25 comments

[ 5.1 ms ] story [ 73.4 ms ] thread
I am not sure you can trust signal or any other app that offers E2EE.

Would there be any way to independently verify a claim?

I am working on some E2EE as well while trying to answer the question with full transparency.

Download a binary and trust the moment it is typed the content is encrypted.

Signal provides source code and binary hashes, so you can build from source and ensure the running binaries match the source you built from.

You can further use tools like Wireshark to show that the data sent away from your device is encrypted.

So yes, this is fairly straightforward.

>You can further use tools like Wireshark to show that the data sent away from your device is encrypted

That's pretty pointless. Everything is encrypted nowadays, what you want to know is if it's encrypted well enough to not be easily decrypted by any actors.

But you know how the encryption works—the entire Signal protocol is public and described in minute detail (see https://www.signal.org/docs/). You can use Wireshark to make sure Signal isn't lying, i.e., to verify that the client adheres to the protocol. This is possible since you do have access to the keys.
Thank you. Now why can't the service be used without a phone number?

Phones leak data that remove privacy.

afaik that's their next step- introduction of usernames. Or you can use Element/Matrix, that is based on signal encryption protocol but does not need phone nr
> afaik that's their next step- introduction of usernames

In the time that usernames not phone numbers have been their "next step" they have introduced; gifs, encrypted audio and video calls, a built in scam crypto payment scheme, snapchat stories clone and a cryptographic upgrade to defeat quantum computing.

Changing from phone number to username is apparently hard.

as they said - all their infra was relying on mobile phones, so maybe all other features are really easier to implement compared to rewriting all architecture and providing backwards compatibility
Replace int with uuid?
Afaik source code is open, maybe you can contribute if you think that's that easy
Source on Matrix being "based on signal encryption protocol?" I'm pretty sure that's wildly incorrect
I went digging for information on this because somewhere in my mind this claim was installed as true, but your skepticism re-activated my skepticism.

It seems that the Matrix protocol offers optional end-to-end encryption on a room-by-room basis via Double Ratchet Algorithm that was introduced by the Signal Protocol [0]. This is the academic paper that Wikipedia cites for that claim [1].

[0] https://en.m.wikipedia.org/wiki/Signal_Protocol#Influence [1] https://link.springer.com/chapter/10.1007/978-3-319-45982-0_...

So it uses a part of the Signal protocol. That is interesting, and I did not know that, but that does not mean it uses the Signal protocol in its entirety.
He was talking about the encryption of the Signal eptocol, which explicitly doesn't include stuff like message format.

The core idea of the signal protocol is the ratcheting algorithm, which provides the actual qualitative security benefits, this the only real important thing.

Also he was explicitly stating it is based on it, I feel like you are arguing just, because you were so sure yet so wrong in your previous comment

I see, okay, I suppose you guys are probably right.

I was only "pretty sure" in my original comment, not "so sure!" :)

Because it was created to be a secure replacement for text messaging. I gather that in some parts of the world people don't use text messages so much anymore, so this may not seem obvious, but in the US, Signal was primarily adopted as a secure alternative to SMS. People who routinely texted each other's phone numbers could simply install Signal and continue doing exactly that, with the added benefit of encryption.
I guess the question was referring to how do we know it's e2ee and not simple server-client encryption? Ideally, it would be nice to be able to add additional custom encryption on any client, so that ppl that really need it will be extra protected
Your phone's client encrypts it to a public key of the receiver phone's client. The associated decrypting key never leaves that receiving phone (verified by looking at the source code). You know it's the correct public key if you check the "security code" thing (not that many people do that, but hopefully enough people do that any tricks would be caught)
> You can further use tools like Wireshark to show that the data sent away from your device is encrypted.

Data sent away from your device is encrypted on Facebook Messenger and Telegram too, but that doesn't mean anything if it's decrypted upon arrival at the server, or if the receiver backs everything up in plaintext.

[flagged]
If you kept reading you'd see that the previews are actually generated by the sender. So it's unlikely there's any privacy leakage happening at all.

But even if there was, I'm not sure why you're assuming that someone would need to get their head checked if they are using a default feature.

Even if you turn off link previews you would still receive link previews. You just don't send the link previews.