Your Thoughts

Ryan McGinnis ryan at digicana.com
Wed Jul 3 16:16:55 CEST 2019


Not sure why the phone number thing bothers people -- having a phone at all in the first place means you are easily tracked.  What Signal (and any encryption system, really) does is try to prevent in-transit interception and surveillance of the actual data content.  It can't hide the metadata associated with a layer well above the application layer.  Openwhisper can be picked up at the firewall level, but then so can Tor and VPN spinups, and all of these things are metadata that make you score more interesting to the mass-data-scoop algorithms.  If you don't want to be easily geo-locationally tracked, don't use a device with a cellular modem, full stop.  


What Signal (or any other E2E encrypted messaging system) does is give people the ability to communicate with each other privately.  People can still see that they are talking and are trying to hide what they are saying.  Yeah, that makes those people targets in some countries, but it also greatly increases the cost in manpower and resources needed to peek into those communications.  Now you're looking at burning 0days to install APTs and sending human resources to deal with individuals when this could previously be handled on a global level en masse with some fiber splitters and a big ol' datacenter.  If enough people use it can have a disruptive effect on mass surveillance and state control.  



-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, July 2, 2019 10:20 PM, Mirimir via Gnupg-users <gnupg-users at gnupg.org> wrote:

> On 07/02/2019 05:18 AM, Robert J. Hansen wrote:
> 

> > > Signal went the other way. Build a verifiably secure communications platform so easy that literally anyone can figure it out.
> > 

> > I think this is a misunderstanding of Signal.
> 

> <SNIP>
> 

> > Signal is, by its very nature, tightly tied to one specific
> > communications platform -- that of the smartphone. It's not likely to
> > break out of its home.
> 

> And not only that, it's tied to one of the least privacy-friendly
> aspects of smartphones: the phone number.[0]
> 

> | Requirements
> |
> | Signal uses your existing phone number.
> |
> | The number must be able to receive an SMS or phone call.
> 

> Sure, it's not necessarily the number of the phone that you're using
> Signal on. But it's gotta be a number that you can use, and which others
> can't use. So what do you do, to avoid geolocation?
> 

> You can't use one of those shared SMS services. So what, lease a SIM
> from some SIM farm in wherever, and hope that they're honest?
> 

> There's also the issue of actually using Signal while preventing
> geolocation. You can't just use Tor, which itself is nontrivial on
> smartphones, because Signal needs UDP. So you're stuck with VPNs, where
> you must trust providers.
> 

> It's frightening how popular Signal has become. Especially for people
> whose lives are threatened by geolocation. If I were paranoid, I'd say
> that it was a honeypot. But whatever. Something using Tor onion services
> is probably the best option. Unless Tor is also a honeypot.
> 

> <SNIP>
> 

> 0)
> https://support.signal.org/hc/en-us/articles/360007318691-Register-a-phone-number
> 

> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - ryan at digicana.com - 0x5C738727.asc
Type: application/pgp-keys
Size: 3215 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/19f39713/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/19f39713/attachment.sig>


More information about the Gnupg-users mailing list