Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Communications

Signal is More Than Encrypted Messaging. It Wants to Prove Surveillance Capitalism Is Wrong (wired.com) 70

Slashdot reader echo123 shared a new article from Wired titled "Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong." ("On its 10th anniversary, Signal's president wants to remind you that the world's most secure communications platform is a nonprofit. It's free. It doesn't track you or serve you ads. It pays its engineers very well. And it's a go-to app for hundreds of millions of people.") Ten years ago, WIRED published a news story about how two little-known, slightly ramshackle encryption apps called RedPhone and TextSecure were merging to form something called Signal. Since that July in 2014, Signal has transformed from a cypherpunk curiosity — created by an anarchist coder, run by a scrappy team working in a single room in San Francisco, spread word-of-mouth by hackers competing for paranoia points — into a full-blown, mainstream, encrypted communications phenomenon... Billions more use Signal's encryption protocols integrated into platforms like WhatsApp...

But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.

Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...

Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."

Key quotes from the interview:
  • "Given that governments in the U.S. and elsewhere have not always been uncritical of encryption, a future where we have jurisdictional flexibility is something we're looking at."
  • "It's not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who's the gold standard for privacy? It's Signal."
  • "AI is a product of the mass surveillance business model in its current form. It is not a separate technological phenomenon."
  • "...alternative models have not received the capital they need, the support they need. And they've been swimming upstream against a business model that opposes their success. It's not for lack of ideas or possibilities. It's that we actually have to start taking seriously the shifts that are going to be required to do this thing — to build tech that rejects surveillance and centralized control — whose necessity is now obvious to everyone."

This discussion has been archived. No new comments can be posted.

Signal is More Than Encrypted Messaging. It Wants to Prove Surveillance Capitalism Is Wrong

Comments Filter:
  • by gweihir ( 88907 ) on Saturday September 07, 2024 @12:52PM (#64770642)

    And that is both from a human rights perspective _and_ from a purely utilitarian perspective. The second thing means it destroys the economy, long-term. The reason for that is that people will self-censor, not dare to think critically (hence debt of all kinds accumulates), have heightened stress and generally the smarter, the less well and welcome they will feel.

    Obviously, violating human rights is something only the worst of the worst do, so there is that as well.

    • The reason for that is that people will self-censor, not dare to think critically (hence debt of all kinds accumulates), have heightened stress and generally the smarter, the less well and welcome they will feel.

      This is, IMO, the biggest travesty, but it's not just surveillance capitalism doing it, it's also social media and cancel culture. Whittaker is really one to talk about all of this because people like her are the diving force behind self-censorship. And depending on your perspective, worse, people like her are the reason chatgpt thinks nuclear war is preferable to misgendering.

    • Well, if you can't exert enough force through buying law, the gun as needed, or simply driving people to ruin through economic means; what else is there? This is a symptom more than a cause.

      The problem with the Signal model is contracts are only as good as their enforcement (re- government). Even for the most unimpeachable, most pure; owners change, transparency is always going to be problematic, and NO transaction should require that level of trust (which ultimately translates into destroying the very thin

      • A common misconception about nonprofits is that they're not profitable. They can be and they definitely play into the capitalist system that the author of the summary seems to believe Signal doesn't. Though one thing you are missing is that the owners can't actually change, because by definition, a nonprofit has no owners. This is one of the odd things about ideologues on slashdot is they believe there's some kind of virtue or moral superiority of working for a co-op or a nonprofit. What they don't understa

        • Non profit is just a different set of business and accounting rules. I think they serve an important rule, but they do need to make profit

          • Not necessarily profit, just revenue. If they can't generate revenue in excess of their expenses, then they have to borrow. If they can't remain solvent, they liquidate.

            The stakeholders will want to profit somehow. Whether that's the employees who get paid, the customers who get their product, or the benefactors who get less tangible satisfaction in the case of Signal, somebody will want to get something out of it that they feel is in excess of what they feel they contributed. In other words, profit.

            • Nice redefinition of the normal definition of profit. If a company on the stock exchange says to its shareholders we covered our expenses but above that you get warm fuzzes then it would probably be sued.

              While non profits goal is to benefit society (in their opinion) and get pleasure from that. A for profit organization goal is to benefit the owners financially and the owners get pleasure from spending that money.

              Very few things people do are totally altruistic, however some people's motives are better than

              • Nice redefinition of the normal definition of profit. If a company on the stock exchange says to its shareholders we covered our expenses but above that you get warm fuzzes then it would probably be sued.

                Shareholders are owners. A nonprofit has no owners. Again, the stakeholders behind a nonprofit definitely can profit, but the business itself does not, it merely needs to be solvent.

                While non profits goal is to benefit society (in their opinion) and get pleasure from that.

                No, they just follow their mission. It might help to point out that some nonprofits are lobbyist thinktanks intended to sway political opinion in favor of some particular industry.

                A for profit organization goal is to benefit the owners financially and the owners get pleasure from spending that money.

                Just as in a nonprofit, there can definitely be more to it than that. Case in point, SpaceX. It's a for-profit just like any other, but if its only go

    • "The reason for that is that people will self-censor, not dare to think critically" This is already happening in YouTube's comment sections and videos, and other social media platforms enforced by shitty used for evil AI. The 'justification' for this from the companies was because they didn't want people's fee fees to get hurt, but now it's evolved into silencing anything that conflicts with the political narrative and censoring unpleasant historical facts. And there is nothing worth jack shit right now to
      • by gweihir ( 88907 )

        Yes, YouTube is a nice example of this crap. I have mostly stopped watching. There are 2 or 3 specialty creators I still watch occasionally, but the rest has simply gotten boring and even any "controversy" comes essentially from a list of approved topics.

        Incidentally, there never was a way to make the "general public" see any comments. It also was never worthwhile to try, as the general public is as dumb as bread. But it was always valuable to have a way to find those with a working mind and form communitie

      • by Sloppy ( 14984 )

        silencing anything that conflicts with the political narrative

        No, it's about serving their customers.

        If you don't like how some website moderates itself, just look at their ads and then you'll know with whom you have a disagreement.

        And there is nothing worth jack shit right now to replace them if you want the general public to actually see your commentary.

        Why would you expect the general public, using someone else's website, to see your commentary? Don't be a cheapskate. If you really want that, then buy a

        • "No, it's about serving their customers." How is this serving their customers? Yeah, they kowtowed to a small group of snowflakes who crumble at the sight of anytone who contradicts their world view, and another small group worried about bullying. But these were a tiny minority even when put together of their customer base,. Most people did and do NOT want this kind of censorship. Most people also are against this censorship, and the complaints about it far outweigh the support. It's also dangerous because
    • And yet, you are posting here on a "free" website that makes its money by selling your data to advertisers. So while it may seem like a bad idea, it's apparently not so bad that you refuse to engage in it.

      • by gweihir ( 88907 )

        And when there are all sensible answers, then one idiot has to come in and try to elevate himself with an AdHominem. Congratulations. Well done.

        • Interesting take. No, not an attack, just an observation. That observation being that while many people complain about lack of privacy, they don't really care enough to avoid websites that invade their privacy.

  • "...venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology." A corollary of this statement is that capitalism is not the only way forward for civilization.

  • by Rosco P. Coltrane ( 209368 ) on Saturday September 07, 2024 @12:54PM (#64770652)

    Everybody knows surveillance capitalism is wrong - all shades of wrong. And totally disgusting. And amoral. And dangerous.

    What they're trying to dismantle is the narrative of the monopolists who engage in surveillance capitalism: "We have to do it because there's no other way to make a buck in a world where everybody expects free products and services." - and nevermind that surveillance is conducted by devices that people pay beaucoup bucks for, like TVs and cars...

    But here's the strange thing: why do they even have to prove anything?

    Before surveillance capitalism, people paid for their software and their games. And it worked: entire industries sprang up from that simple business model. Hell, Microsoft itself grew to be a goddamn monopoly selling software licenses. Well, more like ramming them down people's throats really, but still: they sold stuff without resorting to putting anybody under surveillance.

    And before software, we had... you know, people selling things to other people without setting camp on their lawns and peering through the window 24/7 to sell others reports on their customer's habits at home as a form of payment.

    What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?

    • It's not "the world" that's something wrong with, it's the ideas/mindsets of "i want stuff for free" and "social media", both concepts come with unspoken costs in that largescale projects and long-term dedication has to be supported and funded by the users, or the providers will have to find *other* ways to be paid to pay for their time and expenses. The sort of capitalism we're caught up in is a fad that will go away in time (but again, not without leaving a debt to everyone of us).

      As for the article, it's

      • Nothing is truly free. As the concept Heinlein introduced: TANSTAAFL. Sure, you night not pay money for "free" cloud services like fecebook, but don't think for a second that you're trading nothing for it. It's not that you don't get anything in return either as you often here people say "wtf google is monetizing my data without giving me anything in return!", this is totally false, you certainly do get something in return. The mistake people make is not realizing that everything is only worth what you thin

        • I can't get Microsoft to stop trying to ram their free cloud service down my throat. Yes people get and want to keep their free social networks but who's fault is that these organizations offered them for free, and its much harder take something off someone than not give it to them in the first place.

          Its not that people mind a few ads in their social media however the tracking and advertising

    • by bobby ( 109046 )

      > What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?

      A slightly different perspective: I think it's more that we have a hyper-competitive world in most ways. If you try to maintain the good old days of business models, you'll go out of business. The mass buying public isn't always brilliant. They can be gullible and fickle, and like a literal herd, they'll follow the crowd. Sometimes it's partly due to "follow t

      • A big mechanism for the surveillance capitalism is of course cell phones and apps. I do almost nothing on a cell phone. I keep "location" turned off. Recently I noticed it was turned on. Did I tap it accidentally?

        Give grapheneos a try. I always leave location on, but only certain apps can have access to it, and only under certain conditions. That includes all of the Google apps, which it sandboxes, and I've denied all location access.

        There's only one app I've given location access at all times, which is tile, but I've removed its access to the network. That allows it to always keep track of where I last placed my stuff, but it can't send anything to the data broker company that now owns it.

        • by bobby ( 109046 )

          Wow, thank you. I wish I had more time for such things, but I will definitely look into it. Some years ago I was going to try Lineage and some others, but they weren't compatible with the phones I had. Cell network providers whittle away at older technologies, leaving me with only one phone that works. But I've been thinking about getting another one, so I'll correlate some available phones and GrapheneOS and see what I come up with. Thanks again!
           

        • by bobby ( 109046 )

          Looks like grapheneos only runs on google pixel things. someone near me is selling a compatible pixel phone for a good price. I might buy it and try grapheneos. Thanks again!

    • Let's say you're an advertiser and your ads are twice as responsive due to surveillance targeting, but they cost 2-3x more each than untargeted ones? The only people who ultimately benefit are the advertising networks because they can make more money from the same number of ads. There is, after all, a limit to how many ads consumers will put up with.

      John Wanamaker once said, “I am convinced that about one-half the money I spend for advertising is wasted, but I have never been able to decide which half

    • What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?

      Because the tech industry revolves around moving fast, innovation, and revolutions. If you do things the old fashioned way, you are ridiculed, even if it works. When I tell people that many of the applications I use are about 20 years old, they think I'm crazy, my workflow is probably massively insecure, I and need to update everything ASAP, even if they have no idea what I do.

      So, yeah, is your advertising revenue drying up and nobody is buying your data? Fear not! AI will change the way you do business

    • Everybody knows surveillance capitalism is wrong - all shades of wrong. And totally disgusting. And amoral. And dangerous.

      This of course isn't true. Some people don't think it is any of those things. Some don't think so because they are profiting from it, some don't think so because they don't think about it... That's how we got here!

      What the hell is wrong with this world where you have to prove a business model that has worked for literally the whole of humanity for millenia?

      Careful, a lot of harmful business models "worked" for humanity for many ages, like slavery. How do we know they worked? They got us here, right? Never mind that they weren't the most efficient way (let alone any of the other things they weren't like moral) but they were apparently successful! Wha

  • They need to piggy back on Tor or something like that, because something like this needs to have a peer to peer configuration where every app is a node. Actually all apps especially ones like WhatsApp, X, Telegram etc. should start having some peer to peer ability even if it's a small amount of traffic routing.

    • They need to piggy back on Tor or something like that, because something like this needs to have a peer to peer configuration where every app is a node.

      FYI, communications are peer to peer in Signal's protocol.

      • I meant they should all use Tor or an equivalent so they aren't just peering their own traffic.

        • I meant they should all use Tor or an equivalent so they aren't just peering their own traffic.

          But your suggestion would introduce the same risks associated with peering Tor traffic: Your IP address can potentially distribute someone's illegal content such as CSAM when all you really want to do is text and talk to your Significant Other in private. Signal's security works great just the way it is.

    • Why not let Tor be Tor and Signal be Signal?

      Signal does "direct" connection. Its specialty is not in obscuring message activity painfully, its in protecting message content painlessly.
    • by jonwil ( 467024 )

      https://jami.net/ [jami.net] seems like what you want. Its about as open as its possible to get, peer-to-peer through and through and probably as close as anyone has gotten to the ultimate messaging program when it comes to privacy and security.

  • just lol (Score:2, Insightful)

    Since all forms of capitalism are self-evidently wrong from first principles (self-interest never actually leads to interest in the common good, only corrupted products) this appears tautological, but hey, at least it's out there.
  • by Pinky's Brain ( 1158667 ) on Saturday September 07, 2024 @02:06PM (#64770740)

    How well Signal guards your privacy really depends on who you are defending it against.

    If you are trying to stay private from advertisers it's perfect. If you are trying to stay private from the US/Five-Eyes/Israeli governments, not so much. Centralized servers from US companies for timing/ip analysis combined with phonenumber registration exposes a lot, no matter the encryption and sealed sender.

    Even Whatsapp is better at that point, more noise to hide in.

    • Signal isnt pretending to obscure message activity tho. Its an instant messenger.

      An instant messenger that strongly obscures activity cannot exist. Its the "instant" part that will always allow surveillance technology to correlate sender with receiver.

      Signal is for protecting privileged communications. It is not for clandestine messaging.
      • It's far harder to have a bird's eye view of connections in a peer to peer overlay network than one with centralized servers.

        She was claiming it to be the gold standard for privacy.

      • by flink ( 18449 )

        An instant messenger that strongly obscures activity cannot exist. Its the "instant" part that will always allow surveillance technology to correlate sender with receiver

        You could make all the clients continuously send encrypted nonsense back and forth over a websocket to the server at a fixed bit rate. In addition have the client send messages via onion routing it through a dozen or so other random clients and you'd have a pretty difficult time telling whom is talking to whom.

        • it also wouldnt be instant

          stop trying to make believe that a good solution isnt a good one because it doesnt solve a different problem
    • by ffkom ( 3519199 )
      Every "messenger" that requires centralized servers to be used cannot be trusted. By using OMEMO via XMPP, for example using applications like "Conversations", one can use whatever server in whatever country one pleases, including self-hosted ones. Way more trustworthy than all the centralized services.
    • by AmiMoJo ( 196126 )

      It's suspicious that they don't allow federation or third party apps. The claim that it's a security issue is clearly bunk. Commercial email providers, even the free ones, allow third party clients and don't rely on the easily modified or spoofed official client for anti-spam etc.

    • Even Whatsapp is better at that point, more noise to hide in.

      It's really not.

      Whatsapp doesn't encrypt metadata.

      In Signal, metadata and messages are E2E encrypted. In Whatpsapp, Meta can read content of "abusive" messages.

      Signal uses quantum-resistant Kyber-1024 encapsulation; Whatsapp does not.

      Aside from all that, Whatsapp is closed source and hasn't had a public security audit. You don't really know what you're getting.

      • Signal can read content of messages if one of the participants wants to send it to them. A receiver will just need to jump an awful lot of hoops to prove it was actually from the sender, ie. modify the client to log the necessary data to prove it. Meta has conveniently build the logging necessary for a provable abuse report into their client. Not really relevant if the receiver doesn't send an abuse report.

        Whatsapp likely doesn't have sealed sender, but Signal still didn't fix the possible attack on sealed

    • If you are trying to stay private from the US/Five-Eyes/Israeli governments, not so much. Centralized servers from US companies for timing/ip analysis combined with phonenumber registration exposes a lot, no matter the encryption and sealed sender.

      Even Whatsapp is better at that point, more noise to hide in.

      Signal no longer requires a phone number. I'm not saying Signal is immune from Five Eyes snooping, but if you're suggesting Whatsapp, owned by Mark Zuckerbergs's advertising company, somehow offers better privacy than Signal, then you are either missing something, or a shill for Meta.

      • Yes, it absolutely requires a phonenumber. It can be hidden from your contacts, and PIN is time limited alternative, but the only reliable identifier to the server is your phonenumber. Registration lock lasts 7 days, your phonenumber forever.

        • Yes, it absolutely requires a phonenumber. It can be hidden from your contacts, and PIN is time limited alternative, but the only reliable identifier to the server is your phonenumber. Registration lock lasts 7 days, your phonenumber forever.

          Interesting, thanks for the info. So Signal DOES require a phone number, but this number is now hidden by default. Of course, Signal would release this number if requested by subpoena. It looks like one option is to use a payphone to do the initial authorisation part that requires a phone number: https://theintercept.com/2024/... [theintercept.com] (site requires a sign-up, I got around this by using Firefox's "reader view" button)

    • Thankfully, most of us are not important enough to be on the radar of government spying efforts.

    • Even Whatsapp is better at that point, more noise to hide in.

      obfuscation is not encryption, if its hard to interpret it doesn't make it impossible to interpret, since its only just an information processing problem and they record all the data

  • Or is this some sort of approved cool kid encryption?
  • It's borderline if it's too good to be true... I wonder about the long term stability of signal. I guess if it does disappear it does leave the protocol. However I would have wished for some means of integration between the signal compatible providers. (Perhaps it exists and I'm not aware?)
  • by BeaverCleaver ( 673164 ) on Sunday September 08, 2024 @05:11AM (#64771664)

    I'd like to see a messaging app that just uses email to carry the messages, and the messaging app as the user-facing front end.. Each user would then use their own choice of email address to carry the traffic. So the messaging would be exactly as secure as the user wanted it to be. They could use Gmail (if they just don't care), Protonmail, or self-host. PGP could encrypt the messages to provide some security even over compromised email.

    • https://delta.chat/en/ [delta.chat] That messaging app has already existed for years, the hard part is convincing everybody else to use it.
      • https://delta.chat/en/ [delta.chat]

        That messaging app has already existed for years, the hard part is convincing everybody else to use it.

        Awesome, thanks for the link! A quick read of the FAQ makes it seem like just what I wanted (open source, flexible backend options). I'll definitely explore this further.

      • Definitely very promising. Thanks

      • Have been wondering if email would be more useful/useable if the front end was like whatsapp / telegram / IM and this seems to do just that.

        Gmail doesn't work though saying its insecure app or such. Outlook.com email ID works fine. So

        Comes pre-configured with its own email for those who don't want to connect their email to it.

        Only problem as pointed out by OP is obviously how to get others to use it :)

  • Let's be honest here, this is a rant against capitalism, not just a specific brand of capitalism branded as "surveillance" capitalism (whatever that means).

  • Session, the Signal fork without a real-world tracking identifier, is a whole lot inherently better for privacy.

"You must have an IQ of at least half a million." -- Popeye

Working...