Because it’s a significant inconvenience to disable those notifications over the very unlikely possibility that some bad actor will hoover that data up, much less do something nefarious with it.
I realize now that I misunderstood the objection, I thought you were saying that using signal was an unreasonable level of paranoia, but I can totally see why turning off notifications seems that way.
Honestly I don’t care if the government knows who’s all going to the party. Someone’s gonna post pictures of it anyhow. My garbage data is just more stuff for them to sort through.
And I’m not gonna bother missing out on everything out of fear that the government will do what exactly with my data? The risk is so low for your average person.
I realize now that I misunderstood the objection, I thought you were saying that using signal was an unreasonable level of paranoia, but I can totally see why turning off notifications seems that way.
You say that, but what if one of them had a friend who is a communist? Could make for some awkward conversation with the authorities at some undisclosed location in the future.
The US government is forcing Google and Apple to share push notification data with them. Even if the content is not sent, the metadata alone can let them know who you are talking to and when using metadata correlation.
Signal push notifications don’t contain any useful plain text data (no content, no information about who sent you a message). AFAIK the only thing you would be leaking is that you received a message on signal, and frankly that metadata is probably going to be leaked to the US government regardless of your use of push notifications.
They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon’s servers to see you’re connecting specifically to Signal
AWS is not a black box from the outside. The signal servers will have their own external IP addresses that you will connect with, your ISP could keep track of those connections. Furthermore, if you are worried that the government is using your ISP to spy, what makes you think that AWS wouldn’t be subject to that as well? Signal is absolutely a target in this respect too.
Of course you can do various things to potentially hide your connection to signal, for instance by using tor, but in some sense there’s no guarantee if you don’t trust anything external to you. I’m personally not too worried about the “this person uses signal” metadata, though.
There’s not enough unique IP addresses to distinguish Signal servers, if you don’t explicitly set up static IP addresses you’re going to share an IP pool
With notifications turned off
Seriously. Who wants to know when people are talking to them? GO AWAY, PEOPLE. GOSH.
Honestly for most people this is a crazy level of paranoia. The US government can know the metadata of my friends birthday party organization group.
But why?
Because it’s a significant inconvenience to disable those notifications over the very unlikely possibility that some bad actor will hoover that data up, much less do something nefarious with it.
Ah, fair enough.
I realize now that I misunderstood the objection, I thought you were saying that using signal was an unreasonable level of paranoia, but I can totally see why turning off notifications seems that way.
Honestly I don’t care if the government knows who’s all going to the party. Someone’s gonna post pictures of it anyhow. My garbage data is just more stuff for them to sort through.
And I’m not gonna bother missing out on everything out of fear that the government will do what exactly with my data? The risk is so low for your average person.
I realize now that I misunderstood the objection, I thought you were saying that using signal was an unreasonable level of paranoia, but I can totally see why turning off notifications seems that way.
You say that, but what if one of them had a friend who is a communist? Could make for some awkward conversation with the authorities at some undisclosed location in the future.
Why?
https://www.macrumors.com/2023/12/06/apple-governments-surveil-push-notifications/
The US government is forcing Google and Apple to share push notification data with them. Even if the content is not sent, the metadata alone can let them know who you are talking to and when using metadata correlation.
Signal push notifications don’t contain any useful plain text data (no content, no information about who sent you a message). AFAIK the only thing you would be leaking is that you received a message on signal, and frankly that metadata is probably going to be leaked to the US government regardless of your use of push notifications.
How?
Because your ISP and cell phone provider can tell you’re connecting to signal.
They can tell you connect to AWS when the Signal app fetches messages after a notification, they need to be able to peek into Amazon’s servers to see you’re connecting specifically to Signal
AWS is not a black box from the outside. The signal servers will have their own external IP addresses that you will connect with, your ISP could keep track of those connections. Furthermore, if you are worried that the government is using your ISP to spy, what makes you think that AWS wouldn’t be subject to that as well? Signal is absolutely a target in this respect too.
Of course you can do various things to potentially hide your connection to signal, for instance by using tor, but in some sense there’s no guarantee if you don’t trust anything external to you. I’m personally not too worried about the “this person uses signal” metadata, though.
There’s not enough unique IP addresses to distinguish Signal servers, if you don’t explicitly set up static IP addresses you’re going to share an IP pool
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html#aws-ip-download
Sure they could tap into AWS (but it would be even easier to try to get data from Google Play Store on who has it installed).
Signal has native support for proxying via Tor in that case.
it’s not the content in the noti, it’s where your phone was connected when it received it
They get that from the carrier already
I mean… if you need to be worried about that, you really shouldn’t have a phone on you.