanger

      @babble_endanger See https://support.signal.org/hc/en-us/articles/360007319331-Group-chats "A Signal group is built on top of the private group system technology. The Signal service has no record of your group memberships, group titles, group avatars, or group attributes." More details on the private group system at https://signal.org/blog/signal-private-group-system/

      In conversation about 4 months ago permalink

      Attachments


      1. Domain not in remote thumbnail source whitelist: signal.org
        Technology Preview: Signal Private Group System
        from @signalapp
        Groups are inherently social, and Signal is a social app. Whether you’re planning a surprise party, discussing last night’s book club meeting, exchanging photos with your family, or organizing something important, group messaging has always been a key feature of Signal. Signal provides private gr...
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 03:53:42 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • babble_endanger

      @babble_endanger If you want to dive *really* deep, here's the paper that describes the cryptographic details etc: https://eprint.iacr.org/2019/1416

      In conversation about 4 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: eprint.iacr.org
        The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption
        In this paper we present a system for maintaining a membership list of users in a group, designed for use in the Signal Messenger secure messaging app. The goal is to support \(\mathit{private}\) \(\mathit{groups}\) where membership information is readily available to all group members but hidden from the service provider or anyone outside the group. In the proposed solution, a central server stores the group membership in the form of encrypted entries. Members of the group authenticate to the server in a way that reveals only that they correspond to some encrypted entry, then read and write the encrypted entries. Authentication in our design uses a primitive called a keyed-verification anonymous credential (KVAC), and we construct a new KVAC scheme based on an algebraic MAC, instantiated in a group \(\mathbb{G}\) of prime order. The benefit of the new KVAC is that attributes may be elements in \(\mathbb{G}\), whereas previous schemes could only support attributes that were integers modulo the order of \(\mathbb{G}\). This enables us to encrypt group data using an efficient Elgamal-like encryption scheme, and to prove in zero-knowledge that the encrypted data is certified by a credential. Because encryption, authentication, and the associated proofs of knowledge are all instantiated in \(\mathbb{G}\) the system is efficient, even for large groups.
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Monday, 27-Jan-2025 06:08:24 JST feld feld
      in reply to
      @jwildeboer how do you get a prepaid SIM that isn't linked to your identity?
      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 06:10:29 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Kobold

      @kobold No.

      In conversation about 4 months ago permalink
    • Embed this notice
      Kobold (kobold@social.troll.academy)'s status on Monday, 27-Jan-2025 06:10:30 JST Kobold Kobold
      in reply to

      @jwildeboer Did you try on a landline?

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 06:14:50 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • feld

      @feld At the time I registered my Signal account (2014), you could get them almost everywhere in Germany. That changed 2017, so 3 years later. How to do that today? I wouldn't know.

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 09:21:51 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • babble_endanger

      @babble_endanger This is why I gave you links to the description on how the system works. The TL;DR is that they store group information in a way that not even they can find out who is in which group. Once th group members themselves can.

      In conversation about 4 months ago permalink
    • Embed this notice
      babble_endanger (babble_endanger@freeradical.zone)'s status on Monday, 27-Jan-2025 09:21:52 JST babble_endanger babble_endanger
      in reply to

      @jwildeboer I'm mostly wondering, if there's no groups in the server database, what that file does. I can't read Java well

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 16:08:01 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • babble_endanger

      @babble_endanger Server side storage of encrypted, zero knowledge information, that even when you get access to a full dump of the database content does not allow you to reconstruct who is member of which group, as explained in the documents and papers I gave you links to.

      In conversation about 4 months ago permalink
    • Embed this notice
      babble_endanger (babble_endanger@freeradical.zone)'s status on Monday, 27-Jan-2025 16:08:02 JST babble_endanger babble_endanger
      in reply to

      @jwildeboer Sure but those don't seem to have links into the code. I'm not wondering about the cryptography, I'm wondering why there's a file that mentions BigTable and groups, which looks to be server-side storage of groups

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 16:32:50 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • babble_endanger

      @babble_endanger Feel free to read that as "do not store *reproducible* data". When forced by a subpoena to produce data about an account, Signal cn only deliver the two data points mentioned. Beyond that not even they can access the user specific data that may be in their systems. By design.

      In conversation about 4 months ago permalink
    • Embed this notice
      babble_endanger (babble_endanger@freeradical.zone)'s status on Monday, 27-Jan-2025 16:32:52 JST babble_endanger babble_endanger
      in reply to

      @jwildeboer Contrary to what was said earlier that they do not store the data at all

      In conversation about 4 months ago permalink
    • Embed this notice
      babble_endanger (babble_endanger@freeradical.zone)'s status on Monday, 27-Jan-2025 16:32:53 JST babble_endanger babble_endanger
      in reply to

      @jwildeboer Thanks for explaining! So #Signal actually does store that information, but it's encrypted, so they don't hand it over in subpoenas. Intriguing

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 16:41:34 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • sn 🐦‍⬛

      @sn Digitalm sovereignty also means the freedom to decide what data NOT to store. As family we have decided to use Signal, fully aware of what that means.

      In conversation about 4 months ago permalink
    • Embed this notice
      sn 🐦‍⬛ (sn@mastodon.ping.de)'s status on Monday, 27-Jan-2025 16:41:36 JST sn 🐦‍⬛ sn 🐦‍⬛
      in reply to

      @jwildeboer maybe if your chats with your dead parents were stuck in Signal, you'd think differently. That's just one example of many.
      Digital #sovereignty means letting users do what they want with their data instead of dictating.

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 19:00:44 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Powersource

      @powersource Well, it's the only information they give when subpoenaed and thus far it seems the judicial system accepts that they can't get more.

      In conversation about 4 months ago permalink
    • Embed this notice
      Powersource (powersource@sunbeam.city)'s status on Monday, 27-Jan-2025 19:00:45 JST Powersource Powersource
      in reply to

      @jwildeboer that is all that is stored on their disks sure, but it is naive to pretend like that's the only useful thing that could come from their servers

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 19:07:27 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Powersource

      @powersource Do they? Or are you just trying to point at *possible* risks that are not very practical? FTR: If you feel that this is a real risk, you can connect to/setup a Signal proxy to further dilute the correlations. https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support

      In conversation about 4 months ago permalink

      Attachments


    • Embed this notice
      Powersource (powersource@sunbeam.city)'s status on Monday, 27-Jan-2025 19:07:28 JST Powersource Powersource
      in reply to

      @jwildeboer if the NSA can monitor all traffic going in and out (they can) then they don't need a subpoena

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Monday, 27-Jan-2025 19:33:21 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Powersource

      @powersource First: I don't believe that they are doing this. And second: It doesn't change the fact that most other messengers out there are far less secure and leak far more metadata. So from a normal user perspective, Signal is still the most "secure by default" messenger out there. But sure, that's my personal opinion that some will disagree with for various reasons.

      In conversation about 4 months ago permalink
    • Embed this notice
      Powersource (powersource@sunbeam.city)'s status on Monday, 27-Jan-2025 19:33:23 JST Powersource Powersource
      in reply to

      @jwildeboer I would be incredibly surprised if they don't.

      Also, proxies don't solve the problem and even if they did, it's an incredibly obscure option, leaving basically every other user exposed.

      In conversation about 4 months ago permalink
    • Embed this notice
      Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Tuesday, 28-Jan-2025 05:26:50 JST Jan Wildeboer 😷:krulorange: Jan Wildeboer 😷:krulorange:
      in reply to
      • Powersource
      • BohwaZ

      @bohwaz @powersource I never said Signal is perfect. But I do say it’s one of the far better things we have to communicate without being too much of a hassle while still delivering very good security.

      In conversation about 4 months ago permalink
    • Embed this notice
      BohwaZ (bohwaz@mamot.fr)'s status on Tuesday, 28-Jan-2025 05:26:51 JST BohwaZ BohwaZ
      in reply to
      • Powersource

      @powersource
      It would be easy as well as signal is using aws, Google, cloudflare and azure. They also use twilio for SMS messages I think. All those companies could easily collaborate and provide information on which IP address is talking to signal servers and when. So be careful of your threat model. This could be used to confirm suspects are talking to each other for example. Even sealed sender is not always useful. Signal is a good solution but it has limitations.
      @jwildeboer

      In conversation about 4 months ago permalink
    • Embed this notice
      Tobias Hellgren (thanius@mastodon.chuggybumba.com)'s status on Tuesday, 28-Jan-2025 07:53:57 JST Tobias Hellgren Tobias Hellgren
      in reply to

      @jwildeboer So there's no centralized exchange of encryption keys?

      In conversation about 4 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.