this post was submitted on 02 Oct 2024
105 points (96.5% liked)

Technology

58394 readers
4222 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
105
Telegram is exposing their users privacy. (lemmynsfw.com)
submitted 9 hours ago by 911@lemmynsfw.com to c/technology@lemmy.world
41 comments fedilink hide all child comments
 

Source.

you are viewing a single comment's thread
view the rest of the comments
[–] helenslunch@feddit.nl 6 points 6 hours ago* (last edited 5 hours ago) (1 children)

This means that the phone number requirement has already created a leak of private information

What information? The gov already had the phone number. They needed it to make the request.

Additionally, that was posted in 2021.

Here's a more recent one.. Matter of fact, here's a full list of all of them. Notice the lack of any usernames provided.

Also note that a bunch of the numbers they requested weren't even registered with Signal, so the gov didn't even know if they were using the app and were just throwing shit at the wall and seeing what sticks.

You are required to provide all information tied to the following usernames

They can't respond to requests for usernames because they don't know any of them. From Signal: "Once again, Signal doesn’t have access to your messages; your calls; your chat list; your files and attachments; your stories; your groups; your contacts; your stickers; your profile name or avatar; your reactions; or even the animated GIFs you search for – and it’s impossible to turn over any data that we never had access to in the first place."

What else ya got?

but that doesn't help if they get proof in any other way.

If they're getting evidence outside of Signal, that's outside the scope of this discussion.

because of the phone number requirement, anything you ever send on Signal can easily be tied back to you should it get out

...no. It can't.

that subpoena alone is proof that it does.

It's proof that it doesn't.

[–] Ganbat@lemmy.dbzer0.com -1 points 5 hours ago (1 children)

Please, use some critical thinking here.

What information? The gov already had the phone number. They needed it to make the request.

Yes. That's the leak. A phone number can bridge the gap between your messages and your identity.

Notice the lack of any usernames provided.

You literally changed what I said to fit your narrative. Should a government agency already have access to a message and username, and make a legally valid request for the phone number associated with that username, Signal will be required by law to provide it, as it's already know and proven that they have access to it. The subpoena you provided shows that they already have the phone numbers, so it is moot to this point.

If they're getting evidence outside of Signal, that's outside the scope of this discussion.

No, it's not, that was literally the point of the discussion to begin with, you are the one trying to change it.

...no. It can't.

Do you not know how phone numbers work? Generally if you go through a reputable provider, you're going to be required to give at least your name. Additionally, even if you don't give them your address, your location can pretty easily be extrapolated from things like the area codes and areas in which the phone number has been used. A warrant/subpoena is all it would take, and since that phone number is already tied to any messages they may have, that ties them directly to your identity.

It's proof that it doesn't.

This one barely even warrants a response. You're either being plain obtuse or are genuinely failing to think critically about this, so I'll break it down for you. They wouldn't be serving a warrant to or subpoenaing Signal if they didn't know the accounts in question were involved in something, which at minimum strongly implies that they already have some evidence of these users' use of the service. Additionally, the fact that they're subpoenaing so many at once implies they were in some kind of group on Signal.

Let's try a hypothetical. Let's say we have downtrodden citizens A-F, who are using Signal to talk about Bad Government. Now, let's say someone from BG joins their group undercover and records those messages. Well, now BG wants to punish those poor DCs. If the undercover bad guy already has their phone numbers, job done, they can go find them. If not, all BG has to do is make a legal request for those phone numbers as associated with the usernames, which they do have. That would leave Signal with the choice of complying and directly harming these individuals, or becoming effectively a criminal entity within this territory.

Now, as for you, you have deflected, misquoted, misrepresented, and employed willful ignorance in this debate, and I will broker no further time for bad actors. Goodbye.

[–] helenslunch@feddit.nl 0 points 5 hours ago* (last edited 3 hours ago)

all BG has to do is make a legal request for those phone numbers as associated with the usernames, which they do have.

Once again, as I have explained several times now, no they don't.

You clearly have no intention of a civilized or honest conversation so have a nice day.