undefined | Better HN

0 pointsSheinhardtWigCo6y ago0 comments

You either have to trust the server operator not to keep logs, or assume they are keeping logs and _do_ know what groups you’re in. In either case, what is this fancy crypto scheme actually buying you?

0 comments

tptacek6y ago

The fancy crypto is what allows them not to (effectively) keep those logs in the first place. If you build this feature without the fancy crypto, then even if you say you're not logging this stuff, you (effectively) are, because your system depends on durable access to that metadata in order to function. This is, for instance, the major security difference between Signal and Wire.

One strong indication you have that Signal isn't logging this stuff is that they had to wait until they were able to advance the state of the art in anonymous credentials in order to implement group access control at all.

SheinhardtWigCoOP6y ago

To verify the claim that my group message content is protected, I can examine the Signal client. I don’t have to trust the server operator whatsoever; I can independently confirm there is no way for them to see the content of my messages.

In contrast, I cannot verify this new claim that my group memberships are protected. I have to trust them.

I think you are basically saying: ‘well, they built all this crypto that is only useful if you believe they’re not logging, so I believe they’re not logging.’

tptacek6y ago

No, what I'm saying is that without the cryptographic protections, a messaging provider can't claim not to be logging, because their serverside logic requires the log.

Prior to doing this cryptographic work, Signal simply went without having these features at all.

1 more reply

Forbo6y ago

> You either have to trust the server operator not to keep logs

You don't have to trust, you can verify. This has been proven in court: https://signal.org/bigbrother/eastern-virginia-grand-jury/

j / k navigate · click thread line to collapse

0 comments

tptacek6y ago

SheinhardtWigCoOP6y ago

In contrast, I cannot verify this new claim that my group memberships are protected. I have to trust them.

I think you are basically saying: ‘well, they built all this crypto that is only useful if you believe they’re not logging, so I believe they’re not logging.’

tptacek6y ago

No, what I'm saying is that without the cryptographic protections, a messaging provider can't claim not to be logging, because their serverside logic requires the log.

Prior to doing this cryptographic work, Signal simply went without having these features at all.

1 more reply

Forbo6y ago

> You either have to trust the server operator not to keep logs

You don't have to trust, you can verify. This has been proven in court: https://signal.org/bigbrother/eastern-virginia-grand-jury/

j / k navigate · click thread line to collapse