What they’ll do is arrest someone on bogus charges and then get their phone (legally via a plea or illegally whatever works). Since signal links your account with a phone number they can cross reference the contacts sync with the signal profiles and work their way up that way.
Best thing to mitigate this is to use a communications app that doesnt link to any personal details like SimpleX or GNU Jami, that way if one person gets booked then the entire network can be more resilient.
Signal is an upgrade from SMS but the phone number linking makes it impossible to create disposable identities. Signal is what you use outside of organizing talking to colleagues and family because WhatsApp is a slop mess and its fairly well known that you have an easier chance on getting people on board.
Afaik it’s not anything to do with signal as a platform it’s that they had rats in the chat
The signal chats have been already leaked publicly by right wing infiltrators, so I don’t think there’s much that can be done now. All the data is already out there, the FBI don’t even need to seize phones to get a start on the investigation.
signal chats have been already leaked publicly by right wing infiltrators
didnt’ know this happened
Yo I hope that’s been posted somewhere else more prominent.
I have been undercover inside the groups for days.
Looks like he’s doing better than the regular FBI.
Sounds like they are doing an OK job of organization and security given the constraints. Signal is main issue here but comparable info could likely be obtained with an IMSI catcher.
Hmm. How did this guy get in here? How are they verifying access to these groups? I feel like you could better atomize these groups.
It’s the blending of communication channels and operational channels. My local groups had this problem until we developed better practices.
Comms channel is only for rapid response, who-what-where, to get people on the scene documenting everything, informing victims of their rights, and impeding police fuckery. This is considered “public”, in that the bar for entry is quite low and the worst that an infiltrator would find out is “hey, cops, in about 10 minutes you’re gonna have a bunch of cameras on you”, a fact that they’d know soon enough anyway.
People love to chat, so there’s a chatter channel. Nothing important goes on here, and things are strictly moderated. The closest thing to operationally relevant information is stuff like “hey, I’m trying to organize X, react if you’re interested”. Again, worst case an infiltrator knows some vague information about planned actions.
All the resulting planning happens in person or in very tightly vetted invite-only threads. It is possible for infiltrators to get into these, but it requires establishing a lot of trust that’s just not gonna happen for a random lurker. For anything remotely serious, at most there’s a handful of core organizers updating each other. A lot can be done with 3-5 people without endangering the operation of the whole group, so you keep the scale small until you need bodies. Once you do, you break the action into disparate areas of responsibility and recruit through whisper networks and trusted individuals. These groups do not coordinate directly. If you lose an organizer, you jettison channels and either adapt the plan or start over. It’s easy to cut the head off of a snake, so you gotta be a hydra.
And I’m talking a not very large city with an incredibly overbearing police presence. If this isn’t going on 100 times over in Minneapolis (and everywhere else), they’ll roll up everyone they can identify on “conspiring” or “obstruction” or RICO or similar nonsense charges and hang them up in court/prison until people are so scared/exhausted that they give up or buy into some “emotional” outburst about how we all just need to put a 👍 on a message about doing a little domestic txrrxism to “take back our city”.
I do not think mostly anybody should be planning “dangerous” actions (mainly due to lack of opsec and experience), but the writing is on the wall: whether you want to move the needle or just keep yourself safe, you need a cell, a gang, a cadre, not a big tent. Let a thousand gangs bloom. 🌺
good post!
Reminder that Signal is not secure and is a tool pushed by the US intelligence agencies and Silicon Valley tech bros.
I remember being able to easily read about this but I am not able to find anything easily anymore by searching
dessalines (the creator of lemmy) spoke it on his “why not signal”
reminder that this is FUD
I have already read it, the only valid thing it mentions is the fact that servers are located in the US, but assuming the encryption standard is doing its job, that’s a non-issue.
it reads very similarly to all the people who say SELinux is evil bc the NSA were involved in the development.
While Signal has substantial problems, to my knowledge this “tracking” has always been non-technical. It is having access to someone’s unlocked phone and therefore being able to see the messages on it. Most apps will have this kind of weakness, even high quality open source security ones, and most of the security weakness is social: don’t put things in a chat that that would be bad news if it was screenshotted or leaked by a disgruntled or careless member. Infiltration is also possible but pissy babies and incompetence are more common. Don’t even put anything spicy on any chat unless it can be a one-way untraceable blast or something. Rely on irl face to face organizing as much as possible. It’s better anyways 99% of the time.
“tracking” has always been non-technical
litteraly this, they need a guy sitting at a Phone lol
Spy agencies typically used small cells to avoid one compromise destroying the whole network. Organizers should copy this with big broad directions from the top, broad basic cooperation across the group but specifics as much as possible localized to small in-person cells of less than 10 people who all know and trust each other (e.g. not randoms who claim to be interested in the cause who contact you online but people known to others in the group so if some known reactionary who was posting Trump memes all last year wants to join you say no).
That and not using something that requires phone numbers which leads to network mapping and graphs which is what the NSA and CIA targeting have always cared about more than message content. Signal is compromised by US intelligence in the sense at least that it gives them maps of who is talking to who and associates them with real numbers they can connect to real identities thanks to phone company cooperation. Message content may be safe from broad collection but infiltration is still a problem. Not any good off the shelf solutions that don’t require hosting something or several somethings unfortunately that I’m aware of that aren’t equally suspicious as signal.
Bullshit. All they can see is if a phone number is registered to a Signal account. They get no visibility of social graphs. They publish the subpoena requests they are forced to comply with. Unless you have evidence proving otherwise, please retract your disinformation.
What exactly outbound signal message looks like to isp? if it’s a burst to central server with known ip, social metadata is absolutely trivial to extract, if it’s peer2peer (which seems exceedingly unlikely with phones constantly swapping ip), only then you have to do time correlation attacks and likely non-trivial to solve and easy to obfuscate. (p2p meshes also dodge direct inference of social connectivity, but i don’t think signal functions that way)
Not that they would compromise keyboard-encryption backdoor if it exists over something so trivial, but one shouldn’t just trust something on the say-so
https://signal.org/blog/sealed-sender/
The original claim was about phone numbers disclosing social graphs, but now we’re getting into network traffic analysis for a global passive adversary and a compromised device?
If you’re worried about traffic analysis use a mixnet like Nym. If you don’t trust your device, then get a device you trust.
No, it’s two claims: before signal servers and on your isp provider side sits nsa sniffing device (likelihood 99%), which trivially can reconstruct social graph without specifically designed obfuscations on server side (something like nym, exactly, but for signal servers themselves, with random delays and obfuscatory traffic).
Second claim is all messages are encrypted doesn’t exclude possibility of keyboard input->app internals middleman backdoor, likelihood of it existing unknown (hi, nsa), with pegasus infection 100% at least.
Basically, you are fucked with state adversary, and shouldn’t use phone for anything not serving to appear normal, and while signal can provide necessary tools to message each other, you should assume it to be transparent and appearing in some court if things go wrong. (But crucially transparent to very advanced adversary, not bumblefuck from local police, so it’s not a call to rely on messages which are so trivial to intercept with sim card duplication for 1k-5k bucks, and unencrypted for traffic interception)
It’s going to be so funny whenever Kash
Kashes out.Good luck; we’re clean on opsec 😎
