It isn't.

Similar to other apps, CoverDrop only provides limited protection on smartphones that are fully compromised by malware, e.g., Pegasus, which can record the screen content and user actions.

It's a red flag to those who think you're going to share internal info.

Or it's just a perfectly normal thing that billions of people do every day?

Messaging protocols already resemble the frameworks that come out from time to time. And their effectiveness is due to the fact that they require a certain quota of users.

It's just a secure messaging app with a direct line to Guardian journalists. How to use 911 or special numbers when you're not feeling well.

For one, ease of access. Say you’re trying to break a story, who are you going to message with signal? Because you’re going to need to get that contact info somehow right?

Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.

Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow

It's called traffic analysis

Say you’re trying to break a story, who are you going to message with signal?

...The Guardian?

Because you’re going to need to get that contact info somehow right?

Use your browser? These are strange questions.

Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.

Did you notice that I used the past tense?

It's called encryption

Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.

This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.

I run a cryptography forum

Encryption doesn't hide data sizes unless you take extra steps

Yeah this is insanely good

How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you're trying to hand-waive away by saying "encryption means you're good!"

Cyber security is not my thing, but my understanding is that you'd still see network traffic - you just wouldn't know what it says.

The tech behind the tool conceals the fact that messaging is taking place at all. It makes the communication indistinguishable from data sent to and from the app by our millions of regular users.

Reminds me of how the Germans in WW1 knew they couldn't trust their diplomatic codes anymore so they just sent the important messages in the normal, innocuous telegraph system and diplomatic pouches. They knew that foreign intelligence would be focused on the bogus secure messages.

How are they analyzing network traffic with Signal? It's encrypted

Not my specialty, but signals end to end encryption is akin to sealing a letter. Nobody but the sender and the recipient can open that letter.

But you still gotta send it through the mail. That's the network traffic analysis that can be used.

Here's an example of why that could be bad.

Criminalization of encryption : the 8 december case

This article was written on the basis of information related to the so-called "8 December" case (see the footnotes for a global overview of the case, we focus on the "numerical part" of it in this articleFor a summary of the 8 December affair see in particular the testimonies available in thi

La Quadrature du Net (www.laquadrature.net)

For France, Your a terroriste if you use signal

Then you're also a terrorist if you use The Guardian ‍️

How dumb are you? Like someone said the point is they can see the fact that you sent a secured message period. Not with the guardian app though. Pretty easy to comprehend so I am confused why you are acting so stupid.