Signal has been blocked by Venezuela and Russia (www.theverge.com)
from fer0n@lemmy.world to technology@lemmy.ml on 09 Aug 2024 20:56
https://lemmy.world/post/18467057

“We’re aware of reports that access to Signal has been blocked in some countries,” Signal says. If you are affected by the blocks, the company recommends turning on its censorship circumvention feature. (NetBlocks reports that this feature lets Signal “remain usable” in Russia.)

#technology

threaded - newest

fubo@lemmy.world on 09 Aug 2024 22:18 next collapse

Show me what Stalinism looks like
This is what Stalinism looks like

comfy@lemmy.ml on 10 Aug 2024 01:20 collapse

How is that Stalinist? Censorship isn’t some unique rare policy, even 5EYES countries regularly challenge the legality of E2EE.

InfiniWheel@lemmy.one on 10 Aug 2024 02:36 next collapse

Stalinism is when thing bad.

Klear@sh.itjust.works on 10 Aug 2024 07:26 collapse

Stalinism is literally 1984

khaleer@sopuli.xyz on 10 Aug 2024 08:56 collapse

Ah, lemmy.ml welcome there xD

pewgar_seemsimandroid@lemmy.blahaj.zone on 10 Aug 2024 10:29 collapse

its !technology@lemmy.ml so what did you expect?

halcyoncmdr@lemmy.world on 09 Aug 2024 22:41 next collapse

Legitimate countries don’t need to ban communications platforms.

Korkki@lemmy.world on 09 Aug 2024 23:21 next collapse

Is tiktok ok?

neuracnu@lemmy.blahaj.zone on 09 Aug 2024 23:44 next collapse

Does ByteDance publish TikTok’s transmission protocol to demonstrate transparency?

en.m.wikipedia.org/wiki/Signal_Protocol

eldavi@lemmy.ml on 10 Aug 2024 00:32 next collapse

bytedance offered the government unfettered access and moved their entire infrastructure to the united states; it was more transparent than anything else out there.

neuracnu@lemmy.blahaj.zone on 10 Aug 2024 00:44 collapse

Do you have any citation for that?

eldavi@lemmy.ml on 10 Aug 2024 00:51 collapse

it was in their initial filing when they started the lawsuit to defend themselves.

i’ve been sealioned too much on the lemmyverse so you’re going to have to do your own googling.

neuracnu@lemmy.blahaj.zone on 10 Aug 2024 02:42 collapse

Asking the person you’re debating to look up your own citations is certainly one way to converse. But ok, let’s go for it.

In Aug 2023, Forbes published an article describing the proposal of “unfettered access” you referred to:

www.forbes.com/…/draft-tiktok-cfius-agreement/

In June 2024, the Washington Post reported that the Committee on Foreign Investment in the United States (CFIUS) turned down the proposal and includes some broad reporting as to why:

www.msn.com/en-us/news/politics/…/ar-BB1nfAcE

The article isn’t very technical, but it mentions some interesting responsibility angles that the US wouldn’t want to back themselves into:

  • throwing open some, but not all, doors to server operations and source code creates a mountain of work for the government to inspect, which would be a workload nightmare
  • the US government’s deepest concerns seem to be about what data is going out (usage insights on the virtuous side and clipboard/mic/camera monitoring on the ultra shady side) and data coming in (bespoke content intended to influence US residents of China-aligned goals). Usage insights are relatively benign from national security perspective (especially when you can just mandate that people in important roles aren’t permitted to use it). Shady monitoring should be discoverable through app source code monitoring, which you can put the app platforms (Apple, Google, whoever else) on the hook for if they continue to insist on having walled app gardens (and if you trust them at all). The content shaping is harder to put your finger on though, since it’s super easy to abstract logic as far out as you need to avoid detection. “Here, look at these 50M lines of code that run stateside, and yeah, there are some API calls to stuff outside the sandbox. Is that such a big deal?” Spoiler: it is a big deal.
  • the US can’t hold Byte Dance accountable so long as it remains in China. Let’s say the US agreed to all this, spent all the effort to uncover some hidden shady activity that they don’t like (after an untold amount of time has passed). What then? They can’t legally go after Byte Dance’s foreign entity. The US can prosecute the US employees, but it’s totally possible to organize in such a way that leaves those domestic employees free from misdeeds, leaving prosecutors unable to enforce misdeeds fairly. It’d be a mess.

The second article explains this somewhat, but I’m admittedly painting some conjecture on top regarding how a malicious actor could behave. I’ve got no evidence that Byte Dance is actually doing any of that.

But going back to the “influence the public” angle, I’m struggling to see how different TikTok is versus NHK America (Japan’s American broadcasts) or RT (American media from the Russian standpoint) aside from being wildly more successful and popular. But I guess that’s all there is to it.

I’d prefer our leaders also be transparent with us regarding their concerns about TikTok. The reductive “because China!!1!” argument is not compelling on its own.

yogthos@lemmy.ml on 11 Aug 2024 14:00 collapse

Signal doesn’t even provide reproducible builds 🤣

fira959@lemmy.ml on 12 Aug 2024 12:33 collapse

They have provided reproducible builds for almost a decade signal.org/blog/reproducible-android/ github.com/signalapp/Signal-Android/…/README.md

yogthos@lemmy.ml on 12 Aug 2024 12:52 collapse

now do iOS

fira959@lemmy.ml on 12 Aug 2024 15:54 collapse

What for? Running on a closed system there is no point to begin with.

yogthos@lemmy.ml on 12 Aug 2024 16:11 collapse

🙄

Transporter_Room_3@startrek.website on 09 Aug 2024 23:50 next collapse

He said “communications platforms” not “misinformation, social engineering, and mass data collection platform masquerading as a social media platform”

barsquid@lemmy.world on 10 Aug 2024 04:48 next collapse

I wish they would apply that standard universally.

RememberTheApollo_@lemmy.world on 10 Aug 2024 08:13 collapse

Well, one is used as a massive government data collection tool, another does the same thing for private corporations and is profitable.

Profit. That’s why many refuse to make it standard.

NauticalNoodle@lemmy.ml on 10 Aug 2024 08:15 next collapse

you can just say “social media.”

Korkki@lemmy.world on 10 Aug 2024 11:54 next collapse

not “misinformation, social engineering, and mass data collection platform masquerading as a social media platform”

Yeah and what do you think Russia for example sees almost every American “communiction platform” as? And it’s not as if they don’t have a reason, like every american platform that is every other major social media that isn’t tiktok is censored, controlled and swarming with bots doing narrative control and spam. It really is the height of arrogance and hypocrisy to say that TiKTok is the real pressing problem. I don’t even use TikTok, but I find it so fucking disgusting how every “freespeech freedomlover” comes out of the woodwork to demand it’s shutting it down just to enforce American social media monopoly over the world. Even if Bytedance has bent over backwards to prove that there isn’t any misconduct (of things that US based tech companies are routinely mandated to do for US gov, state department and the intelligence services), because it’s only bad if somebody else does the excact same thing to us as we would have done to them.

yogthos@lemmy.ml on 11 Aug 2024 13:59 collapse

🤡

halcyoncmdr@lemmy.world on 10 Aug 2024 00:22 next collapse

I’d say social media platforms are an entire different beast.

Facebook is not the same as Facebook Messenger for instance.

carotte@lemmy.blahaj.zone on 10 Aug 2024 02:31 next collapse

tiktok is a platform to share information and communicate, yes

which is why the french government banned it in Kanaky (“new caledonia”) during the protests there, as it was a tool of communication used by the protesters

brbposting@sh.itjust.works on 10 Aug 2024 11:25 collapse

Pro-independence Kanak parties use the name (la) Kanaky

TIL

pewgar_seemsimandroid@lemmy.blahaj.zone on 10 Aug 2024 10:28 collapse

probably not in anyway unless if bytedance strips the algorithm and sells it to like cloudflare, mozilla for example instead of facebook.

xor@lemmy.blahaj.zone on 10 Aug 2024 08:23 next collapse

I kinda disagree - that’s not to say that they don’t usually do so for illegitimate reasons (or that these bans are legitimate), but there’s plenty of valid reasons why a government would want/need to ban a platform

X, for example, has been giving the UK a whole lot of good reasons why they may wish to consider it (restoring the accounts of people like Tommy Robinson, allowing misinformation, the owner of the platform himself actively spreading that misinformation)

schnurrito@discuss.tchncs.de on 10 Aug 2024 11:08 collapse

Poe’s Law

Do you really not see that this is literally just “we are the good guys so it is ok if we do it”?

“Misinformation” is whatever those in power decide to be such, whether it can be found on Signal or X or wherever, and whether the ones deciding it are in power in the UK, the US, India, Germany, Venezuela, or Russia.

dessalines@lemmy.ml on 10 Aug 2024 12:30 collapse

We should allow the US surveillance giants into all countries, and let US companies control all world social media and communications platforms. Signal too, since it’s a US-hosted centralized service that must follow its NSL laws /s

yogthos@lemmy.ml on 10 Aug 2024 19:18 collapse

I find these absolutist arguments particularly hilarious in face of UK now actively talking about restricting social media, and arresting people for posts. When people use media to incite violence and social unrest in countries the west considers to be adversaries, free speech stands above all other considerations. However, as soon as these things start happening in the west, then the restrictions on speech are immediately put into place.

[deleted] on 09 Aug 2024 22:50 next collapse

.

Buelldozer@lemmy.today on 09 Aug 2024 23:44 next collapse

I’ve already read several comments just like that over on .ml.

communism@lemmy.ml on 10 Aug 2024 00:20 next collapse

Making up a guy to be mad at. Meanwhile the US is a bastion of privacy of course

eldavi@lemmy.ml on 10 Aug 2024 00:33 collapse

you should let that strawman get out of your head; he’s living rent-free there.

bitwolf@lemmy.one on 09 Aug 2024 23:15 next collapse

Time to run some proxies for these oppressed people.

refalo@programming.dev on 10 Aug 2024 01:32 collapse

There are already many signal proxies available, plus an unlimited number of VPNs to choose from (or self-host yourself on a VPS)

Andromxda@lemmy.dbzer0.com on 10 Aug 2024 08:39 next collapse

And Signal can be used over Tor through Orbot

refalo@programming.dev on 10 Aug 2024 10:56 collapse

Yep. Though not sure about Russia but I know China can and does block the majority of usual Tor access methods including the obfuscating pluggable transports like obfs4/snowflake/etc.

bitwolf@lemmy.one on 11 Aug 2024 00:50 collapse

They’re asking for more proxies now.

communism@lemmy.ml on 10 Aug 2024 00:19 next collapse

Glad it at least seems easy to circumvent with a VPN

loutr@sh.itjust.works on 10 Aug 2024 03:29 collapse

Their own solution is actually better than a VPN for this use case. It’s an encrypted proxy which anyone can download and run, so it’s much harder to block.

techwithjake@lemm.ee on 10 Aug 2024 13:19 collapse

Thanks for sharing! I’ll get that up and running once I’m home.

davidagain@lemmy.world on 10 Aug 2024 01:17 next collapse

I take that as a compelling recommendation for Signal.

overload@sopuli.xyz on 10 Aug 2024 03:17 next collapse

Agreed. Clearly it must do simply what is said on the tin, otherwise why ban it?

LarkinDePark@lemmygrad.ml on 10 Aug 2024 11:26 collapse

You could also take it to mean that it’s compromised by the west.

UprisingVoltage@feddit.it on 10 Aug 2024 20:46 next collapse

You could. It depends on whose narration you trust

refalo@programming.dev on 13 Aug 2024 19:35 collapse

Indeed… for example OTF (who is funded by US Congress) has provided funding for several large open source projects like Signal, Tor, F-Droid etc. and some have taken this to mean they might be compromised… but of course there’s no actual proof of that to my knowledge. And even in the linked article the author appears to use a bunch of half-truths and just straight up makes things up that don’t actually exist in the sources they say contain what he writes (example: OTF/Congress is not the CIA).

Personally I don’t have any suspicion or reason to believe they might be compromised, but if such proof ever did come around… I wouldn’t be surprised.

eager_eagle@lemmy.world on 10 Aug 2024 01:36 next collapse

Worth highlighting that Telegram in Russia and WhatsApp in Venezuela - both with vastly larger user bases than Signal - are not blocked…

kenkenken@sh.itjust.works on 10 Aug 2024 06:32 next collapse

WhatsApp is the most popular messenger in Russia, not Telegram.

foremanguy92_@lemmy.ml on 10 Aug 2024 08:03 next collapse

But they are not as secure as Signal

toynbee@lemmy.world on 10 Aug 2024 09:34 next collapse

Believe that’s the point.

Zacryon@feddit.org on 10 Aug 2024 11:23 collapse

Is it?

foremanguy92_@lemmy.ml on 10 Aug 2024 12:02 collapse

For sure

skuzz@discuss.tchncs.de on 10 Aug 2024 14:26 next collapse

The session keys for WhatsApp are stored on Meta servers, so the encryption is meaningless. Meta can read everything everyone types. Yet all of the eastern hemisphere seem to worship it like it’s pure platinum.

whydudothatdrcrane@lemmy.ml on 10 Aug 2024 14:34 collapse

I don’t think anyone took those seriously as private messengers. On another note, I think Maduro cracked down on WhatsApp as well, and called Venezuelans to cancel Meta altogether. Or something.

tired_n_bored@lemmy.world on 10 Aug 2024 07:52 next collapse

Client/Server apps will do that in hostile countries, that’s why people are moving to decentralized messaging platforms such as Matrix

Mwa@thelemmy.club on 10 Aug 2024 08:06 next collapse

Matrix is nice

Andromxda@lemmy.dbzer0.com on 10 Aug 2024 08:39 collapse

Matrix lacks metadata encryption

Mwa@thelemmy.club on 10 Aug 2024 08:46 next collapse

oh

siliconfire@sh.itjust.works on 10 Aug 2024 09:20 next collapse

Is it really that big of a deal? I thought it was only being exposed to room members.

Andromxda@lemmy.dbzer0.com on 10 Aug 2024 18:23 collapse

Unencrypted means that it’s not just exposed to participants of the conversation, but also the server, as well as anyone who tries to snoop in on the conversation.

siliconfire@sh.itjust.works on 10 Aug 2024 18:40 collapse

Oh, okay. Message contents are still safe right?

Andromxda@lemmy.dbzer0.com on 10 Aug 2024 19:20 collapse

Yes, but metadata is still important.

We Kill People Based on Metadata

– Michael Hayden, former director of the NSA

barryamelton@lemmy.ml on 10 Aug 2024 09:39 collapse

And before lacked this and that. It keeps improving, contrast to Signal having the server code closed source for more than a year so the Signal devs could get a headstart and insider knowledge in their Signal-included crytpo coin grief.

How one can trust Signal after them showcasing what they truly stand for is mind blowing.

fira959@lemmy.ml on 10 Aug 2024 11:38 next collapse

Whats mind blowing is the BS people like you come up with to shit on a non profit open source project.

JackbyDev@programming.dev on 10 Aug 2024 14:15 collapse

Signal falls right into the perfect niche of usability and privacy, but the problem is that not many people want that. The privacy nuts don’t think it is private enough or transparent enough and the people that want something usable just use stuff with more features like Discord, Facebook Messenger, etc.

I’ve gotten my wife to use it because we felt more safe about sharing lewd photos there than other mediums. We got our partner to use it because they’re on iPhone and we’re on Android and SMS/MMS sucks ass. One of my friends said he has it and would be fine using it if everyone else in the group chat wanted to. But that’s it. Everybody else in my circle wants to use Facebook Messenger.

Weirdly, I think Signal needs to focus more on fin features than safety features for a while. It’s an easier sell for friends to hop over when it has the same cool stuff as the other platforms.

Hadriscus@lemm.ee on 10 Aug 2024 13:19 next collapse

Can you please source this ?

fira959@lemmy.ml on 10 Aug 2024 15:01 next collapse

They are refering to the crypto payment option that was build into the messenger a while back. Never used it and it never bothered anyone. It just isnt very well recieved as a feature in a secure messenger.

barryamelton@lemmy.ml on 13 Aug 2024 04:47 collapse

androidpolice.com/…/it-looks-like-signal-isnt-as-…

xda-developers.com/signal-updates-public-server-c…

tech.hindustantimes.com/…/signal-updates-its-open…

Look into their MobileCoin and how they implemented it. They are just banking on people forgetting about it.

Anybody pulling these antics with a cryptography product loses my (and others) trust immediately. I’m a security soft dev, and my colleagues and I migrated to Element and Matrix network when it happened. I remember the disgust vividly.

Of course all of this is not going to be the Signal wikipedia page… It’s amazing how their fanbois work.

fira959@lemmy.ml on 13 Aug 2024 07:53 collapse

Why are you so keen on spreading misinformation around? A feature you dont like does not affect the trust in the restof the application at all. Also, the integration of MobileCoin is part of the wiki page as well.

Andromxda@lemmy.dbzer0.com on 10 Aug 2024 18:27 collapse

Signal having the server code closed source for more than a year so the Signal devs could get a headstart and insider knowledge

That argument makes absolutely no sense. This server-side code does almost nothing. The only task it really has is passing around encrypted packets between clients. All of the encryption is client-side, of course including metadata encryption. That’s how end-to-end encryption works. The server code really doesn’t matter. The Signal protocol, which is used for client-side, local, on-device end-to-end encryption has always been fully open, and it can be used by any app/platform.

How one can trust Signal after them showcasing what they truly stand for is mind blowing

It’s very simple. The client is open source, and the encryption happens locally within the client application. You don’t need to trust anything or anyone except for the code and mathematics, which are fully open, so you can verify them yourself.

It’s mind-boggling how people attempt to spread so much misinformation while having absolutely no understanding of the topic their talking about.

barryamelton@lemmy.ml on 13 Aug 2024 04:39 collapse

That argument makes absolutely no sense. These server-side code does almost nothing. The only task it really has is passing around encrypted packets between clients.

So it knows about all metadata, plus registration with phone number, etc. got it.

The Signal protocol, which is used for client-side, local, on-device end-to-end encryption has always been fully open, and it can be used by any app/platform.

you conveniently leave out how you need to use the client built by Signal, with dependencies from Google Services and the like, and you can’t use one built from the source they provide. Which at that point means they can introduce whatever they want in whichever version.

Decentralisation is the only safe way.

fira959@lemmy.ml on 13 Aug 2024 07:50 next collapse

You can use reproducible builds to verify that the provided clients are the result of the source code and you can also use alternative clients like Molly

Andromxda@lemmy.dbzer0.com on 13 Aug 2024 09:48 collapse

So it knows about all metadata

Metadata is encrypted on the client-side using Signal’s sealed sender implementation. The client also removes as much metadata as possible. All of this is open-source and happens in the client application.

plus registration with phone number

Signal doesn’t store phone numbers. It derives a user id from your phone number along with other parameters. It’s in the open-source server code, you can check it out yourself.

you need to use the client built by Signal

No you don’t. I myself use a fork of Signal called Molly.

with dependencies from Google Services and the like

Not true again. You don’t need to use the official binary that includes Google libraries. These aren’t required for the app to function. You can use Signal-FOSS or Molly-FOSS, and it works just fine.

and you can’t use one built from the source they provide

If this was true, forks like Signal-FOSS or Molly wouldn’t exist.

Which at that point means they can introduce whatever they want in whichever version.

Stupid conclusion, because all of your previous points are false

Stop spreading false information, focus on the facts.

fira959@lemmy.ml on 10 Aug 2024 11:44 next collapse

You can just as easily identify servers of a decentralized platform and block them. The disadvantage of a central service would come into play if say the US were to intervene, though Signal has already said they would move abroad if that was the case. For network level blockage it makes no difference if the service is central or not

Ohmmy@lemmy.dbzer0.com on 10 Aug 2024 12:10 collapse

It makes a difference in that you have to play perpetual whack-a-mole not only with VPN’s but with hosting servers.

fira959@lemmy.ml on 10 Aug 2024 12:15 collapse

That is true for both cases as well. One thign to add though is that signals own cencorship circumvention makes it even better at resisting this kind of blockage then an arbitrary decentralized protocol, though for an objective comparison it would take some research.

Ohmmy@lemmy.dbzer0.com on 10 Aug 2024 12:22 collapse

I wasn’t just talking about blockage but also servers being taken down physically or via ISP. I don’t think I’m nearly as well versed in Signal as you are to go into depth of how it circumvents blockage via protocols but I assume they don’t decentralize their hosts.

fira959@lemmy.ml on 10 Aug 2024 14:58 collapse

Signal Servers are using AWS and are spread throught the world. The entire protocl is build to remove any need for trust in those servers, so they migth as well be places in the datacenter of the NSA. So in the end it will be the same result. With decentralized protocls like Matrix you may get lucky and not have your small server taken down because it only hosts a few users, but if we are using the number of users as a metric, Signal would fare better against server takedowns, since all users are replicated throght the world, while my matrix server is the only place where my user data is stored. Then again both can deal fairly well against takedown ins single countries.

apprehensively_human@lemmy.ca on 10 Aug 2024 13:59 collapse

Matrix has the unfortunate problem right now where all the big clients have matrix.org set as the default homeserver. Yes, it is a decentralized and federated protocol, but I wonder how many users are registered on matrix.org vs other servers.

Andromxda@lemmy.dbzer0.com on 10 Aug 2024 08:41 next collapse

Thankfully there are Signal proxies, VPNs and Tor (which can be used on mobile devices through Orbot.

Linkerbaan@lemmy.world on 10 Aug 2024 11:23 next collapse

Just turn on the censorship intervention feature

based

corsicanguppy@lemmy.ca on 10 Aug 2024 14:09 collapse

Fetch

x00z@lemmy.world on 10 Aug 2024 12:04 next collapse

I wonder why these 2 countries specifically.

Some time ago it was reported that Russian Wagner groups have been spotted in Venezuela.

Now these 2 countries have banned Signal.

01011@monero.town on 10 Aug 2024 12:27 next collapse

Threema still works.

skuzz@discuss.tchncs.de on 10 Aug 2024 14:23 collapse

IIRC, Threema’s crypto algo is a patchwork cluster of copypasta and prayers.

rammer@sopuli.xyz on 10 Aug 2024 14:34 collapse

When choosing a crypto algorithm the answer is almost never “roll your own”.

atimehoodie@lemmy.ml on 10 Aug 2024 13:34 next collapse

This means it’s working.

rageagainstmachines@lemmy.world on 10 Aug 2024 14:44 next collapse

That’s a glowing recommendation of Signal. And a good reminder to donate. I’m doing it right now.

refalo@programming.dev on 12 Aug 2024 17:17 collapse

Friendly reminder that Signal on Android contains proprietary code (google play services), and the server software is rumored to be closed now and/or not what they are actually using due to a lack of updates for a prolonged period. Of course it’s just a rumor and I have no way to verify that, but thought it was worth mentioning (hope this doesn’t count as FUD).

Molly-FOSS seems to be the preferred 100% open mobile alternative client.

intelchaser@lemm.ee on 10 Aug 2024 18:35 collapse

Really lame of them to do so.