Problem with Signal

Signal has copious privacy issues making it unfit for privacytools.io endorsement.

1. Users are forced to supply a phone number to Signal (https://github.com/privacytoolsIO/privacytools.io/issues/432) (diagram of mass surveillance)

   • Phone numbers are forcibly tied to legal identities in some countries (e.g., many European nations force carriers to copy ID cards)
   • Phone numbers are usually not gratis – the payments of which are traceable. Even cash payments trace to a shop.
   • Privacytools.io target audience is unlikely to go through the hoops of getting an anonymous phone number. They will give in to convenience and supply a sensitive phone number.
   • Signal’s claims to the contrary do not obviate the above points. It’s a broken registration process from the standpoint of privacy, all to serve a centralized master. Note that Jami (decentralized) does not require phone number registration, and Wire (centralized) does not require phone reg. if the desktop app is used and it’s optional for their mobile app.
   • Some people in the US will buy burner phones and thus financially support one of the four privacy-abusing mobile phone carriers. Signal compels people to feed companies working to the detriment of everyone’s privacy when those four carriers should be boycotted.
   • Signal retains a record of users’ phone numbers for account recovery purposes. This means:
     • Users who choose to supply a number they do not keep control over (e.g., a hotel phone) are vulnerable to an attacker exploiting that to initiate account recovery.
     • Metadata is linked to identified individuals (and it has been subpoenaed)
     • If those records are ever breached, everyone is needlessly exposed.
   • The privacy abuse is viral. When a user opts to sacrifice their privacy by registering a phone number, they become bait by which their friends are pressured to make the same compromise to stay in touch. This is effect a consequence of both phone reg. and part 7 (network protectionism).
   • Entities with no connection to OWS are able to deanonymize Signal users using phone number cross-referencing.

2. Users are forced to feed Google.

   • APK download requires users to connect to Google’s server and execute non-free JavaScript.
   • Playstore pushed
     • Directing users to Google Playstore is contrary to the mission of privacytools.io. From the PTIO front page: “You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.” By knowingly sending users to signal.org who are then sent to Google Playstore, privacytools.io is failing their mission and betraying the users. At a minimum, the link on privacytools.io should be to the APK page that is anchored to the bottom of the page. At least the risk of subjecting novice users to advanced tools is less serious than subjecting them to Google’s walled-garden of surveillance.
     • Google accounts are required to access Playstore even when using a third-party app.
     • Registering for a Google account is in itself a privacy abuse, the process of which requires having a phone number (one abuse) and then disclosing that number to Google (another abuse).
     • Use of the account to access the Playstore abuses user privacy through Google tracking (Google keeps track of apps you download and your IMEI number). From this, Google also knows all the vulnerabilities a user has. Google also records users’ IP addresses and browser prints when logged in, which is later used to link to logged-out traffic and behavior.
     • Users who bought an Android without a PlayStore^™ license are excluded if they are not advanced enough to use third-party hacker tools, and those who are advanced are outside the scope of privacy

• APK download is implemented in a privacy-hostile manner:

  1. That link is hidden. From the landing page users are directed to Google Playstore exclusively. There is also no way to navigate to the APK download from the home page. The only way to get the APK page URL is word-of-mouth or searches on 3rd-party websites.
  2. The small minority of users who will actually take initiative to proactively search for the APK may or may not discover this buried page, which the Signal project calls the “Danger Zone”. And these users are not the ones that Signal puts at risk with Google surveillance - it’s everyone else.
  3. Those who find the page will only see Signal pimping Google Playstore again. Many won’t realize they must scroll down to see the Danger Zone. Fooled me a couple times. Even after I knew about the APK download I thought the download option got removed but I actually neglected to scroll down.
  4. The page says “The safest and easiest way to install Signal for Android is through the Google Play Store” (emphasis mine).
  5. Visitors of that page who use the noscript or uMatrix plugin do not get an APK download link. They see a blob of text below “Danger Zone” which doesn’t include a link so they won’t even bother reading it. If they do read it then it just appears like a broken page. They actually have to realize that they must enable JavaScript from Google in order to render the download button. So making a connection to Google is still inescapable even for the APK download.
  6. The Signal project says that link is for “Advanced users with special needs”. So not only are they undermining their more secure distribution by calling it dangerous (when really it’s the Playstore link that should be in a “Danger Zone”), they also say it’s only for a subset of advanced users - this is not the audience privacytools.io is targeting. The privacytools.io audience should be able to find the app on f-droid.org.

• Platform limitations (due to refusal to cooperate):

  1. Open Whisper Systems takes a hostile posture toward developers of third-party apps like LibreSignal for using OWS-owned networks and having “Signal” in the name (likely it’s the “Libre” they really don’t like, but use of “Signal” invokes legal power).
  2. No official Debian distribution. Debian is the most common Linux distribution and it’s known for high quality standards and high standards of software freedom. The fact that Open Whisper Systems distributes an Ubuntu package directly from their repository calls into question why they’ve not achieved the quality standards of having an official Debian release. One side-effect is that #debian on Freenode will not support unofficial packages and in fact they advise against them. And in this case, support is lacking (see the next section).

• Users seeking support are forced into CloudFlare.

  1. CloudFlare mushrooms into many privacy abuses, listed here.

• Signal is centralized on Amazon AWS.

  1. When users connect to AWS, privacy abuser Amazon gets their IP address and likely knows they are using Signal. That IP address can then be cross-referenced to other activity recorded by Amazon (both their shop and other AWS-based services like Wire). (This is speculation - investigation needed).
  2. There are several privacy-related ethical problems with AWS.

• Network protectionism: the Signal network is a closed walled-garden in itself. “Open” Whisper Systems does not allow tools developed by others to use their network. OWS also will not federate their network with another network. So they’ve capitalized on the marketing benefit of free software licensing but implement a policy that prevents the freedoms of free software from actually having a practical usable effect. They do this while telling users: “As an Open Source project supported by grants and donations, Signal can put users first.”

• Detrimental partnerships that aid privacy abusers:

  1. (Facebook) OWS contributed to the development effort of Facebook Messenger and WhatsApp.
  2. (Google) OWS contributed to the development effort of Allo.

Playstore history

The Signal-Playstore discussion (quite rightly) never dies. Threads keep popping up over the years and moving, but one thing that never