Some are quick to promote apps as being safe for your use just because they are encrypted. I will talk about how many of the popular apps that are commonly t...
Well this is that this video is about, no? Maybe a bit hyperbole, but it does raise valid questions about metadata issues especially related to phone-number use that the e2ee fan-boys usually try to ignore.
No, this video talks about the tiniest bit of metadata leak as if it’s the end of the world, when it isn’t.
Putting all the apps at the same level is complete bullshit. Telegram doesn’t even really do E2EE (it’s off by default and only available for a fragment of the features provided by Telegram), and ProtonMail and Tutanota are completely different from Signal with regards to what they protect from.
His solution is to self-host emails. That’s out of reach for 99.99% of internet users, and doesn’t prevent any form of tracking. If you self host, you may be able to create infinitely many emails but they will all be identifiable to you because they all share the same domain name… If you use a VPS to host your email, your host can also access your running VM and all its data and there’s nothing you can do about it, or even detect it.
ProtonMail, Tutanota, Signal are not designed to help you detonate a nuclear bomb in new york. They’re designed to prevent the NSA from doing mass surveillance. And if you suddenly become a high value target, government agency might have access to some metadata through them, but that’s true for almost any service you use, and those are going to give them much less metadata and are much more likely to try to fight in court to avoid having to share it.
This video also completely ignores the fact that at some point humans play a role. Even if everything is encrypted and no metadata exists, it is still very easy to just trick your friends and family to give away info about you. Unless you live in the woods with no contact at all, it will be much easier to just go through real people than breaking into theses systems relevant xkcd.
People (including me) do say just use Signal, because I’m not talking to Snowden, I’m talking to random people who don’t know shit about computers and theses services are a very easy way to reclaim a lot of privacy without sacrificing features. Even I don’t bother hosting my own stuff or refrain from communicating with other people just because they’re not using tools that are way too complex for the normal user and lack features that every other service offers…
He does mention that he self-hosts and uses it to talk only to people on his own network, but in 99.999% of people that will mean only talking to themselves…
I think you are not the target of this video. The target of this video are people who do not think about threat modeling at all and just assume it is safe to use because e2ee and Signal marketing BS and continue using these services the exact same way as they used gmail or Facebook messenger before. And he is right to point out that that immediately invalidates most of the privacy benefits due to metadata leakage.
And he is right to point out that that immediately invalidates most of the privacy benefits due to metadata leakage.
That’s just not true?
Switching from Messenger to Signal will always be a huge step up regarding privacy and security, no matter what your threat model is. Some metadata potentially (we don’t have any evidence that Signal has ever leaked anything) leaking is much better than knowing your metadata (and data) is being used to track you constantly…
I think you are not the target of this video. The target of this video are people who do not think about threat modeling at all and just assume it is safe to use because e2ee and Signal marketing BS and continue using these services the exact same way as they used gmail or Facebook messenger before
What? If someone doesn’t think about threat modeling I either explain it to them or build a reasonable model for them. I don’t tell them to go live in the woods because otherwise there is one bit of information about them that might leak…
I think an important difference is that we are comparing companies that definitely sell your metadata to companies that could sell your meta data but where there is no known case (to me) that they actually do, e.g Signal. So it comes down to trust.
Not really. One of the main points he makes in the video is that phone-number use in an inherent metadata leak and even without Signals involvement it can be used to reverse track a social graph without you being able to do anything about it.
And this is not a theoretical threat either, something like that was done to identify democratic activists during the recent Hong-Kong protests and put them in jail.
And this is not a theoretical threat either, something like that was done to identify democratic activists during the recent Hong-Kong protests and put them in jail.
Note that while this is about Telegram, this problem of reverse phone-number lookup also exists AFAIK with Signal.
Where is the source for Signal?
Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source
You are missing the point. If you have a big list of suspect phone-numbers you can put them into Signal and it will show all that have their phone numbers registered with Signal. That is a metadata leak and quite a significant one.
You (as aggressor) scan all your known mobile numbers agains let’s say Signal and discover that some numbers use Signal. That I understand. But now what? Unless you are the company Signal you would not have access to further data, or ?
Sure you can easily get further data by for example asking the phone companies for cell-tower log-in location and times. This you can then narrow down against your list of Signal using suspects and either remotely infect their phones with a trojan or simply snatch up the hardware at a “random” police check and access the already decrypted messages with identifiable phone-numbers of all the group-members.
Compare that to a messenger that does not use phone numbers at all and even does not transmit network IDs to other group-chat members. Then the police has no idea who to target and no reasonable indication that could be used with a judge to get a search warrant either.
Sure you can easily get further data by for example asking the phone companies for cell-tower log-in location and times. This you can then narrow down against your list of Signal using suspects and either remotely infect their phones with a trojan or simply snatch up the hardware at a “random” police check and access the already decrypted messages with identifiable phone-numbers of all the group-members.
What the fuck? Sure, you could also just being tortured till you tell them everything you know, but fking tracing over cell companies is not a security flaw in an app.
They could also just as well decrypt your self hosted emails that are cached on your device.
What I explained is commonly done by law-enforcement agencies to get search warrants and permission to install trojans on devices of a relatively large number of suspects. Having your phone number registered with Signal, having been near a certain place and at a certain time + being male and 20 something years old is usually sufficient to get permission to do so by a judge as these three metadata points significantly narrow down the number of suspects.
Luckily law-enforcement agencies in most countries don’t go around torturing large amounts of people on very weak indications that they might have been somehow within 5km of a protest or crime.
Which is totally bonkers since surveillance happens primarily in transit. If he’s communicating with someone through PGP via Protonmail, it’s just as secure as if he would do it through his own email. All of his banking details - things like that - are just as exposed on any email service (except maybe Google cause they read your inbox for “user experience”).
When it comes to states spying you then there is no safety. The state can always just send someone over to put a gun on your head (or the legal equivalent) and voila, you yourself give them your data.
And I understand that states are very different in their (perceived) legal integrity, but if I should guess ( no evidence) then all the encryption and safety development benefit criminals most. Also some journalists and dissidents but mostly criminals to do their criminal business and in the whole, if you have the fortune to live in a state that can be mostly trusted I prefer that Police has some lever identity this kind communication. Not in-similar to when Police is allowed to tap your phone (after a judge signed off). Not many people where concerned about that.
So so in the end I feel the bigger threat are private companies who sell all your data for the highest bidder regards of the bidders intention. And provided you trust Signal, ProtonMail and Tutanota then they definitely reduce the risk there (imho).
Even with a gun to your head you can still make the choice to say “no”. This is always the case - you always have the choice to refuse, you just have to be prepared to live with the consequences.
I needed to be police vetted for a job and they wanted to know lots of stuff about me, including who I’d slept with in the last five years (becaue, allegedly, this information could be used to blackmail so… Well so why would I tell the rozzers, exactly…? Anyway, getting off my point). I refused to tell them because the people I’d slept with hadn’t given their consent. I was refused the job *shrug
Well this is that this video is about, no? Maybe a bit hyperbole, but it does raise valid questions about metadata issues especially related to phone-number use that the e2ee fan-boys usually try to ignore.
No, this video talks about the tiniest bit of metadata leak as if it’s the end of the world, when it isn’t.
Putting all the apps at the same level is complete bullshit. Telegram doesn’t even really do E2EE (it’s off by default and only available for a fragment of the features provided by Telegram), and ProtonMail and Tutanota are completely different from Signal with regards to what they protect from.
His solution is to self-host emails. That’s out of reach for 99.99% of internet users, and doesn’t prevent any form of tracking. If you self host, you may be able to create infinitely many emails but they will all be identifiable to you because they all share the same domain name… If you use a VPS to host your email, your host can also access your running VM and all its data and there’s nothing you can do about it, or even detect it.
ProtonMail, Tutanota, Signal are not designed to help you detonate a nuclear bomb in new york. They’re designed to prevent the NSA from doing mass surveillance. And if you suddenly become a high value target, government agency might have access to some metadata through them, but that’s true for almost any service you use, and those are going to give them much less metadata and are much more likely to try to fight in court to avoid having to share it.
This video also completely ignores the fact that at some point humans play a role. Even if everything is encrypted and no metadata exists, it is still very easy to just trick your friends and family to give away info about you. Unless you live in the woods with no contact at all, it will be much easier to just go through real people than breaking into theses systems relevant xkcd.
People (including me) do say just use Signal, because I’m not talking to Snowden, I’m talking to random people who don’t know shit about computers and theses services are a very easy way to reclaim a lot of privacy without sacrificing features. Even I don’t bother hosting my own stuff or refrain from communicating with other people just because they’re not using tools that are way too complex for the normal user and lack features that every other service offers…
He does mention that he self-hosts and uses it to talk only to people on his own network, but in 99.999% of people that will mean only talking to themselves…
I think you are not the target of this video. The target of this video are people who do not think about threat modeling at all and just assume it is safe to use because e2ee and Signal marketing BS and continue using these services the exact same way as they used gmail or Facebook messenger before. And he is right to point out that that immediately invalidates most of the privacy benefits due to metadata leakage.
The technologies used in Signal protect a lot against metadata leakage. Group information is encrypted, your contact list isn’t stored on their servers (it is sent but obscured and uses a lot of tricks to make it harder for them to access it). They also have sealed sender which enables them to reduce the metadata they collect.
That’s just not true? Switching from Messenger to Signal will always be a huge step up regarding privacy and security, no matter what your threat model is. Some metadata potentially (we don’t have any evidence that Signal has ever leaked anything) leaking is much better than knowing your metadata (and data) is being used to track you constantly…
What? If someone doesn’t think about threat modeling I either explain it to them or build a reasonable model for them. I don’t tell them to go live in the woods because otherwise there is one bit of information about them that might leak…
I think an important difference is that we are comparing companies that definitely sell your metadata to companies that could sell your meta data but where there is no known case (to me) that they actually do, e.g Signal. So it comes down to trust.
Not really. One of the main points he makes in the video is that phone-number use in an inherent metadata leak and even without Signals involvement it can be used to reverse track a social graph without you being able to do anything about it.
And this is not a theoretical threat either, something like that was done to identify democratic activists during the recent Hong-Kong protests and put them in jail.
Source?
https://www.zdnet.com/article/hong-kong-protesters-warn-of-telegram-feature-that-can-disclose-their-identities/
Note that while this is about Telegram, this problem of reverse phone-number lookup also exists AFAIK with Signal.
Where is the source for Signal? Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source
You are missing the point. If you have a big list of suspect phone-numbers you can put them into Signal and it will show all that have their phone numbers registered with Signal. That is a metadata leak and quite a significant one.
Ok, out of interest, how does this work?
You (as aggressor) scan all your known mobile numbers agains let’s say Signal and discover that some numbers use Signal. That I understand. But now what? Unless you are the company Signal you would not have access to further data, or ?
Sure you can easily get further data by for example asking the phone companies for cell-tower log-in location and times. This you can then narrow down against your list of Signal using suspects and either remotely infect their phones with a trojan or simply snatch up the hardware at a “random” police check and access the already decrypted messages with identifiable phone-numbers of all the group-members.
Compare that to a messenger that does not use phone numbers at all and even does not transmit network IDs to other group-chat members. Then the police has no idea who to target and no reasonable indication that could be used with a judge to get a search warrant either.
What the fuck? Sure, you could also just being tortured till you tell them everything you know, but fking tracing over cell companies is not a security flaw in an app.
They could also just as well decrypt your self hosted emails that are cached on your device.
What I explained is commonly done by law-enforcement agencies to get search warrants and permission to install trojans on devices of a relatively large number of suspects. Having your phone number registered with Signal, having been near a certain place and at a certain time + being male and 20 something years old is usually sufficient to get permission to do so by a judge as these three metadata points significantly narrow down the number of suspects.
Luckily law-enforcement agencies in most countries don’t go around torturing large amounts of people on very weak indications that they might have been somehow within 5km of a protest or crime.
Which is totally bonkers since surveillance happens primarily in transit. If he’s communicating with someone through PGP via Protonmail, it’s just as secure as if he would do it through his own email. All of his banking details - things like that - are just as exposed on any email service (except maybe Google cause they read your inbox for “user experience”).
The only time he mentions email in the vid is to say that its not secure and you shouldn’t use it. Email was definitely not the focus of the vid.
Yeah fair enough, I’m just nit-picking for discussion’s sake to be honest.
When it comes to states spying you then there is no safety. The state can always just send someone over to put a gun on your head (or the legal equivalent) and voila, you yourself give them your data.
And I understand that states are very different in their (perceived) legal integrity, but if I should guess ( no evidence) then all the encryption and safety development benefit criminals most. Also some journalists and dissidents but mostly criminals to do their criminal business and in the whole, if you have the fortune to live in a state that can be mostly trusted I prefer that Police has some lever identity this kind communication. Not in-similar to when Police is allowed to tap your phone (after a judge signed off). Not many people where concerned about that.
So so in the end I feel the bigger threat are private companies who sell all your data for the highest bidder regards of the bidders intention. And provided you trust Signal, ProtonMail and Tutanota then they definitely reduce the risk there (imho).
Even with a gun to your head you can still make the choice to say “no”. This is always the case - you always have the choice to refuse, you just have to be prepared to live with the consequences.
I needed to be police vetted for a job and they wanted to know lots of stuff about me, including who I’d slept with in the last five years (becaue, allegedly, this information could be used to blackmail so… Well so why would I tell the rozzers, exactly…? Anyway, getting off my point). I refused to tell them because the people I’d slept with hadn’t given their consent. I was refused the job *shrug
I wouldn’t give the job to a rapist either. 🙃
To be clear, I meant consent for me to share their love-life with the police!
You’re a naughty person! But you did make me laugh.
I hope he just made a mistake when typing haha