I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
My conspiracy theory brain goes:
Its funded by the government.
Yes, the messages themselves are encrypted, but they don’t need that, they have access to all the useful metadata.
They can find everyone near the site of a protest (via cell tower data), then find their signal accounts, then see who they are contacting, potentially revealing who the the other protestors and protest organizers are.
And if you need access to the messages, they don’t need to crack the encryption, they could just send pegasus to your phone (and they already have you phone number to do so), and they’ll have access to every message.
Then they just find those other protestors, also send pegasus to their phones.
I mean, the Signal code is technically legit, they just used a side channel (zero day exploits) to gain access.
But this is just a theory, I don’t have any evidence supporting this hypothesis.
They don’t need Signal to do any of this though, so this doesn’t seem like a very plausible theory.
True, they don’t exact need signal. But the thing with exploits is that, once found, they would be patched and they can’t use the same exploit again. So they can’t just be sending everyone in the country Pegasus. That would make it easier for it to be detected.
So with Signal’s help, they have a easier time to select a few targets. They can find out who is using Signal, and correlate that with other data like being near a protest site. Then they only need to target a few Signal users, instead of like sending Pegasus to 5000 protestors, they could find out that everyone is talking to this “John Smith” person, then send pegasus to that user and obtain a lot info And since its only few users being infected, its less likely for the fact that the conversations are comprpmised to be known.
I mean, without requiring phone numbers for Signal, they would have a harder time knowing who is using Signal, and they would end up having to infect all 5000 phones in the protest area, which mean now its much more likely for the spyware to be detected. With infecting just a few of the organizers, their spying can remain undetected for a long time.
As for everyone else not using Signal, they are likely to be using unencrypted messaging, so its not even necessary to infect their phones.
Why can’t they send Pegasus to everyone?
If they can create a fund and invent Signal, they can just make Pegasus part of AOSP and have every manufacturer be forced to install it silently
They could, but again, its easier to detect.
But if we are already under the assumption that Pegasus is so sophisiticated that it’s un-detectable. Its possible all this privacy talk is futile and they already have access to every device, which means Graphene OS is also pointless.
I honestly don’t know. If you are planning any anti-government activities, the only way to be totally safe is to not carry a smartphone (and obviously wear a mask to conceal your identity and all that) and use One Time Pad encryption and deaddrops for communications.
What are you doing to help others escape WhatsApp, anti-libre software?
Obviously Signal is the lesser evil, but don’t use Signal if you are planning a revolt is what I’m saying.
or if you’re the US’ secretary of defense and you’re going to bomb Houthis
🤷
🤣 Absolute shitshow lmfao. Signal is not approved for war communications, that was a security breach (not to mention, adding the journalist), and he risked jepardizing his entire mission.
But on the other hand, having such incompetent fascists is a good thing for the resistance.
Put that at the start. This is c/privacy, not c/revolt.
Seems like a lot of unnecessary steps there
This is what the UK police do with WhatsApp data. Even though they can’t read the messages, they do use the connections of messages to suspicious characters as evidence including date and times, which also puts these other people in the spotlight, opening further investigations.
The UK police can also use ‘stinger’ devices that are “fake” mobile data towers to intercept mobile communications.
Your theory sounds legit