Why do people assume Signal messenger isn’t spying on you? Yes, it has open source code, yes it uses end-to-end encryption. But we can’t check which code runs in the version from Google Play or the App Store. And also their APK (IPA) build process is essentially a black box, it doesn’t use GitHub Actions or some other transparent build system. I also heard from Techlore that they add a proprietary part to the apk to filter bots. The only thing I can assume is that people scanned the traffic coming from the app (Android), phone (iOS) and checked whether encryption keys were being sent to Signal or not. But it seems to me that this can be also circumvented. What do you think?

P.S. I myself use Signal to communicate with relatives and friends. Definetly not a hater.

  • Cambionn@feddit.nl
    link
    fedilink
    arrow-up
    121
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Well outside of the general open source and E2EE stuff, there are a few more things.

    They’re under a non-profit foundation and charity to which donating is tax-deducatble. That means they have to publicice their financial numbers. Selling data would generate a sudden revenue, which would draw attention.

    They also regularily do external audits, both from external audit organisations as individuals. This list was made in august 2022, you can likely find a newer list somewhere. I just did a quick search for you. https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

    Signal also runs perfectly fine without anything Google btw. It uses PlayServices only if you have it on your phone (otherwise it just uses WebSockets), as it preserves battery life. However, it doesn’t actually send data to Google over PlayServices. Instead it sends an empty notification, which wakes the phone and is recognised by Signal as a trigger to make it connect to Signal servers to grab data directly from there. If you wish, you can check this in the code yourself. I guess you may also be able to confirm this looking at network traffic from and to your phone.

    Also a note on the E2EE. Another important thing is that not only the message is encrypted, but also the metadata. Unlike most other chatapps like WhatsApp; who knows where you are, who you talk to, how often, etc. You could theoretically also check this by checking outgoing traffic if you wish.

    This also means that unless they somehow secretly have a copy of your private key, there is no data for them to sell anyways. The fact that even in court they’ve didn’t have data to show, them passing many external audits without this being a point (sometimes issues are found, which is normal. If audits are always perfect I’d be more warry. But never on this point afaik), and that nothing in the code nor internet traffic points to them possibly having this, makes me not that worried about the idea that they secretly got a copy of peoples private keys.

    So overal while it’s perhaps technically possible they secretly run something else on their server and build a back door to read your messages, they are many things that show they don’t, and literally nothing that would say they do. And neither does there seem to be any reason why, since they can’t sell it nor give it in court. So unless you believe they have some evil bigger plan, I don’t see the reason to doubt.

    And a little note. Privacy people can be crazy, and I say that in a positive way! If you can check it, people no doubt have, and issues would’ve been found. Yet many people deep into it still vouch for it. That says something. And the less crazy people profit of this. This is similar to why many big FOSS projects are considered safe even if you didn’t check all code yourself. And before you say “but if everyone thinks like that”, realise that the craziest don’t trust other people either. While smaller projects could hide perhaps, the real big/famous projects like Signal, Linux, LibreOffice, etc would fall trough as soon as they start doing shit.

    • Django@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Great explanation, thank you for the effort put into this. Going to forward this to a few friends who were also concerned about Signal’s privacy.

    • FarLine99@lemm.eeOP
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Thank you for the detailed comment!

      Well, I think that in such a case it would be possible to bypass the correct accounting of funds. Financial fraud has not been canceled. But this is more of a counterargument, unlikely.

      I didn’t know about Google notifications, cool implementation!

      Yes, metadata encryption is cool, absolutely!

      The question is also how to check the traffic on the iPhone, if there are even no monitoring tools there.

      • Cambionn@feddit.nl
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        it would be possible to bypass the correct accounting of funds. Financial fraud

        Well, sure but it’ll be quite difficult to hide a large increase in revenue still. Large unussual transactions generally have to be flagged by banks, so receiving and moving around revenue of sold data from your non-profit wouldn’t be thát easy unless they only allow crypto or cash. Surely it’s possible, but financial fraud on that level is quite difficult and often falls trough sooner or later. Or, the other option is that they don’t earn that much from it making it easy to hide, but that sounds like a lot of effort and potential risk for little gain.

        Either way, the financial numbers is just one of the reasons. But trust is never build on one thing, it’s built on the combination of them. With all things I mentioned, I don’t exactly get the feeling it’s all hanging on finacial fraud.

        The question is also how to check the traffic on the iPhone, if there are even no monitoring tools there.

        Use a network you controll (like your home WiFi) and check in- and outgoing traffic network wide instead of on-device.

        You cannot check other peoples stuff all the time, but I’d suggest not sending sensitive information to people you don’t trust as they could leak it (be it on purpose or not). And depending on level of sensitivity, just speak face-to-face in a private place. There is always a form of digital footprint when doing stuff digital. In the end, you should always assume that nothing is 100% safe, and anything cán be hacked. Trusting digital communication to be 100% safe is foolish. Look at situations like the Encrochat debacle for example. The question is more, which risks are worth it in your threat model. For most people, Signal is good enough as the risks it does have aren’t in their threat model at all.

  • august_senpai@lemm.ee
    link
    fedilink
    arrow-up
    45
    ·
    1 year ago

    Because they were brought to court to give info for a case and they proved they didn’t have any.

    • poVoq@slrpnk.net
      link
      fedilink
      arrow-up
      5
      arrow-down
      3
      ·
      1 year ago

      This is only for retro-active cases. A judge can perfectly well order them to do live surveillance of users and put it all under a gag-order and have the police ex-filtrate the data so that Signal can still claim they are not storing any of it.

      Like all centralized services their claims to privacy are very shallow and the FBI is known to have tried to get paid informants on these large messenger companies to ex-filtrate data even without the above mentioned legal way via a court order.

        • poVoq@slrpnk.net
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          First of all yes they can, and secondly that’s not a new feature but any server has that built in by default. The question is just, is it stored or not.

    • FarLine99@lemm.eeOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      14
      ·
      1 year ago

      From whom did this information come, from Signal themselves? It’s like asking a criminal if you stole diamonds in that store at 3 a.m. And again, they may have disclosed these messages to the government, but together they agreed to say that Signal does not have anything. I think we need to think about such things 😉

      • Netto Hikari@social.fossware.space
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        They’d be jeopardizing everything if they lied in such a situation.

        There are still a few companies out there who truly stand for one’s freedom and privacy. Look at what happened to Mullvad VPN, for example. They were raided and there was nothing to be found, because their no-logs policy was actually true.

  • Shizu@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    The beauty of open-source is that you can build an APK/IPA yourself and be sure that your app - your version is truly not spying on you. I think most people just take Signal’s devs words for it that it’s the same.

    • FarLine99@lemm.eeOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      9
      ·
      edit-2
      1 year ago

      You can build IPA but that’s all. How could you install this IPA on normal iPhone (without jailbreak)? And if you send message to recepient that uses it, then they can spy on your messages through recepient’s phone 🙂

      • chris_0725@feddit.de
        link
        fedilink
        arrow-up
        23
        ·
        1 year ago

        You simply dont get an Iphone ;)

        No but seriously the “spy on the other users phone” is something you got a point about. But isnt that a genuine issue if you use non-open source code on your phone? Like if you go that far isnt anything other than stock android that you compiled yourself unsafe?

        • FarLine99@lemm.eeOP
          link
          fedilink
          arrow-up
          4
          arrow-down
          5
          ·
          edit-2
          1 year ago

          😁

          On my phone LineageOS is installed and their build process is completely open. BUT! This does not negate the fact that my messages end up on another person’s iPhone and this ± black box can transmit data to Signal servers, f.e. using notifications functionality.

          Once again, I don’t think that’s really the case. The reputation risks are too high to listen to the messages of some random son and mother. And it would also be possible to detect this using traffic analysis (if someone done this). But. Posibillity is there 😄

          • Netto Hikari@social.fossware.space
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 year ago

            With that logic, you’d have to go completely off-grid and not use any kind of messenger.

            With Apples CSAM scanning and similar features that could be introduced in any OS we’re using, no messaging app is really safe from spying eyes.

            • chris_0725@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              You can install your own precompiled Android, make shure the reciever does aswell, host an end-to-end encypted messaging server on your own and you are set. Maybe use thor browser aswell, but that shouldnt be necessary

      • Shizu@lemmy.world
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        If you have a Mac and xcode on it you build the IPA and deploy it to your iphone thru xcode. A developer needs to be able to test their own application this xcode just uses your regular devices and let’s you deploy onto them.

          • sv1sjp@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            I was talking about iPhone.

            On Android yes, OpenBoard, AOSP keyboard, KryptEY keyboard for example are find

        • FarLine99@lemm.eeOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          edit-2
          1 year ago

          We are talking about Signal spying on us, not Apple (Google). And I’m talking about the messages that I sent, not the person to me. And it doesn’t matter that the information will go to one place. Let’s not talk about it 😁

  • Voxel@feddit.de
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    1 year ago

    You can use forks of Signal which removed the proprietary part. For example there is Molly (Hardened Signal) which has two version and one of them is fully foss.

    • FarLine99@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      It also lacks transparent build system (GitHub Actions, etc.). And I kinda don’t want some random (good?) guy to build this code. Better using original APKs for me 🙂

  • bbbhltz@beehaw.org
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    Never really thought much of Techlore (no offense if you see this, but to be honest I haven’t even thought to click on a single one of your videos, sorry)…

    I use the APK directly from the site and I haven’t heard of this build situation, etc. I also think we could think the same about many other private chat apps — are they really keeping their promises?

    My gripe with Signal is that it still needs that phone number to onboard. I know about the forks, and I even used Pigeon on the Punkt phone. Now that Moxie has stepped down from his role at Signal, things may change again.

    I guess the best you could get is something like Session or Briar right now? XMPP?

    I live in France, and another problem is rearing its head: asking to ban or weaken encryption in the name of national security.

    • FarLine99@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      3
      ·
      1 year ago

      Yeah, we can say this thing about many other private messenger, completely true.

      Best options for anonimity and privacy as I see are Session and SimpleX (funding model is suspicious for such a sensitive business, i know).

      Privacy news from France are really bad, Europe cares about privacy, yeahyeahyeah.

      • bbbhltz@beehaw.org
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Europe cares about privacy, yeahyeahyeah.

        They care about protecting user data at least, and they have made attempts to keep some of the giants in check. Threads™ isn’t available here yet because of these laws. So with one hand they give us some pretty awesome rights and protection, and with the other they are spying quite a bit.

        • CookieJarObserver@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Eh ECJ is probably killing these idiotic laws again before they go into power. I wish politicians that push that shit (like fucking Achsel Voss) could be taken to prison for being against the constitution of basically every EU Country and EU itself…

  • Netto Hikari@social.fossware.space
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I think the reaction to government requests makes them trustworthy. There was virtually no useful data to hand out on their users.

    However, I personally don’t like Signal, because to me, the UI / UX is bad. I use Telegram, which is not a messenger for privacy-minded individuals and I know that. But the UI / UX is just so much better and most of my friends and family are on there, so yeah…

    • crunchpaste@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Sadly I’m in the same boat. I’ve been trying to switch to Matrix, but telegram is so much better in terms of features. I really miss the shared media and links functionality.

        • crunchpaste@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Each chat on telegram holds a history of shared media, which is separated into tabs for media (pictures and videos), files (any other files, including uncompressed images), links (every shared link, probably the most useful one), music and so on.

          It’s really handy if you remember you’ve sent someone a link to an article and don’t want to scroll through 5 months of messages.

          • CrypticCoffee@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Ah, I would favour Signal to Telegram as it has privacy and shared media. In Signal, on a chat, clicking … and All media, you can do that. I can imagine Matrix hasn’t got that level of maturity yet but I haven’t tested.

    • FarLine99@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Telegram UX is way better. Signal has good UI for me. Signal lacks features.

        • FarLine99@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Privacy is solid “feature”, definetly. It lacks UI color schemes. Some customizability. Stickers. Screen mirroring in calls.

          • CrypticCoffee@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            The first 3 are real meh for me. Mirroring I can imagine is useful in some contexts though. I personally don’t need that as much as privacy :).

  • smegforbrains@lemmy.ml
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Why does Signal need my phone number?

    Signal is subject to National Security Letters in the U.S.

    Signal received funding from Radio Free Asia owned by the U.S. Agency for Global Media with ties to the CIA.

    They seem to have a history of needing quite some time to release the server source code.

    Here are some articles to read about Signal:

    https://yasha.substack.com/p/signal-is-a-government-op-85e

    https://www.androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/

    https://github.com/signalapp/Signal-Android/issues/8974

    I became increasingly sceptical about using and recommending Signal.

    • Jamilla@swiss.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      @smegforbrains

      Just take a look at

      - Chat Anonymously: No Phone Number Required

      - No collection of user data.

      - Pay $5 once, chat forever.

      And check:

      https://securemessagingapps.com

      and rate the security
      🟩=3 🟨=1 🟥=0

      Results:

      1. Threema = 85 = WINNER
      2. Session = 79
      3. Signal = 77
      4. Wire = 70
      5. Wickr (Amazon) = 62
      6. Element / Matrix = 59
      7. WhatsApp = 34
      8. Telegram = 29
      9. Apple iMessage = 25
      10. Facebook Messenger = 25
      • 133arc585@lemmy.ml
        link
        fedilink
        arrow-up
        13
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Says the person with a 4 day old account who’s bio is literally marketing-speak for a rival app:

        The #messaging application with #anonymous identity, #untraceable content and military-grade #security. AKA the Dark Messenger.

        Also, what is this infuriating nonsense where #every #word #is #tagged? #Can #you #not #type #normally? #Or #is #it #automated? #It’s #inane. And it hurts readability, which is really the bigger problem.

        • TopSecret Chat@mastodon.social
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          @133arc585
          Yes, walking the first steps here in Mastodon :-)

          We are volunteers operating under an NGO based in Ireland… not rival of Signal, WhatsApp (or similar), but instead a complement for higher privacy

          Sorry for the several hashtags, it’s just the habit when posting

          • 133arc585@lemmy.ml
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            1 year ago

            not rival of Signal, WhatsApp (or similar), but instead a complement for higher privacy

            Sure sounds like you’re a rival if your bio is accurate. What do you gain from positioning yourself as not-a-rival? Wouldn’t it be more honest and benificial to position yourself as a rival, and be very explicit in how and why you are better than alternatives?

            Sorry for the several hashtags, it’s just the habit when posting

            Why is this a habit though? It doesn’t help discoverability, at least not for random shit like #people and #policy and #terms. What is the point of that? Don’t all these services have full-text search, where searching for #Signal and Signal are equally effective at finding comments mentioning Signal? And, even if it was exceptionally useful at helping discoverability, it really hurts readability: it becomes harder to scan and is visually cluttered. It takes me significantly longer to read somethign full of #tags than without, and I’m lately likely to forgo reading such a comment entirely rather than put up with line noise.

            • TopSecret Chat@mastodon.social
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              1 year ago

              @133arc585

              A rival sounds more like fighting against, but we rather designed a complementary solution that secure your data and metadata also while is use.
              With Confidential Computing the messages are not traditionally stored/deleted, but they operate in a memory enclave so they cannot be retrieved with forensic technology… of course this comes with a capacity limit, focusing on (few) highly confidential comms.

              We’ll take the feedback about the hashtags in consideration. Thanks

              • 133arc585@lemmy.ml
                link
                fedilink
                arrow-up
                3
                arrow-down
                1
                ·
                1 year ago

                That’s fair, rival does have a different connotation than “competitor”, which is a more accurate term here I think.

                Is the source code fully available for your product?

                • TopSecret Chat@mastodon.social
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  2
                  ·
                  1 year ago

                  @133arc585

                  The client-code is naturally open, while currently the core-engine is kept highly encrypted and we do not publish it (yet) as open-source.
                  There’s a bit of a debate about pros & cons of opening it, regarding confidential comms.
                  Anyway we are independently pen-tested by volunteers.
                  Thanks for asking 👍

          • src@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            Everything about your project just screams wannabe, or honeypot. I don’t think it’s possible to sound more sketchy and suspicious if you tried.

        • TopSecret Chat@mastodon.social
          link
          fedilink
          arrow-up
          1
          arrow-down
          3
          ·
          1 year ago

          @Rush @smegforbrains

          Hi, the client-code is naturally open, while currently the core-engine is kept highly encrypted and we do not publish it (yet) as open-source.
          There are different views with pros & cons about opening it, regarding confidential comms.
          Anyway we are independently pen-tested by volunteers. Thanks