Users of the Signal messaging app got hit by a hacker attack. We analyze what happened and why the attack demonstrates that Signal is reliable.
Last October, Signal introduced closed-source server side code that cannot be audited. Not to mention Signal is running on Amazon servers. This year in January, the CEO stepped down from the company he founded. I believe it sends a very strong signal that Signal is not what it is portraying itself…
What’s that closed-source server side? What does it do? Source?
Here is their own marketing explanation. I remember this, because coincidentally, this was one the first times I heard of Signal. Not a good first impression 💁🏻♀️
The whole point of end-to-end encryption is that you don’t have to trust their server: it cannot read your messages. Then for metadata, the question is about what metadata they are receiving at all (if they don’t receive it, then you don’t care if the server is proprietary) and what they do with it (e.g. for the private contact discovery, the idea is that you can verify that the code receiving your contact list is doing what it should (it’s open source), and you can verify that this code is the one running in the secure enclave.
You don’t need the whole server to be open source: only the important parts.
For the purposes of security and encryption, you’re right, and that’s not why it looked bad.
For someone coming from open protocols like email, XMPP, atom, and Fedi, it was not a good first impression to see their system grown ever more owned-by-them.
Lots of food for thought there, though I must say I’m not fully convinced, particularly by the alternatives. In my experience matrix and xmpp), there are things that keep me from recommending them to my friends. The writeup mentions client fragmentation, which causes problems with encryption. That is a huge problem in this context. Ease of use is another, which may be dismissed by someone tech savvy, but shouldn’t be ignored in the broader context of activist communication.
On that note, self-hosting is a double-edged sword. Are most activists equipped with the knowledge/skills to implement and maintain a hardened secure server? Using somebody else’s server requires trust.
Those points in mind, I also think we can’t forget threat modeling. For as widespread as Signal is, there haven’t been to my knowledge any confirmed reports or leaks indicating its compromise. In contrast, we have court documents that show very little information gained from subpoenas to Signal. My feeling is that Signal is a good option for a lot of people. Phone number identifier is not good, but you can mitigate by registering with another number. If your threat model includes federal agencies, then you should be worried about your device being compromised, in which case it doesn’t matter which app you’re using. Also, don’t carry your phone to actions no matter what app you’re using.
Edit: d’oh! Meant this to be a reply to the post below, that links to dessalines’ github Signal takedown.
Fragmentation offers tremendous opportunity to offset the tyranny of some agencies not bound by the rule of law. “Divide and conquer” works in tech too
I’m confused by this statement. On the one hand you seem to say that fragmentation is good. On the other hand ‘divide and conquer’ suggests the negative consequences of such fragmentation.
Yes but it’s not good enough for privacy for many users, as it requires a phone number to set up an account.
As a replacement for SMS with people you know and share phone number with though, it’s sufficient.
I’m trying out Jami for that reason. Seems to work well with the contacts I have so far.
Yeah, even more since in some placess you can’t get an anonymus phone number + a burner phone.
Session is a decentralized fork of the signal code that eliminates metadata and doesn’t require a number you may want to check out
Because they are experts and they know the difference between “secure” and “private”. A lot of hackers also said HTTPS is secure.
SimpleX appears to be a worthy alternative to Signal. And it doesn’t require a phone number.
I use Signal for now, however, I do not like the direction they are going. Like, implementing a wallet to name just one. I have been playing with DeltaChat for a while and I like it. As it can use any email address, like a throwaway one, instead of a phone number. Plus, the reusing of email allows for even the most non-tech person to jump in.
Too bad 2/3 of everyone I know is hooked to Whatsapp or FB Messenger, and do not understand nor care about privacy at all.
I agree on the signal thing. But using email is literally one of the worst options out there, XMPP+OMEMO or ever matrix are way more private and secure.#
glowies will complain that kaspersky is a plant :shrug