I have no idea. I don't purport to solve all the world's problems simultaneously, but there are people who could easily add a desired layer of obfuscation. And I don't think people should expect all good things to be free.
AFAIK you have to maintain the phone number you sign up with to be able to keep your "account". In many places, it's not feasible to keep a second phone number just for signal simply because it's too expensive.
You need to provide government issued ID in many places to buy a SIM. For example, I had to scan my passport to get a SIM card in Madrid from a vending machine a few months ago
I don't use Signal to message strangers, only contacts who I have phone numbers of. Seems like that's the use case for most messaging apps like Whatsapp and iMessage that Signal was designed to "compete" with. Signal is a private messaging app, not an anonymous messaging app. A worthwhile distinction with very different (though overlapping) target audiences.
It's a simple problem: it cannot replace iMessage. Until regulators wake up and break Apple's monopolization of their messaging, I have to stick to iMessage.
I'm very puzzled by this argument every time I see it, maybe because I live in a country where everybody uses WhatsApp, both on Android and iOS: do you only communicate with people using Apple devices or by SMS?
Seriously, there are different threat models, and hiding from the CIA et al after a warrant is not one that many share. Signal replaced my SMS app. My text messages are secure against CASUAL inspection by 3rd parties. That is good enough for most applications. If I were worried about a governmental repercussions, say if I were a dissident in Afghanistan, Iran, or Russia, then different tools may (or may not) be selected.
Not sure how accurate this article is - e.g. it mentions Signal knowing who's in a given group chat, but AFAICT this isn't the case (from WP: "The group messaging mechanism is designed so that the servers do not have access to the membership list, group title, or group icon").
Signal works for normal people because it makes trade-off. For some people, some of there trade-offs are not acceptable. For most people, it is what makes it possible for them to use a communication technology that can reasonably be considered secure.
The 'CIA funded' bit this opens with has the quality and tone of similar things that put George Soros or the Illuminati at the center of all the all the ills of the world.
In particular, operating a large enough fraction of the exit nodes would provide quite a lot of intelligence, and we know spooks of various stripes do operate a lot of them. Just being seen in contact with a known exit node might be enough to draw unwelcome attention.
That said, the public evidence I know of seems to suggest the spooks' main interest in Tor is actually in having their own assets able to use it.
Does Signal protect you from every possible thread model there is? No. Is it better than WhatsApp at avoiding being spied on and being monetized by the service operator? Definitely.
The author can barely contain his hatred for the politics of Signal's founder (about which I know nothing outside this article.)
More importantly, he's possessed by the fallacy that governments have agendas rather than people within governments having agendas. This is important because he uses it to say that nothing downstream of the CIA can ever have the goal of promoting anonymity. The most obvious contradiction to this within the domain of US intelligence agencies is NSA's freelance tool Ghidra, but hopefully that concept is amply clear when mentioned, even without examples.
> The author can barely contain his hatred for the politics of Signal's founder (about which I know nothing outside this article.)
It's especially bizarre since the author's only reference to the founder's "confused and useful idiot politics" is that the founder claims that regimes in Belarus, Russia, Venezuela, China are authoritarian and that there are human rights abuses elsewhere. That claim seems not only reasonable, but also perfectly consistent with still being suspicious about US surveillance policy.
> Signals database, which we must assume is compromised due to its centralized and US domiciled nature, has a few important pieces of data;
> Message dates and times
> Message senders and recipients ( via phone number identifiers )
Since Sealed Sender[0] in 2018, Signal messages only have the sender available under encryption, in other words the signal server can't store the sender. Conceivably it could store metadata about the sender, but such data isn't authenticated. The article fails to mention sealed sender at all.
As a consequence of this, and the way signal bootstraps contacts from phone numbers, you can't actually build any sort of social graph from signal. The signal server doesn't know my contacts on signal. It never has. It knows phone numbers with signal, and I know phone numbers and contact names, and you can join those things to get that my contact, Fred, uses signal. But that's all done on my phone, the signal server never knows that [1].
On the other hand, any system that uses a system of contacts managed within the application (e.x. you have a username and contacts tied specifically to the communication protocol) must maintain a contact graph. It's actually worse from this perspective. I think with a system like Keybase you could attest to having an identity on the platform, and use that to bootstrap but this is no better, and arguably worse, since you still need to publish that identity on the attestation platform.
[1]: Implementation detail I don't know here: whether or not you are sent all signal phone numbers, or if you reveal the contacts you know to the server. The first is obviously more private.
This funding stuff is absolute horseshit and people should be embarrassed to write it up.
What I believe they're referring to is a project that OTF (under, IIRC, the Broadcasting Board of Governors) ran for several years that funded audits for all online privacy technology. I'm aware of it because Matasano, the firm I helped run for 10 years, took (as I recall) several of these OTF projects.
Notably, these projects included all sorts of random privacy tech tools. It was clear at the time, to me at least, that anything anybody was using (or, in some cases, even talking about using) was eligible for funded audit projects.
This is a little like suggesting that because companies like Google fund critical internet infrastructure audits, the projects that get those audits are somehow compromised by Google.
I get that it's very difficult to disentangle the US IC from online privacy technology (this is a much bigger issue with Tor), but in this case, there is just nothing to the story, except maybe that people might want to know that there was at least one good thing, among a zillion bad things, that the US IC actually funded.
PS
The OTF projects I'm aware of all reported directly to the projects involved, not to OTF, and were totally standard software security assessments, with rules of engagement set by the projects themselves and results reported directly and exclusively to the project. It was just money OTF was shoveling into getting audits done for open source projects.
Applied widely, this criticism also disqualifies many projects and teams from being deemed trustworthy: not only the Tor Project[0] but anything written by the Guardian Project team[1], or the folks who build Secure Scuttlebutt[2], or even the team working on reproducible-builds.org[3].
Like em or not, OTF funds a ton of great privacy-augmenting shit.
Are there tribes within federal agencies, or across the federal administration? It seems like some actors are really against strong encryption and the like, while others actively work to improve it.
Traditionally, this has been explained by saying that the feds have defensive and offensive strategies, but I have to wonder if there are certain federal agents that lean toward one end of the spectrum or the other.
While I very much agree with the author's critiques on the architecture of signal (centralized service, under US government jurisdiction, phone number requirement and the maintainer's merciless effort to squash interoperability with other services, something antithetical to a supposed free software project) I think it is important to point out that the author is a self avowed Marxist-Leninist and their motivation for writing this is likely largely support for the sovereignty of the Chinese Communist Party.
This is not a character attack, it is pertinent information. The author does not actually value individual liberty or privacy from state apparatus, quite the opposite, and it would not be a stretch to call this article agitation.
This article sort of makes the case for Matrix but I find Matrix incredibly clunky and slow. Plus every time it "verifies" me it always goes back to the app on my phone like it's some sort of permanent and authoritative identifier. So in that sense it's similar to Signal and Telegram being attached to your phone in some way.
Hard to know what to trust these days. "Nobody" I guess.
I use Signal and think it's pretty good while achieving its goals. The only other protocol I know that might be better for privacy is Tox, but it drains your bandwidth and any mobile device battery since it's decentralized.
My litmus test is simple on if Signal is good enough. It's banned in most totalitarian nations. It has to be more secure than iMessage, and it's not like I use it for criminal activity so I'm happy with it. If that's peoples idea, you'd want to avoid all-things-convenient (the internet) and use intermediaries, deal in cash only, etc. For simple messaging without the government cataloguing your every word, Signal works great.
The biggest threat to privacy is probably every device sold today having a microphone in it. Misuse for passive listening. Not the actions purposefully taken for communication like a text message.
38 comments
[ 3.3 ms ] story [ 85.5 ms ] threadEdit: Sorry, the answer was yes to both.
In particular, operating a large enough fraction of the exit nodes would provide quite a lot of intelligence, and we know spooks of various stripes do operate a lot of them. Just being seen in contact with a known exit node might be enough to draw unwelcome attention.
That said, the public evidence I know of seems to suggest the spooks' main interest in Tor is actually in having their own assets able to use it.
https://www.washingtonpost.com/graphics/2020/world/national-...
Or more recently RSA:
https://www.wsj.com/articles/BL-DGB-31580
https://signal.org/blog/private-contact-discovery/ https://medium.com/@maniacbolts/signal-increases-their-relia...
More importantly, he's possessed by the fallacy that governments have agendas rather than people within governments having agendas. This is important because he uses it to say that nothing downstream of the CIA can ever have the goal of promoting anonymity. The most obvious contradiction to this within the domain of US intelligence agencies is NSA's freelance tool Ghidra, but hopefully that concept is amply clear when mentioned, even without examples.
It's especially bizarre since the author's only reference to the founder's "confused and useful idiot politics" is that the founder claims that regimes in Belarus, Russia, Venezuela, China are authoritarian and that there are human rights abuses elsewhere. That claim seems not only reasonable, but also perfectly consistent with still being suspicious about US surveillance policy.
> Signals database, which we must assume is compromised due to its centralized and US domiciled nature, has a few important pieces of data;
> Message dates and times > Message senders and recipients ( via phone number identifiers )
Since Sealed Sender[0] in 2018, Signal messages only have the sender available under encryption, in other words the signal server can't store the sender. Conceivably it could store metadata about the sender, but such data isn't authenticated. The article fails to mention sealed sender at all.
As a consequence of this, and the way signal bootstraps contacts from phone numbers, you can't actually build any sort of social graph from signal. The signal server doesn't know my contacts on signal. It never has. It knows phone numbers with signal, and I know phone numbers and contact names, and you can join those things to get that my contact, Fred, uses signal. But that's all done on my phone, the signal server never knows that [1].
On the other hand, any system that uses a system of contacts managed within the application (e.x. you have a username and contacts tied specifically to the communication protocol) must maintain a contact graph. It's actually worse from this perspective. I think with a system like Keybase you could attest to having an identity on the platform, and use that to bootstrap but this is no better, and arguably worse, since you still need to publish that identity on the attestation platform.
[0]: https://signal.org/blog/sealed-sender/
[1]: Implementation detail I don't know here: whether or not you are sent all signal phone numbers, or if you reveal the contacts you know to the server. The first is obviously more private.
What I believe they're referring to is a project that OTF (under, IIRC, the Broadcasting Board of Governors) ran for several years that funded audits for all online privacy technology. I'm aware of it because Matasano, the firm I helped run for 10 years, took (as I recall) several of these OTF projects.
Notably, these projects included all sorts of random privacy tech tools. It was clear at the time, to me at least, that anything anybody was using (or, in some cases, even talking about using) was eligible for funded audit projects.
This is a little like suggesting that because companies like Google fund critical internet infrastructure audits, the projects that get those audits are somehow compromised by Google.
I get that it's very difficult to disentangle the US IC from online privacy technology (this is a much bigger issue with Tor), but in this case, there is just nothing to the story, except maybe that people might want to know that there was at least one good thing, among a zillion bad things, that the US IC actually funded.
PS
The OTF projects I'm aware of all reported directly to the projects involved, not to OTF, and were totally standard software security assessments, with rules of engagement set by the projects themselves and results reported directly and exclusively to the project. It was just money OTF was shoveling into getting audits done for open source projects.
Like em or not, OTF funds a ton of great privacy-augmenting shit.
[0]: https://www.opentech.fund/results/supported-projects/prepari... [1]: https://www.opentech.fund/results/supported-projects/the-gua... [2]: https://www.opentech.fund/results/supported-projects/dark-cr... [3]: https://www.opentech.fund/results/supported-projects/reprodu...
Traditionally, this has been explained by saying that the feds have defensive and offensive strategies, but I have to wonder if there are certain federal agents that lean toward one end of the spectrum or the other.
This is not a character attack, it is pertinent information. The author does not actually value individual liberty or privacy from state apparatus, quite the opposite, and it would not be a stretch to call this article agitation.
Hard to know what to trust these days. "Nobody" I guess.
that said the clients do leak a lot of metadata when compared to signal.
My litmus test is simple on if Signal is good enough. It's banned in most totalitarian nations. It has to be more secure than iMessage, and it's not like I use it for criminal activity so I'm happy with it. If that's peoples idea, you'd want to avoid all-things-convenient (the internet) and use intermediaries, deal in cash only, etc. For simple messaging without the government cataloguing your every word, Signal works great.
The biggest threat to privacy is probably every device sold today having a microphone in it. Misuse for passive listening. Not the actions purposefully taken for communication like a text message.