So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.
This creates a sense of safety about these platforms being secure, because governments want to come after them.
Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.
Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?
TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.
For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.
Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat
~this is OG content created by me, a Lemmy user. Please don’t go too .ml on me in the comments.~
Signal is open source, right? Though that wouldn’t stop a bugdoor, it might at least make one harder. As you say, I think getting in through the OS itself is much more likely. Signal would put up much more of an ideological fight than Google, I imagine.
I think what op is saying is that your OS can spy on signal since you input plaintext into signal to be encrypted, or when you receive messages they get decrypted on your device.
Exactly, even is Signal is secure across the wire, if you have a kit like Pegasus on your phone then it can just capture keyboard input, and screen output, entirely bypassing Signal itself.
Correct
IIRC Signal has issues as far as being classified as open source. It includes proprietary code. Molly is a fully open source version. Both use the same servers, but they also have issues.
So session or simpleX?
I used session for years, but I wouldn’t anymore. Doesn’t simpleX have a Nazi problem? There’s also briar, which I have installed but have never used because nobody else uses it 🤣.
The network problem is a huge issue with messengers, yeah.
Dunno about any nazi problem, you mean the devs? Kinda weird. People using it? That’s what you get if you democratize a tool - anyone can use it.
I thought the server side isn’t?
It was always open source, but they didn’t update the repo. They started updating it a few years ago after complaints from users. https://github.com/signalapp/Signal-Server
Anyways, it’s impossible to know if that’s the code they’re actually running on their servers. You just have to trust them the same way you trust “no logs” VPNs aren’t actually logging your activity.