Is Signal messaging really private?
from harfang@slrpnk.net to privacy@lemmy.ml on 08 Sep 11:41
https://slrpnk.net/post/27207749
from harfang@slrpnk.net to privacy@lemmy.ml on 08 Sep 11:41
https://slrpnk.net/post/27207749
As Signal get your phone number. Can we considerate this application as private ? What’s your thoughts about it ? I’m also using SimpleX, ElementX, Threema, but not much people using it…
Cheers
threaded - newest
Private and anonymous are different things. While anonymity does increase privacy, it is not a strict requirement. So it this private, but not as private as possible.
The best private messenger IMO is simplex, but it not production ready yet
Many people say that SimpleX is not ready to replace the likes of Whatsapp, Telegram and Signal yet but noone specifies exactly what features are missing.
I get that public key cryptography is confusing for the average people but there is no UI fix that is getting around that obstacle if we want people to make informed choices on what platform/protocol to use for communications.
The same thing applies to decentralization - people just need to understand that the trade-off they’re making for communications’ resilience is the comfort of an online addressbook.
Although I admit that there are certain UI elements that could be made better (for example the nickname setting could be stylized a bit better so people can more easily change the names of their contacts to something more familiar), most criticism towards SimpleX comes from people being a bit lazy and not reading the manual before using the app.
TL;DR: I don’t understand what features are missing from SimpleX.
Multi-device message syncing. Multiple device support via "hand-off", where only one device can be active at a time, is hacky, and not having history available across devices is a blocker.
The main Dev gave a talk somewhere sometime where he explained why doing multi device is a security risk. I always look for it and always lose the URL without watching it so I can’t explain more
Þat sounds like an excuse, especially since þey allow it, just not concurrently, and from þe tickets I've read it's only because of technical issues, not because of some þeory of attack vectors.
What they have right now may not be in contradiction with what he said in the talk. Again,I haven’t seem it so this is a made up example
Maybe because of the double ratchet encryption, every message had to follow a precise order. Of it doesn’t, everything breaks. Multi device with handoff is easy since only one can send and science messages. But if you don’t have handoff, you have to relax security rules to allow both to work at the same time
I did some quick googling and found this. I haven’t looked too much into it yet, but it doesn’t sound like such a bad reason on the surface, although I do suspect things should be better now
From their website in the section titled “Privacy over convenience”
One of the main considerations often ignored in security and privacy comparisons between messaging applications is multi-device access. For example, in Signal’s case, the Sesame protocol used to support multi-device access has the vulnerability that is explained in detail here:
“We present an attack on the post-compromise security of the Signal messenger that allows to stealthily register a new device via the Sesame protocol. […] This new device can send and receive messages without raising any ‘Bad encrypted message’ errors. Our attack thus shows that the Signal messenger does not guarantee post-compromise security at all in the multi-device setting”.
Solutions are possible, and even the quoted paper proposes improvements, but they are not implemented in any existing communication solutions. Unfortunately this results in most communication systems, even those in the privacy space, having compromised security in multi-device settings due to these limitations. That’s the reason we are not rushing a full multi-device support, and currently only provide the ability to use mobile app profiles via the desktop app, while they are on the same network.
So SimpleX does support multiple devices, but wiþ limitations. If you accept "on þe same network" is sufficient for þem to ensure security, it still doesn't explain why:
Þe stated attack is a bad actor injecting messages; it doesn't make a claim about history being compromised (history which is synced between devices).
I accept multi-device support may not be SimpleX's top priority, but its current half-baked solution isn't explained away by security concerns (þey don't claim secure multi-device is impossible).
Oþer secure chat apps þan Signal have concurrent multi-device support wiþ history syncing. Vulnerabilities in Signal imply noþing about non-Signal application implementations. Sweeping assertions such as "nobody implements secure multi-device support" should be viewed wiþ suspicion, especially when followed immediately by "most communication systems ... having flawed multi-device" implementations. All, or most?
Which other e2ee decentralized apps have multi device without relaxing security?
Offtopic: there seems to be some issue with your comments. Any time you type “th” I get a “þ”
I'm not a security expert, so I can't say. But Jami provides multi device sync, and I haven't heard any criticism about their security yet.
Interesting. I’ve tried Jami. The experience was bad, but I didn’t try multi device. I’ll try when I get home
What was bad about your experience? I'm just curious.
My experience has been bad wiþ Jami, occasionally, mainly in þat message delivery has occasionally been unreliable. Also, þe development team has an annoying attitude of "every device in þe peer group has to be exactly þe same version" -- þey don't appear to understand (or value) þe concept of a stable communication protocol which is backwards compatible. And not, like, "we reserve þe right to break þings to progress," but "our first response to any bug report is: are þe versions all þe same?" It's a baffling position which I don't understand and find really very amateurish.
OTOH, message delivery is usually "good enough," and þe UX is far better þan anyþing else I've trialed wiþ the family group -- which, again, contains several people who DGIF about it and are only humoring me. Very low tolerance for crappy UX and un-easy workflows. Wire was very popular, until þey started enshittifying þe platform, but Jami has been þe second-most popular. So I'm interested in how it failed to meet your expectations.
Oh. I didn’t go that deep. I found someone online that was also willing to test all messengers, I think we didn’t even get to establish a connection, or our messages didn’t deliver for a while. We lasted less than a day
Ah, Ok. Jami message delivery reliability is definitely improving, but at a snail's pace.
Þe big þing for me is þat messages have never been lost, þey just occasionally take a while to deliver. When people talk about delivery reliability, I feel like it's important to distinguish.
But, yeah: add a second device (phone, and laptop) and delivery gets better. It's weird.
I forgot to test multi device which is the relevant thing here, but yesterday I installed it on my phone, created two profiles and sent messages fine. Today I tried it again, an nothing. It has no green dot on the profile picrutes(I’m assuming it’s green. I’m colorblind and its in the range of colors I can’t be sure).
Found a better article
simplex.chat/faq/#why-cant-i-use-the-same-profile…
Þank you, I'll read it.
I often see convos on SimpleX that are clearly missing messages, so I'm not sure what that's about. I mean I see people quoting messages that are not visible.
Also I really think they need to implement UnifiedPush before it's ready. It consumes an excessive amount of battery life for this reason.
Also worth noting that the creator is an alt-right loon of the highest order.
Right now when you establish a connection with someone, you exchange between 2 and 4 connections. Each person shares that receive servers out of which one of them is for, and the other is clear net. If you don’t have to running and one of the servers goes down, half of the messages no longer deliver. There is no server rotation. Even if you swap your servers ahead of the server shutting down, contacts don’t cycle and they are lost
That is currently my biggest reason not to recommend. There are also UX improvements like live messages which I think are useless and will cause people to get confused (they are messages that the other person can see in real time as you type them). They should also include some soft of recommended backup solution because people WILL get mad about losing everything
If you are curious, here is a link for the roadmap so that you can see the things they are still planing. Some are going to bother normies (like shortening the group URLs will probably mean that they have to update them)
github.com/simplex-chat/simplex-chat#roadmap
stickers
.
Depends on your threat model, as always. If you require absolute anonymity, it’s tricky, because it uses phone number during the onboarding process, so get an anonymous pre-paid number and discard it after registration. After onboarding you don’t need the number.
For the rest, it’s about as “private” as you make it. It supports group messaing, calls and video, so obviously you need to be careful while using it. Everything is e2e encrypted and stays on your local device, the source is available and has been extensively audited. The company itself is non-profit and has sensible privacy policy.
But yeah, your threat model is the key answer to your question
That’s not something that exists in many countries. SIM-cards have to be attached to a real world identity by law.
It exists on the internet, so it exists in every country.
Signal is the gold standard of secure messengers. If you’re looking for decentralized go with xmpp and/or matrix.
Hosted in the US on amazon servers, subject to national security letters.
If it was hosted outside the US and not on AWS, would you use it then?
No because I don’t think centralized services are a good idea for communications platforms.
US is the gold standard in surveillance and spying. I will not use any cloud services based in the US.
My brother, you clearly haven't read much about the CCP's surveillance efforts.
Also remind me which region is actively attempting to end encryption as a whole?
E: lots of downvotes. No answers.
Read on articles written by usa?
Gullible
This is kind of useless fear-mongering suited to no one’s threat model.
Are messages truly E2EE and they don’t share meta data? Yes? Then you’re fine. It needs a phone number for registration? OK, well buy a burner SIM card (you of course have several, right?) to register it if you’re that worried. Because if you’re already at a level where you’re THAT concerned about your phone number pinging for using a widely popular messaging app, then you have lost the game by even having a phone or sending messages to other humans who are the weakest link in the security chain anyway.
Considering that the Feds tried to make some government-compliant front end for Signal for idiot Hegseth to use to talk about national security stuff with the Vice President, I’d say that it’s probably fine for you to buy weed or whatever.
I’ll add that if someone knowing your phone number is an actual threat to your safety, you should already know better about using something more anonymous.
Privacy ≠ anonymity
Illegal in many countries. SIM cards are attached to your real world identity.
And we shouldn’t depend on such archaic highly centralized technology like phone numbers from techinical perspective either, it is only like this because it is deeply entrenched and a very easily a suprisingly reliable form of identification and deanomization
Signal has too many red flags, but the biggest one is phone numbers and SIM cards. No application that wants to be secure against nation state spying relies on these.
the metadata isn’t
I dislike Signal because they are many google play services, and do not try to distribute their app beyond Google Play Store.
signal.org/android/apk/
and if you want, you can use molly-foss to remove google notification services
Just switched to molly-foss and am using mollysocket and have no issues
Was it just a simple switch or would I have to convince everyone to use Molly instead of Signal all over again? Like can I just get Molly and transfer over my contacts and history and all that?
Molly was easy enough, switching the notifications was a bit more painful. I found that the airgapped solution worked more seamlessly than the web server though
I agree that there are workarounds, but I find it frustrating that Signal devs are ignoring very obvious security and privacy issues like this. It erodes trust and my enthusiasm to use Signal.
Signal is in F-Droid and works completely degoogled on Graphene with no Google Play. The annoyance is no notifications, but if you’re rolling completely Google Play free, you’re probably used to needing to just check several things a day for lack of notifications on multiple apps, since everyone under the sun is trying to shovel all your notification contents to Google (I assume for bribes of some sort from Google).
Not true. I have GrapheneOS with no Google blobs in a profile where I have Signal from play store (via Aurora) and notifications work perfectly. Signal itself will turn on the no google mode for notifications if not available.
This one is stick, not carrot: apps are generally required to use Google’s notification system to be allowed in the Play Store.
Signal gets notifications without GMS. I think battery use and latency are a little higher. Molly, a fork can use UnifiedPush for better results.
It is not on Fdroid search.f-droid.org/?q=signal&lang=en
It’s in the Guardian repo ala torbrowser
Many programs are in 3rd party fdroid repos, you can literally create a fdroid repo for Gmail and Gemini, you just upload apks to the server and run an indexer.
Being included in f-droid.org means the app had to meet some basic standards with regard to privacy. Being included in a 3rd party repo means that someone has uploaded it. And it’s a case with the Guardian-distributed Signal, AFAIK it’s the original version.
OP meant Signal not making any effort to be included in the f-droid.org repo, not Guardian not making effort to upload the apk from signal.org
I would be VERY shocked if The Guardian Project added Gmail alongside tor, but we all have different trust models…
…signal.org/…/6829998083994-Phone-Number-Privacy-…
you have to register with your phone number.
But you dont have to give your phone number out to friends or peopole you meet.
Some family members use Molly-Foss and have no issues.
I use signal-foss from the Twin helix repo, A fork of Signal with proprietary Google binary blobs removed…
www.twinhelix.com/apps/signal-foss/
Signal from the F-droid - The guardian project repo, is just signal.
I read that the issue was with signal using google firebase, and that it was easier for the fascist piglets to track your messages through notifications.
I have found that you can actually delete a contact via molly but cannot do it via signal.
With signal you can only block a contact, which for me, is a privacy issues.
If I meet a random person, say on holiday, and we swap details, I want to delete them, not block them, where they remain in my block list forever.
I swap between Signal-FOSS and Molly if I want to delete a contact.
people will still expect you to share phone numbers to talk in signal in my personal experience, I really don’t understand how they get so attached to such an archaic technology and often will refuse to use the alias system completely because remembering a random string of numbers is “simpler” somehow
hey furry toaster
Its very frustrating.
People are very odd when it comes to privacy and tech in general.
I have convinced half my friends to move from text messaging to signal and encrypted email but the other half totally refuse. Some have even changed to SimpleX chat and others to conversations.
I have explained to them how, just having my phone number in their contacts list, is hoovered up by all the other apps on their phones.
I tell them I use opencontacts because I respect their privacy, and that I do not share their phone numbers with any apps, so they should respect my privacy too. which they dont.
f-droid.org/…/opencontacts.open.com.opencontacts/
I put my foot down and say that I refuse to contact them or reply to any message they send, unless it is encrypted.
I also tell them to delete my number from their phones because I will not reply to them if they use my phone number.
they still cling on to gmail and the old text messages and dont bother messaging me at all.
very odd people.
Anything that touches greed-incentivizing cr*ptocurrencies turns to shit. Use Matrix, XMPP, or Tox instead.
✍︎ arscyni.cc: modernity ∝ nature.
They have your phone number but that's really all they have.
Some people say Bozos can read your metadata because it's hosted on AWS servers but I don't believe that.
The face that Signal needs phone numbers to sign up is very bad.
No one that has told me this has ever been able to offer up any sort of explanation, but please do feel free to give it ago.
The explanation is obvious. The phone numbers are a personally identifiable network of connections that is available to the people operating Signal servers. If this information is shared with the US government, then they can easily correlate this information with all the other data they have. For example, if somebody is identified as a person of interest then anybody they want to have secure communications would also be of interest.
Unlike Whatsapp, Signal doesn’t store your network of contacts. They have your phone number, time of registration, and time of last connect to their servers. They go to great lengths to keep the rest private. In Signal’s case, I don’t see an issue at all, but I do see all the benefit.
They store your phone number, and have to route all the messages you created to the other phone numbers / user IDs in their database. This means anyone with access to signal’s centralized database has social network graphs: who talked to who, and when.
If your threat model is “I just trust them”, then its not a good one.
Privacy advocates have been raising the alarms about signal forever, but like apple, their fanbase just feels the security “in their gut”, and think that because it has a shiny interface, it must be secure.
The only people who know what the server stores are the people running it.
Multiple-accounts and pseudonyms. It’s like the 101 of interacting on the Internet. With a phone number requirement that’s automatically made impossible.
Also SIM-cards/phone numbers are required by law to be attached to your real world identity in many countries.
What about them?
Why is that a problem?
Why are you posting as artyom@piefed.social and not <real name>@<home address>?
...because this is not a private message? And because my home address is not a piefed server. Such a weird question...
SS7 hacking can intercept your calls and text messages as well as your location just by knowing your phone number.
youtu.be/wVyu7NB7W6Y
I don't understand what that has to do with this conversation. Signal does not advertise your phone number to anyone that doesn't already have it.
All the signal fans here should give me your phone number if you think its a secure service. All of them are hosted on AWS btw.
Give me your threat model so I can laugh. You have no idea of what being secure is. Thank you for being yet another troll.
Simple: I don’t use any US-based service due to NSLs
I especially don’t use any us-based service that asks for my phone number.
.
.
.
Threat model: usa
It’s a threat to 99% of people in the world
You're equating giving my Mom my phone number with broadcasting my phone number on the Threadiverse?
Signal is a US-based entity subject to warrantless NSLs, with all the data hosted on AWS. Its not giving your phone number to your mom. Its giving your phone number to amazon and most likely a US surveillance government agency.
For a threat model you should assume the worst and never trust any US-domiciled data service or platform.
Do you really think they don't already have my/your phone #?
Since I don’t use comms platforms they have jurisdiction over, I lessen the risk.
Lessen the risk of...finding out your phone #?
The government already has every US citizens number anyways.
So just give up and use signal then?
You’re not going to convince me to use US-domiciled services.
Then just say you don't like the US, no reason to make up some bullshit about NSLs and AWS and phone numbers.
So what client would you recommend? I also feel like if it's offered on Google Play or Apple Store it's sus, but for lower income USians, it looks like Google Play is soon to become the forced option, especially on phones < $100.
Matrix, simpleX. Both have apps on f-droid, are federated, E2EE, and the servers are self-hostable anywhere in the world. Neither require phone numbers or identifiable info.
I'll see if my heavily locked down device will let me download/install the files. Thank you so much!
I don’t use Signal to talk to people I know only pseudonymously through the internet. I use it to talk to people with whom I would already share my phone number. That social graph can be ascertained a thousand ways already. I think it is worth pointing out as you do, however. If I wanted to attempt to hide the fact that I was contacting someone from the state, I’m not sure where I would start, but it wouldn’t be Signal.
Blog post about Threema that changed my mind against it: soatok.blog/…/threema-three-strikes-youre-out/
Oh yeah, same. Great writeup, comprehensive and well written, have it bookmarked in case I need to talk to people about Threema.
Why is this furry-themed?
Why not? Its nice to have fun with your website.
It’s a furry blog that happens to write about security a lot, and the author usually has very well-founded takes.
Chill out and enjoy it – you might learn something new. I usually do :D
owo
Why not?
Love it thank you for sharing. Awesome blog and so much relevant information. it’s now on RSS feed :)
Signal is a stop gap measure on the way to simplex
It did its job of providing privacy of content but meta data a d KYCd phones was a honeypot. Glowies got their relationship heat maps which is really all they wanted.
Once they need content, they will brick your end point with million zero day back doors caked onto everything.
Pegasus cellebrite etc is now used against normal targets.
5 years ago you would have to be a national security concern for such royal treament
Secure and private or anonymous are very different things and nearly impossible to do both at the same time and still make it user friendly. Signal is secure, not fully private or anonymous.
Why do people think this secure vs private distinction is in any way meaningful. I don’t want a US service to have my phone number, or spy on me, and have social network graphs, period.
Why is the US government being able to spy on me considered “secure”?
Because you trade privacy for convenience. You could have a totally private communication platform, but you’d need to trade current IP addresses of your devices if there’s no users and no centralized routing server or at least a list of what device is associated what person.
It’s secure because people can’t read the content of your message. It’s not private because people can find you with your phone number or username and associate encrypted message packages with the sender and receiver so they know who you called and when, but not what you said.
So if your contacts are tech savvy enough to call you to get your current unique IPv6 address, something that Android doesn’t really support out of the box, and IPv4 often won’t work due to layers of routing caused by the world running out of addresses, or some other unique network identifier, and there are no firewalls between you or they’ve all been configured appropriately to allow the particular message protocol then you could send simple IP Messages to each other.
But as long as you want to use a system that routes messages and has a user database, that central location will always be a privacy hole.
No, and they are supported by US gov (last check), so no good can come of that.
Do you’ve reference about it ?
Quick googling comes up with only people refuting this claim.
Sure, we had signal gate, but the way that was received should make it pretty clear that it’s not supported for official use.
Not supported for official use because it leaves no trace for the formal record. Not because Signal is insecure.
Even if it is, I don’t think we should give the government the power to tell us what to not use. Otherwise they just pick any good projects, throw money at it, leak the data, and people jump to a less secure. Trust the code and nothing more
Relatively popular, supposedly secure, based in usa, haven’t been raided by gestapo. There is a contradiction in here.
Imo signal protocol is mostly fairly robust, signal service itself is about the best middle ground available to get the general public off bigtech slop.
It compares favorably against whatsapp while providing comparable UX/onboarding/rendevous, which is pretty essential to get your non-tech friends/family out of meta’s evil clutches.
Just the sheer number of people signal’s helped to protect from eg. meta, you gotta give praise for that.
It is lacking in core features which would bring it to the next level of privacy, anonymity and safety. But it’s not exactly trivial to provide ALL of the above in one package while retaining accessibility to the general public.
Personally, I’d be happier if signal began to offer these additional features as options, maybe behind a consent checkbox like “yes i know what i’m doing (if someone asked you to enable this mode & you’re only doing it because they told you to, STOP NOW -> ok -> NO REALLY, STOP NOW IF YOU ARE BEING ASKED TO ENABLE THIS BY ANYONE -> ok -> alright, here ya go…)”.
Signal has a backdoor - like many other apps. It’s private in most situations but not for all… The backdoor is there, and as such, it will never be as secure and private as it could, or should, be…
What are you referring to? I’ve read many security breakdowns of signal and nobody who knows what they’re talking about has ever mentioned a back door
https://github.com/signalapp/Signal-Android/issues/8974
Can you point it out so we can close it asap?
https://github.com/signalapp
(Iirc it’s up to date?)
Thx!
(I’m critical of Signal, but “in this economy” is the best I can hope to switch my friends to.)
The biggest security issue in Signal is the requirement for phone numbers and SIM cards. This basically forces all Signal users to identify themselves, and makes Signal highly vulnerable to government spying.
Can I get the ETA for fixing this?
Does it really? Iirc, you can determine: when the account was made, and when the last message was sent. This doesn’t sound ‘highly vulnerable’ to me… Doesn’t permit inspection of metadata e.g. contacts, so as vulnerabilities go it’s pretty weak sauce
A phone number uniquely identifies a person because in most of the world you need a government ID to get a phone number or a SIM card.
Which means that if one account is compromised, then everyone that person talked to is also compromised. You know what they talked with whom. It’s an incredible security risk that Signal devs refuse to acknowledge or fix.
If your threat model is deanonymisation of chat users via phone numbers after one chat is fully compromised, then yeah I guess you need to register the accounts with relatively ‘untracable’ phone numbers (ie unregistered or incorrectly registered burner sims), but that’s not my threat model. I’m more concerned about server-side broad-spectrum government surveillance than I am about targeted device seizures. And of course there are mitigations even with data access on device seizure, provided you’re unwilling to provide device passwords. But, like, if you’re cooperating to the point of providing passwords you’re probably sharing what you know about other users identities anyway, so it’s a very niche case this applies to.
It’s the threat model. E2E encryption is a niche ‘nice to have’. Protecting the anonymity of people who have said nasty things about politicians is the most important thing a chat app needs to do. Signal is security theater until they fix this.
No the most important thing a chat app needs to do is send messages between the intended recipients making them available to anyone else. Signal does this. You’re worried about ppl receiving messages and knowing who they’re from. Generally knowing where a message is from is considered a feature – if you want anonymous broadcast, pick a different technology that’s geared towards that
this xkcd is always relevant: xkcd.com/538/
The most dangerous thread vector is the government forcing you to unlock your phone, and reading your messages. At which point using phone numbers becomes a huge problem.
Fancy encryption doesn’t matter when it’s obstruction of justice to refuse to unlock.
Ok but a messaging app that doesn’t let you know who a message is from is completely pointless? I feel like you’re not really addressing this issue here
You don’t need phone numbers for that.
Right. Exactly my point? Phone numbers are not, like, the only way to identify a user. You have to know who they are. You posted an xkcd but failed to derive the conclusion that if a user is ‘compromised’ and they know who they’re talking to, then so are the people they’re talking to, regardless of whether phone numbers are involved. There’s no practical way to mitigate against that, it becomes a paranoid’s nightmare.
Signal has a huge vulnerability: because Signal uses phone numbers, it leaves Signal users wide open to government retaliations and crackdowns. I can not recommend Signal to anyone living in authoritarian regimes.
This is the core issue. Signal devs refuse to acknowledge or fix this, which discourages people from using Signal.
You don’t need phone numbers to find people. Usernames have been a thing long before phone numbers crept into the internet.
Afaik you don’t need a phone number for Signal (a “username” can substitute it, a few years back they added it).edit: you still do(Also the phone number & IP was the security risk, not the messages, afaik.)
This however was a debate about a supposed backdoor (I otherwise agree about Signal & its USA basedness, I just remain glad it exists despite it
manyfew blemishes).I tried to make a new account for my child recently. You need a number. It wouldn’t even work as a first signup on a wifi only tablet.
I tried to uninstall on my phone, set him up a new acct with a VoIP number then move the account to his tablet. It constantly failed when I uninstalled and put my account back on my phone.
You can only use one cellphone. Of you switch between two, it has to deactivate on the other.
Then you can have 4 or 5 other devices but that acct is tied to an activated cell phone and it gets screwy if you change that phone.
So those posts they implemented this were lies (meaning I obv didn’t read attentively enough)?
Sad :(.
They implemented usernames to identify people so we could stop using numbers to find each other.
They still use numbers (cell and possibly device/network ids) they say to identify and secure (or so they say).
The idea is without access to your cell phone, nobody’s going to get access to decrypt your data.
Yeah, no, I get & like that, I just somehow specifically (obviously mis-)remember that they did away with phone number as a prerequisite for creating an account (everything still the same, just that the account can’t be reset).
:(
Molly (fork of Signal) allows you to use multiple phones github.com/mollyim/mollyim-android
try to get a Signal account without a phone number. let me know if it works (hint: it won’t work).
You need a number to register, but not to comunicate
Requiring a Sim is not a backdoor and does not enable “spying”. I does allow knowing who is on the platform, who talks to who, when, and probably some more metadata issues. But its not a backdoor
It’s a huge security vulnerability that Signal devs refuse to fix.
Not more than using username and password. Phone number is a security risk be cause you can get Sim swapped. If you have the registration password it’s safe, but a government can request a bypass. However, if you had no phone number and used username and password, governments could still request a bypass
No, phone number is a risk because a phone number uniquely identifies a person. You need a government ID to get a phone number.
Then it’s a privacy issue. Not security
privacy and security are one and the same. you can’t separate them, it makes no sense.
VERY different things.
Bitcoin is secure but not private.
xkcd.com/538/
I’m not really sure what you want to say with that. I always loved that comic although I always thought that my reason for wanting high security is not to be 100% protected from any thread. If you show up with a wrench I’m going to give you my btc seed before you even hit me. But I’ll know. If something has low security. It can happen without my consent and without me knowing
Signal’s fancy E2E encryption doesn’t matter if the government can force you to unlock your phone.
What matters is that everything in Signal is based on a phone numbers. Which means it can be traced back to an individual.
Signal is insecure exactly for this reason.
OK. You do you. The rest of us define security, privacy and anonymity in a whole other way.
If you keep thinking about it, you will keep finding cases where they (all 3) are not the same
This is pure nonsense, as I explained here: lemmy.ml/post/35848526/20978624
Security, privacy and anonymity are the same thing. If you weaken one, you weaken all others.
You are worng. Unquestionably. But you are also unwilling to listen, so there is no need to keep explaining. Bitcoin should be the only argument I need for this since it is perfectly secure while not being private nor really anonymous (bitcoin is pseudonymous, not anonymous). In fact usernames do not add anonymity. They add… What do I call this… Pseudonymity? The difference is important. But you don’t care
I care because Signal is the kind of insecure app that gets people into trouble. I live in Turkey, with an authoritarian government. Security is a very importan topic for us, and Signal is just a sad joke.
What you want is anonymity. Not security.
You say that yet here you are. On a public forum. On a pseudonymous forum where a profile can eventually be built of you. They would beat you to get your Lemmy credentials, but since everything is public, they don’t need you
I’m donde with this conversation. I agree that signal is not for you . but it’s not because it’s insecure
Signal is just an insecure app that gets people into trouble.
Use simplex then. Not quite ready. But better than nothing
Correction . you are not wrong. They are RELATED anonymity increases privacy, and privacy without security doesn’t make sense. But up to a point. You may notice again that you can keep adding security layers on bitcoin (cold wallets and such), but privacy doesn’t change. Because ethey are different
https://github.com/signalapp/Signal-Android/issues/8974
I don’t understand this & need some explanations (I’ve heard about the dev, it’s just USA stuff, much like Telegram mentioned Russian). Where exactly are the backdoors/the encryption compromised?
Sorry mate. I really don’t want to spend time writing exactly what I linked, and then explaining it in another way. English is not my main language, and I don’t want to spend a lot of time on it. I will recommend that you read this link a couple of times, and maybe the other link posted also - they explain it very well.
No worries, it’s not my main (or second) language either, it’s just that no backdoor is explained in that link.
I’m just curious.
Oh, you think that they show you the actual door? They don’t - ever. But read the article again. Do you think that any agency will post millions into an app, where they don’t have a backdoor? The article clearly describes how the privacy part has been weakened.
Isn’t it open source?
In open source projects they indeed do show the backdoor. That’s is one of the key points of open source (along with free-ish terms of use). Closed source projects just say “there aren’t any” without showing anything.
I’ve said many times I’m critical of Signal & ready to switch, but backdoor seems unconfirmed. Even if probable on some level.
I’m sorry to hear that you don’t really get how this works. Do read the article and stop wasting my time here. Thanks.
crazy that no one’s posted the dessalines article yet github.com/dessalines/essays/…/why_not_signal.md
EDIT: just to have it here in case anyone even cares, i put my thoughts on the essay later on in the thread
hi. Do you have any suggestions for an app to replace it?
unfortunately not. matrix is probably a no because of this thread. i hear a lot of people saying briar is good but idk anything about it
Ok. Thanks anyway!
Briar is… Signal if you turned security up to 11. It comes with drawbacks, like if you are offline, you miss messages. You can get around it by using their mailbox, but that brings other issues (Securing a server).
do you know of any good in-depth analyses of its security? every time i decide on a new chat app someone has to point out something that totally ruins it lol
Like this?
www.opentech.fund/…/briar-security-audit/
Or more a techie in-depth review?
I can attest: Briar requires no PII to create an account, operates over the Tor network (Your device becomes an onion service, basically, for chat). And, it integrates with Ripple, an emergency wipe button app (As does signal).
I like it, because you can keep a blog, create forums, group chats, and a few other really cool features. It sucks down your battery life, though (It’s the notifs, and keeping an always-on server running).
i don’t want to make you do my googling for me but if you have anything else just on-hand i’d love to read it. i can’t trust the open tech fund because of its ties to the cia (see this paragraph by dessalines) but i’ll definitely look into briar
I would disregard, at least, that line of thinking. I mean, Tor was heavily funded by the CIA… However, it’s secure. Linux kernel is largely funded by the US government. However, it’s secure.
What dessalines is doing is called “poisoning the well”.
However, I’ll find some more, as I recently was looking into this.
i don’t agree with everything in that essay but the OTF-CIA connection gives me good reason not to read anything they say. not that everything they fund is bad but everything they say is untrustworthy.
maybe more importantly though, is briar android-only? no desktop app?
as a sidenote i just noticed i posted the dessalines essay twice in this thread so i’ll say just for the record i still like signal. the security of the messaging protocol is, according to every cryptographer i’ve read on the topic, the gold standard in the field. it just makes me uncomfortable that a service, especially one centralized around amazon aws, is demanding my phone number. means they can tie my government name to my social graph
Right now signal is the best. I’ve basically tried them al and at least for me, the known good confidentiality of messages is worth the lack of anonymous accounts. All the other options have issues or have not been properly verified / audited.
When simplex is ready, it will be the best by a lot. But right now you might randomly lose contacts and a few different
Right now, for the wider population, it it a heaven sent option compared to Whatsapp, FB messenger etc. Break those bonds first and keep the wheel turning.
With the phone number, no; and since there’s no Signal usage without a phone number, well…. Also, I think somewhere on their website (or some place) they talked about burner phones as if it’s a universal phenomena.
Signal has felt “out of place” to me. Odd. It doesn’t fit in, doesn’t make sense if I think a bit farther about it.
I hope something decentralised comes out of Signal protocol minus the need for a phone number.
You are talking about session. Session is a signal fork, and you don’t need phone number. But there is some concerns about its security as, in order to properly work, it removed some signal features, I’m not qualified enough to understand if it’s truly a security risk or not. But the option to use it is there.
I used it for a couple years, but came back to signal because I had so many issues with media sharing.
SimpleX uses Signal tech AFAIK but without requiring phone number or email address.
https://github.com/signalapp/Signal-Android/issues/8974
I couldn’t find any sources regarding this topic
Since we are on the topic of signal… im not tech saviie but i have read lots of blogs and people about how secure is the signal protocol. My question is … how can i be sure that the protocol is implemented as the open source code shows? Please correct me if im wrong but from what i read on their website the apk they provide has the capability to update itself at anytime. So what stops them to change how it works with an update? is it posible to build the apk yourself and stop the ability to update?
Just like any foss project, there some level of trust if you are going with the main distribution. In theory you are correct that not much is stopping them from releasing a malicious update, but because it is open source, soon enough people would notice that either they released new code that is malicious, or that the new version does not match the source code. That kind of scenario is known as a supply chain attack.
Since the code is open, you can literally read it for yourself to see exactly what the apk does. You can also fork it and modify it however you like, just like the creator of Molly did (Molly is a fork of the Signal client that adds some security features)
It’s a centralized, US-based service running on AWS, that’s not self-hostable, requires phone numbers, and you have no idea what code their server is running.
Whether the app you use for it is open source, is entirely irrelevant for them building social network graphs, considering they have your real identity via phone numbers.
If the answer is “I just trust them”, then you’re not doing security correctly.
It is not as good as a decentralized system, and even though the server is open source, it isn’t self hostable (technically in an intranet you could but not easily)
But the signal foundation is a non profit with external audits and a proven track record with law enforced requesting data and getting basically nothing (If i remember correctly they only have your user to phone number relation and the last time you were online)
So although it is imperfect, it is an amazing solution that is almost the only 1:1 competitor to whatsapp/messenger/imessage that is privacy respecting, so I am very grateful for it’s existence.
100% this, there is matrix, but that was a pain when I used it (this was a few years ago, granted). Signal just works.
What about threema?
Just the fact that it costs means that most people won’t even consider it, making it very hard to recommend.
Since its a centralized server that isn’t self hostable, you have no idea whats running on their server. Signal even went a whole year once without publishing any server back end code updates, until it raised a lot of hackles so they started adding to it again.
You have no idea what they give to authorities: in fact with NSL’s, its illegal for them to tell you. Signal’s response to this is “just trust us”.
Thanks for the explanation!