Meredith Whittaker reaffirms that Signal would leave UK if forced by privacy bill::Meredith Whittaker, the president of the Signal Foundation, the organization that maintains the Signal messaging app, spoke about the U.K.'s controversial new privacy bill at TC Disrupt 2023.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    10
    ·
    edit-2
    1 year ago

    I was kind of worried that India did not ban signal when they banned all the end-to-end encrypted chat applications.

    If the UK follow the same path, namely signal is exempted, that would be a strong indication that signal is compromised at the nation state level at the very least.

    Update: what’s with all the down votes? I’m a signal cheerleader, this is a test of signal, we’ll see how they react, how the ecosystem reacts. It’s curious. We should pay attention. That’s all I’m saying

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        edit-2
        1 year ago

        I don’t recall. I just know India did not ban signal. But they banned all the other end and encrypted apps I use. So it’s very curious.

        One of my colleagues said, and a very reasonable and intelligent colleague at that, if you were going to design a global intelligence honey pot for encrypted messaging, signals how you would do it.

        I’m not saying they are, but they have the capability to, structurally their ideal for honeypot. The fact that India didn’t ban them, that’s a data point…

        I still use signal, on the balance of probabilities it’s still the best platform for a general end to end encryption, but nothing is forever so I keep my options open

        • elmicha@feddit.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I’m curious how such a ban works. Of course they’ll tell Google and Apple to stop distributing the apps, but can’t you just sideload the app? Or are they blocking some network connections at the country level, or filtering DNS?

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 year ago

            It could get really interesting. Delisting from the app store would probably cover 90% of users.

            People could still sideload, or use fdroid or VPNs.

            If the UK got aggressive with internet filtering and blocked signals endpoints, signal proxies exist. But they would be slower for day-to-day use. Just like signal does for Iran.

            We might see a resurgence of domain front running, which I believe cloudflare and AWS had harsh words for signal when they used it before. But if it’s the only option.

            The internet will find a way to route basically. I have full faith in that

    • AllNewTypeFace@leminal.space
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      There’s a difference between the spooks being able to read everyone’s messages and the ordinary police being able to do so. Assuming that Five Eyes or similar have a secret way of decrypting Signal messages, it won’t remain a secret if every drug dealer who uses Signal is swiftly arrested. (Even with the trick of parallel construction, postal inspectors magically getting lucky every time someone uses Signal would get suspicious pretty quickly.) If the spooks can read your Signal messages, they are compelled to ration that capability rather than burning it.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Agreed 100%. So I think signal matches most people’s threat models, so it’s still great to recommend to people.

        If you were running some countries internal messaging service for diplomats. You might use signal, but you’d have to mirror the infrastructure to completely host it. And then probably add your own ciphers on top.

        All down to the threat model.

    • solidsnail@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It doesn’t necessarily mean that. It could also be that they attempt to block the rise of new platforms, and by doing so limiting the amount of platforms that they have to compromise.