We started a new privacy podcast. (lemmy.ml)

submitted 3 days ago* (last edited 3 days ago) by signaljam@lemmy.ml to c/privacy@lemmy.ml

46 comments fedilink hide all child comments

Hey, everyone. If you're looking for a fresh privacy podcast, we recently started a new one called Signal Jam.

Here's a bit about why we made Signal Jam and what we're hoping to do differently.

We even have preliminary ways for you to participate in the project, which you can read about here.

Feel free to connect with us on Proton, Tuta, Signal, or here on Lemmy. Looking forward to your feedback and thoughts!

you are viewing a single comment's thread
view the rest of the comments

[-] stupid_asshole69@hexbear.net 2 points 1 day ago

I only read the signal link you posted, but the first link inside it complains that the signal server needs to know a users ip and that could be used to connect people and users. Ip addresses are required to send data. Ip obfuscation is insanely out of scope for a messenger.

The second link complains about sealed sender not failing closed which is true (or was true at the time) but also a reasonable compromise to prevent abuse and avoid it constantly failing and requiring new expirable tokens.

These are not reasons to not use or even not recommend signal. A person who is taking recommendations to increase their privacy should not be worried about those concerns.

Removing oneself from public records (or taking greater control over what surfaces in public records about oneself) is infinitely more important than expecting ip obfuscation or sealed sender from signal.

I am not making this reply to start an argument and will not engage in one. The point is to help readers understand that your concerns about signal are esoteric.

[-] cypherpunks@lemmy.ml 1 points 6 hours ago

more important than expecting ip obfuscation or sealed sender from signal

People are only expecting metadata protection (which is what "sealed sender", a term Signal themselves created, purports to do) because Signal dishonestly says they are providing it. The fact that they implemented this feature in their protocol is one of the reasons they should be distrusted.

[-] stupid_asshole69@hexbear.net 1 points 6 hours ago

For anyone reading along, that means people you send signal messages to can see your user account name maybe even if you click the button that’s supposed to make it not possible to do that.

Change your behavior accordingly.

[-] cypherpunks@lemmy.ml 1 points 5 hours ago* (last edited 5 hours ago)

No, it isn't about hiding your identity from the people you send messages to - it's about the server (and anyone with access to it) knowing who communicates with who, and when.

Michael Hayden (former director of both the NSA and CIA) famously acknowledged that they literally "kill people based on metadata"; from Snowden disclosures we know that they share this type of data with even 3rd-tier partner countries when it is politically beneficial.

Signal has long claimed that they don't record such metadata, but, since they outsource the keeping of their promises to Amazon, they decided they needed to make a stronger claim so they now claim that they can't record it because the sender is encrypted (so only the recipient knows who sent it). But, since they must know your IP anyway, from which you need to authenticate to receive messages, this is clearly security theater: Amazon (and any intelligence agency who can compel them, or compel an employee of theirs) can still trivially infer this metadata.

This would be less damaging if it was easy to have multiple Signal identities, but due to their insistence on requiring a phone number (which you no longer need to share with your contacts but must still share with the Amazon-hosted Signal server) most people have only one account which is strongly linked to many other facets of their online life.

Though few things make any attempt to protect metadata, anything without the phone number requirement is better than Signal. And Signal's dishonest incoherent-threat-model-having "sealed sender" is a gigantic red flag.

this post was submitted on 25 Jul 2025

70 points (96.1% liked)

Privacy

40219 readers

659 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS