246
Privacy is Priceless, but Signal is Expensive
(signal.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 03 Dec 2023
246 points (100.0% liked)
Technology
37554 readers
172 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
It's difficult to maintain privacy in a P2P environment. In naive implementations, your IP address will be visible to all the peers you connect to. This is the case in e.g. BitTorrent.
Signal has this issue with video/voice calls as well; by default they operate on a P2P basis for performance reasons, and they expose your IP address to the second party. Signal has an option in the settings to relay voice/video calls through their servers specifically to mitigate this.
There are some workarounds for anonymizing P2P, like routing through Tor or I2P. Tor, however, has known exploits and is probably not suitable if you need to hide your activity from advanced adversaries like world governments (e.g. political dissidents, journalists, etc.)
I2P sounds interesting but I'm not deeply familiar with it. I understand that I2P clients also act as relay nodes, which puts an additional bandwidth burden on users. I'm not sure if I2P is more resilient against government-level attacks than Tor. I'd be interested to hear from anyone who is more familiar with the protocol.
I am not concerned with the people I'm actively chatting with having my IP address.
If you're using it for personal correspondence with people you know and trust, that's probably fine. However, a secure and private communications platform should support more extreme use cases as well.
If you're a journalist, for example, you might need to communicate with people you do not know or trust. You could realistically be talking to someone who wants to kill you, or who is being monitored by people who want to kill you, particularly if you are covering high-profile political issues or working with whistleblowers (or are yourself a whistleblower). Even revealing information as broad as what city you're in (which would be revealed by your IP address) could be a risk to your physical safety.
Even though I do not personally face such high-level threats in my life, I feel better using services that allow for the possibility. Privacy is a habit, and who knows what tomorrow might bring?
A MitM sniffer would be able to see the source and destination IP addresses, not just the person you're chatting with. Even if the data is encrypted, P2P is still vulnerable to a layer 3 attack.
Will the same apply if you're in a lot of open group chats though?
Depends on who is in the group chats. Primarily I am concerned with keeping them out of the hands of corporations, eg: Google, Meta, MS, AWS, etc. to be added to giant databases and used to profile me or unjustly subpoenaed by the gov.