
Signal Desktop - marksamman
https://whispersystems.org/blog/signal-desktop/
======
darklajid
I'm feeling dirty, because I don't like to be that negative, especially if
we're talking open-source software. And I feel that I kinda hold this project
to higher standards: If I compare this to WhatsApp/Telegram/Threema/Whatever,
I inheritently, somewhat subconciously expect more from Signal.

And I'm disappointed. I tend to repeat the 'central server' and 'a phone
number is not an address and not public information, it certainly is no
identity' criticism.

When I read the headline/title, I thought 'Now maybe that would be enough to
be ~good enough~ to ditch Telegram' in spite of these problems (which Telegram
has as well, ofc). But really. A Chrome app. And works only (yeah, I think I
said it before: Phone numbers suck) as a secondary client. And only if the
first client is Android?

I seriously don't get it. And it certainly is not for me: I don't like that
browser (I do have it installed for testing and to follow it at times, but
there's no 'app' I'd run in Chrome). I don't want to tie something to my phone
and I don't think that it should matter what platform my handset runs on -
SailfishOS looks nice, FxOS progresses slow but ticks a good number of boxes
for me.

Full circle to the first line: I don't _like_ to be negative and the headline
gave me hope for a couple seconds. Unfortunately this release just deepened my
belief that Signal wasn't meant to be for me.

~~~
moxie
If we were going to rank our priorities, they would be in this order:

1) Make mass surveillance impossible.

2) Stop targeted attacks against crypto nerds.

It's not that we don't find #2 laudable, but optimizing for #1 takes
precedence when we're making decisions.

If you don't want to use your phone number, don't use it. You can register
with any GV, Twilio, Voicepulse, or other throwaway VoIP number.

If you don't want to run Chrome, use Chromium instead.

If you don't want to use Google Play Services, use GcmCore.

The world you want this software for is not the world that everyone else lives
in. You can certainly make it work in that world with a little effort, but
because of how we've prioritized our objectives, that's not the default
experience.

~~~
nemoniac
What is GcmCore? It doesn't show up on ddg or google.

~~~
_jomo
It's GmsCore, moxie typo'd. However you can also install via F-Droid by adding
this repo [https://fdroid.eutopia.cz](https://fdroid.eutopia.cz)

Moxie is probably going to hate you for it, but it works very well and doesn't
require Google Services or anything else.

~~~
haffenloher
Using that websocket stuff instead of Play Services or GmsCore will make
receiving Signal calls impossible.

------
hackuser
> Signal Desktop is a Chrome app

That surprises me. I don't trust Chrome for confidentiality; I assume it
collects data for Google and I don't know that it protects my data from
others.

If Chrome isn't trustworthy for confidentiality, it would seem to fatally
cripple the security of Signal Desktop. However, I believe the people at
Whisper Systems would see that obvious flaw so I suspect that I'm
misunderstanding something - what is it?

~~~
j_s
Whisper Systems has a track record of prioritizing 'good enough' ease-of-use
ahead of 'perfect' security as a practical way of expanding its user base.

Edit: Tried to word the above most neutrally; I believe this approach has both
pros and cons.

~~~
sz4kerto
> Whisper Systems has a track record of prioritizing 'good enough' ease-of-use
> ahead of 'perfect' security

Why is Telegram always under for their flawed security challenge despite the
good-enough track record then? They also have perfect usability, native apps,
3rd party clients, etc. If the security is not the first priority then Signal
isn't very attractive compared to the competition I think.

~~~
MikeKusold
Telegram is closed source so we can't verify that they implemented encryption
properly, and only Secret Chats have the messages encrypted.

[https://telegram.org/faq#q-so-how-do-you-encrypt-
data](https://telegram.org/faq#q-so-how-do-you-encrypt-data)

~~~
leni536
I thought the Telegram client is open-source, it's even on F-droid. The server
side being open or closed source is meaningless:

1\. In Telegram's threat model the servers are not trusted.

2\. You can't verify server side code anyway.

~~~
toupeira
The Telegram client can just barely be considered Open Source, see the
discussion at
[https://github.com/DrKLO/Telegram/pull/76](https://github.com/DrKLO/Telegram/pull/76)

~~~
leni536
F-droid builds those parts separately from source.

> The official source code of the app contains binary blobs, so this tracks a
> fork which builds those from source. Hence, versions might become available
> with a certain lag.

[https://f-droid.org/repository/browse/?fdid=org.telegram.mes...](https://f-droid.org/repository/browse/?fdid=org.telegram.messenger)

------
rmchugh
Loving moxie's namedropping of oldschool revolutionaries:

Maria (Masha) Alexandrovna Kolenkina was a Russian socialist revolutionary
from a merchant family in Temzhuk, a small town on the Sea of Azov.
(1850-1926) Vera Ivanovna Zasulich was a Russian Menshevik writer and
revolutionary. (1849-1919) Nestor Ivanovych Makhno or Bat'ko Makhno was a
Ukrainian anarcho-communist revolutionary and the commander of an independent
anarchist army in Ukraine during the Russian Civil War of 1917–1922.
(1888-1934) (all above from Wikipedia)

~~~
interrupt13
Oldschool Communist revolutionaries, to be exact. Yeah, it's no mystery where
Moxie's politics lie given those allusions and the not-a-company company, eat
together, do push ups together, open salary policies.

~~~
oldmanjay
Fortunately for most of the human population, the politics of the author of
the software we use isn't really a consideration.

~~~
Grue3
I'm sure most people wouldn't use software created by Nazis. Considering
Communism has arguably worse track record, I would definitely avoid any
software created by its proponents if it's at all possible.

~~~
DanBC
> I'm sure most people wouldn't use software created by Nazis

Best selling car of all time; star of several (very popular) movies:
[http://www.bbc.com/culture/story/20130830-the-nazi-car-we-
ca...](http://www.bbc.com/culture/story/20130830-the-nazi-car-we-came-to-love)

------
sigmar
I don't understand why it prompts me to invite other people after putting me
in line. Why would I email/tweet my friends to join this service if it isn't
even ready for me? Seems rude to bother a friend with joining an internet line
just so that I can get a better position in the line.

I love signal on android and have been looking forward to this, kind of rubs
me the wrong way when I'm put in "line"

~~~
frayesto
The app is still in beta testing. I think this is their way to drum up
support.

Forces all the die-hards who want in to try and get some people interested.

An app like this is only as useful as the number of people who use it.

~~~
JshWright
Invite them to... not use it? That seems like a solid way to turn people off
from using a service, not a way get them excited about it.

~~~
jegutman
I don't feel strongly about the practice either way, but you're also
indirectly prioritizing users who are most willing to share the product. So
they're hoping their early users are also those most willing to spread. The
"connectors" of the products ecosystem.

~~~
JshWright
You're prioritizing users who are willing to spam their friends about a
product they can't even use.

I would be _far_ more likely to tell my friends about the product if I could
actually use it and be able to vouch for it (as I have with the mobile version
of TextSecure/Signal).

Forcing me to get my friends to visit a page where they will find out about an
application they can't even use is just annoying.

------
leonhandreke
Why incentivize spamming my friends with links before I've even seen the app,
only to refer them to a waiting line? Sure, launch day momentum and all that,
but I wish that as an entity that wants to be "the good guys", they can find a
way to gain a broader audience for their app based on the app itself, not the
buzz around it.

On a sidenote, does anyone know who funds their full-timers?
[https://whispersystems.org/workworkwork/](https://whispersystems.org/workworkwork/)
says they're not VC funded. But then who pays them?

~~~
frayesto
They are part of the [Freedom of the Press
foundation]([https://freedom.press/](https://freedom.press/)) and have grants
from the Shuttleworth foundation

[https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding](https://en.wikipedia.org/wiki/Open_Whisper_Systems#Funding)

[http://www.knightfoundation.org/grants/201499909/](http://www.knightfoundation.org/grants/201499909/)

[https://www.shuttleworthfoundation.org/fellows/moxie-
marlins...](https://www.shuttleworthfoundation.org/fellows/moxie-marlinspike/)

------
phantom_oracle
I have a question about this...

Say a team of volunteers were willing to spend time to make something like a
QT- or GTK-based native desktop application instead.

How much more difficult would this be compared to what they did/used now? (the
chrome-app) ?

Also, will it take significantly longer to build such a native app?

Anybody with experience building native apps, please share.

~~~
joshka
What about using something like
[http://electron.atom.io](http://electron.atom.io) instead. This would likely
be the best of both worlds - native, but not browser-dependent.

~~~
giancarlostoro
I really wish this was an Electron / nw.js app instead of a Chrome plugin.

~~~
mintplant
I've experimented with this and with a little tweaking it works fine under
NW.js's alpha support for running Chrome Apps.

~~~
giancarlostoro
I mention it because downloading one file (a nw.js / electron build) is a lot
less friction filled than (in some cases) downloading an entire browser just
to use one app. There's still people out there who still use Firefox or
whatever default browser their OS comes with. Instead of downloading one file,
you're now forced to download two.

------
aw3c2
This is a Chrome app. I miss the days of native apps. :(

~~~
lucidstack
True. Although, I don't understand why it has to be a Chrome app. Why not just
a NW.js app? Maybe for the whole "connect with your phone" functionality?

Perhaps somebody could shed some light on this?

~~~
lewisl9029
My guess is it uses Chrome's Native Client [1] for crypto. It's understandable
why they might want to do this at this point in time, because the only other
way to use native code for crypto in the browser is through the the Web Crypto
API [2], which is still very young and implementations aren't very consistent
across browsers yet anyways.

[1] [https://developer.chrome.com/native-
client](https://developer.chrome.com/native-client)

[2] [http://www.w3.org/TR/WebCryptoAPI/](http://www.w3.org/TR/WebCryptoAPI/)

~~~
kuschku
So, effectively, they use native code anyway, but make debugging worse for
users?

Great...

------
gue5t
Why are all these encrypted chat programs (Signal, Telegram, &c.) still
centralized and not TOR-style onion-routed?

~~~
lewisl9029
As much as I agree with your overall sentiment, the sad truth is that
centralized architectures enable many of the UX affordances that users take
for granted today in a modern chat app, many of which are much more difficult,
sometimes simply impossible, to implement in a decentralized architecture
(think features like automatic contact discovery, offline messaging, etc).
Without some of these affordances, a chat app has simply has no chance of
gaining widespread adoption in such a competitive landscape. This is why it is
very difficult to justify pouring any significant resources into building a
decentralized chat app, because too few people will ever end up using it to
justify the investment.

For what it's worth, I am the author of a decentralized messaging app myself
[1], and have spent _a lot_ of time thinking about stuff like this, and
eventually reached this unfortunate conclusion and decided to leave the
project at the prototype stage.

[1] [http://toc.im/](http://toc.im/)

~~~
deanclatworthy
What kind of things are impossible?

~~~
lewisl9029
The two features I mentioned, automatic contact discovery and robust offline
messaging, are examples of features that I have concluded to be impossible to
build without some degree of centralization (there are probably more, but
those two were the only ones I could recall off the top of my head). Though it
is certainly possible that I simply haven't put enough thought into it.

Toc's original goal was to be a decentralized messaging app that makes _no_
compromises in terms of UX compared to a centralized messaging app. Toc
managed to tackle decentralized cross platform sync, but to this day I still
have no idea how to approach automatic contact discovery and robust offline
messaging.

~~~
qrmn
Automatic contact discovery is tricky, but the beginnings of one potential
solution is I think explored in agl's Pond, using pairings on BN curves?:
[https://pond.imperialviolet.org/](https://pond.imperialviolet.org/)

To a point, so is offline messaging. Distributed datastores in general do that
kind of thing - there are old implementations over Freenet in particular, and
GNUnet as well and other things I think. The _robust_ part is harder: if the
client is offline, where's the disk space coming from? Volunteers' (nodes')
cache? That needs to be opaque, and so do lookups. What's to stop spammers
flooding the network? (Spam, and denial-of-service in general, is a Hard
problem to deal with in general even in distributed systems.)

They're not among the hardest problems. Pseudonymity is a huge challenge as
the latency gets lower against traffic correlation attacks, and a secure
messenger is most definitely up against the kind of threat model that can and
will try to pull those off in the wild. Perhaps mixing high and low-latency
traffic may help, although it's going to need to be very carefully analysed
how much (I believe I2P's design can do that, although I'm not sure if jrand0m
ever implemented it in the router).

~~~
lewisl9029
Yes those are definitely not the hardest problems in this space. I was only
referring to UX-related features in my original post (i.e. rather than the
much more tricky privacy and security related ones), ones that I couldn't
figure out how to actually _implement_ in the context of a client-side web
app. _Impossible_ was probably too strong of a word to express that.

Thank you for all the interesting ideas and resources though! They'll
definitely come in handy when I eventually revisit this space when I have more
time later on.

------
chadk
All good with the Android, but disappointed this is Chrome. You would think
they would have a FF plugin by now!

~~~
mtgx
It's easier to build Chrome apps, and they are also more secure. It's one of
the reasons Mozilla is trying to move away from the add-on model and adopt
WebExtensions. When it does that we should start seeing Chrome/Firefox apps
appear likely at the same time. It's why I hope Mozilla dismisses the backlash
against the switch because some people can't live without their "deep" themes.

~~~
kuschku
It’s not just "deep themes".

What if I want thumbnails of tabs on hover?

What if I want the browser UI to be colored in the theme color of the current
webpage (similar to chrome mobile)?

I can do that today with FF.

I can’t do that with WebExtensions.

------
codemac
The join the beta button isn't working? I click and nothing happens.

I looked at the page source, but then I realized I don't know how the fuck
javascript works.

~~~
spiznnx
the button only worked in chrome, not firefox for me

~~~
jedahan
same, sigh

------
finnn
>Don't leave your friends behind, invite them to signup with this unique link.
The more friends that join, the further you will advance in line for the beta.

That's annoying.

~~~
JshWright
Even more annoying is that it tells you how many people are ahead of you in
line, so you get to watch that number grow as you move further down the
list...

I was pretty excited about this when I saw the title, now I'm just annoyed.

------
hedgehog
Note: Android only. Edit: In the sense that it only works with the Android
version of the app.

~~~
zmanian
Android only on the sense that the ability to provisions two device keys with
one account is Android only.

OWS is hiring iOS devs to implement more pieces of this.

~~~
newman314
Yeah, I was disappointed to discover this a while back when I tried to
provision an iPad to use the same account as the iPhone.

The failure mode is horrible too, in that messages will just go into the
ether. I apparently missed a whole bunch of messages until I deleted Signal
off the iPad and reinstalled on the iPhone.

------
klapinat0r
This is slightly off-topic, but I hope moxie (or an employee of WhisperSystems
- nothing official needed) wouldn't mind chiming in:

Since I loved the fact that I can run my own TextSecure server, I'm wondering
why Signal does not run a similar model?

I'm curious which considerations went into this decision.

------
welly
Sadly, as much as I'd like to use Telegram or Signal rather than the usual
suspects (sms, whatsapp, facebook messenger), it would require someone on the
other end to receive my messages.

The likelihood of convincing my friends/family to use a messaging app that
isn't any of the usual suspects is low to none. And none of my bleating about
privacy issues will convince them otherwise ("I've got nothing to hide,
doesn't bother me").

------
tdkl
Since when are browser apps "desktop" apps ?

------
NfnK2ECvNE
I agree with some of the folks here. I have the utmost respect for Signal and
Marlinspike but this seems like a weird direction for this to go in. A Chrome
app? Tying it to the Chrome App Store? Requiring a Google email for the beta
group? Just seems out of place for Signal.

------
AdmiralAsshat
Any plans to make a Firefox add-on?

------
mrmondo
Requiring a google email address and chrome for a secure messaging system?
Very strange move.

~~~
frayesto
They're using Google groups to manage the beta testing program.

Make sense since that's how you sign into the Chrome app store to download the
app.

~~~
rsync
"Make sense since that's how you sign into the Chrome app store to download
the app."

I don't think it makes any sense at all.

Even if you _do_ use gmail/google in some places (I don't) it's not a given
that you want to tie that identity to this app or these activities.

A throwaway google account is getting very difficult since google
automatically flags an account with no mobile phone number attached to it as a
"suspicious activity" account, immediately forcing you to add a mobile number.

Google is not the Internet. Their app store is not the Internet. I can't
believe that the people I know to be behind this project have tied it to
google in such a necessary and intimate way.

~~~
marssaxman
Really, they do that now!? No way am I giving Google my phone number, goddamn.
I have gradually drifted away from using any Google services - I guess I won't
be creating any new Google accounts in the future, then.

------
riquito
How much money do you need to develop and maintain a Firefox version? Can I
donate? I don't want to help to enforce this idea that Chrom* is the only
browser that can run certain things, is against my believes.

------
fiatjaf
Why is there a queue for entering beta when it is possible to get the source
and install on Chrome right away?

------
fiatjaf
Why do I need a phone number?

~~~
Freak_NL
Yeah, this makes Signal a total non-starter for me. It is doing the same thing
WhatsApp does: you need a smartphone to use it. Even the desktop version
requires a smartphone to create an account.

If privacy is so important for Signal, why forbid using it without a phone
number? It makes no sense.

------
thursdaydecide3
This is slightly off topic but am I the only one surprised at the litany of
permissions they require for the android app? Some make sense (like SMS or
camera) but device & app history/location/identity/device ID & call
info/contacts/calendar/microphone/phone seems like a smash and grab. I saw
moxie speak at a conference once and he specifically called out the device
id/call information permission as evidence that google doesn't care about your
privacy, so why is his privacy-enabling app requiring it?? I thought these
were supposed to be the good guys (and girls)? The good guys (and girls) don't
do 'collect it all.'

~~~
haffenloher
> am I the only one surprised

Why not ask your favorite search engine? Definitely faster than creating a HN
account ;)

First Google search result: [http://support.whispersystems.org/hc/en-
us/articles/21253585...](http://support.whispersystems.org/hc/en-
us/articles/212535858-What-are-all-these-permissions-)

------
kristofferR
Why make it a Chrome app instead of a node-webkit app?

~~~
moloch
nw.js is somewhat concerning from a security standpoint, you're always one XSS
vulnerability away for arbitrary code execution.

------
Spakman
I love Signal and advocate it wherever possible. After following along on the
GitHub tickets for this project, I'm happy to say thank you and
congratulations on the beta release folks!

I'm probably about to ask this on the mailing list soon anyway, but in case
there is any hidden knowledge here:

1\. There was talk of server federation long ago. Is this still part of the
long term plan?

2\. There was talk of not using a phone number as a required identifier. Is
this still part of the long term plan?

------
dates
I got excited about signal after watching this video, which explains pretty
well the challenges of encrypted communication and how Signal addresses them
(it might be basic stuff for people super familiar with the topic though):
[https://www.youtube.com/watch?v=tOMiAeRwpPA](https://www.youtube.com/watch?v=tOMiAeRwpPA)

------
degenerate
If I wanted someting that looked like skype, I would just use skype. These
bubbly colorful interfaces make me sad on the inside :(

------
AndyMcConachie
Why should I use this instead of Jabber/XMPP over TLS? Can someone sell me on
this that knows how both work?

Thanks!

~~~
ge0rg
The differences are:

* XMPP is using addresses with the same format as e-mail addresses (Jabber ID/JID), Signal accounts are bound to your phone number

* Signal has strong end-to-end encryption built-in, for XMPP you need OTR or the recent OMEMO port of Signal's end-to-end crypto magic

* XMPP is federated, where you talk to your server, and it talks to your buddies servers; with Signal everybody talks to WhisperSystems' servers

* XMPP has no decent iOS app, but pretty good multi-device support otherwise

------
thecoffman
Shame that its Android only. Was really looking forward to giving this a try!

~~~
moxie
For now! We're hiring, if you know anyone that wants to help us speed up iOS
development:
[https://whispersystems.org/workworkwork/](https://whispersystems.org/workworkwork/)

~~~
Sephr
Why tie it to a phone at all? Why not have this Chrome app work standalone?
Apple's messaging app uses end-to-end encryption _and_ it can be routed to
multiple devices. I would expect Signal to strive to attain parity with
Apple's offerings.

Also, the naming of this app is pretty disingenuous. This app should be called
"Signal Remote", since it's not running the actual Signal comms on my desktop,
it's remotely controlling Signal on my phone.

~~~
haffenloher
Nope, I think you misunderstood something. Your phone does _not_ need to be
online for the desktop app to work.

------
knocknock
I'm assuming this works similarly to WhatsApp Web
([https://web.whatsapp.com/](https://web.whatsapp.com/))

~~~
dates
And actually, earlier this year, WhatsApp started using the encrpytion
protocol developed by the signal folks (Axolotl) to encrypt message data,
Which is super cool. (I think group chats and images are still not encrypted,
or something) I wonder if in the future Signal will focus on integrating their
encryption into other existing chat systems like Facebook messenger, and put
the Signal apps on the backburner.

~~~
unsignedint
The problem I have is when these systems don't indicate whether their session
or secure or not. Last time I checked, WhatsApp still didn't have it. This is
especially problematic when the system has exceptions like the ones you've
described. (Group chats, images, etc.)

Services like LINE also bragged about their secure chat feature, too [0] but
honestly, without an active indication of whether their session is secured or
not, it's fairly useless and I don't really like this "hide the complicated
stuff" attitude that those services seems to be going toward...

[0]:
[http://developers.linecorp.com/blog/?p=3679](http://developers.linecorp.com/blog/?p=3679)

------
Sephr
Call it what it really is: "Signal Phone Remote". This is not Signal Desktop
if you need a non-desktop to use it.

~~~
haffenloher
That name would imply your phone had to be online for the desktop app to work
- that's not the case.

~~~
Sephr
Oh, that does sound a lot more reasonable and I made an incorrect assumption.

I take it that you still need a phone to make a signal account though?

~~~
haffenloher
Yep, at least that's how the official version of the chrome app works at the
moment, it offers no standalone option.

------
wepple
This isn't working for me - the code that is supposed to show up for me to
scan doesn't work, I just see:

connecting....

------
wepple
This isn't working for me, the code I'm supposed to scan won't show up, just

Connecting....

(I installed from github)

~~~
muppetman
EDIT: I apologise, I'm wrong. It appears github has been updated to remove
this warning.

and as it pretty says on github, the github repo is confiugred to connect to
the development server.

So yea, trying to jump the queue by installing the dev blob from github won't
work.

~~~
benedictp
I made it working: 1\. Clone the Signal-Desktop Repo 2\. Edit the File:
"js/background.js" Line 56 SERVER_URL to '[https://textsecure-
service.whispersystems.org'](https://textsecure-service.whispersystems.org')
and Line 57 ATTACHMENT_SERVER_URL to '[https://whispersystems-textsecure-
attachments.s3.amazonaws.c...](https://whispersystems-textsecure-
attachments.s3.amazonaws.com') and save it 3\. Open chrome://extensions/ 4\.
Activate Developer mode 5\. Click "Load unpacked extension..." and select the
Signal-Desktop directory 6\. Open [https://textsecure-
service.whispersystems.org/](https://textsecure-service.whispersystems.org/)
and accept the cert (otherwise you won't see the qr code) 7\. Scan the qr code
and have fun!

~~~
spin
> and accept the cert

... sigh... Trusted encryption fail.

Is there some way to verify this cert?

------
mtgx
I assume it doesn't have video support yet. Any chance it will within a year?

------
morsch
I've been looking forward to this! Thanks for all the hard work.

------
joshtgreenwood
The header photo looks like a Windows screen photoshopped into OSX.

------
jmnicolas
> Signal Desktop is a Chrome app which links with your [Android] phone,[...]

Unless your "adversary" is not the NSA, I wonder what's the point of
encrypting your communications when those coms are taking place on
technologies (iOS, Android, Chrome) from companies that are members of the
Prism program.

~~~
acdha
1\. Billions of people live in countries which do not have jurisdiction over
Apple, Google, etc.

2\. You should learn more about PRISM before spreading FUD about its victims.
I'm strongly critical of the NSA's actions but for all of their abuse, PRISM
is not the bogeyman you're making it out to be:

“The PRISM program collects stored internet communications based on demands
made to internet companies such as Google Inc. under Section 702 of the FISA
Amendments Act of 2008 to turn over any data that match court-approved search
terms”

[https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...](https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29)

~~~
SeldomSoup
> court-approved

Remember, this a secret court, whose judges are likely highly biased in favor
the government, with secret proceedings where only the NSA gets to make a
case. Not exactly a legitimate safeguard.

I also have reservations about the grandparent comment, but PRISM is still
pretty awful.

~~~
acdha
Again, I'm not defending them in any way but all we know about the program is
that it allows the kangaroo courts to order searches of information stored on
those servers. We have no reason to believe it includes the ability to e.g.
compel Google to ship a compromised version of Chrome to a specific user and
the fact that the NSA has an entire program to develop and deploy rookits
supports that interpretation since it's far more expensive than just asking
the company to do it for you.

