Privacy

31993 readers

449 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

109

Signal says 1,900 users’ phone numbers exposed by Twilio breach – TechCrunch (techcrunch.com)

submitted 2 years ago by dessalines@lemmy.ml to c/privacy@lemmy.ml

53 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] kvjxq@beehaw.org 22 points 2 years ago (23 children)

It's abominable that Signal still requires a phone number.

[–] AgreeableLandscape@lemmy.ml 20 points 2 years ago* (last edited 2 years ago) (15 children)

How else are they going to track you?

No, seriously. Even if the messages are encrypted, the metadata including your account info and the account info of everyone you talk to are not. In a lot of these cases, they don't have to have the actual contents of the messages to have a pretty clear picture of what you might be talking about!

With a phone number that's almost certainly registered to your real identity, it makes it trivial to track what you as a person is doing even without breaking the encryption! An encrypted messenger that requires anything related to your real identity to get an account is security theatre.

For example: if you suddenly start messaging back and fourth with an account, and that account happens to have the same phone number as the one on the business card and website of an out of state abortion clinic worker, and your own phone number's area code just so happens to fall in a state that banned abortions after Roe v Wade got trashed, it juuuust might imply a few things about you. They can't definitively prove what the messages were, but if your state criminalizes any and all attempts to get an abortion anywhere, it's probably enough to get a warrant against you.

[–] ree@lemmy.ml 2 points 2 years ago (1 children)

What you wrote is simply wrong.

Signal encrypt metadata to the best of their capacity. On the contrary matrix, xmpp, telegram, WhatsApp don't (unless sth changed since last year)

For example on my matrix server I could read the IP, username and time of each message.

https://signal.org/blog/sealed-sender/

[–] dessalines@lemmy.ml 1 points 2 years ago (1 children)

This is what they tell you. Since signal isn't self-hostable or federated, you can't verify that.

[–] ree@lemmy.ml 2 points 2 years ago

As far as i understand this is a client side implementation. So it's verifiable.

load more comments (13 replies)

load more comments (20 replies)