Signal is More Than Encrypted Messaging. It Wants to Prove Surveillance Capitalism Is Wrong (wired.com) 70
Slashdot reader echo123 shared a new article from Wired titled "Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong." ("On its 10th anniversary, Signal's president wants to remind you that the world's most secure communications platform is a nonprofit. It's free. It doesn't track you or serve you ads. It pays its engineers very well. And it's a go-to app for hundreds of millions of people.")
Ten years ago, WIRED published a news story about how two little-known, slightly ramshackle encryption apps called RedPhone and TextSecure were merging to form something called Signal. Since that July in 2014, Signal has transformed from a cypherpunk curiosity — created by an anarchist coder, run by a scrappy team working in a single room in San Francisco, spread word-of-mouth by hackers competing for paranoia points — into a full-blown, mainstream, encrypted communications phenomenon... Billions more use Signal's encryption protocols integrated into platforms like WhatsApp...
But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.
Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...
Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."
Key quotes from the interview:
But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.
Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...
Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."
Key quotes from the interview:
- "Given that governments in the U.S. and elsewhere have not always been uncritical of encryption, a future where we have jurisdictional flexibility is something we're looking at."
- "It's not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who's the gold standard for privacy? It's Signal."
- "We also see growth in response to things like what we call a Big Tech Fuckup, like when WhatsApp changed its terms of service. We saw a boost in desktop after Zoom announced that they were going to scan everyone's calls for AI. And we anticipate more of those."
- "AI is a product of the mass surveillance business model in its current form. It is not a separate technological phenomenon."
- "...alternative models have not received the capital they need, the support they need. And they've been swimming upstream against a business model that opposes their success. It's not for lack of ideas or possibilities. It's that we actually have to start taking seriously the shifts that are going to be required to do this thing — to build tech that rejects surveillance and centralized control — whose necessity is now obvious to everyone."
Well, surveillance capitalism _is_ a bad idea (Score:5, Insightful)
And that is both from a human rights perspective _and_ from a purely utilitarian perspective. The second thing means it destroys the economy, long-term. The reason for that is that people will self-censor, not dare to think critically (hence debt of all kinds accumulates), have heightened stress and generally the smarter, the less well and welcome they will feel.
Obviously, violating human rights is something only the worst of the worst do, so there is that as well.
Re: Well, surveillance capitalism _is_ a bad idea (Score:2)
The reason for that is that people will self-censor, not dare to think critically (hence debt of all kinds accumulates), have heightened stress and generally the smarter, the less well and welcome they will feel.
This is, IMO, the biggest travesty, but it's not just surveillance capitalism doing it, it's also social media and cancel culture. Whittaker is really one to talk about all of this because people like her are the diving force behind self-censorship. And depending on your perspective, worse, people like her are the reason chatgpt thinks nuclear war is preferable to misgendering.
Re: Well, surveillance capitalism _is_ a bad idea (Score:4, Interesting)
Social media is surveillance capitalism. The purest example of it; they don't make money off anything but the surveillance.
Nobody cares what ChatGPT thinks though. Some people pretend that they do, as an extension of their role-plays with the chat bot. It won't ever start a nuclear war. It will deny you loans, housing, healthcare, and employment though.
Re: (Score:2)
Well, if you can't exert enough force through buying law, the gun as needed, or simply driving people to ruin through economic means; what else is there? This is a symptom more than a cause.
The problem with the Signal model is contracts are only as good as their enforcement (re- government). Even for the most unimpeachable, most pure; owners change, transparency is always going to be problematic, and NO transaction should require that level of trust (which ultimately translates into destroying the very thin
Re: Well, surveillance capitalism _is_ a bad idea (Score:3, Informative)
A common misconception about nonprofits is that they're not profitable. They can be and they definitely play into the capitalist system that the author of the summary seems to believe Signal doesn't. Though one thing you are missing is that the owners can't actually change, because by definition, a nonprofit has no owners. This is one of the odd things about ideologues on slashdot is they believe there's some kind of virtue or moral superiority of working for a co-op or a nonprofit. What they don't understa
Re: (Score:2)
Non profit is just a different set of business and accounting rules. I think they serve an important rule, but they do need to make profit
Re: (Score:1)
Not necessarily profit, just revenue. If they can't generate revenue in excess of their expenses, then they have to borrow. If they can't remain solvent, they liquidate.
The stakeholders will want to profit somehow. Whether that's the employees who get paid, the customers who get their product, or the benefactors who get less tangible satisfaction in the case of Signal, somebody will want to get something out of it that they feel is in excess of what they feel they contributed. In other words, profit.
Re: (Score:2)
Nice redefinition of the normal definition of profit. If a company on the stock exchange says to its shareholders we covered our expenses but above that you get warm fuzzes then it would probably be sued.
While non profits goal is to benefit society (in their opinion) and get pleasure from that. A for profit organization goal is to benefit the owners financially and the owners get pleasure from spending that money.
Very few things people do are totally altruistic, however some people's motives are better than
Re: Well, surveillance capitalism _is_ a bad idea (Score:1)
Nice redefinition of the normal definition of profit. If a company on the stock exchange says to its shareholders we covered our expenses but above that you get warm fuzzes then it would probably be sued.
Shareholders are owners. A nonprofit has no owners. Again, the stakeholders behind a nonprofit definitely can profit, but the business itself does not, it merely needs to be solvent.
While non profits goal is to benefit society (in their opinion) and get pleasure from that.
No, they just follow their mission. It might help to point out that some nonprofits are lobbyist thinktanks intended to sway political opinion in favor of some particular industry.
A for profit organization goal is to benefit the owners financially and the owners get pleasure from spending that money.
Just as in a nonprofit, there can definitely be more to it than that. Case in point, SpaceX. It's a for-profit just like any other, but if its only go
Re: (Score:2)
Re: (Score:2)
Yes, YouTube is a nice example of this crap. I have mostly stopped watching. There are 2 or 3 specialty creators I still watch occasionally, but the rest has simply gotten boring and even any "controversy" comes essentially from a list of approved topics.
Incidentally, there never was a way to make the "general public" see any comments. It also was never worthwhile to try, as the general public is as dumb as bread. But it was always valuable to have a way to find those with a working mind and form communitie
Re: (Score:2)
No, it's about serving their customers.
If you don't like how some website moderates itself, just look at their ads and then you'll know with whom you have a disagreement.
Why would you expect the general public, using someone else's website, to see your commentary? Don't be a cheapskate. If you really want that, then buy a
Re: (Score:2)
Re: (Score:2)
And yet, you are posting here on a "free" website that makes its money by selling your data to advertisers. So while it may seem like a bad idea, it's apparently not so bad that you refuse to engage in it.
Re: (Score:1)
And when there are all sensible answers, then one idiot has to come in and try to elevate himself with an AdHominem. Congratulations. Well done.
Re: (Score:3)
Interesting take. No, not an attack, just an observation. That observation being that while many people complain about lack of privacy, they don't really care enough to avoid websites that invade their privacy.
Right on target (Score:2, Insightful)
"...venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology." A corollary of this statement is that capitalism is not the only way forward for civilization.
Re: Right on target (Score:4, Insightful)
While it's certainly not the only way, history has repeatedly shown it to offer the highest common prosperity.
ThatÂs now what they're trying to prove (Score:5, Insightful)
Everybody knows surveillance capitalism is wrong - all shades of wrong. And totally disgusting. And amoral. And dangerous.
What they're trying to dismantle is the narrative of the monopolists who engage in surveillance capitalism: "We have to do it because there's no other way to make a buck in a world where everybody expects free products and services." - and nevermind that surveillance is conducted by devices that people pay beaucoup bucks for, like TVs and cars...
But here's the strange thing: why do they even have to prove anything?
Before surveillance capitalism, people paid for their software and their games. And it worked: entire industries sprang up from that simple business model. Hell, Microsoft itself grew to be a goddamn monopoly selling software licenses. Well, more like ramming them down people's throats really, but still: they sold stuff without resorting to putting anybody under surveillance.
And before software, we had... you know, people selling things to other people without setting camp on their lawns and peering through the window 24/7 to sell others reports on their customer's habits at home as a form of payment.
What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?
Re: ThatÂs now what they're trying to prove (Score:1)
It's not "the world" that's something wrong with, it's the ideas/mindsets of "i want stuff for free" and "social media", both concepts come with unspoken costs in that largescale projects and long-term dedication has to be supported and funded by the users, or the providers will have to find *other* ways to be paid to pay for their time and expenses. The sort of capitalism we're caught up in is a fad that will go away in time (but again, not without leaving a debt to everyone of us).
As for the article, it's
Re: ThatÂs now what they're trying to prove (Score:2)
Nothing is truly free. As the concept Heinlein introduced: TANSTAAFL. Sure, you night not pay money for "free" cloud services like fecebook, but don't think for a second that you're trading nothing for it. It's not that you don't get anything in return either as you often here people say "wtf google is monetizing my data without giving me anything in return!", this is totally false, you certainly do get something in return. The mistake people make is not realizing that everything is only worth what you thin
Re: (Score:2)
I can't get Microsoft to stop trying to ram their free cloud service down my throat. Yes people get and want to keep their free social networks but who's fault is that these organizations offered them for free, and its much harder take something off someone than not give it to them in the first place.
Its not that people mind a few ads in their social media however the tracking and advertising
Re: (Score:3)
> What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?
A slightly different perspective: I think it's more that we have a hyper-competitive world in most ways. If you try to maintain the good old days of business models, you'll go out of business. The mass buying public isn't always brilliant. They can be gullible and fickle, and like a literal herd, they'll follow the crowd. Sometimes it's partly due to "follow t
Re: ThatÂs now what they're trying to prove (Score:1)
A big mechanism for the surveillance capitalism is of course cell phones and apps. I do almost nothing on a cell phone. I keep "location" turned off. Recently I noticed it was turned on. Did I tap it accidentally?
Give grapheneos a try. I always leave location on, but only certain apps can have access to it, and only under certain conditions. That includes all of the Google apps, which it sandboxes, and I've denied all location access.
There's only one app I've given location access at all times, which is tile, but I've removed its access to the network. That allows it to always keep track of where I last placed my stuff, but it can't send anything to the data broker company that now owns it.
Re: (Score:2)
Wow, thank you. I wish I had more time for such things, but I will definitely look into it. Some years ago I was going to try Lineage and some others, but they weren't compatible with the phones I had. Cell network providers whittle away at older technologies, leaving me with only one phone that works. But I've been thinking about getting another one, so I'll correlate some available phones and GrapheneOS and see what I come up with. Thanks again!
Re: (Score:2)
Looks like grapheneos only runs on google pixel things. someone near me is selling a compatible pixel phone for a good price. I might buy it and try grapheneos. Thanks again!
It's how Google gets more $ for the same thing (Score:2)
Let's say you're an advertiser and your ads are twice as responsive due to surveillance targeting, but they cost 2-3x more each than untargeted ones? The only people who ultimately benefit are the advertising networks because they can make more money from the same number of ads. There is, after all, a limit to how many ads consumers will put up with.
John Wanamaker once said, “I am convinced that about one-half the money I spend for advertising is wasted, but I have never been able to decide which half
Re: (Score:2)
What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?
Because the tech industry revolves around moving fast, innovation, and revolutions. If you do things the old fashioned way, you are ridiculed, even if it works. When I tell people that many of the applications I use are about 20 years old, they think I'm crazy, my workflow is probably massively insecure, I and need to update everything ASAP, even if they have no idea what I do.
So, yeah, is your advertising revenue drying up and nobody is buying your data? Fear not! AI will change the way you do business
Re: (Score:2)
Everybody knows surveillance capitalism is wrong - all shades of wrong. And totally disgusting. And amoral. And dangerous.
This of course isn't true. Some people don't think it is any of those things. Some don't think so because they are profiting from it, some don't think so because they don't think about it... That's how we got here!
What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?
Careful, a lot of harmful business models "worked" for humanity for many ages, like slavery. How do we know they worked? They got us here, right? Never mind that they weren't the most efficient way (let alone any of the other things they weren't like moral) but they were apparently successful! Wha
Re: Google is the poster boy (Score:2)
Google is a brainchild of the American IC that very successfully found a way to harness "free stuff!" (Gmail, Chrome etc) and network economies to propel themselves into a central spot in the world IT & IS ecosystem.
Re: (Score:2)
And slashdot is part of that Google tracking network. Notice in the page source there are links to doubleclick.net...Google. We all come here and (though many probably block the ads) we support this tracking network by engaging in it.
And don't let the ad-blockers fool you, sites can still track you, and they can and do still report your activity to Google, even with blockers in place. You can't block what happens on the server side.
Protocol (Score:2)
They need to piggy back on Tor or something like that, because something like this needs to have a peer to peer configuration where every app is a node. Actually all apps especially ones like WhatsApp, X, Telegram etc. should start having some peer to peer ability even if it's a small amount of traffic routing.
Re: (Score:3)
They need to piggy back on Tor or something like that, because something like this needs to have a peer to peer configuration where every app is a node.
FYI, communications are peer to peer in Signal's protocol.
Re: (Score:2)
I meant they should all use Tor or an equivalent so they aren't just peering their own traffic.
Re: (Score:2)
I meant they should all use Tor or an equivalent so they aren't just peering their own traffic.
But your suggestion would introduce the same risks associated with peering Tor traffic: Your IP address can potentially distribute someone's illegal content such as CSAM when all you really want to do is text and talk to your Significant Other in private. Signal's security works great just the way it is.
Re: (Score:2)
Signal does "direct" connection. Its specialty is not in obscuring message activity painfully, its in protecting message content painlessly.
Re: (Score:3)
https://jami.net/ [jami.net] seems like what you want. Its about as open as its possible to get, peer-to-peer through and through and probably as close as anyone has gotten to the ultimate messaging program when it comes to privacy and security.
just lol (Score:2, Insightful)
Who's the gold standard for privacy? (Score:3)
How well Signal guards your privacy really depends on who you are defending it against.
If you are trying to stay private from advertisers it's perfect. If you are trying to stay private from the US/Five-Eyes/Israeli governments, not so much. Centralized servers from US companies for timing/ip analysis combined with phonenumber registration exposes a lot, no matter the encryption and sealed sender.
Even Whatsapp is better at that point, more noise to hide in.
Re: (Score:2)
An instant messenger that strongly obscures activity cannot exist. Its the "instant" part that will always allow surveillance technology to correlate sender with receiver.
Signal is for protecting privileged communications. It is not for clandestine messaging.
Re: (Score:2)
It's far harder to have a bird's eye view of connections in a peer to peer overlay network than one with centralized servers.
She was claiming it to be the gold standard for privacy.
Re: (Score:2)
An instant messenger that strongly obscures activity cannot exist. Its the "instant" part that will always allow surveillance technology to correlate sender with receiver
You could make all the clients continuously send encrypted nonsense back and forth over a websocket to the server at a fixed bit rate. In addition have the client send messages via onion routing it through a dozen or so other random clients and you'd have a pretty difficult time telling whom is talking to whom.
Re: (Score:2)
stop trying to make believe that a good solution isnt a good one because it doesnt solve a different problem
Re: (Score:2)
Re: (Score:2)
It's suspicious that they don't allow federation or third party apps. The claim that it's a security issue is clearly bunk. Commercial email providers, even the free ones, allow third party clients and don't rely on the easily modified or spoofed official client for anti-spam etc.
Re: (Score:2)
Even Whatsapp is better at that point, more noise to hide in.
It's really not.
Whatsapp doesn't encrypt metadata.
In Signal, metadata and messages are E2E encrypted. In Whatpsapp, Meta can read content of "abusive" messages.
Signal uses quantum-resistant Kyber-1024 encapsulation; Whatsapp does not.
Aside from all that, Whatsapp is closed source and hasn't had a public security audit. You don't really know what you're getting.
Re: (Score:2)
Signal can read content of messages if one of the participants wants to send it to them. A receiver will just need to jump an awful lot of hoops to prove it was actually from the sender, ie. modify the client to log the necessary data to prove it. Meta has conveniently build the logging necessary for a provable abuse report into their client. Not really relevant if the receiver doesn't send an abuse report.
Whatsapp likely doesn't have sealed sender, but Signal still didn't fix the possible attack on sealed
Re: (Score:3)
If you are trying to stay private from the US/Five-Eyes/Israeli governments, not so much. Centralized servers from US companies for timing/ip analysis combined with phonenumber registration exposes a lot, no matter the encryption and sealed sender.
Even Whatsapp is better at that point, more noise to hide in.
Signal no longer requires a phone number. I'm not saying Signal is immune from Five Eyes snooping, but if you're suggesting Whatsapp, owned by Mark Zuckerbergs's advertising company, somehow offers better privacy than Signal, then you are either missing something, or a shill for Meta.
Re: (Score:2)
Yes, it absolutely requires a phonenumber. It can be hidden from your contacts, and PIN is time limited alternative, but the only reliable identifier to the server is your phonenumber. Registration lock lasts 7 days, your phonenumber forever.
Re: (Score:2)
Yes, it absolutely requires a phonenumber. It can be hidden from your contacts, and PIN is time limited alternative, but the only reliable identifier to the server is your phonenumber. Registration lock lasts 7 days, your phonenumber forever.
Interesting, thanks for the info. So Signal DOES require a phone number, but this number is now hidden by default. Of course, Signal would release this number if requested by subpoena. It looks like one option is to use a payphone to do the initial authorisation part that requires a phone number: https://theintercept.com/2024/... [theintercept.com] (site requires a sign-up, I got around this by using Firefox's "reader view" button)
Re: (Score:2)
Thankfully, most of us are not important enough to be on the radar of government spying efforts.
Re: (Score:2)
Even Whatsapp is better at that point, more noise to hide in.
obfuscation is not encryption, if its hard to interpret it doesn't make it impossible to interpret, since its only just an information processing problem and they record all the data
And that's different from Telegram how? (Score:1)
Re: (Score:2)
Signal uses Curve25519 & Kyber-1024.
Telegram uses RSA 2048.
So yes, Signal's is better.
It's borderline if it's too good to be true... (Score:1)
Use email as the backend (Score:3)
I'd like to see a messaging app that just uses email to carry the messages, and the messaging app as the user-facing front end.. Each user would then use their own choice of email address to carry the traffic. So the messaging would be exactly as secure as the user wanted it to be. They could use Gmail (if they just don't care), Protonmail, or self-host. PGP could encrypt the messages to provide some security even over compromised email.
Re: (Score:2)
Re: (Score:2)
https://delta.chat/en/ [delta.chat]
That messaging app has already existed for years, the hard part is convincing everybody else to use it.
Awesome, thanks for the link! A quick read of the FAQ makes it seem like just what I wanted (open source, flexible backend options). I'll definitely explore this further.
Re: (Score:1)
Definitely very promising. Thanks
Re: (Score:1)
Have been wondering if email would be more useful/useable if the front end was like whatsapp / telegram / IM and this seems to do just that.
Gmail doesn't work though saying its insecure app or such. Outlook.com email ID works fine. So
Comes pre-configured with its own email for those who don't want to connect their email to it.
Only problem as pointed out by OP is obviously how to get others to use it :)
"hell, capitalism, period" (Score:2)
Let's be honest here, this is a rant against capitalism, not just a specific brand of capitalism branded as "surveillance" capitalism (whatever that means).
Signal: just give us your phone number & trust (Score:2)