27 comments

[ 3.3 ms ] story [ 44.5 ms ] thread
people often confuse privacy with anonymity, like in this article.

the question was if signal is secure and private, and the answer is about anonymity

is it secure and private - it is, is it anonymous - it's not, or at least, to some degree

You can't have end to end encryption without ends. That said, I have managed to write encrypted end to end communication, using wireguard no less, that doesn't tell a third party server who is talking, or what they are saying.

This is single user talking to single user, though. I know it gets more complex when you have more users than that.

The critique of metadata being hard is fair, the claim that sealed sender is “totally useless” is not. It’s a small, incremental hardening step in a very messy design space, not a magic invisibility cloak, and judging it as the latter sets the bar unrealistically high for anything that still wants to be a drop-in WhatsApp replacement.
Since a lot of people might not reach the conclusion at the bottom of the post:

Just use SimpleX.

I always thought sealed sender was something they implemented for their own sake. The less metadata they can see is better. As a user that means you have to trust them in what they say regarding the data they keep anyway.

Regarding sealed sender I don't think they ever fixed the statistical method of identifying sealed senders described in the "improving sealed sender" paper from 2019 (?), meaning it is pretty useless anyway if signal decided they wanted to identify senders.

Signal is in an impossible position. On one hand, it needs to appeal to the crowds currently using WhatsApp and happily syncing their entire contact list to Facebook/Meta, so that they can be profiled and a social graph can be built. That crowd needs it to be super simple and "just work". If it doesn't do that, people will criticize it for being difficult to use.

On the other hand, it needs to provide ultimate security, even though there is always a compromise between security and convenience. If it doesn't, geeks will criticize it for not being secure enough.

I read through this. I don't think Proton Mail is a good replacement for Signal (it's worse because Proton does log and share IP addresses of users with a court order).

One thing I dislike about Signal on its privacy posture is that the moment you register, anyone who already has Signal and has your phone number in their contacts list will get a message saying you're on Signal. This is a good way for others with bad intentions to know about your presence on the platform. The options to hide your phone number are available only after registering on Signal (after this broadcast has already happened) and when the user figures out that this is possible somewhere deep in the settings.

On registration Signal could ask whether to inform all random people who happen to have your number. But since unused/discarded phone numbers are recycled by carriers to other customers within a matter of weeks or months or years (depending on where you are), your presence on Signal may be sent to someone you've never ever known or has known you. Signal ought to remove this broadcast on registration. Telegram (and I guess WhatsApp) also suffer from the same issue.

Signal is the only WhatsApp/Messenger alternative I've managed to get friends and family to actually move to.

I suppose this Sealed Sender issue is problematic for some people, but it's not enough for me to seriously consider jumping ship.

I'm sorry but I don't think this guy did his homework correctly. You don't need a phone number anymore to use Signal. You still need one to register, but not to communicate with anyone. You can simply share your username for that. So you can just buy a prepaid card with cash, register, and then throw it away, and it will never be linked to your real identity. Signal is not perfect, but it's still the best we have.
The article confuses confidentiality with anonymity/pseudonymity.

Signal has always aimed to ensure confidentiality in the simplest way possible. People forget that there are anonymous systems or systems that do not require a telephone number but they are incredibly painful to set up. You either have to go through physical checks with QR code exchanges to validate participants or have some kind of web of trust (no one has fond memories of PGP key signing parties).

The same goes for decentralization. On paper, everyone wants decentralization. But when it comes to interconnecting hundreds of servers with different rules, moderation and legislation, and protocol versions, it becomes hell and no one wants to have to manage it (e.g. Mastodon).

There are objective reasons why these systems are not popular.

The other problem is that the very use of this type of software becomes a marker. I am convinced that the majority of Olvid users work for the French government, for example.

Iranian activists who are checked at the border or elsewhere with any uncommon communication application have already lost, regardless of the security of the application.

Crypto-punks are a niche group that can accept this type of usage constraint. My grandmother cannot, but she can use Signal and she will be one user among millions.

Let's not forget one way Ross Ulbricht was caught was by correlating traffic from his home through Tor to posts appearing on SilkRoad.
It is, as far as I know, an unsolved problem how to implement full metadata transparency on a mobile device.

For example, Aztec, a privacy focused blockchain, requires recipients to download the entire block to determine if any private message is addressed to them (and BTW use techniques resembling Signal's double ratcheting in creating these identifiers) [1]

This is infeasible on mobile devices. At best, it allows the user to select a proxy server they trust to identify messages intended for them and forward a notification.

1 - https://www.taurushq.com/blog/enhancing-token-transaction-pr... (search for "synchronizer")

These are all spy-apps anyway. To me it always looked as if the US government is just a thin fake-coat over this operation. There is a reason they dislike people having secrets. No spy agency wants people to have secrets. Cops asking for an ID without a probable cause is another reason that then ties into the legal system. I feel that most governments overreach what they can do in general; they have a tendency to grow in what they claim is their concern when it really is not.
It doesn't sound like SimpleX solves this either [0]:

> There is still a risk that a server maliciously records all queues and messages (even though encrypted) sent via the same transport connection to gain a partial knowledge of the user’s communications graph and other meta-data.

[0]: https://github.com/simplex-chat/simplexmq/blob/master/protoc...

I absolutely agree with the article.

Using phone numbers as IDs or a verification method is a horrible practice, not to mention that it forces you to use a phone in the first place.

> this feature is very technically complex, and totally useless

Now, to break your confidentiality, Signal would have to have a relatively complex system setup for trying to match up messages and deanonymize people. You could imagine many scenarios where a bad actor (agency) attempts to trick Signal into logging metadata. This now requires a lot more information, and if nothing else would give you a level of deniability.

All you need is metadata. Once you know your targets, install spyware (on one of them) and enjoy access to Signal's unencrypted msgs on the phone.

Almost feels like another CryptoAG with Snowden recommending it so much when he knows that metadata is enough.

The Molly fork of Signal solves some of these problems.

https://molly.im/

How does Signal make money to be able to afford their AWS subscription? Do corporate clients pay for it or something?

That MySudo service he mentions in the article sounds quite interesting as well. Has anyone given it a try?

Briar is also an alternative.
Fundamentally any centralised message relay system will have enough metadata to know something about participants and maybe even things like message frequency. If you truly want anonymous communication it has to be p2p.
This is ultimately a usability issue. The Signal app has a feature called sealed sender. The assumption is that a feature actually does what it is intended to do. Signal makes no effort to inform the user about the limitations of this feature. My experience is that almost all Signal users that actually know about sealed sender think that it actually provides some practical benefit. Users that do not know the limitation of a tool are unlikely to use that tool properly.

This sort of thing is depressingly common in the world of encrypted messaging. It is really common for a user to not know about the requirement to do identity verification with E2EE for example.