• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    4
    ·
    edit-2
    9 months ago

    Unless signal demonstrates they can’t link usernames to phone numbers, I call BS.

    Privacy by policy is great, but it’s not zero knowledge. Since they designed the system to ultimately identify people to phone numbers there will always be the potential they are logging all the username phone numbers hash lookup tables

    • Stitch0815@feddit.de
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      9 months ago

      It`s good to always be sceptic, however I have been using and following Signal for years and so far they have not given me a reason to misstrust them. You should read their answers when some judge with 0 digital competence tries to subpoena some chat protocol.

      • LWD@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        9 months ago

        It would be big news if Signal failed to disclose a little-known caveat, let alone directly lie.

        The functionality has been tested for at least a year, right? And the client side code is open source. They aren’t hiding anything. The Molly fork has already implemented the same functionality.

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          edit-2
          9 months ago

          Don’t get me wrong. I like the signal foundation. They do great work. I’m just hesitant to claim that usernames are in anonymous way to talk to people on the internet.

          If your model of signal is just I can communicate and encrypted with people I already know and who know me. Everything’s fine. Nothing about the server compromises that. But when you introduce can I talk people anonymously, the model doesn’t support that. Because the server has the capability to deanonymize.

          If nothing else, somebody could simply brute force all the phone numbers, until their named contact shows up.

          I just did some minor testing, right now, if you have a username that you want to post on the internet, like embarrassing_contact.01, like for political dissidents organizing, alternative lifestyle organization, disclosing sensitive information etc. if you already have the contact on your phone, but you try to send a message to the username. Signal will tell you oh it’s the same person you already have this contact. So right there is a proof of concept of deanonymizing people

          • RayJW@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            If that is your threat model you can put your phone number privacy to no one. Then I can’t see you use Signal even if I have your contact with your phone number saved and adding you with your username won’t show you as my phone contact with the same phone number.

    • viking@infosec.pub
      link
      fedilink
      English
      arrow-up
      13
      ·
      9 months ago

      The article states that they are only saving a hashed copy of the currently set username, if any. While they might in theory keep more than that on hand, their policy has always been to minimize accessible data, and have responded in kind whenever subpoenaed, which is at least a very strong evidence.

      The code is also fully open source for both server and client, so you could independently validate it yourself.