End-to-end encryption by default means “if you show up with a warrant or a subpoena (to Signal), they have almost nothing about you that they can hand over,” EFF’s @evacide told @CNN. https://www.cnn.com/2025/02/09/tech/secure-chat-apps-signal-tor-browser/index.html
@andymouse @eff @evacide @CNN If Signal's backend is as Signal claims, then it's all done in a way that minimizes Signal's access to it. So the only question is if you trust Signal to do what they say they do.
Relevant blog posts:
https://signal.org/blog/private-contact-discovery/
https://signal.org/blog/signal-profiles-beta/
https://signal.org/blog/sealed-sender/
https://signal.org/blog/secure-value-recovery/
https://signal.org/blog/signal-private-group-system/
https://signal.org/blog/building-faster-oram/
Of course, WhatsApp was sold to Facebook by the guy running Signal.
So, that may factor into whether you trust it.
@LukefromDC@kolektiva.social @elgregor@librem.one @andymouse@todon.eu @eff@mastodon.social @evacide@hachyderm.io @CNN@flipboard.com
@danjones000 @elgregor @andymouse @eff @evacide @CNN Open source goes a long way as it can be reviewed. I don't trust ANY closed app nor the device running it.
Yah but there are better alternatives like Simplex or Matrix and others.
@andymouse @elgregor @eff @evacide @CNN
"Network effect" can prevent large scale use of those, but they would be preferable for such cases as a bunch of burn phones used for an action, or a permanent set of phones used for nothing else in a high security organization.
It's hard enough to get people off of Snitchbook Messenger much less Whatsapp. Telling them Signal is also unusable when it is actually far more secure will send them right back to Facebook. Then their conversations become an open book for the cops.
In wartime, the perfect can be a deadly enemy of the good.
Also note that as soon as ONE person on a Signal group or any other encrypted messaging scheme allows an untrusted app on their phone and it turns out to spy on the messaging app, all the members of the group are harmed by their messages being read. Point to point can be quite secure with a wide variety of protocols, larger communications nets are a real problem to secure.
The failure of DRM is in fact an extreme case of the above. A record company sells 1 million copies of a song, encrypted with some DRM scheme managing the keys. ONE person cracks it, everyone can play it, and there is always someone somewhere who will put in the effort out of so many copies. Same DRM on a pre-release sent copy sent only to a dozen studio execs will probably hold.
This is combined with the fact that DRM attempts to maintain control of information sent to devices hostile to the authors of the DRM scheme, same as having someone on a Signal loop with Pegasus on their phone. In serious encryption, an untrusted/untrustable device is considered unusable for any sensitive task. This is why phones that pass through police hands should be destroyed and replaced, or if this is not possible at least factory reset. Note that no phone on the market costs more than 3 billable hours of a top attorney's time.
@elgregor @andymouse @eff @evacide @CNN Face to face with no electronics is safest but not always an option. The rest of the time, the question is not so much "do you trust Signal" as "do you trust Signal more than you trust FB-owned Whatsapp or your phone company."