alt Hacker NewsI don't know signal very well but when I have spoken to others about it they mention that the phone number is the only metadata they will have access to.
This seems like a good example of that being enough metadata to be a big problem.
Replies
The steps to trouble:
- identify who owns the number
- compel that person to give unlocked phone
- government can read messages of _all_ people in group chat not just that person
Corollary:
Disappearing messages severely limits what can be read
Presumably this is data taken from interdicted phones of people in the groups, not, like, a traffic-analytic attack on Signal itself.
I don't think it's much of a problem at all. Many of the protesters and observers are not hiding their identities, so finding their phone number isn't a problem. Even with content, coordinating legal activities isn't a problem either.
Was starting to think about setting up a neighborhood Signal group, but now thinking that maybe something like Briar might be safer... only problem is that Briar only works on Android which is going to exclude a lot of iPhone users.
I highly recommend this book. It goes into who funds these things.
https://www.amazon.com/Surveillance-Valley-Military-History-...
but this is not a technical attack that returns the metadata.
much more closer to the $5 wrench attack
I've been hearing for years people say "Signal requires phone number therefore I don't use it", and I've been hearing them mocked for years.
Turns out they were right.