Now, I don't think they said how they got access to those messages, so maybe one of the recipients gave their password to unlock the messages. Or maybe the messages themselves are only encrypted in transit (e.g., stored unencrypted on the user's local device). Or maybe the #NSA's Utah facility was able to penetrate Signal's encryption.
Other possibilities: If attachments are unencrypted, the participants may have been putting incriminating data in attachments. Or they could have seized a device while someone was using Signal on it, in which case, the encrypted content was decrypted.
Also, #Signal and #Telegram are said to be flooded with new users.
I'm both glad and unglad to hear that.
Signal is fully end-to-end encrypted ( #E2EE ), so that's better than all other #corpocentric alternatives, but:
* they are centralized
* they collect data such as telephone number (can't use it without giving said info)
* I haven't used it, but I hear their video and audio calls are poor quality
Telegram has optional E2EE on certain types of communications.
* I believe their encryption is home-grown, so not battle-tested like professional algorithms.
* They are centralized
Anything is better than using any product or service owned by Facebook, so I'm glad to see the outmigration, but not glad that other centralized services are the main beneficiaries.
@geniusmusing If they're just grabbing unencrypted data at rest, then they should have already been grabbing #Signal (and #Telegram, #WhatsApp, and any other program that encrypts end-to-end, stores encrypted, and then decrypts when the user unlocks the program) data assuming that the user was logged into the app when the cops seized the phone.
Of course, it could just be that the vendor is trying to spook users into switching to something less secure, where they really can grab their data.
I assume that Snowden knows quite a bit more than I do about this subject, but I really can't expect that he's been able to keep updated with the capabilities of Cellebrite and similar companies from his refuge in #Russia.
But I don't object to others choosing such end-to-end encrypted messengers over messaging apps such as (for example) #Facebook_Messenger.
I personally use #Wire, #XMPP, #Matrix, and #WickrMe. (I tried #Jami, but it wasn't very usable yet; none of my contacts were willing to try #Tox or #Briar.) I've even considered getting a Google account again so I can use whatever their latest incarnation of messaging is (just because almost everyone I know has a Google account).
It does bother me that Signal and Telegram and most other messaging services are centralized and non-federated.
It seems we haven't learned from the 1990s & early 2000s when some friends had AOL Instant Messenger (AIM), some had MSN Messenger, some had Yahoo Messenger, some had ICQ, and a few had various other walled garden messengers (such as Excite's messenger). If I wanted to talk with all my friends, I needed to have accounts on every possible service. I should be able to communicate with my friends from whatever service I choose to use to whatever services they choose to use and not have to create accounts on every possible service.
But that's a matter of educating our friends and family, not of dogmatically refusing to communicate with them on any service they might use.
So there are two big issues with #Signal that make it unsuitable. The first one is that they don't federate, so users are perpetually bound to their servers. Users may use it and enjoy it and recommend it, but if OpenWhisper Systems (or whatever their current name is) decides to close down their servers, users are screwed. Second, is that they require users' telephone numbers. Now, I suppose this is because they act as a text message delivery system (only using the data plan instead of the carrier's SMS plan), but it does mean that as soon as someone figures out how to pierce the encryption, all those "secret" messages are now directly attributable to the person to whom the corresponding telephone number was issued.
On the other hand, I do see @rysiek posting about using and recommending Signal when communicating with whistleblowers and other news sources whose lives and freedom are at risk if $GOVERNMENT or $EMPLOYER were to ever discover them. He's convinced that when lives are in danger, Signal is the only messenger he trusts.
@aktivismoEstasMiaLuo#AWS is a bad procurement choice, but it's just commodity hosting, not a software dependency. If you dig a bit you'll find that most of the fediverse is ultimately hosted on AWS, as are #Signal, #Wire, and if I remember rightly, #Matrix.org. I'm pretty sure this isn't the worst thing about any given service, Reddit included.
@mark certainly can be done. After all the #Session folks forked the #Signal apps and rebuilt them to run on the #Loki#blockchain. I'd love to see someone do the same using #Matrix instead of Loki. Not sure how they'd do the voice/video chat, maybe using #Jami protocols? Session doesn't have realtime voice/video anyway.
@strypey So there's a lot to unpack in that document. The #Session onion routing protocol involves using a #blockchain called #Loki to make it difficult for an adversary to control a significant fraction of the nodes and prevent exposing the IP addresses (and therefore identities) of a user and his/her contacts to the same person or group. (As you noticed, Session is not yet using onion requests.)
There's also swarms and attachments and message storage (including attachments), online vs offline messages, multiple device support, spam resistance, a modified version of #Signal's encryption protocol, group chats (3-500 member "closed" groups are end-to-end encrypted like the rest of Session; "open" groups are not, and require an account on a special group server [self-hostable])
Note that all this stuff happens under the covers. It seems that Session will handle most of it without the user ever seeing it. I'm going to query some family members and see whether any would be willing to try this as a secondary channel (for now #Wire is our primary channel). Just adding offline messages is a clear advantage over #Jami, but the lack of audio & video chats is going to limit its usefulness.
I'm also pretty sceptical of the decision to make #Signal the default SMS app. I'm aware that of the #FreeCode chat apps that support both text and voice/ video, all are either walled gardens (eg Signal, #Wire, #Keybase) or painfully bleeding edge (eg #Riot, #Jami, #Tox, #Delta.chat). But I've discussed the reasons for my mistrust of the Signal and the cult-of-personality around it's founder at length.
@michel_slm > wondering how unfederated platforms like Signal will scale.
They already struggle. Using phone numbers as ID to frustrate spammers, despite the way that ties #Signal accounts to particular mobile devices/ cell phone account holders, is an example of the compromises they are making at current levels of use. Once #Matrix clients can turn encryption on by default without creating a #UX nightmare, Signal will be obsolete.
My pick for now? * #Riot: easy UX, reliable message delivery, functional group chat. It all gets a bit cludgier when you turn encryption on, but a friend has his family using it and says it's working well.
A friend of mine recently told me he's had good results getting friends and family using #Riot (the flagship #Matrix client). I'm seriously considering recommending that (or #Pattle) over #Signal or #Wire as the best #FreeCode chat app for use with non-geek friends+family. Riot has always had the major pro that's it already decentralized, using an #OpenStandard,. Other than that, it now has pretty much the same pros and cons as Wire, including being developed by a VC-funded parent company.