What it ultimately comes down to is that truly secure systems cannot be based on trust. The article does a good job outlining all the ways the users have to trust Whisper Systems without any ability to do independent external verification regarding what the server is doing with the data available to it.
Even if we assumed that Signal works as advertised the fact that it’s tied to your phone number is incredibly dangerous. Obviously if this information was shared with the government it will disclose your identity as the article notes. This information can then be trivially correlated with all the other information the government has on you and your social network. Given that Signal is advertised as a tool for activists, that means it creates a way to do mass tracking of activists.
Being centralized is another huge problem given that the service could simply be shut down at any time on government order. If you’re at a protest and rely on Signal it could just stop working.
edit: as people have pointed out, it turns out you can use third party clients
Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently. Since alternative clients aren’t allowed to connect to the server, we can’t test the protocol and have to rely on trust.
I don’t think you can have messaging without some level of trust, but I agree that the Signal Foundation isn’t very trustworthy.
As for the communication protocol… there are some 3rd party clients that connect to the Signal servers (Axelotl, signald etc.) which have not been banned from connecting for quite some time now. Not sure why, but at least that shows that the protocol in general works as intended. Together with reproducible builds for the official client this at least makes it likely that the unmodified official client works as advertised (although there could still be some caveats in the shared libraries).
But who knows what the server does and supply chain attacks that substitute the official client for a modified one are still easily possible when Signal controls all distribution channels (they will tell you this is to prevent supply chain attacks, but only those of most 3rd parties, not those originating from within Signal & Google/Apple).
I mean trust specifically in the context of the technology. Things need to be independently verifiable. And thanks for correction regarding the clients, I was under the impression that you could only use the official app with their server. If you can use an open source client that addresses my concern regarding verification.
At the very least we can know that the protocol works as advertised. Since it’s E2E, I think it’s probably reasonable to assume that at least the messages themselves are secure.
Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently
you can use Signal-Foss and use their builds or build it yourself.
Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently.
What are you talking about? The official client is open source and has reproducible builds.
What it ultimately comes down to is that truly secure systems cannot be based on trust. The article does a good job outlining all the ways the users have to trust Whisper Systems without any ability to do independent external verification regarding what the server is doing with the data available to it.
Even if we assumed that Signal works as advertised the fact that it’s tied to your phone number is incredibly dangerous. Obviously if this information was shared with the government it will disclose your identity as the article notes. This information can then be trivially correlated with all the other information the government has on you and your social network. Given that Signal is advertised as a tool for activists, that means it creates a way to do mass tracking of activists.
Being centralized is another huge problem given that the service could simply be shut down at any time on government order. If you’re at a protest and rely on Signal it could just stop working.
edit: as people have pointed out, it turns out you can use third party clients
Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently. Since alternative clients aren’t allowed to connect to the server, we can’t test the protocol and have to rely on trust.I don’t think you can have messaging without some level of trust, but I agree that the Signal Foundation isn’t very trustworthy.
As for the communication protocol… there are some 3rd party clients that connect to the Signal servers (Axelotl, signald etc.) which have not been banned from connecting for quite some time now. Not sure why, but at least that shows that the protocol in general works as intended. Together with reproducible builds for the official client this at least makes it likely that the unmodified official client works as advertised (although there could still be some caveats in the shared libraries).
But who knows what the server does and supply chain attacks that substitute the official client for a modified one are still easily possible when Signal controls all distribution channels (they will tell you this is to prevent supply chain attacks, but only those of most 3rd parties, not those originating from within Signal & Google/Apple).
I mean trust specifically in the context of the technology. Things need to be independently verifiable. And thanks for correction regarding the clients, I was under the impression that you could only use the official app with their server. If you can use an open source client that addresses my concern regarding verification.
At the very least we can know that the protocol works as advertised. Since it’s E2E, I think it’s probably reasonable to assume that at least the messages themselves are secure.
Truly secure systems: i like that one.
you can use Signal-Foss and use their builds or build it yourself.
That does address that concern.
What are you talking about? The official client is open source and has reproducible builds.
Yeah, others corrected me. My understanding was that you had to use the client from the app store to talk to the official server.
This is FUD that some people keep on spreading. You can build your own client https://signal.org/blog/reproducible-android/
There’s even these 3rd party clients that have existed for some time now and haven’t been blocked: