• Dreeg Ocedam@lemmy.ml
    link
    fedilink
    arrow-up
    2
    arrow-down
    3
    ·
    3 years ago

    If that were the case, the sealed sender stuff would a complete lie, which would seem out of character for Signal.

    Of course they know which client connects when to their server and sends messages to them.

    Why ? The authentication can be done on the receiving side through cryptography. Why would it be required for the server to also authenticate the sender?

    • Dessalines@lemmy.mlOP
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      3 years ago

      If that were the case, the sealed sender stuff would a complete lie, which would seem out of character for Signal.

      It seems like your loyalty to signal isn’t based on any facts or history whatsoever. I go over the untrustworthy history of signal’s founders, but you’ve ignored all those points in your replies so far.

      • ᗪᗩᗰᑎ@lemmy.ml
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        3 years ago

        I go over the untrustworthy history of signal’s founders

        The OTF also funds the following: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project

        You going to say that Briar is a good alternative despite receiving funding from the CIA just like Signal? How about QubesOS or NoScript. Are they also no longer trustworthy because they’re funded by the OTF?

        • Dessalines@lemmy.mlOP
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          3 years ago

          That honestly does make me question those projects a bit more, and should put some more scrutiny on them. Radio free asia is not looking out for open source, they’re trying to get a jump on coopting projects, because no one else is funding open source.

      • Dreeg Ocedam@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        4
        ·
        3 years ago

        It seems like your loyalty to signal isn’t based on any facts or history whatsoever.

        See this comment

        I go over the untrustworthy history of signal’s founders, but you’ve ignored all those points in your replies so far.

        Regarding your radio free asia funding story, Whisper Systems was founded in 2010 according to Wikipedia, while the funding from the open tech fund started in 2013. There’s a lot of differences between Funding and FOunding. At that point it was already open sourced. It’s really far fetched to think that somehow, the US took control of it at that point.

        You even ignore the point that Whisper System temporarily belonged to twitter, also a US company, which would have been a much simpler way for the US to seize control of the project than to go through some fund bla bla bla

        • Dessalines@lemmy.mlOP
          link
          fedilink
          arrow-up
          4
          ·
          3 years ago

          Of course, I never said it was founded by radio free asia, just that it got its initial funding from them. The only thing thats up for debate there, is their continued involvement.

          But based on them defending signal from critics as recently as a few years ago.

          2ndly, open source doesn’t mean too much for centralized services that aren’t self hostable, and especially ones that delay their source code updates until the community wonders why there haven’t been any after a full year.

          • Dreeg Ocedam@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            3
            ·
            edit-2
            3 years ago

            But based on them defending signal from critics as recently as a few years ago.

            Link?

            2ndly, open source doesn’t mean too much for centralized services that aren’t self hostable

            There are forks that exists such as Session. Open Source is important

        • Halce@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          Whisper Systems was founded in 2010 according to Wikipedia, while the funding from the open tech fund started in 2013.

          Interestingly, Singnal actually introduced its cryptographic protocol to the public only in 2013, when they got the funding (see even Wikipedia for that).

          • Dreeg Ocedam@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            3 years ago

            The app already had E2EE at that point, this only marks the release of the v2 of their protocol, which is now considered state of the art for asynchronous messaging.

      • Dreeg Ocedam@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        3 years ago

        If the only thing they have is an IP address it is much less info than the actual phone number of who sent the message. It can also be very easily prevented by using a VPN or the built-in anti censorship proxy.

          • chiefstorm@lemmy.ml
            link
            fedilink
            arrow-up
            1
            arrow-down
            2
            ·
            3 years ago

            Not to point out the obvious, but if someone uses a burner phone to initially setup their signal account, that is another big layer of privacy

              • chiefstorm@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                3 years ago

                Oh shit, well I had no idea. Hell, I know in China you used to easily get a burner number, but now it is restricted… Well listen, that certainly changes the conversation.

                Do you know if there are any pay-as-you-go phone plans in Europe ?

          • Dreeg Ocedam@lemmy.ml
            link
            fedilink
            arrow-up
            1
            arrow-down
            3
            ·
            3 years ago

            they still also know when a specific client with a specific phone number connects to their network

            I don’t think so. I didn’t really fully understood how sealed sender worked until now and only trusted Signal to implement it properly. I’m currently reading this which explains how it works and it seems to provide similar guaranties to what I assumed. The server can only have the IP of the sender. There seem to be some issues, but it’s not as trivial as you seem to think it is. They may also have implemented the mitigations since.