Signal is centralized, hosted on AWS, and through a mixture of legal procedures codified by US law and their bundled gag orders (PR/TT order, SCA warrant, FISA 702, and usage of NSLs) that can be extended for significant lengths of time and, occasionally, in de facto perpetuity, all metadata (who is talking to who, when, from where) can be monitored in real-time without Signal ever being informed. Combined with existing legal procedures for telecoms and VOIP providers for real-time + retrospective location tracking by phone number/associated IMEI/IP address by way of tower connectivity (this framework is required by law [specifically, CALEA] to be implemented by default for all users, not after the fact nor on-request), that's enough data to escalate to standard law enforcement procedures if an incriminating link is found, whereby the phone's internal message history can be dumped either through private (ex.: Cellebrite) or functionally coercive legal means (refusing to decrypt data can get you jail time if you are the subject of an investigation, and deletion of data such as via duress pins etc can get you a destruction of evidence charge), at which point all of your messages can be dumped.
And this all ignores the fact that firmware for basebands and cryptoprocessors (and most other hardware components in all devices) is closed-source, proprietary code, and that Signal piggybacks off of device encryption for at-rest message data instead of reimplementing it in userland. (This feature used to exist and was removed, but can be re-added through the Molly fork.)
I've also known protesters who have also had Signal geoblocked at the site of a protest the moment it was slated to start, forcing members of said protest to fall back to unencrypted methods at crucial times. Being centralized and using US-based cloud infra does a lot to compromise anonymity and security, even if message content isn't immediately readable.
Luckily, Signal is not vulnerable to push notification interception, but if you want a great real-world example of how gag-ordered dragnet metadata surveillance visible to both domestic and foreign governments (by way of international intelligence agreements) can look for massive corporations rendered helpless by this legal framework, that's a great case study to look into. https://www.reuters.com/technology/cybersecurity/governments...
Throwing out the accusation of apps being "backdoored" just obscures the real, de facto "backdoors" that are US law.
If it's any consolation, preview builds are reproducible at the point that the embargo ends. A bit better than the definition of binary that we're used to.
One caveat--you have to be certain that you get a Pixel with an unlocked bootloader. There are a lot of Pixels (mostly sold by Verizon) that are unlocked for use with any carrier, but whose bootloaders remain locked. If you have one of these ex-Verizon phones, there is no way as of now to unlock the bootloader.
There's no way to easily tell that those phones have unlocked bootloaders, though. Ex-Verizon phones may be completely carrier unlocked, will work on any network, and still have locked bootloaders. This isn't an issue for anyone running stock Android, but will restrict those phones from being used to run GrapheneOS.
Your criticism is fair, however, not everyone keeps their Android phones configured thus. A growing minority of users--whom are the target audience of software like this, I suspect--maintain sole root access over their phone, or otherwise restrict privileged access from other software on the device. There do exist Android devices where no-one but the user have control, even without custom roms or 3rd parties at play. (Firmware is a separate issue, but that goes well beyond smartphones, and even then some phones perform hardware isolation by way of iommu.)
But aside from this, hidden services aren't exclusively used for the clandestine nor the malicious. It's a way of port forwarding on any network, even through a NAT, while also anonymizing traffic on both ends, for free. That functionality alone goes well beyond the purpose of simply hiding data. See Briar[0] for a particularly well-executed example of this.
I think what the parent comment was trying to emphasize is that making comments that don't contribute towards a discussion is against the guidelines of HN.
Comments like your original one, that only expresses your emotions, fall under this category, and are frowned upon. Not the opinion contained in your comment, but the comment itself.
HN users also use the downvote+flag buttons to enforce these guidelines. The downvote button is not an indication of user disagreement here the way it is on other sites.
This is my last message arguing about this, 2/3 of my first message is about our failure to communicate or teach basic morality, unless discussing morality doesn't count as a valid discussion or as a lesser discution i don't think my message counts as only expressing emotions. Maybe they read "shame" and stopped reading there, so props to them for engaging in discussions.
But i got more upvotes since so i guess it was just an early misunderstanding and most people get it, oh well, nvm
https://news.ycombinator.com/item?id=46414040
reply