back to article What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal

It's not just the European Union the UK's ruling party wishes to leave. According to the Guardian, the recently victorious Conservative party is switching from WhatsApp to Signal, in order to accommodate its new influx of MPs. Unlike WhatsApp, which has a hard limit of 256 members for a group, Signal supports an unlimited …

  1. Jason Bloomberg Silver badge
    Big Brother

    "Tinge of irony"

    There is a tinge of irony in politicians adopting an encrypted messaging system like Signal.

    I think the phrase you may have been looking for is "a massive dose of hypocrisy".

    1. TimMaher Bronze badge
      Facepalm

      Re: "Tinge of irony"

      Somebody downvoted you for that @Jason.

      Perhaps their sausage like finger hit the wrong arrow?

      Strange.

      1. Jeffrey Nonken

        Re: "Tinge of irony"

        Two downvotes now.

        Perhaps they thought he didn't go far enough? I know I think that, but I gave him an upvote.

        1. GnuTzu Silver badge
          Thumb Up

          Re: "Tinge of irony"

          I for one appreciate when a comment is left to explain the reasoning for a down vote. But, maybe some just like banging at the button. Though, I do have this paranoid suspicion that there are paid political trolls trying to incite divisiveness on all the topics involving government or Microsoft. Can anyone confirm or deny my suspicions? Or, will the trolls just down-vote this too?

          1. truetalk

            Re: "Tinge of irony"

            Or, will the trolls just down-vote this too?

            By saying the above, you just asked to be down-voted. Instead of trying to think of some logical reason, sometimes there isn't one, I think the word 'mischief' sums it up. Yes some people just like to do the opposite of what you would expect..because... Isn't that a great thing though, having the choice to not conform to the majorities will.

            1. GnuTzu Silver badge
              Thumb Up

              Re: "Tinge of irony"

              @truetalk: It's currently at 23 up, 9 down. Whichever way you voted, if at all, your comment is civil and constructive. And, to be clear, I welcome civil discourse in a space like this and do not expect herd mentality. As such, I only down vote when I think something employs misinformation or flawed reasoning. Note that at this point, no one has provided any specific explanation for a particular down vote. I will simply continue to be curious about this. Thank you for the comment.

          2. Wayland Bronze badge

            Re: "Tinge of irony"

            I think your down votes mean you are being called a raving tinfoil hatter. So yes, probably gov trolls.

            1. GnuTzu Silver badge
              Pint

              Re: "Tinge of irony"

              Agreed, though many of us hear are paid to be tinfoil hatters.

              1. GnuTzu Silver badge

                Re: "Tinge of irony"

                Dang, homonym typo, and a pathetic one at that. How the hell did I miss that one?

                1. Kiwi Silver badge
                  Pint

                  Re: "Tinge of irony"

                  How the hell did I miss that one?

                  The lack of a Pavlovian red squiggle? :)

        2. HildyJ Silver badge

          Re: "Tinge of irony"

          I agree it doesn't go far enough . It's not hypocrisy , it's the concept of one rule for the masters and a different rule for the rest of us.

          As for the votes, obviously, El Reg has two party members downvoting any disparagement of Mini-Trump's actions.

      2. Jason Bloomberg Silver badge

        Re: "Tinge of irony"

        Somebody downvoted you for that @Jason.

        And within seconds of me posting. I was quite surprised. I'd also like to know how it's not hypocrisy but I'm not going to let it ruin my Christmas.

        1. NeilPost Bronze badge

          Re: "Tinge of irony"

          Putin’s Western Political Shit Stirring Bots are still on DefCon1.

    2. GnuTzu Silver badge
      Thumb Up

      Re: "Tinge of irony"

      Or "do as we say, not as we do". (And, who the hell down-voted you; your point is definitively spot on.)

      1. Rimpel

        Re: "Tinge of irony"

        Labours policy on encryption: 'For the few not the many'

    3. Teiwaz Silver badge

      Re: "Tinge of irony"

      I've seen very little evidence that politicians even know what hypocrisy is.

      So I fully expect another salvo fired off in the general direction of 'encryption bad' any time in the new year, if not sooner from some senior security bod or the current H.O.M

      1. Yet Another Anonymous coward Silver badge

        Re: "Tinge of irony"

        To be fair they did claim that encryption was used by criminals, terrorists and pedophiles so westminster shouldn't be a surprise

        (my phone auto corrected westminster as Westmoreland! Does it know something?)

    4. Anonymous Coward
      Anonymous Coward

      Re: "Tinge of irony"

      now, what's wrong with hypocrisy? Whole political system runs on hypocracy, backtabbing, broken promises, etc. :(

  2. Anonymous Coward
    Anonymous Coward

    Having to switch due to the number of participants.

    At this rate Labour will be back to a piece of string and two cardboard cups (recyclable of course) by the 2030.

    I jest - but seriously, these days any political party should just assuming these messages will be leaked.

    1. Will Godfrey Silver badge
      Facepalm

      Re: Having to switch due to the number of participants.

      Indeed. It doesn't matter how secure the hardware is, in these situations it's the wetware that leaks.

      1. Rich 11 Silver badge

        Re: Having to switch due to the number of participants.

        Good Lord! Are you saying we can't trust our elected representatives? *shakes head sadly*

        1. Chris G Silver badge

          Re: Having to switch due to the number of participants.

          Of course we can trust our elected representatives.

          We can trust them to have been nowhere near the integrity line when it was being handed out.

      2. Wayland Bronze badge

        Re: Having to switch due to the number of participants.

        All it takes to spy on these private conversations is an invisible member. The creators of the software can easily pop an invisible person in the group automatically when it's created. They can then log the whole conversation. When you think about the business model then that's obvious they are doing so. It's the Jeffry Epstein business model.

    2. GnuTzu Silver badge

      Re: Having to switch due to the number of participants.

      Yet, does it really matter what gets leaked when these days all you have to say is it was all "perfect."

      1. Anonymous Coward
        Anonymous Coward

        Re: Having to switch due to the number of participants.

        Or claim the Russians leaked it so it isn’t true. (Even when one of your own ministers has admitted it is)

    3. Velv
      Coat

      Re: Having to switch due to the number of participants.

      Bernard Woolley: “That's one of those irregular verbs, isn't it? I give confidential security briefings. You leak. He has been charged under section 2a of the Official Secrets Act.”

    4. Dan 55 Silver badge
      Black Helicopters

      Re: Having to switch due to the number of participants.

      "Having to switch due to the number of participants" is what they want you to think. They obviously know what changes are coming down the line for WhatsApp.

  3. thosrtanner
    Paris Hilton

    Ref: "Unfortunately, Signal doesn't allow group moderators to block individuals from taking screenshots, which would frustrate the process of leaking a conversation to the press."

    I doubt there's *any* app that can stop you whipping out your camera and taking a screenshot that way.

    1. Rich 11 Silver badge

      In the very first episode of Gerry Anderson's ThunderBirds, Scott Tracy reacts to a indicator flashing in Thunderbird 1 which is warning that the top-secret rocket ship is being filmed, and responds by melting the film in the camera.

      I expect this is another promised development which has gone the way of the jet pack and the monkey butler.

      1. Dr_N Silver badge

        Sajid Javid probably nixed it when he was HomeSec.

      2. Wayland Bronze badge

        I friend of the family was in Burma when Obama visited. He was due to drive past their apartment building. People were outside waiting for his motorcade. They were using iPhones and tablets to take photos. Unfortunately they had trouble getting them to take pictures at that moment. The family friend was unable to take a photo and could see other people struggling.

    2. GlenP Silver badge

      We discussed this at work and came to exactly that conclusion. There comes a point at which you have to trust people with the information to do their jobs, all you can do is make it difficult for them to take bulk copies.

      1. James 139

        Surely the answer is watermarking.

        Whilst you may have difficulty preventing people doing something, you can, more easily, do things that expose the individual responsible.

        1. Anonymous Coward
          Anonymous Coward

          Surely the answer is watermarking

          You know one of the first things that was developed with a noddy neural network and some spare time ?

          A mechanism for subtly refactoring English into several semantically identical, but subtly different texts. Think of a precis but instead of summarising, you simply reword, with appropriate punctuation.

          The idea being that you feed in your "memo" and then issue the unique outputs to your staff. If one gets leaked, you damn well know the point of origin.

          It also had a happy side effect of alerting the sender to any unauthorised collaborations, should a recipient be thick enough (and they were) to comment that they appeared to have a different copy.

          It was taken far enough to validate it worked, and then it was made *very* clear that it was not at all suitable for modern politics.

          1. Vegemite Sandwich

            Re: Surely the answer is watermarking

            So, a Canary Trap.

            https://en.wikipedia.org/wiki/Canary_trap

          2. Natasha Live

            Re: Surely the answer is watermarking

            You should do what Genius did to Google. It’s fantastic. https://www.lawsociety.ie/gazette/top-stories/its-a-rap--embedded-watermark-catches-google-red-handed/

          3. Jonathan Richards 1

            Re: Surely the answer is watermarking

            So, with a little effort I too can run the incriminating text which may or may not have yellow feathers [1] through a noddy neural network before forwarding it to the leakhole of my choice? Do you have a spec. for this NN, please?

            Actually, one's natural language skills should be good enough to do such refactoring, it's probably quicker and less likely subtly to alter the meaning of the message.

            [1] Canary, as in the unfortunate birds used to warn of low oxygen/high CO levels dahn t'pit.

            1. Anonymous Coward
              Anonymous Coward

              Re: Surely the answer is watermarking

              You are perhaps in a maze of little twisty passages...

            2. Anonymous Coward
              Anonymous Coward

              Do you have a spec. for this NN, please?

              https://tinyurl.com/nmnsrd4

          4. Roland6 Silver badge

            Re: Surely the answer is watermarking

            >It also had a happy side effect of alerting the sender to any unauthorised collaborations

            Definitely can't have (Conservative) MP'ssheep actually talking to each other, they might gang up and get the 1922 Committee to do something like demand a Referendum...

          5. tfb Silver badge
            Big Brother

            Re: Surely the answer is watermarking

            The idea being that you feed in your "memo" and then issue the unique outputs to your staff. If one gets leaked, you damn well know the point of origin.

            Well, unless the leaker is smart enough to run the thing they want to leak through a similar system.

    3. Anonymous Coward
      Anonymous Coward

      app that can stop you whipping out your camera and taking a screenshot

      a poser: how do you whip out your camera, when it's sitting just above that screen with a message you want to leak.

      1. 's water music

        Re: app that can stop you whipping out your camera and taking a screenshot

        a poser: how do you whip out your camera, when it's sitting just above that screen with a message you want to leak.

        Contribute to my kickstarter for the 'leaker's friend' mirror frame product?

      2. Anonymous Coward
        Anonymous Coward

        Re: app that can stop you whipping out your camera and taking a screenshot

        a poser: how do you whip out your camera, when it's sitting just above that screen with a message you want to leak.

        A mirror and gimp with the camera on a 10 sec timer.

    4. tfb Silver badge
      Big Brother

      Well, Signal has a desktop app, doesn't it? And that app has access to the plain text of your messages. And it's open source: you can build it & run it. You can build & run modified versions of it: versions which, perhaps, log that plain text to a file.

      Not that I have done this, you understand.

      1. Robert Carnegie Silver badge

        Are the product's certificates open source as well?

    5. chroot

      Actually, there are apps, such as R2Mail2, in which you cannot make screenshots using the Android feature.

      Whipping out a camera is another deal, of course.

  4. Chris Hills

    No, silly

    It's one rule for them and one rule for us!

    1. iron Silver badge

      Re: No, silly

      And, one rule to ring them all!?!

      1. Aladdin Sane Silver badge

        Re: No, silly

        So we've all been deceived?

  5. Doctor Syntax Silver badge

    "Do as I say, not as I do"

  6. codejunky Silver badge

    Ha

    Maybe they will start to see how important it is? Naa I dont hold much hope either

    1. Mad Chaz

      Re: Ha

      Naaa. It's like with robocalls. They'd make an exception so the politicians can still get the full encryption. For 'national security' reasons, of course.

      1. Velv
        Big Brother

        Re: Ha

        Exemptions! You can register with the Telephone Preference Service (TPS) in an attempt to decline Marketing calls (and any sensible Marketing company would comply), however Political Parties are exempt and don’t need to check the list to see if you’re interested in their “marketing”. Politics at its best.

  7. Anonymous Coward
    Anonymous Coward

    Screen Shots

    "Unfortunately, Signal doesn't allow group moderators to block individuals from taking screenshots, which would frustrate the process of leaking a conversation to the press."

    A good camera can unfrustrate the problem of blocked screen shots.

  8. Jeffrey Nonken

    And both apps are based on the same app: Signal!*

    Another advantage to Signal: It's not owned by Facebook. You know, the company whose entire raison d'être is to sell as much info about you as it can?

    *OK, yes, I know. They both actually use Signal's e2e encryption protocol, which isn't quite the same thing. I'm just being snarky.

    ** https://www.wired.com/story/ditch-all-those-other-messaging-apps-heres-why-you-should-use-signal/

    1. Venerable and Fragrant Wind of Change Bronze badge

      By whom is it owned? And who might be likely to buy it (I'd guess an announcement like this adds value)?

      I wouldn't see ownership per se as an issue.

      1. DuncanLarge Silver badge

        Signal is owned by Signal and the people of tge world as it is licensed under the GPL 3.0 and all sources are available from here: https://github.com/signalapp

        Better than the proprietary FB messenger any day. Plus if someone comes along and buys it, then tries to do bad things with it, we can all just take back control by forking it.

        1. Venerable and Fragrant Wind of Change Bronze badge

          That doesn't answer the question. GPL companies can be bought, and a buyer can do things to make it distinctly unrewarding for a third-party to pick up development.

          Signal getting bought out seems entirely plausible. A buyer hostile to its GPL heritage is less likely, but I wouldn't care to rule it out.

          But yes, of course GPL is better than closed source. No argument there.

          1. EnviableOne Silver badge

            Moxie Marlinspike made that mistake before, he's not making it again.

            Signal LLC and Signal Systems are owned by him and Brad Acton, who sold whatsApp to the zuckerborg, and he's not making that mistake again either.

    2. Anonymous Coward
      Anonymous Coward

      Any thoughts on wickr.me ?

  9. Jim-234

    Blocking screenshots, probably the most useless feel good security measure ever.

    As the poster a bit above me also noted.

    The part in the article "Unfortunately, Signal doesn't allow group moderators to block individuals from taking screenshots, which would frustrate the process of leaking a conversation to the press." is kind of laughably stupid... What self respecting leaker doesn't have at least one burner phone that can take pictures of the screen on another phone? I mean you do use a separate phone for the leaking stuff to others right?

  10. herman Silver badge

    Well, both Signal and Watsup are broken by the UAE gov. so they must both be doing something right...

  11. razorfishsl Silver badge

    Unfortunately, Signal doesn't allow group moderators to block individuals from taking screenshots, which would frustrate the process of leaking a conversation to the press.

    Completely nonsense functionality.........

    just use an external camera on the phone screen........ that is how useful that function is....

    1. commonsense

      The feature also prevents a nefarious app recording or screenshotting what you are doing without you being aware, which is a more useful function.

  12. DuncanLarge Silver badge

    about bloody time!

    I've been using Signal for years.

    Way before WhatsApp copied Signals encryption protocol, the Signal Protocol.

  13. NonSSL-Login
    Big Brother

    Not encrypted whatsapp backups

    How has the IT security guy allowed them to continue to use whatsapp all this time knowing that while it has E2E encryption, it makes backups of your chats unencrypted on google servers?

    It only needs one person in a group to enable backups form the constant nags and E2E encryption doesnt matter as its sitting on googles servers for various alphabet agencies to access, even those not supposed to access it.

    Consider nothing said on whatsapp as safe since they added this front door in to your messages. I only wonder what politicians could have said that other countries could have used as intelligence to their advantage.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not encrypted whatsapp backups

      "Alphabet agencies": the penny drops; all that time the real reason for GRUgle's holding company's change of name had been hiding in plain sight, and I somehow just hadn't noticed!

    2. Aodhhan

      Re: Not encrypted whatsapp backups

      This isn't shocking to most IT professionals. Most of the government's in the west didn't start getting serious about systems security until a few years ago. While the defense/intel departments started locking things down in 2007 and then even tighter after Snowden leaks, the rest of the govt's spent money on everything but. This includes personnel with talent and understanding on encryption.

      When it comes to communication applications, the underlying routines are all similar. Most of the code is out on the Internet for anyone to use. When it comes to encryption, none of them create their own protocols or cipher suites. They use what's available. This comes down to someone who understands which cipher suites are secure, and which are not-so-secure.

      ...and for those out there who think FIPS 140 cipher suites are unbreakable, you need to think again. FIPS 140 only approves cipher suites up to and including the "SECRET" classification level (by US DOD definition). So they may or may not be good for TS/SCI classification level. There is a different publication for the cipher suites usable for higher classifications.

  14. Claverhouse Silver badge
    Linux

    All These Cameras Photographing Cameras...

    I don't even have a smartphone, but wouldn't they have native and app Screen Capture utilities, like Spectacle on Linux, or KSnaphot, anyway ?

    No need to photo anything.

    .

    .

    Obviously other OSs have snapshooting: crude as it may be for Apple:

    On macOS, a user can take a screenshot of an entire screen by pressing ⌘ Cmd+⇧ Shift+3, or of a chosen area of the screen by ⌘ Cmd+⇧ Shift+4. This screenshot is saved to the user's desktop, with one PNG file per attached monitor

    Wiki Screenshot"

    1. Kiwi Silver badge
      Pint

      Re: All These Cameras Photographing Cameras...

      with one PNG file per attached monitor

      I've quite liked the very basic tool that comes with Mate, but that's one thing I think I'd appreciate it having (and it probably has a setting there anyway that I've never bothered/thought to look for)

    2. Richard 12 Silver badge

      Re: All These Cameras Photographing Cameras...

      Android does, on hard keys.

      It's usually either Power + Home or Power + Volume Down.

      However, it is possible for an app (or GUI element) to tell the OS that it would prefer not to be involved in screenshots.

      This is really useful on desktop OS because it's easy to forget that you've got Sekrit Fing half-visible when taking a screenshot of Public Thing, and it's nice if it automatically hides itself.

      It's not security though. It's only a defence against accidental screenshots, not intentional ones.

  15. Anonymous Coward
    Anonymous Coward

    I see no conflict here...

    ...given the argument for backdooring e2e has always been that to make sure Law Enforcement (TM) have got access and there is pretty much zero chance of an online group of hundreds of politicians not containing at least one either willing collaborator of The Services or someone who could easily be, ahem, convinced to help.

    I'll get my coat.

  16. To Mars in Man Bras!
    Paris Hilton

    Signal vs. Others

    I can't find the source now but I thought I read somewhere a while back that 'those in the know about these things' didn't rate Signal too highly from a security standpoint, as it uses a "roll your own" encryption algo —which is generally considered to be a silly idea.

    Same half-remembered source led me to using Wire [wire.com] when looking for an encrypted messenger as being: 1: Swiss based, 2: Uses tried & tested encryption algos, 3: Also open source

    I'm not saying Wire is perfect [the mobile apps, especially, have bugs which have persisted for years] but it's pretty usable. I'm just wondering if Signal would have been a better choice?

    1. Anonymous Coward
      Anonymous Coward

      Re: Signal vs. Others

      You might be getting confused with Telegram, which does have its own home-baked, and apparently somewhat half-baked, crypto system?

      Crypto is indeed hard to get right, and we are all better off using systems which have been peer-reviewed by experts in the field and proven(?) to be robust.

      Signal's Moxie Marlinspike is reputedly well respected for his cryptography and security knowledge, but, given the subject and what is potentially at stake, there's always that small nagging doubt that potentially a double-bluff is being played, and that that's what They want you to think...?

    2. Charlie Clark Silver badge

      Re: Signal vs. Others

      Signal is acknowledged to have the best encryption protocol, which is why it has been adopted by WhatApp, Google and others. Unfortunately, partly because of the quality of the encryption, group management has traditionally been difficult as groups are essentially a series of individual chats. This is due to change soon as a now have a way to secure accounts with even less metadata. Both articles of full of technical detail but worth reading if you're interested in the kind of problems they're looking to solve and the solutions they've come up with.

      Wire is okay but suffering from having no real USP. Threema, also based in Switzerland, offers stuff for businesses.

      But for basic group, particularly when you want this to be public, and chat stuff Telegram is about the best, especially as WhatsApp is soon due to start including advertising.

    3. Cavehomme_

      The wrong Swiss!

      "Swiss headquarters, EU servers". That's where wire has gone wrong.

      Threema is totally Swiss, been around a few years:

      https://threema.ch/en

      "What does the name “Threema” stand for?

      Threema started life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.

  17. chivo243 Silver badge

    which would frustrate the process of leaking a conversation to the press.

    Really? Another phone with a decent camera will get around that. What about mobile screen recording? Is that a thing? Let me look...

    for the fruit users Go to the Photos app and select your screen recording. Some apps may not allow you to record audio.

    and for our droid users

    https://www.wondershare.com/screen-recorder/free-android-screen-recording-app.html

  18. Screwed
    Joke

    Donate?

    Just wondering how many of these politcal types will express their appreciation of Signal by making donations?

    Signal Technology Foundation is an independent 501c3 nonprofit. The team at Signal is committed to the mission of developing open source privacy technology that protects free expression and enables secure global communication. Your contribution fuels this cause. No advertisements. No trackers. No kidding.

    Your donation helps pay for the servers, bandwidth, and continued development of an app that is used by millions of people every day for secure, free, and instantaneous communication anywhere in the world.

    Please make a donation today

    https://signal.org/donate/

  19. Danny Boyd

    George Orwell here

    All animals are equal but some are more equal than the others.

  20. Aodhhan
    Thumb Down

    Snowden endorsement

    This is laughable.

    Snowden needed assistance (from J. Assange) on how to use a data scraper, keystroke recorder (to steal credentials) as well as other simple hacking tools.

    Snowden isn't some fantastic hacker and definitely not a computer engineer. He was a below average consultant working for a defense contractor. Which means, you need some computer training and a security clearance to get the job. No need to handle responsibility, just an ability to follow written directions.

    He's not exactly someone I'd count on to provide advice or an endorsement for anything regarding encryption.

    Now, if I needed advice on how to run like a beotch--coward, then he's the one to seek out.

    1. NonSSL-Login
      Thumb Down

      Re: Snowden endorsement

      Despite the fact we know he worked with the NSA's hacking department, TAO, and various contractors in a technical and engineer roll so obviously knows his stuff....his endorsement is probably not related to his skills/lack of skills on cryptography.

      What he brings to the table is knowledge of the x-keyscore database and data retrieval system. Knowing what data they can and cannot slurp up as well as knowing what protocols/algorithms/encryptions cause the NSA problems (at least up until the end of his time there) so can make informed recommendations based on that alone.

      Hate can blind you to the obvious.

  21. Drew Scriver Silver badge

    Quod licet Iovi, non licet bovi.

  22. Fr. Ted Crilly
    Facepalm

    oh dear Signal...

    Shurley a coincidence

    https://en.wikipedia.org/wiki/Signal_(magazine)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020