Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently.
What are you talking about? The official client is open source and has reproducible builds.
Yes, the government can force them to give them encrypted garbage, and they will comply. They will also give the metadata with it, but there are multiple mechanisms in the app (client-side) to make sure that the server can’t even access most of the metadata, because it’s either not sent or encrypted.
So I guess for really sensitive matters you have to make sure your collaborators know how to stay safe
This is a really bad idea. The software you use should be usable safely without any knowledge of security if you want it to be really effective outside of security conscious people. And even security conscious people make mistakes.
And of course if your use-case really required a web-client you could just self-host it
That’s not an option for 99.99% of the population.
Fair point, but having a smaller team of highly competent devs (their job requirements are quite high if you look on their website) does allow them to innovate quicker and keep an overall high level of quality.
And it’s not like telegram were there code is completely unusable and the server is propretary. There are already a bunch of forks of Signal that exists (session being one of the main).
You don’t have to use matrix with a browser client
But the presence of a browser client seriously undermines the security of the whole platform. People don’t know that they should not use the browser client. If it were a third party client it wouldn’t undermine the seriousness of Matrix, but the browser client is an official one, which shows that Matrix takes security much less seriously than Signal.
only super easy and seamless with one client, i.e. the webbased Element
But the Webbased client’s security model is simply broken. E2EE in the browser is simply not possible.
Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.
I know. But I don’t have a server, don’t really want to pay for one. I also know that Matrix is very resource hungry. I know some sysadmin stuff, and it is time consuming, especially when it’s down and you don’t know why and you need it running because you have some important document that you need quickly etc…
Then there is the matter of security. I’m not going to be able to quickly react to issues, I’m not going to update it on time, and as soon as it crashes all the people that I would have managed to make migrate would immediately go back to whatever we used previously.
All that for a really mediocre UX and overall security compared to Signal. No thanks.
I don’t know what runs on matrix.org either unless I self-host, which I don’t do, because it’s way too time consuming and is much less reliable.
And Signal has mechanisms to prevent mapping user networks such as Sealed sender, which matrix and XMPP don’t have.
Federation makes it much harder to keep metadata private, though you could technically achieve the level of privacy found in Signal, it’s not easy.
In practice, Signal is a lot better at protecting your metadata than Matrix and XMPP.
Now that matrix has a lot of different clients and implementation, of would be super hard for them to implement something like Sealed Sender, which Signal was able to deploy very easily. I find it very unlikely that matrix will end up fixing its privacy issues. While Signal will be able to evolve and fix them. They are currently working on usernames for example.
I’ve found signal fans to be more fanatical in their loyalty to it than most advocates of other privacy apps
It’s because all criticism I’ve seen of Signal is at best circumstantial, and have nothing concrete despite the app being open source, with reproducible builds, under a ton of international scrutiny. I have read part of their code. I have understood the protocol itself for some of my classes.
It’s one of the rare FLOSS project that is actually good enough in terms of UX to actually reach popular adoption. We shouldn’t shoot it down.
On the side there are some concerning security issues with Matrix which I detail here. Signal is much much more attentive to the security of their implementation.
the server code being not federated means you effectively can’t (or won’t) self host.
This doesn’t matter if the app is designed to not require a trusted server
Threema has generated IDs, Matrix has usernames, Telegram has usernames. Why can’t Signal?
Because they originally worked by encrypting SMS, which required phones numbers. Internet messaging arrived later, and they are working on usernames in a similar way to how Telegram does it if I understand correctly.
In this comment you say founded. I can accept that it’s a typo.
- CIA Funding:
- This is a non-issue. The OTF also funds: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project, and a host of other essential privacy tools/software. You’re telling me they’re all compromised just because they’re getting funded? I don’t buy it.
Even if it were not the case, Signal was founded 3 years before it started receiving funding from the OTF.
Or his choice of phone # identifiers?
See my first comment: https://lemmy.ml/post/81033/comment/78905
How do you feel about marlinspikes ruthlessly banning all third party clients and server implementations
I do agree that it is somewhat of an issue, but there was only one instance of this happening, where a fork of Signal was about to be added to fdroid. It’s not like they haven’t justified themselves. Anyway the features of LibreSignal (no hard requirement on Google Play services), was implemented in the official app. There are still two third party clients that exist: Axolotl and signal-cli. They don’t want to deal with third party client that they can’t update and thus need to keep support for outdated versions of the protocols that would introduce a lot of complexity and risks introducing downgrade attacks.
It also allows them to roll out “quality of life” features faster such as stickers, video calls, groups v2, and more recently groups where only admins can post, which would be harder to keep backward compatible.
The openness of Signal has already been fruitful. The protocol has been implemented in many other platforms, such as Matrix, WhatsApp and even Messenger.
However, Signal is like the one application that’s user friendly and is NOT compromised, and you seem to be completely attacking it.
That’s what annoys me the most here. We have one FLOSS project that is very high quality, secure and gained significant popularity, and we start shooting it down ourselves…
It seems like your loyalty to signal isn’t based on any facts or history whatsoever.
See this comment
I go over the untrustworthy history of signal’s founders, but you’ve ignored all those points in your replies so far.
Regarding your radio free asia funding story, Whisper Systems was founded in 2010 according to Wikipedia, while the funding from the open tech fund started in 2013. There’s a lot of differences between Funding and FOunding. At that point it was already open sourced. It’s really far fetched to think that somehow, the US took control of it at that point.
You even ignore the point that Whisper System temporarily belonged to twitter, also a US company, which would have been a much simpler way for the US to seize control of the project than to go through some fund bla bla bla
It’s more complex than that. The client doesn’t authenticate itself to the server. It only shows a certificate that says “I have a right to send messages to this person”. This certificate is anonymous and was initially generated by the receiver, and then sent via the encrypted session.
The server could still correlate the IP, which is much less valuable and can be hidden through VPNs or even the built-in censorship circumvention proxy.
they still also know when a specific client with a specific phone number connects to their network
I don’t think so. I didn’t really fully understood how sealed sender worked until now and only trusted Signal to implement it properly. I’m currently reading this which explains how it works and it seems to provide similar guaranties to what I assumed. The server can only have the IP of the sender. There seem to be some issues, but it’s not as trivial as you seem to think it is. They may also have implemented the mitigations since.
As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
It was only the server side, which anyway we can’t attest is what is actually running on their servers, and there were some other repositories that contained up to date code. This was still concerning.
Your default position then is to “trust” US services…
This is not my default position. It is an informed choice based on the scrutiny and recognition that signal has worldwide.
With Signal I don’t really have to trust anyone regarding the confidentiality of the messages. The App is FLOSS, has been audited and is under a high level of scrutiny. The protocol itself is recognised as the golden standard regarding E2EE for asynchronous messaging by the cryptography community. I’m a student in cybersecurity/embedded systems. I understand the underlying double ratchet protocol, which I have studied and I am working on right now.
I don’t really need to trust anyone regarding confidentiality when I use Signal. If there were a service comparable to Signal in terms of ease of use, features and security but french, I’d use it. There’s olvid but it’s not FLOSS and has much worse UX, and Matrix/XMPP are less secure while being much harder to use (I do use matrix on a self-hosted server by some people I know).
I’m much more concerned about the Google and Huawei crap that I can’t remove from my phone and that I know is siphoning data for advertisement currently than some grand conspiracy that would be fooling the entire cyber-security community, with no concrete motive.
Non of your points are really any concrete proof of Signal being backdoored.
If that were the case, the sealed sender stuff would a complete lie, which would seem out of character for Signal.
Of course they know which client connects when to their server and sends messages to them.
Why ? The authentication can be done on the receiving side through cryptography. Why would it be required for the server to also authenticate the sender?
Another issue is that you suggest using Matrix or XMPP, which take security much less seriously. XMPP is not encrypted by default, and Matrix has some serious issues regarding its trust model.
He uses signal, I don’t think he’s publicly endorsed it.
That’s not what in you essay. Also, this is a fact that I doubt a lot since he owns WhatsApp. The story about that was when there was the huge Facebook data leak, allegedly, his phone number was in it, and it was possible to see that he was registered on Signal. At the time I tried to fact check this but couldn’t find anything that convinced me 100% of the veracity of this fact. I haven’t checked again so there may be some more convincing evidence available today.
Also, him being registered on it wouldn’t necessarily mean he is a user of Signal. He could have just registered to see what the competition looked like.
And if it were true that Marc Zuckerberg used Signal everyday, I would take it as a very strong confirmation that Signal is trustworthy. A quick way to test whether a conspiracy is true or not it to check if it would affect the rich and powerful.
Anyway, rich people endorsing Signal doesn’t mean anything. I hate Elon Musk too, but he just jumped on the bandwagon when it was already leaving and Signal was already gaining in popularity. A broken clock is right twice a day.
its just as easy to share a user_id string as it is a phone number
It’s not. I can dictate my phone number. I can’t do it for a cryptographic user id.
With matrix or XMPP I can share my ID with a link
With Signal I don’t have to because my phone number is already in their address book. When username arrive in Signal, a similar feature will likely be available anyway (though this is speculation, I don’t really know what it will look like and I don’t have the motivation to look at their WIP github branches).
I don’t know enough about this to comment, but signal still has to know who to send the message to. That means that the server must decrypt the recipient at some point.
It still is much less valuable than what you claim in your essay. They might be able to track you via your IP but that’s much less efficient and can be easily prevented via a VPN or using the builtin censorship circumvention proxy. Cryptography ensures that the rest cannot leak.
I’d argue that most people don’t want a cryptocurrency bundled in their chat apps. This is a really strange thing to defend.
If it is transparent and the use of crypto is hidden to the user while still preserving their privacy, it could be amazing. There’s no reason not to try, the beta version of the app is there exactly for this.
Many countries have now realized their mistake in letting US tech companies control their social media platforms, and are trying to adopt the PRC model of home-grown chat apps. A great example is India, where Facebook and Youtube ( 2 US tech companies ), are the most popular social media apps. This was a glaring mistake allowing these US surveillance giants to so completely own the social media landscape of India.
While I do wish my country (France) and other EU countries would do more
in terms of regarding our concerning digital dependency on the US, I don’t see how the PRC is any better. They don’t have FB and other platforms which in some way is a good thing, however they have massive state surveillance in all of their internet platforms, and secure communication methods are banned.
It also has several questionable endorsements and users, such as Jack Dorsey ( Twitter’s founder ), Elon Musk, and Mark Zuckerberg ( Facebook’s founder ).
Since when does Zuckerberg endorses Signal?
The best way to describe federation, is to think of email
The best way to do private/secure messenging is to do it similarly to the least private and secure messaging protocol in use?
Phone # Identifiers
This entire section completely ignores that Signal isn’t designed to talk to random people. It’s designed to talk to your friends/family/coworkers, who most likely already have your phone number. It makes it super easy to migrate. There’s no way my grandma would be able to add me on briar…
It also completely ignores the work that is being put into adding username that would allow you to talk to people without having to give them your phone number.
It also completely ignores Signal’s history. Initially it started as a way to encrypt SMS, so phone number were not an option anyway.
Signals database, which we must assume is compromised due to its centralized and US domiciled nature […] Message senders and recipients
Except that they don’t have the message senders thanks to sealed sender
Recently, signal has been attempting to integrate a cryptocurrency called MobileCoin, into the app itself. What a messaging platform has to do with an obscure cryptocurrency is a little vague; but there is probably some money driving this. Since Marlinspike doesn’t allow 3rd party clients, it is impossible to avoid these types of unwanted “features”.
Payment in Signal has been a major request since the migration from WhatsApp. In multiple countries WhatsApp has a payment feature that is hugely popular. At least they try to improve on such feature by using crypto to make it private, while not using proof of work which destroys the environment. And it’s not like they have actually shipped it. It’s only in the beta channel in a few countries…
Signal’s use luckily never caught on by the general public of China ( or the Hong Kong Administrative region ), whose government prefers autonomy, rather than letting US tech control its communication platforms
Yeah, it’s obviously because of that, and Chinese apps are a heaven of privacy and zero state censorship.
You don’t need to self host email, Matrix or XMPP to use E2EE. I meant self hosting the web clients.
Nobody does that
HSTS, Certificate Pinning, …
HSTS is great but doesn’t protect you against maliciously issued certificates, and Certificate pinning is deprecated on the Web.
Yeah, Open Source software down to the OS itself is important for security. But even then, who audits their own software? It’s probably 0.01% of the 0.01% of the general population you mentioned.
That’s why you stick to software under high scrutiny and highly visible for security sensible stuff, and avoid using software with a broken security model for sensible stuff.
There are still many issues with that. This stackoverflow discussion shows that it is not really possible to do. Some of the points are irrelevant, but the general takeway is that local storage, caches and all are not designed for security but for performance.
The thing is that the browser is absolutely not designed for this kinds of uses.
if you self-host your own Element or e2ee encrypted xmpp webclient you are the owner of the website
That’s 0.01% of the general population, and even here, I guess very few people self-host their email or Matrix or XMPP. And it still doesn’t protect you against someone breaking the TLS connection between you and your server. This is a serious security concern, there have been multiple cases of certificate authorities issuing bad certificates.
I mostly agree, but because proprietary, windows only apps are not generally designed with security as the number 1 concern. For FLOSS apps that do highly value security (like Matrix), this is not an acceptable compromise to me. Signal doesn’t have a web client for this exact reason. As I said in another comment, even password managers don’t care about this issue, which is really disappointing.
As said in another comment it’s testing for improving thr Wikipedia website. I personally find it to be significant improvement. Having shorter lines that are easier to read is really great.