“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”

This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍

  • Art35ian@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    1 year ago

    Question: in 2019 Australia passed an encryption law that requires every piece of software used in Australia to have a back door for law enforcement to access to ‘counter terrorism’, wank, wank.

    Does Signal have back door access in Australia?

    • Sharp312@lemmy.one
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      Simply put, no. The signal protocol as well as the app is open source. Although I imagine signal would not be on the Australian app store for lack of compliance, which is why you can download the app directly from their website. WhatsApp actually uses the signal protocol, but they close sourced it so there’s no way to tell if FB put a backdoor into it

    • pallas@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I think you’re referring to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, also described in this Verge article.

      My understanding is that this doesn’t actually require a backdoor be pre-built. It does require that, upon notice, a company or individual provide access to encrypted data (eg, via a backdoor) or assist in obtaining that access in some way, up to introducing a backdoor into their own software or compromising it. There is however a “systemic weakness” limitation, such that no one should be required to introduce a somewhat vaguely defined “systemic weakness” in their software in order to comply with demands. There’s also no requirement that a backdoor be added before requests.

      I expect that this means Signal would just stop offering software in Australia if they received a request, or make an argument about systemic weakness, though what Australia would likely ask for would be targeted replacement of the app with a signed but malicious version, to avoid that argument. There is also a question of enforceability against foreign companies: Australia is not the US, with the ability to extradite people who have no real connection to them, so Signal could quite possibly just ignore the Australian law.

      If I recall correctly, the law also applies to individuals, and could compel them to maliciously act against other organizations; I remember there being the argument that the law meant that security-minded companies and projects should not allow Australians to contribute to their software at all.

      • Art35ian@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It’s a running joke amongst us Aussies to visitors, man… Don’t ask what you can’t do in Australia, ask what you can. It’s an easier list to explain.

        And they passed that bullshit encryption law over Christmas/NY 2018, by the way, when none of us were paying attention. We came back to work on January 2 and it was signed into law.

        Personally, I thought it was our Government’s most sneaky and disgusting moment.

    • thegreenguy@kbin.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Do they require to have a backdoor into the actual app (on your phone) or into the servers.

      I’m not sure how data is stored locally (probably encrypted tho), but some time ago the FBI demanded Signal to give them all of the data they had on a specific account. All they were able to get was the phone number of said account and the account creation date.