Side channel when using Signal on Android?

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

P

pmikep

Guest
I have removed my content
 
Last edited by a moderator:
I understand your worry, but I'd also suggest you're also being pretty paranoid. If you don't trust Google, you should not use Android. If you don't trust Microsoft you should not use Windows. Etc. Perhaps you'd like to try the PinePhone which runs your choice of OS, many of which are Linux based.
 
  • Like
Reactions: rfrazier
So I dropped WA a while ago and switched to Signal Messenger. On the assumption that Signal is secure (but they sure have a lot of updates), I wonder if the Android OS itself can leak info about what one is messaging?
In a word... YES, Absolutely! NO USE of a smartphone is actually secure and private. It's a nice illusion, but it's only that. Assuming that the encryption was implemented correctly, the encrypted channel itself cannOT be decrypted by anyone without the key. So it does robustly protect the conversation from eavesdropping by someone sniffing its traffic en-route.

But, who knows who else may have the key? And the unencrypted data going into the encrypted channel or emerging after decrypted is entirely exposed.

Security and privacy is an illusion. It's comforting. But I'm certain that all of this worry over encryption just makes the CIA and NSA chuckle.

I've said on the podcast many times that if you want to have a private conversation with someone you trust, go out into the middle of an empty field with a thick blanket. Leave your Smartphones in your cars and bring NO technology with you. Then huddle underneath the thick blanket and whisper into each other's ear.

I'm not paranoid, I don't do that. But neither do I have any need for truly secret and private conversations. But most people who use these encrypted systems are under the impression that their conversations are private. When, in fact, they are only being protected from a very specific — and not very relevant — threat actor.
 
I have removed my content
 
Last edited by a moderator:
I have removed my content
 
Last edited by a moderator:
satellite images of our house
Yes, all true, but satellite tracking is VERY expensive because it's a physical satellite with a very expensive camera and limited propellant. Accordingly, there are only a set number of them to use, and unless you are a VERY interesting target, you're not going to end up tracked in anything close to real time. The satellites that Google rents for satellite imaging for their Maps product are on a fixed schedule, and presumably take pictures all the time, and Google is able to select which pictures it wants to buy, probably months or years (to get a good price) after they were taken.
 
...and Google's satellite images aren't state-of-the-art. They can't read the text on a card you're holding, for example, or see melanoma spots on your scalp. But (the ones that can) are 'top-secret.'
 
Last edited:
I have removed my content
 
Last edited by a moderator:
@Steve mentioned that the messengers are typically secure down to either the device sending the message being compromised and/or the device receiving the message being compromised - that is where the plain text is.

There is also one other way that the chat might be compromised, perhaps? Is it possible for example for WhatsApp or any other closed source client having a silent, non-displayed participant in the chat which would then allow them to eavesdrop on the conversation?

Not that my chats are anything interesting to snoop on as I mostly chat to my wife :)
 
I have removed my content
 
Last edited by a moderator:
deleted files aren't really deleted?
Flash memory has spares. It will never be possible to blank all the spares without a tool from the manufactured to accomplish this specific goal. In theory the contents of the flash is encrypted by modern Android OS versions. That sounds better than it is because if they "capture" the phone powered on after ever having the password input once, it remains in memory and can be captured. (It HAS to be this way without specific hardware in the phone to store the password for the flash and manage it, and as we well know Android targets highest capability for the lowest cost, and not security that doesn't fit within the budget.) The long and short of it is that government has enough money if they want to read that memory, they would find a way. (And also they get to lock you in jail until you provide the password/access, and few people are that principled to resist such pressure, unless the contents of the phone would already result in them being locked in jail for life.)
 
I have removed my content
 
Last edited by a moderator:
The metadata is often more useful than the actual message content. You will be tracked, if a person of interest, either in real time, or via stored info from cellular providers after the fact, and thus your meetings will be all tracked. No need to get the keys to the conversations, it is easier for the three letter agencies to just ask for the information. not many people will still be quiet after a few minutes of the rubber hose method, or the more intense versions, and you will get a free, all expenses paid, trip to a sunny tropical island, with a room, full board and water provided, at no cost to you.