Comments

You must log in or register to comment.

potatoes wrote (edited )

My biggest two concerns:

  1. Although the server side software is (sometimes) published, there is no way to verify that the server is actually running that software.
  2. According to Signal TOS, nobody is allowed to build and distribute the Signal app except Signal foundation. I'm not sure if it has a reproducible build system.

Taken together, I am placing a lot of trust in the Signal Foundation.

3dit: there is a community fork/build of the client called Molly. Using it is violating the TOS, but I don't think the signal foundation can really tell which client you are using.

5

TheNerdyAnarchist OP wrote

If you're that concerned, there's also Session which takes care of the whole central server issue.

That said, at least as history shows, which is all we have to go off of, Signal doesn't provide anything useful to law enforcement.

5

just1602 wrote

For me the sole fact that this article has been written is a huge red flag regarding the relation the anarchist communities are developing with Signal.

Just to be clear, I think privacy is important and everyone should use the most secure tool possible for their everyday use and Signal is probably the best tool for chatting securely and privately. It has a great UI, it's really easy to use and it can bring privacy to everyone.

My concerns are more about the "anarchist stuff" people are doing / organizing on signal :

  • especially with covid, but even before that, people seems to organize action using signal
  • even if it's possible to use a burner phone or a secondary phone for your anarchist activities, a lot of people are not doing it or doesn't have the money to maintain a second phone just for that, Are their phone fully encrypted, are they having good password on their phone?
  • more and more people are creating large signal group to spread news and information across communities, states or countries, even if nothing risky are discuss there, if a cop can be add to those group chat, it's a great way to get a list of phone numbers and to see which phone numbers are active and posting stuff
  • even if there's disappearing message someone could copy / paste or screenshot everything said in a conversation or a group chat

Also, even if I understand Moxie's arguments, I think that for our communities, the fact that Signal don't let you have an account without a phone number (ther're supposed to be working on supporting username) and especially the fact that they don't support federation means that you have to trust that the server code that is on github is also the code they're running on their servers.

So, even if I really like Signal I think we should always ask ourselves what threat model are we facing regarding what we think, what are we speaking or organizing against, who is the enemies and what resource does they have to counter us,. We should also always ask ourselves if something should be written at all before writing it even on paper or on signal.

Another article about Signal on it's going down : https://itsgoingdown.org/signal-fails/

2