I get a lot of credit for the stuff that Open Whisper Systems does, but it's not all me by a long shot. Trevor Perrin, Frederic Jacobs, Christine Corbett, Tyler Reinhard, Lilia Kai, Jake McGinty, and Rhodey Orbits are the crew that really made all this work happen.
Given that we have the man himself onboard - can I urge you to ask the WSJ to remove the comment at the start of the article about WhatsApp implementing your encryption schema? Unless I've missed something, there's absolutely no way for an end-user to determine if their messages are being encrypted (with whatsapp). Or how they're being encrypted for that matter. I feel like WhatsApp latched onto your groundwork (potentially even with good intentions) - but never actually has opened up about the implementation, opened the code to audit, or been forthright about exactly who/how many users are covered.
I fear articles like this just make the average joe think "oh, whatsapp == secure" when recent events have proven that's far, far from the truth.
Thank you for http://www.youtube.com/watch?v=unZZCykRa5w. Your notion of 'bundling' was one of my top three most mulled ideas in the past five years. Once I started looking, I see it everywhere.
You are a gentleman for redistributing the credit. I have unfortunately worked for people who would not have. Regardless, thanks for your contribution to privacy, and may whatever karma exists rain invisibly on you ;)
Moxie, the progress on TextSecure/Signal integration seems to have slowed down quite a bit (at least as seen from the outside). I think it's been almost a year since Signal for iOS came out - yet still no word on Signal for Android.
What is taking so long, if you don't mind me asking? Is there some sort of Signal 3.0 overhaul planned for all the platforms along with a big launch?
Also, I think you've been quite retreated in the past year or so, I assume so you can focus on working. But I believe you should personally get more involved in promoting your apps (as you do in this piece here). Go on more TV shows, podcasts and so on. Look how much Telegram has grown, not because it's any better than Signal (far from it), but because they've actively promoted themselves and took a more pro-active role in building a community.
More mainstream users need to know that "Skype is not secure, but Signal is" - which reminds me - I hope Signal will eventually get encrypted video-chat support as well, to make it a true alternative to Skype (and of course a desktop app, but I know your team has been working on that).
To monetize the apps have you considered trying to get Signal into enterprise, as a much more secure alternative to what enterprise customers are currently using, and then get paid for support? Or do you believe that would complicate things too much and make the apps worse off in the end?
Moxie, how do you do it? There are other good crypto people, good developers, good designers, and you're probably not the best at any of those things, but how do you make results like:
>A few years ago, Matthew Green, a cryptographer and professor at Johns Hopkins University, unleashed his students on Mr. Marlinspike’s code. To Prof. Green’s surprise, they didn’t find any errors. He compared the experience to working with a home contractor who made “every single corner perfectly squared.”
While having Signal is great, one thing I don't like is the use of phone numbers as identifiers. Why can't we have the option of using a random string?
I'll also take this opportunity to give thanks and respect the whole team.
Though I have to say, whilst I understand the absolute ballache of technical reasons for dropping SMS support, I'm _still_ extremely sad to see it gone :(
Maybe you could answer a few questions? That'd be cool.
Is there much hope for strong privacy and anonymity using smartphones? Even with secure apps, there's the baseband, controlled by the cell provider. Can it be isolated?
What are the chances for open-source hardware?
What are the main pros and cons of iOS and Android?
I would take this opportunity to say a big thank you to the whole team, textsecure is my default messaging software and it's really well done. Thanks to all of you ! :)
I remember being in an applied crypto class with you at CMU taught by Virgil Gligor if I am not mistaken and was thoroughly impressed with your knowledge of cryptosystems. I am happy for you! Way to go.
I tried TextSecure through bluestacks and captured the stream to find out that it is using TLSv1. I am a noob in computer security, but isn't TLSv1.2 more secure?
What infuriates me the most is that is such a blind, selfish, first world argument. It assumes freedom of speech is granted, ubiquitous, and irreversible, so those who want extra protection must be criminals.
In some countries you can be killed for your political views. You can also be killed for what you are -- gay, for example.
Anyway, in most cases the person who said that is a complete hypocrite, like a politician/businessman who wants to ban encryption to be able to spy on their competitors, not to "protect children".
That's even a higher level of blindness. Those people understand how the world works. They know that hackings, theft, revolutions, and coups d'etat exist, and those who once were righteous, legal and legitimate may be prosecuted.
What if there were a revolution and the new government decided that now being a sports fan were illegal? That new government may have access to apparently innocent communications where people discussed sports events. Communications that were legally intercepted and innocent in one scenario may be life-threatening if laws change.
That's why we need encryption, that's why all person-to-person communications must be private (we can discuss the transparency degree for governments communications), and that's why governments must find some other way of fighting crime than just exposing everybody naked to make it easier to pick the bad apples.
Sorry for the rant, but encryption is saving lives of gays, illegitimately prosecuted politicians and such. Banning it with lame excuses is short-sighted and may backfire some day.
I've had a ton of respect for Marlinspike ever since he published sslstrip, an incredibly simple defeat of HTTPS.[1]
It's a perfect demonstration of the fundamental insecurity of the web thus far. When an insecure communication mode (HTTP) is the default and perfectly ok most of the time, the browser has no idea when you are supposed to be operating on a secure channel (HTTPS) but have been tricked into downgrading by a man in the middle attack.
I can't prove it but I believe his work is a significant factor behind the shift towards deprecating HTTP in favor of HTTPS all the time. That is the only real solution.
Moxie and Frederic and Christine and the rest definitely deserve a lot of credit.
Half of me is really happy every time I see Signal getting more popular. The other half is more like OH GOD THE STAKES ARE HIGHER NOW WHAT IF I MADE AN EXPLOITABLE MISTAKE BETTER RE-READ SOME CODE.
But seriously, you should read the code. It's there, open for anyone to audit after all. Maybe start somewhere random in the guts [1][2][3] and check for things like "ereh 2# roodkcab"?
The sailing documentary they briefly mention in the article is called Hold Fast. If there are any HN readers that are into sailing I highly recommend it.
> President Barack Obama called [protected-messaging apps] “a problem.”
but
> Encrypted messaging was viewed [by the U.S. State Department] as a way for dissidents to get around repressive regimes. With help from Mr. Schuler, Radio Free Asia’s Open Technology Fund, which is funded by the government and has a relationship with the State Department, granted Mr. Marlinspike more than $1.3 million between 2013 and 2014, according to the fund’s website.
Interesting article and interesting guy. I like the work he and his team does on these apps. Unfortunately, they typically run on the type of endpoints that everyone from script kiddies with money to High Strength Attackers can hit. Usually alongside apps not as strong as theirs on TCB's that can at best be described as insecure foundations.
I recommend against such apps and platforms for anything other than stopping the riff raff. That's what I use them for. I pointed out the difference between secure code and secure systems in this [1] writeup. Shared much of my framework for analyzing or designing-in security in the process. The TCB of most solutions today is ridiculous: people are building on foundations of quicksand. There's only a few exceptions I've seen such as GenodeOS (architecturally) or Markus Ottela's Tinfoil Chat. Markus has been unusually alert to our concerns and updated his app appropriately even for covert, channel suppression. Quick question: which of the many crypto apps on the market can deliver a covert channel analysis to you at app and system level? Answer: few to none despite it's importance over decades with a rediscovery in past 5+ years in mainstream security.
Strong security is hard. Moxie seems awesome as a coder and good to great in both crypto and OPSEC. Thing is, his offerings break the decades old rule of having a strong TCB. Just like most of the rest. It's why they're usually bypassed or broken by strong attackers. Gotta do the whole thing with concern for each aspect of the system. TFC is a clever cheat on that even more than my MILS scheme with a KVM and a highly-assured guard. If you don't cheat around it, you better do it right or your users will suffer the consequences. Those trying to contain vulnerabilities of mainstream OS's and components with any success are expending literally hundreds of thousands of dollars worth of labor per year. It's why I push for clean-slate, hardware and software platforms like DARPA and NSF have been funding recently (eg SAFE, CHERI processors). Alternatives using COTS tech are pretty complex and most users will probably fail to secure them to be honest.
I still can't get over Moxie wanting Google and Apple and Microsoft to be gatekeepers of what you can and can't do with your device and calling sideloading "that old broken desktop security model".
I admire your work Moxie, but sadly we stand on different sides of war on general purpose computing. I can't help but be saddened that "the other side" got someone so talented and dedicated.
Yes. This is really annoying it was one of the major selling points - I'd got several people to install it on this basis. They had a reason for the change but I was un-impressed
The best thing that one can say is that it is well indicated by the UI whether the message will be secure. Blue for encrypted. Green for clear. I've managed to explain this to some very tech unsavy people.
Sweet article! The movie about Moxie fixing up and sailing a boat was actually was super fun to watch! I'm feeling grateful the comments section hasn't turned into a massive argument over TextSecure dropping SMS support like the whisper systems mailing list alwayssss is...
Moxie gave a great high-level talk on cryptography and Open Whisper Systems at Webstock this year too, for anyone that's interested: https://vimeo.com/124887048
I was a great fan of TextSecure until a few days ago. I had encouraged a bunch of friends to install it. One of them couldn't get rid of a notification from TextSecure about an unread message despite there being none, and eventually they uninstalled it. Then, for the next 4 months TextSecure blackholed every message I sent this friend without warning either them or me. They never received a single message from me. After discovering that I uninstalled it.
You'll find that this is true for every messenger on Android, since there is no way to detect someone uninstalling without unregistering.
TextSecure has delivery receipts so you can see when your messages aren't being delivered, and there's a web-based unregistration flow on the Open Whisper Systems website so that users can unregister their numbers if they've uninstalled.
Kudos to moxie and team for their work and their example of positively enabling others to speak freely, for inspiring others to build better alternatives, and for being the change they wish to see in the world.
Also wanted to share one of the most provocative moxie-isms I've heard in recent years from him, in reference to WL:
Address book based social networks are nice to get a bit of bootstrapping, but becomes pretty bad when you want to add someone as a text secure contact, or you want to run a version without using SMS gateways. It gets pretty complicated pretty fast compared to 'what is your username'.
I hope text secure gets usernames one day that you can associate with phone numbers & emails.
The web-browser version is a good development, it shows that desktop and multi-device versions are on the way.
It's awesome seeing so many privacy and secure messaging apps spring up. The tough part is getting people to use them. I've been using Wickr (I know the black box arguments, but they have a reasonable bounty in place) and it doesn't require number, contact info or addy. The phone call feature of Signal sounds interesting so I'll check it out.
I tried installing TextSecure recently but it wouldn't work without the Google Play services.
I hadn't herd of their new app Signal. Has anyone tried it? I'm really interested in hearing anyone's experience using it.
BTW, I ended up installing Telegram ...and it may be mere co-incidence, but I started noticing some weird things happening that I've never seen before. I connect to the internet exclusively via tethering to my phone and while tethered I started seeing messages in Firefox from my desktop machine giving warnings that were something like "Could not establish secure connection because the server supports a higher version of TLS". My guess is that it was some sort of MITM attack... and I was possibly targeted due to the traffic to Telegram servers.
One other thing regarding Telegram: I really don't like that it reads my contact list and uploads it to their server to check if my contacts have a Telegram account. I've blocked the permission for now.
[+] [-] moxie|10 years ago|reply
[+] [-] tw04|10 years ago|reply
I fear articles like this just make the average joe think "oh, whatsapp == secure" when recent events have proven that's far, far from the truth.
http://arstechnica.com/tech-policy/2015/06/intercepted-whats...
[+] [-] akkartik|10 years ago|reply
[+] [-] moxie|10 years ago|reply
https://whispersystems.org/workworkwork/
[+] [-] lectrick|10 years ago|reply
[+] [-] RexRollman|10 years ago|reply
Sadly, the march to "Safety Fascism" continues unabated.
[+] [-] higherpurpose|10 years ago|reply
What is taking so long, if you don't mind me asking? Is there some sort of Signal 3.0 overhaul planned for all the platforms along with a big launch?
Also, I think you've been quite retreated in the past year or so, I assume so you can focus on working. But I believe you should personally get more involved in promoting your apps (as you do in this piece here). Go on more TV shows, podcasts and so on. Look how much Telegram has grown, not because it's any better than Signal (far from it), but because they've actively promoted themselves and took a more pro-active role in building a community.
More mainstream users need to know that "Skype is not secure, but Signal is" - which reminds me - I hope Signal will eventually get encrypted video-chat support as well, to make it a true alternative to Skype (and of course a desktop app, but I know your team has been working on that).
To monetize the apps have you considered trying to get Signal into enterprise, as a much more secure alternative to what enterprise customers are currently using, and then get paid for support? Or do you believe that would complicate things too much and make the apps worse off in the end?
[+] [-] jchrisa|10 years ago|reply
I'm dreaming up a crypto currency where the scare resource is human creativity rather than CPU time. It is a little like key based identity taken through the looking glass. Quick read: http://thenewstack.io/why-art-could-become-currency-in-a-cry...
I asked a similar question of vbuterin the other day. Thanks for any response: https://www.reddit.com/r/ethereum/comments/3ai4pm/the_humans...
[+] [-] tedks|10 years ago|reply
>A few years ago, Matthew Green, a cryptographer and professor at Johns Hopkins University, unleashed his students on Mr. Marlinspike’s code. To Prof. Green’s surprise, they didn’t find any errors. He compared the experience to working with a home contractor who made “every single corner perfectly squared.”
...happen?
[+] [-] newman314|10 years ago|reply
[+] [-] BuildTheRobots|10 years ago|reply
Though I have to say, whilst I understand the absolute ballache of technical reasons for dropping SMS support, I'm _still_ extremely sad to see it gone :(
[+] [-] mirimir|10 years ago|reply
Is there much hope for strong privacy and anonymity using smartphones? Even with secure apps, there's the baseband, controlled by the cell provider. Can it be isolated?
What are the chances for open-source hardware?
What are the main pros and cons of iOS and Android?
[+] [-] thegainz|10 years ago|reply
[+] [-] gault8121|10 years ago|reply
[+] [-] realusername|10 years ago|reply
[+] [-] n_siddharth|10 years ago|reply
[+] [-] martindale|10 years ago|reply
[+] [-] ulam2|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] bcg1|10 years ago|reply
[+] [-] sergiotapia|10 years ago|reply
And there we go, highest voted comment on the article: a strawman about child pornography. Think of the keeeds
[+] [-] carlesfe|10 years ago|reply
In some countries you can be killed for your political views. You can also be killed for what you are -- gay, for example.
Anyway, in most cases the person who said that is a complete hypocrite, like a politician/businessman who wants to ban encryption to be able to spy on their competitors, not to "protect children".
That's even a higher level of blindness. Those people understand how the world works. They know that hackings, theft, revolutions, and coups d'etat exist, and those who once were righteous, legal and legitimate may be prosecuted.
What if there were a revolution and the new government decided that now being a sports fan were illegal? That new government may have access to apparently innocent communications where people discussed sports events. Communications that were legally intercepted and innocent in one scenario may be life-threatening if laws change.
That's why we need encryption, that's why all person-to-person communications must be private (we can discuss the transparency degree for governments communications), and that's why governments must find some other way of fighting crime than just exposing everybody naked to make it easier to pick the bad apples.
Sorry for the rant, but encryption is saving lives of gays, illegitimately prosecuted politicians and such. Banning it with lame excuses is short-sighted and may backfire some day.
[+] [-] abalone|10 years ago|reply
It's a perfect demonstration of the fundamental insecurity of the web thus far. When an insecure communication mode (HTTP) is the default and perfectly ok most of the time, the browser has no idea when you are supposed to be operating on a secure channel (HTTPS) but have been tricked into downgrading by a man in the middle attack.
I can't prove it but I believe his work is a significant factor behind the shift towards deprecating HTTP in favor of HTTPS all the time. That is the only real solution.
[1] http://www.thoughtcrime.org/software/sslstrip/
[+] [-] Strilanc|10 years ago|reply
Half of me is really happy every time I see Signal getting more popular. The other half is more like OH GOD THE STAKES ARE HIGHER NOW WHAT IF I MADE AN EXPLOITABLE MISTAKE BETTER RE-READ SOME CODE.
But seriously, you should read the code. It's there, open for anyone to audit after all. Maybe start somewhere random in the guts [1][2][3] and check for things like "ereh 2# roodkcab"?
1: https://github.com/WhisperSystems/Signal-iOS/blob/master/Sig...
2: https://github.com/WhisperSystems/Signal-iOS/blob/master/Sig...
3: https://github.com/WhisperSystems/Signal-iOS/blob/master/Sig...
[+] [-] lukeh|10 years ago|reply
[+] [-] hookshot|10 years ago|reply
You can watch it here: https://vimeo.com/15351476
[+] [-] nathan_long|10 years ago|reply
> President Barack Obama called [protected-messaging apps] “a problem.”
but
> Encrypted messaging was viewed [by the U.S. State Department] as a way for dissidents to get around repressive regimes. With help from Mr. Schuler, Radio Free Asia’s Open Technology Fund, which is funded by the government and has a relationship with the State Department, granted Mr. Marlinspike more than $1.3 million between 2013 and 2014, according to the fund’s website.
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] PhantomGremlin|10 years ago|reply
Here's the thing that Moxie recognizes, that many other programs don't (in any domain):
[+] [-] nickpsecurity|10 years ago|reply
I recommend against such apps and platforms for anything other than stopping the riff raff. That's what I use them for. I pointed out the difference between secure code and secure systems in this [1] writeup. Shared much of my framework for analyzing or designing-in security in the process. The TCB of most solutions today is ridiculous: people are building on foundations of quicksand. There's only a few exceptions I've seen such as GenodeOS (architecturally) or Markus Ottela's Tinfoil Chat. Markus has been unusually alert to our concerns and updated his app appropriately even for covert, channel suppression. Quick question: which of the many crypto apps on the market can deliver a covert channel analysis to you at app and system level? Answer: few to none despite it's importance over decades with a rediscovery in past 5+ years in mainstream security.
Strong security is hard. Moxie seems awesome as a coder and good to great in both crypto and OPSEC. Thing is, his offerings break the decades old rule of having a strong TCB. Just like most of the rest. It's why they're usually bypassed or broken by strong attackers. Gotta do the whole thing with concern for each aspect of the system. TFC is a clever cheat on that even more than my MILS scheme with a KVM and a highly-assured guard. If you don't cheat around it, you better do it right or your users will suffer the consequences. Those trying to contain vulnerabilities of mainstream OS's and components with any success are expending literally hundreds of thousands of dollars worth of labor per year. It's why I push for clean-slate, hardware and software platforms like DARPA and NSF have been funding recently (eg SAFE, CHERI processors). Alternatives using COTS tech are pretty complex and most users will probably fail to secure them to be honest.
[1] https://www.schneier.com/blog/archives/2013/01/essay_on_fbi-...
[+] [-] jsprogrammer|10 years ago|reply
[+] [-] mentat|10 years ago|reply
[+] [-] glogla|10 years ago|reply
I admire your work Moxie, but sadly we stand on different sides of war on general purpose computing. I can't help but be saddened that "the other side" got someone so talented and dedicated.
[+] [-] nly|10 years ago|reply
[+] [-] JupiterMoon|10 years ago|reply
The best thing that one can say is that it is well indicated by the UI whether the message will be secure. Blue for encrypted. Green for clear. I've managed to explain this to some very tech unsavy people.
[+] [-] dates|10 years ago|reply
[+] [-] briandoll|10 years ago|reply
[+] [-] ianopolous|10 years ago|reply
[+] [-] moxie|10 years ago|reply
TextSecure has delivery receipts so you can see when your messages aren't being delivered, and there's a web-based unregistration flow on the Open Whisper Systems website so that users can unregister their numbers if they've uninstalled.
[+] [-] lisper|10 years ago|reply
https://github.com/Spark-Innovations/SC4
Strong encryption that runs in a browser. Recently completed its first security audit.
[+] [-] justcommenting|10 years ago|reply
Also wanted to share one of the most provocative moxie-isms I've heard in recent years from him, in reference to WL:
"What about the truth has helped you?"
[+] [-] chinathrow|10 years ago|reply
Installed it, used it, uninstalled it.
Years later, a contact asks me that he "saw me in TextSecure", sent me a message.
Obviously, I didn't get that message.
Why - o why - was/is TextSecure pretending to not know about metadata when it does? Why could that happen? Moxie?
[+] [-] JoachimSchipper|10 years ago|reply
[+] [-] mahyarm|10 years ago|reply
I hope text secure gets usernames one day that you can associate with phone numbers & emails.
The web-browser version is a good development, it shows that desktop and multi-device versions are on the way.
[+] [-] teaneedz|10 years ago|reply
[+] [-] iamthebest|10 years ago|reply
I hadn't herd of their new app Signal. Has anyone tried it? I'm really interested in hearing anyone's experience using it.
BTW, I ended up installing Telegram ...and it may be mere co-incidence, but I started noticing some weird things happening that I've never seen before. I connect to the internet exclusively via tethering to my phone and while tethered I started seeing messages in Firefox from my desktop machine giving warnings that were something like "Could not establish secure connection because the server supports a higher version of TLS". My guess is that it was some sort of MITM attack... and I was possibly targeted due to the traffic to Telegram servers.
One other thing regarding Telegram: I really don't like that it reads my contact list and uploads it to their server to check if my contacts have a Telegram account. I've blocked the permission for now.