Reputable news source “GLOBAL FACTZ”

😂

Fwiw, before reposting this meme, I actually checked to make sure that the underlying “weird news” story here was not solely reported by random clickbait fake news sites but was also covered by an actual news organization.

So in summary. You’re right. Sealed sender is not a great solution. But

Thanks :)

But, I still maintain it is entirely useless - its only actual use is to give users the false impression that the server is unable to learn the social graph. It is 100% snake oil.

it is a mitigation for the period where those messages are being accepted.

It sounds like you’re assuming that, prior to sealed sender, they were actually storing the server-visible sender information rather than immediately discarding it after using it to authenticate the sender? They’ve always said that they weren’t doing that, but, if they were, they could have simply stopped storing that information rather than inventing their “sealed sender” cryptographic construction.

To recap: Sealed sender ostensibly exists specifically to allow the server to verify the sender’s permission to send without needing to know the sender identity. It isn’t about what is being stored (as they could simply not store the sender information), it is about what is being sent. As far as I can tell it only makes any sense if one imagines that a malicious server somehow would not simply infer the senders’ identities from their (obviously already identified) receiver connections from the same IPs.

Sure. If a state serves a subpoena to gather logs for metadata analysis, sealed sender will prevent associating senders to receivers, making this task very difficult.

Pre sealed-sender they already claimed not to keep metadata logs, so, complying with such a subpoena^[1] should already have required them to change the behavior of their server software.

If a state wanted to order them to add metadata logging in a non-sealed-sender world, wouldn’t they also probably ask them to log IPs for all client-server interactions (which would enable breaking sealed-sender through a trivial correlation)?

Note that defeating sealed sender doesn’t require any kind of high-resolution timing or costly analysis; with an adversary-controlled server (eg, one where a state adversary has compelled the operator to alter the server’s behavior via a National Security Letter or something) it is easy to simply record the IP which sent each “sealed” message and also record which account(s) are checked from which IPs at all times.

sealed sender isn’t theater, in my view. It is a best effort attempt to mitigate one potential threat

But, what is the potential threat which is mitigated by sealed sender? Can you describe a specific attack scenario (eg, what are the attacker’s goals, and what capabilities do you assume the attacker has) which would be possible if Signal didn’t have sealed sender but which is no longer possible because sealed sender exists?

“Anonymity” is a vague term which you introduced to this discussion; I’m talking about metadata privacy which is a much clearer concept.

TLS cannot prevent an observer from seeing the source and destination IPs, but it does include some actually-useful metadata mitigations such as Encrypted Client Hello, which encrypts (among other things) the Server Name Indicator. ECH a very mild mitigation, since the source and destination IPs are intrinsically out of scope for protection by TLS, but unlike Sealed Sender it is not an entirely theatrical use of cryptography: it does actually prevent an on-path observer from learning the server hostname (at least, if used alongside some DNS privacy system).

The on path part is also an important detail here: the entire world’s encrypted TLS traffic is not observable from a single choke point the way that the entire world’s Signal traffic is.

anyone who objects to mass surveillance obviously hates puppies

Signal protocol is awesome for privacy, not anonymity

The “privacy, not anonymity” dichotomy is some weird meme that I’ve seen spreading in privacy discourse in the last few years. Why would you not care about metadata privacy if you care about privacy?

Signal is not awesome for metadata privacy, and metadata is the most valuable data for governments and corporations alike. Why do you think Facebook enabled e2ee after they bought WhatsApp? They bought it for the metadata, not the message content.

Signal pretends to mitigate the problem it created by using phone numbers and centralizing everyone’s metadata on AWS, but if you think about it for just a moment (see linked comment) the cryptography they use for that doesn’t actually negate its users’ total reliance on the server being honest and following their stated policies.

Signal is a treasure-trove of metadata of activists and other privacy-seeking people, and the fact that they invented and advertise their “sealed-sender” nonsense to pretend to blind themselves to it is an indicator that this data is actually being exploited: Signal doth protest too much, so to speak.

100% of options funded by western governments

One of their four, SimpleX, is not funded by western governments (…but it instead has some venture capital 🤡)

a wifi access point that gets online via a cellular network is called a mobile hotspot, regardless of if it’s running on a phone or a dedicated router device

huh? mobile hotspot is double-bad

A cascade of satellite collisions is called Kessler syndrome and the risk of it happening is rapidly increasing due to megaconstellations like Starlink:

Here we propose a new metric, the CRASH Clock, that measures such stress in terms of the timescale for a possible catastrophic collision to occur if there are no satellite manoeuvres or there is a severe loss in situational awareness. Our calculations show the CRASH Clock is currently 5.5 days, which suggests there is limited time to recover from a wide-spread disruptive event, such as a solar storm. This is in stark contrast to the pre-megaconstellation era: in 2018, the CRASH Clock was 164 days.

Kessler syndrome could be a solution to the Fermi paradox.

Sadly there are none I can recommend wholeheartedly, all have various problems 😢

There are some controversial picks in there like Proton Mail or Brave. They do have a pretty wide adoption but have severe downsides. I’ll probably remove them again. What do you think?

here is a comment i wrote recently listing some of the reasons not to use proton. i’d also recommend against vivaldi (proprietary), brave (so many reasons), and everything in your messaging category besides matrix (and matrix also has lots of problems but it is the least bad of the ones you’re recommending). sorry that i don’t have time to elaborate right now (it’s a lot), but for the inevitable “what about signal” question see my comment here and more here.

ps. if you do use signal, consider adjusting your Who Can Find Me By Number setting (see that link for a fun implementation of the attack against signal users who leave it as it is by default). note that the same thing could technically be done in matrix too, albeit by matrix ID instead of phone number. 😬

pps: here are my comments about tuta 🙄

corollaries to Hanlon’s razor include:

good disclaimer. also, they aren’t open source, and from the tech background of the founder who self-funded it i doubt that he plans for it to ever be. in fact, among other cringe things on Issam Hijazi’s linkedin i see that he’s even worked for, enough to become an expert in the proprietary technology of, (checks notes) the very same zionist billionaire (paywall bypass) who just bought TikTok 😢

Also, one their FAQs is “Where does UpScrolled operate its servers and store data? Does it use Big Tech?”… the answer to which includes:

We do rely on some large-scale cloud providers at this stage — not because it’s our ideal, but because building fully independent infrastructure takes time. We’d rather be transparent about that than claim otherwise. Over time, we plan to reduce reliance on these providers and move toward greater independence.

… but We do rely on some is as far as their attempt at transparency took them - they aren’t actually saying which cloud providers they’re using or for what. (given the founder’s expertise i’d guess it’s probably AWS and/or Oracle.)

maybe this helps? (via a comment in my previous post of this meme)

reposting my comment from the thread yesterday:

reposting my comment in a thread last month about this:

in b4 haveibeenhaveibeenflocked.

they have a list of their current collection of 239 .csv files but sadly don’t appear to let you actually download them to query offline

they now have 519 sources, some of which are downloadable from muckrock but many aren’t.

i still don’t understand why this website isn’t open source and open data, and i strongly recommend thinking carefully about it (eg, thinking about if you’d mind if the existence of your query becomes known to police and/or the public) before deciding if you want to type a given plate number in to it.

paywall bypass: https://web.archive.org/web/20260113155013/https://www.404media.co/police-unmask-millions-of-surveillance-targets-because-of-flock-redaction-error/

also, reposting my comment in a thread last month about this:

in b4 haveibeenhaveibeenflocked.

they have a list of their current collection of 239 .csv files but sadly don’t appear to let you actually download them to query offline

they now have 519 sources, some of which are downloadable from muckrock but many aren’t.

i still don’t understand why this website isn’t open source and open data, and i strongly recommend thinking carefully about it (eg, thinking about if you’d mind if the existence of your query becomes known to police and/or the public) before deciding if you want to type a given plate number in to it.