Janneke on Nostr: Why Signal is not a secure messenger! Signal runs its entire traffic via the clouds ...
Why Signal is not a secure messenger!
Signal runs its entire traffic via the clouds of Google, Amazon, Microsoft & Cloudflare. They don't tell their users this, but speak of “3rd parties” in a trivializing way.
These 4 IT giants have enough of your IP address and the Americans know who is writing to whom = valuable metadata!
There are no “free” messengers!
Why do they use these 4 cloud providers and not just one of them, or another cloud service?
Because they are the biggest, with the widest distribution. And they have the most data!
Google's Android runs on around 85% of all smartphones. This sends encrypted data “home” every day. So you can assume that Google can always link 85% of all smartphone IPs to the respective user!
Amazon is the online shopping market leader (in the West) and can provide the name and address for IPs.
Microsoft is the world market leader in operating systems and can provide further user data, for example the IP of your wifi.
And Cloudflare is “stuck” invisibly in front of many well-known websites and knows the surfing behavior for the IP!
More espionage or user data collection is almost impossible!
Financing
If you want to know who is behind it, you have to look at where the money comes from.
Signal gets money from the Open Technology Fund = US government.
https://www.opentech.fund/projects-we-support/supported-projects/signal-open-whisper-systems/
If they put money into it, then they want something in return = namely data!
Open Technology Fund = “Affiliations U.S. Government”
https://en.wikipedia.org/wiki/Open_Technology_Fund
In addition, WhatsApp billionaire Brian Acton has invested millions of dollars in the Signal Foundation. That alone should give you pause for thought!
He had a lot of functions built into SignalApp that were stolen/adopted 1:1 from WhatsApp. Both messengers also use the same protocol.
So you can assume that if the Signal app has enough users, he will sell the whole thing back to Facebook/Meta. The data in the cloud services will then be the real treasure for which Zuckerberg will again make billions.
Cloud Act
And everything that the cloud services have on you can be obtained and viewed by US services via the Cloud Act!
“The law obliges American internet companies and IT service providers to guarantee US authorities access to stored data even if it is not stored in the USA.”
https://en.wikipedia.org/wiki/CLOUD_Act
MetaData, MetaData, MetaData....
The Americans are only ever interested in MetaData! So: Who writes when with whom, how often, etc.
A quick reminder:
“Metadata tells you absolutely everything about a person's life. If you have enough metadata, you don't really need the content.”
NSA General Counsel
Stewart Baker
See:
“We kill people based on metadata”
https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
How “great” the encryption is only plays a subordinate role. Cloud spies almost always only need your IP and that of the recipient and they know who is writing to whom = valuable metadata.
Compulsory telephone numbers
Even today, Signal still demands that you give out your mobile phone number and this will always remain the case (I've been saying this for 6 years).
This reveals your complete identity, because in the EU all mobile numbers must be registered by name. And if not, government services can query device and location data via “silent SMS” without the user being aware of it.
All of this together (cloud storage, compulsory mobile phone numbers and CloudAct.) gives a very detailed user picture, which works into the arms of the US services.
If you want to know how to do it right, take a look at Threema, the messenger that can be used 100% anonymously:
Threema does not use any third-party (cloud) services, but runs everything via its own server.
Messages are only stored until they have been successfully delivered. Then they are deleted.
And most importantly:
Threema does not store any metadata or IP's!
Quasi confirmed in court here (translate for yourself)
https://magazin.nzz.ch/wirtschaft/threema-wehrt-sich-erfolgreich-gegen-staatliche-ueberwachung-ld.1558968
If you want to communicate securely and anonymously without leaving any traces on the operator's infrastructure, there's no way around Threema.
There are no “free” messengers. You always have to pay - either with your privacy or, as with Threema, with a few euros in return for not storing anything about you. The latter is clearly the better option.
Signal runs its entire traffic via the clouds of Google, Amazon, Microsoft & Cloudflare. They don't tell their users this, but speak of “3rd parties” in a trivializing way.
These 4 IT giants have enough of your IP address and the Americans know who is writing to whom = valuable metadata!
There are no “free” messengers!
Why do they use these 4 cloud providers and not just one of them, or another cloud service?
Because they are the biggest, with the widest distribution. And they have the most data!
Google's Android runs on around 85% of all smartphones. This sends encrypted data “home” every day. So you can assume that Google can always link 85% of all smartphone IPs to the respective user!
Amazon is the online shopping market leader (in the West) and can provide the name and address for IPs.
Microsoft is the world market leader in operating systems and can provide further user data, for example the IP of your wifi.
And Cloudflare is “stuck” invisibly in front of many well-known websites and knows the surfing behavior for the IP!
More espionage or user data collection is almost impossible!
Financing
If you want to know who is behind it, you have to look at where the money comes from.
Signal gets money from the Open Technology Fund = US government.
https://www.opentech.fund/projects-we-support/supported-projects/signal-open-whisper-systems/
If they put money into it, then they want something in return = namely data!
Open Technology Fund = “Affiliations U.S. Government”
https://en.wikipedia.org/wiki/Open_Technology_Fund
In addition, WhatsApp billionaire Brian Acton has invested millions of dollars in the Signal Foundation. That alone should give you pause for thought!
He had a lot of functions built into SignalApp that were stolen/adopted 1:1 from WhatsApp. Both messengers also use the same protocol.
So you can assume that if the Signal app has enough users, he will sell the whole thing back to Facebook/Meta. The data in the cloud services will then be the real treasure for which Zuckerberg will again make billions.
Cloud Act
And everything that the cloud services have on you can be obtained and viewed by US services via the Cloud Act!
“The law obliges American internet companies and IT service providers to guarantee US authorities access to stored data even if it is not stored in the USA.”
https://en.wikipedia.org/wiki/CLOUD_Act
MetaData, MetaData, MetaData....
The Americans are only ever interested in MetaData! So: Who writes when with whom, how often, etc.
A quick reminder:
“Metadata tells you absolutely everything about a person's life. If you have enough metadata, you don't really need the content.”
NSA General Counsel
Stewart Baker
See:
“We kill people based on metadata”
https://www.nybooks.com/daily/2014/05/10/we-kill-people-based-metadata/
How “great” the encryption is only plays a subordinate role. Cloud spies almost always only need your IP and that of the recipient and they know who is writing to whom = valuable metadata.
Compulsory telephone numbers
Even today, Signal still demands that you give out your mobile phone number and this will always remain the case (I've been saying this for 6 years).
This reveals your complete identity, because in the EU all mobile numbers must be registered by name. And if not, government services can query device and location data via “silent SMS” without the user being aware of it.
All of this together (cloud storage, compulsory mobile phone numbers and CloudAct.) gives a very detailed user picture, which works into the arms of the US services.
If you want to know how to do it right, take a look at Threema, the messenger that can be used 100% anonymously:
Threema does not use any third-party (cloud) services, but runs everything via its own server.
Messages are only stored until they have been successfully delivered. Then they are deleted.
And most importantly:
Threema does not store any metadata or IP's!
Quasi confirmed in court here (translate for yourself)
https://magazin.nzz.ch/wirtschaft/threema-wehrt-sich-erfolgreich-gegen-staatliche-ueberwachung-ld.1558968
If you want to communicate securely and anonymously without leaving any traces on the operator's infrastructure, there's no way around Threema.
There are no “free” messengers. You always have to pay - either with your privacy or, as with Threema, with a few euros in return for not storing anything about you. The latter is clearly the better option.