Sorry Signal and WhatsApp, you're not getting full access to my contacts. Stop begging. Be grateful you have access to a dummy contact.
Both apps now check for the new #iOS18 authorization status "limited" and complain if the user authorizes access to some contacts only.
[#]Privacy #infosec #Security #privacymatters #iOS
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | More toots from mysk@mastodon.social
This is the code that lets Signal show the contacts prompt:
https://github.com/signalapp/Signal-iOS/blob/be39fb767964b1cffed2e391e315026aab93d317/SignalServiceKit/Megaphones/ExperienceUpgradeManifest.swift#L573C1-L576C6
#iOS18 #Privacy #infosec #Security #privacymatters #iOS
=> More informations about this toot | More toots from mysk@mastodon.social
@mysk I get it with WhatsApp, but why Signal?
=> More informations about this toot | More toots from MBrandtner@gruene.social
@MBrandtner They're going after contacts to expand their user base. There's no way to stop this pop-up. If you dismiss it, it shows up later. It is intrusive but made sense when phone numbers were the only way to discover and add new contacts. Now they support IDs. So no idea why they insist on begging for full access to contacts. Pretty weird for a privacy chat app.
=> More informations about this toot | More toots from mysk@mastodon.social
@mysk What do you mean with "They're going after contacts"? Your contact details are at no point known to the Signal server.
=> More informations about this toot | More toots from MBrandtner@gruene.social
@MBrandtner I mean that they're desperate to send the hashes to their servers so they match the hashes and then notify users when a contact joins Signal. They only need the hashes of phone numbers in your address book. This practice clearly increases the number of Signal users. It's fine, but allowing users to choose to opt out isn't.
=> More informations about this toot | More toots from mysk@mastodon.social
@mysk it’s definitely annoying, but signal does contact sharing without giving your contacts to the organization. It’s a cryptography thing that I haven’t tried to understand yet
=> More informations about this toot | More toots from hbraun@mastodon.social
@hbraun Yes, it sends the hashes of each phone number in your address book to its remote servers. It uses the hashes for discovery and notifying users when a contact joins Signal. It only hashes phone numbers. It doesn't send anything related to other fields such as names and emails.
=> More informations about this toot | More toots from mysk@mastodon.social
@mysk Looks like, new feature (iOS 18) not implemented yet. PR welcome, I believe.
=> More informations about this toot | More toots from gordio@mastodon.social
@mysk 🍿
=> More informations about this toot | More toots from imho@chaos.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini