Mastodawn

Micah Lee Oct 29, 2018

Signal is testing out a new feature that encrypts message metadata. Once it's widely deployed, their server will facilitate delivering messages but without having access to who is sending them

https://signal.org/blog/sealed-sender/

Technology preview: Sealed sender for Signal

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, ...

Signal Messenger

Show thread

Joop Kiefte (LaPingvino)Oct 29, 2018

@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.

Show thread

Tuxicoman

@lapingvino @micahflee

Can you give more details?

Show thread

Joop Kiefte (LaPingvino)Oct 29, 2018

@tuxicoman @micahflee
1. Signal has closed source elements and as such cannot be trusted as a whole
2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.
3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.

Show thread

Joop Kiefte (LaPingvino)Oct 29, 2018

@tuxicoman @micahflee basically Signal is in the business of security theater, not actual security. and honestly, usually that's good enough, but I don't trust it enough myself. your experience may be different.