We’ve designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.
Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
All message contents are end to end encrypted, so we don’t have that information either.
More enthusiastic about privacy and free software. I often see worse apps recommended for privacy reasons, so why not bring up the flaws in those and what's better about this. If something better comes along I'll switch to that and recommend that instead.
I'd argue that if someone wants to get a flip phone for privacy reasons they should be able to not download shady apps and give them permissions without thinking.
You can see if your message was sent to the server and if the message was sent to your friends phone. I haven't really had any problems delivering messages apart from one time when they had servers problems.
No need to use Chrome if you don't want to, Chromium also works.
> People with security, budget and privacy concern go for flip phones.
No. That ensures you can't send encrypted messages or do encrypted calls.
Also see one of the reasons Signal moved to sending encrypted messages as data and stopped supporting encrypted messages sent as sms.
> SMS and MMS are a security disaster. They leak all possible metadata 100% of the time to thousands of cellular carriers worldwide. It's common to think of SMS/MMS as being "offline" or "peer to peer," but the truth is that SMS/MMS messages are still processed by servers--the servers are just controlled by the telcos. We don't want the state-run telcos in Saudi, Iran, Bahrain, Belarus, China, Egypt, Cuba, USA, etc... to have direct access to the metadata of TextSecure users in those countries or anywhere else.
Signal has that too https://whispersystems.org/blog/disappearing-messages/ And using GCM is only a problem for people running a custom Android ROM without Google Play Services. They can use MicroG instead. For the vast majority of people who do have Google Play on their phone this is completely irrelevant. Using GCM doesn't make Signal less private.
> Google doesn't see any data via gcm, it's just a tickle. If you want push messages, you gotta use a push network.
> I've also seen first hand how difficult 3rd party clients can be on large networks with actual client logic, and unfortunately we simply don't have the resources to deal with that.
> I hope that everyone here who prioritizes federation above all else moves to federated products that support their goals, and I hope that those projects can demonstrate that I'm wrong about the inability to build competitive user experiences over the long term.
> If the only thing that the remaining people here want out of LibreSignal is a websocket-only solution and gmscore isn't an option for whatever reason, I would consider a clean, well written, and well tested PR for websocket-only support in Signal. I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services. However, I also realize that still won't help people that are trying to build a Google-free experience on Google's platform, since we still don't have the things we need to be comfortable distributing software outside of Play.
> The thing is, Wire is developed by a for-profit company that has yet to discover a sustainable business model. They seem to be in a hurry to gain users, boasting about their own app's security and privacy before it has ever been independently audited.
> Using the Service to communicate by chat, our servers store your encrypted messages and other encrypted content and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating. When using the Service to make or receive calls, our servers log and collect time and date of your calls, and the other user or users with whom you are communicating.
> Certain information (e.g. a recipient's identifier, an encrypted message body, etc.) is transmitted to us solely for the purpose of placing calls or transmitting messages. Unless otherwise stated below, this information is only kept as long as necessary to place each call or transmit each message, and is not used for any other purpose.
> This was put to the test in the "first half of 2016", when Signal's developers received their first subpoena. According to the documents that were published by the ACLU and OWS https://whispersystems.org/bigbrother/eastern-virginia-grand... , the Signal servers only store the number you register with (which can be anonymous https://yawnbox.com/index.php/2015/03/14/create-an-anonymous... ), the time you registered and the last time you connected to the Signal server (the precision of which is reduced to the day).
> The thing is, Wire is developed by a for-profit company that has yet to discover a sustainable business model. They seem to be in a hurry to gain users, boasting about their own app's security and privacy before it has ever been independently audited.
> Using the Service to communicate by chat, our servers store your encrypted messages and other encrypted content and log other information such as the time and date of your conversations, and the other user or users with whom you are communicating. When using the Service to make or receive calls, our servers log and collect time and date of your calls, and the other user or users with whom you are communicating.
> Certain information (e.g. a recipient's identifier, an encrypted message body, etc.) is transmitted to us solely for the purpose of placing calls or transmitting messages. Unless otherwise stated below, this information is only kept as long as necessary to place each call or transmit each message, and is not used for any other purpose.
> This was put to the test in the "first half of 2016", when Signal's developers received their first subpoena. According to the documents that were published by the ACLU and OWS https://whispersystems.org/bigbrother/eastern-virginia-grand... , the Signal servers only store the number you register with (which can be anonymous https://yawnbox.com/index.php/2015/03/14/create-an-anonymous... ), the time you registered and the last time you connected to the Signal server (the precision of which is reduced to the day).
> "Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there.
>
> Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.
>
> This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."
It's the least of Telegrams problems but let's not forget their home made crypto even though there are better alternatives. See the take-home message here:
> "We stress that this is a theoretical attack on the definition of security and we do not see any way of turning the attack into a full plaintext-recovery attack. At the same time, we see no reason why one should use a less secure encryption scheme when more secure (and at least as efficient) solutions exist.
>
> The take-home message (once again) is that well-studied, provably secure encryption schemes that achieve strong definitions of security (e.g., authenticated-encryption) are to be preferred to home-brewed encryption schemes."
> "Abstract: The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough crypt analysis of the encryption protocol and it's implementation. We look at the underlying cryptographic primitives and how they are combined to construct the protocol, and what vulnerabilities this has. We have found that Telegram does not check integrity of the padding applied prior to encryption, which lead us to come up with two novel attacks on Telegram. The first of these exploits the unchecked length of the padding, and the second exploits the unchecked padding contents. Both of these attacks break the basic notions of security, and are confirmed to work in practice. Lastly, a brief analysis of the similar application TextSecure is done, showing that by using well known primitives and a proper construction provable security is obtained. We conclude that Telegram should have opted for a more standard approach.
>
> Conclusion: TextSecure is based on strong primitives that have withstood crypt analysis from the crypto community for years, and these are combined in a way that proven provides authenticated encryption. Telegram on the other hand has crafted its own encryption scheme and deployed it in an unproven state, and prior to any scrutiny from other cryptographers. We have seen this done time and time again, and rarely with good results. Take for example the smart grid meters that were shown to use terrible crypto back in April this year. Furthermore, the DH Ratchet is a very nice way of providing forward secrecy on a per-message basis with little overhead, which is an improvement over Telegram's one key per 100 messages approach.
> 1) Again I'm not talking about verification of whoever is on the other side of the conversation, its about hijacking the account (whether by breaking into the Tel-Co system or having access to it using a court order).
What do you imagine happens when someone hijacks "the account"? They don't get access to your past conversations, they don't get access to your contacts. All that happens is that they can impersonate you, which your friends will notice when they are notified that the key changed.
> If you are using this app, you are forced to give up a copy of all you contacts and also the app is scanning for new contacts several times every hour!
I'm pretty sure it asks you and you have to give it permission. And again, most people WANT to find their contacts. What's the point of having a messenger and no one to send your messages to?
> If this was an opt in option
It is opt-in, no one is forcing you to use WhatsApp. It's not like people don't know that they will be able to contact their friends through WhatsApp and are shocked and dismayed when they find out that's the case. You do realize not every app in existence has to follow your requirements right? You're free to use something that does, but the reason the majority use WhatsApp is that it doesn't. That's not a bug, it's a design choice that you happen to disagree with.
> On the first point: Account authentication (when you setup your account or when you add a new device) is done via a non encrypted text message delivered to you by the tel-co service. This method is extremely insecure as it has been used by state and non-state sponsored hackers to hijack the account.
Again, the problem here is that "if your contact changes keys, this fact is hidden away by default." If WhatsApp did that by default, like Signal, then you would know that the key had changed.
> IMHO the only reason a messaging service uses and relies on phone number to identify (and of course authenticate accounts) is to steal (that's how I see it) their contacts and force them to use the service in order to grow their user base. Such unethical and disturbing practice can not be endorsed by an organization like EFF.
The phone number is used for contact discovery. You're not forced to do anything. For most people when they download a messenger they want to use it to talk to other people and they don't find it disturbing or unethical when that's possible.
> If you are looking to avoid mass surveillance, of course the ability to be anonymous is critical.
Luckily it's possible to use more than one app. I'm ok with my friends knowing who I am. This app makes it easy to find your friends. If you want to talk to people you don't know without them knowing who you are, there are other apps. That's not the purpose of this one. It doesn't make it bad, it doesn't make it insecure, it just means it's not for you.
> What I can not comprehend is how respectable people and experts like Snowden and others from EFF can get behind a messenger that its authentication is based on cell phone numbers!
Authentication isn't based on cell phone numbers, that's just the identifier. See "verify security code" here: https://www.whatsapp.com/faq/en/general/28030015 The problem, which EFF does mention is that "if your contact changes keys, this fact is hidden away by default."
> When an application sends all your contacts to its servers (whether they are hashed or not) and more importantly when your whole access depends on a none encrypted code sent via SMS
Correct me if I'm wrong but it seems as if you think that someone who hijacks your number will get access to some account where all your contacts are. That's not the case. The problem here is the same as above.
> and worst of all, your identifier can be tied to your real identity extremely easy, how can they call it secure at all?
> It is not all about E2E or how the crypto is designed or implemented, its also about your anonymity, your social graph and other pieces of information which are arguably more important not to give away!
> My ideal goal would be a universal, federated protocol, but even having libraries for each protocol with a unified API would make things already easier.
And Moxie is fighting for the opposite.
Yet here you are, pissed off that your goals don't align with someone elses. Use your open source IRC app to talk to your mom and I'll use Signal to talk with mine. No one is forcing you to do anything. Considering your goals and ideas are superior surely whatever you're suggesting will become the one service everyone uses, problem solved.