Notices by Avitus (avitus@ioc.exchange)

@Linux @delta @feld "That you know of" doesn't apply when Signal reports the subpoenas they receive and their responses with the data they provide:

https://signal.org/bigbrother/

This is going in circles. No service is Fort Knox. You have to accept some level of risk whether that be the service itself going bad or some outside force prying sensitive information from the service.

Signal, as shown at the link I've now provided three times and has been totally ignored throughout this conversation, mitigates first and third-party risk by collecting as little data as possible so they don't have it to give.

@Linux @delta @feld We went from talking about if Signal is safe to now talking about serving subpoenas to organizations other than Signal, and gaining physical access to devices. That in itself is a testament to how safe Signal is. Whether a subpoena is served to CloudFlare, or what a given person's threat model is, is irrelevant to what Signal itself does to protect its users.

@Linux @delta Any significance of this is negated because Signal has very little data about users.

https://signal.org/bigbrother/

The cops have to provide a phone number, and in all cases Signal can only say "yes, this number was registered". They don't know the identity of the number owner, who they talk to, what they've said, where they're located etc. unlike WhatsApp, Telegram, Facebook Messenger etc.

@adbenitez @feld @k3fnb @VeroniqueB99 @SrRochardBunson Signal doesn't "track social graphs" because it can't: https://signal.org/bigbrother/

@rysiek @xgranade @makdaam Signal made a direct statement to the bug bounty hunter, which was provided to 404 Media and published. So the statement given to the bug bounty hunter is the statement from Signal.

@makdaam @rysiek CloudFlare already fixed the issue and Signal provided a statement to 404 Media: https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/

@makdaam @rysiek There's nothing for them to say. It's a problem with CloudFlare, so CloudFlare needs to fix it.

@dennisfaucher @tinker Millions of spouses and children in families that don't have millions of dollars are left behind every year when insurance denies coverage for life-saving care.

@GossiTheDog They'll just sneak it into an update in six months. They're not open-source so nobody will know until it's too late.