So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.
This creates a sense of safety about these platforms being secure, because governments want to come after them.
Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.
Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?
TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.
For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.
Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat
My own conspiracy theory is that, apple introduced fingerprint or face scanners right after that that lawsuit.
The US government has the ability to access any info from US companies. Most likely they can recreate devices. And to unlock, they just need face id or fingerprints both of which the government collects on every citizen.
Legally they don’t need consent to have our biometric data but for passwords and pattern, they need it.
If we take your TLDR at face value, then the result is in no way specific to Signal. Threema, Session, Matrix, Briar, RocketChat, and any other messenger (including the closed source ones) would be equally affected. For that matter, so would Keybase, any encrypted e-mail provider you access from your phone, your VPN (personal or paid) … everything.
Given that, singling out Signal in the post title is clickbaity at best. If I’m putting on my <tinfoilhat> it could be seen as an attempt to drive people to less secure options by scaremongering the one that provides the most protection.
But if we make the assumptions you suggest, why stop there? An undisclosed vulnerability needn’t be limited to stock Android - any fork is potentially vulnerable. And why aren’t they calling for LUKS backdoors? Or the elimination of VPNs? Or … </tinfoilhat>
The reality is that there is another axis to security this type of all-or-nothing aproach to security ignores - how interested are they in you as a target. When that is factored in, the conclusion is that the use of encryption as secure as possible wherever possible helps everyone, because:
- Most approaches to retrieving that data take time and effort to apply. The governments have vast resources, but not unlimited, so they pick their targets based on priority. More people using encryption helps with this.
- The more often they use a backdoor or vulnerability, the more likely they are to be caught at it. So they will probably save it for higher priority targets. More people using encryption helps with this.
- High priority targets remain vulnerable to the hammer attack. With governments, this more often looks like terrorism charges, tax audits, obvious surveillance for intimidation, etc. In extreme cases though, everything up to and including disappearing and assassination are on the table. This one encryption doesn’t help with.
TLDR: Even if true (big if), this type of scaremongering is unhelpful at best, and probably counterproductive. Name checking the most secure option when the threat model applies to any possible messenger is clickbaity and definitely counterproductive.
Oh … but oh!
TLDR; The people accusing an author of clickbait are often penning bait to drag the OP into a mud fight.
You make some valid points but the way you’re going on the offence and present your points isn’t welcoming to more discussion for me. Maybe others will.
Except that I didn’t accuse you of clickbaiting - I pointed out that the style was similar and has unfortunate consequences.Because the headlines we’re used to reading are so pervasively clickbait, it’s an easy trap to fall into because that’s how we’re used to seeing things titled.Edit: On rereading my comment - yeah, that did come off pretty confrontational. Signal gets a lot of bad-faith criticism from people pushing alternatives that are provably less secure, so it’s a knee-jerk reaction for me at this point. In my defense, there’s a reason the more confrontational statements were in a “tinfoil hat” tag - it was meant to make clear they were not literal accusations.
All good, looks like you won the downvote wars anyway, an important aspect of online discourse.
For what it is worth, I used Signal in the title, because that’s what’s been in the media and the app governments have been going after, see the country name hyperlinks.
So you are saying that because the US likely has work around for apple encryption that they also have access to all signal chats?
Not exactly. I’m saying most likely, as far as vanilla iOS and Android, most likely there are NSA backdoors available for counterintel (most likely unreported exploits) that allow them root OS access if required. It would wait till the phone is sleeping and charging and on wifi and then you wouldn’t notice. I doubt this would happen routinely to everyone, but the lack of them asking for a backdoor while a bunch of other western countries are, is pretty telling. And it wouldn’t just be signal. It would simply be everything that’s on your device.
But wouldn’t you say this is better than OPENLY requiring a backdoor? Because if NSA had access (via their own hacking or asked for backdoors in secret), than it is much easier for new people to make new (backdoor free) hardware and software that is harder/impossible to hack, allowing people to have security and privacy once again just by switching, even if it’s temporary.
But if government OPENLY requires backdoors then all new hardware and software would need to meet this new standard, which is easier for the government to control.
So I think it’s better to fight the government in the shadows than in the open, in this regard.
This is an odd argument.
Would you rather taste your own shit or would you prefer for me to cook for you every and not tell you which day I’m mixing your own shit into your food?
It actually goes like this
Would you rather be forced fed your own shit or would you prefer for me to cook for you every and not tell you which day I’m mixing your own shit into your food?
Anyone would choose the latter one. Also, this is ALREADY happening. The former is worse
Your modification doesn’t change anything. I guess it’s just two different types of people. I care about consent, and others prefer the head in the sand approach. Both have their pros and cons.
But consent wasn’t one of the options. Government is going to do it in the shadows or in broad daylight. Which do you prefer
Broad daylight, thank you. And a double shot espresso on the side.
/tinfoil
OP is actually just a government agent trying to create a false sense of security that you are safe on linux and behind TOR, when in reality, your Intel ME / AMD PSP is already snitching.
Yes, sure go “turn off” your telescreen.
/end-tinfoil
This one right here officer!
deleted by creator
