Law enforcement doesn’t request data frequently enough in order to build a social graph. Also they probably don’t need to as Google and Apple likely have your contacts.
They don't need to request data. They have first-class access to the data themselves. Snowden informed us of this over a decade ago.
Saying that it is somehow a tool for mass surveillance is frankly wrong.
Signal per se is not the mass surveillance tool. Its dependence on Google is the mass surveillance tool.
However, phone numbers are great for ease of use and help prevent spam.
And there's nothing wrong with allowing that ease-of-use flow for users that don't need anonymity. The problem is disallowing anonymous users.
Strictly speaking, you can download it directly from their website, but IIRC, the build will still default to trying to use Google Play Services, and only fall back to a different service if Google Play Services is not on the device. Signal really, really wants to give Google insight into who is messaging who.
Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.
This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.
Strictly speaking, the social graph harvesting portion would be under the Google umbrella, as, IIRC, Signal relies on Google Play Services for delivering messages to recipients. Signal's sealed sender and "allow sealed sender from anyone" options go part way to addressing this problem, but last I checked, neither of those options are enabled by default.
However, sealed sender on its own isn't helpful for preventing build-up of social graphs. Under normal circumstances, Google Play Services knows the IP address of the sending and receiving device, regardless of whether or not sealed sender is enabled. And we already know, thanks to Snowden, that the feds have been vacuuming up all of Google's data for over a decade now. Under normal circumstances, Google/the feds/the NSA can make very educated guesses about who is talking to who.
In order to avoid a build-up of social graphs, you need both the sealed sender feature and an anonymity overlay network, to make the IP addresses gathered not be tied back to the endpoints. You can do this. There is the Orbot app for Android which you can install, and have it route Signal app traffic through the Tor network, meaning that Google Play Services will see a sealed sender envelope emanating from the Tor Network, and have no (easy) way of linking that envelope back to a particular sender device.
Under this regime, the most Google/the feds/the NSA can accumulate is that different users receive messages from unknown people at particular times (and if you're willing to sacrifice low latency with something like the I2P network, then even the particular times go away). If Signal were to go all in on having client-side spam protection, then that too would add a layer of plausible deniability to recipients; any particular message received could well be spam. Hell, spam practically becomes a feature of the network at that point, muddying the social graph waters further.
That Signal has
Not made sealed sender and "allow sealed sender from anyone" the default, and
Not incorporated anonymizing overlay routing via tor (or some other network like I2P) into the app itself, and
Is still in operation in the heart of the U.S. empire
tells me that the Feds/the NSA are content with the current status quo. They get to know the vast, vast majority of who is talking (privately) to who, in practically real time, along with copious details on the endpoint devices, should they deem tailored access operations/TAO a necessary addition to their surveillance to fully compromise the endpoints and get message info as well as metadata. And the handful of people that jump through the hoops of
Enabling sealed sender
Enabling "allow sealed sender from anyone"
Routing app traffic over an anonymizing overlay network (and ideally having their recipients also do so)
can instead be marked for more intensive human intelligence operations as needed.
Finally, the requirement of a phone number makes the Fed's/the NSA's job much easier for getting an initial "fix" on recipients that they catch via attempts to surveil the anonymizing overlay network (as we know the NSA tries to). If they get even one envelope, they know which phone company to go knocking on to get info on where that number is, who it belongs to, etc.
This too can be subverted by getting burner SIMs, but that is a difficult task. A task that could be obviated if Signal instead allowed anonymous sign-ups to its network.
That Signal has pushed back hard on every attempt to remove the need for a phone number tells me that they have already been told by the Feds/the NSA that that is a red line, and that, should they drop that requirement, Signal's days of being a cushy non-profit for petite bourgeois San Francisco cypherpunks would quickly come to an end.
one of the reasons the Signal app can’t be put unaltered on F-droid is because it loads in external dependencies from Google at run-time
IIRC, the APK you get directly from their website doesn't have the GCM bits in it (edit: I did not recall correctly; the GCM bits are there, but there is a websocket fallback if GCM isn't available), and will work without them. At least, I didn't have any issues with notifications back when I was running the website APK with GrapheneOS and no Google bits.
You won't see this, but... the Lemmy devs are Marxists, not right-wingers. Lemmygrad is definitely Marxist (Leninist). Lemmy.ml is left-wingers of all types.
Idaho Department of Correction director Josh Tewalt determined the execution could not happen because the medical team could not establish an IV line.
Using language like "the medical team" is disingenuous. Actual healthcare professionals would be violating their oaths if they were to participate in lethal injections like this. Sometimes states can find healthcare professionals willing to take on the job despite their oaths, but typically, it's corrections officers that get tasked with trying to cosplay as healthcare professionals in these scenarios.
Our local PSL chapter used a private Nextcloud instance for most organizing efforts. For what it's worth, PSL national did start up an IT security protocol that chapters were supposed to be moving towards, with detailed guides for setting up various online infrastructure in a secure way. Out of all the socialist orgs I've been a member of, the PSL has ultimately been the one most interested in tightening digital security. DSA is Google Docs central (and Slack). SRA is Discord all the way down.
It looks like a summary ("Insight") of the same paper:
This Insight is based on a study that seeks to address this gap, offering a comprehensive examination of a left-wing extremist community on Reddit known as ‘tankies’.
STAR Voting fails the Later-No-Harm criterion, which makes it a no-go for me. Any voting system that can have lesser ranked candidates siphoning off support from higher ranked candidates is, for me at least, a fundamentally broken system that ultimately just reverts to FPTP when people start bullet voting to avoid that flaw.
AGPL doesn’t apply when you are accessing the server over a public API.
The AGPL does apply when interacting with the covered work (Lemmy server) over a network. A proprietary client would still nevertheless be required, upon request, to furnish you with the source code of the covered work it is talking to over the network (the Lemmy server).
They don't need to request data. They have first-class access to the data themselves. Snowden informed us of this over a decade ago.
Signal per se is not the mass surveillance tool. Its dependence on Google is the mass surveillance tool.
And there's nothing wrong with allowing that ease-of-use flow for users that don't need anonymity. The problem is disallowing anonymous users.