Open Whispers System, qui édite Signal, teste une nouvelle approche qui permet d'étendre encore plus la confidentialité de sa communauté. Comment ? En intervenant au niveau des métadonnées.

If you need top level privacy protection do some or all of the following

Signal is calling on its users to oppose the EARN IT Act, which it fears will be used to undermine end-to-end encryption, forcing it to leave the US market.

The move is part of EU’s efforts to beef up cybersecurity, after several high-profile incidents shocked diplomats and officials.

A reminder, because this sometimes surprises people, and feel free to correct me if the facts have changed recently:

Telegram supports end-to-end encryption only in 1:1 private chats.

End-to-end encryption is disabled by default.

Telegram does not support end-to-end encryption, at all for group chats, its most popular use case.

Instead, Telegram claims that those group chats are "encrypted" by dint of the TLS connection between Telegram clients and the Telegram servers, which can, in this model, read all group traffic.

People like to dunk on the weirdness of the limited E2E crypto Telegram does have; it's archaic and idiosyncratic and people have published research results about it, though none to my understanding are of real practical impact. I support people dunking on bad crypto. But that has nothing to do with why Telegram is an inferior secure messenger.

By comparison, Signal, which Durov has repeatedly talked down:

• has modern, ratchet-based forward secure end-to-end crypto, always, in both group and private messaging;

• won the Levchin Prize, refereed by some of best-known names in academic cryptography, for the design and implementation of that cryptosystem, as well as for its implementation at WhatsApp;

• ha repeatedly foregone basic messaging app features simply to avoid collecting user metadata; Signal didn't even have user profiles until they could figure out a way to implement it in a privacy-preserving manner, and even their GIF sharing feature has a purpose-built anonymity system; we'll only this year potentially get usernames instead of phone numbers because it took that long to design a trustworthy social graph that didn't leave Signal with a giant pile of subpoenable metadata.

Use whatever messaging app you want.

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.

Platform has option to make messages automatically disappear after set time period

Occasionally when Signal is in the press and getting a lot of favorable discussion, I feel the need to step into various forums, IRC channels, and so on, and explain why I don’t trust Signal. Let’s do a blog post instead.

Another critical code injection vulnerability found in Signal Desktop app lets remote hackers steal your chats in plaintext

Et c'est un peu grâce à Facebook

Long before we knew that it would be called Signal, we knew what we wanted it to be. Instead of teaching the rest of the world cryptography, we wanted to see if we could develop cryptography that worked for the rest of the world. At the time, the industry consensus was largely that encryption and cryptography would remain unusable, but we started Signal with the idea that private communication could be simple. Since then, we’ve made some progress. We’ve built a service used by millions, and software used by billions. The stories that make it back to us and keep us going are the stories of people discovering each other in moments where they found they could speak freely over Signal, of people falling in love over Signal, of people organizing ambitious plans over Signal. When we ask friends who at their workplace is on Signal and they respond “every C-level executive, and the kitchen staff.” When we receive a subpoena for user data and have nothing to send back but a blank sheet of paper. When we catch that glimpse of “Signal blue” on a metro commuter’s phone and smile.

Whilst WhatsApp might not provide full content of messages, the kind of metadata it provides is often enough to draw an informative map of a target's life, said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU). She noted that WhatsApp already shares contact information with Facebook where users haven't opted out, which they may provide to government. And the WhatsApp privacy policy notes that it does store some location and contacts information where users have opted to provide them.

"The best practise is to purge information," Guliani added. "When it comes to metadata, how often is WhatsApp purging this kind of information?" As a comparison, the Signal messaging app doesn't store any such metadata and therefore doesn't need to purge it. And whilst it openly admits contact numbers are shared with Signal servers, they're garbled by an encryption algorithm into what's known as a "hash" (though former developer Frederic Jacobs told me it's "trivial" to bruteforce those hashes, so if in the unlikely event a fake Signal server is set up to target a user, their contacts could be exposed).

0 trackers, 67 permissions found.