Signal Piracy group
signal.group
I saw some threads here about Telegram and piracy stuff being banned. So, as an experimental alternative, I created a public Signal group for piracy.
Maybe it'll be useful?
Before joining
Signal supports usernames and hiding telephone numbers. Here's a blog entry on how to do so. You might want to:
- set a username
- change your profile name (these are two separate things!)
- hide your phone number
You might try a Matrix group instead. Doesn’t require a phone number and supports more than 1000 users unlike Signal. Search is bad though unfortunately.
Why not use SimpleX Chat? If you use Matrix for that you will likely get reported and get banned
Go ahead and create the group then make a post. Nobody's holding you back my friend.
Some suggest matrix, others simplex. Not sure which one would be better honestly
Signal no longer require a phone number.
It still requires a phone number to sign up, but you don't need to share it to chat with someone
Oh good to know, I was mistaken then..
What is even the point of "piracy groups"? What exactly can you find there that you cannot in other places designed for that, e.g., trackers, usenet, forums...?
It's like having a discord 'server'. Nothing gets actually talked about, noteworthy stuffs are hidden beyond layers of clunky mobile UI and everyone's phone numbers are leaked in the process.
I don't know this group but I am on a telegram group that shares movies produced in my country of origin. It's quite niche, I never saw any tracker that does the same. I doubt it for usenet but never looked into it. Anyway, my point is that some layman uploaders use whatever is at hand and not necessarily have much preparation or technically involved solutions...
Good idea overall, unfortunately they still have your IP and phone number which means Europeans are still implicated
Signal doesn't collect IPs and therefore can't even hand them out. It's been requested in 2021. Here's a list of requests from authorities they were allowed to publish. I've looked through 3 of the most recent and nowhere do they reveal IPs.
Sure they don't log the IPs, but it is technically impossible to not know the IP when you're running a centralized service.
What are the "popular" alternatives? Telegram stores everything, WhatsApp doesn't allow usernames, Matrix requires IPs too...
SimpleX
TBH I would just use email over TOR and encrypt communication with PGP. Rotate identities every now and then and you should be fine. Yes it doesn't have forward secrecy but it removes the effort to find the "right messaging" service and is instead ubiquitous (and you can sign up for anonymous email addresses online too, which makes it even better).
Session?
The phone number is not connected to the messages. That’s the only thing they have. It is the best app for privacy.
Arguable in it being "the best app for privacy". Can you link to a source which shows that phone numbers are not linked to accounts? (Why do they need them anyway?)
They have published requests from the law enforcement and their responses to these requests. The only unencrypted data they have is the phone number, a date of sign up and a date of the last login. That is it, everything else is encrypted and they cannot access it whatsoever.
The problem is, if you're in Europe, your phone number is associated with your identity
No you don't.
I can go to the corner shop/local garage right now, buy a SIM card for 99p and then buy a top-up voucher in cash to have a completely anonymous phone number.
Albeit is the UK in Europe again? 🙈
edit: where I would be worried if my privacy was on the line is I could also go to the local pawn shop / Cash Converters to ensure that SIM card isn't associated with an IMEI I've previously used and buy in cash a cheapo phone.
Same in a few other European countries. I'm doing it right now with a few SIMs. You can also go on holiday to another country, get a few temporary SIMs there for a few quid and fly back home with the "contraband". Really not hard.
Aye, I've seen this misconception before and suspect it's specific countries in the European continent where you have to register.
The last time I bought a SIM in the UK I was told specifically I could not buy it with cash.
I don't know if you're in the UK right now but I can tell you right now that I can go round the corner and buy a SIM card in cash plus a top-up voucher, from someone like this guy
https://www.coregroup.co.uk/assets/img/cards/independent-retail-sim-distribution.jpg
But, again, all they can prove is that you signed up to Signal and when you last signed in.
So what? The law enforcement knows you have an account and knows the sign up date and last login. That doesn’t affect your privacy whatsoever. Besides, Europe isn’t a monolith. You can absolutely buy and use a SIM card without disclosing your name in some countries.
Exactly. Signal is private, not anonymous
I believe the same is true in the US.
It is not. You do not show any ID to get a phone number
You also don't need to show any ID for a business to meet "know-your-customer" regulations. Can you get a phone number without revealing your identity?
That depends on your OPSEC
Isn't the same true in the EU, then?
Only if you don't have to show your ID to get a number
That depends on your OPSEC.
Sometimes, but that's it. Authorities and signal itself can only say "this number has account with us since $signupDate and used it last on $usageDate". Signal can't say "we know $number is talking to $otherNumber" nor can they say "$number is in $group talking to $users".
SimpleX all the way
Is there a simplex group we can join?
Right
Will a simplex group better? Nothing identifiable.
Make it and share it. I don't have simplex.
Tracker Control is blocking me from joining. Weird that Molly (its a hardened signal fork) is showing amazon is being contacted when trying to join the group.
I can unblock it but its weird. I also noticed the other domains its been trying to (unsuccessfully) contact.
Signal uses AWS.
Only for groups? Why thing else has worked fine for the 9months I've had signal.
I think signal servers may be using aws hosting.
Signal uses Amazon's servers, look it up. It's all encrypted of course.
Yes, let's talk piracy behind some stupid walled garden. As if public conversations are not fragmented enough as it is
Signal is a walled garden?
how is it not?
it's a shitty service, by a shitty person. I know Moxie personally, and he is basically Elon Musk if he didn't make it
I thought signing up for Signal required a phone number and phone app -- and all phones have IMEI besides many other nightmare anti-features.
For the normies it's fine but tbh I'm not sure it's as advertised.
What ever happened to that odd old app called tox?
Honestly I could see a version of DeltaChat + GPG make some gains in popularity but I would argue the email relay servers and spam lists are rigged for max surveillance.
Are we at the point where tech from 20 years ago may be the way lmao.
XMPP, IRC, ICQ /s
Matrix is probably the best bet but some of their apps and clients seem like dogshit. And I am saying that as someone who uses them daily. And the whole "server" thing is a PITA, or it used to be at least.
I guess we'll just have to use carrier pidgin and cypherto encrypt the cat gifs /s
Carrier Pidgin. Lol. Made me chuckle!
Yeah, for me personally I'm sticking to simplex. I can get an anonymous sim card, but none of the people I'd be talking to would do that. I don't want this relationship/network map out there at all if I can avoid it.
What makes you think Signal is maintaining relationship maps, and secondly, even if it is, is there any evidence they're included in LEO subpoenas?
They pinky promise they don't maintain these relationships. Maybe even they really don't. But they have the ability to, if they were to change their mind, and that's the problem.
Use secure protocols which don't give anyone that ability.
Which ones do you suggest?
XMPP. Simplex.
Feel free to create the chat rooms and share them as a post :)
There is no evidence. safety is about staying multiple steps ahead and risk mitigation when possible.
Centralized servers are a single point of failure that could be compromised in the future.
My contact's devices they use signal on are insecure and could be easily compromised in the future.
SMS/Cell network in general are insecure as hell and I avoid it as much as possible.
Why would I expose all that sensitive data when there's literally no need to? Simplex works great for me.
Then create a simplex group and invite everybody there.
The problem is Signal supports up to 1000 people group chat, so it's better to find something different
I can barely handle chat groups with 100 ppl.
Matrix?
How big were the telegram chat rooms? Did they ever get that big? The only chatroom I've seen with over 1k people is on matrix and it was relatively quiet. If there's a 1k limit, probably the admin will have to kick inactive users.
Anti Commercial-AI license
Way bigger. You could have many thousands.
What the fuck? I've never seen a chatroom that big. Must be absolute chaos...
Or are those "just" distribution channels aka admin only posts?
Anti Commercial-AI license
Thoose given are distrubution channels, but there are group chats like t.me/durovschat which is 12k members. I forgot the limits which i think is 200k for chatroom and infinite(?) for distrubution channels
Edit: yeah its 200k and infinite in "broadcast groups"
Definitely just "distribution"
Sounds like a place for toots 🤔 Signal supports admin only chat rooms. Maybe they'll be able to support >1k in the future. Dunno if MLS will be able to do that.
Anti Commercial-AI license
Toots?...
Mastodon i guess.
Yes. Since the mascot is an elephant, it's Toots instead of Tweets. To the other person's point, toots are fine for what I showed, anime type channels, but less legal things like piracy, onlyfans leaks, etc. wouldn't be great there, since it's not a private group of just the interested parties.
Thanks for doing this
Keybase is better than Signal. You may not like it's current owners but it still works, still functions, and can be used to chat privately. It's entirely OSS on the client side; and server-side software isn't provided; but with an open Client; it's likely trivial to reverse and re-implement your own. (Keybase itself doesn't provide their server code; it's private due to abuse constraints)
Keybase is End to End Encrypted. It may not be as "feature rich" but all features are private.
I'm not sure if it's indev anymore though; and it does allow you to be as public or as private as you'd like to be about your identity.
Epic