Privacy

39877 readers

803 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Dessalines - Why not Signal? (dessalines.github.io)

submitted 3 years ago by [email protected] to c/[email protected]

121 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 3 years ago (1 children)

they don’t have the message senders thanks to sealed sender

Reading over this again. The primary identifier in signal, is phone numbers. You think signal doesn't store those, or use them to route messages?

[–] [email protected] -1 points 3 years ago (1 children)

It doesn't necessarily mean that the phone number is sent with every API call. The real authentication of who sent the message happens on the receiver's device when they decrypt it.

[–] [email protected] 3 points 3 years ago (1 children)

How would the signal server know who to route the message to?

[–] [email protected] 1 points 3 years ago (1 children)

They know who the receiver is. They don't need to know who sent the message. They only have to route it to the receiver.

[–] [email protected] 3 points 3 years ago* (last edited 3 years ago) (1 children)

In a centralized database, this seems like it'd be trivial to get around. You'd only have to look at the client sent messages and correlate them to the receiving ones.

[–] [email protected] 1 points 3 years ago

It's more complex than that. The client doesn't authenticate itself to the server. It only shows a certificate that says "I have a right to send messages to this person". This certificate is anonymous and was initially generated by the receiver, and then sent via the encrypted session.

More details here.

The server could still correlate the IP, which is much less valuable and can be hidden through VPNs or even the built-in censorship circumvention proxy.