• Arthur Besse@lemmy.ml
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    17
    ·
    edit-2
    1 year ago

    waaahh centralizing millions of slightly-privacy-aware people’s metadata on Amazon’s servers costs a lot of money, waaah

      • Arthur Besse@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Which metadata? Please elaborate

        • When you are online
        • Where you are online from
        • When you receive messages (and their size)
        • When you send messages (and their size)
        • Who you are communicating with (including individuals, and what groups you’re in).

        Those last two are supposedly hidden by their “sealed sender” feature, but, that is a farce because you’re connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive your messages. So, the metadata-hiding property that “sealed sender” purports to provide cryptographically is actually relying on their (Amazon’s) network infrastructure not to correlate the information available to it.

        Signal says that they don’t retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that.

        But if someone with the right access at Signal’s ISP (Amazon) wants the Signal metadata, they can get it, and if they can, then anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.

        One can say that the adversaries they’re trying to protect against don’t have that kind of capability, but I think it isn’t reasonable to say that Signal’s no-logging policy (much less their “sealed sender” cryptographic feature) is protecting metadata without adding the caveat that routing all the traffic through Amazon does make the metadata of the protocol’s entire userbase available in a convenient single place for the kind of adversaries that do.

        And if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?

        note to lemmy regulars, if this comment sounds familiar...

        i copypasta’d bits of the second half of it from an earlier comment that I made on someone else’s now-deleted post