zlacker

[parent] [thread] 12 comments
1. Legogr+(OP)[view] [source] 2020-06-05 06:50:42
I've lost track of the number of times I've had this conversation but here we go:

There's nothing inherent in phone numbers here. Both iOS and Android also allows you to add e-mail addresses (and other identifiers) to your local contacts. I'm yet to hear an argument as to why e-mail addresses or other identifiers can't be used in addition to phone numbers, or why it would be a complicating factor.

replies(1): >>goneho+W
2. goneho+W[view] [source] 2020-06-05 06:59:49
>>Legogr+(OP)
My guess would be that phone numbers are guaranteed to be unique IDs that (almost) every phone will have which simplifies things and reduces the risk of someone impersonating someone else.

I think they are working on non-phone number IDs though (Moxie was in an earlier signal thread on HN recently and mentioned it).

replies(3): >>mikekc+52 >>HenryB+p2 >>ohhnoo+mf
◧◩
3. mikekc+52[view] [source] [discussion] 2020-06-05 07:18:03
>>goneho+W
There is an issue on Github that is collating the problems they are working through. I've lost track of it, though, unfortunately. I've been pretty cynical about it in the past, but the last time I looked at the issue, it does look more complex than I first imagined. I wish it were higher priority, though. Hopefully somebody will remember the issue and post it here (it was from an HN post that I found it originally). Unfortunately, I'm not even sure what project it's under and there are many projects.
◧◩
4. HenryB+p2[view] [source] [discussion] 2020-06-05 07:22:34
>>goneho+W
In that spirit, emails (when discovered on a device) are also unique IDs. Even if someone's email is The-Dog@someprovider_dot_com authorities can still track that this mailbox was accessed by IP x.x.x.x and this IP is provided to phone number 555-12345 which belongs to Henry Bemis.

It will take the authorities a bit more time (i.e. someone throws away their burner phone and authorities hack it)(with the assumption that phone numbers/SIM activations are provided using valid ID as it happens in many countries).

replies(1): >>fsflov+qa
◧◩◪
5. fsflov+qa[view] [source] [discussion] 2020-06-05 08:54:16
>>HenryB+p2
You can access email only through Tor and they will never know your real IP.
replies(1): >>nix23+zv
◧◩
6. ohhnoo+mf[view] [source] [discussion] 2020-06-05 09:50:28
>>goneho+W
Phone numbers are also guaranteed to be recycled. Every single whatsapp contact I have that's older than 3 years is no longer the original user. I know this because their profile picture is shown to me for some reason. Phone numbers are an outdated system that have no place in modern communication, especially not privacy software.
◧◩◪◨
7. nix23+zv[view] [source] [discussion] 2020-06-05 12:30:02
>>fsflov+qa
Wrong...they probably don't know your IP..but a agency that has global surveillance in place, can find your source IP quite easy.
replies(1): >>fsflov+MD
◧◩◪◨⬒
8. fsflov+MD[view] [source] [discussion] 2020-06-05 13:27:57
>>nix23+zv
All typical attacks on Tor are known for many years already. If you follow the advises from the Tor website, it will be very hard (nearly impossible) to find you. What do you mean by "quite easy"?
replies(1): >>nix23+9F
◧◩◪◨⬒⬓
9. nix23+9F[view] [source] [discussion] 2020-06-05 13:35:00
>>fsflov+MD
By quite easy i mean, when you have global surveillance in place. All tor-nodes are public all tor-exits are public, if your system can track connections from one node to another node and then the exit-node everything is clear.

https://en.wikipedia.org/wiki/Global_surveillance#Infiltrati...

Edit: And that from netzpolitik (highly trusted german source) under 'A global passive adversary' that's the interesting part: https://netzpolitik.org/2017/secret-documents-reveal-german-...

replies(1): >>fsflov+SO
◧◩◪◨⬒⬓⬔
10. fsflov+SO[view] [source] [discussion] 2020-06-05 14:25:58
>>nix23+9F
It is enough to have at least a few independent relays to cover the trace. Everyone who can should be running a relay node at home I guess. Also we generally need more participants in Tor of course.

There is also I2P network, which is even harder to break (unless someone owns practically all nodes there).

replies(1): >>nix23+FT
◧◩◪◨⬒⬓⬔⧯
11. nix23+FT[view] [source] [discussion] 2020-06-05 14:52:18
>>fsflov+SO
Well i run a node (not exit) and yes it's better then nothing, but to fully trust Tor is a big nono, i said nothing else. Protections from private company or country's yes..but protection from GCHQ/NSA probably not.

And no you can trace it thru the ISP's, the problem is the latency, Connection from here to there in that millisecond trace one...and so on.

replies(1): >>fsflov+mU
◧◩◪◨⬒⬓⬔⧯▣
12. fsflov+mU[view] [source] [discussion] 2020-06-05 14:56:01
>>nix23+FT
If you are speaking about the timing attack, then you should consider I2P. It makes them significantly harder. In general, I agree that if your enemy is NSA, you can do very little. But you can make their life harder, and you should.
replies(1): >>nix23+BW
◧◩◪◨⬒⬓⬔⧯▣▦
13. nix23+BW[view] [source] [discussion] 2020-06-05 15:07:25
>>fsflov+mU
I2P is absolutely great, a shame that it's no covered so much and Freenet was once also a cool project...i see we are on the same page ;)

Edit: GnuNet, RetroShare and ZeroNet should also be mentioned

[go to top]