David Chisnall (*Now with 50% more sarcasm!*)@SrRochardBunson @feld @redstateinsurgents
it uses encypted email in the background & nothing is stored on anyone's server in any country.
These two statements are opposite. If it uses email, then messages are stored on a mail server. Even if it’s encrypted, the sender and receiver must be plaintext and are visible to the operators of both the sending and receiving mail servers, which operate in at least one country.
If you use your own mail server, then it’s easy for a third party to just watch the (encrypted) network traffic to know who you are talking to. If you use one of the big ones such as GMail or Outlook Online then the operator of that server sees all of your connections. If one of your correspondents uses a big mail server then the operator can see your connection to their users and build at least a partial social graph.
This kind of metadata is incredibly valuable to both advertisers and more malicious users. Facebook bought WhatsApp harvest this data, because it was sufficiently valuable to them even in the presence of end to end encryption. It’s the same thing that nation-state dragnets collect.
The Signal protocol was designed to make it hard for even the operators of the server to collect this information.
All GNU social JP content and data are available under the