Signal TLS Proxy

I know this tiresome argument comes up every time Signal is mentioned, but there&#x27;s an elephant there that seems relevant.<p>An totalitarian state would not need to run a packet inspecting firewall to find out who is using Signal. They have this information already in the plaintext SMS Signal broadcasts in order to collect verified phone numbers of their users. It is most likely in their power to turn off cell service for these endpoints, or even locate them and let the security service round them up.<p>It&#x27;s a great service in many ways, but if you are revolting an authoritarian state, it&#x27;s something to be careful of. At the very least, please be mindful of this and take care of yourself.

Why do I need Docker for such a simple task? From their blog:<p>&gt; The proxy is <i>extremely lightweight</i>. An inexpensive and tiny VPS can easily handle hundreds of concurrent users. Here’s how to make it work:<p><pre><code> SSH into the server. Install Docker, Docker Compose, and git: </code></pre> I&#x27;m sorry but installing Docker on a tiny VPS last time I checked wasn&#x27;t any light at all.

Context <a href="https:&#x2F;&#x2F;signal.org&#x2F;blog&#x2F;run-a-proxy&#x2F;" rel="nofollow">https:&#x2F;&#x2F;signal.org&#x2F;blog&#x2F;run-a-proxy&#x2F;</a>

Does starting the proxy automatically add it to some proxy list that gets (partially) distributed to users or does running a proxy like this only help if I distribute the proxy to people?<p>Would some network analysis then not clearly indicate the social graph of people by virtue of connecting the dots of who connects to which proxy domain?

Why didn&#x27;t this come out when China blocked Signal? And what is Signal doing about China blocking Signal&#x27;s phone verification system? Can&#x27;t talk to my parents-in-law in China now without installing that spyware WeChat.

I wonder why they use nginx, and not Caddy or similar. Some service, which would handle all the certificate stuff natively, without having to deal with an extra script for certificates and without having to ensure that certbot runs from time to time.

Trying to understand the rationale here. So Iran are blocking WhatsApp and other messaging services by blacklisting IPs or filtering the traffic? Is the idea that people will connect to random proxy nodes for signal that will circumvent this blocking?<p>Edit: as a follow up question. Do the people of Iran need messaging access to people outside of Iran or more likely their friends and family within Iran. Most of these messaging services are centralised so blocking them means cutting off communication within the country as well. Maybe they&#x27;d benefit from running private messaging servers themselves?

maybe this is a moot question, but if there is an embargo on iran and you host a proxy like that, are you, as an american, not commiting a crime?<p>The way I understand it people need special licenses in order to operate in iran (meta) and therfore the probability of being sued is very high?

As a slight aside one would think that running a proxy you&#x27;d want to install Docker so you&#x27;re getting the latest bits. Considering compose is now a plugin and base repos are often way behind on Docker versions I always point people to leverage the convenience script that Docker provides [0].<p>[0] <a href="https:&#x2F;&#x2F;get.docker.com" rel="nofollow">https:&#x2F;&#x2F;get.docker.com</a>

Is there a technical reason why this only works on Android and not iOS?

used <a href="https:&#x2F;&#x2F;freedns.afraid.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;freedns.afraid.org&#x2F;</a> to create a dns record and then followed the signal guide on rocky linux 8 with podman and podman-compose (requires some tuning).<p>hope this might help someone: <a href="https:&#x2F;&#x2F;signal.tube&#x2F;#testnotest.mooo.com" rel="nofollow">https:&#x2F;&#x2F;signal.tube&#x2F;#testnotest.mooo.com</a>

Can anyone here give quick example how would how this on a server already having Apache on port 80 and 443? Can this be proxies through Apache?

If people in Iran could find themselves in trouble for using Signal I&#x27;d strongly advise they avoid it and look for some other solution.<p>Ever since Signal started collecting and permanently storing sensitive user data in the cloud (your name, photo, number, a list of everyone you contact using Signal) it&#x27;s become much more dangerous for people who want to protect themselves and the people they are in contact with. Because Signal insists on keeping your contacts in the cloud it&#x27;s possible in some cases for someone to collect a list of your contacts simply by brute forcing a 4 digit pin.<p>It would be horrible to end up in trouble or see your friends and family hurt because Signal wasn&#x27;t forthcoming about the fact that they were collecting your info and keeping it on their servers.