Drew DeVault doesn't trust Signal because its Android incarnation uses the Google Play Store --- the app market virtually all of its real users use --- and not F-Droid. DeVault would also like it if Signal would interoperate with other chat programs.
Instead, DeVault would prefer that you use Matrix, a system for which end-to-end encryption is (according to its own website) "in late beta", offered on a select subset of clients, and "not enabled by default"†.
This argument is clownish and we should be embarrassed it's on the front page.
There are people in the world that want to sysadmin their phones. It's a life choice they are free to make and I don't hold it against them. But the vast, overwhelming majority of users do not want to make the app market on their phone work more like Debian and less like the Play Store. Signal, to put it bluntly, does not care about the desires of the phone sysadmins. Even if they caved to the sysadmins, the application would, for virtually all its users, be no more secure. This bothers DeVault a lot, enough that he's constructed an entire psychoanalysis of Moxie Marlinspike to explain to himself how it could possibly happen that someone else on the Internet doesn't agree with him.
Also, just as a note to DeVault: the point of end-to-end encryption is that you don't have to trust Signal's server. All it does is arrange for the delivery of messages, which are secured client-to-client. Compare Signal's server to Wire's, which --- last I checked --- retains a record of every pair of users who have communicated in the past.
† When this was pointed out downthread, DeVault responded: "[o]ther alternatives (which I have not reviewed in depth) include Tox, Telegram, Wire, and Ring". Telegram is a particularly funny reference to make, because not only is E2E not the default there, but --- last I checked --- it can't even do E2E group chat. Telegram's owners are adamant that TLS is adequate for group secure chat.
I feel like you didn't actually read the article or my comments in this thread.
>Drew DeVault doesn't trust Signal because its Android incarnation uses the Google Play Store --- the app market virtually all of its real users use --- and not F-Droid
It should use both.
>the point of end-to-end encryption is that you don't have to trust Signal's server. All it does is arrange for the delivery of messages, which are secured client-to-client. Compare Signal's server to Wire's, which --- last I checked --- retains a record of every pair of users who have communicated in the past.
My point is that Signal could just as easily keep a record of every pair of users who has communicated. We can't be sure because we can't run our own servers. I spoke about this in detail in the article.
>† When this was pointed out downthread, DeVault responded: "[o]ther alternatives (which I have not reviewed in depth) include Tox, Telegram, Wire, and Ring". Telegram is a particularly funny reference to make, because not only is E2E not the default there, but --- last I checked --- it can't even do E2E group chat. Telegram's owners are adamant that TLS is adequate for group secure chat.
Thanks for omitting all of the context which clarified that I hadn't researched them in depth and wasn't explicitly endorsing any of them, and the comment where I clarified that E2E encryption is enabled by default on Matrix.
I basically agree here. Some people, like DeVault, don't seem to think that there is any other threat model than "protect sysadmins from nationstates like the US or big corporations or Mossad".
I find such viewpoints rather dissapointing because I myself as a sysadmin don't hold it. My threat model is "someone steals my phone" and "someone (<1Mil. $ funding) tries to hack me". I don't particularly care that I don't know if the sand that was used to make silicon for my phone was properly sourced and audited for backdoors or plastic shovels.
I want me and my family to be reasonably secure against the background noise of the internet.
And of course not suck the battery dry like some thirsty vampire who was offered a bag of O-negative.
For this task, Signal is fully sufficient (until another messenger does it better or matrix fixes their long list of problems I have with them).
Some version of this post seems to circulate every few months or so. This one is more direct in its accusations of Moxie acting in bad faith. I think this is disingenuous. Moxie has been very clear[0] about the tradeoffs that Signal has made and the reasons for them. It's fine to be dissatisfied with those choices. It's another thing entirely to accuse Moxie of dissimulating.
Personally, I'd like to see Signal replace WhatsApp. That's why I support the path Signal took, and why I also have a distaste for the author's snarky dismissals of features like GIF search.
But in the linked post he does not explain, why he does not maintain a F-Droid repository for people who do not trust google, nor why the original Signal Client does not connect to Signal Forks, even if they use everything the same.
Security reasons? Ordinary smartphones are full of rootkits anyways, so someone using a forked Signal version probably is better of anyway, as he knows a bit more what he is doing.
So the base argument holds in my opinion: Moxies main focus is Moxie in control. And not making Signal the best and securely possible.
So I also use Signal, but as soon as Matrix gets stable, I am gone
I am not willing to support Signal if they are unwilling to federate the system.
Sure, it doesn't allow them the flexibility they'd like to have to move forward but in a way it won't be their fault if federated servers aren't keeping themselves up to date when there's a major protocol change and they get temporarily splitted from the pool.
Completely agree, I have had several people move from various chat apps and texting to Signal largely because of the iMessage like features. Ultimately, I am now able to have more secure discussions with largely non-technical users which is good for everyone.
It’s not surprising. The people most interested in encryption want to trust nobody. That’s the goal of strong encryption, but as Ken Thompson says it’s not possible. Between the US Government and Moxie I’d trust Moxie but I’d rather trust neither.
And one day we realise it was indeed something nefarious, let's assume something of this sort happened in the future, and then we rue that we didn't act when people used to say something was amiss.
There is one line in the article that says it well:
> Truly secure systems don’t require trust.
edit:
I have supported Matrix and Firefox among others (both in code as an Android dev and with modest donations - stopped using Firefox after Pocket). But no, not Signal. I'd wait for federation (if at all).
This is a really poor post. Lots of in-the-weeds long-running-feud grudge holding snark, but no real examination of the issues at hand. And his assertions don't make sense in any case. You can't trust the Google Play store because a malicious actor might have swapped out the trusted roots on you. But then why should we trust F-Droid's signing infrastructure?
Then he gripes that the posted APK has to be manually checksummed to use it. If you are truly paranoid, trusting a checksum you get from the same page you get a binary is as secure as ignoring the checksum altogether. But why would you trust a hidden signature process you can't see any more? How do you know your F-Droid binary was secure?
But worst of all is this pointless assertion: "Truly secure systems don’t require trust."
There are no truly secure systems. Malicious actors could replace your Matrix app with a lookalike clone. Your phone could have a hidden keylogger built into the OS. Or the hardware. The person's phone on the other end of your communication could have been compromised. You could be being monitored by all sorts of undetectable means.
Perfect security is an unattainable goal, but good security requires acknowledging and enabling trust to play a role in the protocols and systems we develop.
But we have to trust that Moxie is running the server software he says he is. We have to trust that he isn’t writing down a list of people we’ve talked to, when, and how often. We have to trust not only that Moxie is trustworthy, but given that Open Whisper Systems is based in San Francisco we have to trust that he hasn’t received a national security letter, too (by the way, Signal doesn’t have a warrant canary). Moxie can tell us he doesn’t store these things, but he could. Truly secure systems don’t require trust.
I am happy to see I am not the only person in the world that feels like this about Signal.
The interesting fact is that I "Ctrl+F" this page for Wire and I have seen nothing, even though this comment is about something that made me switch over Wire from Signal: to date, that's the unique instant messaging that has FOSS'ed both the server and the clients. (OK, the article also says about Matrix.)
I admire Wire for a number of reasons, but certainly FOSS'ing all their code is one the main reasons. (The other is... Haskell! And also Rust.)
And just to point out, not only Wire bug-fixed the library implementation of the Signal protocol, as they use the Signal protocol. And their web interface is very good!
Oh, yes... And they are not based in USA.
EDIT: I am not affiliated with Wire, but just a happy customer. :)
> We have at least one data point that says that Signal stores exactly two integers about you
For people wondering what they are:
> "The only information responsive to the subpoena held by OWS is the time of account creation and the date of the last connection to Signal servers for account [redacted]. Consistent with the Electronic Conununications Privacy Act ("ECPA"), 18 U.S.C. § 2703(c)(2), OWS is providing this information in response to the subpoena."
Their response to the subpoena then goes on to object to its overly broad scope, which asked for things that require a court order or a search warrant. They also object to the scope of the nondisclosure order included in the subpoena.
Is it even possible for the Signal servers to keep track of who you talk to, when, and how often? I was under the impression that those two data points they stored were the only thing they _could_ store, because the rest is sent to the servers encrypted.
If Open Whisper Systems had received a national security letter requiring them to collect more information and keep it secret that they were doing so, how would you expect them to have responded to that subpoena?
If I read that document correctly, it's more accurate to say that Signal stores at least two integers, rather than exactly. Signal did not provide information that does not fall under certain information categories, and they say that a court order would be needed to force them to disclose any of that information (if they possess any, which they deny).
For all the hate it gets, it does only have mode of communication: End-to-end encrypted, for your contact (as people's addresses are pubkeys) and with forward secrecy.
Most "secure" IM systems fail this basic test. When proper end-to-end encryption is optional, guess what happens.
Fwiw, Matrix E2E actually exists in separate codebases in: Riot/Web, Riot/iOS, Riot/Android, nheko, matrix-python-sdk, libpurple (in PR), and shortly in Fractal (thanks to https://gitlab.gnome.org/jhaye/olm-rs etc). So yup, it sucks that it's not turned on by default in private rooms, but we're working away as fast as we can.
Last time I've tried Matrix (this spring) with a group of peers, my E2E rooms were full of random "failed to decrypt" and lots of out-of-band communications "hey, are my messages working for you today?"
Yes, we had one Synapse server running on a resource-constrained machine that sometimes "fell behind" the rest of the network. I believe that is what had caused such issues. Still, the fact things easily break with server load or network issues means there is something faulty about the protocol. Resilience and reliability are no less important than security.
Author here, this is a fair criticism. Other alternatives (which I have not reviewed in depth) include Tox, Telegram, Wire, and Ring (not an endorsement of any of these). I'm an old curmodgen who just uses IRC+OTR and GPG, though, so I have to depend on others for recommendations.
Also, Matrix enables end-to-end encryption by default on clients that support it.
> Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don’t view “but that makes it harder for the average person” as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries.
I'm not so sure about this. I don't think Snowden and Schneier are praising it because it is the most secure application available that works for every threat model; I think they're doing it because it's the best attempt to up the security of the masses. In other words: there's a limit to its threat model. Signal makes it harder to do mass-scale surveillance, and allows e.g. whistle-blowers to contact journalists without standing out because they're using an encrypted messaging app.
Yes, it's important to highlight those trade-offs, and one can always do better, but as far as I can see Moxie has always justified the trade-off with arguments that were not based on being self-serving. You might not agree with his conclusions, but I think it's unfair to accuse him of being self-serving. (Unless you mean "thinking about the consequences for the success of Signal" by "self-serving". It's not really clear how it serves Moxie otherwise, and the author doesn't go into detail about that.)
In the end, I think it comes down to the author expecting different goals from Signal than the project itself has - as implied by his disdain for GIF search. Obviously Signal isn't only implementing features just to get more secure - it also wants to be widely adopted. It's just that the author apparently doesn't consider that as important.
I think Signal does a very good job at providing easy security for the masses. But for journalists and sources it can be dangerous since it is based on real phone numbers, and those phone numbers are sent to the server to be matched up. It is especially dangerous if the journalists and sources believe Signal is protecting them in that use case.
Signal is not for state-proof encrypted communication. Not large states like the USA or Russia. If you think it is, you've been misinformed. For state actor proof communications you need to evaluate every action you take and think:
"What are the assumptions that I'm making here?"
One assumption is that you're not currently on anyone's radar. Are you willing to bet the entire enterprise on this assumption? How certain are you? Are you 99.999% certain?
Another assumption is that the operating system you are running the app in is not compromised on either end of the communication. 99.99%?
Another assumption is that the screen isn't viewable by other devices. Another assumption is that the frequency of your key taps aren't picked up by a mic and then turned into intelligible letters.
Another assumption is that the encryption algorithms you're utilizing haven't been subtly chosen to be intelligible to a single actor or that they'll stay secure once we have quantum computers.
Etc. Etc. Etc.
Signal is good because it raises the bar. Stock traders buying black information probably won't get your communications. They won't be scooped up in a email server leak. They wont be visible to your wife when she enters your phone's unlock code because they auto delete, and they don't get pushed to your iPad, like FB messenger[0].
But if you want to go up against James Bond, and you're already on his radar, you need to give up the illusion that anything computer related is fully trustable. Just pre-arrange some code words or OTPs and meet in person in an area without electronics or go even more old school and use dead drops with hand written communication.
[0] I personally know 3 people that were caught cheating this way.
This is a chat app so, by definition, security requires trusting at least one other person. Also, I think experience shows that secrets can often be least trusted to those who have some interest in/use for them, with the secret owner often being the least trustworthy of all. So I'd say that if you trust yourself you're already probably trusting one of the weakest links in whatever chain of trust you would have.
But seriously, pretty much every secure system requires trust, and the more it relies on technology, the more trust is required. You need to trust there are no backdoors or holes in a long chain of hardware and software that no one person can possibly verify, and if they hypothetically could, they could only hypothetically do so with the help of verification software that they could not themselves verify, at least not without dedicating a lifetime to that goal. Trustless security does not exist, and attempting to achieve it by adding more technological layers and more complexity reduces rather than enhanced security. We should make it easy for us to choose whom to trust, not work on a futile attempt to take trust out of the system.
"The APK direct download doesn’t even accomplish the stated goal of “harm reduction”. The user has to manually verify the checksum, and figure out how to do it on a phone, no less. A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want."
This is true for just about every single piece of software that one downloads. But nice job deflecting it onto Signal to solve for you. Installing an APK by hand is not difficult either, you transfer it to your phone and open it. I don't see how Signal is doing any better or worse of a job from similar apps. Also, Signal's checksum verification is SHA-256 which I'd say is "good enough." It's also being served from an HTTPS webpage. Is there something missing here?
"If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries."
Because if the adversary is, say, an abusive ex that happens to work for the telco, for example, then it doesn't matter. Unless you're actively hunted by a G7 country your problems are inconsequential.
I don't know anything about Moxie derailing threads or anything like that but if we just listened to critics all the time then we just wouldn't have anything. Signal is better than a lot of what is out there and being used as scale and that counts for something. More secure is always better than not secure at all.
AFAIK, Signal has an open source client, and an open source server. If you want federation, you can go ahead and build it, and find users, and you can start from a reasonably well working base. Moxie isn't going to build it, because he doesn't think federation works; to convince him, you'll need to show him it works, not just tell him. Is there an example of a federated chat service which has end to end encryption that just works?
Peer to peer chat is interesting, but it means that IPs of communicating users are more widely exposed -- now anybody in the network path between two users can see they're communicating with each other, not just that they're both communicating with Signal. I may not want to share my IP with some (or most) people I communicate with. Additionally, there's a lot of hard work around actually getting a peer to peer connection on today's internet, for a large fraction of connections, you're going to have to proxy packets for them anyway.
The article actually proposes an alternative: Matrix, and Matrix is, in fact, a good piece of software, with federation options.
I tend to agree with most parts of the article, especially the lack of federation options.
My real pain point with Signal is that there is no real desktop application for it - no, a connected web interface is not a desktop application. For example, XMPP with OMEMO can be used simultaneously from Android Conversations AND Pidgin - same account, same messages (yes, it needs XMPP Carbons on the server), e2e.
> Packages on F-Droid are reviewed by a human being and are cryptographically signed
>The app has to update itself, using a similarly insecure mechanism. F-Droid handles updates and actually signs their packages
so are all android APKs. granted it's trust on first use: it accepts any signature for the first install, and only enforces the signature if you try to install an update.
>A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want
this is probably the only legitimate concern, to use f-droid so you have a permanent anchor of trust (f-droid, rather than whatever CAs you have installed) for the first install. this isn't even that big of an issue when you can install using yalp store. google might be a rootkit or whatever, but at least you can be reasonably sure that the apks are the originals.
> There’s an alternative to the Play Store for Android. F-Droid is an open source app “store” (repository would be a better term here) which only includes open source apps (which Signal thankfully is). By no means does Signal have to only be distributed through F-Droid - it’s certainly a compelling alternative. This has been proposed, and Moxie has definitively shut the discussion down.
Adjunct to the rest of this discussion: just read through that GH issue and came away with markedly different conclusions than the author of the blog post.
It reads like someone who is trying hard to justify and prioritize dev time/resourcing in the face of what is a demanding and vitriolic minority. No evidence of disingenuous intent or desire to push a particular agenda. I see nothing that would have prevented the old OSS adage: "if you want to see it, do it".
Drew, I don't know you, or the background for the argument you're making, but it seems like you have something stuck in your craw here. Maybe take a little time and try to view the situation with fresh eyes? You're obviously passionate about this subject -- and the unique perspective is appreciated -- but it devalues the rest of the info presented, and I don't buy the precept you're proposing.
People should just know by now, if you need to communicate something in private, you should just never use any electronic device that uses public networks. All of these "secure" tools that are being used must be understood in that context. They are "secure" against honest people.
What I mean by that is that it's a lot like your home or apartment. Sure, you should lock your door and turn on your alarm system when you leave. At the same time, if you know there are three letter agencies surveilling you, it's probably wise to go ahead and assume they broke into your home and placed bugs in it despite your security precautions.
This article is entirely about the Play store and F-droid.
As a user, when an app claims to be 'secure', I expect the app itself to have made reasonable security tradeoffs. I don't however expect them to change my OS, my package manager, or anything else. The security of those other components isn't their concern.
Security is something which only makes sense in relation to an attacker model. Only after you specified that, then we can discuss if something is secure or not.
Signal is not secure if the NSA is after you. Signal is secure if your Chinese competitor is after your business data. Signal is secure if you are a journalist in Turkey.
Remember that OTR, Cryptocat and PGP were secure enough when Snowden was agreeing about handing data to Greenwald and Poitras. So while Signal isn't secure if you're NSA's target, it might be secure enough to protect you from passive threat scanning.
The author is a delusional crank. He is very deliberately ignoring the very cogent arguments for the Signal architecture in favour of some specious moaning about how play store is subverted by the NSA.
If you want a federated / onion-routed message transport, start coding. You can use the signal ratchet mechanism if you want, you just can't call the resulting shibboleth Signal. Distribute only by obscure methods, easily subverted by users installing malware versions with higher search rankings. Then stand back and watch as hardly anyone used your app.
> This is a strong accusation, I know. The thing which convinced me of its truth is Signal’s centralized design and hostile attitude towards forks.
The thing that convinced you that Moxie feels a certain way is that Signal has a 'centralized design'.
Please, if you're going to accuse someone of acting in bad faith with no evidence the least you can do is be honest about it. You have nothing but your feelings for proof of anything.
[+] [-] tptacek|7 years ago|reply
Instead, DeVault would prefer that you use Matrix, a system for which end-to-end encryption is (according to its own website) "in late beta", offered on a select subset of clients, and "not enabled by default"†.
This argument is clownish and we should be embarrassed it's on the front page.
There are people in the world that want to sysadmin their phones. It's a life choice they are free to make and I don't hold it against them. But the vast, overwhelming majority of users do not want to make the app market on their phone work more like Debian and less like the Play Store. Signal, to put it bluntly, does not care about the desires of the phone sysadmins. Even if they caved to the sysadmins, the application would, for virtually all its users, be no more secure. This bothers DeVault a lot, enough that he's constructed an entire psychoanalysis of Moxie Marlinspike to explain to himself how it could possibly happen that someone else on the Internet doesn't agree with him.
Also, just as a note to DeVault: the point of end-to-end encryption is that you don't have to trust Signal's server. All it does is arrange for the delivery of messages, which are secured client-to-client. Compare Signal's server to Wire's, which --- last I checked --- retains a record of every pair of users who have communicated in the past.
† When this was pointed out downthread, DeVault responded: "[o]ther alternatives (which I have not reviewed in depth) include Tox, Telegram, Wire, and Ring". Telegram is a particularly funny reference to make, because not only is E2E not the default there, but --- last I checked --- it can't even do E2E group chat. Telegram's owners are adamant that TLS is adequate for group secure chat.
[+] [-] ddevault|7 years ago|reply
>Drew DeVault doesn't trust Signal because its Android incarnation uses the Google Play Store --- the app market virtually all of its real users use --- and not F-Droid
It should use both.
>the point of end-to-end encryption is that you don't have to trust Signal's server. All it does is arrange for the delivery of messages, which are secured client-to-client. Compare Signal's server to Wire's, which --- last I checked --- retains a record of every pair of users who have communicated in the past.
My point is that Signal could just as easily keep a record of every pair of users who has communicated. We can't be sure because we can't run our own servers. I spoke about this in detail in the article.
>† When this was pointed out downthread, DeVault responded: "[o]ther alternatives (which I have not reviewed in depth) include Tox, Telegram, Wire, and Ring". Telegram is a particularly funny reference to make, because not only is E2E not the default there, but --- last I checked --- it can't even do E2E group chat. Telegram's owners are adamant that TLS is adequate for group secure chat.
Thanks for omitting all of the context which clarified that I hadn't researched them in depth and wasn't explicitly endorsing any of them, and the comment where I clarified that E2E encryption is enabled by default on Matrix.
[+] [-] zaarn|7 years ago|reply
I find such viewpoints rather dissapointing because I myself as a sysadmin don't hold it. My threat model is "someone steals my phone" and "someone (<1Mil. $ funding) tries to hack me". I don't particularly care that I don't know if the sand that was used to make silicon for my phone was properly sourced and audited for backdoors or plastic shovels.
I want me and my family to be reasonably secure against the background noise of the internet.
And of course not suck the battery dry like some thirsty vampire who was offered a bag of O-negative.
For this task, Signal is fully sufficient (until another messenger does it better or matrix fixes their long list of problems I have with them).
[+] [-] bufferoverflow|7 years ago|reply
[+] [-] im3w1l|7 years ago|reply
[deleted]
[+] [-] g_sch|7 years ago|reply
Personally, I'd like to see Signal replace WhatsApp. That's why I support the path Signal took, and why I also have a distaste for the author's snarky dismissals of features like GIF search.
[0] https://signal.org/blog/the-ecosystem-is-moving/
[+] [-] hutzlibu|7 years ago|reply
So the base argument holds in my opinion: Moxies main focus is Moxie in control. And not making Signal the best and securely possible.
So I also use Signal, but as soon as Matrix gets stable, I am gone
[+] [-] m-p-3|7 years ago|reply
Sure, it doesn't allow them the flexibility they'd like to have to move forward but in a way it won't be their fault if federated servers aren't keeping themselves up to date when there's a major protocol change and they get temporarily splitted from the pool.
[+] [-] djcrayon|7 years ago|reply
[+] [-] ggg9990|7 years ago|reply
[+] [-] SquareWheel|7 years ago|reply
[+] [-] balladeer|7 years ago|reply
And one day we realise it was indeed something nefarious, let's assume something of this sort happened in the future, and then we rue that we didn't act when people used to say something was amiss.
There is one line in the article that says it well:
> Truly secure systems don’t require trust.
edit:
I have supported Matrix and Firefox among others (both in code as an Android dev and with modest donations - stopped using Firefox after Pocket). But no, not Signal. I'd wait for federation (if at all).
[+] [-] lowry|7 years ago|reply
[+] [-] skywhopper|7 years ago|reply
Then he gripes that the posted APK has to be manually checksummed to use it. If you are truly paranoid, trusting a checksum you get from the same page you get a binary is as secure as ignoring the checksum altogether. But why would you trust a hidden signature process you can't see any more? How do you know your F-Droid binary was secure?
But worst of all is this pointless assertion: "Truly secure systems don’t require trust."
There are no truly secure systems. Malicious actors could replace your Matrix app with a lookalike clone. Your phone could have a hidden keylogger built into the OS. Or the hardware. The person's phone on the other end of your communication could have been compromised. You could be being monitored by all sorts of undetectable means.
Perfect security is an unattainable goal, but good security requires acknowledging and enabling trust to play a role in the protocols and systems we develop.
[+] [-] innerspirit|7 years ago|reply
[+] [-] hprotagonist|7 years ago|reply
We have at least one data point that says that Signal stores exactly two integers about you, or did when the subpoena was issued: https://www.aclu.org/open-whisper-systems-subpoena-documents
things can always change, but that’s evidence submitted in court under the penalty of perjury, which is a fairly strong claim.
[+] [-] guiraldelli|7 years ago|reply
The interesting fact is that I "Ctrl+F" this page for Wire and I have seen nothing, even though this comment is about something that made me switch over Wire from Signal: to date, that's the unique instant messaging that has FOSS'ed both the server and the clients. (OK, the article also says about Matrix.)
I admire Wire for a number of reasons, but certainly FOSS'ing all their code is one the main reasons. (The other is... Haskell! And also Rust.)
And just to point out, not only Wire bug-fixed the library implementation of the Signal protocol, as they use the Signal protocol. And their web interface is very good!
Oh, yes... And they are not based in USA.
EDIT: I am not affiliated with Wire, but just a happy customer. :)
[+] [-] Cowen|7 years ago|reply
For people wondering what they are:
> "The only information responsive to the subpoena held by OWS is the time of account creation and the date of the last connection to Signal servers for account [redacted]. Consistent with the Electronic Conununications Privacy Act ("ECPA"), 18 U.S.C. § 2703(c)(2), OWS is providing this information in response to the subpoena."
Their response to the subpoena then goes on to object to its overly broad scope, which asked for things that require a court order or a search warrant. They also object to the scope of the nondisclosure order included in the subpoena.
[+] [-] Vinnl|7 years ago|reply
Edit: Yes, apparently they have a method of doing private contact discovery and, IIUC, even a method for the client to verify that the server is running the source code they expect: https://signal.org/blog/private-contact-discovery/#trust-but...
[+] [-] lmm|7 years ago|reply
[+] [-] thsealienbstrds|7 years ago|reply
[+] [-] alexnewman|7 years ago|reply
[+] [-] r3bl|7 years ago|reply
Yes, if you're looking for alternatives to Signal, you should totally use a solution that hasn't rolled out end-to-end encryption by default[0]. /s
...and that only two clients have implemented so far, out of 50ish that they list on their website.
[0] https://matrix.org/docs/guides/faq.html#what-is-the-status-o...
[+] [-] snvzz|7 years ago|reply
For all the hate it gets, it does only have mode of communication: End-to-end encrypted, for your contact (as people's addresses are pubkeys) and with forward secrecy.
Most "secure" IM systems fail this basic test. When proper end-to-end encryption is optional, guess what happens.
[+] [-] Arathorn|7 years ago|reply
[+] [-] drdaeman|7 years ago|reply
Yes, we had one Synapse server running on a resource-constrained machine that sometimes "fell behind" the rest of the network. I believe that is what had caused such issues. Still, the fact things easily break with server load or network issues means there is something faulty about the protocol. Resilience and reliability are no less important than security.
[+] [-] ddevault|7 years ago|reply
Also, Matrix enables end-to-end encryption by default on clients that support it.
[+] [-] pmlnr|7 years ago|reply
[+] [-] aepc2|7 years ago|reply
[+] [-] Vinnl|7 years ago|reply
I'm not so sure about this. I don't think Snowden and Schneier are praising it because it is the most secure application available that works for every threat model; I think they're doing it because it's the best attempt to up the security of the masses. In other words: there's a limit to its threat model. Signal makes it harder to do mass-scale surveillance, and allows e.g. whistle-blowers to contact journalists without standing out because they're using an encrypted messaging app.
Yes, it's important to highlight those trade-offs, and one can always do better, but as far as I can see Moxie has always justified the trade-off with arguments that were not based on being self-serving. You might not agree with his conclusions, but I think it's unfair to accuse him of being self-serving. (Unless you mean "thinking about the consequences for the success of Signal" by "self-serving". It's not really clear how it serves Moxie otherwise, and the author doesn't go into detail about that.)
In the end, I think it comes down to the author expecting different goals from Signal than the project itself has - as implied by his disdain for GIF search. Obviously Signal isn't only implementing features just to get more secure - it also wants to be widely adopted. It's just that the author apparently doesn't consider that as important.
[+] [-] eighthave|7 years ago|reply
[+] [-] 3pt14159|7 years ago|reply
"What are the assumptions that I'm making here?"
One assumption is that you're not currently on anyone's radar. Are you willing to bet the entire enterprise on this assumption? How certain are you? Are you 99.999% certain?
Another assumption is that the operating system you are running the app in is not compromised on either end of the communication. 99.99%?
Another assumption is that the screen isn't viewable by other devices. Another assumption is that the frequency of your key taps aren't picked up by a mic and then turned into intelligible letters.
Another assumption is that the encryption algorithms you're utilizing haven't been subtly chosen to be intelligible to a single actor or that they'll stay secure once we have quantum computers.
Etc. Etc. Etc.
Signal is good because it raises the bar. Stock traders buying black information probably won't get your communications. They won't be scooped up in a email server leak. They wont be visible to your wife when she enters your phone's unlock code because they auto delete, and they don't get pushed to your iPad, like FB messenger[0].
But if you want to go up against James Bond, and you're already on his radar, you need to give up the illusion that anything computer related is fully trustable. Just pre-arrange some code words or OTPs and meet in person in an area without electronics or go even more old school and use dead drops with hand written communication.
[0] I personally know 3 people that were caught cheating this way.
[+] [-] pron|7 years ago|reply
This is a chat app so, by definition, security requires trusting at least one other person. Also, I think experience shows that secrets can often be least trusted to those who have some interest in/use for them, with the secret owner often being the least trustworthy of all. So I'd say that if you trust yourself you're already probably trusting one of the weakest links in whatever chain of trust you would have.
But seriously, pretty much every secure system requires trust, and the more it relies on technology, the more trust is required. You need to trust there are no backdoors or holes in a long chain of hardware and software that no one person can possibly verify, and if they hypothetically could, they could only hypothetically do so with the help of verification software that they could not themselves verify, at least not without dedicating a lifetime to that goal. Trustless security does not exist, and attempting to achieve it by adding more technological layers and more complexity reduces rather than enhanced security. We should make it easy for us to choose whom to trust, not work on a futile attempt to take trust out of the system.
[+] [-] distantsounds|7 years ago|reply
This is true for just about every single piece of software that one downloads. But nice job deflecting it onto Signal to solve for you. Installing an APK by hand is not difficult either, you transfer it to your phone and open it. I don't see how Signal is doing any better or worse of a job from similar apps. Also, Signal's checksum verification is SHA-256 which I'd say is "good enough." It's also being served from an HTTPS webpage. Is there something missing here?
[+] [-] LaGrange|7 years ago|reply
Because if the adversary is, say, an abusive ex that happens to work for the telco, for example, then it doesn't matter. Unless you're actively hunted by a G7 country your problems are inconsequential.
[+] [-] okatsu|7 years ago|reply
[+] [-] toast0|7 years ago|reply
Peer to peer chat is interesting, but it means that IPs of communicating users are more widely exposed -- now anybody in the network path between two users can see they're communicating with each other, not just that they're both communicating with Signal. I may not want to share my IP with some (or most) people I communicate with. Additionally, there's a lot of hard work around actually getting a peer to peer connection on today's internet, for a large fraction of connections, you're going to have to proxy packets for them anyway.
[+] [-] pmlnr|7 years ago|reply
I tend to agree with most parts of the article, especially the lack of federation options.
My real pain point with Signal is that there is no real desktop application for it - no, a connected web interface is not a desktop application. For example, XMPP with OMEMO can be used simultaneously from Android Conversations AND Pidgin - same account, same messages (yes, it needs XMPP Carbons on the server), e2e.
[+] [-] gruez|7 years ago|reply
use yalp store
> Packages on F-Droid are reviewed by a human being and are cryptographically signed
>The app has to update itself, using a similarly insecure mechanism. F-Droid handles updates and actually signs their packages
so are all android APKs. granted it's trust on first use: it accepts any signature for the first install, and only enforces the signature if you try to install an update.
>A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want
this is probably the only legitimate concern, to use f-droid so you have a permanent anchor of trust (f-droid, rather than whatever CAs you have installed) for the first install. this isn't even that big of an issue when you can install using yalp store. google might be a rootkit or whatever, but at least you can be reasonably sure that the apks are the originals.
[+] [-] r3vrse|7 years ago|reply
Adjunct to the rest of this discussion: just read through that GH issue and came away with markedly different conclusions than the author of the blog post.
It reads like someone who is trying hard to justify and prioritize dev time/resourcing in the face of what is a demanding and vitriolic minority. No evidence of disingenuous intent or desire to push a particular agenda. I see nothing that would have prevented the old OSS adage: "if you want to see it, do it".
Drew, I don't know you, or the background for the argument you're making, but it seems like you have something stuck in your craw here. Maybe take a little time and try to view the situation with fresh eyes? You're obviously passionate about this subject -- and the unique perspective is appreciated -- but it devalues the rest of the info presented, and I don't buy the precept you're proposing.
[+] [-] bilbo0s|7 years ago|reply
What I mean by that is that it's a lot like your home or apartment. Sure, you should lock your door and turn on your alarm system when you leave. At the same time, if you know there are three letter agencies surveilling you, it's probably wise to go ahead and assume they broke into your home and placed bugs in it despite your security precautions.
Because they have.
[+] [-] londons_explore|7 years ago|reply
As a user, when an app claims to be 'secure', I expect the app itself to have made reasonable security tradeoffs. I don't however expect them to change my OS, my package manager, or anything else. The security of those other components isn't their concern.
[+] [-] qznc|7 years ago|reply
Security is something which only makes sense in relation to an attacker model. Only after you specified that, then we can discuss if something is secure or not.
Signal is not secure if the NSA is after you. Signal is secure if your Chinese competitor is after your business data. Signal is secure if you are a journalist in Turkey.
[+] [-] tabletopneedle|7 years ago|reply
[+] [-] angry_octet|7 years ago|reply
If you want a federated / onion-routed message transport, start coding. You can use the signal ratchet mechanism if you want, you just can't call the resulting shibboleth Signal. Distribute only by obscure methods, easily subverted by users installing malware versions with higher search rankings. Then stand back and watch as hardly anyone used your app.
[+] [-] leshow|7 years ago|reply
The thing that convinced you that Moxie feels a certain way is that Signal has a 'centralized design'.
Please, if you're going to accuse someone of acting in bad faith with no evidence the least you can do is be honest about it. You have nothing but your feelings for proof of anything.