There’s a few levels of protection that you might want from a chat system.
#1 Protection from a dumb attacker doing MitM: This is done by anything that uses HTTPS.
#2 Protection from an attacker that can get fake SSL certs: This is done by anything using certificate pinning.
#3 Protection from an attacker that controls the app store:
This can’t be easily done by Signal – and they don’t do it.
#4 Protection from an attacker that can take over the servers running the application: This is NOT done by Signal, and is hard to achieve (even with true E2E, unless you do multicast, you usually can extract metadata here, although there are chat applications protecting against it).
If your enemy is the US government, you’re automatically EOL, due to #4. If your enemy is another government, you’re likely EOL, due to #3, unless you actually build the app from source yourself.
This is not a fault from Signal – nor can they easily fix it – but it’s a realistic problem.
With Signal, you can verify fingerprints. So, what you're saying is:
#4 if some agency "takes over" the Signal servers, they can extract metadata. But only that?
#3 if the binary is not what its supposed to be, then, yes, all bets are off. That's a whole other can of worms, but a) is there any evidence that's ever happened? and b) that much affects any smartphone chat app, so does not help you to decide between Signal and WeChat.
kuschku|9 years ago
#1 Protection from a dumb attacker doing MitM: This is done by anything that uses HTTPS.
#2 Protection from an attacker that can get fake SSL certs: This is done by anything using certificate pinning.
#3 Protection from an attacker that controls the app store: This can’t be easily done by Signal – and they don’t do it.
#4 Protection from an attacker that can take over the servers running the application: This is NOT done by Signal, and is hard to achieve (even with true E2E, unless you do multicast, you usually can extract metadata here, although there are chat applications protecting against it).
If your enemy is the US government, you’re automatically EOL, due to #4. If your enemy is another government, you’re likely EOL, due to #3, unless you actually build the app from source yourself.
This is not a fault from Signal – nor can they easily fix it – but it’s a realistic problem.
FabHK|9 years ago
#4 if some agency "takes over" the Signal servers, they can extract metadata. But only that?
#3 if the binary is not what its supposed to be, then, yes, all bets are off. That's a whole other can of worms, but a) is there any evidence that's ever happened? and b) that much affects any smartphone chat app, so does not help you to decide between Signal and WeChat.