this post was submitted on 16 Nov 2023
615 points (97.5% liked)
Technology
59232 readers
4387 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Those last two are supposedly hidden by their "sealed sender" feature, but, that is a farce because you're connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive your messages. So, the metadata-hiding property that "sealed sender" purports to provide cryptographically is actually relying on their (Amazon's) network infrastructure not to correlate the information available to it.
Signal says that they don't retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that.
But if someone with the right access at Signal's ISP (Amazon) wants the Signal metadata, they can get it, and if they can, then anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.
One can say that the adversaries they're trying to protect against don’t have that kind of capability, but I think it isn’t reasonable to say that Signal’s no-logging policy (much less their "sealed sender" cryptographic feature) is protecting metadata without adding the caveat that routing all the traffic through Amazon does make the metadata of the protocol’s entire userbase available in a convenient single place for the kind of adversaries that do.
And if you're completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?
note to lemmy regulars, if this comment sounds familiar...
i copypasta'd bits of the second half of it from an earlier comment that I made on someone else's now-deleted postMotherfucker actually elaborated. Kudos