It’s not really a partial solution, it’s just sophistry to obscure the problem. The fact that I’ve had this same discussion with many people now, and it always takes effort to explain why sealed sender doesn’t actually address the problem leads me to believe the the actual problem it’s solving is not of making the platform more secure. The complete and obvious solution to the problem is to not collect personally identifying information in the first place.

You have a very charitable view of Signal making the base assumption that people running it are good actors. Yet, given that it has direct ties to the US government, that it’s operated in the US on a central server, and the team won’t even release the app outside proprietary platforms, that base assumption does not seem well founded to me. I do not trust the people operating this service, and I think it’s a very dangerous assumption to think that they have your best interests in mind.

I also find it really weird how aggressively Signal is being pushed everywhere, and how any criticism of it gets dismissed or ridiculed. It feels a bit like a cult at this point.

Sure, you can absolutely decide that it’s a reasonable trade off, but your original claim was that sealed sender addressed the problem. Sounds like you’re now acknowledging that’s not actually the case…

That’s precisely why organized labour has been systematically dismantled in the US. Back in the day there were strong unions, mutual support groups, and so on. These systems are key for workers to be able to take collective action like general strikes.

Again, I think people should be aware that there are alternatives to Signal, and be able to make an informed decision on the trade offs that matter to them. My personal view is that there are absolutely better platforms than Signal, but if people understand the potential risks with Signal and use it because it’s convenient or their other contacts use it, etc., that’s entirely up to them. It’s just not what I would personally recommend if people want privacy.

Again, sealed sender has nothing to do with it. If I run a server, I have access to the raw requests coming in. I can do whatever I want with them even outside Signal protocol. You can’t verify that my server is set up to work the way I say it is. You get that right?

You’re confusing what Signal team says their server does, and the open source server implementation they released with what’s actually running. The latter, you have no idea about.

The core issue is trusting the physical infrastructure rather than just the cryptography. The protocol design for sealed sender assumes the server behaves exactly as the published open source code dictates. A malicious operator can simply run modified server software that entirely ignores those privacy protections. Even if the cryptographic payload lacks a sender ID, the server still receives the raw network request and all the metadata attached to it. Your client has to talk to the server and identify itself before any messages are even sent.

When your device connects to send that sealed message, it inevitably reveals your IP address and connection timing to the server. The server also knows your IP address from when you initially registered your phone number or when you requested those temporary rate limiting tokens. By logging the raw incoming requests at the network level, a malicious server can easily correlate the IP address sending the sealed message with the IP address tied to the phone number.

Since the server must know the destination to route the message, it just links your incoming IP address to the recipient ID. Over time this builds a complete social graph of who is talking to whom. The cryptographic token merely proves you are allowed to send a message without explicitly stating who you are inside the payload. It does absolutely nothing to hide the metadata of the network connection itself from the machine receiving the data.

but in that chain what you really care about is your phone number that identifies you in the real world to your messages, right?

It doesn’t matter, what matters is that the server has a unique id for you and the person you’re talking to, and that id can then be mapped to the phone number that was initially collected. That’s all the server needs to identify the real identity of the people you communicate with.

It’s not a question of what the server needs minimally, it’s a question of what the server could be doing if it was set up maliciously. The sealed sender does not solve this problem in any way shape of form.

Again, nowhere did I talk about message history. What I’m talking about the server having unique ids for each user, which is how it connects users to each other, and having a phone number collected initially which can be tied to that id. You don’t need anything from the messages themselves to create a graph of people who talk to each other. The routing is done by the server.

Again, the only people who actually know what the phone number is used for are the people who operate the server. I don’t know why this is such a difficult concept for people to grasp. They don’t need the information contained in the messages. Once the phone number is collected, it CAN be stored and associated with your account. There is no way for you to know whether that happens or not unless you have access to that server. There is no way for you to verify that the server does what people operating it say it does. That’s what makes it a trust based system.

You just gotta love the narcissism these people have.

Nope, sealed sender does not address the problem because the phone number is collected at sign up time. The whole sealed sender concept is just another trust me bro mechanic because, once again, nobody aside from people who are actually operating the server know what it’s doing. Signal is proof that vast majority of people don’t understand the basics of privacy and security, and they don’t actually care.

I’m not misrepresenting anything you said. Meanwhile, it’s very telling how you’ve pivoted to making personal attacks instead of actually addressing the problem I’ve now repeatedly explained. You’re not fooling anyone here bud.

Yes, but those are basically separate platforms like Session. Signal does not federate, and there’s only a single server in the US that requires your phone number to sign up.

Idk what misinformation and conspiracy theories you’re referring to here are. Yes, food is literally being poisoned, and there’s an ongoing class action about it in the US right now.

Maybe actually read the thread before commenting? I’ve literally addressed this here https://lemmy.ml/post/43791761/24225658

I don’t believe I ever asked you to sealion into my threads in the first place. It’s some great loss that I don’t have to see your drivel anymore. 🤣

Ah yes clutching them pearls, when called out on outright lying.

Bye!

I’m not advocating for using Session specifically, I just listed it as a viable alternative to Signal. Given that it’s forked from Signal presumably it’s an easier switch for people who like the general mechanics of Signal and its encryption system.

I even took the time to quote that, because it’s important.

What’s important is that you’re quoting me out of context, and that makes all the difference. The actual statement you’re replying to is:

You don’t have to trust anybody when you run your own server, or you use a server that doesn’t collect information it has no business collecting.

The fact that you proceed to quote me out of context and then accuse me of being wrong shows that you lack even a modicum of intellectual integrity. Then you proceed to make a straw man arguing against something I never claimed.

Just becuase it’s less likely to find nefarious code in open source doesn’t mean it doesn’t exist.

So yes, this is very clearly a discussion in bad faith, where you’re arguing against a straw man while ignoring what I actually wrote. It’s especially incredible since I even followed up with a more detailed explanation which you just ignored:

There’s a big difference between having confidence in open source code that has been audited by many people, and knowing for a fact that the service collects specific information. In the former case, you can never be absolutely sure that the code is not malicious so there is always a risk, but in the latter case you know for a fact that the service is collecting inappropriate information and you have to trust that people operating the service are not using it in adversarial ways. These two scenarios are in no way equivalent.

Do better.

No, we don’t all know this. What we actually know that people like you say this and expect the rest of us to trust you blindly, which is itself concerning.

Your link is broken.

Your browser plugins are broken, the link is fine. That said, here’s non archived version https://www.washingtonpost.com/technology/2021/06/15/faq-data-subpoena-investigation/

100M people is not a filter…

Given world population and modern data analysis capabilities it absolutely is.

No one said anything about that? That is not the model.

That’s literally the model. Signal asks you for your phone number when you register, what happens with that information after that is only known to people operating the server. Let me know what part of that you’re still struggling to understand.

The business is connecting users. It’s one of the reasons it is the most viable private and secure chat platform. It’s why I have a dozen connections on Signal and literally 0 on every other platform. Because you actually know who’s using it.

That word salad has fuck all to do with the point I made, which once again, is that you have to trust people who operate the server in how they handle this information.

You can have the most private and secure messaging system in the world but if you can’t use it to actually chat with anyone, then what good is it?

Ah yes, because there’s absolutely no conceivable way to verify whom you’re connecting with aside from sharing your phone number with an American company. You couldn’t possibly use any out of band channel to verify who the person you’re communicating with is.

My original comment that you replied to was explaining the defects. People are free to decide whether they want to accept them or not. Your comment is saying that it’s harmful to discuss these defects which implies that we should just ignore them.