zlacker

The biggest drawback with Signal for protesters is that it exposes the user's phone number to everyone else in groups (just like WhatsApp does). There is no way to even hide the fact that you have an account on Signal. I can add phone numbers by enumeration into my contacts and Signal will show who among my contacts is on it. If the authorities don't use tactics like they did in Hong Kong, the protesters may be safe from being spied on (or worse).

>>AnonC+(OP)
Signal is not only used by protesters[0][1] so discovering that a phone number is connected to a Signal account by no means implies that the phone is used by a protester.

[0]: https://www.militarytimes.com/flashpoints/2020/01/23/deploye...

[1]: https://www.theguardian.com/politics/2019/dec/17/tories-swit...

>>AnonC+(OP)
This tradeoff is arguably a good thing.

By using phone numbers as IDs signal can rely on your phone's local contacts (meaning they don't have to send your social graph to their servers). This way they can keep very little metadata on you.

There's pretty much nothing for them to turn over except the fact that your phone number has the signal app.

Most of the other secure apps could turn over your entire contact list (which could be damaging for people in a protest that are being targeted).

Confirming a single phone number has the app is not nearly as big of a deal (I'd argue it doesn't matter at all).

>>hjek+D
Yeah, if you're ever asked why you're on Signal, just say you wanted to stay in touch with a programmer friend who's not on Facebook/WhatsApp, and they suggested Signal (that is now literally true as well - I suggest you try Signal, friend)

>>hjek+D
In fact, that's the main reason I'm using it, and the main counter-argument to 'I've got nothing to hide', IMHO. Sure I don't, but there are plenty of people who justifiably do.

>>goneho+M1
I've lost track of the number of times I've had this conversation but here we go:

There's nothing inherent in phone numbers here. Both iOS and Android also allows you to add e-mail addresses (and other identifiers) to your local contacts. I'm yet to hear an argument as to why e-mail addresses or other identifiers can't be used in addition to phone numbers, or why it would be a complicating factor.

>>Vinnl+32
I have nothing to hide, but I have nothing I want you to see either.

>>Legogr+13
My guess would be that phone numbers are guaranteed to be unique IDs that (almost) every phone will have which simplifies things and reduces the risk of someone impersonating someone else.

I think they are working on non-phone number IDs though (Moxie was in an earlier signal thread on HN recently and mentioned it).

>>goneho+X3
There is an issue on Github that is collating the problems they are working through. I've lost track of it, though, unfortunately. I've been pretty cynical about it in the past, but the last time I looked at the issue, it does look more complex than I first imagined. I wish it were higher priority, though. Hopefully somebody will remember the issue and post it here (it was from an HN post that I found it originally). Unfortunately, I'm not even sure what project it's under and there are many projects.

>>goneho+X3
In that spirit, emails (when discovered on a device) are also unique IDs. Even if someone's email is The-Dog@someprovider_dot_com authorities can still track that this mailbox was accessed by IP x.x.x.x and this IP is provided to phone number 555-12345 which belongs to Henry Bemis.

It will take the authorities a bit more time (i.e. someone throws away their burner phone and authorities hack it)(with the assumption that phone numbers/SIM activations are provided using valid ID as it happens in many countries).

>>AnonC+(OP)
If that helps, there is a rate limit for checking whether a number is in Signal: with a single account, you can only check 4320 phone numbers a day. This makes mass user enumeration attacks somewhat less practical.

>>goneho+M1
iCloud contacts, which is how Apple phones store and sync this metadata for you, is not end to end encrypted, and is available to Apple and the military intelligence community without a warrant.

https://sneak.berlin/20200604/if-zoom-is-wrong-so-is-apple/

>>hjek+D
The point made by the parent commenter was that you can join any group (if you get someone to invite you) related to a certain topic and get the phone numbers of everyone in that group.

I am not sure about the situation in the US, but in Europe almost all phone numbers are directly linked to a certain person and address by the provider.

>>goneho+M1
> Most of the other secure apps could turn over your entire contact list (which could be damaging for people in a protest that are being targeted).

But that doesn't help much if the entire contact list is a list of trash mail adresses (in the case of Wire) or a list of random IDs (in the case of Threema). And at least Threema does not store any information about your contacts on their servers.

Can you obtain a phone number without any ID in the US? Because you can't in large parts of Europe.

>>hjek+D
That doesn't change the fact that all phone numbers are visible to all group members. All it takes is one rogue participant to reveal the identities of all members. If that actor has access to triangulation data they now have identity, location history, words and possibly images/video.

>>Glitch+Q6
isn’t getting your hands on lots of sims/phone numbers, and thus Signal accounts, pretty trivial, though?

>>m12k+22
Couldn't you just say "I really like the user interface."

Or "The logo looks cool."

Or "It had 4 stars."

Of "It had lots of good reviews."

>>AnonC+(OP)
Eh, you can't have everything.

Still, having a signal account doesn't make you a chargeable protester more than owning a gun makes you a chargeable assassin.

>>unicor+i8
Yeah, it's optimized for communication between trusted parties (e.g. Snowden and a journalist) - as such the focus is on verifying the identity of the other person, not hiding it. It'd be cool if they figured out a group chat setting that was optimized for groups like protesters trying to coordinate - show your identity only to users you are directly connected with/have verified/whitelisted, but hide your identity to everyone else.

>>unicor+i8
I'm sure this is an underrated part of why discord became such a big thing in gaming communities. With so many toxic players and threats against a person so common, a good threat model would care a lot less about surveillance and a lot more about everyone seeing your phone number

>>znpy+2a
> Eh, you can't have everything.

why not? Wire[1] doesn't tie your identity to your phone number. OpenWhisper devs too are aware of Signal's limitation (it was even discussed here on HN recently).

[1] https://github.com/wireapp

>>AnonC+(OP)
Using phone number as ID has been proven idiotic since forever now. As much as I like Signal this is such a design flaw that it makes their software not only untrustable but often unusable too.

What's wrong with email logins?

>>m12k+22
No need to say anything really.

>>kabach+Hb
I'm no expert on the subject, but probably the use of phone numbers (and confirmation by SMS) is helpful to limit the number of bots.

>>ves+N8
Trivial as ordering a 2U 16 blade GSM modem array from AliExpress, sure

>>AnonC+(OP)
This was allegedly used by the authorities in Hong Kong during protests there in 2019, but using Telegram. Telegram responded by introducing a new setting that hides your number from people that aren't in your own contacts.

https://telegram.org/blog/scheduled-reminders-themes#new-pri...

>>HenryB+q5
You can access email only through Tor and they will never know your real IP.

>>pwdiss+M9
no one would believe you...

>>techni+Ga
Same for Twitter. Real names on internet? Actual phone numbers?

You don’t need half as much identification to get stabbed by a weirdo...

>>hjek+D
The issue isn't somebody proving you have a Signal account, the issue is somebody identifying members in a specific group used to communicate about a protest. That way a state actor can find the phone number of a key organizer, persuade their phone provider to share their location, and take them out.

Here's a description of how it worked in Telegram before they added a setting to disable it last year: https://medium.com/adamant-im/telegrams-anonymity-hole-how-t...

>>pwdiss+M9
I mean, I don't get why it has to get any more complicated than "I have friends that use it". That's the main reason for having any messaging app.

>>pwdiss+M9
And the cop will say "I don't believe you you terrorist" and lock you up until you say something else. This has happened time and time again, including in the latest Hong Kong protests, on American border interrogations and it will happen in these US protests as well.

Once you're on the list of suspects from someone elses Signal chat, you're not going to persuade a suspicious official by bullshitting.

>>goneho+X3
Phone numbers are also guaranteed to be recycled. Every single whatsapp contact I have that's older than 3 years is no longer the original user. I know this because their profile picture is shown to me for some reason. Phone numbers are an outdated system that have no place in modern communication, especially not privacy software.

>>izacus+6i
Do you have a source for the claim that this has happened at protests in Hong Kong? I haven't heard of anyone being arrested here on the basis that they had Signal installed.

>>pwdiss+M9
Rubbing ones hands together to stave off the chilling effect.

>>siberi+Lc
Phone numbers are used for contact discovery.

https://signal.org/blog/private-contact-discovery/

>>comput+il
They got arrested by association. Signal chat group is such an association, just like other chat groups are. Except that Signal guarantees to give out your phone number (and by extension location and personal address) to every single person in a chat group.

There have been lynchings in India based on this kind of data leaked by WhatsApp which resulted in them finally allowing joining groups anonymously.

>>m12k+wa
Except the whole point of OTR-like messaging was that you can communicate with someone who you can't be entirely sure you trust in perpetuity (that's why messages in Signal and similar systems don't have non-repudiation -- neither party can prove to a third party that a message really was sent by the other party). Now, obviously the metadata worry is separate to how the message cryptography is implemented but it does seem odd to have a threat model which is somewhat confused on this question.

>>siberi+Lc
Signal could still validate the phone number via SMS and immediately discard it afterwards.

Personally I liked the way ICQ did it back in the day, they used a uniq ID just for their service decoupling it from a phone number.

If Signal wanted to avoid long numbers, they could use a CorrectBatteryHorseStaple approach which is what Xbox does for their usernames if you don't pick one.

Easier to remember,

>>soziaw+G7
> The point

One of the points which, yes, I agree with, but I mainly responded to this:

> I can add phone numbers by enumeration into my contacts and Signal will show who among my contacts is on it.\

> I am not sure about the situation in the US, but in Europe almost all phone numbers are directly linked to a certain person and address by the provider.

Or you can go to a corner shop and buy a Lyca or Lebara SIM with cash. No need to give them your address. You can buy top ups in cash as well. At least in Western Europe this is available everywhere, pretty much.

(I'd still prefer if Signal didn't require phone number to sign up though.)

>>m12k+22
FWIW, many of my friends actually could say this, for I am a programmer who's not on Facebook/WhatsApp and recommends Signal.

It definitely needs to be more reliable, though. The last time I tried to call someone with Signal instead of just using it for messaging, I got a ringing indication but they heard nothing and then after a few seconds the call showed up as missed, and the same happened the other way around with them calling me. There seem to have been about 500 updates to the iOS app in the past 5 minutes via the app store, though, so many whatever caused that was a short-lived glitch.

>>Blaiz0+Gd
How does that matter? You have the right to install any apps you want, and wacky questions deserve wacky answers.

>>izacus+6n
Do you have a source for this?

>>Silhou+Mq
This is not unique to Signal though. I've had this happen with WhatsApp about 1-2% of the times I've tried to place a call in the last few months

>>sorenj+ed
Telegram indeed have better UX and same level of e2e security. Why Signal is getting all the publicity?

>>hjek+nq
> Or you can go to a corner shop and buy a Lyca or Lebara SIM with cash. No need to give them your address. You can buy top ups in cash as well. At least in Western Europe this is available everywhere, pretty much.

This is not legal in Norway.

>>m12k+22
If the law enforcement is talking to you in the U.S., the only right answer is "I'd prefer to have a laywer here."

Not a joke, for real.

They are experts at getting you to talk to them even if you know this. They are experts at getting you to say things that incriminate you or your friends -- that you or your friends have done nothing wrong (in your opinion/as far as you know) will not protect you.

The only answers you should be rehearsing or thinking of in advance are "I would like a lawyer" and "I would like to remain silent." They are rehearsing how to get you to say incriminating things, a lot. Rehearsing or thinking up any other answers only plays into their strengths. Even knowing this, I've been tricked into talking to them, to my detriment. They are really good at it.

>>sadfkl+5w
There are many countries it isn't legal in, which is a shame. The ability to get an anonymous phone ought to be something people care about preserving.

>>romanr+Sv
Telegram is not opensource, Signal is...and yes you can setup your own server with Signal. Why trust a Closed-source-Software? Do you even know that it is encrypted?

>>fsflov+rd
Wrong...they probably don't know your IP..but a agency that has global surveillance in place, can find your source IP quite easy.

>>romanr+Sv
Telegram has off-by-default E2E encryption with a less vetted algorithm that only works for 1:1 chats, and less focus on minimizing server knowledge. That's clearly not

> same level of e2e security

>>moksly+l3
I have something to hide...it's called privacy.

>>AnonC+(OP)
Step 1: Get a virtual phone number.

Step 2: Get Signal and register using virtual phone number.

Step 3: Protest!

>>jrochk+Bx
I’ve heard this before but here’s my practical problem: I don’t know any lawyers. I have literally no idea who to call in such a situation. Do I have to go find and retain a lawyer beforehand just in case I might need one later?

>>cyphar+4o
But with signal you can verify that person, its like the opposite of otr.

https://signal.org/blog/safety-number-updates/

>>jrochk+Bx
It's called the 5th amendment and it is 100% our right to remain silent.

"[...]nor shall be compelled in any criminal case to be a witness against himself[...]

>>josefr+5A
Step 0: Use off-the-grid network.

[0] https://apt.izzysoft.de/fdroid/index/apk/tk.giesecke.disaste...

>>jrochk+Bx
You should actually be careful to say exactly this phrase: "I want a lawyer" and not a word more.

> [W]hen a suspect in an interrogation told detectives to “just give me a lawyer dog,” the Louisiana Supreme Court ruled that the suspect was, in fact, asking for a “lawyer dog,” and not invoking his constitutional right to counsel.

https://www.washingtonpost.com/news/true-crime/wp/2017/11/02...

>>AnonC+(OP)
What about Telegram?

>>jhauri+0y
It's illegal in the vast majority of countries [1] including Germany, France. Attempting to build a safe secure communication system around phone numbers that is suitable for situations like this, relying on them as being somehow anonymous, is just a complete non-starter. Even if you don't have to register the phone number, the cell provider will still know your location history. I think it just shows how America-centric Signal is.

[1] https://privacyinternational.org/long-read/3018/timeline-sim...

>>AnonC+(OP)
Session is built to fix this problem https://getsession.org/

It does not require a number to setup an account and communicate.

>>nix23+Ay
All typical attacks on Tor are known for many years already. If you follow the advises from the Tor website, it will be very hard (nearly impossible) to find you. What do you mean by "quite easy"?

>>vincen+pA
In the case you get arrested, you'll be made aware that if you don't have a lawyer, one will be appointed to you.

If you're not arrested, you should be able to just leave the interrogation (emphasis on should, of course).

>>m12k+22
Thanks! Just gonna need your phone number (for plausible deinabality) ;)

... And just hope there are no records that I've been using it since the days when it was 2 apps,- Red Phone & TextSecure, before becoming Signal.

>>fsflov+NG
By quite easy i mean, when you have global surveillance in place. All tor-nodes are public all tor-exits are public, if your system can track connections from one node to another node and then the exit-node everything is clear.

https://en.wikipedia.org/wiki/Global_surveillance#Infiltrati...

Edit: And that from netzpolitik (highly trusted german source) under 'A global passive adversary' that's the interesting part: https://netzpolitik.org/2017/secret-documents-reveal-german-...

>>pwdiss+M9
How about "I searched for the term "private messaging" in Google Play Store database and Signal was the top result."

https://play.google.com/store/search?q=private+messaging

>>vincen+pA
It's not a bad idea to have a relationship with a lawyer. Talk to family/friends/co-workers. Somebody will have a name for you.

We made a relationship with one I found through family via estate planning (not his specialty) and land deals (not his specialty).

Now I have a name to say out loud when I interact with police. This has happened twice. The OP is right, they'll do everything they can to get you to talk, but understand that if a police officer is talking to you, they're digging for information to incriminate you. In my case, I was a witness to something, and they cuffed me and made me sit on the curb. No possible way I could've needed to be cuffed and questioned. And that was the approach my lawyer took when he came. Best $100 I ever spent.

>>vincen+pA
Most of the time police will arrest you, book you, and then you call a bail bondsmen to get get out or family/friend. Then you find a lawyer. Think DUI, assault, theft, drugs etc. Detectives won’t really question you but it’s still a good idea to say nothing to a street cop.

If you’re in serious trouble like a murder, financial or computer crime you’ll probably be questioned before you’re arrested. That’s the time to be silent and request a lawyer. You may start out with a 1-800 lawyer who will come and tell you to keep quiet. Later you can find a new one if needed.

>>hkh28+3F
Okay, he was asking for a lawyer dog, and not invoking his constitutional right to counsel. If he kept his mouth shut otherwise, that would do him little harm.

>>uberco+lG
Then just setup your own Signal-Server, if you don't want a connected number at all, OTR over tor is the way to go.

>>jrochk+Bx
> If the law enforcement is talking to you in the U.S., the only right answer is "I'd prefer to have a laywer here."

> Not a joke, for real.

Obligatory link to the fantastic "Don't Talk to the Police" lecture from the Regent University School of Law.

Watch the whole thing:

https://www.youtube.com/watch?v=d-7o9xYp7eE

>>soziaw+U7
> Can you obtain a phone number without any ID in the US? Because you can't in large parts of Europe.

Yes. About 10 years ago, before Google Voice, I needed a local area-code number to work with my apartment buzzer. I bought a $15 Tracphone with cash at Walmart and activated it at a payphone (mainly just to see if I could).

>>hjek+nq
I've had to provide "home" address and passport/identity docs to purchase SIM cards in Norway, Germany, and Italy. I believe Chile will not sell SIMs to non-citizens.

Off the top of my head, I think it was easier in France (although this was 16 years ago), Iceland, UK. I also recall it being easy in Aus/NZ. Fairly easy in the US as well, I believe, but as I'm a resident, I don't think too much about what address to use when having a prepaid SIM shipped to me, nor do I ever expect to have to show my papers for something like this. (although, of course, a postpaid account usually involves a credit inquiry, so ID docs would be used privately, not for government reasons, for what that's worth).

>>hjek+nq
> Or you can go to a corner shop and buy a Lyca or Lebara SIM with cash.

Which is still a stable identifier that other people know you by, so you will likely keep it a long time and amass a trail of location data. Also its trivial to tie to the IMEI, so if you actually want to change nyms you have to buy a new phone as well.

Everything about the legacy phone system is a liability. Contact discovery is difficult, but tying into phone numbers should be optional and only for the duration of setting up a contact. Using phone numbers for long-lived identifiers is insane.

>>ardy42+4L
Here is a very succinct version: Shut The Fuck Up Friday https://www.youtube.com/watch?v=JTurSi0LhJs

(fair warning, this will autoplay the word 'Fuck' in the first 10 seconds)

>>nix23+aI
It is enough to have at least a few independent relays to cover the trace. Everyone who can should be running a relay node at home I guess. Also we generally need more participants in Tor of course.

There is also I2P network, which is even harder to break (unless someone owns practically all nodes there).

>>m12k+22
I got a group of friends to use Signal because of the following:

1. Sharing videos/pictures/memes is terrible in an SMS group chat 2. One person in the group has bad cell service, so we needed something that would send messages over Wifi 3. Half the people are on Android, so no iMessage 4. 1/4 of the people aren't on Facebook, so no messenger

I was the one who suggested Signal. I did so because I like the end to end encryption, but that was not a selling point for anyone else. They just cared that it solved the problems above.

>>hkh28+3F
I thought the right to a lawyer dog was guaranteed by the K9th Amendment

>>vincen+pA
You might want to find one advance, but you just have to not talk to the police UNTIL you find one when you need one. You in fact have the constitutional right to this.

Even a last minute lawyer who may not turn out to be ideal is better than no lawyer. A public defender may also be an option in some cases.

When you say the 'magic' legal words "I want a lawyer", they should not talk to you anymore until you have one. In most cases, you are or will be at home with plenty of time to find a lawyer. In some cases you may find yourself detained/arrested ("Am I being detained? Am I free to go?" are other 'magic' words). They may try to tell you that if you would only talk to them, they would let you go -- they are VERY LIKELY lying.

Do not trust that you can tell or sense if they are lying or not. They are experts at tricking you, they are trained and have lots of practice in it. They are legally allowed to lie. (In my personal experience, they did lie about exactly this -- they said "if you just talk to us, you can be on your way", I talked to them, I got arrested anyway.).

Getting arrested sucks; talking to the police without a lawyer can make it much much worse.

tldr; no, you don't need a lawyer in advance, you can ALWAYS say "I would like to remain silent, I would like a lawyer", and you always have this right, and they can not talk to you (or use anything from talking to you) without a lawyer once you've said this.

>>mkup+0u
How does that matter? Perhaps due to the potential scenario in question being interrogation by law enforcement that doesn't have your best interests at heart, not "who has the better witty retort to score points online?".

>>fsflov+TR
Well i run a node (not exit) and yes it's better then nothing, but to fully trust Tor is a big nono, i said nothing else. Protections from private company or country's yes..but protection from GCHQ/NSA probably not.

And no you can trace it thru the ISP's, the problem is the latency, Connection from here to there in that millisecond trace one...and so on.

>>Powerf+7R
Yes, the advice is good, but this is targetted against "operating an unlicensed dispensary" -- it is important you realize because you think you've broken no law still does not make you safe, you need to not talk to the police without a lawyer, for your own safety, even if you think you've done nothing wrong.

You (or your friends) can go through serious inconvenience and pain, from lengthy and expensive legal battle (during which you may not be allowed to leave the state etc), to conviction and sentance, even if you don't think you've done something wrong. Innocent people and/or people who didn't realize they were breaking a law get convicted all the time.

Talking to the cops will not help your situation. Not even when they say "Look, we may have it wrong, if you just tell us what happened we can get this all cleared up." Not without a lawyer.

>>nix23+GW
If you are speaking about the timing attack, then you should consider I2P. It makes them significantly harder. In general, I agree that if your enemy is NSA, you can do very little. But you can make their life harder, and you should.

>>fsflov+nX
I2P is absolutely great, a shame that it's no covered so much and Freenet was once also a cool project...i see we are on the same page ;)

Edit: GnuNet, RetroShare and ZeroNet should also be mentioned

>>Loughl+JI
> but understand that if a police officer is talking to you, they're digging for information to incriminate you

Are you sure you're not exaggerating? I've totally seen incidents where cops were only talking to see if they've even found the right person. They lose interest pretty damn quickly when they realize they're talking to the wrong person (even to the point of rejecting extra evidence you might offer yourself). Whereas I'm pretty damn sure in these cases you cause yourself a lot of (short-term maybe, but still) grief if you suddenly go on the defensive and plead the 5th. It unnecessarily makes you look guilty, whereas a couple minutes of talking can make it crystal clear to them you're totally clueless.

>>detaro+Iy
And both users need to be online at the same time for the E2E-encrypted chat. Very limiting.

>>nix23+dy
You can setup your own server with Signal, but you will not participate in the same network, so this is not really relevant.

>>m12k+22
I want to emphasize that DeleteWhatsapp, DeleteInstagram should trend equally with DeleteFacebook.

>>mehrda+F11
In my experience, no, I am not exaggerating. In my run-ins with police, they had no clear suspect, so everyone was a suspect. In one case, they questioned me, and had me go through a polygraph test. They didn't inform me of my rights to an attorney, because I was not formally arrested. They also did all of this without legal representation or parents (I was 16). They did it just to be able to tell me that I failed, and that I should confess now and they would go easy on me. For a crime I didn't commit. They even lied about what I said at the scene of the crime to say that I contradicted myself, or the responding officer wrote it down wrong.

I do not believe it is a good idea to speak to police unless they have a clear suspect, motive, evidence, and other indicators they are not fishing for you to be the suspect.

I firmly, firmly, firmly believe short-term hassle and a lawyer's bill are much better than the long-term ramifications of an arrest, even if you are not convicted ultimately.

>>vincen+pA
There are services where you pay a monthly fee ($20 a month in my case), and you get a card with phone numbers for a law firm (actually it's a service that will connect you with a lawyer local to where you are). You get access to a lawyer for a certain amount of time without extra charge, the amount of time increasing the longer you pay for the service. If you get into serious legal trouble you will end up paying for a lawyer anyway, but a service like this will help in those circumstances where a cop wants to question you, and you want to say "I want a lawyer present."

I agree with some of the other commenters that you really should say the word "want", not "wish" or "would like". You need to be clear and emphatic about having a lawyer present.

>>soziaw+U7
Is it a list of trash mail addresses by default or is there an assumption that people made trash mail addresses specifically for the app?

If it’s the latter, I suspect that won’t happen in practice for the majority of users.

I haven’t heard of threema, I guess users have to share their IDs manually with each other in that case?

>>inetse+t81
That sounds like exactly what I need. What’s the service called that you use?

>>jrochk+Bx
This is what you should say.

"I am happy to help and will do so as soon as my lawyer gets here."

>>vincen+Mc1
It's called LegalShield. The website is here: https://www.legalshield.com

There are others. Do a search for "prepaid legal services". Most of them have similar prices (~$20 a month) and provide similar services (wills, traffic tickets, document review, etc). Like I said, if you get into serious trouble, you will have to pay for a lawyer. This is like insurance. In my opinion, if it helps you avoid saying something stupid to a cop, it's probably worth it.

>>Silhou+Mq
I’ve had this happen with normal carrier phone calls as well so it appears till be nothing special. Maybe there should be a different tone for “finding device(s) to ring” and “ringing device”.

>>nix23+dy
https://github.com/DrKLO/Telegram

https://github.com/telegramdesktop/tdesktop

>>fsflov+E21
For Country's or big-business it is relevant

>>sorenj+hv1
THAT is not the server, its like saying Firefox is opensource so Facebook is too, thanks and no thanks for the link's.

>>nix23+LA
OTR also allows you to do key verification -- all encrypted chat systems support that. The point isn't that you cannot be sure who you're talking to, the point is that the communication transcript cannot be provided to a third party as evidence that either party in the conversation said something.

This is fairly simply implemented in OTR. Rather than signing the message with an asymmetric keypair (as you would with PGP), you sign it with a HMAC. Thus both the sender and recipient could create a valid message from the sender (giving you the property that only the two people in the conversation can be sure what was actually said by the other party, without being able to prove it to a third party cryptographically).

>>Loughl+v71
They could very well have been lying to you about failing the polygraph test too. They are legally allowed to lie to you.

Of course, they can arrest you even if you don't talk to them. It's ultimately up them whether to arrest you, not to you. You don't necessarily get out of getting arrested by not talking to them. (If they say you can get out of getting arrested by talking to them, they can be lying!). But you make it much worse by talking to them.

>>nix23+HC1
The encryption takes place in the client though, which you can verify by looking at the client source code. I find your comparison with Facebook a bit lacking, a better one would have been by looking at the Firefox code to verify if https traffic is encrypted.

>>AnonC+(OP)
Late post, but I'm just wondering why nobody has mentioned Briar Project. I think it's designed to remedy some of the issues mentioned here: https://briarproject.org/

>>jrochk+bW1
They 100% were lying to me.

I spoke to a family friend who quit the police department I was dealing with over ethical concerns. He said that it was pretty standard practice, especially when dealing with a case they had zero suspects on. He said, "they'll bring you in, they'll tell you you failed, and they'll tell you that if you confess, they'll go easy on you because you're so young. It's not the results that matter on a polygraph, it's the answers you give. Don't lie, and don't incriminate yourself."

He was 100% correct. They brought me back to the station, into an interrogation room, and after about an hour of waiting, told me exactly what he said they would.

I lost all respect for law enforcement through that process.