Matthew HaugheyFeb 3, 2025
I published a friend's very basic guide for gov't workers on how to use Signal for their personal messaging and why it's a good idea: https://a.wholelottanothing.org/a-guide-to-using-signal-for-government-workers/
A guide to using Signal for government workers

🔒Editor's note: A friend of mine works in the federal government and wrote a guide for their fellow federal workers on how to use Signal. There are lots of good reasons for switching to Signal for messaging, and this does a great job of laying it all out. This friend

A Whole Lotta Nothing
Show threadMatthew HaugheyFeb 3, 2025

The funny thing is the first person (that didn't work in digital security) that insisted we only use Signal to talk was my therapist when I first met her 5-6 years ago. I asked her why and she said she didn't want doctor/patient messages to ever be readable by health insurance companies at any point in the future. I obliged.

It's good to know years later, every message we've ever sent was end to end encrypted and not logged anywhere on anyone's servers.

Show threadMatthew HaugheyFeb 3, 2025

What I also love about Signal is that under the hood, it's all the wants and wishes of PGP email from 30 years ago, but without all the difficult email client and lock/key handshakes required of PGP back in the day.

It just works smoothly like every other messaging app, but that one is the most safe. If you dig into it, you can get your checksums and keys and shit, but it doesn't expose it to every user in order to start adopting it.

I love nerdy stuff with good UX, and Signal has it.

Show threadjwzFeb 3, 2025
@mathowie I just wish that the years of extremely hinky behavior of the Signal owners didn't leave me with a profound distrust of it, and them.
Show threadClaudiusFeb 4, 2025
@jwz @mathowie can you be more specific? The worst thing I know about was a half-year stretch where the server code was not up to date on GitHub when they were preparing a new feature. Other than that, I don't think there was something I could complain about?
Show threadjwzFeb 4, 2025
@claudius @mathowie
Yea.
https://jwz.org/b/yjnA
https://jwz.org/b/yjFD
https://jwz.org/b/yjk-
https://jwz.org/b/yiku
Show threadPreston Maness ☭

@jwz @claudius @mathowie Signal still, in the face of fascism, is requiring phone numbers in order to utilize its service. That alone makes it a non-starter, no matter how good the interface and how strong and validated the cryptography is. The non-profit behind Signal is based in the US. If it gets a court order to hand over all of its phone numbers then it will comply.

As it stands, Signal is a giant pile of data and metadata shouting: "The people you want to target are all here! Come and get them wholesale!"

#Signal #SignalMessenger

Feb 4, 2025 at 8:16amWeb
Show threadkrejgoFeb 4, 2025
@aspensmonster @jwz @claudius @mathowie would Briar or something else be a more suitable option?
Show threadPreston Maness ☭Feb 4, 2025
@craige @jwz @claudius @mathowie I've played with #SimpleX chat before. I don't know if it's ready for primetime yet, but I'd definitely keep an eye on it. As it stands, I'd love to recommend #Signal #SignalMessenger, because I think it has better UX (and less metadata via sealed sender) than #Matrix with its #Element client. But Matrix does not require phone numbers. So, my current recommendation to anybody organizing vulnerable people is to use Matrix rather than Signal, and to ensure that users run it over #tor via the #orbot app.
Show threadChristof Damian 💙💛Feb 4, 2025
@aspensmonster @jwz @claudius @mathowie I agree with all the above, but maybe it is the least bad option at the moment? I am trying to move out of the Meta & Telegram mess.
Show threadjwzFeb 4, 2025
@cdamian @aspensmonster @claudius @mathowie
Absolutely possible. But In our current dystopia it is important to not lose sight of the fact that less bad is still bad. Especially when you might be entrusting it with your LIFE.
Show threadjwzFeb 4, 2025
@cdamian @aspensmonster @claudius @mathowie
For my part, when I have conversations that I would be uncomfortable having opposing counsel read back to me, I do not allow the intermediation of digital devices. But I understand that many people do not follow the teachings of either Ned Ludd or King Mob.
Show threadblackcoatFeb 4, 2025
@jwz @cdamian @aspensmonster @claudius @mathowie "Motherfucker, are you taking notes on a criminal conspiracy?"
Show threadjwzFeb 4, 2025
@cdamian @aspensmonster @claudius @mathowie
PS this is the opinion of someone who was literally the first or second ever implementor of S/MIME.
Show threadmillerebondsFeb 4, 2025
@cdamian @aspensmonster @jwz @claudius @mathowie
@element and @briar are for the two best projects
But I'm not security specialist
Show threaddrathirFeb 4, 2025
@aspensmonster @claudius @mathowie @jwz good part there are #matrix [@matrix] ( #element [@element] official client or any other clents of choice) servers still around as solid replacement...
Show threadirelephantFeb 4, 2025
@aspensmonster @jwz @claudius @mathowie https://signal.org/bigbrother/ They will share the unix timestamp of when your account is made if someone gives them your phone number.
Government Communication

When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here.

Signal Messenger
Show threadZipFeb 4, 2025
@aspensmonster @jwz @claudius @mathowie Agreed. Anonymous communications options have existed for a very long time. I think folks should let their feelings about a pretty GUI go, in favor of security and access and simplicity
Show threadPaul ArmstrongFeb 4, 2025
@zoozoo @aspensmonster @jwz @claudius @mathowie Unfortunately, for all but die hard users, the UI is the most important part of access. I used to scoff at UI gloss as unimportant too, but got schooled on it through years of interaction with non-technical users.
Show threadClaudiusFeb 4, 2025

@psa @zoozoo @aspensmonster @jwz @mathowie I hear "non-technical users" very often. But I have organized cryptoparties at hacker conferences and... honestly... even technically adept people sometimes fail at PGP. And even those that don't, often don't know very important aspects of how PGP works.

Usage must be stupid simple, or it is broken. Yes, cryptography is hard. But if we push that hard problem on the users, we're failing them.

Show threadJonathan McKeownFeb 4, 2025
@aspensmonster @jwz @claudius @mathowie I might be wrong, but as I understand it phone numbers are hashed on registration and only the hash retained; there's no plaintext list of phone numbers to hand over. Threema doesn't require any information at all, but I've seen people question its security. I don't know enough to comment.
Show threadClaudiusFeb 4, 2025

@thetruejona @aspensmonster @jwz @mathowie here's a writeup what is happening, in case you want to know more: https://signal.org/blog/private-contact-discovery/

It's more elaborate than hashing (hashing would be reversed relatively easily on a couple of billion phone numbers with brute force).

Technology preview: Private contact discovery for Signal

At Signal, we’ve been thinking about the difficulty of private contact discovery for a long time. We’ve been working on strategies to improve our current design, and today we’ve published a new private contact discovery service. Using this service, Signal clients will be able to efficiently and s...

Signal Messenger
Show threadClaudiusFeb 4, 2025
@thetruejona @aspensmonster @jwz @mathowie ah, sorry, this one is about the address book, I was mentally in a different branch of this discussion. Interesting nonetheless.
Show threadBen RosengartFeb 4, 2025

@aspensmonster @jwz @claudius @mathowie This is a wrong and harmful take.

All Signal could conceivably tell anyone is that a particular phone number has registered with Signal. So what?

You’re discouraging people from using a safer option and that is going to make people less safe. Stop it.

Show threadPreston Maness ☭Feb 4, 2025

@fivetonsflax @jwz @claudius @mathowie >All Signal could conceivably tell anyone is that a particular phone number has registered with Signal. So what?

I explained the so what:

>As it stands, Signal is a giant pile of data and metadata shouting: "The people you want to target are all here! Come and get them wholesale!"

A fascist government could do an inordinate amount of damage with a list like that.

>You’re discouraging people from using a safer option and that is going to make people less safe. Stop it.

Signal could be an even safer option, but has refused for nearly a decade now to be that safer option. As it stands, I'm not about to tell undocumented people to provide their phone number to a service that is a court filing away from revealing it to ICE.

Show threadBen RosengartFeb 4, 2025

@aspensmonster @jwz @claudius @mathowie Your explanation makes no sense. All sorts of people use Signal for all sorts of things. The Feds don’t have the manpower to chase around every petty drug dealer in the country.

Anyway, you need *a* phone number at time of registration, it doesn’t have to be your permanent one.

Show threadPreston Maness ☭Feb 4, 2025

@fivetonsflax @jwz @claudius @mathowie

>Your explanation makes no sense. All sorts of people use Signal for all sorts of things. The Feds don’t have the manpower to chase around every petty drug dealer in the country.

The feds are busy rounding up the undocumented as we speak, and that's just a single agency. I'd rather not give them any more information to make their job easier.

>Anyway, you need *a* phone number at time of registration, it doesn’t have to be your permanent one.

And the vast, vast majority of users are not going to be able to acquire a burner phone number. They'll be putting in their one and only phone number.

Show threadjwzFeb 4, 2025
@fivetonsflax @aspensmonster @claudius @mathowie I'm discouraging people from putting their trust in a product whose owners have not demonstrated their trustworthiness. And I will continue to do so.
Show threadBen RosengartFeb 4, 2025
@jwz I put your criticisms in a different category from those of this fellow you boosted.
Show threadBen RosengartFeb 4, 2025

@jwz Because anyone can read your criticisms and decide for themselves how to weigh them. Whether one agrees or not, they’re specific and clear.

His, on the other hand, are technical yet vague. He presents himself as an expert. It’s gross.

Show threadJohan HalseFeb 4, 2025
@aspensmonster no, the only data they have is literally if your phone number has used the service, the date you signed up, and the most recent time you connected. No giant pile. The more people have connected and used the service, the less those fairly insignificant pieces of data are worth. So it seems counterproductive to FUD Signal in favor of some imagined perfect service.
Show threadPreston Maness ☭Feb 4, 2025

@hejsna >no, the only data they have is literally if your phone number has used the service, the date you signed up, and the most recent time you connected. No giant pile.

In order for Signal to be able to answer the question "does this phone number use your service," Signal must, necessarily, have a list of phone numbers. The Signal app has been downloaded hundreds of millions of times at least. If even one percent of those installs led to full usage of the app, that's millions of phone numbers at a minimum.

> The more people have connected and used the service, the less those fairly insignificant pieces of data are worth.

Actually, the more folks all cluster around Signal's infrastructure, the *more* significant it is as a target, *especially* for gathering metadata of who is talking to who. Signal has explicitly stated that they do not considered anonymity to be within their scope, and without an anonymizing relay, Signal serves as a big map of who is talking to who.

Show threadJohan HalseFeb 4, 2025
@aspensmonster yeah they do save phone numbers but *not* who’s talking to who. No contact lists, no messages, no metadata about them. Literally just phone number plus two dates. I think that’s just about as good as it gets. I suppose an imagined future service can do better but it would be incredibly hard to reach Signal’s scale - which is a prerequisite for privacy. If you and four other geeks use a service, that says something about you. If you’re using signal, then so what? So’s everyone else
Show threadPreston Maness ☭Feb 4, 2025

@hejsna >yeah they do save phone numbers but *not* who’s talking to who. No contact lists, no messages, no metadata about them. Literally just phone number plus two dates. I think that’s just about as good as it gets.

Signal's infrastructure operates over the same TCP/IP network that the rest of the internet operates over. Without an anonymizing overlay network, such as #tor, adversaries can monitor the traffic going to and from Signal's infrastructure and build up a reliable social graph of who is likely talking to who.

Again, Signal has explicitly stated that it does not consider this as part of their threat model:

>Signal instantly dismissed my report, saying it wasn't their responsibility and it was up to users to hide their identity: "Signal has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide".
>
>https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117

And has shown no interest in incorporating anonymizing overlay networks into its applications either:

https://community.signalusers.org/t/use-an-anonymizing-overlay-network/62670

I believe that Signal, as the dominant e2ee provider in the United States, has an ethical obligation to its users to take more steps to protect them, especially since it is now operating under a fascist government: (1) drop the phone number requirement, (2) bring network-layer anonymization into scope.

@Mer__edith @signalapp

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

Gist
Show threadBen RosengartFeb 4, 2025

@aspensmonster @hejsna You really have no idea what you’re talking about, and you’re going to fool people into avoiding the safest tool for digital communication, because you are smart enough to sound convincing.

I beg you to knock it off. You’re going to really hurt people.

Show threadPreston Maness ☭Feb 4, 2025

@fivetonsflax @hejsna >You really have no idea what you’re talking about, and you’re going to fool people into avoiding the safest tool for digital communication, because you are smart enough to sound convincing.

If I'm wildly off-base, then please, inform myself and the audience of how so.

>I beg you to knock it off. You’re going to really hurt people.

Signal is (presently) only "the safest tool for digital communication" if you genuinely believe that a fascist government would never lean on them. I'm not prepared to hold that belief. Signal can, should, and must do better than it has so far. If any organization has the capacity to pull it off, it's them.

Show threadBen RosengartFeb 4, 2025

@aspensmonster I did inform you; you didn’t understand my point, and just kept banging on your own.

I’ve seen other people in your mentions explaining it to you too. So I don’t have any confidence that rewording it will get it across.

For anyone else reading along, though: a big pile of phone numbers has very little utility to law enforcement, because they don’t know *why* any particular one is using Signal, and it’s resource-intensive to find out.

There’s plenty of ways to learn phone numbers, including just enumerating them.