Normally I wouldn't link to meta discussion but this was such a weird borderline case that I spent over an hour trying to figure it out. Maybe that makes it interesting.
Still trying to grasp the idea of archiving messages from E2E encrypted communication system into a storage that entirely breaks the purpose of using something like Signal.
It’s like encashing on the trust of Signal protocol, app while breaking its security model so that someone else can search through all messages.
OK, say you're a bank. The SEC states you need to keep archives of every discussion your traders have with anyone at any time (I'm simplifying things but you get the point). You keep getting massive fines because traders were whatsapping about deals
So now you've got several options - you can use MS Teams, which of course offers archival, compliance monitoring etc. But that means trusting MSFT, and making sure your traders only use Teams and nothing else. You can use a dedicated application for the financial industry, like Symphony or ICE Chat or Bloomberg, but they're clunkier than B2C apps.
And then the Smarsh (owners of Telemessage) salesman calls you, and says "your users can keep using the apps they love - WhatsApp, Signal - but we make it compliant". And everyone loves it (as long as no-one in your Security or Legal teams are looking too hard at the implications of distributing a cracked version of WhatsApp through your MDM...)
You can never control what I do on my device with the message received- I can make screenshots, or, if the app prevents that, take a picture of the screen.
The goal of signal is trusted end-to-end encrypted communication. Device/Message security on either end is not in scope for Signals threat model.
One of the most popular “e2ee”
communication systems, iMessage, does exactly this each night when the iMessage user’s phone backs up its endpoint keys or its iMessage history to Apple in a non-e2ee fashion.
This allows Apple (and the US intelligence community, including FBI/DHS) to surveil approximately 100% of all non-China iMessages in close to realtime (in the usual case where it’s set to backup cross-device iMessage sync keys).
(China, cleverly, requires Apple to not only store all the Chinese iCloud data in China, but also requires that it happen on machines owned and operated by a joint venture with a Chinese-government-controlled entity, keeping them from having to negotiate continued access to the data the way the FBI did.)
Yet Apple can still legitimately claim that iMessage is e2ee, even though the plaintext is being backed up in a way that is readable to them. It’s a backdoor by another name.
Everyone wins: Apple gets to say E2EE, the state gets to surveil the texts of everyone in the whole country without a warrant thanks to FISA.
There are compliance reasons where you want the communications encrypted in flight, but need them retained at rest for compliance reasons. Federal record keeping laws would otherwise prohibit the use of a service like Signal. I'm honestly impressed that the people involved actually took the extra effort for compliance when nothing else they did was above board...
Any client-side limitations are not part of the security model because you don't control other people's devices. Even with an unmodified app, they're trivially bypassed using a rooted/jailbroken device.
OK, say you're a bank. The SEC does not care what you do and is actively working to make sure nobody else does either. You never get fines and all the traders are whatsapping about deals and it's awesome. But what if the FEC decides to care in the future? Just mark all your messages as self-deleting. But what if you want to be able to read them in the future?
And then the Smarsh (owners of Telemessage) salesman calls you, and says "your users can keep using the apps they love - WhatsApp, Signal - but we archive the self-deleting messages somewhere you can hide from the SEC if they happen to change their mind". And everyone loves it (you already fired all the Security or Legal teams).
The purpose of using something like Signal is not compatible with the needs of the government or the law.
I’ve worked for non-Federal government. Your work product is not your own, and the public interest, as expressed by the law requires that your communications and decisions can be reviewed by the government you serve.
The US government created the dark web to enable espionage — its pretty obvious why they need to read their employees mail.
Maybe someone wanted to please the procedure of law but also had to please the bros. The result is a hack of a secure program that adds conversation archiving.
The big part of this story which nobody is talking about is the fact that the app is literally controlled by a bunch of “former” Israeli intelligence officers. Who now have what is arguably the worlds most valuable access out of anyone.
The bigger story is the follow up that shows someone already hacked telemessage because the app seems to be vulnerable to several exploits (and transmits data in the clear apparently).
White House communications director previously revealed (after “Signalgate”) that Signal was an approved and whitelisted app for gov’t officials to have on work phones and even discuss top-secret matters on. But I haven’t heard that TeleMessage was approved (and I’d have serious questions if it were given the foreign intelligence factor). Anyone know if there is a clear answer to whether it’s been approved?
More and more I am starting to understand that making money with software really has nothing to do with quality. It's about checking boxes. Enterprise SSO? Check. Auditing? Check. Does it "kinda" do the thing as advertised? Sort of, poorly, and slower than many free open source offerings. Oh, and also the company is in talks for an acquisition, so the entire engineering team is just drawing up plans for their vacation homes and picking out their BMWs at this point, while the product rots. Doesn't matter, here's your eight figure contract so we can tell the SLT we did a thing. By the time enough people have had to deal with it to get rid of it, all the decision makers will have moved on to something else.
Is Signal allowing arbitrary apps to connect to its network? How do I know that my correspondent is using TM Sgnl or another unofficial app?
Doesn't that break Signal's security guarantees? For example, what if I set my message to delete in 1 hour but TM Sgnl archives it, or some other app simply ignores the retention setting?
If Signal allows it, it seems like a major vulnerability? I suppose I must trust other users - they could always screenshot a conversation. But while I trust them not to intentionally cheat me, I shouldn't have to trust them to accurately evaluate the security implementation of a software application - something most people can't do, Mike Waltz being the most famous example.
Maybe Signal should identify users unofficial clients. A downside is that it would provide significant identifying information - few people use unofficial apps.
> Doesn't that break Signal's security guarantees? For example, what if I set my message to delete in 1 hour but TM Sgnl archives it, or some other app simply ignores the retention setting?
Disappearing messages has never been a security guarantee of Signal. People can always archive things their own way (screenshots in the worst case). It's just a convenience feature, not a security thing.
The question is - how do you intend to verify whether an application is official or unofficial? What's stopping the official application to be 'patched' with a fake signature feigning validity?
I thought the only client allowed on Signal was the official build provided by Signal itself? Does this mean Signal does officially allow another build (Telemark's TM SGNL) access to the Signal network?
From what I know, Signal tries to block known bad clients. But guaranteeing such blocks is impossibly hard short of forcing attestations via things like SafetyNet that would legitimately impact users as well.
There was a case where a teenager in India rose to news media popularity by publishing a messaging app, which was a simple rebranding of Signal he made using some other tool which patches assets iirc.
It was blocked by Signal, but only after reports surfacing about it being an insecure rebrand.
China's WeChat certainly wouldn't like this yet there's a modified build of that as well, according to the article.
I don't think they asked Signal Foundation for permission, they just did it. Just because you're an Israeli government contractor doesn't mean you can't get rich from piracy and modding so long as you find gullible buyers
Also, how would Signal know this isn't the official app that's accessing their network? They do have a standing policy against it but if someone copy-pastes the APK and makes modifications in parts that don't talk to your server, how's your server to know that an illegitimate client is talking to it
That is not true. There is a popular mod of Signal called Molly - https://molly.im/. It allows multi-device access, which I find very useful. I have been using this on Signal network for a long time now.
But tl;dr anything said on those phones is assumed to be compromised until proven otherwise by time or a whole lot of very interesting security verifications. So far the evidence that this is a very large leak looks probable based on the evidence presented.
I wonder if they were using it from the start, or if after the first SignalGate, someone scrmabled to find a supplier who could "make their Signal compliant" (which is exactly what TeleMessage/Smarsh are selling)
This news story has been strange for me for awhile because on one hand NO our public officials should not be using Signal, but it isn’t because Signal is a bad technology choice. Signal is great. It’s probably the most useable service that’s verifiably secure.
Speculation, as no 'technical' analysis could be performed without access to the actual binaries. These aplications are unlisted and otherwise assigned to organisations using device management. This analysis is based on documentation and how this assignment process works. There is no way to determine if an original application got modified, as this would be the same for the WeChat, WhatsApp applications, or that they recompiled the open source version?
I presume that there is an official application that has
been created by the US military / NSA / some other entity
to facilitate secure encrypted messaging for a presidential
administration?
If such a beast exists what is it called?
How does it work?
I would more expect it to be a specific combination
of hardware physically approved phones and software.
Did the prior administration use it exclusively?
I remember Obama allegedly refusing to part with
his Blackberry.
SCIF - Sensitive compartmented information facility. Officials are often not too far away from one (including in their own home), and can usually get to one in less than 5 minutes.
From my understanding, the BlackBerry thing was largely for personal use.
Installing Signal using this method provides none of the guarantees Signal can normally provide by being an open verifiable application. It not only opens you up to state actors, but also IT folks like us. This is very much tech news. It helps explain why MDM is both critically important for businesses and terrible for security.
Here is the thing about e2e encrypted messengers: They lock you and your data in and do not allow you control of your life. There is a right to data portability (at least in the eu) that they violate and there is no one fighting for it. Whenever i engage in conversation about this i get empty faces, hostility and vague references to features that are crippled or just don't work at all. There are people and institutions that have to archive the communication centrally and they don't have control over how they are contacted and cannot have conversation about the channel used in every interaction all the time. The solution is to finally force messengers to allow api access to all communication data and then show a sign similar to ssl warnings in browsers to the other side that this user is using an archival api service.
There's a difference between data transport and data hosting. Modern expectations of messengers seem to blur this line and it's better if it's not blurred.
Incidentally: The reason why they blur it is because of 2 network asymmetries prevalent since the 1990's that enforced a disempowering "all-clients-must-go-through-a-central-server model" of communications. Those 2 asymmetries are A) clients have lower bandwidth than servers and B) IPv4 address exhaustion and the need/insistence on NAT. It's definitely not practical to have a phone directly host the pictures posted in its group chats, but it would be awesome if the role of a messaging app's servers was one of caching instead of hosting.
In the beginning though: the very old IRC was clear on this; it was a transport only, and didn't host anything. Anything relating to message history was 100% a client responsibility.
And really I have stuck with that. My primary expectation with messaging apps is message transport. Syncing my message history on disparate devices is cool, and convenient, but honestly I don't really need it in a personal capacity if each client is remembering messages. I don't understand how having to be responsibile for the management of my own data is "less control of my life," it seems like more control. And ... I'm not sure I care about institutional entitlement to archive stuff that is intended to be totally personal.
I understand companies like to have group chats, and history may be more useful and convenient there, but that's why I'm not ever going to use Teams for personal purposes. But I'm not going to scroll back 10 years later on my messaging apps to view old family pictures. I'm going to have those saved somewhere.
Molly is a fork of signal that is allowed to access Signals APIs and their APIs are much more open than any other similar service [1] . Signal is not really designed for communicating with people that you don't know in real life such that you can be beyond suspicion that they would be archiving messages but it is basically impossible to monitor if your conversations are being archived if someone is just taking pictures of their phone with another device.
I don't understand this: there's nothing intrinsic to e2e that makes interoperability particularly hard. There are multiple open-source e2e protocols that demonstrate this tidily, and my understanding is that there are governments in the EU that are adopting e.g. Matrix for this reason.
> show a sign similar to ssl warnings in browsers to the other side that this user is using an archival api service.
There is no sound way to do this and there probably never will be, especially if the protocol is interoperable and therefore the user can pick any client they please. The other client can always lie about what it's doing or circumvent detections through analogue means, e.g. pointing a camera at the screen.
They took an Israeli app, that is a modified version of signal. the modification BREAKS the one thing signal is excellent at (keeping your messages encrypted so that only the desired endpoints can read them), then distributed it within the US Gov.
This is insanity!
US's enemy's couldn't manufacture a better result themselves!
You have to archive messages in some sectors by law, fine. But taking an E2E encrypted app and decrypting and storing the messages in plain text is a brain dead solution.
You get a group of people, say 5, and you generate a Shamirs Secret Split key requiring a minimum of 3 shares to recover, call it the archive key, with each share encrypted to one of those people. You have the modified apps encrypt chat logs every day to a new one time use key, and encrypt that to the Archive key, and upload the encrypted logs somewhere all can access.
Now 3 people in that set of 5 people get a subpoena to disclose logs in a given time period. Each one can consent to using their archive key in an ephemeral secure enclave server to decrypt the daily log keys in the requested date ranged, and decrypt the requested logs.
This way everything is end to end encrypted unless M-of-N people agree to decrypt specific archived logs to comply with a court order.
This shit is not that hard and with the budget of the White House there are 0 excuses for not running a private server and end to end encrypted chat apps with reproducible builds using archive tactics along the lines I just described.
But, I am also not mad at them making public fools of themselves either.
What are the visually distinguishing features of this TM SGNL app compared to the official one? To my eyes, the app in the Waltz picture looks the same as the official one.
[+] [-] tomhow|11 months ago|reply
[+] [-] croemer|11 months ago|reply
[+] [-] dang|11 months ago|reply
Normally I wouldn't link to meta discussion but this was such a weird borderline case that I spent over an hour trying to figure it out. Maybe that makes it interesting.
Edit: in case anyone's confused about the sequence here, micahflee posted the current thread 2 days ago. The timestamp at the top of this page is an artifact of us re-upping it (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...).
[+] [-] abhisek|11 months ago|reply
It’s like encashing on the trust of Signal protocol, app while breaking its security model so that someone else can search through all messages.
What am I missing here?
[+] [-] namdnay|11 months ago|reply
OK, say you're a bank. The SEC states you need to keep archives of every discussion your traders have with anyone at any time (I'm simplifying things but you get the point). You keep getting massive fines because traders were whatsapping about deals
So now you've got several options - you can use MS Teams, which of course offers archival, compliance monitoring etc. But that means trusting MSFT, and making sure your traders only use Teams and nothing else. You can use a dedicated application for the financial industry, like Symphony or ICE Chat or Bloomberg, but they're clunkier than B2C apps.
And then the Smarsh (owners of Telemessage) salesman calls you, and says "your users can keep using the apps they love - WhatsApp, Signal - but we make it compliant". And everyone loves it (as long as no-one in your Security or Legal teams are looking too hard at the implications of distributing a cracked version of WhatsApp through your MDM...)
Edit: here's the install document for their cracked WhatsApp binary https://smarsh.my.salesforce.com/sfc/p/#30000001FgxH/a/Pb000...
[+] [-] Xylakant|11 months ago|reply
The goal of signal is trusted end-to-end encrypted communication. Device/Message security on either end is not in scope for Signals threat model.
[+] [-] sneak|11 months ago|reply
This allows Apple (and the US intelligence community, including FBI/DHS) to surveil approximately 100% of all non-China iMessages in close to realtime (in the usual case where it’s set to backup cross-device iMessage sync keys).
(China, cleverly, requires Apple to not only store all the Chinese iCloud data in China, but also requires that it happen on machines owned and operated by a joint venture with a Chinese-government-controlled entity, keeping them from having to negotiate continued access to the data the way the FBI did.)
https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...
Yet Apple can still legitimately claim that iMessage is e2ee, even though the plaintext is being backed up in a way that is readable to them. It’s a backdoor by another name.
Everyone wins: Apple gets to say E2EE, the state gets to surveil the texts of everyone in the whole country without a warrant thanks to FISA.
[+] [-] RIMR|11 months ago|reply
[+] [-] grishka|11 months ago|reply
[+] [-] rkuykendall-com|10 months ago|reply
And then the Smarsh (owners of Telemessage) salesman calls you, and says "your users can keep using the apps they love - WhatsApp, Signal - but we archive the self-deleting messages somewhere you can hide from the SEC if they happen to change their mind". And everyone loves it (you already fired all the Security or Legal teams).
[+] [-] Spooky23|10 months ago|reply
I’ve worked for non-Federal government. Your work product is not your own, and the public interest, as expressed by the law requires that your communications and decisions can be reviewed by the government you serve.
The US government created the dark web to enable espionage — its pretty obvious why they need to read their employees mail.
[+] [-] jowea|11 months ago|reply
You want to talk to people who want to use Signal, but you yourself don't care about E2E
You trust Telemedia, but not Telegram, or Meta. And you want convenient archiving.
[+] [-] catlikesshrimp|11 months ago|reply
[+] [-] SequoiaHope|11 months ago|reply
[+] [-] mdhb|11 months ago|reply
[+] [-] cycomanic|11 months ago|reply
https://news.ycombinator.com/item?id=43896138
[+] [-] ComputerGuru|11 months ago|reply
[+] [-] ramesh31|11 months ago|reply
[+] [-] mmooss|11 months ago|reply
Doesn't that break Signal's security guarantees? For example, what if I set my message to delete in 1 hour but TM Sgnl archives it, or some other app simply ignores the retention setting?
If Signal allows it, it seems like a major vulnerability? I suppose I must trust other users - they could always screenshot a conversation. But while I trust them not to intentionally cheat me, I shouldn't have to trust them to accurately evaluate the security implementation of a software application - something most people can't do, Mike Waltz being the most famous example.
Maybe Signal should identify users unofficial clients. A downside is that it would provide significant identifying information - few people use unofficial apps.
[+] [-] Sniffnoy|11 months ago|reply
Disappearing messages has never been a security guarantee of Signal. People can always archive things their own way (screenshots in the worst case). It's just a convenience feature, not a security thing.
[+] [-] dboreham|11 months ago|reply
[+] [-] jaza|11 months ago|reply
[+] [-] Weetile|11 months ago|reply
[+] [-] throw7|11 months ago|reply
[+] [-] captn3m0|11 months ago|reply
There was a case where a teenager in India rose to news media popularity by publishing a messaging app, which was a simple rebranding of Signal he made using some other tool which patches assets iirc.
It was blocked by Signal, but only after reports surfacing about it being an insecure rebrand.
[+] [-] Aachen|11 months ago|reply
I don't think they asked Signal Foundation for permission, they just did it. Just because you're an Israeli government contractor doesn't mean you can't get rich from piracy and modding so long as you find gullible buyers
Also, how would Signal know this isn't the official app that's accessing their network? They do have a standing policy against it but if someone copy-pastes the APK and makes modifications in parts that don't talk to your server, how's your server to know that an illegitimate client is talking to it
[+] [-] nelblu|11 months ago|reply
[+] [-] IshKebab|11 months ago|reply
[+] [-] be_erik|11 months ago|reply
But tl;dr anything said on those phones is assumed to be compromised until proven otherwise by time or a whole lot of very interesting security verifications. So far the evidence that this is a very large leak looks probable based on the evidence presented.
[+] [-] jimmydoe|11 months ago|reply
Unfortunately this Israeli company is just incompetent, should try something from Russia next time, given that’s all the data end up to be anyway.
[+] [-] namdnay|11 months ago|reply
[+] [-] awongh|11 months ago|reply
[+] [-] watwut|11 months ago|reply
[+] [-] be_erik|11 months ago|reply
[+] [-] gbraad|11 months ago|reply
[+] [-] ThinkBeat|10 months ago|reply
If such a beast exists what is it called? How does it work?
I would more expect it to be a specific combination of hardware physically approved phones and software.
Did the prior administration use it exclusively?
I remember Obama allegedly refusing to part with his Blackberry.
[+] [-] alpha_squared|10 months ago|reply
From my understanding, the BlackBerry thing was largely for personal use.
[+] [-] sharpshadow|10 months ago|reply
[+] [-] LordShredda|11 months ago|reply
[+] [-] namdnay|11 months ago|reply
[+] [-] harrisrobin|11 months ago|reply
[deleted]
[+] [-] be_erik|11 months ago|reply
[+] [-] jFriedensreich|11 months ago|reply
[+] [-] RiverCrochet|11 months ago|reply
Incidentally: The reason why they blur it is because of 2 network asymmetries prevalent since the 1990's that enforced a disempowering "all-clients-must-go-through-a-central-server model" of communications. Those 2 asymmetries are A) clients have lower bandwidth than servers and B) IPv4 address exhaustion and the need/insistence on NAT. It's definitely not practical to have a phone directly host the pictures posted in its group chats, but it would be awesome if the role of a messaging app's servers was one of caching instead of hosting.
In the beginning though: the very old IRC was clear on this; it was a transport only, and didn't host anything. Anything relating to message history was 100% a client responsibility.
And really I have stuck with that. My primary expectation with messaging apps is message transport. Syncing my message history on disparate devices is cool, and convenient, but honestly I don't really need it in a personal capacity if each client is remembering messages. I don't understand how having to be responsibile for the management of my own data is "less control of my life," it seems like more control. And ... I'm not sure I care about institutional entitlement to archive stuff that is intended to be totally personal.
I understand companies like to have group chats, and history may be more useful and convenient there, but that's why I'm not ever going to use Teams for personal purposes. But I'm not going to scroll back 10 years later on my messaging apps to view old family pictures. I'm going to have those saved somewhere.
[+] [-] zitterbewegung|11 months ago|reply
[1] https://github.com/mollyim/mollyim-android
[+] [-] woodruffw|11 months ago|reply
> show a sign similar to ssl warnings in browsers to the other side that this user is using an archival api service.
There is no sound way to do this and there probably never will be, especially if the protocol is interoperable and therefore the user can pick any client they please. The other client can always lie about what it's doing or circumvent detections through analogue means, e.g. pointing a camera at the screen.
[+] [-] senectus1|11 months ago|reply
They took an Israeli app, that is a modified version of signal. the modification BREAKS the one thing signal is excellent at (keeping your messages encrypted so that only the desired endpoints can read them), then distributed it within the US Gov.
This is insanity!
US's enemy's couldn't manufacture a better result themselves!
[+] [-] lrvick|11 months ago|reply
You get a group of people, say 5, and you generate a Shamirs Secret Split key requiring a minimum of 3 shares to recover, call it the archive key, with each share encrypted to one of those people. You have the modified apps encrypt chat logs every day to a new one time use key, and encrypt that to the Archive key, and upload the encrypted logs somewhere all can access.
Now 3 people in that set of 5 people get a subpoena to disclose logs in a given time period. Each one can consent to using their archive key in an ephemeral secure enclave server to decrypt the daily log keys in the requested date ranged, and decrypt the requested logs.
This way everything is end to end encrypted unless M-of-N people agree to decrypt specific archived logs to comply with a court order.
This shit is not that hard and with the budget of the White House there are 0 excuses for not running a private server and end to end encrypted chat apps with reproducible builds using archive tactics along the lines I just described.
But, I am also not mad at them making public fools of themselves either.
[+] [-] jcgl|11 months ago|reply
[+] [-] ranger_danger|11 months ago|reply
Screenshot of previous version: https://0x0.st/8Jqf.png