Date: 2016-05-16 12:49 am (UTC)
From: (Anonymous)
"For people who have a *significant* need to operate out of the snooping ability of Google, then Signal is not an option: it relies on a friendly Google."

I don't think that it does. Signal has never been touted to thwart a adversary that's dedicated to the task of performing traffic analysis. I mean, it used to use _SMS_ to transport the cyphertext of encrypted messages. SMS! You know, that data transport mechanism that the NSA is reported to regard as "just metadata" that falls under the "business records" section of the third-party doctrine, can be retained forever, and can be sent off to Law Enforcement just because they ask nicely.

The only _official_ claim I've seen made about Signal that it protects the _contents_ of your messages from adversaries that don't have root on either or both of the conversing party's computers. This means that Signal protects you just as well from Google as it does from the NSA.

Really, if you don't trust Google enough to send securely encrypted messages through their data routing service, then why do you trust them enough to use an OS that they authored? The author of your OS has root on the computer that runs it. This is a fact. Therefore, if you don't trust the author of your OS you cannot trust the machine it runs on.

"Unsure who is paying his bills: Twitter, I think."

Twitter acquired Whisper Systems and made Marlinspike its head of cybersecurity in 2011. Marlinspike left Twitter in 2013 to found Open Whisper Systems. While it's _entirely_ possible that his small fortune made from the Twitter acquisition and paycheck from the Twitter job are still paying the bills, it's more likely that the Wikipedia article is correct and that OWS is funded by grants and donations:
Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags