He says he thinks the protocol is secure, then says he doesn't want it to use GCM because it routes messages via Google who he doesn't trust (fixing that is the point of the encryption) and then talks about an attack that'd apply to any app regardless of whether it used GCM or not.
He finishes with a call to action: "We as a community need to come up with a viable solution and alternative to Signal that is easy to use and that does in fact respect people’s choices ... this tool should not have dependencies on corporate infrastructure"
But like a lot of armchair moralising, he isn't willing to debate the hard choices that go into building successful software. He says it should "respect people's choices" as if Signal is built by people who are disrespectful, he says it should not have dependencies on "corporate infrastructure" as if volunteer run datacenters actually exist, and then says his motivation is avoided paywalls, ignoring that both Signal and WhatsApp are free.
It reads like a collection of talking points rather than a coherent argument.
Signal is unusual because it combines cutting edge cryptography with consumer friendliness and is actually successful. It's pragmatic, not ideological. Crypto-warriors have a long history of producing secure software that nobody uses and then blaming the general public for not getting it; this sort of blog post is just a continuation of this decades long trend.
The 10th wants you to use something else because they're working on an attack for that "something else", and want their paper to be splashier when it's released. :)
When reading critiques of messaging software, keep in mind that messaging is a fucking midnight back-alley knife fight of a market. For whatever reason --- I think because (a) basic chat software is pretty easy to write, with a near- hello- world payoff similar to, say, blog software for Ruby on Rails and (b) because there have been multi-billion-dollar acquisitions of messaging tools --- there are a lot of different messaging products. Messaging is a network-effect market, so all the different vendors are fighting for users.
I don't think Signal has sockpuppets (it's just not their style), but I know several other "secure" messaging applications do.
I invite those who have opinions about Signal to start by getting involved in the project. To my knowledge the author of this blog post has never submitted a PR, issue, or discussion post to any of our repositories or forums. Many of these points are things that we would like to address, and we could use the help. The day to day reality of developing apps like these is a lot of work.
To provide some color on a few of these:
> Dependency on Google Cloud Messaging
To clarify this for casual readers, no data at all is transmitted over GCM. GCM is only used as a push event to tell the Signal Android client to wake up and connect to the Signal server to retrieve messages from the queue if the app isn't in the foreground.
This is pretty fundamentally just how Android works. However, people who want to use Google's OS without any Google services flash custom ROMs onto their devices that are missing this dependency.
I have said many times that I have no problem with supporting these custom ROMs. But I would like someone from that community to submit the PR: "I would consider a clean, well written, and well tested PR for websocket-only support in Signal. I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services."
Nobody has done it.
> Your contact list is not private
First, on Android 6+ you can just disable the contacts permission and everything works (although you obviously won't see your contact names).
However, we also spend a lot of time thinking about this class of problems, as well as metadata in general. Right now things are playing out alright for one specific class of attack:
https://whispersystems.org/bigbrother/eastern-virginia-grand...
We'd obviously like to do even better. The nice thing about having a centralized service is that we can eventually take steps in this direction. People seem to equate federation with meta-data hiding for reasons I've never totally understood, but I think serious metadata protection is going to require new protocols and new techniques, so we're much more likely to see major progress in centralized rather than distributed environments (in the same way that Signal Protocol is now on over two billion devices, but we're unlikely to ever see even basic large scale email end to end encryption).
> Lack of federation
I've tried to write about why I don't feel like this is going to be a part of our future here: https://whispersystems.org/blog/the-ecosystem-is-moving/
However, I would love it if someone proved me wrong. The Signal clients and server already support federation, so there shouldn't be any technical hurdles stopping the people who are really into federation from using our software to start their own federated network that demonstrates the viability of their ideas.
If anyone needs help doing that, let me know. I'd be happy to help.
It seems a really strong and a bit aggressive of an attitude to have against a person's opinions
Especially the phone number thing. Phone numbers are quite sensitive. In some cases, the USG uses phone numbers alone for targeting drone strikes. They're enough to pull your credit report.
Could you provide details/sources? This seems like a good opportunity for some public shaming.
But two issues - or call it 'differences in opinion' - in that article are relevant for me: The inability to use the service without a mobile number and federation.
I understand the rationale behind the former ("It's easier"), but I don't understand why it is mandatory. I could've been 1283783127356128531312 on Signal and optionally add my phone number to that identity for others to find me (and optionally let Signal use my contacts to search for someone). That could even be the default, opt-out during registration. But right now, I'm basically using my phone number, which I really hate to do.
Federation is probably hard to get right, and looking at Eric Lippert's "Every feature idea starts with -100 points" rationale I guess it is understandable that this isn't a thing. But I don't want to join another silo, even if it's the best of the crop so far.
For users like me, Signal, WhatsApp and yes, Telegram are basically the same thing, come with the same set of limitations and I feel that it is worth pointing them out from time to time. Just as the article did (I'm not agreeing with everything in there btw.)
People jump in to defend Signal whenever this comes up, but maybe that isn't necessary. Signal is a great project and most criticism I've seen here so far is not 'Signal sucks', it is usually more a long the line of 'Signal is not for me' and I have a hard time understanding why that is debatable or why this shouldn't be a valid position.
If you're just using a secure messenger on general principles, it doesn't matter much which one you use. Probably WhatsApp is your best choice.
But if you actually need secure messaging, you should be using the safest secure messenger. Since we don't know who's reading these recommendations and what they're doing with them, we should employ the precautionary principle, and be clear with people that systems like Telegram, while probably fine for keeping messages out of the hands of jealous ex-partners, are simply not up to the task of protecting messages from serious, well-funded adversaries.
Yes, the phone number thing is a policy decision by the Signal people. As I write in my article, it's maybe marginally easier to get connected using phone numbers, but I may want to communicate via Signal with someone I don't want to give my phone number to. Handing out personal phone numbers on the willy nilly is not something I'm comfortable with. There's no reason why we couldn't have some other identifier, possibly easy to remember to connect us to via Signal. So this was a policy decision by the Signal people.
Federation is indeed hard to get right, but I think with proper versioning, and various teams keeping their software up-to-date and close to the reference paper/the Signal protocol, I see no reason why it cannot be overcome. For XMPP/Jabber it also works quite well.
Whether you are a journalist or an abused individual hiding from the ex spouse/parents/whomever that abused you, if your life and/or the lives of other people are on the line, this detail (and perhaps others, as I am not super technically literate) is a serious deal breaker.
It has nothing whatsoever to do with some kind of vague, hand-wavy preference, like preferring red phones over blue ones because you like the color red. It has to do with "If I use this, will I or others end up dead, maimed, in jail for a lot of years or otherwise basically have one's life utterly ruined?" Like that movie scene where they blow up everything "because you made a phone call" (Enemy of the State, IIRC).
[1] https://whispersystems.org/blog/the-ecosystem-is-moving/
Like you say that is the point of end to end crypto.
You do realize that since last year WhatsApp actually uses the Signal protocol?
First, ease of use: the distinction you miss is ease of use from a UX point of view. Managing your own security is hard for the vast majority of people. It is an advantage that there is ease of use with respect to the security aspects - no command line commands to generate keys, for example - and ease of use from a UX point of view is completely different. Making a decision to to ease the UX can indeed negatively affect privacy elements, and there is no contradiction there.
Which brings me to the second point, which is that there is no contradiction in the discussion of security. The service could be using insecure protocols or algorithms, but the author says it isn't - from the point of view of cryptography, those choices are said to be sound. On the other hand, having your communication routed through a PRISM partner is a different concern. There is no contradiction in saying that the part of security under their control is sound, but that the part routed through Google may not be.
Cryptography is complex and rigorous. What you call puratinism is actually rigor with respect to sound practices. The points the article makes are, in fact, coherent; where you call puratinism and hipsterism on the article, I call cynicism and likely uninformed reasoning on your comment.
Signal was marketed as anti mass surveillance secure messaging system. It is but a mere user friendly email+gpg alternative. It actively avoid anti-mass surveillance methods and does the opposite - encourages centralization and collection of user statistics.
Even Telegram is better, as people arent fooled by what it is.
A better alternative is Ring.cx or Tox.im with for example Antox client.
People always overlook the fact that the world is full of adversaries and 99% of them can't get access to Google's datacenters. Those adversaries matter too. Look at Turkey!
The author is wrong. LibreSignal won't replace Signal. Something like Telegram will: an "open source" messaging system with inferior cryptography, "opt-in" end-to-end messaging, a long-term dependency on the telephone system for authentication, and a far "cuddlier" personality with its users and, more importantly, with people from the app development community (like the author). Telegram will continue to gain adoption, because sexy beats sound in every end-user match up. Signal is the closest thing sound cryptography has to a palatable solution for end users.
Iran has already compromised Telegram users, because it systemically trades security off for user adoption. They'll get more of them, and people will hang from cranes as a result.
It's not wrong to criticize Signal. Signal does things I don't love, too! But we should be clear-eyed about the market.
I never said that LibreSignal will replace Signal, and frankly, LibreSignal itself is not the solution either. But maybe LibreSignal will be the catalyst to a better solution.
We all want to prevent people hanging from cranes, but crypto alone does not equal privacy, does not keep you safe, especially not in those countries, where rubber hose cryptanalysis (https://xkcd.com/538/) is much more common. In those dangerous situations/countries, good operational security practices are better to avoid detection/suspicion than using any 'magic' crypto messaging app.
We now have two examples --- CryptoCat and Telegram --- of "secure messaging" systems being used by governments as a way of hunting down activists. Why do we need more? Can't the question be settled now?
As gently as I can, I'm going to push a little further. I poked around your site a little to get a sense of where you're coming from. Your post today opens up like this:
One of the things I do is cryptography and infosec training for investigative journalists who have a need to keep either their sources and communications confidential so they can more safely do their work in the public interest.
Can I ask what your qualifications are in training journalists in keeping their communications secure? Investigative journalists working in hostile regimes, even in smaller countries, are facing adversaries that are better funded than almost any other imaginable threat. Cryptography is incredibly hard. Elsewhere on the thread, you said "I'm not a cryptographer". Neither am I! I've spent the better part of 10 years getting decent at breaking cryptosystems for clients, and I still refuse to do privacy implementation work, because I'm simply not up to the challenge. Are you sure you are?
Then just put a TL;DR at the end of your article and say 'use iMessage/Facetime, it's probably good enough for operating in an unstable region' If it worked for Erdogan it will work for you!
EDIT: (While I intend to come off as cocky, I'm serious:
https://www.apple.com/business/docs/iOS_Security_Guide.pdf page 41
http://www.independent.co.uk/news/world/europe/turkey-coup-e...
)
I see Signal as having positioned itself as a compromise that makes nobody happy.
They don't require using phone numbers so it's not really annoying to sign up without giving away anonymity.
You can protect your Telegram account with a password (it's opt-in). Iran couldn't have compromised it then.
Before the days of doze mode & other battery optimizations, you could just listen & block on a socket, then let the phone go to sleep. Incoming 3G packets would wake up the phone, you grab a wakelock, then start doing things. From what I remember, at least a while ago Facebook Messenger did this using MQTT. But this is not possible any more.
Did something change in recent Android versions?
Edit: Apparently Nougat's Doze is the issue. Conversations bug report, you can apparently put it on a whitelist:
It's still just a JAR (no native components), so AFAICT there's no technical reason someone else couldn't do a similar thing with their own servers.
I’ve reversed it, and rebuilt an alternative
The jar you include actually opens just an IPC channel to the Google Play Services framework, which runs with system permissions, and handles the actual stuff.
You can’t implement your own FCM without having root access on EVERY Android phone out there.
It's not a coincidence that the Facebook app was known for being an absolute battery killer. Go to any android forum post about battery life from a year or more ago and you'll see that the first suggestion is always "have you tried removing Facebook?"
No, fortunately Google has made it impossible for apps to abuse waking up the phone.
It's open source, uses a federated, open protocol, and can do multiple types of encryption including OTR and OMEMO (an XMPP wire format that uses the Axolotl ratched devised for signal). It does not do VoIP, so it would just be for chat (although there is a large bounty on Jingle-based voip support open). It has also had a public security audit, and is designed to be white labeled so you can tweak a few variables in the source and build your own hardended version or encrypted-only version, etc.
My current 'solution' is to use ZNC connected to Bitlbee (supporting OTR). On Bitlbee I use the jabber.fr service. ZNC has a push script for Mutter (great iOS IRC client) that I modified to redact my notification content from Apple's push service. I connect to the ZNC with TLS, so in theory everything should be ok.
NOT USER FRIENDLY but allows me to keep all my chats in one client and not tied to some shitty walled garden. Everyone less savvy I just tell them to use Signal.
I tried to write an XMPP client about a year ago and found out about that compatibility table the hard way. It's rough -- I had no idea what I was getting into.
Turns out that XMPP, before expansions, has no standard definition of what message IDs are. Which means "good luck, have fun!" is pretty much the best anyone can hope for on synchronizing messages when you have multiple devices or when the network flakes on you. Which in turn means XMPP is basically unusable on multiple devices. If you're lucky, everything supports all the same extensions, and it'll probably work most of the time; but if any piece of software you use is missing one extension, your day is toast. (And even then, frankly, the "carbons" API is wrong-headed and not very capable of recovering from network failures. In no uncertain terms: It's time to move on.)
I wrote about this more previously on HN: https://news.ycombinator.com/item?id=9772968
> do multiple types of encryption including OTR and OMEMO
Oh and it can also do something else: no encryption at all. That's the problem with XMPP: The user is faced with three different encryption modes, none of them is the default.
There shouldn't be multiple types of optional encryption. There should be one that works and is enabled by default.
I don't say that Conversations (and the XMPP community at large) couldn't do better, though. For example, there could be a standardized, automated, transparent process for determining which e2e schemes are supported by the clients involved in the conversation.
[1] For example, I skip e2e when talking to my several XMPP bots. They run on the same host as the XMPP server, so e2e won't reduce my attack surface when I already have TLS enforced along the way, but make the bot implementation considerably more complex.
Something fairly significant has happened in the world of XMPP recently. You can get real certificates for XMPP servers under your control from letsencrypt. That means that things now work transparently between clients and servers and between servers. As a result, organizations that do things that some governments might not approve of can do transparent encryption simply by setting up a server or servers in places that such governments can not physically get at.
So unless you're planning on hosting hundreds or thousands of users, you should be fine IMO.
While my current phone doesn't support Signal, once I get a new one I will continue to use it.
You might opine that allowing Signal clones would allow me to use the app, but they would almost certainly be maintained by people who aren't really crypto experts, and so it's better to operate as though I am broadcasting in cleartext than to pretend that I'm not and get burned.
Sorry but you've got that backwards. He doesn't propose using that, he mentions OpenWhisperSystems banned them from using the service. It's criticism towards Signal, not a product recommendation.
> my current phone doesn't support Signal
I think it's Signal not supporting your phone, not the other way around. The manufacturer probably didn't make a conscious choice to not support Signal, but depending on what the issue is exactly, Signal probably did.
Nobody has been banned from anything. People have been politely asked not to distribute 3rd-party builds of Signal using their name and their servers, and that's it.
I don't trust Google with this information and don't want to carry such a device, but a handful of friends and family use Signal, so I must choose between easy/secure communication with them, and reducing my exposure to corporate surveillance.
Signal may be "pragmatic" among the current choices (just like the project's decision to use GCM is pragmatic), but OpenWhisperSystems absolutely deserves criticism for:
1. Tying secure communication to running what amounts to Google's spyware on your device
2. Offering no alternative for privacy-conscious users
3. Showing hostility to those trying to introduce such an alternative to the project
I think those dismissing these concerns as "crypto-puritanism" will be on the wrong side of history.
Quite the contrary, they're actively asking people to contribute code for an alternative push mechanism [1][2]:
"I would consider a clean, well written, and well tested PR for websocket-only support in Signal. I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services."
[1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco... [2] https://news.ycombinator.com/item?id=12883410
If I'm going to give up the convenience of reaching anybody by WhatsApp, it is going to be at least worth it in the sense of privacy.
Still hoping for a GNU project that garners enough interest to be technically strong, and used universally. One can dream.
So people could use their address books securely if they wanted — if OWS would allow them.
If I want someone I don't know yet to reach me, I expect them to Google search my phone number/email to make initial contact.
For those I already established initial contacts with, I'd like an account on a service that knows practically nothing about me other than my username(like coolkid654) and lets me send messages to others(coolkid655).
Given the state of data leaks[data snooping by the Gov or anyone else], and spam, it wouldn't be a terrible idea for someone to have a username that they reveal to only the people they trust(are worth). More like a Blackberry key. If packaged well, and made to look 'cool', it could even catch on and everybody would create one(or many).
The problem for me is that my contact list of Signal users is quite small (1 or 2 people) and everyone else isn't using it. I don't see the reason to allow Signal access to that list of people "Just in case" they decide to. It's incredibly unlikely bordering on near impossible.
This isn't the golden bullet of reasons that it should be this way, but the fact that in design Signal has made the choice to force access to contacts to me, says one of two things.
1. We haven't thought about cases outside of our own experience and expressly reject those as being outside of the market we're interested in. "You're not the user we're looking for."
2. There is value/commoditisation in that contact list that signal is interested in and this is the price to play in their system.
The problem is that either of these two options run pretty counter to the idea of secure privacy focused messaging client designed to be seperate from the user.
People's value of privacy is nuanced enough that making broad scoped decisions like this can run afoul of their expectations. Considering that Signal is aiming itself at the privacy conscious (Over-conscious in a lot of instances I'm sure), it's very weird that they would forgo this obvious affordance of information.
I've personally reached the conclusion that software isn't enough for this, though: it is people who choose to flog your data and it is money that buys it (think FB and WhatsApp). In my view a collectively owned version of something like Signal would offer protection from what is termed corporate surveillance by allowing people with skin in the game to directly influence decisions on things like privacy policies and development roadmaps. I've sketched this in a bit more detail here: https://news.ycombinator.com/item?id=12881917
"Also, there’s the issue of integrity. Google is still
cooperating with the NSA and other intelligence agencies.
PRISM is also still a thing."
https://googleblog.blogspot.com/2013/06/what.html
Google’s chief legal officer claimed that collection was being done without Google's consent:
http://www.irishtimes.com/news/technology/google-outraged-at...
Evidence leaked by Edward Snowden also points in the direction of illegal infiltration of Google's private network without Google's consent:
https://www.washingtonpost.com/world/national-security/nsa-i...
there are links on that page that point out multiple e-mails from the STRATFOR leaks and other files that point to Google being deeply embedded with the U.S. security apparatus.
Also: https://www.theguardian.com/world/2013/aug/23/nsa-prism-cost...
The leaks related to exploitation of Google traffic refer to programs unrelated to PRISM.
*Willing in the sense that they have to respond to FISA orders and NSLs, and they have agreed to do it according to a certain protocol.
Come to the matrix!
It's free -- all FOSS, including the entirety of the server -- and yes, all of it: proof by existence: several of my friends run their own.
It federates. I regularly join channels hosted on several different servers, and exchange messages without issue.
It's on every platform. I use it on the desktop, my android (cyanogen, without gapps, none the less!), and my ipad, every day.
It even has voice and video calling built in, using webRTC. This feature has been a little rough while it was in development, but I used it last week in a 1-on-1 call and had an effortless experience. The audio and video quality was on par with Google Hangouts.
Crypto is hard, but it's coming. The Matrix developers have huge respect for the axolotl ratchet design used in Signal. They've worked on making another implementation (in C, for easier linking in various languages, ostensibly) here: https://matrix.org/git/olm/
The deployment of that code to give full End-to-End encryption is a work in progress, but the beta is roughly functional. It includes everything you'd expect: communication works by default, but in an encrypted room, messages are flagged yellow if you haven't explicitly verified the sender's key. There's a key per device; it doesn't leave the device; and as soon as you verify that device/key, messages from it are green, and you're E2E secure.
Disclaimer: I have no direct association -- I became a Matrix convert after trying to write some XMPP client code about a year ago. I'm just really enthusiastic about recommending it because the tech is solid, the sync is good, it solves a problem, and the team hasn't stopped either: they been firing on all cylinders constantly since I started using Matrix.
I love Signal for their dedication to getting encryption right and the security of their users. But yes, I also share a lot of the concerns listed in this article. Most of all, I honestly believe federation is an imperative. So, while acknowledging Signal's history of outstanding security work... Hey, let's celebrate there's more than one game in town working on alternatives.
Switched to Matrix and setting up my own homeserver took about half an hour, comes with everything I need (history, "Carbons", notifications, attachments, voice/video) built in. Plus it's federated and has support for bridges so I can interact with pretty much anything else through it if I like.
It's quite good at realtime, and especially reliable realtime. Compared with protocols like XMPP, Matrix scores way higher on reliability because it has message IDs and message ordering baked into the protocol, so it can actually converge on a correct state after network flakes. (I consider this a pretty big deal because silent message drops were a pretty regular issue for me in XMPP, and we all know about netsplits in IRC. I've simply never had silent message loss in Matrix because the protocol is simply better.)
I would agree with this statement from the article: "there should be a tool that is fully free software (as defined by the GNU GPL), that respects users' freedoms to freely inspect, use, modify the software and distributed modified copies of the software. Also, this tool should not have dependencies on corporate infrastructure like Google’s (basically any partner in PRISM), that allows these parties to control the correct working of the software."
There are such tools. None of them are as easy to use as Signal. So for now, I recommend Signal. I can't, in good conscience, recommend anything else... and given the author doesn't speak to what they recommend, I'm curious about what their recommendation would be.
Isn't part of the reason that Moxie went with the Google Store is that he gets to sign the god damned binaries, making it impossible for Google to modify the app.
Of course, us more technical inclined people could then check the signature, or compare the apk with one built from the official sources, to see the difference and complain about it.
But between those things is a time frame where this is possible.
I was under the impression that the Play Store doesn't run as root and the package manager API (controlled by the phone manufacturer) is what checks signatures. Can the Play Store override the signature checks on upgrade and if so, what codepaths is it using?
The .apk on the site uses websocket, no GCM required.
Documentation is also getting a refresh in 2 weeks.
"The Google Cloud Messaging service basically handles message handling from/to the user’s devices to the Signal servers. The GCM service then handles all the aspects of queueing all messages and delivery from/to users."
This is not true. Messages are delivered via Signal's own servers only. GCM messages are empty; their only purpose is to wake up your device. [1]
"The phone component of Signal is called RedPhone. The server component of this is unfortunately not open source [...] this is also probably the reason why secure encrypted phone calls don’t work in e.g. LibreSignal"
No. The reason for that is that the signaling for RedPhone calls is currently still done via GCM and not via Signal's own message transport.
Regarding microg: I've never heard of the need to re-compile kernels for that. I think most people use it with Xposed (admittedly, a giant hack, but it works).
>Lack of federation
Moxie's pissy because he trusted the kangbangers at Cyanogenmod to to keep in sync with his development. They didn't. Someone will need to volunteer to run their own server that's kept updated, then buy Moxie a Snickers and hope he stops being moody.
>Dependency on Google Cloud Messaging
Fun fact: The iOS client doesn't use GCM, it uses Pushkit. GCM was chosen for Android because what else is as robust and doesn't eat battery? Moxie's voiced support of Websockets if someone implements it correctly and he can merge it as a fallback option when Play Services are missing. If you can't code and want it, contribute to the bounty on it:
https://github.com/LibreSignal/LibreSignal/issues/37
https://github.com/LibreSignal/LibreSignal/issues/43
> Your contact list is not private
https://whispersystems.org/blog/contact-discovery/
TL;DR, it's a tradeoff because nobody has a better idea that works at scale and is usable. Redphone used to have a good way of blindly doing contact discovery but it would require too much data for their current userbase.
I don't have an issue with Moxie except that he's been pissy over this and a few other issues. I don't think anyone is going to argue that he isn't. Why not check the first link to the Libresignal thread and read his comments on the topic?
(EDIT: I get the downvotes on this comment, but like Moxie, I too am seriously annoyed that Cyanogenmod dropped the ball so bad with them. Moxie would need to get over it if there's a new solution in the future and HE ALREADY VOICED HIS OPINION THAT FEDERATION IS UNLIKELY. If that's not being pissy, I don't know what else is. I used to run Libresignal on BB10 and now I can't because of this policy of being anti-federation and no work moving forward on websockets fallback. He'll likely say no to approving the fallback on Replicant/Sailfish/BB10 because he doesn't get version reporting through analytics and is concerned about disturbances of the signal server.)
As far as usernames go, that would require the signaling key to be remembered by the user. That doesn't work well in practice. As far as contact sync goes, has anyone submitted a patch for the android client to add an advanced option to disable that? On IOS access to the address book is user controlled at runtime. destinations will be validated by the server at compose time. Regarding federation, let's see some code. It's ridiculous to demand the small team that is OWS solve every single problem.
Moxie has explicitly rejected federation. Anyone writing such code is wasting their time it won't get accepted.
- It now supports e2e encryption.
- It has a nice web and mobile client, called riot.im
- I has many other client options
- You don't need to show any phone numbers.
- Federated, you can host your own server
Let's throw the best available solution under the bus.
This post will be my go to example of the myopia of some members of the security community. We have very few examples of well executed, consumer friendly privacy soloutions. Signal is the best for all possible scenarios: Open source, user friendly, buy in from a major Internet service.
I like wickr, but it falls short due to the closed source nature of the project.
Consumer friendly, usable security needs to be the number one priority for security advocates. We need to stop burning down houses because they are short a door or are the wrong color. The foundation is the hard part. Wait till there is a real alternative that can be used by people who are not c.s. majors before you argue that people should stop using the best available solution.
I appreciate the authors perspective and I agree with some of their points. Then they fuck it up by demonstrating purist jackassery. Worth a read as a useful persuasion antipattern.
Free yourself from the bonds of corporate infrastructure by installing this tool on your Google Android or Apple iPhone device (Microsoft Windows desktop version coming soon).
Tox works now, but for all their talk of trying to be user-friendly, asking users to exchange long alphanumeric sequences inherently isn't.
Psyc, maybe?
In terms of "syncing data everywhere" being 'terrible for realtime messaging'... i'm not sure that holds water ;)
They could use anyone for that functionality. Even if the messages are given to an "adversary" what can they really get from that? Your phone app contacted the signal servers. That's really it.
I don't know why it's closed source. It's been suggested elsewhere in this thread that it was potentially IP issues they kept it closed for. Is it possible loose US CALEA law interpretation influences the reasoning? Or a gag?
I honestly don't know why they chose to do that but I wanted to comment in to see if a lawyer or someone from the project could hint at the reasoning.
https://github.com/Spark-Innovations/SC4
Working on a better UI at the moment. Could really use help, especially beta testers.
https://github.com/WhisperSystems/Signal-Android/tree/master/libs/armeabi
https://github.com/WhisperSystems/Signal-Android/tree/master/jni/redphone
The server code is up there too - in fact it's all up there. AFAICT, Signal is completely open source.
An optional user preference could allow some dummy wake up messages to be sent at random moments during the day, to support plausible deniability, at the cost of slightly worse battery life performance. This would all happen silently and the user would only notice a message notification when the app successfully fetches a new incoming message.
Yep, that's exactly how Signal has been doing it for >1.5 years now.
Once Signal and others have really wiped out all the insecure messaging people are doing, then we can start with the identity problem with phone numbers. GCM, Contacts, etc are all related to this "phone number as identity" problem.
RCS is an unfortunate grab in this space, and we need to move fast before RCS is the default, and we're back to insecure messaging.
Email addresses are the best form of "federated identification" but are wildly insecure for communication. Here's to hoping we can get some better ones.
Plus there's no way to search old messages.
Signal aims to be the most usable secure messenger, not the most usable messenger that also happens to be secure.
Use a federated secure protocol. Oh wait, there are none. Because if a problem appears you just can't fix it without breaking all federated clients. And then they will whine.
- Dependency on Google Cloud Messaging
Fair enough
- Your contact list is not private
Fair enough
- The RedPhone server is not open-source
While it would be nice that it was Open sourced I can understand them not releasing it (might be for IP issues)
tl,dr: "Signal does not work the way I wanted"
That's why you have to design your protocol with backwards compatibility and versioning in mind, ala XMPP. I'm not going to pretend its perfect, but it works pretty well 90% of the time. It does mean clients have to implement versioning and feature negotiation and not just blindly assume everything else supports all the features they do; convincing client authors to do this is the tricky part.
Check out the Riot client, web, android and ios. The apps are even native.
Plus, you don't have to show your phone nr.
So, how do you know that the Edward.Snowden@signal you're communicating with is the same Ed Snowden that we all know about, and not some TLA stooge?
I can change emails/usernames very easily and with little effort, and while burner numbers and applications that help that exist, changing phone numbers is not as easy and thus a significant percentage of users are unlikely to do it regularly. So you have a pseudo real ID that to the end user FEELS like it isn't you, but is a very strong (no pun intended) signal that it is to anyone looking in.
The phone number grants no you special verification of identity over an email address that doesn't involve an external verification mechanism (i.e, talking to the identity in person.)
Telegram sends messages in plain-text by default. Telegram servers have access to all plain-text messages that you send.
Telegram's private chats use end-to-end encryption. But they use an encryption protocol that they invented themselves that doesn't follow best-practices. Encryption experts have been critical of Telegram's encryption protocol since it was released. So your private messages might not be so private, either.
If you are doing something sensitive and want to stay out of prison, use Signal.
This sounds like everyone has access to those messages. Better: Telegram sends messages client-server encrypted by default and since you can't run your own Telegram servers, this is a problem.
Wouldn't a ISC/BSD-like license be better for the federation aspect?
It's such a relief to have a modern chat system that's FOSS, federates, and offers a liiiiitle more advanced UX than irc...
Encrypted attachments was PRed this week: https://github.com/matrix-org/matrix-react-sdk/pull/533 (for the web; mobile will follow shortly)
Disclaimer: I do a lot of work on XMPP related things and rather like the protocol, so maybe I'm biased. I'm sure there are things for which Matrix is a better fit that I wouldn't use XMPP for too though.
Other projects can adopt parts of the Signal Protocol, and doing that is certainly better than just making stuff up. But Signal owns the protocol, because the experts who own the protocol are attached to Signal.
I'm not sure he understands how app signing works and why it would be impossible for Google to forge a developer's signature. He also seems to have a problem with GCM and Google in general. Perhaps he should look into writing his own secure chat application.
Then later replace it with a signed version once they have the data they wanted. You would never know what happened.
The Giphy mention seemed really dangerous to me. Now I don't use Signal but I imagine it's 1) optional and 2) requests are proxified/anonimised through an intermediary (the Signal servers in this case). And why is this dangerous? Because this "don't build cool stuff on this serious app" is what makes people not use the app. It's creating boring, dull apps what stops them from becoming mainstream successes. If we are trying to make the public using secure apps because we believe in privacy, we have to make them appealing.
This is similar to the case of how nobody uses PGP because how horribly bad it is, UX-wise.
That said the rest of points he brings up are good. I just didn't like the Giphy mention, especially taking into account he didn't say anything else about it, he just brought it up.
I don't see anything in moxie's blog post about whether this is optional. If it isn't and it's sending everything you type to the Giphy API then we have a whole new problem.
In the blogpost by moxie, there's the example of typing "Im excited", which then gets sent in multiple API requests to giphy (basically one of 'I', one of 'Im', one for 'Im+' etc.). Now, if this is an action you don't do explicitly (like pressing a button or something, to search for gifs), then it would basically send everything you type in order to continually search for gifs and then offer suggestions? It's not clear from the blogpost. I hope at least that this is not what moxie had in mind.
I second the parent poster's question: "why is this dangerous?"
The internet will never be less walled, more free, and more federated than it was in the 90's. With such a poor understanding of the internet and its history, even if he did make a compelling argument (he doesn't), it'd be hard to take seriously.
Oh.
