As Signal get your phone number. Can we considerate this application as private ? What’s your thoughts about it ? I’m also using SimpleX, ElementX, Threema, but not much people using it…
Cheers
Blog post about Threema that changed my mind against it: https://soatok.blog/2021/11/05/threema-three-strikes-youre-out/
Why is this furry-themed?
Why not? Its nice to have fun with your website.
This is kind of useless fear-mongering suited to no one’s threat model.
Are messages truly E2EE and they don’t share meta data? Yes? Then you’re fine. It needs a phone number for registration? OK, well buy a burner SIM card (you of course have several, right?) to register it if you’re that worried. Because if you’re already at a level where you’re THAT concerned about your phone number pinging for using a widely popular messaging app, then you have lost the game by even having a phone or sending messages to other humans who are the weakest link in the security chain anyway.
Considering that the Feds tried to make some government-compliant front end for Signal for idiot Hegseth to use to talk about national security stuff with the Vice President, I’d say that it’s probably fine for you to buy weed or whatever.
I’ll add that if someone knowing your phone number is an actual threat to your safety, you should already know better about using something more anonymous.
Privacy ≠ anonymity
Signal has too many red flags, but the biggest one is phone numbers and SIM cards. No application that wants to be secure against nation state spying relies on these.
Right now, for the wider population, it it a heaven sent option compared to Whatsapp, FB messenger etc. Break those bonds first and keep the wheel turning.
Secure and private or anonymous are very different things and nearly impossible to do both at the same time and still make it user friendly. Signal is secure, not fully private or anonymous.
Signal is secure, not fully private or anonymous.
Why do people think this secure vs private distinction is in any way meaningful. I don’t want a US service to have my phone number, or spy on me, and have social network graphs, period.
Why is the US government being able to spy on me considered “secure”?
Because you trade privacy for convenience. You could have a totally private communication platform, but you’d need to trade current IP addresses of your devices if there’s no users and no centralized routing server or at least a list of what device is associated what person.
It’s secure because people can’t read the content of your message. It’s not private because people can find you with your phone number or username and associate encrypted message packages with the sender and receiver so they know who you called and when, but not what you said.
So if your contacts are tech savvy enough to call you to get your current unique IPv6 address, something that Android doesn’t really support out of the box, and IPv4 often won’t work due to layers of routing caused by the world running out of addresses, or some other unique network identifier, and there are no firewalls between you or they’ve all been configured appropriately to allow the particular message protocol then you could send simple IP Messages to each other.
But as long as you want to use a system that routes messages and has a user database, that central location will always be a privacy hole.
With the phone number, no; and since there’s no Signal usage without a phone number, well…. Also, I think somewhere on their website (or some place) they talked about burner phones as if it’s a universal phenomena.
Signal has felt “out of place” to me. Odd. It doesn’t fit in, doesn’t make sense if I think a bit farther about it.
I hope something decentralised comes out of Signal protocol minus the need for a phone number.
You are talking about session. Session is a signal fork, and you don’t need phone number. But there is some concerns about its security as, in order to properly work, it removed some signal features, I’m not qualified enough to understand if it’s truly a security risk or not. But the option to use it is there.
Since we are on the topic of signal… im not tech saviie but i have read lots of blogs and people about how secure is the signal protocol. My question is … how can i be sure that the protocol is implemented as the open source code shows? Please correct me if im wrong but from what i read on their website the apk they provide has the capability to update itself at anytime. So what stops them to change how it works with an update? is it posible to build the apk yourself and stop the ability to update?
Just like any foss project, there some level of trust if you are going with the main distribution. In theory you are correct that not much is stopping them from releasing a malicious update, but because it is open source, soon enough people would notice that either they released new code that is malicious, or that the new version does not match the source code. That kind of scenario is known as a supply chain attack.
Since the code is open, you can literally read it for yourself to see exactly what the apk does. You can also fork it and modify it however you like, just like the creator of Molly did (Molly is a fork of the Signal client that adds some security features)
It’s a centralized, US-based service running on AWS, that’s not self-hostable, requires phone numbers, and you have no idea what code their server is running.
Whether the app you use for it is open source, is entirely irrelevant for them building social network graphs, considering they have your real identity via phone numbers.
If the answer is “I just trust them”, then you’re not doing security correctly.
It is not as good as a decentralized system, and even though the server is open source, it isn’t self hostable (technically in an intranet you could but not easily)
But the signal foundation is a non profit with external audits and a proven track record with law enforced requesting data and getting basically nothing (If i remember correctly they only have your user to phone number relation and the last time you were online)
So although it is imperfect, it is an amazing solution that is almost the only 1:1 competitor to whatsapp/messenger/imessage that is privacy respecting, so I am very grateful for it’s existence.
They have your phone number but that’s really all they have.
Some people say Bozos can read your metadata because it’s hosted on AWS servers but I don’t believe that.
The face that Signal needs phone numbers to sign up is very bad.
No one that has told me this has ever been able to offer up any sort of explanation, but please do feel free to give it ago.
Multiple-accounts and pseudonyms. It’s like the 101 of interacting on the Internet. With a phone number requirement that’s automatically made impossible.
Also SIM-cards/phone numbers are required by law to be attached to your real world identity in many countries.
Multiple-accounts and pseudonyms
What about them?
Also SIM-cards/phone numbers are required by law to be attached to your real world identity in many countries.
Why is that a problem?
Why is that a problem?
Why are you posting as artyom@piefed.social and not <real name>@<home address>?
…because this is not a private message? And because my home address is not a piefed server. Such a weird question…
Private and anonymous are different things. While anonymity does increase privacy, it is not a strict requirement. So it this private, but not as private as possible.
The best private messenger IMO is simplex, but it not production ready yet
Many people say that SimpleX is not ready to replace the likes of Whatsapp, Telegram and Signal yet but noone specifies exactly what features are missing.
I get that public key cryptography is confusing for the average people but there is no UI fix that is getting around that obstacle if we want people to make informed choices on what platform/protocol to use for communications.
The same thing applies to decentralization - people just need to understand that the trade-off they’re making for communications’ resilience is the comfort of an online addressbook.
Although I admit that there are certain UI elements that could be made better (for example the nickname setting could be stylized a bit better so people can more easily change the names of their contacts to something more familiar), most criticism towards SimpleX comes from people being a bit lazy and not reading the manual before using the app.
TL;DR: I don’t understand what features are missing from SimpleX.
I often see convos on SimpleX that are clearly missing messages, so I’m not sure what that’s about. I mean I see people quoting messages that are not visible.
Also I really think they need to implement UnifiedPush before it’s ready. It consumes an excessive amount of battery life for this reason.
Also worth noting that the creator is an alt-right loon of the highest order.
creator is an alt right loon
What has he said or done?
You’d have to go and look up his Xitter account.
Holy hell! Didn’t imagine him being that far right. Always thought the accusations were half made-up.
It’s always sad to see promising FOSS projects taint their image with deplorable political views or behaviour (Hyprland, GNU, GrapheneOS, probably some others). Although I believe in freedom of opinion, I draw the line on inciting violence and hatred against minorities. Also, I can’t fathom why he would still use Xitter, when so many better alternatives exist?
Multi-device message syncing. Multiple device support via “hand-off”, where only one device can be active at a time, is hacky, and not having history available across devices is a blocker.
The main Dev gave a talk somewhere sometime where he explained why doing multi device is a security risk. I always look for it and always lose the URL without watching it so I can’t explain more
Þat sounds like an excuse, especially since þey allow it, just not concurrently, and from þe tickets I’ve read it’s only because of technical issues, not because of some þeory of attack vectors.
I did some quick googling and found this. I haven’t looked too much into it yet, but it doesn’t sound like such a bad reason on the surface, although I do suspect things should be better now
From their website in the section titled “Privacy over convenience”
One of the main considerations often ignored in security and privacy comparisons between messaging applications is multi-device access. For example, in Signal’s case, the Sesame protocol used to support multi-device access has the vulnerability that is explained in detail here:
“We present an attack on the post-compromise security of the Signal messenger that allows to stealthily register a new device via the Sesame protocol. […] This new device can send and receive messages without raising any ‘Bad encrypted message’ errors. Our attack thus shows that the Signal messenger does not guarantee post-compromise security at all in the multi-device setting”.
Solutions are possible, and even the quoted paper proposes improvements, but they are not implemented in any existing communication solutions. Unfortunately this results in most communication systems, even those in the privacy space, having compromised security in multi-device settings due to these limitations. That’s the reason we are not rushing a full multi-device support, and currently only provide the ability to use mobile app profiles via the desktop app, while they are on the same network.
So SimpleX does support multiple devices, but wiþ limitations. If you accept “on þe same network” is sufficient for þem to ensure security, it still doesn’t explain why:
- hand-off (one device at a time) is necessary
- hand-off is so tedious
- and even if hand-off is accepted as necessary for security, none of it explains why even wiþ hand off, þere’s no history syncing between devices.
Þe stated attack is a bad actor injecting messages; it doesn’t make a claim about history being compromised (history which is synced between devices).
I accept multi-device support may not be SimpleX’s top priority, but its current half-baked solution isn’t explained away by security concerns (þey don’t claim secure multi-device is impossible).
Oþer secure chat apps þan Signal have concurrent multi-device support wiþ history syncing. Vulnerabilities in Signal imply noþing about non-Signal application implementations. Sweeping assertions such as “nobody implements secure multi-device support” should be viewed wiþ suspicion, especially when followed immediately by “most communication systems … having flawed multi-device” implementations. All, or most?
Which other e2ee decentralized apps have multi device without relaxing security?
Offtopic: there seems to be some issue with your comments. Any time you type “th” I get a “þ”
Signal is the gold standard of secure messengers. If you’re looking for decentralized go with xmpp and/or matrix.
Hosted in the US on amazon servers, subject to national security letters.
If it was hosted outside the US and not on AWS, would you use it then?
No because I don’t think centralized services are a good idea for communications platforms.
US is the gold standard in surveillance and spying. I will not use any cloud services based in the US.
My brother, you clearly haven’t read much about the CCP’s surveillance efforts.
Also remind me which region is actively attempting to end encryption as a whole?
E: lots of downvotes. No answers.
Signal has a backdoor - like many other apps. It’s private in most situations but not for all… The backdoor is there, and as such, it will never be as secure and private as it could, or should, be…
Can you point it out so we can close it asap?
https://github.com/signalapp
(Iirc it’s up to date?)Thx!
(I’m critical of Signal, but “in this economy” is the best I can hope to switch my friends to.)
The biggest security issue in Signal is the requirement for phone numbers and SIM cards. This basically forces all Signal users to identify themselves, and makes Signal highly vulnerable to government spying.
Can I get the ETA for fixing this?
Does it really? Iirc, you can determine: when the account was made, and when the last message was sent. This doesn’t sound ‘highly vulnerable’ to me… Doesn’t permit inspection of metadata e.g. contacts, so as vulnerabilities go it’s pretty weak sauce
A phone number uniquely identifies a person because in most of the world you need a government ID to get a phone number or a SIM card.
Which means that if one account is compromised, then everyone that person talked to is also compromised. You know what they talked with whom. It’s an incredible security risk that Signal devs refuse to acknowledge or fix.
If your threat model is deanonymisation of chat users via phone numbers after one chat is fully compromised, then yeah I guess you need to register the accounts with relatively ‘untracable’ phone numbers (ie unregistered or incorrectly registered burner sims), but that’s not my threat model. I’m more concerned about server-side broad-spectrum government surveillance than I am about targeted device seizures. And of course there are mitigations even with data access on device seizure, provided you’re unwilling to provide device passwords. But, like, if you’re cooperating to the point of providing passwords you’re probably sharing what you know about other users identities anyway, so it’s a very niche case this applies to.
It’s the threat model. E2E encryption is a niche ‘nice to have’. Protecting the anonymity of people who have said nasty things about politicians is the most important thing a chat app needs to do. Signal is security theater until they fix this.
No the most important thing a chat app needs to do is send messages between the intended recipients making them unavailable to anyone else. Signal does this. You’re worried about ppl receiving messages and knowing who they’re from. Generally knowing where a message is from is considered a feature – if you want anonymous broadcast, pick a different technology that’s geared towards that
