What does having Signal installed has to do with tracking down and installing a Trojan?

I don’t think that they will track only track you down for using Signal, and if they are they still will install a Trojan even without Signal installed on your phone.

You are missing the point. If you have a big list of suspect phone-numbers you can put them into Signal and it will show all that have their phone numbers registered with Signal.

Yes. That’s exactly what you get. A list of Signal users.

That is a metadata leak and quite a significant one.

Why is a user list in itself “a significant metadata leak”. You would need other information for that, like groups, contacts, online times or anything else. But you don’t get that, so I can only repeat my question: what is the problem with it?

This YouTuber is actually notorious for not posting sources to his claims. Which is just goofy since he considers himself to be a source of non-mainstream information on privacy.

From my (very limited) point of view, he is just talking a lot of bullshit.

Its even counterproductive, because he is putting quite good (even tho maybe not perfect) applications on the same level as Facebook’s application, which are so different that I can’t discribe it.

He gives the example of a fed wanting to find a suspects for a hacking case. He has a potential list of names, and subpoenas the phone company’s for their phone numbers. He then installs signal, whatsapp, telegram ( all of those services that use real person identifiers ) and adds those phone numbers to his contact list. Boom, now he can narrow down suspects because all of those services, including signal, will tell you if that person uses signal.

The only thing the fed is doing here is checking if number x has signal installed. How is ‘having signal installed’ connected to ‘being a hacker/criminal’?

Sure you can easily get further data by for example asking the phone companies for cell-tower log-in location and times. This you can then narrow down against your list of Signal using suspects and either remotely infect their phones with a trojan or simply snatch up the hardware at a “random” police check and access the already decrypted messages with identifiable phone-numbers of all the group-members.

What the fuck? Sure, you could also just being tortured till you tell them everything you know, but fking tracing over cell companies is not a security flaw in an app.

They could also just as well decrypt your self hosted emails that are cached on your device.

Note that while this is about Telegram, this problem of reverse phone-number lookup also exists AFAIK with Signal.

Where is the source for Signal? Because ASAIK there is no metadata accessible for Signal besides creation data of the account and the last time the account was online. No groups, no contacts, no anything. Source

I don’t know…

• He is saying that encryption makes you a target: Well, WhatsApp is encrypted. So with approximately 2 billion people that all are getting targeted, being targeted isn’t bad anymore, because there are so many targets.

• Signal can track metadata: Where is the proof, where is the reference, where is anything of that? Moxie Marlinspike showed all his metadate in a talk of his. The only metadata there is to read is “lastSeen” and “accountCreated” which says basically nothing. No groups, no contacts, no everything. Bold assertion to say otherwise without any kind of proof.

Second this. Also I am not sure, which Telegram features are missing in Signal? You have private voicechat, background server connectivity (so you don’t rely on google cloud messaging), you have voice/video calls, group chats. Sure you don’t have public group chats, and no video message, but who really cares?

But you also cant just say “I don’t like it personally”, make it better for me, but for free and open source…that is not the propose of Open source. Lemmur is already really good in my opinion, stable and does the job. And it will only get better over time.

Maybe @[email protected] is the best to answer it, but are there any measures of how many new sign ups there are?

Thats the thing with FLOSS software. You can help it becoming better by contributing or just fork it to do your own stuff

Hi, I am bit late to the party, but whatever.

First of all, thanks for the post and all its information and references. I totally agree on DDG, but would like to discuss Qwant a little bit.

One of your points is Tor hostility. I just checked with my own Tor Browser, and I can access qwant.com easily without problems. I have even renewed my identity and the tor circuit several times, without any pop ups, captchas etc. so the probably fixed this.

In your linked article about partnership with Microsoft the last article says:

The user is not talking to Microsoft

At last, let’s talk about you, users. When you use Qwant, you will always be connected to machines that we own and operate directly. You will never be connected to Azure’s cloud machines, and your personal data is never shared with third parties. We use Azure for Qwant’s back office purposes, namely computing the index of the Web. We take this opportunity to remind you that as soon as you connect to our search engine, our servers anonymize your data, especially your IP address which is salted and hashed. That is, we add noise and a breakdown of this IP address to make it anonymous when we ask to display ads or have to store data in our logs. Only this anonymous data is being used in our internal network.

And even though I don’t like it, I can understand it. Small companies have limited budget and can not afford there datacenter to be even bigger then they are for stuff the don’t need 24/7 in production.

As your other points do not focus on the privacy of the search results (and users of the search engine), I personally do not care. Is there any indication (or even proof) of Qwant not beeing private or secure?

What search engine do you use personally, or/and can you please list a few which are better in your oppinion?