Post · bonfire.cafe

@yogthos@social.marxist.network · yesterday

I get the impression that most people don't understand how important metadata such as phone numbers is when it comes to privacy.

For example, by requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.

🧵

#privacy #signal #security #surveillance

Jamey Sharp

@jamey@toot.cat replied · 15 hours ago

@yogthos As far as I understand, the social graph in Signal has been inaccessible to Signal's servers and employees for years. See https://signal.org/blog/sealed-sender/ for one piece; I'm not sure what all they've done since then. But as I recall they've asserted that the only information they are technically capable of providing in response to law enforcement requests is the timestamp of when you last logged in—nothing about who you've communicated with.

So while you're right that securing metadata is critical for privacy, I think critiquing Signal in particular about it is misguided.

Signal Messenger

Technology preview: Sealed sender for Signal

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, ...

Yogthos

@yogthos@social.marxist.network replied · 13 hours ago

@jamey as I've explained here, sealed sender does not actually solve the problem https://social.marxist.network/@yogthos/115346473586621053

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.13 no JS en

Automatic federation enabled