yeah... a lot of ink has been spilled over there should be a Warrent requirement for the FBI but imo the data broker loophole is the bigger issue. NSA buys netflow data in bulk for petes sake.
Section 702 is expiring at the end of the month but whether or not it gets re-authorized by a bill called RISSA is likely going to the floor of the house NEXT WEEK. IF you care about privacy and surveillance, contact your house member and say you want real surveillance and fisa and 702 reform, and that they should only vote for RISSA if three good amendments from the judiciary committee pass, and three bad ammendments from the intellegence committee fail.
The good judiciary ammendments would: requiring fbi obtain a warrant before querying 702 data, close data broker loophole, prohibit restarting "abouts" collection. All good things.
Intel committee ammendments are really bad. expands the definition of Foreign Intelligence Information to include counternarcotics, Unnecessarily expands suspicionless vetting of immigrants, including people allready in in the United States, and Includes one of the biggest expansions of surveillance in recent history, or what Rep. Lofgren calls "Patriot Act 2.0," by expanding the categories of businesses that can be subject to a *gagged directive* under Section 702
This has been an incredibly annoying issue to track and mobilize around because things are moving quickly and behind the scenes but just raising the issue helps. Even if you think your house rep sucks on everything else, its worthwhile to reach out on this issue. Its hard to know where people stand when folks from trump-land and the squad are both calling for reform.
> Risky Biz (and really anything Patrick Gray touches) is awesome. Would recommend.
Patrick Gray is a good interviewer and news source but he is also a big booster of the American surveillance apparatus, and has spoken against such reasonable reforms as requiring the the FBI get a bloody warrant when it searches for Americans data in the 702 database (data that is collected specifically for foreign intel purposes and thus subject to less constitutional scrutiny). He recently defended the NSA's acquisition of netflow data because the NSA needs it to do its work. as if constitutional privacy rights should give way to a spy agencies priorities.
He is just way to trusting of these agencies abilities to police themselves. I swear his quote when they talked about nsa getting netflow data was something along the lines of "if people only knew how many meetings they had to have before they would understand". Those are both examples I am pulling from memory so don't take them as gospel. And of course, no source of news / commentary is unbiased.
I listen to and enjoy the risky buiz podcast. And institutional trust is a legitimate aspect of security, especially in infosec. I just wish he was more skeptical of western law enforcement and intelligence agencies (he is already more then skeptical of non-western law enforcement and intelligence agencies, which is fine, I just wish he did not give the five eyes countries a pass because we are "the good guys"). He recently interviewed people at NSA headquarters for petes sake.
I find it somewhat hilarious the way that he dismisses the possibility that it could have been a five eyes attack as it would be illegal and the five eyes guys are too good let their backdoors to be open to a replay attack.
and more "Please dont take away our post-9/11 powers (702), and not because we forgot how to do our jobs without them we actually do need them for realz!"
And the reason the spooks and their apologists on the HPSCI are so freaked out? because they don't want to have to go to a judge to get Americans data. They would rather secretly buy that data from data brokers.
This is a big deal. If you care about your privacy, its not enough to use good op-sec. You need to address the source of the problem: the governent is abusing its power, and it needs to stop doing that
This bill is an attempt to fix that. This bill is probably the best hope we currently have of enacting substantive reforms to Section 702, EO 12333, the data broker loophole, and a bevy of other surveillance issues. It even has a section on Cell Site simulators!
> The Act ends warrantless collection of business records, ensures that the government provides accurate information to the Foreign Intelligence Surveillance Court, and requires meaningful accountability for violations of the law.*
> [The bill] requiring warrants for surveillance of Americans’ location data, web browsing and search records, and by prohibiting the government from purchasing Americans’ data from data brokers.
This is probably going to be a bit of a mini rant, been thinking bout this for a while (10 years in fact).
> Although it is physically impossible for the single guard to observe all the inmates' cells at once, the fact that the inmates cannot know when they are being watched motivates them to act as though they are all being watched at all times. They are effectively compelled to self-regulation.
This is the fundamental idea of the Panopticon, and you see it baked into parts of the modern surveillance State as well. But outside of some workplace and carceral contexts i don't think its actually the direction we are headed. The spooks want the power to actually use the data surveillance gives them, they are not really interested in social control as far as I can tell. At least not yet.
True, most of the data hoovered up by the "Intelligence community" is almost never actually looked at with human eyes, but they are actively trying to work towards building a system whereby all that data is still analyzed and used, or quickly searched with just the right keywords.
The panopticon is useful for illustrating one of the many side dangers of surveillance (namely that it instills fear and stifles expression) but it does not cut to the core issue: Mass surveillance drastically upsets the power balance between the government and the governed.
China's social credit system is explicitly about being able to use surveillance technologies for social control. I suspect these approaches will only grow and mature in authoritarian states. In nominally free states like the US, this tech will also seep into society via private but essential industries like credit scores, access to rentals, etc., and then eventually by the government itself for things like passports, access to government aid, etc. This tech is just too tempting not to be used by the already powerful to become more powerful.
I really hope this eventually leads to a situation where an adversary cant forcibly de-link you from your signal account by taking control of your phone number or intercepting an sms.
Nope. "If Alice registers number X and enables reglock, but Bob later proves ownership of number X (by registering and completing the SMS code), then Alice will be unregistered."
IE, if somone intercepts the SMS code, even with reglock, you can forcibly de-register somone. This means if you use loose access to your phone number, you can easily loose access to your signal account.
They justify this by saying "The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life", but its way to easy for activists and dissidents to lose ownership (temperately or permanently) of phone numbers for the phone number system to be the backbone identity system for a secure messaging platform
For a lot of people, signal is not simply a User-User "texting" type application, but much more akin to slack or discord or matrix.
Many, Many reporters put their signal number in twitter bio seeking tips. Many activists (including me) use signal group chats to organize volenteers and staff, and publicly share room links. In other words, we have to either share our number publicly or buy a burner phone number if we want people to interact with us on signal.
Makes sense, definitely if anonymity from conversation partners is desired then I can see how Signal's model falls short of your needs. I've also used Signal in the past for activist group chats, but in those cases my primary risk vector has been having messages read by someone outside of the group, people typically join those after being referred by someone they met face-to-face. I suppose there's always the risk of a wrecker slipping in, and having more layers of anonymity could reduce that downside risk. Hopefully this username approach is able to address your needs better! I really like the tool so would be stoked to see it cover additional use cases.
Presumably if they introduced usernames they would also allow you to hide your number in a chat?
edit: I think I misunderstood you. Yes, it is the case that everyone in the chat has access to everyone else's ID, however in my use-cases group members have already been vetted before joining the group, I don't participate in publicly accessible Signal chats or use it to communicate with true strangers.
Absolutely, not to mention if you ever switch numbers you have to change the signal information. For me, its fine for verification, but I want an identifier I ever have to change.
My friends on Signal do, but I have no idea how widespread it is across their whole userbase. It's not as in-your-face as Instagram, which is actually kind of nice, but like it's being said - signal is social media. you can choose to not use that feature but that's on you. To look at you and your friend group and extrapolate from there is not science, or data driven. the plural of anecdote is not data.
It's like saying no one uses Facebook or Google anymore. That's true for certain bubbles, and it's hard to know when you're in one, but, say least for those two,
it's not too hard to look outside your bubble.
Now the cryptocurrency integration, that one I do wonder about. (Since my friend group doesn't use it and I'm extrapolating :) ).
I disabled that feature as soon as it appeared (the less I use a messaging app, the best it is) and forgot about it.
Your comment makes me curious: I do really wonder how this feature is used. Signal announced it was really something users were looking for. I wonder if it was a weak attempt at convincing the Instagram crowd or if it is really popular with some population.
In the end, I’m still angry that they removed SMS support. That was really useful to have only one messaging app on my phone.
My friend group uses Signal for cross-platform group texting and the stories feature is super popular. Great for putting up non-intrusive pet pics or memes. IDK the rationale for introducing it, but I do think it's a fun feature that makes it feel more like a WhatsApp/social messaging replacement, rather than just something people download to coordinate protests or sell drugs.
Thanks for this comment. It makes me understand better how it could be used (never saw the need myself, even when I was on Whatsapp. I probably too old)
> Your comment makes me curious: I do really wonder how this feature is used.
This is why I don't begrudge sending telemetry for how I'm using software. As a developer myself, I really want to know if the code I'm writing is at all appreciated or if I'm just coding into the void, so I'm happy to send stats on how some one else's software is getting used.
I'm not sure where you're reading anger. the question was written in such a way that indicates that your cohort doesn't use the feature. I was merely indicating that it is foolish to look at your cohort and extrapolate to the rest of the population unless you've got outside data.
