What a bizarre article. So Katherine Maher was apparently CEO of Wikipedia, and CEO of NPR, and said some rhetoric about diversity and combatting disinformation. So what? Signal is encrypted, and it's a private messenger - not a social network. It's not the kind of platform where you can ban influencers you don't like, because it doesn't have influencers. And you can't censor messages because, once again, they're encrypted.
It also alleges some kinds of deep-state connections due to an early grant it received, but fails to present evidence of anything nefarious. Remember, Tor was a US government project too - it doesn't mean they control it.
It's clear the author doesn't like the woman's political views and affiliations with center-left causes, but unless he's worried about Signal selling tote bags during pledge drives I just can't see the relevance.
I think the author is suggesting Signal may have a back door. There is a philosophy that you should not trust any crypto software unless it is open source andheavily vetted and you compile your copy yourself.
He didn't really suggest a backdoor. None of his writing touched on the technical aspects of Signal, or Moxie Marlinspike (which is weird - it's like talking about Apple's history without mentioning Steve Jobs.) He doesn't discuss any scenarios by which Signal messages could be censored; I'm honestly not sure he's even used Signal.
Also, Signal's client is open-source. You can verify its security claims. It's been independently audited. I think the builds are deterministic, or at least verifiable. The server is closed-source, but the client does not trust the server. And even contact discovery etc. uses SGX enclaves and other mechanisms to keep metadata from being visible. It's what makes the accusation so risible - Signal's security and privacy are verifiably state of the art.
I agree that Moxie's mysterious exit (and the associated Mobilecoin shenanigans) and Signal's continued insistence on trusting Intel SGX (which is indeed state of the art, but it's not clear that it's actually secure against a determined adversary) are more salient than the political character of the current board chair. It's a shame the article didn't mention them at all.
Read the rest of the website. Or rather, don't. AFAICT, it's standard conservative cultural rants compiled into incomprehensible word salad. The other two articles that I skimmed were of equally low quality, and equally low on actual confirmable facts.
6 comments
[ 69.6 ms ] story [ 1444 ms ] threadIt also alleges some kinds of deep-state connections due to an early grant it received, but fails to present evidence of anything nefarious. Remember, Tor was a US government project too - it doesn't mean they control it.
It's clear the author doesn't like the woman's political views and affiliations with center-left causes, but unless he's worried about Signal selling tote bags during pledge drives I just can't see the relevance.
Also, Signal's client is open-source. You can verify its security claims. It's been independently audited. I think the builds are deterministic, or at least verifiable. The server is closed-source, but the client does not trust the server. And even contact discovery etc. uses SGX enclaves and other mechanisms to keep metadata from being visible. It's what makes the accusation so risible - Signal's security and privacy are verifiably state of the art.
https://en.wikipedia.org/wiki/Christopher_Rufo