back to article Signal goes Gaussian to take privacy to the next level: All your faces don't belong to us

Amid nationwide protests over the death of George Floyd, secure comms biz Signal has deployed a blur tool in its messaging and calling app to allow users to obscure faces in app-captured snapshots. "At Signal, we support the people who have gone into the streets to make their voices heard," wrote co-founder and CEO Moxie …

  1. Aleph0
    Trollface

    Signal-produced face coverings?

    I'd like one that performed the CCTV equivalent of a SQL injection, in the style of the Laughing Man character from Ghost in the Shell Stand Alone Complex.

    I think it would be cool to remotely crash the computers trying to run a face-recognition routine on my mug...

  2. Mike Moyle Silver badge

    Hmmm...

    "Marlinspike said Signal also plans to distribute physical face coverings in the near future."

    QR codes that send you to a joke-a-day website?

    ...or a porn site? (Will face masks be the new advertising frontier?)

    Pre-printed dazzle camouflage?

    The possibilities seem endless.

  3. Anonymous Coward
    Anonymous Coward

    Fix the bugs first

    Marlinspike would be better off concentrating on the 500+ (Android) outstanding issues and working through the 100+ pull requests (fixes) that the (largely ignored) community have submitted.

    Its key functionality that does not work in Signal which is preventing a wider uptake of the Signal messaging app.

    1. Charlie Clark Silver badge

      Re: Fix the bugs first

      Yes, there are a lot of issues but they do seem to be processing the PRs reasonably. One of the challenges is, I think, making sure new features are available to all the different implemtations of Signal.

    2. Brian Morrison

      Re: Fix the bugs first

      If only Mr Marlinspike would also take notice of the vulnerability of centralised infrastructure too, he's stated quite clearly that he doesn't want to give up control of the server side stuff by migrating to distributed infrastructure. It may complicate things, but it would be more resilient and essentially immune to government action.

    3. DropBear

      Re: Fix the bugs first

      I dunno about others, but as far as I'm concerned the stupid requirement of having to identify yourself with your phone number is what prevents me from using Signal - that is entirely unacceptable. On the other hand, Session looks promising, and gets rid of the central server problem too...

      1. Mr. Flibble

        Re: Fix the bugs first

        Link for Session please :)

        1. Mr. Flibble

          Re: Fix the bugs first

          never mind... found it: https://getsession.org

        2. CountCadaver Bronze badge

          Re: Fix the bugs first

          try also Wickr (https://wickr.com/) they have free and paid versions.

  4. Neil Barnes Silver badge

    I'd use Signal a lot more than I do

    if only I could persuade more of my correspondents of the advantages of it... everyone wants to use WhatsApp 'cos it's encrypted, innit?'.

    1. Charlie Clark Silver badge

      Re: I'd use Signal a lot more than I do

      To be fair, WhatsApp does use Signal's encryption, for 1-to-1 chats at least. Because I don't use WhatsApp myself, I don't know about groups, which are harder to manage, if properly secure, or secure, if managed. But WhatsApp does leak metadata such as telephone numbers.

    2. CountCadaver Bronze badge

      Re: I'd use Signal a lot more than I do

      I use signal but also wickr.me

      Which seems to be wholly decentralised to the point they can't recover your password....signal has better usability albeit not as good security.

  5. Anonymous Coward
    Anonymous Coward

    So you can draw over an image

    And of course, this merits a press release and a full blown article, complete with the usual innuendo about (but no actual enforceable assurances of) "privacy".

  6. A-nonCoward
    Pirate

    question, my contacts

    If Signal is so much about privacy, how come people, some of which I haven't been in contact for months, and certainly not on Signal (that I installed recently), are showing up on my screen as "so and so is on Signal". How did Signal get that info? scary...

    1. Mr. Flibble

      Re: question, my contacts

      I think they hash the contacts phone numbers and just store that centrally.

      I was trying to find a link that explains it, but my search-fu is weak today :(

      1. Anonymous Coward
        Anonymous Coward

        Re: question, my contacts

        Let met explain in TL;DR fashion:

        Google Play + Twilio + AWS = Signal

        Those three companies + Quiet Riddle Ventures LLC (the company that pays the developers and presumably owns the IP) know you have this application installed and can observe or infer quite a lot about your usage. Run of the mill data mining gives a full profile on you and all your contacts.

        Try to find, in all of Quiet Riddle's publications any legally binding assurances of privacy and security. Post here if you do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020