Micah Lee

Signal is testing out a new feature that encrypts message metadata. Once it's widely deployed, their server will facilitate delivering messages but without having access to who is sending them

https://signal.org/blog/sealed-sender/

Technology preview: Sealed sender for Signal

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, ...

Signal Messenger
Oct 29, 2018 at 6:33pmWeb
Show threadJoop Kiefte (LaPingvino)Oct 29, 2018
@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.
Show threadTuxicomanOct 29, 2018

@lapingvino @micahflee

Can you give more details?

Show threadJoop Kiefte (LaPingvino)Oct 29, 2018
@tuxicoman @micahflee
1. Signal has closed source elements and as such cannot be trusted as a whole
2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.
3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.
Show threadJoop Kiefte (LaPingvino)Oct 29, 2018
@tuxicoman @micahflee basically Signal is in the business of security theater, not actual security. and honestly, usually that's good enough, but I don't trust it enough myself. your experience may be different.
Show threadAdrian McEwenOct 30, 2018
@micahflee Bah, just as I thought I was getting close to getting Arduino IoT comms to be as secure (by porting libsignal to it) they go and move the goalposts... 🤣 🤣 🤣
Show threadj.rOct 30, 2018
@micahflee my big problem with signal is that you can't host your own server, you have to stay stuck with their centralised infrastructure...
Show threadGDR!Oct 30, 2018
@micahflee Not sure what it protects against. Isn't it easy for the server to associate a TLS socket with an user / phone number? Then what extra protection do the users gain by hiding the sender when the message is being sent via an authenticated TLS socket on a server they can't control?
Show threadDjango de MontréalOct 31, 2018
@[email protected] long thread pero vale pa comprender las diferencias entre Signal/Telegram
Show threadgas1030Nov 29, 2018
@micahflee