Sneaky chat app Signal deploys decoy domains to deny despots The latest update of Signal, one of the most well-regarded privacy-focused messaging applications for non-technical users, has just been revised to support a censorship circumvention technique that will make it more useful for people denied privacy by surveillance-oriented regimes. In response to reports that Egypt and the …
Nice bit of advertising--the same press release can be seen, rehashed in one form or another, on many other "tech" websites.
I would like to advise those who might be considering to rely on this product for their IM-based communication needs to do a bit of research on the character behind it and his possible motivations.
This is the same gentleman who gave fake WHOIS registration data a few years ago when setting up a supposed "Google anonymiser" site. And complained when he was shut down by the provider. It may be of interest to note that his current domains are registered under the name of a forfeited Maryland LLC, with their location listed as a commercial address in Arrecife (Canary Islands, Spain).
And the same person who, in response to a bug in the very same (supposedly "secure") application that is being advertised here, which was leaking the plaintext of every message via logcat, instead of a mea culpa, decided to call F-Droid "malware" (no, they did not introduce the bug, it was just reported by an F-Droid user).
And the same person who sold the previous version of this software (called "red phone" or some such, IIRC) to Twitter. Needless to say, not my first choice of provider as a privacy-minded consumer.
And the same person who, while pretending to develop open source (yes, the code is in GitHub), actively discourages everyone from packaging and distributing his shite independently. Or using his servers. Yes, he will say it's perfectly fine to go and build your own copy... knowing full well that this sets the bar sky high for the practical totality of Android users.
The same one who binds this supposedly privacy minded application with Google Cloud Services on some rather unconvincing excuse (push notifications), while choosing to ignore the massive attack surface this exposes, up to the ability to take full control of the user's phone--including replacing the target app (as well as any others) with a trojan. Silently.
It would be interesting to know who pays the developer's salaries, or who is exactly the entity doing business as "Open Whispers Systems", that contributors to the software are supposed to assign copyright to, according to the contributor agreement.
Way too many red flags in there to go with the hype.
That media are so keen to recirculate anything that comes into their hands without a modicum of diligence is, shall we say, less than reassuring. Or it is not misinformation unless we blame the Russians?
PS: If you want proper secure IM from a known and honest developer, take a look at Conversations.im (no, I have no connection to the developer and his software does not rock my boat so I don't use it myself).
"PS: If you want proper secure IM from a known and honest developer, take a look at Conversations.im (no, I have no connection to the developer and his software does not rock my boat so I don't use it myself)."
So how would Conversations handle a State capable of blocking at the domain lookup level, which is outside the TLS envelope and what domain fronting is intended to beat?
> So how would Conversations handle a State capable of blocking at the domain lookup level, which is outside the TLS envelope and what domain fronting is intended to beat?
First, please tell what research have you done, e.g., on Conversations' own support venues? How familiar are you with this product? You may find that even passing familiarity with it should have provided the answers you seek.
By the way, domain fronting is the name given to a technique researched by David Fifield from UC Berkeley and others, as mentioned in the article. It can be applied independently by any sufficiently motivated party (e.g., yourself) and is supported by other tools such as Tor.
When it comes to the money, I think that funding probably comes from two sources. First of all, I think whatsapp is licensing some technology from him, and second, probably the sale of redphone was used in part to finance signal. Just my theory.
As for some of the fishiness, I agree, but I'd argue that you'd still way better off than with any of the big players. Alternatively, chatsecure, conversations.im with an xmpp server in a nice jurisdiction is a nice choice as well.
> The F-Droid thing was that Moxie considered F-Droid's security model wanting when it came to automatic updates because F-Droid holds the certificates instead of the developers as they do with Google Play and this would be a problem if F-Droid gets compromised.
That is more PR spin from the developer.
For a start, if a signing key gets compromised, it is a problem regardless of who is holding it. What evidence does he have that his secret-keeping efforts are better than F-Droid's or anyone else's? And then, why not just set up his own F-Droid compatible repo if he's that concerned about that? Why involve another party such as Google, not exactly a beacon of privacy, in the chain?
Again, we dislike "Anonymous Cowards" here (well, obviously not me, but I'm in the minority), yet a "privacy" application provided with no accountability whatsoever is somehow fine? At least we know full well who the chaps behind F-Droid are and can make up our own minds as to whether they are deserving of our trust and support.
"That is more PR spin from the developer."
How is a signing key being compromised PR spin?
It'd be a major security issue if fake versions of the Signal app were in the repository - it's easier to say 'no official version of Signal will be released outwith the Google Play Store so, if you see one, don't trust it'.
F-Droid isn't official and Open Whisper Systems can't verify the developers' provenance unlike Google who at least put their company name behind their store.
"What evidence does he have that his secret-keeping efforts are better than F-Droid's or anyone else's?"
You can trust yourself, not others.
"Why involve another party such as Google, not exactly a beacon of privacy, in the chain?"
Perhaps because they're the official repository installed on all official versions of Android.
Google also have a lot to lose if they get caught compromising the privacy of their users.
I would like to advise those who might be considering to rely on this product for their IM-based communication needs to do a bit of research on the character behind it and his possible motivations.
At least we can research Moxie Marlinspike, unlike someone posting as Anonymous Coward. Anonymous smears are usually a sign of someone acting in bad faith.
> At least we can research Moxie Marlinspike,
Please go ahead and enlighten us. There are a number of unanswered questions elsewhere in this thread. Can you answer those?
> unlike someone posting as Anonymous Coward. Anonymous smears are usually a sign of someone acting in bad faith.
And your basis for saying that would be? Again, please go ahead and enlighten us.
"PS: If you want proper secure IM from a known and honest developer, take a look at Conversations.im (no, I have no connection to the developer and his software does not rock my boat so I don't use it myself)."
Or do what I do and set up your own XMPP server (there are plenty of options available) on a VM somewhere you trust with a provider you trust, and then use the conversations app to communicate with that server. In my case I use my own X500 certicate on the XMPP sever for TLS protected comms and OTR for end to end encryption between parties.
It works. It's cheap. I manage it. I trust it.
Instead of spreading FUD take a look at the application, decompile it and try to understand how it works. It's an extremely secure messaging app built by somebody who is genuinely helping others.
Signal has been independently verified by experts as being secure https://t.co/cqh9WULm6C
"This is the same gentleman who gave fake WHOIS registration data a few years ago when setting up a supposed "Google anonymiser" site."
Does it matter if he provided fake WHOIS data in the past? (If that's even true)
There may have been an extremely good reason which we're not privy to. If it was a anonymiser site then I don't blame him.
"And the same person who sold the previous version of this software"
Does it matter if he sold his old company? People are entitled to make money you know.
"And the same person who, while pretending to develop open source"
Open source means that the source code is available for anybody to look at. He publishes the source code ergo IT IS open source.
"Or using his servers. Yes, he will say it's perfectly fine to go and build your own copy... knowing full well that this sets the bar sky high for the practical totality of Android users."
Why should he open THEIR servers to any idiot who wants to design a crypto app and probably gets all sorts of things wrong in the process? He's not stupid; non-experts designing 'secure' software ARE. Also the use of a server costs them money. Why should he fund it? Why should he put their servers at risk?
"The same one who binds this supposedly privacy minded application with Google Cloud Services on some rather unconvincing excuse (push notifications), while choosing to ignore the massive attack surface this exposes"
You clearly don't understand the technology and there is no massive attack surface. Nor do the independent experts agree with you. As the Signal developers say, and this is true,: "Google Cloud Messaging (GCM) is an empty notification for the app to wake up and connect to the server. Nothing is actually transmitted via GCM."
Neither Google or Signal can read your messages.
Come back with some convincing evidence and discredit the independent expert analysis and then I'll take you seriously.
> Does it matter if he provided fake WHOIS data in the past? (If that's even true)
There is an article on this very site, easy to find with a simple Google search. And yes, it does matter.
> Google Cloud Services [....]
> Nor do the independent experts agree with you.
The paper that you have linked deals with the key exchange protocol. It is not an assessment of the application itself. There is at least one other paper which does take the context into account.
> Come back with some convincing evidence and discredit the independent expert analysis and then I'll take you seriously.
I would say it is a case of caveat emptor. If you are a user with a genuine need for confidentiality, you will want to do your own diligence before relying on a product which, if it turns out not to live up to its promise, could easily get you in trouble.
If on the other hand, you are a casual user who finds it hip to use (affordably, of course) encryption because the cool guys are doing it, and at the same time you have Twitter, Facebook, Instagram, Google, and Microsoft accounts, then it doesn't really matter one way or another.
Buyer beware on a free product?
Most of the post is a smear on Moxie rather than the product and it's domain tricks to avoid blocking by governments.
This Moxie chap has a known history for supporting privacy and being anti-censorship and I would trust him over some AC with an obvious grudge.
Ir is that post NSA/GCHQ pysops in action? Now wheres my shiny hat....
To block Signal messages, these countries would also have to block all of google.com.
I think Signal underestimate how much control these places want over their populaces, and I'm sure other search engines would be more than happy to take up the slack, and probably offer some "under the counter" services Google won't.
> I think Signal underestimate how much control these places want over their populaces
Indeed. Outside the USA, not many of us use google.com. If the authorities block google.com, would users still be able to reach google.com.eg? Signal developers may have bought into the 'Google is the Internet' idea.
I've played enough Tropico to be an awesome dictator (and if anyone disagrees, come visit me at my special pub down town with no customers). So as an awesome dictator, why wouldn't I just block HTTPS requests being sent out by default? We're not exactly talking about regimes that would be happy that their peoples are encrypting traffic so the best solution is to block HTTPS and blame it on western capitalists. El Presidente agrees with this post.
Does Signal allow you to create an account -without- having to register a phone number with it? No? Then what fucking point is it using it in despotic regimes when, to get a list of all the activists and dissidents, all a regime has to do is demand the local telco hand over a list of all the numbers that got a text message starting "Your Signal verification code is..."
And it's not like the community isn't crying out for an ANONYMOUS and SECURE messenger, like Telegram, Whatsapp, Facebook and Signal aren't.
Secure communication is a problem. It's less of a problem if the parties communicating can communicate safely and securely in advance to agree their protocols, and when they have a limited number of messages that they may want to transmit. Then you can use the good old system of odd phrases which mean something different - but not coded. Basically you can then post messages publicly, like in the old Times Personal Column.
e.g. Sammy Snowfish: the rhubard grows well this month.
Which the recipient knows means that the operation will start on time, as planned.
Peterkin Rabbit: send 15kg of anthracite to usual address at once
Operation will start at 7.30am against alternate target.
But then there's what I've always called the First Contact Problem: the part where you meet for the first time to establish those protocols. You never know if Alice, Bob, or Trent are actually Gene in disguise. Plus, the wider the amount of information you have to be able to communicate (such as changes in plans or minutiae), the more elaborate the language you have to use, which runs the risk of it standing out enough for the plods to realize it's a code.
> Without a destination, you can't send a letter
That is a straw man. There is zero need for the (effectively, single) provider to a) know your phone number (assuming you have one in the first place, an assumption which doesn't hold when the stakes are high enough), and b) get another party involved, with massive business interests which may (even legitimately in some cases) take precedence over protecting a consumer's privacy or anonymity.
That is a massively risky (for the user, of course) threat model to go with, especially with the thing being hyped as fit for use against "State-level actors".
All this is apart from the fact that a casual inspection of this software's development history reveals a number of amateur holes that none with a formal background in systems design should have caused.
No, it's a real problem with communications. How can you be sure your message reaches its destination without knowing the destination to some degree? Even posting on a public board may not be effective if you use the wrong board (as in, one the target never sees: you post in the London Times when your target is really in Rome).
I will agree with you that the program in question doesn't draw a lot of trust. But then again, neither does anything else. A paranoid State, properly equipped and aware, can probably cut clandestine communication down to the merest crawl, and at that pace, the State has more time to infiltrate subversive groups.
> No, it's a real problem with communications. How can you be sure your message reaches its destination without knowing the destination to some degree?
I think the comment above argues that a destination may be identified without needing to disclose a phone number, as in your example of using a public board?
The obvious way for authorities to disable or access telegram is via the telco.
Intercept the SMS for the number. Register an account (out of hours so the notification isn't noticed immediately, copy everything and delete any notifications. (This wouldn't give secret messages or any that have been deleted.)
You could log out other phones, or close the account.
Similar should apply for any system reliant of SMS or phone messages.
"Intercept the SMS for the number. Register an account (out of hours so the notification isn't noticed immediately, copy everything and delete any notifications. (This wouldn't give secret messages or any that have been deleted.)"
You don't fully understand how Telegram works then.
Telegram supports 2SV.
What this means is that you can set up a password which is required IN ADDITION to the code you receive via SMS. When you go to register a new device, activate your computer, use your tablet etc. it will first prompt you for your SMS verification code AND then your password.
If you don't know the password that's it, you can't get anything (whether they be normal messages OR secret messages).
You can even set it so that there's no recovery mechanism for your password.
https://telegram.org/blog/sessions-and-2-step-verification
Problem solved.
"Use a fake number.
Use a VOIP number.
Use your imagination."
They can call back the number to verify it (so no fakes, that's how Craigslist checks telephone numbers) and can probably tell if a given number is VoIP and check the circumstances to be sure it isn't a throwaway.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
