Domain: signal.org
Stories and comments across the archive that link to signal.org.
Comments · 9
-
Re:Non profit
Signal fulfills your first, second, and third requirements nicely, although I see why you suggest rotating responsibility. Your fourth requirement, allowing third-party clients, is sort of implicitly allowed but not encouraged, I think.
-
Re:Alternative?
Signal. When you text or call someone that has the app, you get seamless end-to-end encryption by default. When you text or call someone that doesn't have the app, it automatically reverts to conventional SMS or phone calls. So in that sense, it's a very streamlined app, since you can talk to people with and without the app just as easily, and automatically "upgrade" your conversations to full encryption when your friends download it.
The app itself is quite good in my opinion, and works on both Android and iOS. The desktop version is kinda quirky (at least on Linux), and sometimes takes forever to start up, but it works OK. Both the frontend and backend are open source. -
Re:Self Inflicted
I understand the principle behind your argument, but I don't think that it is actually playing out in the real world [at least, not yet].
For example, I have the Signal application from Whisper Systems installed and running on my cell phone. That provides me with secure end-to-end encryption that even Signal themselves can't crack [because at no time and in no way do they ever get access to the private keys that the app uses].
This suggests to me that one of perhaps three or four scenarios may be true:-
1. Whisper Systems have created a back door for the authorities to use. Go look at who the company are, who has reviewed their code. Seems improbable.
2. The authorities have the capacity to detect the use of Signal and then brute force the traffic of each Signal user in order to get at the keys. Seems highly unlikely.
3. We haven't [yet] reached the absolutist position that you articulate...
Perhaps the state would like to ban all encryption that they are unable to crack, but don't want to publicly say that just yet. We've seen enough from the FBI and NSA [United States] and the Home Secretary [United Kingdom] all demanding the right to have back-doors in encryption, but crossing that line also confirms that we live in a totalitarian state. I suspect that this isn't something they want to acknowledge just yet. -
Yes, Signal is open source.
Yes, Signal is open source:
"Free for everyone. Signal is made for you. As an Open Source project supported by grants and donations, Signal can put users first. There are no ads, no affiliate marketers, no creepy tracking. Just open technology for a fast, simple, and secure messaging experience. The way it should be."
Works with Android, iPhone, Linux, and Windows.
"Stay private. Signal messages and calls are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We can't read your messages or see your calls, and no one else can either." -
Re:This is why perfect forward secrecy is needed
Signal has had perfect forward secrecy since at least 2013 https://signal.org/blog/asynch...
https://en.m.wikipedia.org/wik...
Given that WhatsApp uses the same signal protocol as signal itself, I would expect it to have perfect forward secrecy as well. But being owned by facebook, I don't trust WhatsApp anyway. -
Re:Signal is only partially private
True.
You need to register on a central server using your unique mobile number.
According to this Wikipedia article they've so far only once had to hand over data.
Interestingly this data is limited to the time the registration was done and the last time you accessed the service.
https://en.wikipedia.org/wiki/...
Their privacy policy:
https://signal.org/signal/priv...
Reading material for the rightfully paranoid:
https://medium.com/@thegrugq/s... -
Signal permissions
Here's what they say they need all of that for.
-
Re:And now skype
When I was going to install signal because of all the good things I heard about it, my phone presented me with a *massive* list of permissions the Signal app wants:
- read sensitive log data
- find accounts on the device
- read your own contact card
- modify your own contact card
- read calendar events plus confidential information
- add or modify calendar events and send email to guests without owners' knowledge
- find accounts on the device
- read your contacts
- modify your contacts
- approximate location (network-based)
- precise location (GPS and network-based)
- read your text messages (SMS or MMS)
- receive text messages (MMS)
- receive text messages (SMS)
- send SMS messages
- edit your text messages (SMS or MMS)
- directly call phone numbers
- directly call any phone numbers
- modify phone state
- reroute outgoing calls
- read call log
- read phone status and identity
- write call log
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- take pictures and videos
- record audio
- view Wi-Fi connections
- read phone status and identity
- send WAP-PUSH-received broadcast
- receive data from internet
- view network connections
- create accounts and set passwords
- pair with Bluetooth devices
- send sticky broadcast
- change network connectivity
- connect and disconnect from Wi-Fi
- disable your screen lock
- full network access
- change your audio settings
- read sync settings
- run at startup
- set wallpaper
- use accounts on the device
- control vibration
- prevent device from sleeping
- toggle sync on and offNeedless to say, I backed out.
-
Re:And now skype
A good reason to move to Signal, it is free and does not sell your data.
https://signal.org/