this post was submitted on 15 Sep 2021
67 points (93.5% liked)
Privacy
31874 readers
537 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's not what in you essay. Also, this is a fact that I doubt a lot since he owns WhatsApp. The story about that was when there was the huge Facebook data leak, allegedly, his phone number was in it, and it was possible to see that he was registered on Signal. At the time I tried to fact check this but couldn't find anything that convinced me 100% of the veracity of this fact. I haven't checked again so there may be some more convincing evidence available today.
Also, him being registered on it wouldn't necessarily mean he is a user of Signal. He could have just registered to see what the competition looked like.
And if it were true that Marc Zuckerberg used Signal everyday, I would take it as a very strong confirmation that Signal is trustworthy. A quick way to test whether a conspiracy is true or not it to check if it would affect the rich and powerful.
Anyway, rich people endorsing Signal doesn't mean anything. I hate Elon Musk too, but he just jumped on the bandwagon when it was already leaving and Signal was already gaining in popularity. A broken clock is right twice a day.
It's not. I can dictate my phone number. I can't do it for a cryptographic user id.
With Signal I don't have to because my phone number is already in their address book. When username arrive in Signal, a similar feature will likely be available anyway (though this is speculation, I don't really know what it will look like and I don't have the motivation to look at their WIP github branches).
It still is much less valuable than what you claim in your essay. They might be able to track you via your IP but that's much less efficient and can be easily prevented via a VPN or using the builtin censorship circumvention proxy. Cryptography ensures that the rest cannot leak.
If it is transparent and the use of crypto is hidden to the user while still preserving their privacy, it could be amazing. There's no reason not to try, the beta version of the app is there exactly for this.
While I do wish my country (France) and other EU countries would do more ~~in terms of~~ regarding our concerning digital dependency on the US, I don't see how the PRC is any better. They don't have FB and other platforms which in some way is a good thing, however they have massive state surveillance in all of their internet platforms, and secure communication methods are banned.
If you live in France, why would you want a US company to own and control your communications? That was the main thrust of the article, which you never addressed.
With Signal I don't really have to trust anyone regarding the confidentiality of the messages. The App is FLOSS, has been audited and is under a high level of scrutiny. The protocol itself is recognised as the golden standard regarding E2EE for asynchronous messaging by the cryptography community. I'm a student in cybersecurity/embedded systems. I understand the underlying double ratchet protocol, which I have studied and I am working on right now.
I don't really need to trust anyone regarding confidentiality when I use Signal. If there were a service comparable to Signal in terms of ease of use, features and security but french, I'd use it. There's olvid but it's not FLOSS and has much worse UX, and Matrix/XMPP are less secure while being much harder to use (I do use matrix on a self-hosted server by some people I know).
I'm much more concerned about the Google and Huawei crap that I can't remove from my phone and that I know is siphoning data for advertisement currently than some grand conspiracy that would be fooling the entire cyber-security community, with no concrete motive.
Non of your points are really any concrete proof of Signal being backdoored.
As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
I also addressed this, in the NSL section. It is illegal for signal to tell you that, otherwise they all face heavy prison time. Your default position then is to "trust" US services... not a good idea from a privacy standpoint given the history of surveillance disclosures.
It was only the server side, which anyway we can't attest is what is actually running on their servers, and there were some other repositories that contained up to date code. This was still concerning.
This is not my default position. It is an informed choice based on the scrutiny and recognition that signal has worldwide.
So if we don't know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn't that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
I don't know what runs on matrix.org either unless I self-host, which I don't do, because it's way too time consuming and is much less reliable.
And Signal has mechanisms to prevent mapping user networks such as Sealed sender, which matrix and XMPP don't have.
Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.
I self hosted early on and it wasn't particularly time consuming.
Again, the specific issue with Signal is that it is located in the US, which has pretty authoritarian practices against exactly the type of organisation that runs Signal. This potentially makes Signal problematic even if the people running it have the best intentions.
Is this context the use of phone numbers is questionable too, in my opinion at least. The given rational is that it makes it easier for users to sign up, but that's really not true. Email is used by pretty much everyone and doesn't rely on phone numbers. I'm sure someone thinking half a day about user IDs that aren't carrying inherent privacy risk will likely come up with something.
I had my parents using matrix for years without issue in a quite advanced age and they had no issues desite not using phone numbers...
I know. But I don't have a server, don't really want to pay for one. I also know that Matrix is very resource hungry. I know some sysadmin stuff, and it is time consuming, especially when it's down and you don't know why and you need it running because you have some important document that you need quickly etc...
Then there is the matter of security. I'm not going to be able to quickly react to issues, I'm not going to update it on time, and as soon as it crashes all the people that I would have managed to make migrate would immediately go back to whatever we used previously.
All that for a really mediocre UX and overall security compared to Signal. No thanks.
Got to ask now: are you working for Signal? It really sounds like it....
Re sysadmin and self hosting it really depends on the scope. You can follow basic security recommendations, which you will set up once, and which will protect you from bots and scripts. What about targeted attacks? Not sure, but if you host for yourself or family and friends only, I wouldn't take this as my threat model.
I have a Nextcloud server running for about 4 years now with close to zero downtime. During those years I had perhaps two instances where I did larger upgrades which took me perhaps an hour on two weekends to prepare (basically backing stuff up, dealing with the excitement, reading up) and then maybe one evening to execute.
I'm sure hosting for millions of people who might end up sending lawyers your way is difficult. Running something like matrix yourself for friends and family simply isn't and it removes all the security and privacy risk that comes with trusting an US based organisation that had its share of controversies, and more importantly is subject to the questionable laws and enforcement practices.
Anyone who had installed linux and is happy to work with a console would be capable of learning how to self host in a reasonable amount of time.
I appreciate and admire your motivation @dessalines@lemmy.ml
However, Signal is like the one application that's user friendly and is NOT compromised, and you seem to be completely attacking it.
I have reason to believe that Signal is NOT compromised. and the code is indeed Open Source and can be trusted.
I don't trust the US, but I do trust Moxie Marlinspike to be a privacy advocate, he has spent his entire career being an advocate for privacy.
although Signal went a whole year without publishing server source code because they were being subtle about introducing mobilecoin crypto-asset support, and they didn't want people to jump hog wild into mobilecoin. However, they now have released the server source code, therefore I do not think this is a valid argument.
How do you feel about marlinspikes ruthlessly banning all third party clients and server implementations? Or his choice of phone # identifiers?
Yes I do not see why we should trust any system which forbids self-hosting, especially when alternatives exist.
I appreciate your critique and well written essay, as well as your motivation. Thank you again for writing this, and I will heed your advice and be more skeptical of signal foundation. However, but I have followed Marlinspike for years, and was an early signal adopter, so I do have some trust that the project is not compromised.
comment from lobster also makes some good points here, and I tend to agree with this guy
How do you feel about the guy who donated 50 million to Signal? He probably has the most influence on the project second only to Marlinspike.
False.
There are a few 3rd party clients. They all identify themselves to the server that they're 3rd party clients and they haven't been banned.
Thanks for linking Libresignal, read over its readme.
But really 3rd party clients are beside the point: the main thrust of the article is about signal being a single, us domiciled, centralized service. They don't let you self host a server, and you also have no way of verifying their server code. You just have to "trust them".
See my first comment: https://lemmy.ml/post/81033/comment/78905
I do agree that it is somewhat of an issue, but there was only one instance of this happening, where a fork of Signal was about to be added to fdroid. It's not like they haven't justified themselves. Anyway the features of LibreSignal (no hard requirement on Google Play services), was implemented in the official app. There are still two third party clients that exist: Axolotl and signal-cli. They don't want to deal with third party client that they can't update and thus need to keep support for outdated versions of the protocols that would introduce a lot of complexity and risks introducing downgrade attacks.
It also allows them to roll out "quality of life" features faster such as stickers, video calls, groups v2, and more recently groups where only admins can post, which would be harder to keep backward compatible.
The openness of Signal has already been fruitful. The protocol has been implemented in many other platforms, such as Matrix, WhatsApp and even Messenger.
That's what annoys me the most here. We have one FLOSS project that is very high quality, secure and gained significant popularity, and we start shooting it down ourselves...
This would be a truly problematic sentiment in some other cases. But the point here, is that unlike Matrix, Signal is not really ours.
What do you mean by that?
I know matrix, and it's much lower overall quality, significantly less secure and popular, and is very unlikely to ever become popular until they really rethink their UX.
What I mean is that Signal is more of a code dump rather than a truly free software project, it’s developed mostly internally, in that way Matrix is much more a true community project.
Fair point, but having a smaller team of highly competent devs (their job requirements are quite high if you look on their website) does allow them to innovate quicker and keep an overall high level of quality.
And it's not like telegram were there code is completely unusable and the server is propretary. There are already a bunch of forks of Signal that exists (session being one of the main).
Sure. Signal is a better choice than the clown that’s Telegram.