• 0 Posts
  • 5 Comments
Joined 2 years ago
Cake day: July 11th, 2023
  • Jason2357@lemmy.catoPrivacy@lemmy.mlWhy does Signal want a phone number to register if it's supposedly privacy first?
    1·
    10 hours ago

    At least in theory, this is mitigated. The signal activation server sees your phone number, yes. If you use Signal, the threat model doesn’t protect you from someone with privileged network or server access learning that you use Signal (just like someone with privileged network access can learn you use tor, or a vpn, etc).

    But the signal servers do not get to see the content of your group messages, nor the metadata about your groups and contacts. Sealed sender keeps that private: https://signal.org/blog/sealed-sender/

    You would obviously want to join those groups with a user Id rather than your phone number, or a malicious member could out you. It’s not the best truly anonymous chat platform, but protection from your specific threat model is thought through.

    edit: be sure to go to Settings > Privacy > Phone Number. By default anyone who already has your phone number can see you use signal (used for contact discovery, this makes sense to me for all typical uses of Signal), and in a separate setting, contacts and groups can see your phone number. You will absolutely want to un-check that one if you follow my suggestion above.

  • Jason2357@lemmy.catoPrivacy@lemmy.mlUK petition to ban harvesting of behavioural metadata for ads
    4·
    10 hours ago

    It’s insane that this is even needed. Show me ads for things relevant to the content of the web page and nothing else. If I’m reading about furnace filters, sure, show me an ad for buying furnace filters, I might buy from you, but don’t follow me around for 2 weeks shoving furnace filter ads in my face. If I’m not reading about them anymore, I’ve moved on.

    The added benefit of this approach for advertisers would be that you can literally embed the ads in the page, making ad-blockers ineffective. They literally chose the worst method for everyone involved.

  • Jason2357@lemmy.catoPrivacy@lemmy.mlMullvad or Proton VPN?
    1·
    2 days ago

    Entropy is calculated from the character set size to the exponent the length of the string: E = log2(R^L). A long string of numbers can have more entropy than a shorter alphanumeric string with special characters. I looked it up and apparently their account number is 16 digits. That’s 53 bits of entropy, which is not guessable. Someone brute forcing would have quadrillions of login attempts to try.