
I don't trust Signal (2018) - geophertz
https://drewdevault.com/2018/08/08/Signal.html
======
daneel_w
I trust Signal's end-to-end encryption promise, but I have a problem with the
application not offering anonymity or privacy. By demanding users to provide a
cell phone number to enable their accounts, they are connecting actual people
to the Signal accounts and consequently also allowing them (or someone else)
to visualize social networks; in intelligence gathering, data such as who
speaks to whom, at what hours, with what message frequency etc. is highly
valuable. It's also important that users ask themselves how Signal manages to
finance all the SMS costs and the infrastructure when the application is
gratis and free from ads.

~~~
tptacek
The exact opposite privacy thing is happening with Signal. They use your phone
number because your phone links it to your contacts, which Signal uses as its
"buddy list". By repurposing your contacts as a buddy list, Signal avoids
storing any of that information itself. Virtually every other competing
service stores a plaintext buddy list serverside, where it can be subpoena'd
and NSL'd. The data in that buddy list is of equal value to state-level
adversaries as the contents of the messages themselves.

I think --- I have no special knowledge here --- that nobody wants to do away
with phone numbers more than Signal itself. That's what the "secure value
storage" drama is about: using SGX to optionally vouchsafe an encrypted
contact database, which would allow Signal to operate with opaque identifiers
rather than contacts.

~~~
daneel_w
Applications can request access to the contact list at any time. They don't
need to incorporate some sort of "ask for a phone number to send an SMS to"
functionality to enable this. Additionally, there's nothing preventing them
letting users confirm accounts by e-mail instead of SMS.

~~~
tptacek
The Signal project itself has repeatedly explained why they use phone number
identifiers, which are the most controversial feature of the platform. I'm not
misunderstanding them.

------
Pick-A-Hill2019
Original from 2018, 467 comments
[https://news.ycombinator.com/item?id=17723973](https://news.ycombinator.com/item?id=17723973).
Not commenting as snark (reposts are ok after all) more to save Dang digging
out the link and also to see how many more or less duplicate sentiment
comments are made and / or how perceptions have changed.

~~~
ColanR
I thought that first comment had some inappropriately personal things to say
about ddvault and his article. It also seemed like they didn't really respond
with substance to the what the article said.

~~~
tptacek
What substance in the article did I miss? Unlike the author, I stand by what I
wrote originally.

I'll note the irony of calling my critique overly personalized, when the
original article is based on the logic that Moxie's disagreement with
DeVault's opinion about F-Droid --- a controversy that is meaningful to less
than 1% of Signal's Android user base --- implies inexorably that Moxie is
untrustworthy and disingenuous.

------
jszymborski
I love Mr. DeVault's work, and think he consistently shows integrity in his
work, to say nothing of his incredible productivity and engineering.

That said, in my time following his blog and Mastodon toots, he's prone to
making these hot-takes that take down successful projects that do a lot of
public good, but don't tick every check. His repeated criticism of Mozilla is
a good example of this.

It often feels like cutting off ones nose to spite the face. Without the
Mozillas and OpenWhispers of this world, we've no hope for the DeVaults which
create incredible feats of engineering that tick all the ideal boxes but lack
some of the creature comforts (e.g. sr.ht, wayland, etc..)

I'm optimistic for the future, and the projects started by Moxie and DeVault
are a large part of it.

~~~
ddevault
I appreciate your feedback, and I try to be more balanced with this kind of
article these days, and publish them less often. However, I'd like to point
out that I've always strived to find other resolutions to these problems first
- I spoke with Moxie and others involved in Signal at length before writing
this article, and only wrote this as a last resort. With organizations like
Mozilla, I have also spoken directly to some of those responsible, though it's
more difficult with a larger organization, and waited until a long-term
pattern of bad behavior had been established. I make these criticisms because
I want them to live up to the ideals they proclaim - it's with the hope that
they'll change for the better.

~~~
jszymborski
I'm sorry you're getting downvoted. Though I disagree with some of your
stances on OWS and Mozilla, your articles are always thoughtful and there is
never a doubt you're earnestly fighting for a better world w.r.t software.

~~~
Shared404
I've been seeing him get downvoted frequently, often for well written and
thought out comments. I suspect there is a non-negligible number of people who
just vote based on username.

~~~
rlwinm
Do you have any examples of well-written and thoughtful comments by ddevault
that were downvoted?

Many of the comments I see from him violate the guidelines at
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

Many of his blog posts (4 out of the last 5 submissions from drewdevault.com)
are ill-informed and angry rants about a technology or company. These
discussions generate a lot of heat but little light; it’s not surprising that
they are downvoted.

~~~
Shared404
>Many of the comments I see from him violate the guidelines at
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

Having gone back and re-read many, I have to agree about most of the downvoted
items though not all. I do agree with most of them though, so that's why I
felt this way.

That being said, most of the comments I saw that could be considered to be
breaking the guidelines do have substantial content, but are ended
with/include non-negligible snark.

> Many of his blog posts (4 out of the last 5 submissions from
> drewdevault.com) are ill-informed and angry rants about a technology or
> company. These discussions generate a lot of heat but little light; it’s not
> surprising that they are downvoted.

None of these were posted here by ddevault. His statement about writing them
is above, so presumably you've seen it already.

I would like to add, I use much of ddevaults software on a daily basis, and
have found it to be some of the absolute best I've ever used. As such, I tend
to give what he says at least a moment of thought.

~~~
Shared404
Also, I still stand by my earlier statement, as [0] was at at least -2 before
I originally found it.

I honestly can't understand why it would be downvoted otherwise.

[0]
[https://news.ycombinator.com/item?id=24122834](https://news.ycombinator.com/item?id=24122834)

~~~
rlwinm
I agree that the post you linked to was downvoted unfairly.

Many of his subsequent posts have been fairly downvoted.

I think some of his downvotes are from people who have interacted with him
elsewhere. His reply to one of my comments is why I’m using this alternate
account.

His recent post about pkg.go.dev misrepresented the facts.

[https://news.ycombinator.com/item?id=24023998](https://news.ycombinator.com/item?id=24023998)

He frequently takes an absolutist stance, often assumes negative intent, and
is at best abrasive.

Here are some examples:

[https://github.com/freeCodeCamp/mail-for-
good/issues/357](https://github.com/freeCodeCamp/mail-for-good/issues/357)

[https://github.com/kisslinux/repo/issues/100](https://github.com/kisslinux/repo/issues/100)

> I would like to add, I use much of ddevaults software on a daily basis, and
> have found it to be some of the absolute best I've ever used. As such, I
> tend to give what he says at least a moment of thought.

It’s your call but I would be hesitant to use anything by him. How would he
respond if I report a bug or open a feature request?

~~~
Shared404
> Many of his subsequent posts have been fairly downvoted.

> He frequently takes an absolutist stance, often assumes negative intent, and
> is at best abrasive.

I don't disagree about this. Having gone back and reread many of his comments,
they do come across as aggressive, even if I agree with much of the contents.

> It’s your call but I would be hesitant to use anything by him. How would he
> respond if I report a bug or open a feature request?

I don't know to be honest. That being said, his absolutism/idealism make me a
little more comfortable with using his software, as I can be reasonably sure
it's being held to a high standard.

------
frabbit
Signal falls into an uncomfortable place for me.

I like pre-paid cellphone plans which give me a small number of text messages,
a small amount of airtime. Using these I can communicate with people when I am
not near a WiFi AP. I do not want to pay for data and would prefer to use my
and my friends' access points and the free wifi in the small number of
commercial locations that I visit.

In Canada all of the major carriers disable WiFi Calling² on pre-paid plans.
They essentially only enable it as crutch to leach off public infrastructure
to take up the slack on their insufficient private infrastructure.

So I infrequently (but enough to be annoyed) find myself in the situation that
I am not near a WiFi access point and wish to communicate with someone else.
Currently Signal will only allow me to do this via insecure SMS messages.

I read their original explanation in 2015 for disabling this functionality.
Namely SMS leaks too much metadata¹ and we are only catering to needs of real-
activists in real-dictatorships, and anyway SMS is too expensive there so this
is a 1st World Problem.

As an explanation it leaves me wondering why I would bother with Signal: if I
bite the bullet and sign up for a circa CA$50/month plan with data I may as
well just use Element Matrix over WiFi. Signal brings nothing to the table
except the possibility of accidentally sending an insecure SMS message and
incurring a 30c charge for it.

1\. [https://signal.org/blog/goodbye-encrypted-
sms/](https://signal.org/blog/goodbye-encrypted-sms/) 2\.
[https://support.signal.org/hc/en-
us/articles/360007321171-Ca...](https://support.signal.org/hc/en-
us/articles/360007321171-Can-I-send-SMS-MMS-with-Signal-)

~~~
redthrow
In Canada, Fido has $10/m + tax "Tablet Plan" which can be used on phones and
gives you 4GB/m data

~~~
frabbit
I appreciate the suggestion but had already experienced the issue that WiFi
Calling did not work with my unlocked Nexus5, similar to this:
[https://forums.fido.ca/t5/General-Support/Wifi-Calling-
worke...](https://forums.fido.ca/t5/General-Support/Wifi-Calling-worked-amp-
stopped-working/td-p/98186)

 _As noted on this article, your compatible device must have been purchased
from Fido. If you have a non-Fido device and no conflicting services, Wi-Fi
Calling may work, but we can’t assure that the feature will work properly!_

Without WiFi Calling enabled sending Secure Signal messages will not work. The
only option left is sending a normal insecure SMS to which the message text
has been input using the veneer of the "secure" Signal app.

~~~
redthrow
No experience in Wifi Calling but I use the 2ndLine app for (very rare) calls
and SMS. It gives you a local number. Data-only is the most cost effective imo

~~~
frabbit
Thanks for the response. One more question: when I look at those plans on
Fido¹ they seem to suggest that I need to be an existing postpaid customer.
The plan seems like an add-on to other plans. Is this accurate or did you sign
up from scratch with no other commercial relationship with Fido?

 _Make sure that you are an eligible Fido customer. You must be an existing,
postpaid, mobile customer._

1\.
[https://www.fido.ca/consumer/tablets](https://www.fido.ca/consumer/tablets)

~~~
redthrow
I have a friend who's a Fido customer so I used their plan for signup.

I found out about the deal on a Redflagdeals post where some have successfully
got the plan without being a Fido customer

[https://forums.redflagdeals.com/fido-4gb-tablet-plan-cpo-
tab...](https://forums.redflagdeals.com/fido-4gb-tablet-plan-cpo-tablet-5-mo-
existing-customers-only-2-yr-agreement-ymmv-2385712/)

~~~
frabbit
Thanks. Guess I have to start making some new friends: "Heyyyy... you look
like Fido kinda guy..."

------
etaioinshrdlu
I'm so proud that a family member managed to get all of my extended family on
Signal. My grandparents are even on Signal.

I wouldn't trust such an app for anything actually secret due to the mentioned
issues (and phone number req), but I think it's great that we're using high
grade encryption to talk about what we had for dinner.

Encrypted and private should be the default no matter what!

~~~
Cactus2018
Plus cross-platform video chat and nice (large) multimedia attachments.

------
motohagiography
Trust it to what?

I use Signal because I think it protects my SMS messages from:

a) being harvested and read by other apps on my phone

b) being read by someone who unlocks my phone

c) being passively intercepted and stored by carriers and their snoopy
employees

d) opposition researchers or private investigators targeting my friends,
acquaintances, and business associates.

For anything targeted and state level, all bets are off anyway, so it's not a
solution for people who have that problem. What am I missing?

~~~
frabbit
_I use Signal because I think it protects my SMS messages_

It depends. I think calling them simply SMS messages instead of being more
precise is misleading because: _Text messages sent through your mobile SMS
/MMS plan are insecure and need your phone to be connected to your mobile
network._

and

 _Signal Desktop does not send or receive SMS /MMS messages. Only Signal
messages will be sent or received. The desktop app is an independent client
that works whether or not your mobile device is present or online. We also
want to encourage users to move away from insecure legacy protocols._

[https://support.signal.org/hc/en-
us/articles/360007321171-Ca...](https://support.signal.org/hc/en-
us/articles/360007321171-Can-I-send-SMS-MMS-with-Signal-)

I find it very confusing.

~~~
motohagiography
It has other features, but the main point of using Signal is to send encrypted
messages to people using the PSTN directory service (e.g. phone numbers). You
are still in that sandbox.

The secondary feature it it ostensibly encrypts messages at rest on your
device so they cannot be decrypted and read by other apps. (Assuming that's
true.)

If you want a more secure messenger, use Wickr, Riot/Matrix/whatever it's
called now, or protonmail or something similar, as these don't depend on the
phone directory for identity and so they resist some traffic analysis and
contact tracing as well.

The threat model is both the business model and use case for security
products, so talking about the features or implementations outside the context
of the threat model is going to just add uncertainty, imo.

~~~
frabbit
Sure. Agreed. I was responding to your statement that you can send encrypted
SMS messages using that handy PSTN directory access provided by Signal.

You can't.

I think this is a common misconception.

~~~
motohagiography
Open loop criticisms are why I often can't stand other security and crypto
people.

To be clear, if someone is a Signal user, you use their phone number for
directory discovery and initializing identity, then Signal messages themselves
are encrypted and transported via Signal servers using WebRTC as a transport
protocol?

I think without a sequence diagram, most discussion of security protocols is
pointless.

~~~
frabbit
Signal does not send encrypted SMS messages. Period. It can send encrypted
messages but they are not SMS.

I think that without using the same words that other "security professionals"
(which I would not class myself as) use most discussion becomes absolutely
pointless.

------
f0ff
As to the interjection that Signal is lacking a FBI canary - Moxie was clear
on the subject:

[https://web.archive.org/web/20141027143819/https://github.co...](https://web.archive.org/web/20141027143819/https://github.com/WhisperSystems/whispersystems.org/issues/34)

~~~
ColanR
The EFF reference at the bottom of that link provides a useful alternative
position:

> What’s the legal theory behind warrant canaries?

> The First Amendment protects against compelled speech. For example, a court
> held that the New Hampshire state government could not require its citizens
> to have “Live Free or Die” on their license plates. While the government may
> be able to compel silence through a gag order, it may not be able to compel
> an ISP to lie by falsely stating that it has not received legal process when
> in fact it has.

> Have courts upheld compelled speech?

> Rarely. In a few instances, the courts have upheld compelled speech in the
> commercial context, where the government shows that the compelled statements
> convey important truthful information to consumers. For example, warnings on
> cigarette packs are a form of compelled commercial speech that have
> sometimes been upheld, and sometimes struck down, depending on whether the
> government shows there is a rational basis for the warning.

> Have courts upheld compelled false speech?

> No, and the cases on compelled speech have tended to rely on truth as a
> minimum requirement. For example, Planned Parenthood challenged a
> requirement that physicians tell patients seeking abortions of an increased
> risk of suicidal ideation. The court found that Planned Parenthood did not
> meet its burden of showing that the disclosure was untruthful, misleading,
> or not relevant to the patent’s decision to have an abortion.

> Are there any cases upholding warrant canaries?

> Not yet. EFF believes that warrant canaries are legal, and the government
> should not be able to compel a lie. To borrow a phrase from Winston
> Churchill, no one can guarantee success in litigation, but only deserve it.

~~~
ncmncm
As counterpoint, the US Supreme Court held that Idahoans are obliged to
advertise "famous potatoes" on their license tags. But potatoes really are
famous (at least by Idaho standards) so it is just a fact and not an opinion.
I guess.

------
tptacek
This post has been on Hacker News several times. For instance:
[https://news.ycombinator.com/item?id=17723973](https://news.ycombinator.com/item?id=17723973).

When it was first published, it included an emphatic recommendation to use
Matrix, and, later, Tox --- in fact, the post even included a changelog at the
bottom recording the inclusion of Tox. After it was pointed out to the author
that Matrix didn't even do E2E by default, the recommendations (and the
changelog) were ghost-edited out of the post, but you can still see them on
Archive.org.

I don't understand why people take this post seriously.

~~~
ddevault
Ah, once again with the insubtantive rebuttal of the last point in the
article, the point which has the least relevance to the meat of the article.
And this time, your rebuttal is out of date, because Matrix _does_ have end-
to-end encryption by default for all chats! Always _lovely_ having you around
on HN, tptacek.

~~~
tptacek
Recommending a tool that wasn't even end-to-end encrypted over Signal because
you didn't like the way Signal's leadership responded to your demand to
support F-Droid is the most relevant thing you wrote. Just because it was
malpractice doesn't make it out of bounds.

~~~
ddevault
Look at this guy, he was wrong! Wrong wrong wrong WRONG! Look, he retracted
his statement, that's how WRONG he was!

~~~
tptacek
Once again: you did not retract your statement. You ghost-edited it out of
your post. The purpose of a retraction is to inform your readers of your
mistake, and a retraction would be a good thing to add to your post.

The distinction is especially germane in a thread on a post that purports to
discern how trustworthy someone else is. You set the bar, now clear it.

------
ncmncm
I reacted to previous posts about this by installing Element (was Riot.im;
search for both words) matrix client, setting up a periodic donation to
privacytools.io, and making accounts with that as homeserver
(chat.privacytools.io) for me and for the rest of the family.

(Previously, I had a Librem.one account, but they don't maintain their server,
so I dropped it.)

It works... Still waiting for anyone else I know to come over.

Element really needs to set up as an optional SMS handler, on phones. Probably
building in a Signal gateway is needed too. Signal would be nowhere today if
it didn't also do SMS. Separate gateways are too clunky.

~~~
ddevault
Matrix does pretty well in terms of privacy these days.

As for privacytools.io, I can't really agree. They have made a number of
suggestions which are less about actual privacy and more about a trend I've
come to think of as "privacy roleplaying" \- trendy software & services which
use privacy and security as a selling point but whose implementation doesn't
back it up. An example is Protonmail. When it comes to the privacy vs
usability debate I come down _hard_ on the side of privacy. Doesn't matter how
pretty it is if it's going to get you rubber hosed.

~~~
ncmncm
This is useful information. So, not librem.one, not privacytools.io, then...
Maybe that leaves a homeserver of my own? I guess I am glad no one has picked
up my current address. But it doesn't bode well for adoption.

I had thought that parking on a homeserver was not trusting them.

------
bitxbitxbitcoin
I'd love to hear/see the 2020 reasoning for not being on F-Droid.

~~~
Pick-A-Hill2019
Not relevant but since F-Droid has been mentioned in the context of it.
F-Droid is based in the UK and their accounts are over-due. 'Free' does not
exist forever.
[https://beta.companieshouse.gov.uk/company/08420676](https://beta.companieshouse.gov.uk/company/08420676)

------
shakezula
What's the alternative to Signal then? For iOS users?

~~~
sneak
There is no alternative that provides the ease of use and privacy guarantees.

I think the OWS/Moxie hate is misplaced. They’re competing with iMessage and
WhatsApp and Instagram and Facebook, and Signal is a much better option than
all of those.

Let’s be honest: the alternative is that Facebook gets all of our chats in
cleartext.

~~~
rglullis
I don't buy it. I've been running my own Matrix homeserver and giving access
to non-techy members of my family for years already. Setting up e2e is not
automatic, but nothing that my mother couldn't do after 5 minutes of hand-
holding.

It is on us with tech skills to help others to get out of any centralized
alternative. Ease of use will come with the less technical user base.

~~~
dmitriid
It's on us as tech users to create solutions that don't require 5 minutes of
hand holding with every user of software and call it an achievement.

~~~
rglullis
Yes, you are absolutely right. No, it does not invalidate what I am saying.

If we keep expecting underfunded and under-resourced parties to come up with
software ready and with absolute feature-parity over what is being pushed by
the companies that have time, money and marketing teams, we are never going to
make a dent on mindshare of the general public.

If on the other hand are diligent in refusing for centralized alternatives
while willing to learn and emulate what they do right, then we will _at the
very least_ be in a state of steady progress. Matrix and Synapse from two
years ago where way worse than they are today. I am confident that in two
years from now it will be even better and easier than it is today.
Facebook/Google Meet/MS Teams/Skype from two years ago was centralized and
closed, just as I expect them to be closed two years from now.

~~~
dmitriid
> absolute feature-parity over what is being pushed by the companies that have
> time, money and marketing teams

Signal started as any other startup. And yet ;)

> while willing to learn and emulate what they do right, then we will at the
> very least be in a state of steady progress

In total agreement with you

~~~
rglullis
> Signal started as any other startup. And yet

Not sure what you mean here. To me Signal is just another startup that wants
to keep control over the market and uses excuses such as "federation leads to
fragmentation and bad UX" in order to put its own interests ahead of the
users. To me they are no different than FB or Google.

~~~
dmitriid
They also started "with no money and recognition" and ended up defining what
e2e means for consumers.

~~~
rglullis
Forgive me for being dense, but I still don't get the point you are trying to
make. Do you think Signal is worthy of some praise that the alternatives are
not? Was their software ready to compete with the status quo of the time in
features?

~~~
dmitriid
What was the point of this statement: "If we keep expecting underfunded and
under-resourced parties to come up with software ready and with absolute
feature-parity over what is being pushed by the companies that have time,
money and marketing teams"?

My counterpoint is: Signal started as any startup. Now it basically defines
e2e encryption. Why can't other "underfunded and under-resourced parties" do
similar things?

~~~
rglullis
Because "defining e2e encryption" is the case of building a feature and not a
product, and a startup creating a novel feature is a lot easier than bringing
a whole product with feature-parity against the dominant market leader?

------
sneak
I really don’t think OWS has the authority to stop forks from using the Signal
servers, any more than YC has the authority to dictate that I use Chrome to
view HN.

There is, of course, the vague language of the CFAA, so I’m not sure I’d want
to test this theory, but his demands that forks not use the main centralized
servers are, in my opinion, unenforceable bluster.

~~~
ddevault
This doesn't have much value without _federation_ , which would require active
support from OWS.

~~~
tptacek
You can literally just look at Matrix, the tool you recommended, to see the
problem with federation, fragmentation, and market demands to support lowest-
common-denominator security. It took years after your recommendation for
Matrix to have universal default E2E, the table-stakes feature of a secure
messenger.

~~~
ddevault
Are you going to back this up with evidence, or is it okay when _you_ use
axiomatic arguments?

"It took a while" is not actually an argument that the procedure is wrong or
less correct, in case you were unsure.

~~~
tptacek
In fact, it is an argument that you were wrong, and the evidence for that is
that when you made the argument, and for two whole years afterwards, your
recommendation would have put vulnerable users on a platform that was for many
users default-plaintext.

------
Funes-
I only use phone calls (sync) and e-mail (async) nowadays.There's no other
communication channel I would need. I'd only be willing to substitute them
with their encrypted, P2P, and open-source counterparts, if they ever come
into existence.

Texting, on the other hand, used to be the bane of my existence, as--
especially in its current form (free, nested layout, etcetera)--it's one of
the most distracting, inefficient, absurdly redundant and useless
communication mediums I know.

~~~
core-questions
You could have substituted email for its encrypted, P2P, open-source
counterpart for almost 30 years now. It's called PGP / GnuPG. What more do we
really need? It actually has more legal protection and formality, and way more
clarity, than any centrally managed "E2EE" chat platform.

We just need a really good app that uses SMTP as the underlying protocol to
send messages that aren't MIME / HTML email, but rather are a simple new
format for chat, and then start using email as a chat mechanism. There's no
real reason why it can't be fast enough.

------
4ad
After the PIN/Intel SGX debacle, I trust Signal even less.

~~~
AnonHP
Seems like I missed this a month ago. I'm now catching up from Matthew Green's
blog post. [1]

[1]: [https://blog.cryptographyengineering.com/2020/07/10/a-few-
th...](https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-
about-signals-secure-value-recovery/)

~~~
codethief
Thanks for posting this! I had been waiting for Matthew Green's reaction.

