Original post text
Given the recent detainment of a French person who got detained because he said something bad about the current administration in his WhatsApp messages. It makes me wonder if WhatsApp is truly end to end encrypted as they claimed. How did they even single him out?
As a corollary question, if I were to pass Customs, and if I delete WhatsApp , Reddit etc just before I reach the counter, will they be able to find out that I just deleted the apps minutes ago? I’ll be deleting them from my phone but keep them on the cloud.
Phone numbers are heavily tied to a person.
What signal had going for it is encryption, but that major flaw of tied to phone number makes me doubt everything else they say.
The phone number link means forward security isn’t possible. If ever the encryption is hacked, all your messages could be forfeit by anyone who’s simply kept the encrypted data.
Can you elaborate on that? Obviously the phone number has privacy implications, but I don’t think it can be used to decrypt messages. In the signal protocol, encryption keys are exchanged using ECDH (so wiretapping doesn’t work) and periodically rotated (so even knowing the encryption keys at a certain point doesn’t let you decrypt messages after that).
A phone number can be traced back to a person. If there is ever a hack or backdoor it can be traced. There are plenty of alternatives that are open source and don’t require any kind of identifier.
The comment that you replied to does not imply the phone number can be used to decrypt messages. All they are saying is that because Signal accounts are tied to phone numbers, a potential adversary already has one piece of the puzzle (who is talking to whom). If somehow, some way, the encryption were ever compromised, then the adversary would have both pieces—in other words, they would know not only who is talking to whom but also what they are saying.
If the encryption is ever hacked, knowing who you are is probably the least of anyone’s concerns. I would imagine that any adversary could build a profile or plan a response without knowing a particular phone number.
“These two people are planning civil rights activism here on Friday,” is just as useful as, “MLK Jr and Malcolm X are planning activism here on Friday.”
Thankfully, they’d have to not only break encryption but also MitM the conversations, since Signal doesn’t actually store chat data on their servers.
I think he is going for the idea once encryption is broke in the future… You name is tied to the content forever.
Without phone number it would be just some random content.
https://simplex.chat/
I’m really not sure what the point is other than to track identities after they got rid of SMS. Sure, have an optional number to make calls, but is this some legal requirement to be on app stores or what?