[HN Gopher] Grand jury subpoena for Signal user data, Central Di... ___________________________________________________________________ Grand jury subpoena for Signal user data, Central District of California Author : Sami_Lehtinen Score : 565 points Date : 2021-10-29 19:30 UTC (3 hours ago) (HTM) web link (signal.org) (TXT) w3m dump (signal.org) | 14 wrote: | Last I checked signal still required a phone number to use so it | is an instant deal breaker for a lot of people. I have 3 kids I | communicate with but they don't have a cell number just use wifi | when they can. If I could use signal with them I would. Instead I | use Wire since it seems secure and doesn't require a phone | number. I can only imagine there are lots of other people with | kids in my situation. | ramsj wrote: | Threema is another app I've liked. They have a decent | transparency report which shows the limited user data they | collect/possess. Link: https://threema.ch/en/transparencyreport | colemannugent wrote: | The latest installment in the "Government doesn't understand | math" series | toomuchtodo wrote: | I think that's uncharitable. Everyone is going through the | motions required of them, and this is the public demonstration | of those mechanizations (although Signal is a bit cheeky, which | is fun). The next step would be government requiring, through | legislation, more invasive logging and data collection | (Australia and parts of Europe have already seen the beginnings | of this discussion) of messaging apps ("we've asked for what we | can, they said they don't have it and aren't required to have | it, what do you want us to do?"). | | When encryption and secure messaging is outlawed, only outlaws | will have and use it. | the8472 wrote: | > When encryption and secure messaging is outlawed, only | outlaws will have and use it. | | They don't necessarily need to outlaw it. They may just throw | up enough hurdles that it doesn't become a major success. | Developing a communication system that is secure, featureful | and convenient to use for the general population is not a | trivial task. A large effort that can be undermined. | | E.g. if they only require logging from communication service | providers but not from application developers then this would | force a decentralized solution. If they lean on payment | providers it might get difficult to charge for phone apps or | get donations. | | The software could continue to legally exist but see little | adoption. Which is enough to enable surveillance. | cassonmars wrote: | This is why messaging apps need to be decentralized and built | on top of protocols that cannot be censored or meaningfully | monitored. | toomuchtodo wrote: | With enough effort, anyone can go to jail. America held a | taxi driver for 17 years at Guantanamo Bay with no | evidence. Tech won't save you from the state. As always, if | your threat model includes a state actor, you are going to | have a bad time. For all intents and purposes, their | resources are unlimited. | | Freedom is won in the courts and the legislature, not in | the code (although tech is as useful tool for keeping | government implantations in check). | | (I still use and donate to Signal, but have a healthy | understanding of its limits) | matheusmoreira wrote: | Yes, but their tyranny must also increase in order to | circumvent the technology. They will increasingly resort | to actions like you described. Hopefully the population | will eventually revolt and put an end to the corrupt | government once it becomes unacceptably totalitarian. | | Freedom is won through weapons. Encryption is a potent | weapon, it can defeat states, militaries. Before | computers, it used to be a military tool. It must be | democratized, the whole world must use it. | Nextgrid wrote: | They can put one or two people in jail, but they can't | put everyone in jail. If everyone has easy access to end- | to-end encrypted messaging and relies on it (for non- | nefarious purposes), the government will have a tough | time changing that. | bink wrote: | Isn't this what happened to Protonmail? They were required by | legal order to start logging activity for a specific group of | users. It's not outside the realm of possibility that the | govt could try to force a company to either start logging | Signal metadata or provide a backdoored app to a user. Not | that it would necessarily work, but I do expect them to try | at some point. | [deleted] | kube-system wrote: | This isn't their first rodeo. The DOJ is well aware of what | happens when they send subpoenas to Signal. They're not sending | it because they're unaware of the probable result. | themitigating wrote: | They are just following normal procedure. If it's encrypted | then that's fine | Trias11 wrote: | Signal, | | please stop asking for mandatory phone number to register and use | Signal. | | This raises privacy concerns and negates all the end-to-end | encryption goodness you're offering. | webmobdev wrote: | Yes, this is why I am very suspicious of Signal as a front for | the CIA / NSA. A phone number can reveal so much information | about a person because many online and offline services now ask | for it. | arminiusreturns wrote: | Signal is the best we have on mobile at the moment in my | estimation, but after a cursory analysis of Moxy, I totally | expect one day it will be revealed he has been compromised | somehow. Nation state actors already have baseband roots, so | as long as those arent your threat vector, you are probably, | maybe, ok on signal. | | I find it really interesting that Bill Binney says, despite | years of me hearing the opposite, that we shoild all be | rolling our own crypto because its a form of | decentralization. The more time goes on, the more I think hes | onto something. | | The main problem I see is this: a future where only the | hackers have privacy, and everyone else apathetically accepts | their servitude and abuse. Furthermore, to maintain that | privacy, hackers will have to be extremely selective in their | friends, due to the invasive nature of the privacy violations | from those around us, unbeknownst to them. | ddtaylor wrote: | > Signal is the best we have on mobile at the moment | | Matrix is pretty good. | nobody9999 wrote: | >Matrix is pretty good. | | I run a Matrix instance on my own hardware for my | extended family. I suppose that I could be served with a | subpoena/warrant for the data, but the contents of any | voice or video calls mediated through my Matrix server | wouldn't be preserved. | | Likewise, any private chats on the server would remain | encrypted and I wouldn't be able to decrypt them even if | I wanted to do so. | | Since the instance isn't federated, and access is only | available through invitation, only those who have access | know about. | | As such, I'd say that private chats and voice/video calls | through my Matrix instance are pretty secure. | jokoon wrote: | Reveal, yes, read their message, no. | jokoon wrote: | That prevents the platform from being abused. | | Identifying users is one thing, reading their message is | another. People can still deny and not answer questions. | | What matters is the messages being encrypted, identifying users | is already being made possible through other means. | | So yeah, using a phone number is good enough, in my view. | | There is no perfect security, there is only "good enough" | security. | | Not to mention that phone numbers are more secure, in my view, | than other sorts of digital communications, and are not always | monitored in all countries. | t-writescode wrote: | all of it? That's a bit of hyperbole. What is a more measured | thought of how much of a negative impact there is? | | Certainly saying "I know that Janis and Nate talked on this day | this many times / for this long" and "Janis and Nate had a | detailed conversation covering lemons and lye" have two | different levels of private information revelation; and E2E | protects against the latter but not necessarily the former, so | why does it negate _all_ the goodness? | geophertz wrote: | I can't help but think the fact the account creation date (and | last connection date, although less so for that) are not censored | for a reason. | | The account creation date is basically equivalent to the phone | number and would allow the owner of the account to know a | subpoena was requested for them. | tedivm wrote: | My favorite part of their response is that they gave the | timestamps in unix milliseconds. | tptacek wrote: | For anyone curious, the account was created on Dec 1 2020, and | last connected this October 13th. | travisgriggs wrote: | Came here to say just this. | | It's the final dash on the icing of "politely F yourself". | Compliant and accurate but "let me burn up a little bit _your_ | time" (pun). | | Made me smile. | joshuamorton wrote: | The snark of providing the timestamps as unredacted values was | fabulous. | hsn915 wrote: | I don't know if it's a snark. It's probably the right thing | to provide legally. It's literally the records they have. | monopoledance wrote: | The snark is publishing it in the blog post not blacked | out. As a side effect the account may or not be warned by | this. Not sure, if it's legal to do so, in the US. | JustSomeNobody wrote: | I would agree. If you're saying this is the only data I | have, give it in the exact form you have it in. | godelski wrote: | Not only all the records that they have, but it proves that | the data isn't meaningful to de-anonymize someone. If they | had to redact it we would wonder why and how that | information would be useful. | mminer237 wrote: | The standard is that you "must produce it in a form or | forms in which it is ordinarily maintained or in a | reasonably usable form or forms." | | It's probably fine here, but if you store it in binary, you | should probably parse it into something human-readable. | [deleted] | cookie_monsta wrote: | If I were going for true snark here I wouldn't have specified | (Unix millis), let them figure it out or come back and ask. | fmakunbound wrote: | Reminds me to donate to Signal again | artificialLimbs wrote: | I don't want to do that regularly so I signed up for an | automatic donation subscription. | | https://signal.org/donate/ | AlbertCory wrote: | Speaking of donations (a guy from a food bank whom I see in the | Safeway parking lot didn't know this, so I think we can assume | not everyone does): | | Most "donate" pages do not allow for "donor-advised funds | (DAF)." They assume you're giving it with your before-tax money | and presumably taking a tax deduction for it. | | In a DAF, which your financial institution surely offers, you | can donate appreciated assets, e.g. your FAANG stock, and take | the entire amount as a tax deduction. So if your 10 shares of | Facebook (excuse me, "Meta") stock are at 322, you can take a | deduction of $32,200 this year. | | What's the catch? That money's gone, and you can't get it back. | You can only "advise" your DAF to give it to a 501(c)(3) | organization, which Signal is. There are no time limits. | | The good part, though, is you can probably have your DAF give | the money anonymously, so the charity can't bug you every time | they're having a fund drive. | ndesaulniers wrote: | Another benefit, it sounds like, is that you don't have to | pay capital gains on selling those shares. | | Like, let's say your intent is to donate $10k to some | charity, out of the goodness of your heart and/or as a tax | write off. You don't have that in cash, but do in stock. | | You could liquidate $10k of stock, pay capital gains on it | (if it appreciated since acquisition), then donate it. So | you're out the capital gains tax. | | The method you describe seems more efficient, since you don't | need to sell; you simply transfer ownership of the asset. | | Or is there still capital gains to be paid? | | I wonder if billionaires are setting up charities as trusts | for their kids, then "donating their shares to charity?" | AlbertCory wrote: | You're exactly right, you don't pay capital gains tax, and | DAFs really are the poor man's "tax-exempt foundation." | | Billionaires have access to much fancier schemes than this, | and I won't even attempt to describe all those. But yeah, I | imagine "donating their shares without capital gains taxes" | figures into them. | | I just noticed you said "trusts for their kids" -- that's | something different. If the children can access it, it's | not a DAF. But trusts are much more complicated, and | someone who understands them (which I don't) can hold forth | here. | BayAreaEscapee wrote: | There is at least one intermediate step: it's not | prohibitively expensive to set up a charitable remainder | trust. You have more control than with a DAF. But you | have a fixed cost to set up the trust and some annual | administration and tax compliance costs. It can make | sense if you plan to donate more than, say, a million | dollars. | jonas21 wrote: | Yeah, I didn't realize what an enormous difference this | made until I ran the numbers. | | In your example above, let's say the person purchased | those 10 Meta shares for $38 each at the IPO and they're | worth $322 each now. That's $3220 in proceeds and a $2840 | capital gain. | | The taxes on this depend on income level and state of | residence, but let's say they're in CA making $300K/year. | They'll pay 20% federal capital gains tax + 3.8% net | investment tax + 10.3% CA income tax, or $968 in taxes, | and they're left with $2252. | | On the other hand if they donate the shares to a charity | (or DAF), they get a tax deduction for the appreciated | amount ($3220), which can be taken against 35% federal | income tax + 10.3% CA income tax = $1459. | | So in the scenario where they just sell the shares, the | proceeds after taking taxes into account are: | Donor $2252 Charity $0 | | And in the scenario where they donate the shares, they | are: Donor $1459 Charity | $3220 | | In other words, for an effective cost to the donor of | $793, the charity gets $3220. | AlbertCory wrote: | Right. If you just sell, you can spend some of the money | (that you don't donate). | | If you donate to a DAF, it's 100% gone to charity, | *someday." | palmtree3000 wrote: | You indeed don't have to pay long term capital gains tax, | although you do have to pay short term capital gains tax. | loeg wrote: | No? Donations of stock to DAFs are not taxed and the full | amount is deducted. | bo1024 wrote: | I think this is what the rich do with art, yes. | AlbertCory wrote: | I don't have this problem, but getting a "fair" appraisal | of your art can be tough. Maybe they auction it off, and | the proceeds go to their foundations? | dublinben wrote: | This is more or less what billionaires do to pass their | wealth to their children. Here's a recent article that goes | into detail about one particular family's setup. | | https://archive.md/yN7M7 | | https://www.bloomberg.com/features/how-billionaires-pass- | wea... | loeg wrote: | Yeah, with a DAF you have the administrator cut a check to | the qualified beneficiary. | | Also, the annual stock deduction limit is capped at 30% or so | of income. | [deleted] | AlbertCory wrote: | While we're on the topic: you can also leave your estate to a | DAF. (If you're married or have kids, probably you should | ignore this.) | | So that money goes to charity, but _what_ charities? You won | 't be here, obviously. When you're looking into this, see if | your DAF administrator allows a "successor trustee." If not, | that institution itself (Schwab, Vanguard, whatever) will | disburse it. | | If they do, you can pick someone whose values you trust to be | the successor & disburse the money. (Probably someone younger | than you!) You should ask them, or else they'll get a real | surprising phone call right after you die. | holtkam2 wrote: | Dope article | aasasd wrote: | Oh funny. Just ten days ago someone asked here in the comments | about DDG: | | > _Why, on any planet, would law enforcement issue a warrant to | get user data from a company that doesn 't have any user data?_ | _zoltan_ wrote: | surely signal has at least the IP address used to connect to | their service? aren't they by law required to log that? | xorcist wrote: | They have your phone number and (trivially reversible hashes | of) your phonebook. | | They must keep this data hot because they can send "this | specific person in your phonebook just installed signal" | messages. | salawat wrote: | No, why would they be? Just because everyone else logs more | info than they should doesn't mean everyone has too. | zucker42 wrote: | Which law requires you to log the IP address used to connect to | your service? | sigzero wrote: | Switzerland required ProtonMail to log ip addresses. | | https://threatpost.com/protonmail-log-ip-address-french- | acti... | | From that article: "The internet is generally not anonymous, | and if you are breaking Swiss law, a law-abiding company such | as ProtonMail can be legally compelled to log your IP | address." | flipbrad wrote: | In the EU, I'm afraid, the answer would be: plenty. Look at | French law for instance. | chki wrote: | Can you give more specifics? "French law" is quite broad. | flipbrad wrote: | Sure! | | https://www.legifrance.gouv.fr/jorf/id/JORFTEXT0000236460 | 13 | | On the books since 2011. Upheld in a recent decision of | France's supreme court despite what some thought to be | quite clearly contrary EU caselaw (which takes precedence | over national law, roughly speaking) | https://www.nextinpact.com/article/45613/comment-conseil- | det... | davidrusu wrote: | Account created: 1606866784432 (unix millis) | | That's Tue Dec 01 2020 23:53:04 UTC, consider this a heads up if | that's when you started using signal. | colinmhayes wrote: | Responding with millis since the epoch was a nice touch. | natch wrote: | Impressive, but why do they need to store the exact times of when | the account was created and last accessed? I would think a very | coarse time down to the month would be good for most system | administration needs. | loeg wrote: | Last accessed is rounded to the day. | ChuckMcM wrote: | While I applaud Signal's response I expect this entire event | (subpoena and response) will be provided as one of the exhibits | to congress by the Department of Justice to justify their request | that it be unlawful to provide such services. The DoJ will say, | "See, here is this horrible crime we are investigating and | because this company _chose_ to make it impossible for law | enforcement, with a warrant and a subpoena to get it, the | criminal is going to go unpunished and that will be on you | because you refused to mandate lawful access to communications. " | | The Congressional response should be, "Do you have no other way | of investigating these criminals?" "Could you not put an officer | out to surveille them?", "Have you not seen the misuse that law | enforcement has engaged in, with such capabilities? From petty | revenge to stalking lovers who rejected them. Will you consent to | mandatory surveillance of all law enforcement officers that is | recorded and stored in a civil controlled repository so that | officer conduct may be reviewed at any time?" | | They won't say that of course. But they should. | majormajor wrote: | I think turning it into a press release / advertising pitch is | a poor move that's likely to make harsh new legislation more, | not less, likely. | aesh2Xa1 wrote: | Transparency is critical. If Signal cares about the ethics at | least as much as the marketing then they did right by the | ethics and by their bottom line. | ranger_danger wrote: | Or perhaps more likely, they'll go the lavabit/CALEA route, and | order that their platform be modified to allow wiretapping, at | which point Signal must choose between either complying with | such requests, or going out of business. | | If that happens, hopefully usage of p2p messaging apps like | Briar or Status will gain more traction and usage. | jojobas wrote: | >complying with such requests, or going out of business | | Complying with such a request is going out of business. | swiley wrote: | Making this unlawful would violate the constitution. People are | already upset at the Federal Government, now isn't the time for | more bullshit. | not2b wrote: | Making it unlawful to operate this kind of service would be a | very bad idea, but it's far from clear that it's | unconstitutional, and I would expect courts to rule otherwise | if Congress decides to impose more logging requirements. | majormajor wrote: | The single most clear political lesson of the past decade is | that using power, even blatantly cynically, when you have it, | won't produce much of a backlash. Your fans will just wait | until the "other team" does it to complain. | | And that's for hyper-partisan issues! I'm not sure there's | any truly influential political group that would strongly | oppose this. Thinking it's just the politicians who are | unaware and/or disagree with the tech-minded is a mistake. | The populace is less on our side re: surveillance than we'd | hope. | ranger_danger wrote: | secret FISA courts are also against the constitution, yet | here we are. | [deleted] | SMAAART wrote: | Half of the people in Congress don't really understand what | this is all about; the other half who understands, uses Signal. | hellbannedguy wrote: | I didn't know much about Signal until today, and I try keep | up to date. | | I bet by monday, every politician, financial institution, | Stock Brokers, Lawyers, and tech savy criminals will be using | Signal to communicate. | JshWright wrote: | Well, I guess we're "lucky" that you have to have well more | than half of Congress on board to get anything done... | stavros wrote: | Unfortunately, the sentence "half of the people in Congress | use Signal" is only true for very small values of "half". | Rd6n6 wrote: | Anybody concerned about these issues should consider donating | to their favourite non profit that can have an impact that | works in the area. Most HN users can afford $20/year pretty | easily (others could afford $200/month and not even notice it) | | As they say, "Put your money where your mouth is." | aesh2Xa1 wrote: | If you use Amazon.com for shopping, and you do, then you can | choose Signal Foundation for your benefiting organization. | It's a small amount of money, but it's a little bit for every | purchase. | Grimm1 wrote: | I mean I do. EFF, Wikimedia, ACLU | | (Only EFF is really for this particular issue though) | spullara wrote: | ACLU lawyers are helping Signal with this. | mooneater wrote: | Would you name some please? Do you mean like ACLU (BCCLA in | Canada) | nnutter wrote: | The ACLU is not what it once was. I will not donate to | them. Even the EFF is growing questionable. I would | definitely be curious what recommendations people have. | fragmede wrote: | Perfect is the enemy of the good, so I'd recommend the | EFF but you can donate to Signal directly in this case, | if it serves you. | night862 wrote: | I would recommend Signal Foundation | https://signalfoundation.org/ | Rebelgecko wrote: | For digital civil rights issues, I give my donations to the | EFF. I personally think some of the regional ACLU | affiliates can be hit-or-miss, but that's certainly not a | universal opinion. | m0zg wrote: | ACLU would be fully onboard with this nowadays, as long as | the right groups of people are targeted. ACLUs ship has | sailed years ago. | mbrubeck wrote: | Umm, the ACLU is representing Signal in this case. | arthur_sav wrote: | Nothing any company can do about that. Spying programs and laws | will only worsen unless people really voice their concerns and | elect the right people. | craftinator wrote: | > Spying programs and laws will only worsen unless people | really voice their concerns and elect the right people. | | I very much suspect that who is elected has nearly zero | effect on spying programs. | majormajor wrote: | I'm not sure which was intended, but I think this is much | more accurate as a cynical comment on human nature than | some comment on "shadow government/deep state" type stuff. | ATsch wrote: | As defines so much of society and what people claim is | "human nature", there is no need for shadow governments | or deep states when you have power structures and | incentives. Those scale, conspiracies don't. | [deleted] | singron wrote: | This is definitely not true. Dianne Feinstein for instance | has been instrumental in almost all of these efforts. As a | senator from California, she could be replaced with someone | nearly politically identical that didn't support government | surveillance. | jrootabega wrote: | What they're saying is that those who get elected are | forced to support government surveillance. | tehjoker wrote: | It's pretty crazy that people still think elections do | anything and aren't just a sham while the rulers plug in the | choices from above. | ospray wrote: | Don't let people tell you not to vote, because it won't | make a difference. Not voting is a sure way not to have a | voice. | rsj_hn wrote: | The thing is, your voice can also add to the din of noise | that drowns out the signal. Not every vote adds signal. | | Here the problem is when you go down the ballot and reach | the judges, schoolboard, and other offices where most | people have no idea who the candidates are and many just | vote randomly. | | In Arizona there was a campaign that unseated an | incumbent schoolboard member by a rival candidate whose | last name, if some letters were transposed, was a famous | local figure. The funny last name guy won. | | So go ahead and vote, but please leave blank or skip over | any of the candidates that you haven't researched. Don't | vote randomly - some people are trying to have a real | election. | cheschire wrote: | I'm pretty sure many voters are voting based on colors. | They researched which team they like the most and now | they vote for that team each time. And likely true for | more than just the USA. | pangolinplayer wrote: | Yes of course. Democracy will save you. Grow up. | skoskie wrote: | Except Apple is making a direct attempt at solving the issue | as it relates to CSAM (and easily expanded to other data) and | facing a huge backlash. I wonder if there's no solution | because we're (myself included) are just stubbornly unwilling | to consider any solution that isn't absolute privacy. I'm not | willing to sacrifice my privacy to a nosy government, but | willing to consider solutions that might allow the government | to pursue its goals. Apple seems to think it's possible that | we can have the best of both worlds, even if they clearly | haven't figured it out just yet. | jrockway wrote: | Has Apple announced that they're making iCloud end-to-end | encrypted? It seems like people see the on-device scanning | as a road to an "obvious" next step, but I'm not sure that | Apple has announced that that's the next step. They might | scan your device locally, and mine everything in the cloud | for advertising purposes. They haven't said anything to the | contrary, and their current terms of service allows it. | | I could be missing something, but I did a quick search and | all I see is news about them scrapping their once-encrypted | backups at the request of the FBI. | nolok wrote: | Apple is not a solution, it's a stop gap. They will still | want a copy of the messages after it, and all your other | data. | | And the reason for the huge backlack, is that this stop gap | will actually make it easier for them to request more | afterwards, because the infrastructure, the proof of | concept, will already be there and running. And it will | cross to other providers: "see Apple does it, so clearly | it's Signal that's being protective of criminals, we should | impose them to do the same thing Apple did with no issue". | nonbirithm wrote: | Agreed. The general sentiment I perceived from HN at the | time was that almost nobody was willing to accept Apple's | CSAM scanning, even though CSAM had been confronted as an | issue before the internet was widely available. I perceived | a lot less room for opinions in favor of sacrificing a | limited amount of privacy for greater public good, or | similar. After the media finished its reporting on the | subject, it seemed like there wasn't much more discussion | about it, and Apple now seems poised to go forward with | releasing its implementation of the scanning anyway at some | unknown future date. | | The arguments about slippery slopes and potential | surveillance weren't as interesting to me as the opposing | argument: that a very high level of privacy (not even an | absolute level) carries consequences for a specific segment | of society by the intrinsic nature of what is kept private, | and in the name of protecting that segment of society, the | tradeoff is not worth it. | | There is also the idea that data on a hard drive can be as | damaging to human livelihood as physical contraband, to the | point that the vast majority of the world's legal systems, | not just those of the U.S., have decided that the data | should not exist under any circumstances. CSAM is one of | the few classes of digital data that compels the creation | of scanning systems for such data on a scale that isn't | driven by political ideology, propaganda or similar. It's | difficult to imagine how Apple would be obliged and driven | enough to implement such a system out in the open and in | the name of the public good if the publicly announced | reasoning was to scan any other class of data (assuming | that Apple can be trusted, at least). | feanaro wrote: | Who is this government that is not you and I and why should | we cede any kind of goal to them in that case? | | I simply disagree with the notion that I should be | controlled and monitored by a third party just because | someone else might do something evil. | | We should always remember that power corrupts and | definitions of evil change almost on a whim. | m0zg wrote: | Exhibit #13234 on why we must migrate to decentralized, private | messaging over the long term, self host it, and not rely on any | corporations for privacy. | upofadown wrote: | >Because everything in Signal is end-to-end encrypted by default, | the broad set of personal information that is typically easy to | retrieve in other apps simply doesn't exist on Signal's servers. | | The E2EE in Signal only protects the actual content of messages. | In the case where Signal takes an assertive action, and the users | are not paying any attention to their "safety numbers" (probably | the most common case) they could in theory get message content | with a MITM attack. | | With an less assertive action (simply saving the data) Signal | could get access to things like contacts and phone numbers. | | Tutanota and Protonmail have both been forced in the past to take | assertive actions to retain data as a result of legal warrants. | Does American law even allow such warrants? If not then perhaps | the USA is underrated as a place to base privacy oriented | services. | webmobdev wrote: | > Does American law even allow such warrants? | | Even worse - American laws allow the US government agencies to | actually access the servers directly (or even add other servers | or routers) in the data centre of the service provider, and the | service provider is legally obliged to not tell anyone about | it! | ylk wrote: | As far as I understand Signal can't just save all the data | because of how the app/server are architected: | | They use sealed sender: https://signal.org/blog/sealed-sender/ | | Private contact discovery: https://signal.org/blog/private- | contact-discovery/ | | And a "Private Group System" which is supposed to keep group | membership information from the server: | https://signal.org/blog/signal-private-group-system/ | | Though of course they could still push malicious updates. | upofadown wrote: | Sealed sender only means Signal doesn't know who sent a | particular message. They have to know who the recipient is so | they can deliver it. Like forging the "From:" address on an | email. Except in the Signal case the IP address/port of the | sender is unique to the user and if the recipient responds | then the link between the users is made. | | The private contact discovery depends on an Intel SGX | hardware enclave on their server. Which is good in this case | as it implies more work to bypass it but where is the | ultimate trust here? Intel? Did Signal ever get this working? | | In general Signal can just see what IP address/port picks up | a particular user's pre-keys if they want to know who is | talking to who. | otterley wrote: | A judge can sign an order commanding a witness or party to | preserve documentation and evidence, under penalty of contempt | of court. However, there is still a great deal of uncertainty | as to what actions the subject of the subpoena must take in | order to preserve that evidence. It's pretty clear that you | have to disable automated destruction mechanisms, you can't | disable any recording functions you may already have, and you | can't go and shred relevant papers in your possession; but | whether a court can order you to write code or take other | burdensome steps in order to record certain electronic records | that you didn't record before to assist an ongoing | investigation is still a very open question. | flipbrad wrote: | Sadly, not an open question in the UK. | otterley wrote: | What's the law in the UK, out of curiosity? | flipbrad wrote: | Even assuming we're just talking about traffic data | rather than content of communications: | | https://www.legislation.gov.uk/ukpga/2016/25/section/87/e | nac... | | Ctrl+f for "generation" | vhanda wrote: | Out of curiosity do you if you're within your rights to | say "this will cost 'x' amount, we cannot afford it" or | say if this is requested we would prefer to dissolve the | company? | | Basically can the UK government compel you under the | threat of criminal prosecution? | rdtsc wrote: | Noticed that the last connection time is a date, rounded to the | day. 1634169600000 (unix millis) | Thursday, October 14, 2021 12:00:00 AM | | Well done. I immediately thought that having a millisecond | granularity of last connection time could be used to roughly | correlate who contacted whom, depending on what the "connected" | event is considered. | thsr wrote: | Please read between the lines: they surely sent similar letters | to WhatsApp, Google, Facebook, etc. who happily complied... | vmception wrote: | > Last connection date: 1634169600000 (unix millis) | | > Account created: 1606866784432 (unix millis) | | This response of the user information they have is hilarious. | kps wrote: | > Last connection date: 1634169600000 (unix millis) | | Thu 14 Oct 2021 12:00:00 AM UTC | | Do they round? | kube-system wrote: | It's likely a _date_ value (as literally stated) rather than | _date-time_. It 's not 'rounded' as much as the time value is | simply not present. | danieldbird wrote: | Why has the dynamic become, the Government and it's Citizen's | being seperate from one another. | | The government is funded by its Citizens. | | I remember a time when spying on EVERYONE was a bad thing. | t-writescode wrote: | Was that day 9/10/2001? I remember those days, too. I miss some | parts of them. | sneak wrote: | Reminder that this does not hold true for Apple's fake "end to | end encrypted" iMessage: iCloud Backup, which is not end to end | encrypted, uploads all of your iMessages* to Apple each night in | a format that Apple can read without you (and turn over to the | state upon legal demand such as this). | | Note that disabling iCloud Backup won't help you, as it's turned | on by default and everyone else you iMessage with will be leaking | your conversation plaintext to Apple for you. | | Disable iMessage. Use Signal exclusively. | | * _if you use Messages in iCloud, iCloud Backup instead backs up | the cross-device sync key instead of the iMessages themselves, | which means Apple gets your iMessages in real time as they sync | between your iCloud devices, instead of once per day_ | | https://mobile.reuters.com/article/amp/idUSKBN1ZK1CT is why fake | pro-privacy Apple will never be able to run a story like Signal | has here today. | Croftengea wrote: | I'd love to see how would a similar WhatsApp's response look | like. | ziftface wrote: | Probably not the kind of thing they'd brag about in a blog post | unfortunately | vmception wrote: | The government still has the capability to subpoena the | individual responsible for the behavior they don't like. | | They've only gotten used to going after the intermediary, and it | feels uncomfortable for them to have this power removed and reset | back to the mean. | lightsurfer wrote: | signal social network? I'm in. | leahacab wrote: | Does Signal notify the relevant users regarding subpoena? The FBI | request asks them not to but only says "Please do not", hardly | required it seems | tptacek wrote: | It's required. There are statutes tying disclosure of subpoenas | to Obstruction charges. This is not a new issue; subpoena | secrecy was a thing before there was an Internet. | vaseem wrote: | thanks Signal, thanks ACLU | | https://www.aclu.org/ https://signal.org/donate/ | | Nothing is free, support these folks. | walrus01 wrote: | As an ISP: This is a very boilerplate subpoena. Whether or not | the specific FBI agent knows or cares what Signal is, I'm about | 99% certain it's just the result of a copy/paste from a template. | johnnyApplePRNG wrote: | Just curious, why does signal have the ACLU respond for them? | | I thought the ACLU was more of a protection against smaller | entities who didn't have funding/legal firepower? | tedivm wrote: | Signal is a 501c3 nonprofit- they don't have all that much | funding or legal firepower beyond their regular operations. The | ACLU also loves them, and getting a letter from the ACLU | probably makes matters go away faster then getting a letter | from some random lawyer. | vaseem wrote: | thanks Signal, thanks aclu | | https://www.aclu.org/ https://signal.org/ | | Nothing is free, support these folks. | alkdfdlkdslk wrote: | I just realized something. One of the only things contained is | the account creation date. How hard would it be for the FBI to | pull that text you get at that time/date to activate Signal? Not | Impossible I would imagine? | | Edit: What raised my eyebrow is that the subpoena specifically | asks for that. Why? | ev1 wrote: | Signal does not absolutely require real numbers/ban VoIP/etc. | You can theoretically sign up with a cheap VoIP number. | akouri wrote: | What I don't understand about the whole Signal E2EE model is that | while your messages themselves may be encrypted, they are still | sending push notifications over Apple's servers, which have to go | through APNS. Often the entire message contents can be contained | in the push notification. | | Does anybody know if Apple's notifications are E2EE? I doubt that | gov't doesn't have access to the push notifications... | sulam wrote: | Are you sure they use APNS? They could simply use app | notifications. | NdMAND wrote: | I believe they are encrypted (and decrypted on device by the | Signal app). They recently had to do some rewriting of the code | for iOS15 - they share some comments about that here: | https://community.signalusers.org/t/beta-feedback-for-the-up... | Hope it helps | | Edit: wow people were fast to reply... | akouri wrote: | Sweet, thanks for the link to that discussion. Looks like | they're handling it :) | tptacek wrote: | Handling what? They've never depended on Apple for | encryption. | Klonoar wrote: | I'm actually surprised they didn't use a notification | extension before. They're surprisingly great as an API - I | used it to dynamically render preview line chart images for a | finance app I worked on a few years ago. Just send over the | limited line data, render the image, and you're good to go. | drifkin wrote: | You can send an invisible push notification that tells an iOS | app to wake up in the background and check for updates: | https://developer.apple.com/documentation/usernotifications/... | jerryluc wrote: | I was wondering about the same thing. I think that signal just | sends a message to APNS (and Google's equivalent) that you have | something to look at like a new message or whatever. That makes | the app wake up and goes to signals servers for the actual | content and the app creates the actual notifications on your | device. | [deleted] | JustSomeNobody wrote: | > Often the entire message contents can be contained in the | push notification. | | Good grief, why would you do that? Just send a notification | that data is ready and the when the app wakes, go get the | remainder of the data from signal servers. | indigomm wrote: | They send an empty push message to the device. This then causes | the app to wake up, and fetch the actual message from Signal's | servers. | camhart wrote: | I'm guessing here, but wouldn't they just push the e2ee message | through APNS? Then decrypt client side. Or does Apple require | plaintext messages for push notifications (that seems bad if | they do)? | akouri wrote: | When you craft a push notification server-side, it contains | the payload in plaintext. Now, that is probably encrypted in | Apple-land, but my point is that the gov't probably has sunk | its teeth into Apple already. So, yea signal's encryption may | be open source and proven, but I doubt Apple's doesn't have a | backdoor. | MrKristopher wrote: | Not sure if Signal is doing this, but they could send a | notification with title "New message" and encrypted | payload. The payload can be processed by a client-side | notification extension which decrypts the payload and | chooses what notification text the user will see. | ylk wrote: | I mean Apple themselves is telling devs to not send | sensitive data in the actual notification | | > [...] never include sensitive data or data that can be | retrieved by other means in your payload. Instead, use | notifications to alert the user to new information or as a | signal that your app has data waiting for it. | | https://developer.apple.com/library/archive/documentation/N | e... | egberts1 wrote: | that's why Signal sends an empty notification then uses | their own EE2E for notification wordings. | almog wrote: | Even if the push notifications themselves are encrypted, isn't | there still the question of whether Apple store the (App x | Notification x User/phone number) graph? | nicce wrote: | This applies on every single app, and is quite irrelevant as | you already trust Apple by using their closed source device. | If they want your data, they sure get it. | almog wrote: | Unless you only contact Signal users who have verified and | compiled the client themselves, you put the same kind of | trust in Signal, which specify what data is logged (phone | numbers are stored hashed for discovery by other users). | | The same may or may not be true for Apple (I have no idea) | but claiming it is irrelevant as an answer to a question | about whether an _Apple_ technology is encrypted, is mind | boggling to me. | ericpauley wrote: | I would (naively) assume that the notification service sends | opaque (encrypted) blobs that are processed (decrypted) by the | app before display to the user. | Gaelan wrote: | I'm not too familiar with this, but my understanding is that | the push notification just wakes up the Signal app, then the | Signal app gets the encrypted message (either from Signal's | servers or the push notification payload, I'm not sure) and | decrypts it client-side and provides the notification text. | sdcooke wrote: | I don't know how Signal works but it is possible to send a | silent encrypted push notification that the app can decrypt and | show as a local notification. | 2OEH8eoCRo0 wrote: | Beautiful. That's how you do it. | | I actually believe that law enforcement has the legal right to | subpoena information, with a judge's consent, while investigating | criminal activity. This is exactly the solution to that problem. | These platforms should want to know as little about you as | possible. | onetimeusename wrote: | Yes, although the way around this for law enforcement is to | pressure Apple and Google to remove Signal from the App | Store/Play respectively (to protect children!) and work on | operating system level bypasses of Signal. I am fearing this | scenario. | vorpalhex wrote: | For android that will be annoying to users: sideloading is a | bit technical. | | For iOS users, that will be a death knell. | Groxx wrote: | Sideloading on android is quite simple. "download apk" -> | "launch apk file" -> "alert gives you a shortcut to | settings to allow installing apk from [source]" -> toggle | the only switch on that screen -> "launch apk file" now | installs it. | | You press the only non-"give up" button at each stage and | you're done. | | Remember that Fortnite succeeded in convincing people to do | this by the millions. It's not hard. | hsbauauvhabzb wrote: | Kids hooked on a game vs adults reading a scary message | for an app are psychologically very different. Even if | fortnite retained millions, how many users did they lose? | tyingq wrote: | I wonder how far they could go in compelling Signal to push a | change that let more info leak for a specific user. I know | there have been somewhat similar cases where companies were | compelled to add new functionality, logs, etc, to capture | info for a specific user. | JTbane wrote: | Might go full idiotic like the Australian government and | mandate backdoors | Thorentis wrote: | I'm surprised the FBI has tried to get a custom keyboard | into the Play Store yet, or asked Google to add a key | logger to the stock one. Sure, the legality is blury _at | the moment_ , but it's just a matter of changing some laws | and then that becomes legal. | sundvor wrote: | They could just product a service that masquerades as a | grammar checker provider. | | Come to think of it, that'd be the perfect place to go to | demand a wiretap - at least one such popular "LY" service | already exists. | | I'm still shaking my head at what many regular users will | agree to.. | monocasa wrote: | I assume Google's reports back already. They need that | for ML training. | maksim-m wrote: | According to Google, Gboard uses Federating Learning to | train a model on user data on the local device, so no | sensitive data is not sent to the server. Only the | gradients are sent and aggregated on the server. | https://research.google/pubs/pub47586/ | bduerst wrote: | Google has been pretty adamant for years that they don't | use or retain your Gboard data, unless you're typing it | into search or some Google product that gathers it there. | Prediction is supposedly done in-app. | anubiskhan wrote: | I thought google collects everything put into Gboard | anyway? (Maybe just if swipe is enabled) | alfiedotwtf wrote: | This. | | The Internet may interpret censorship as damage and route | around it, but spy agencies interpret laws as inconveniences | and ignore them. | | As access closes in one place (i.e application layer), they | will just get closer to the source (i.e operating system or | supply chain) | azinman2 wrote: | It's easy so say net win for society is privacy. But it's | important to also acknowledge it does come at a cost -- there | exists criminal behavior that most reasonable people would | agree is bad and should be stopped that may reach a dead end | with services like Signal. In formulating your statement that | examining criminal behavior is a problem, you are suggesting | there shouldn't be ways to uncover crimes. | Out_of_Characte wrote: | The end doesn't justify the means. Police in democratic | societies have less power on what they are allowed to do in | order to stop crimes, uncover crimes or prosecute criminals. | Like requiring a search warrant or how long the police can | hold you, interrogate you and so forth. But speech in general | has always been a private matter, encryption only reinforces | the status quo of society. | | What argument do you have that less encryption is the | preferred solution? | azinman2 wrote: | I have family members that have gone through violent crime | that now have PTSD, and due to lack of evidence because of | the inability to read chat logs, the perpetrator is free | and the case never brought against him. | | Meanwhile Encrochat's non-encryption ended up allowing a | multinational set of drug cartels to be taken down. | | It's not difficult to come up with such examples. | nobody9999 wrote: | I have sympathy for your family members. | | I (obviously) have no idea about the details of that | situation, but since a violent crime _can 't_ be | committed over the internet via a chat app, there ought | to be _physical_ evidence of that crime, no? | | If there's some sort of conspiracy element to that, I can | see how chat logs might be useful. | | But attempting to require folks to provide information | they don't have (as is the case here) is a fruitless | endeavor. | | What solution would you suggest? Get rid of encryption? | Force providers to collect the contents of their users' | computers and phones? | | While, as I said, I sympathize with your family members | (and you), such an outcome doesn't justify taking away | _everyone 's_ privacy. | | Especially since the vast majority of people are decent, | law-abiding folks. | | I get that your experiences and the pain they've caused | won't allow you to see things differently, but privacy is | important, and I for one, won't give mine up without a | fight. | ssss11 wrote: | No. They're suggesting that law enforcement should have a | valid reason to request someone's private data such as this | process. | | You have added that last line yourself, and it appears to | suggest that you would prefer all of humanity be constantly | surveilled in case it may catch more criminals. | mminer237 wrote: | The Fourth Amendment clearly states that law enforcement | has to have a subpoena where a judge agrees there's a valid | reason to demand private property, with very limited | exceptions. | | E2E does not require a valid reason. Its only change as far | as law enforcement is concerned is to stop monitoring when | they do have a valid reason. (Which I think most people | feel is as acceptable trade-off.) | azinman2 wrote: | > you would prefer all of humanity be constantly surveilled | in case it may catch more criminals. | | Not only did I not say such a thing (I even said it was | easy to argue that encryption is a net win), it's not | something I believe, especially when you put it in such | extreme terms. But encryption brings a cost, one that | shouldn't be ignored. | | Most people here are taking extreme arguments -- assuming | everything is about mass surveillance and crimes are more | often than not victimless. This ignores the reality that | real crimes are regularly happening that most reasonable | people would wish to stop, and when you add friction to | that, it means there are many cases were justice will not | be served. | elliekelly wrote: | How many crimes have been prevented in the last 20 years | thanks to the surveillance powers of the USA PATRIOT Act? | Last I'd heard the answer was zero. | | The privacy/security trade-off is vastly overstated. | azinman2 wrote: | Be curious where you've heard that from, because the | results will largely be kept secret. | | Regardless, there are far more ordinary crimes being | committed than terrorism. | kilna wrote: | Those who want to keep the current draconian status quo | in place are incentivized to make public any wins, it | would justify the existence of the extreme measures. The | fact that they haven't boasted about _any_ win is | telling. | marvin wrote: | This is the cost of abusing the public's willingness to allow | certain exceptions to civil liberties. In a society where the | public generally trusts the authorities, this problem | wouldn't occur. People would almost always be willing to have | their communications available for _potential_ judicially- | guarded examination, trusting that only justified suspicion | of particularly violent crimes will ever be cause for using | it. | | But when the authorities transgress once too many, the public | in general will switch to services that properly defends | their privacy. | | We can consider this a game-theoretic outcome of abusing the | trust of the public. The consequence will eventually be that | properly henious criminals will have better tools for not | getting caught. | pangolinplayer wrote: | You are very optimistic in the "public". | mfer wrote: | We end up debating trade-offs where people don't agree. | | Privacy with end-to-end encryption keeps everyone's | communications safe. Criminals, politicians, people working | for government contractors, and everyone else. This means | criminals can get away with more things. It also means that | politicians and surveillance governments have a harder time | monitoring regular people or their government challengers. | nobody9999 wrote: | >there exists criminal behavior that most reasonable people | would agree is bad and should be stopped | | Absolutely. | | >In formulating your statement that examining criminal | behavior is a problem, you are suggesting there shouldn't be | ways to uncover crimes. | | I didn't get that at all. Before Signal and other encrypted | apps, folks who didn't want to be spied upon would meet in | person, in private places or write messages in code. | | That didn't stop the police from bringing down many | criminals, such as Al Capone, the New York Mafia and many | others, did it? Nope, it didn't. | | What you _seem_ to be advocating is that _everyone 's_ | privacy should be forfeited so police can get information | without doing, you know, police work. | | I'm all for bringing criminals (especially violent ones) to | justice. But I'm not willing to give up _my_ privacy so that | police can spend their time eating donuts instead of their | jobs. | | Feel free to disagree, but I'm going to keep using Signal and | be glad of it -- not because I'm involved in criminal | activity, but because I value my privacy. | azinman2 wrote: | You're attacking a straw man. I never proposed anything | other than recognizing the cost of encryption. And if you | are to honestly do so, then you also need to recognize | things happen now digitally that would have been in person | before, which ends up leaving clues like witnesses and DNA. | | The world isn't black and white. | nobody9999 wrote: | >You're attacking a straw man. I never proposed anything | other than recognizing the cost of encryption. | | I assume you're referring to this sentence in my comment: | What you seem to be advocating is that everyone's | privacy should be forfeited so police can get | information without doing, you know, police work. | | Note that I said _seem_. Which, in this context, means | that 's what I understood you to be saying. Thank you for | clarifying. | | What's more, I'm not _attacking_ anything or anyone. | Rather, I 'm expositing my views WRT encrypted | communications and police work. | | That you interpreted the expression of my views as an | attack says more about you than about me, IMHO. | feanaro wrote: | > In formulating your statement that examining criminal | behavior is a problem [...] | | Who exactly said this? It's rather the other way around: | flagrantly examining and being able to examine non-criminal | behaviour at a whim is a problem. The excuse of potentially | being able to spot criminal behaviour is not enough. | azinman2 wrote: | The GP did: "I actually believe that law enforcement has | the legal right to subpoena information, with a judge's | consent, while investigating criminal activity. This is | exactly the solution to that _problem_." Nothing was said | about spotting at large, but the context was subpoenaing | information with a judge's consent while investigating | criminal activity. | nobody9999 wrote: | >"I actually believe that law enforcement has the legal | right to subpoena information, with a judge's consent, | while investigating criminal activity. This is exactly | the solution to that _problem_." | | Absolutely. The other side of that coin is that people | are not _required_ to keep (or in this case, even gather) | information in a way that allows the government to obtain | it. | | I'd also point out that this isn't about information that | could prove a crime. It's about the government demanding | information from a _third party_ about unknown persons | and the contents of their personal effects. | | Given that Signal doesn't collect or have access to such | information[0]: | | "...this subpoena requested a wide variety of information | we don't have, including the target's name, address, | correspondence, contacts, groups, calls." | | It's not possible to provide it. Are you claiming that | Signal should be _required_ to gather such information | solely for the benefit of the police? | | As the Fourth Amendment[1] to the US Constitution says, | in part: | | "...and no Warrants shall issue, but upon probable cause, | supported by Oath or affirmation, and particularly | describing the place to be searched, and the persons or | things to be seized" | | And since the subpoena was asking for Signal to identify | the subject (their name), such a demand is clearly | outside the bounds of the Fourth Amendment. | | I'll say it again: Whether a judge (in this case, it was | a grand jury and not a judge, but why split hairs?) | agrees or not, Signal _can 't_ provide information it | does not possess. | | I suppose a law could be passed requiring them to collect | such information as was demanded, but it's hard to see | how that would be defensible on _any_ grounds. | | [0] https://signal.org/bigbrother/cd-california-grand- | jury/ | | [1] https://en.wikipedia.org/wiki/Fourth_Amendment_to_the | _United... | snarf21 wrote: | So there was no crime before Signal? The "I have nothing to | hide so I don't care" argument is so shortsighted. Absolute | power corrupts absolutely. Remember this from the Nazi | resistance? | | First they came for the socialists, and I did not speak out, | because I was not a socialist. Then they came for the trade | unionists, and I did not speak out, because I was not a trade | unionist. Then they came for the Jews, and I did not speak | out, because I was not a Jew. Then they came for me, and | there was no one left to speak for me. | | Now is the time to speak out. By the time you want to protest | and push back, it could be too late. | missedthecue wrote: | Think about it this way; if the government wants to know | something about you, they'll be able to find out. Switching | browsers, or search engines, or email providers, or chat | apps will not stop them from their goals. | | But it can make your life a lot more inconvenient. | paulirwin wrote: | Apart from just not having encrypted data, the only way to | achieve what you're suggesting is with a government backdoor | into the encryption. | | Any backdoor - any! - will result in your data being exposed, | sooner or later. Your Signal messages could then be exposed | in a data breach on the dark web for all to see. | | It is not worth it to risk everyone's privacy to allow for | the chance at easily prosecuting a small number of crimes. | Remember - you're not preventing crime this way, just | allowing for easy evidence capture. There are viable | alternative ways of investigating crimes, as others here have | said. There are not viable alternative ways of protecting our | data. | baq wrote: | Exactly. This same thing happens one time too many, it gets | outlawed. | [deleted] | hackflip wrote: | What is the criminals are the authorities? | basilgohar wrote: | The net benefit to society when government is granted and/or | authority is granted broad powers of surveillance is the | abuse of that power to serve the desires of those in power | rather than society in general. | | Your statement is carefully crafted to sidestep this with the | wording, "...there exists criminal behavior that most | reasonable people would agree is bad and should be stopped | that may reach a dead end with services like Signal...", | ignoring that the crime of abuse of power is far greater than | any crime that could be prevented when it'd granted. | | There will always be "some people" that think this way. But | more certainly such powers will be abused by those entrusted | with them. | ziftface wrote: | The widespread abuse of power in government agencies makes | this argument a little naive imo. The vast majority of what | they do has very little effect on anyone's safety. I'd rather | be able to communicate privately and let people keep selling | drugs if they want to. | Barrin92 wrote: | > _the widespread abuse of power[...]_ The vast majority of | what they do has very little effect* | | doing a lot of work here. To what degree is that simply | anti-governmental sentiment rather than an honest | evaluation of the agencies in question? | | Say you'd be living in a narco neighborhood in Mexico were | cartels regularly shoot civilians up in private wars, have | you considered how badly institutions could do in | comparison? | somebodythere wrote: | The US government is too caught up in prosecuting victimless | crimes, bullying defendants into taking plea deals (and | forfeiting their right to a fair trial), handing out cruel | sentences, and using evidence borne from illegal searches | (while lying about it). | | Until all of that changes I am not interested in giving them | more ammo. | azinman2 wrote: | Right because until some bar that can never be met is | satisfied, let's let anything go? Sorry, that's not the | society I want to live in. | somebodythere wrote: | The bar is "executing justice doesn't regularly cause | more harm than the harm it claims to prevent." It's | basically on the floor. | | Well, the other bar is "the justice system follows its | own rules." That's reasonable enough to ask, isn't it? | tmp538394722 wrote: | No one is suggesting it should be impossible to uncover | crimes. | | But I'd say that we should work to make it impossible for | mass surveillance to exist, full stop. | | Police should have to do real actual detective work to | implicate people in a crime. | politician wrote: | They can pull this information from either the sender or any | of the recipients phones. If the government knows the sender, | they can arrest them and confiscate the phone. | | That's reasonable. | azinman2 wrote: | If you use a passcode, they police cannot force you to | unlock your phone: | | https://www.lawtechnologytoday.org/2019/08/can-police- | force-... | nobody9999 wrote: | >If you use a passcode, they police cannot force you to | unlock your phone: | | And that's a _good_ thing. | BiteCode_dev wrote: | It's not a dead end with Signal. But it requires field work, | as they used to do 50 years ago. | | Now, cops and politicians want to solve all the problems from | their desk. | | No, sorry, my freedom is not to be sold for their | convenience. | | You want to catch a bad guy, you get a trained investigation | team that follows people, that wires their house, that | interrogates neighborhood, etc. | | Is it more work ? Yes. Is it more dangerous ? Hell, yes. | | But don't say you can't catch criminals because of Signal. | What you can't do, is click on a button to spy on people. | It's a good thing. | | This mantra is just an excuse to chew off chunks of | democracy. | davidw wrote: | > What you can't do, is click on a button to spy on people | | There's a subpoena in this process that you're glossing | over. You can argue that's too easy or too secretive or | something, and that's more than fair, but it's not just | 'clicking a button'. | BiteCode_dev wrote: | I'm not arguing about the subpoena, I'm arguing against | the idea that encrypted solutions are bad. | | If you have a subpoena to open a safe, and you realize | that you have no tools that are strong enough to open | that safe, you don't suddenly blame safes. You don't tell | banks they should stop using safes. You don't ask them to | create weaker safes robbers can break into. | | You try another route. | | A subpoena is fair. Asking signal to preemptively not | encrypt the data in case we need it later is not. | davidw wrote: | azinman2 didn't say that there should not be encryption, | just that there's a cost, and I think that's a fair | statement. Sometimes, 'other methods' are not viable and | you're not going to be able to stop the bad guys. | surge wrote: | Sub poena is basically a rubber stamp after filling out a | form. Often done in secret with the barest of oversight. | A warrant requires a bit more justification at least. | 2OEH8eoCRo0 wrote: | > Sub poena is basically a rubber stamp after filling out | a form. | | Do you have a source for that? | d4mi3n wrote: | This is only true if the companies you're asking for data | refuse to provide it _without_ a subpoena. Many companies | (let's us AT&T as an example) will provide law | enforcement whatever data they ask for without requiring | a subpoena. | ethbr0 wrote: | I assume parent was probably referring more to the | subpoena- / warrant- less "creative" solutions that have | been discovered, than the typical exhaustion process. | jonnybgood wrote: | So you want cost the taxpayer significantly with | potentially months of unneeded work and expose cops to | potentially more danger to ultimately arrive at the same | result? How exactly is this better? | nobody9999 wrote: | >So you want cost the taxpayer significantly with | potentially months of unneeded work and expose cops to | potentially more danger to ultimately arrive at the same | result? How exactly is this better? | | Because _my_ privacy and that of most others who are | decent, law-abiding citizens is more important than not | making police _do their jobs_. | | How do you think police caught people before apps like | Signal? With real police work. Perhaps if they had to | spend more time doing that, they wouldn't have time to | beat and kill as many unarmed civilians. | BiteCode_dev wrote: | If the alternative is a mass surveillance state (which we | are sliding to) and the end of democracy, yes. Yes it's | way better. | t-writescode wrote: | > to ultimately arrive at the same result | | [citation needed] | | Further: | | Wiretapping is illegal without a warrant. I believe the | spirit of the law there implied that wiretapping of | [previous, historical conversations] was _always_ | illegal, since a wiretap could only be tracking future | conversations by its very nature. | | The nature of communication has changed, such that all | conversations theoretically have a permanent, historical | record, despite the intention of those conversations to | not have that historical record. It's called "instant | messaging", after all, not "perpetual letter writing". | It's meant to be an analogue to talking directly with one | another. | | The path we've gone down where everyone uses a third | party to communicate with each other, and that that third | party could theoretically record and retain all | communications back and forth in perpetuity does not | change the _intent_ of the laws as they were written. | | The laws were to protect everyone from unreasonable | review of their historical actions. | | Perhaps you remember that story - I've completely | forgotten the source and am having trouble finding it - | about the person taken in the night and thrown in front | of a judge. He asked what his crimes were, and the judge | said "that's what we're here to find out", as they were | going to go through everything he'd ever done to find | something to charge him with. | | edit: another instance would be Lavrentiy Beria, a police | chief under Stalin | (https://www.oxfordeagle.com/2018/05/09/show-me-the-man- | and-i...) | | "Show me the man, I'll show you the crime." | nobody9999 wrote: | >"Show me the man, I'll show you the crime." | | That's nothing new, either. | | "If you give me six lines written by the hand of the most | honest of men, I will find something in them which will | hang him." -- Attributed (possibly apocryphal) to | Cardinal Richelieu (1585-1642). | MuffinFlavored wrote: | > This is exactly the solution to that problem. | | I could be wrong but I was under the impression that the way | end-to-end encryption worked (like what Signal claims, I | thought) was it was physically impossible for them to decrypt | (handover decrypted data (aka your messages) to a court of law) | because the public/private keys are impossible to crack and | also not known by Signal. | | It sounds like this isn't the case whatsoever. | | I don't really understand modern chat apps that talk about | encryption. By no means am I a pro on the subject so I | apologize in advance but... if you really don't want ANYBODY | EVER snooping on your data network wise (unless they are | holding one of the devices and reading the screen after it has | been unlocked via passcode/biometric, etc.), can't you just | tell your friend a key and exchange it offline and then | communicate freely with no middleman? Or even, with a | middleman... that is just transporting your data and doesn't | know your agreed upon shared secret or keys. | | How could a subpoena ever work against this kind of data? | aidenn0 wrote: | It takes extra effort to design a system with this little | amount of data. Note that we only have Signal's word for some | of this; they could in fact log every single time that you | login, which would make the amount of data sent to the FBI | much larger (and could be of importance to the case, for | example, if the defendant had a dedicated Signal account for | the crime that they only logged into at certain times). | | Then there's IPs. If you log IPs along with when someone | connects, then an IP can often be tracked to a WiFi router, | which then pins your location. | | Most E2EE communication protocols will see (and thus | potentially log) the time and destination of every message | you send. If two people have been accused of conspiring to | commit a crime, this could be material in forming the case. | They may also store your contact list, but a sufficiently | long list of messages sent will practically determine your | contact list anyways. | | Even just the time of messages could be important; if someone | interviewed claimed to be in the shower at a certain time, | but there were logs of a message being sent at that time, | that's probably enough for an obstruction of justice charge | to stick. | teawrecks wrote: | I think you misread the post above. They're saying that the | govt should be allowed to issue subpoenas, and nothing more. | They shouldn't be allowed to mandate backdoors, or hack | suspect's machines, etc. And citizens should be free to use | cryptography to control their information. | | Also, "Impossible" is not the right term. "Extraordinarily | expensive" is a better one. And yes, anyone can share public | keys with each other offline and have end-to-end encrypted | communication without help from a service. But advertising | companies and the govt are not incentivized to make that | practice convenient, and people typically do what is most | convenient. | teawrecks wrote: | If neuralink/related tech ever gets to the point of mind-to- | mind communication, without a doubt our law enforcement will | claim they have the right to subpoena a person's thoughts. We | may be setting a precedent now that is more important that we | could ever think (pun intended). | savant_penguin wrote: | Agreed, except when the government gets to make that subpoena a | state secret | ARandomerDude wrote: | With very limited use, even secret subpoenas can be a good | thing, for example in a counterintelligence situation where | you don't want to tip your hand to a foreign intelligence | service. | | The problem is abuse of that system. | post_below wrote: | Abuse of that system being a when, not if, scenario. | throwoutway wrote: | More like "how often", or have we forgotten how much | Obama tried to bury Snowden's leaks? | akiselev wrote: | I'd postulate that given the scale of a nation state, | abuse of _any_ system becomes a when, not if, scenario. | salawat wrote: | ...or to your own citizens, who you may be looking at as a | domestic threat. | | Let's be clear There is no reason to assume that this type | of thing is constrained to "just the type" the government | can have their arm forced into admitting to. | webmobdev wrote: | That seems to be recent thing (over the last decade or 2) | with the US. The _Supreme Court of India_ recently made these | observations when the government refused to share certain | information with it under the bogey of _" national | security"_: | | > "... In a democratic country governed by the rule of law, | indiscriminate spying on individuals cannot be allowed except | with sufficient statutory safeguards, by following the | procedure established by law under the Constitution ... | | > We had made it clear to the learned Solicitor General on | many occasions that we would not push the Respondent-Union of | India to provide any information that may affect the national | security concerns of the country. However, despite the | repeated assurances and opportunities given, ultimately the | Respondent-Union of India has placed on record what they call | a "limited affidavit", which does not shed any light on their | stand or provide any clarity as to the facts of the matter at | hand. | | > However, this does not mean that the State gets a free pass | every time the spectre of "national security" is raised. | National security cannot be the bugbear that the judiciary | shies away from, by virtue of its mere mentioning. Although | this Court should be circumspect in encroaching the domain of | national security, no omnibus prohibition can be called for | against judicial review. | | > The Respondent-Union of India must necessarily plead and | prove the facts which indicate that the information sought | must be kept secret as their divulgence would affect national | security concerns. They must justify the stand that they take | before a Court. The mere invocation of national security by | the State does not render the Court a mute spectator" | | > ... We are not interested in knowing matters related to | security or defence. We are only concerned to know whether | Govt has used any method other than admissible under law ..." | | Source: Supreme Court Constitutes Independent Expert | Committee To Probe Pegasus Snooping Allegations - https://web | .archive.org/web/20211029130706/https://www.livel... | onefuncman wrote: | Shouldn't Signal be required to produce all the encrypted data | stored for this user, in case law enforcement are able to get the | associated private keys off the suspect's phone? | gepoch wrote: | Signal stores messages on their servers until they're delivered | at which point they're purged. | | Additionally, Signal's encryption scheme gives their messages | the "forward secrecy" property which means that acquiring key | material at some point in the future does not allow you to | decrypt any previous messages. Any encrypted messages that they | could provide would be useless. | | For more, check out their really interesting doc on the double | ratchet algorithm that they use!: | | https://signal.org/docs/specifications/doubleratchet/ | Labo333 wrote: | I'm worried that the provided information could be incorrect. For | example, that user could have messages waiting to be delivered to | himself. In that case, I think signal doesn't know the senders | but should still disclose the number of those messages and their | size. | | Signal erases that kind of information but I'm pretty sure that | user must have had some messages delivered to them while signal | was processing the subpoena. So pretenting they don't know | anything else is just wrong IMO. | d1lanka wrote: | Well done Moxie Marlinspike and Signal team. | | Now don't pull any sketchy shit like Mobilecoin without being | transparent. | stabbles wrote: | What worries me is that even though they don't own the data, they | could be forced to push an update that will upload decrypted | messages from people's phones. Not owning the client would be | better | zaik wrote: | Not owning any server would also help. Metadata, contacts and | groups can easily be recorded if you own the server. Federation | is a big reason why I consider XMPP superior to Signal. | upofadown wrote: | How did Signal know who they meant? | loeg wrote: | Phone number. | khiner wrote: | This makes me so happy | gatgeagent wrote: | Why did they even incorporate in the USA, I'd guess they'd have | less work in like the Seychelles or Belize. | kasey_junk wrote: | If they were in the Seychelles or Belize they would be covered | by the NSA and no subpoena would be required to get traffic | data. | bduerst wrote: | Protonmail is incorporated in Switzerland, but even then they | have been compelled to give up user logs and ip addresses. ___________________________________________________________________ (page generated 2021-10-29 23:00 UTC)