Submitted via IRC for SoyCow1984
Signal says it can't allow government access to users' chats
Last week, the Australian government passed the country's controversial Access and Assistance Bill 2018 into law, legislation that allows government agencies to demand access to encrypted communications. Companies that don't comply with the new law could face fines of up to AU$10 million ($7.3 million). A number of companies that stand to be affected have spoken out about the legislation, and Signal has now joined in, explaining that it won't be able to fulfill such requests if asked.
"By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles or group avatars," Signal's Joshua Lund wrote in a blog post. "The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us." Lund added that Signal is open source, meaning anyone can "verify or examine the code for each release." "People often use Signal to share secrets with their friends, but we can't hide secrets in our software," he wrote. "We can't include a backdoor in Signal."
(Score: 2) by takyon on Friday December 14 2018, @10:43PM (4 children)
Even the source is available. Or most of it:
https://en.wikipedia.org/wiki/Signal_(software) [wikipedia.org]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Interesting) by Anonymous Coward on Saturday December 15 2018, @12:02AM (3 children)
(Score: 4, Insightful) by Ethanol-fueled on Saturday December 15 2018, @01:14AM (2 children)
And taking into account first principles, both the operating systems and hardware of phones cannot be trusted, no matter how many times Tim Cook cries crocodile tears and does his Kabuki theater thing about not giving encryption keys to the FBI and whatnot.
As long as you're touching that screen, there is something storing those keypresses.
This is why when Android was first being announced and there was all that hype about it being warm and fuzzy open source, or whatever, I was quick to remind Google's marketing idiots on Slashdot of the same principle. As long as you want to have phone service on that phone, you will be owned by the telecoms and whoever owns them.
(Score: 1, Interesting) by Anonymous Coward on Saturday December 15 2018, @02:42AM (1 child)
(Score: 1, Insightful) by Anonymous Coward on Saturday December 15 2018, @04:21PM
Why the people still would win is rubberhose cryptanalysis doesn't scale.