#Signal #Lifehack. When you register as new user, Signal asks you to provide "a" phone number where it can send a confirmation code to finalise the setup.
Know that it asks for "a" phone number that can receive messages. It doesn't have to be YOUR phone number. This is not a new feature, it has always been like that. I registered my Signal account using the phone number of a prepaid SIM in a cheap burner phone. I have never used that number since.
The only thing Signal stores about you is
- When did you register your account (UNIX timestamp)
- When was the last time your account contacted a Signal server (UNIX Timestamp)
That's it. That's all Signal can produce about you when they are forced to by authorities. There is no history, no call log, no data beyond that.
Here you can see a subpoena asking for detailed information and the reply that Signal sent back: https://signal.org/bigbrother/cd-california-grand-jury/
@jwildeboer : unfortunately, most people believe that they have nothing to hide.
@ErikvanStraten And that is perfectly fine with me, as long as they use Signal for sharing what they don't think they need to hide ;)
@jwildeboer @ErikvanStraten Arguing that you don't care about the right to privacy because you have nothing to hide is like saying you don't care about free speech because you have nothing to say.
@ptesarik : thank you, but Jan and I are definitely aware of that!
We'd wish that the majority of people using the internet would understand that privacy is about risks. I don't know about Jan, but often I feel like I'm talking to walls.
In fact, the problem is *that* big, that some people stop listening if they hear the word "privacy". It's for child abusers and other criminals, those using TOR and VPN's.
@ErikvanStraten IMHO: The mission we developers have is to create solutions that allow people that don't care nor understand the implications of technology to still be safe by default. When we developers expose our users to risks they simply are not aware of, that's on us. We must do better. @ptesarik
@ErikvanStraten Enterprises use your data against you: what you visit and what you do to make you addicted to the phone.
It's also known that this is used to target people in demonstrations. People don't want to give away free data so private companies and governments can do what they please with it.
@4Robato : I know.
I decided decades ago to use my real name on internet. I took a risk but until now it was worth it.
However, the world is changing rapidly, and so are my risks.
But then, I'm old and had a good life. I hope never to have to spend time in captivity, I'd rather have a bullet in my head (unfortunately choices are very limited after shit hits the fan).
@jwildeboer @ErikvanStraten @ptesarik For example, my company used 10% of their dev time on security and privacy issues and my competitor used it to add live mustaches to video, and all my users flocked to my competitor because they have nothing to hide but they sure love a pair of live mustaches without the headache of grooming real ones. We still devote that 10%, unfortunately it is 10% of 0. (fictional example) Totally on us.
@ErikvanStraten @ptesarik @jwildeboer If you need a special thing, two things become more likely and one thing is still true.
Any law enforcement will take your use of the special thing as a confession and proceed on that basis, no matter how normalized such use becomes.
The entire weight of state-level intelligence aparats will be bent on compromising the special thing. They will inevitably succeed.
"Trusting trust" is still true; you do not have the resources to trust a computer.
@ErikvanStraten @ptesarik @jwildeboer I came up with a couple of questions for those people: what newspaper do you read, do you listen to or watch foreign media, are you a member of a union, which religious denomination are you part of, are you using birth control currently. Maybe that will get them thinking
@johan : all those things *should* not matter.
Here's another one: even if you mostly get spam and the rest of the emails you exchange are not confidential at all, you still need a strong password for your email account. That's for at least two reasons:
• If an adversary obtains access to your email account, they will likely be able to password-reset most of your other online accounts and gain access to them;
• An adversary who obtains access to your email account may impersonate you and tell your friends and family that you urgently need money (and, btw, that you have a new bank account number). Or they'll send them malware stating that it is a nice game that you enjoy very much.
@ErikvanStraten @ptesarik @jwildeboer I know it should not matter. Nothing should matter unless your actions are hurting other people (i.e. doing crime). But those kind of questions hopefully make I-have-nothing-to-hide people see that they do have something to hide.
Getting a notebook and writing everything down with comments like 'interesting' and 'I will pass that on', might help get the point across even better.