Look at the silent countries (lemmy.world)

submitted 1 day ago by kingofras@lemmy.world to c/privacy@lemmy.ml

16 comments fedilink hide all child comments

So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.

This creates a sense of safety about these platforms being secure, because governments want to come after them.

Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.

Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?

TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.

For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.

Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat

~this is OG content created by me, a Lemmy user. Please don’t go too .ml on me in the comments.~

top 16 comments

sorted by: hot top controversial new old

[-] WindAqueduct@lemmy.ml 2 points 9 hours ago* (last edited 9 hours ago)

The part of the patriot act giving the cia etc warrantless phone search powers on Americans expired and wasn't renewed. It's why the CIA and NSA fight really hard every time Congress renews the part that allows them to surveil foreign/international phone calls.

Additionally, governments want security and privacy too. The navy invented TOR, for example.

[-] infjarchninja@lemmy.ml 13 points 18 hours ago

On linux you can access your Signal messages in db.sqlite.

once you delete a message from signal, either through disappearing messages or manually, all those messages are deleted from the db.sqlite.

They are stored in an encrypted db.sqlite here:

/home/user/.config/Signal/sql/db.sqlite

you can also extract it from you phone:

only the messages that you can see when you open the Signal app are visible there.

to access the messages:

install:

signal-bakcup-tools-git

https://github.com/bepaald/signalbackup-tools

and

DB browser for sqlite

https://sqlitebrowser.org/

++++++++++++++++++++++++++++++

The most straight forward way is to create an output file to html.

copy the db.sqlite to a new directory

open a terminal and run

signalbackup-tools --exportdesktophtml signal.html

this will create folders of all your contacts and messages and media.

easily acessible. open the signal.html files in your browser

=+++++++++++++++++++++++++++++++++++++++

To open db.sqlite as a Sqlite database;

first you need to get the key:

copy the db.sqlite to a new directory

then run in terminal:

signalbackup-tools db.sqlite --showdesktopkey

OpenSSL 3.3.2 3 Sep 2024)

Signal Desktop key (hex):

58bfa167bb66b2b13b2ca6eadc33f4bf7275c254006d17ae5e3de5356c60f0b7

copy the key to a text editor

===========================

you must now add 0x to the beginning of that line:

0x58bfa167bb66b2b13b2ca6eadc33f4bf7275c254006d17ae5e3de5356c60f0b7

then open db.sqlite with the sqlitebrowser

right click db.sqlite, select open with DB Browser for sqlite

select RAW from the dropdown menu

input the passphrase from above. make sure you added the 0x to the beginning.

The entire database opens.

you can view all the information that signal collects. phone numbers, messages, images, media etc

+++++++++++++++++++++++++++++++++++++++

this is the difference between Molly and signal.

In Molly you can password protect db.sqlite, Signal removed this a while ago

[-] kingofras@lemmy.world -1 points 15 hours ago

Very interesting, thanks for sharing. I beginning to see why tariffs are being slapped on aluminium now!

[-] monovergent@lemmy.ml 3 points 15 hours ago

That's also the lovely thing with AI assistants like Gemini and Recall. Instead of having to deal with the PR fallout of client-side scanning, they just let the AI hoover up your data while it's in plain view on your phone or computer.

[-] mathemachristian@lemmy.ml 5 points 18 hours ago

Lets be real the US govt effectively controls the certificate authority that almost everyone uses and therefore could mitm most connections anyway

[-] kingofras@lemmy.world 4 points 15 hours ago

Not sure that’s how it works. The certification and the encryption are two different things. Though encryption certification does require the private keys to be uploaded to the CA, a bunch of internal encryption for these type of apps would not necessarily be certified by that or a CA in order for the encryption to be effective.

[-] captain_zavec@sh.itjust.works 9 points 1 day ago

Signal is open source, right? Though that wouldn't stop a bugdoor, it might at least make one harder. As you say, I think getting in through the OS itself is much more likely. Signal would put up much more of an ideological fight than Google, I imagine.

[-] communism@lemmy.ml 7 points 19 hours ago

I think what op is saying is that your OS can spy on signal since you input plaintext into signal to be encrypted, or when you receive messages they get decrypted on your device.

[-] yogthos@lemmy.ml 5 points 17 hours ago

Exactly, even is Signal is secure across the wire, if you have a kit like Pegasus on your phone then it can just capture keyboard input, and screen output, entirely bypassing Signal itself.

[-] kingofras@lemmy.world 3 points 15 hours ago

Correct

[-] skribe@piefed.au 6 points 22 hours ago

IIRC Signal has issues as far as being classified as open source. It includes proprietary code. Molly is a fully open source version. Both use the same servers, but they also have issues.

[-] 0x0@lemmy.zip 3 points 17 hours ago

So session or simpleX?

[-] skribe@piefed.au -1 points 16 hours ago

I used session for years, but I wouldn't anymore. Doesn't simpleX have a Nazi problem? There's also briar, which I have installed but have never used because nobody else uses it 🤣.

[-] 0x0@lemmy.zip 7 points 16 hours ago

but have never used because nobody else uses it

The network problem is a huge issue with messengers, yeah.
Dunno about any nazi problem, you mean the devs? Kinda weird. People using it? That's what you get if you democratize a tool - anyone can use it.

[-] MonkderVierte@lemmy.zip 3 points 21 hours ago

I thought the server side isn't?

[-] tekato@lemmy.world 3 points 9 hours ago

It was always open source, but they didn’t update the repo. They started updating it a few years ago after complaints from users. https://github.com/signalapp/Signal-Server

Anyways, it’s impossible to know if that’s the code they’re actually running on their servers. You just have to trust them the same way you trust “no logs” VPNs aren’t actually logging your activity.

this post was submitted on 20 Aug 2025

33 points (88.4% liked)

Privacy

41028 readers

626 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS