[deleted]
MoonshineMidnight Signal uses an IP they themselves can't see or access as it is only on RAM and never hits a disk on an encrypted Signal server.
Why should we assume that the Signal Foundation doesn't have access to the RAM?
MoonshineMidnight Signal uses an IP they themselves can't see or access as it is only on RAM and never hits a disk on an encrypted Signal server.
Why should we assume that the Signal Foundation doesn't have access to the RAM?
[deleted] It's obvious you won't accept open source code. Please, use another messenger app. Don't use Signal.
MoonshineMidnight Server source code can't be verified, since we don't have access to the actual servers.
[deleted] They have been independently audited. Please do not use Signal. I will continue to do so.
MoonshineMidnight As for the phone numbers, the guv provided them to Signal. If you give them a specific phone number, their system allows them (only) to see when that phone number downloaded the app and last used it.
This was recently reiterated by Meredith Whittaker in Signal President Meredith Whittaker on resisting government threats to privacy:
We fight the subpoena requests we get. And if we aren’t able to fight them, we then provide the data we have, which is the fact that a given phone number registered a Signal account, when that phone number was registered for a Signal account, and when they last logged into Signal.
Have Session removed its PFS and why?
If you download Signal APK from their official website. Does it support updates manually or automatic? Does notifications work cross profiles?
PMUSR Website APK self updates, Play/Aurora version does not. Cross profile notifications are not specific to any app.
PMUSR Session
Doesn't look like it. Regarding SimpleX I don't know, sorry. SimpleX also doesn't seem to self update.
PMUSR There are trade-offs between different approaches. It's up to you how much inconvenience are you willing to tolerate in the name of 'degoogling'. I'd search around and see what others do:
https://discuss.grapheneos.org/?q=app%20store%20apk
https://privsec.dev/posts/android/android-tips/#where-to-get-your-applications
PMUSR I would download them from their respective Releases section on GitHub and instead of Obtainium I would add their links to ReadYou as per Side of Burritos video https://www.youtube.com/watch?v=FFz57zNR_M0 to get notified of updates so I can perform them manually.
PMUSR apps can be updated only from the same source. Otherwise you need to do a fresh install. I find ReadYou a nice, clean and organised way of app management, I don't feel the same way about Obtainium. Currently I use sandboxed Google, half of my apps comes from there the other half I update very sporadically manually directly from GitHub. But should I return to FOSS only, ReadYou would be my go to place. Just a personal choice, many may not like it.
We should stick to the theme of OP.
Interested to hear perspectives on Tucker's claim that his text messages were read on Signal by authorities? I use the app on a 6a to converse with family on iphones.
Here is the link: https://t.co/jFmBlAW3qG
Start: 9:30
End: 9:45
Well signal is based in the US. So why wouldn't there be any eyes watching over it
For $5. Its well worth to get Threema. Signal is fine also if its just small talk with family and a few friends
Could always try and get your friends to convert to Session
MoonshineMidnight I mean, I'm not asking you to stop using Signal. If Signal really wants someone's number, they can log from the RAM. And "Independent Audits" aren't done daily, So they can obviously collect the phone number of some user and then delete any evidence.
Not saying you're wrong because it's actually true, but based on this logic you could say that for almost every service out there.
You are correct though because if they wanted to they could make modifications server side and possibly log what they wanted.