This is where I type words about big calculators and digital harm-reduction.

Securi-Tea: Signal

Published on 11 Jan 2021

A Lust-Letter to the 4th amendment…

rebel_yell

Ya know…

Maybe it’s my middle-class-liberal-white-guilt…

Maybe it’s watching the US devolve into a store-brand Orwellian nightmare…

But it just seems like right now is a great time to start jotting down some of my digital street smarts for others.

Defense in Depth:

The term Defense in Depth will be a reoccurring theme in many of these brain dumps.

Defense in Depth is a more succinct way to say: “Don’t put all your eggs in one basket.” The goal isn’t to be the single most secure user on the internet. The goal is to not be the lowest hanging fruit. Why would hackers waste time and resources on your security when the next person on the list is probably using password for all their banking info?

Finding the perfect balance between Usability & Security is something only you, Dear Reader, can determine for yourself.

Your phone is your castle.

All these exhilarating security measures will be for nothing if you don’t have decent device security. (Details on this in a separate post. Soon™.)

It’s a safe assumption that SOMEONE you message with will not take security very seriously, and have a more relaxed stance on access controls. As a result - using other security features (like Self-Destructing messages) are vital.

If you or your contacts are compromised - these features are what will keep all your tasteful nudez away from prying eyes.

If it’s good enough for Edward Snowden - it’s good enough for the average rabble.

signal

My 4-Layer Bean Dip for safe comms.

End-to-End Encryption. ¹
Verifiable Trust. ²
Zero Knowledge. ³
Open Source. ⁴

Signal to Noise Ratio…

Signal isn’t just a messaging application, it’s an open protocol that’s used by other encrypted messengers like whatsapp. However, whatsapp is owned by Facebook, and it’s painfully obvious why you don’t want The Zuck to be in control of your communication.

Other apps like Telegram are fine enough for most use cases, however Telegram’s backend hasn’t been evaluated to the extent that Signal has been. So there maybe security vulnerabilities being exploited that aren’t known yet. This could get better with time, but life is vexing enough as it is and I’m not interested in hypotheticals. Telegram also has less secure defaults - and most people deviate from an app’s default settings. But Telegram beats “No Encryption.” I’m not your boss. Do what feels good.

You can read about what happens when Signal is required to hand over user data to the US Government in this article which shows how Signal protects your privacy.

Spoiler Alert - Signal hands over all the info they have – which is nothing. Because that’s all the info they allow themselves to have.

Messages/Content are encrypted on your device before it’s ever transmitted. This way, even if some riff-raff were able to see your messages, it would only reveal garbage machine code. ↩
You’re able to confirm the ID of the other party’s device (usually from a unique signature.) Think of it as a safeword but more math and less fun. ↩
The communication platform is unable to view message contents, or breach user data, even if ~~Uncle Sam~~ they wanted to. ↩
The code is made available for you to view, test, and modify. Signal Source. ↩