this post was submitted on 26 Sep 2024
156 points (92.4% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54577 readers
277 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Good idea overall, unfortunately they still have your IP and phone number which means Europeans are still implicated
Signal doesn't collect IPs and therefore can't even hand them out. It's been requested in 2021. Here's a list of requests from authorities they were allowed to publish. I've looked through 3 of the most recent and nowhere do they reveal IPs.
Sure they don't log the IPs, but it is technically impossible to not know the IP when you're running a centralized service.
I wrote a comment here about why sealed sender does not achieve what it purports to.
I didn't know that. Thanks
What are the "popular" alternatives? Telegram stores everything, WhatsApp doesn't allow usernames, Matrix requires IPs too...
SimpleX
Despite their claims of total privacy, I imagine, like any software company, they have full access to their own back end including encryption keys and server logs. Meaning they can and probably will moderate their own platform if there is enough pressure from nation states/IP owners.
You are welcome to audit the source code and host the backend yourself.
You understand that, for everyone except for a complete network pro, that is worse for security and privacy, right?
Don't get me wrong, it's great that you can.
But the reason piracy websites struggle so much with long term stability isn't because they're hosting the wrong software.
If you don't put trust on someone something, you left yourself to trust and do all the works. However, you don't trust yourself either, sadly I can't offer any solutions.
TBH I would just use email over TOR and encrypt communication with PGP. Rotate identities every now and then and you should be fine. Yes it doesn't have forward secrecy but it removes the effort to find the "right messaging" service and is instead ubiquitous (and you can sign up for anonymous email addresses online too, which makes it even better).
Session?
The phone number is not connected to the messages. That’s the only thing they have. It is the best app for privacy.
Arguable in it being "the best app for privacy". Can you link to a source which shows that phone numbers are not linked to accounts? (Why do they need them anyway?)
They have published requests from the law enforcement and their responses to these requests. The only unencrypted data they have is the phone number, a date of sign up and a date of the last login. That is it, everything else is encrypted and they cannot access it whatsoever.
The problem is, if you're in Europe, your phone number is associated with your identity
No you don't.
I can go to the corner shop/local garage right now, buy a SIM card for 99p and then buy a top-up voucher in cash to have a completely anonymous phone number.
Albeit is the UK in Europe again? 🙈
edit: where I would be worried if my privacy was on the line is I could also go to the local pawn shop / Cash Converters to ensure that SIM card isn't associated with an IMEI I've previously used and buy in cash a cheapo phone.
The last time I bought a SIM in the UK I was told specifically I could not buy it with cash.
I don't know if you're in the UK right now but I can tell you right now that I can go round the corner and buy a SIM card in cash plus a top-up voucher, from someone like this guy
https://www.coregroup.co.uk/assets/img/cards/independent-retail-sim-distribution.jpg
Same in a few other European countries. I'm doing it right now with a few SIMs. You can also go on holiday to another country, get a few temporary SIMs there for a few quid and fly back home with the "contraband". Really not hard.
Aye, I've seen this misconception before and suspect it's specific countries in the European continent where you have to register.
So what? The law enforcement knows you have an account and knows the sign up date and last login. That doesn’t affect your privacy whatsoever. Besides, Europe isn’t a monolith. You can absolutely buy and use a SIM card without disclosing your name in some countries.
But, again, all they can prove is that you signed up to Signal and when you last signed in.
Exactly. Signal is private, not anonymous
I believe the same is true in the US.
It is not. You do not show any ID to get a phone number
You also don't need to show any ID for a business to meet "know-your-customer" regulations. Can you get a phone number without revealing your identity?
That depends on your OPSEC
Isn't the same true in the EU, then?
Only if you don't have to show your ID to get a number
That depends on your OPSEC.
In countries where you MUST show your proof of identity to get a number, pray tell me what kind of OPSEC can you employ to not do that?
Travel across the border where you can? Ask a friend abroad to send you a SIM card? Maybe even find a service to buy a SIM from?
Sometimes, but that's it. Authorities and signal itself can only say "this number has account with us since $signupDate and used it last on $usageDate". Signal can't say "we know $number is talking to $otherNumber" nor can they say "$number is in $group talking to $users".