https://www.city-journal.org/article/signals-katherine-maher-problem
U.S.-supported Color Revolutions abroad.
This is 100% Russian propaganda language and the whole article is built on this narrative 🤮
The problem is that the article does not point to any specific surveillance or backdoor issues in Signal code which, as we all know, is open-source. It does not even point to any specific legal or organisational issues which could lead to tampering the software. And because the author does not have any such arguments, the whole premise of the article is built on top “look, she worked there” and the rest is left to the reader and their personal paranoias 🤷
And these references to “regime changes” and “color revolutions” only confirm author’s own political bias and highly insulting to everyone in these countries where people fought for their own freedom.
Adding Durov’s quote on top of that is rather ironic, as the messenger is known to cooperate with FSB requests and completely opaque as it comes to its operations and server-side code.
Signal refuses to provide reproducible build instructions for iOS
Why?
Yes, there are technical hurdles to do reproducible builds on iOS: you need a jailbroken device or one of the unlocked phones from the security research program. But it's possible to do.
https://yasha.substack.com/p/signal-is-a-government-op-85e
I imagine I'm safe because I'm basically trusting the dev of that rather than the Signal dev. And it's all end to end encrypted so no-one's trusting the server.
Or maybe not. Maybe he hasn't audited the code before modifying it.
the project was actually a State Department-connected initiative that planned to wield open source Internet projects made by hacker communities as tools for American foreign policy goals”—including by empowering “activists [and] parties opposed to governments that the USA doesn’t like.” Whatever the merits of such efforts,
The enemy of my enemy is my temporary ally.
- replies
- 1
- announces
- 0
- likes
- 0
What do you think of SimpleX Chat?
There are no global identifiers and it’s decentralised so the metadata privacy should be good. The creator is suspicious of Crystals-Kyber so he used strnup761 instead for PQC. And it’s possible to switch servers smoothly if you get kicked from one or there’s a problem with it.
> An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”.
Many. Good summary:
Matsapulina’s case is hardly an isolated one, though it is especially unsettling. Over the past year, numerous dissidents across Russia have found their Telegram accounts seemingly monitored or compromised. Hundreds have had their Telegram activity wielded against them in criminal cases. Perhaps most disturbingly, some activists have found their “secret chats”—Telegram’s purportedly ironclad, end-to-end encrypted feature—behaving strangely, in ways that suggest an unwelcome third party might be eavesdropping. These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it’s impossible to tell what’s really happening to people’s accounts—whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it’s such an inherently unsafe platform that the latter is merely what appears to be going on.
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
The main problem with Telegram is lack of E2EE by default, you have to specifically set these “secure chats” and it’s burdensome enough to discourage users from doing it. And the above paragraph talks about these “secure” chats being compromised.
@sun @kravietz @feld signal just freaks me out a little bit because you need to sign up with your phone number. Session is the better choice if you're looking for privacy. They literally can't give out that information because they don't have it, whereas Signal has complied with orders and given numbers before iirc. Could just use a burner phone or something but, you know, still.
Tor is funded by the government but they use it too, it's in their best interest to keep it as safe as it is. They don't need to do anything crazy to catch people with bad opsec (dread pirate Roberts for instance) and most of the time they're just using honeypots anyway (like those "hire a hitman" services), not that the network itself is compromised. As long as you don't have an entire string of government connections then you're good, and if you're really concerned then you can always use a new connection on every site. Someone going to those lengths probably has a lot more shit they need to worry about lol.