there are probably also a few other, more recent examples that i just can’t find. but the theory is the same, signal only knows a phone number in association with an account creation date and the last sent message date. everything else is encrypted. the signal protocol has been formally verified to be secure: https://cryspen.com/post/pqxdh/. signal all in all is a very competent messenger, and there’s a reason it’s being used by dissidents, journalists and activists, even if most of those people do not actually have the energy or skills to verify the internals. what does easily get you in trouble (assuming what you’re doing is troubling) is if you have a leaky contact. it’s not hard to just screenshot messages and then publish them elsewhere.
signal only knows a phone number in association with an account creation date and the last sent message date. everything else is encrypted.
Thats not really possible. If thats all they give out, then that just means that is all that they decide to save. They have access to the servers that everyones messages pass through. They could log the IP and date for every single message sent if they wanted to, but just decide not to do it. This model fails however as soon as they are forced to save more than that.
Thats the dumbest shit ive ever heard. Every server that isnt yours is compromised. The general assumption in computer security is always that anything outside of your physical possession is compromised, especially when your opponent is the best equipped government on the planet.
Do you have a source for that? How would the server know who to deliver data to without being aware of the group member list?
https://signal.org/bigbrother/central-california-grand-jury/
there are probably also a few other, more recent examples that i just can’t find. but the theory is the same, signal only knows a phone number in association with an account creation date and the last sent message date. everything else is encrypted. the signal protocol has been formally verified to be secure: https://cryspen.com/post/pqxdh/. signal all in all is a very competent messenger, and there’s a reason it’s being used by dissidents, journalists and activists, even if most of those people do not actually have the energy or skills to verify the internals. what does easily get you in trouble (assuming what you’re doing is troubling) is if you have a leaky contact. it’s not hard to just screenshot messages and then publish them elsewhere.
Thats not really possible. If thats all they give out, then that just means that is all that they decide to save. They have access to the servers that everyones messages pass through. They could log the IP and date for every single message sent if they wanted to, but just decide not to do it. This model fails however as soon as they are forced to save more than that.
compromised servers are a known threat model, and not a threat in signal’s case
Thats the dumbest shit ive ever heard. Every server that isnt yours is compromised. The general assumption in computer security is always that anything outside of your physical possession is compromised, especially when your opponent is the best equipped government on the planet.