The major one that concerns me is who is behind them. Even if we trust that their encryption is not backdoored, there is a lot of information that can be gathered just from the frequency of messages and who they are between.
If it came out that a three letter agency was running one of these networks, it would not suprise me at all.
Bit pessemistic, but kinda. Its important to remember that most (all?) people on here are of no interest to three letter agencies. The NSA doesnt care about your families group chat.
Yeah but you cant really obfuscate your message destination and timing without using onion routing, and really thats just making it more expensive to compromise and run. That said other things here do make it seem like a honeypot…
Its fully open source though, even the server. Might not be that hard to fork it and let people host their own servers.
Onion routing isnt a foolproof answer either, if the three letter agency runs the entry/exit nodes. There are lots of rumors of tor being compromised.
I wasnt clear in my original comment, but I do trust Signal mostly (naively?), its the other Signal forks/clones that i do not trust at all. So if someone forked Signal and made it self-hostable, that would be interesting, but near impossible for me to trust.
Being open source doesnt mean its not backdoored, see xz. ;)
There’s a lot of really bad stuff on Tor. Like, really bad; probably worse than you’re imagining. Things that make the old rotten.com stuff look like a child’s birthday party. If Tor was actually compromised, the people creating and uploading that stuff would be grabbed quickly. Instead, LEAs have to cooperate globally and run long-con sting operations in order to identify people in order to bust them. Most of the time, they’re busting people that use Tor due to social engineering or one kind or another, and the remaining times it’s because someone fucked up configuration on a site.
The major one that concerns me is who is behind them. Even if we trust that their encryption is not backdoored, there is a lot of information that can be gathered just from the frequency of messages and who they are between.
If it came out that a three letter agency was running one of these networks, it would not suprise me at all.
https://en.m.wikipedia.org/wiki/Operation_Trojan_Shield
The only fix for that is for nobody to communicate, ever.
Bit pessemistic, but kinda. Its important to remember that most (all?) people on here are of no interest to three letter agencies. The NSA doesnt care about your families group chat.
Exactly this. Everybody should be aware of their threat model.
Yeah but you cant really obfuscate your message destination and timing without using onion routing, and really thats just making it more expensive to compromise and run. That said other things here do make it seem like a honeypot…
Its fully open source though, even the server. Might not be that hard to fork it and let people host their own servers.
Onion routing isnt a foolproof answer either, if the three letter agency runs the entry/exit nodes. There are lots of rumors of tor being compromised.
I wasnt clear in my original comment, but I do trust Signal mostly (naively?), its the other Signal forks/clones that i do not trust at all. So if someone forked Signal and made it self-hostable, that would be interesting, but near impossible for me to trust. Being open source doesnt mean its not backdoored, see
xz. ;)Lots of rumors, very little evidence.
There’s a lot of really bad stuff on Tor. Like, really bad; probably worse than you’re imagining. Things that make the old rotten.com stuff look like a child’s birthday party. If Tor was actually compromised, the people creating and uploading that stuff would be grabbed quickly. Instead, LEAs have to cooperate globally and run long-con sting operations in order to identify people in order to bust them. Most of the time, they’re busting people that use Tor due to social engineering or one kind or another, and the remaining times it’s because someone fucked up configuration on a site.
The US military uses Signal for communication
Do you have a source for that? Surely its not acreddited for classified data?
Well no, but it is used for personal communication