To be fair, signal is an open source protocol that anyone is free to implement.
“The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations[…]”
Signal is an encryption protocol, not messaging protocol. My comment was about a messaging one like XMPP or Matrix.
The US government is forcing Google and Apple to share push notification data with them. Even if the content is not sent, the metadata alone can let them know who you are talking to and when using metadata correlation.
Signal push notifications don’t contain any useful plain text data (no content, no information about who sent you a message). AFAIK the only thing you would be leaking is that you received a message on signal, and frankly that metadata is probably going to be leaked to the US government regardless of your use of push notifications.
They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon’s servers to see you’re connecting specifically to Signal
AWS is not a black box from the outside. The signal servers will have their own external IP addresses that you will connect with, your ISP could keep track of those connections. Furthermore, if you are worried that the government is using your ISP to spy, what makes you think that AWS wouldn’t be subject to that as well? Signal is absolutely a target in this respect too.
Of course you can do various things to potentially hide your connection to signal, for instance by using tor, but in some sense there’s no guarantee if you don’t trust anything external to you. I’m personally not too worried about the “this person uses signal” metadata, though.
This doesn’t matter because everyone should be using signal.
It is a great app, but you cannot fit everyone into a single app.
Examples why I personally sometimes don’t want to use Signal:
Signal is super giga great, the cons list is short, but if we want everyone to use something it has to be an universal protocol, not one app.
Ok, those are legitimate complaints, and I suspect they’re related too. It would be nice to have a web client.
Personally, I’d say that’s a feature.
To be fair, signal is an open source protocol that anyone is free to implement. Signal protocol
“The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations[…]”
Signal is an encryption protocol, not messaging protocol. My comment was about a messaging one like XMPP or Matrix.
With notifications turned off
Seriously. Who wants to know when people are talking to them? GO AWAY, PEOPLE. GOSH.
Why?
https://www.macrumors.com/2023/12/06/apple-governments-surveil-push-notifications/
The US government is forcing Google and Apple to share push notification data with them. Even if the content is not sent, the metadata alone can let them know who you are talking to and when using metadata correlation.
Signal push notifications don’t contain any useful plain text data (no content, no information about who sent you a message). AFAIK the only thing you would be leaking is that you received a message on signal, and frankly that metadata is probably going to be leaked to the US government regardless of your use of push notifications.
it’s not the content in the noti, it’s where your phone was connected when it received it
They get that from the carrier already
How?
Because your ISP and cell phone provider can tell you’re connecting to signal.
They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon’s servers to see you’re connecting specifically to Signal
AWS is not a black box from the outside. The signal servers will have their own external IP addresses that you will connect with, your ISP could keep track of those connections. Furthermore, if you are worried that the government is using your ISP to spy, what makes you think that AWS wouldn’t be subject to that as well? Signal is absolutely a target in this respect too.
Of course you can do various things to potentially hide your connection to signal, for instance by using tor, but in some sense there’s no guarantee if you don’t trust anything external to you. I’m personally not too worried about the “this person uses signal” metadata, though.
Removed by mod