Original post text
Given the recent detainment of a French person who got detained because he said something bad about the current administration in his WhatsApp messages. It makes me wonder if WhatsApp is truly end to end encrypted as they claimed. How did they even single him out?
As a corollary question, if I were to pass Customs, and if I delete WhatsApp , Reddit etc just before I reach the counter, will they be able to find out that I just deleted the apps minutes ago? I’ll be deleting them from my phone but keep them on the cloud.
Any time you hear about anyone high profile using a chat app - what are they using?
They’re using Signal.
There’s a reason why they’re using Signal; as far as security it’s the best one out there. Sure, it’s tied to a phone number, but a phone number isn’t an identity.
Phone numbers are heavily tied to a person.
What signal had going for it is encryption, but that major flaw of tied to phone number makes me doubt everything else they say.
The phone number link means forward security isn’t possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who’s simply kept the encrypted data.
Can you elaborate on that? Obviously the phone number has privacy implications, but I don’t think it can be used to decrypt messages. In the signal protocol, encryption keys are exchanged using ECDH (so wiretapping doesn’t work) and periodically rotated (so even knowing the encryption keys at a certain point doesn’t let you decrypt messages after that).
A phone number can be traced back to a person. If there is ever a hack or backdoor it can be traced. There are plenty of alternatives that are open source and don’t require any kind of identifier.
The comment that you replied to does not imply the phone number can be used to decrypt messages. All they are saying is that because Signal accounts are tied to phone numbers, a potential adversary already has one piece of the puzzle (who is talking to whom). If somehow, some way, the encryption were ever compromised, then the adversary would have both pieces—in other words, they would know not only who is talking to whom but also what they are saying.
If the encryption is ever hacked, knowing who you are is probably the least of anyone’s concerns. I would imagine that any adversary could build a profile or plan a response without knowing a particular phone number.
“These two people are planning civil rights activism here on Friday,” is just as useful as, “MLK Jr and Malcolm X are planning activism here on Friday.”
Thankfully, they’d have to not only break encryption but also MitM the conversations, since Signal doesn’t actually store chat data on their servers.
I think he is going for the idea once encryption is broke in the future… You name is tied to the content forever.
Without phone number it would be just some random content.
https://simplex.chat/
I’m really not sure what the point is other than to track identities after they got rid of SMS. Sure, have an optional number to make calls, but is this some legal requirement to be on app stores or what?
I agree with what other people are saying, the whole phone number requirement of Signal isn’t great since, for the most part phone numbers are intended to link to your real world identity. That means they are a very big weak link.
Also let us not forget that Signal is a centralized service run by one company. They have been very resistant in the past to the idea of decentralization and interoperability. I’m already very skeptical of people who claim to be a savior or hero of Privacy and security lie this, even more so when it’s a centralized service. You do know that WhatsApp started out like Signal did right? Look where they are now. You cannot trust a centralized service like Signal, especially one that forces you to provide real world identification. Signal can just as easily be sold and backdoored like WhatsApp was, decentralized services are much more resilient to that kind of thing.
Whatsapp was bought by Facebook and then one of the folks dumped their money into signal making it a self-funded org.
Phone number is KYC’d
It is literally an identity and thats why everyone forcing you to use it now.
Phonenumbers are easy to fake, I have two signal accounts without any ties to my person.
That’s jurisdiction dependent… I thought that this ability is very limited now
Yeah, in some countries you can buy SIM cards at 7-11. In others you need to submit your ID, connect your bank account etc
You can get numbers for verification online. No need for buying sim cards.
Heres my referral :) https://sms-man.com/?ref=qPLi0ekHzn_c
Or you can just ask someone to buy a sim card for you…
deleted by creator