
Worried About the Privacy of Your Messages? Download Signal - JumpCrisscross
http://www.nytimes.com/2016/12/07/technology/personaltech/worried-about-the-privacy-of-your-messages-download-signal.html?em_pos=small&emc=edit_dk_20161208&nl=dealbook&nl_art=4&nlid=65508833&ref=headline&te=1
======
xnull2guest
I'm worried about the freedom of dissenting opinion in civil society from
surveillance, not the privacy of my messages. Privacy is something I would
easily give up for such freedom.

Signal seems to me to one tool in a large profile to maintain freedom of
information dissemination and information gathering activity.

It seems to me that speaking to a large number of people anonymously is not
possible with any of the existing tools, Signal included, and it seems that
this set of tools is the next set that is needed.

Candidates for this include implementations of "Dining Cryptographer Nets,"
though there exist scalability and DoSability concerns.

~~~
pdkl95
An incomplete sketch of a browser plugin/feature that would allow posts to be
signed from an anonymous source. (hiding your IP isn't addressed; use
something like Tor)

* Blocks of text that start and end with magic numbers are signed in-band in the style of "gpg --clearsign".

* The pubkey pair is automagically created on first use.

For legacy support with existing infrastructure (such as HN):

* When you submit a form with a <textarea>, the plugin provides a UI to sign the contents before submitting the form.

* When browsing a page that contains magic number wrapped text, the text is automagically verified and the key pinned.

* The structure of the signed text should allow the plugin to hide the magic numbers, signature, etc, so the text looks normal.

However, newer software would have other options:

* Define a mapping between the in-band data and a tag structure that holds the same data. This needs to be strictly defined, so it is possible to remove the tag structure and verify the original signed text. This gives full presentation control back to the website, while allowing individual posts on the page to be verified.

The big problem - as usual - is key distribution. In the latter case where it
is easy to hide metadata with CSS, the public key can simply be included with
the post. Unfortunately, in the legacy case I don't think there's a good way
to include two pages of public key in each "\--clearsign"d post.

~~~
notwhoyouthink
I have considered, and even worked on, a Chrome extension for this exact
purpose. Some hurdles I discovered:

* Websites do weird things with textareas. If it's a plain-ol HTML form, it's pretty easy to intercept and do what you want. It seems most websites intercept button clicks then pass your text around to twenty different JS functions and libraries before doing something useful with it. You wind up writing code to handle edge-cases more than anything else.

* To address your final comment, embedding the pubkey inside the text would defeat the entire purpose. A malicious actor (see recent Reddit controversy) can just create their own pubkey, sign the modified comment with it, and noone would be the wiser.

Some things I discovered, and found worked well:

* Keybase has a fantastic library for generating PGP keypairs in-browser. It really added that extra bit of "magic" to the extension.

* Chrome extensions can get CORS exemptions on a per-website basis, and uploading to a standard SKS keyserver is just a POST request that can be done by Javascript.

* Expanding on the last bullet point, verifying other user's comments was tricky. During development, I just downloaded all keys on the keyserver that were uploaded by my extension on a scheduled interval and stored them in localstorage. Unfortunately, I don't think this would scale.

If anyone is interested in picking up where I left off, I could upload the
source to Github.

~~~
yousifa
Could you commit to github? Im working on something similar and would like to
check out what you got/maybe pick it up. Feel free to send me an email (in my
HN profile)

------
james_pm
I continue to be disappointed by headlines like, "Worried About the Privacy of
Your Messages? Download Signal" which implies that only some people should be
worried about privacy.

You'd think that the revelations about the NSA, things like the UK law that
requires ISPs to collect and store your Internet browsing history would have
more people "worried" but yet it's still pretty much a lost cause to try to
explain to smart friends why this stuff matters.

~~~
a3n
That the NSA is able to spy on you is an existence proof that criminals can
also spy on you.

The downside of becoming known to the NSA is that you can get caught up as an
"associate" in someone's drug, criminal or terrorism investigation, and you
had no idea that the person was doing anything like that. You might even have
no idea that the person exists, since the NSA is "allowed" to go out some
number of degrees of freedom from the supposed suspect.

The downside of becoming known to criminals is that you can fall victim to
criminal schemes. You don't even have to be known by name or association, your
device just has to be discovered; owning it is the all too easy next step. You
can be known by installing malware (see the articles on phone downloaded
apps), _or by criminals seeing your communication on the open internet and
becoming aware of you_.

That's what I'd tell my friends, if any of them were still listening.

------
iuguy
All the privacy solutions on the market are varying degrees of bad (from a
privacy/security/freedom perspective), by which I mean they're all flawed in
their own ways.

Signal requires Google Play Services on Android. That means it's put simply
not a privacy messenger. Yes there's crypto, but it's also tied into Whisper
Systems' infrastructure, there's no federation. I use Signal reluctantly, and
only on IOS.

Threema, which is popular in parts of Europe (and is what I use to an extent)
is well established, but not open source, doesn't do voice chat or federation.

Wire is moving in the right direction with respect to being open source and
having lots of good features, but is still not open source.

It's 2016 and our best crypto messenger options are worse than what we had 10
years ago when Skype was peer to peer, or Jabber with federation.

I can understand the reasons for not supporting federation, but I disagree.
The Internet was built to be decentralised, literally to withstand nuclear
war. A walled garden does not provide us with the redundancy or control the
Internet offers.

There are other metadata related issues that pretty much every messenger
suffers from but I'll leave this out of the scope of this comment.

What Open Whisper Systems and Wire need to do is open source the server
components of their solutions, and try to remove the reliance on servers as
much as possible. Only then will we have proper message privacy.

~~~
cyberpunk
Chaps.

I think it's time we just admitted that everything we type/tap/say into _any_
device, regardless of how it's being wrapped up in transit, is absolutely and
irrepairably insecure and we're not going to be able to fix that anytime soon.

Even with really smart crypto or some slick app; what makes you think that
your messages aren't just being read by your os? Would you really notice? Why
would you assume that the api this app talks to is trustworthy? There's no way
to even tell if the code for the client on your device is the same as what's
in that repo, as if it would make any kind of difference anyway since we can
just load code from anywhere at runtime and you'd probably not even notice.

This whole thing is a fucking stageshow, I can only assume we're here to
create an illusion that we still have any kind of security. Why? Is it to get
some low hanging fruit/tech amateurs who will trust it and expose themselves?
I don't know. But, HN, I don't know why WE aren't admitting this to ourselves
or why we defend such obvious ruses.

Well, maybe some of you have signal stock I guess.

It's over, we lost, we have no security, we will probably never be able to
reverse that situation, things are getting worse rapidly, we can't even know
what any of our devices are really doing anymore (even the switches in your
dc, the firmware on the UPS's, whatever), and apps like signal are obviously,
to me, impossible to trust and I don't know why that's not obvious to anyone
who has spent a moment looking at our situation..

Argh.

~~~
antocv
> I think it's time we just admitted that everything we type/tap/say into any
> device, regardless of how it's being wrapped up in transit, is absolutely
> and irrepairably insecure and we're not going to be able to fix that anytime
> soon.

We dont have to set the bar that high. Just lower it slightly and we can
achieve great success.

Can we make the job of NSA and CIA harder? Not necessarily impossible, just to
increase the costs they have to spend on whatever it is they are doing, much
higher than it is now.

That would be nice.

We can do that with bitmessage, avoid Signal, use Telegram which means
outsource to Russia/KGB - so NSA will for sure need to spend more resources if
they want to access your "secure chat" on Telegram.

EDIT: but of course, as you say, the problem is socio systematic - any
technical system which can or would be used to subvert the state is a threat
to the state and will be neutrialized, by takeover, sabotage, lack of funding,
the means the state has are enormous. The list we have of secure or safe
systems are still zero. Only another state can go against the state.

For example, it was mandated that GSM had backdoors. Any system used for
communication, especially mass/group communication, is not free and not
allowed to exist. So simple is that. They even tried to go after the
__creators __of secure systems, wasnt the PGP guy scrutinized?

~~~
cyberpunk
I'm not sure there are many ways to make things harder when the complexity of
the systems we have even in our pockets make them so very hard/impossible to
even observe let alone protect.

There are too many places, even on a phone, where anything at all can be
hiding and we don't really have any way of ever knowing what's there without
stepping through the binaries.. That's even more difficult when we've got
dalvik and VM's involved. How many people alive do you think could work out
exactly what your mobile does in any one second within say, 6 months? ..

For all we know the thompson compiler backdoor really happens, and so how can
you even trust the binaries you're producing?

Do you know anyone who built, for instance the openssl.so on their phone
personally? Did that person build it on a machine they trust? How can they
trust that machine? A single lib with a nefarious function on the few GB of
binaries which ship with your phone is enough to completely negate any
'security' these sorts of apps could provide; even if they were trustworthy to
begin with which they're obviously not.

It's a charade, assume everything you do is completely observed, regardless of
crypto/apps you use.

Even if you have a fully audited and trustworthy (in your view) OS -- then
what about IME? Who says that the CA that issued the certs you trust and talk
to isn't also feeding them out to the gov or whatever? Who says your HDD isn't
talking to the zigbee thermostat in your house and sending your rsa keys to
the pentagon? Who says yo home wifi point isn't acting as a decrypting proxy?

We cant tell, and that's the point. There is no way to ever observe these
levels complexity and verify security and we don't admit it.

We will never know if the code we are running on our various devices is doing
anything extra or not, and so rationally, we should never trust it at all.

Not to say all sec is pointless, you don't want to be low hanging fruit, but
above 'insta-pwn' levels of stupid there isn't much more available, even if
you're told there is and we keep pretending like we have any control over
what's going on anymore...

~~~
kscz
You're right, anything _can_ be monitored, but we shouldn't take that as a
reason that we should lay down and accept it. You should assume that any
sufficiently motivated person/organization/state can get access to your
information. But what we should absolutely do is make sure that state actors
and companies have to demonstrate that they are motivated to take that
information. That they have to devote resources to getting it. We shouldn't
hand them broad access to everyone's information just because any one person's
information is possible to obtain.

But regardless of that point, your other argument feels to me like a
discussion against the problems of mono-culture: we should all endeavor to
have diversity of implementation, if possible. The more we can work towards
federated standards and the ability to quickly pivot when someone loses our
trust, the more capable we are of defeating attempts to undermine that trust.
If we only have 1 implementation of signal and everyone uses it, then all an
"evil" party has to do is find flaws in that 1 implementation. If we have 2
implementations, then some users are protected. If we have 1,000
implementations, and they all inter-communicate, then we have some hope that
only some users are affected by each compromise. I'm digging matrix.org as a
federated protocol, and I'm hoping that it takes root because it has many
clients; an open, federated protocol; and the ability for me to run my own
server.

I would advocate that even though we're relatively mono-culture on linux,
supporting it at least gives linux access to the source code which would allow
other implementations (anyone else keeping a close eye on Redox [1]? I know I
am!). Support open protocols! Support federated protocols! I'll advocate that
signal is a great, easy-to-use system for secure communication, and that the
ideas of Signal are percolating elsewhere (see "olm" [2] the implementation of
Signal's crypto protocol for matrix). But I would like to see stabilization in
Signal leading to federation.

[1] [http://www.redox-os.org/](http://www.redox-os.org/)

[2] [https://matrix.org/git/olm/tree/](https://matrix.org/git/olm/tree/)

~~~
antocv
Indeed, another cost-increase on NSA and other evil enterprises invoice, is to
misinform/disinform, let them monitor what is useless, waste resources finding
the needle in the haystack.

Basically we are in Intelligence vs Counter Intelligence game with the state.

You suspect your phone or device is listening? I know that Facebook is
listening/monitoring, so I let it hear. Yes, I did go to school in Zimbabwe
and have my Zimbabwian friends confirm it, and I did visit it look the GPS
data in the pictures show it.

The data that facebook has about me is worthless shit in disguise as marvelous
worthy data, but they do sell it well, if everyone did this, it would be
obvious their data is not worth the ads they sell, facebook would crumble like
a stomped on paper plane.

------
arglebarnacle
There are a lot of people on this thread crapping on Signal for its various
flaws and downsides. It's nice to be smarter and more informed than everyone,
but for the rest of us we really need advice about what we SHOULD do if we
want a baseline amount of privacy from mass surveillance.

I'm honestly asking here--I don't have the knowledge that many in this
community do about the exact risk of Signal requiring Google Play Services for
example. If Signal isn't the answer, what should I and others use who require
a usable, reasonably accessible to non-tech-professionals solution?

~~~
xjfkekxmmf
The Tox project is specifically designed to meet your usability requirements.

There were also forks of Signal which fixed the privacy issues, however Moxie
Marlinspike (the founder of Open Whisper Systems) ordered them to cease and
desist.

~~~
ekidd
_however Moxie Marlinspike (the founder of Open Whisper Systems) ordered them
to cease and desist_

Would you be kind enough to provide links? I can't find any information about
this claim via Google, and Signal is distributed under the GPLv3, which grants
rights to fork and modify it: [https://github.com/WhisperSystems/Signal-
Android](https://github.com/WhisperSystems/Signal-Android)

~~~
xjfkekxmmf
[https://github.com/LibreSignal/LibreSignal](https://github.com/LibreSignal/LibreSignal)

~~~
ekidd
Thank you!

tl;dr: You can fork the Signal code if you want, but if you do, Moxie
Marlinspike asks you to change the app name and run your own servers. The
server source code appears to be available at
[https://github.com/WhisperSystems/Signal-
Server](https://github.com/WhisperSystems/Signal-Server), but I've heard it
doesn't include the voice component.

So, for example, if you think that Signal ought to support a feature like
iMessage's "Invisible Ink"
([https://mic.com/articles/146347/i-os-10-s-invisible-ink-
feat...](https://mic.com/articles/146347/i-os-10-s-invisible-ink-feature-is-
stealthy-af-here-s-how-to-send-a-hidden-message)), which Moxie has
specifically refused to support ([https://github.com/WhisperSystems/Signal-
Android/issues/5103](https://github.com/WhisperSystems/Signal-
Android/issues/5103)), then you can't just fork the client, implement it
yourself, and use the new client normally, because you'd no longer be able to
talk to regular Signal client if I understand correctly. I mean, even if you
figured out a way for two clients to tell each other whether or not the
feature was available.

So Signal is open source, but not in a way that's useful if you want to change
something.

I don't want to discourage people from using Signal. It's a great app. But I
thought this was worth pointing out, assuming the LibreSignal is
representative of what will happen if people want to make changes to their
client.

~~~
woah
I didn't realize that open source licenses required the maintainers to run
infrastructure for you.

~~~
bad_user
Open source requires the ability to fork and Signal isn't forkable.

~~~
joecool1029
The client and the server (sans voice) are forkable. They don't need to grant
a license to use their infra. You can run your own, it just won't federate.

------
matheusmoreira
WhatsApp integrated Signal's end-to-end encryption¹ into their communications
platform.

Nearly everyone I know uses WhatsApp. This change made the platform much more
secure for everyone. It's on by default and works transparently. Since then,
at least one government was unable to compel WhatsApp to produce messages²
from users under investigation.

I also have Signal installed but nobody I know uses it so its utility is
diminished. I told some friends about Signal; they installed the app but won't
use it because they can't message anyone except me. The only times people
talked to me via Signal was during the temporary WhatsApp blocks ordered by my
country's government.

¹ [https://whispersystems.org/blog/whatsapp-
complete/](https://whispersystems.org/blog/whatsapp-complete/) ²
[http://www.forbes.com/sites/parmyolson/2016/05/03/whatsapp-f...](http://www.forbes.com/sites/parmyolson/2016/05/03/whatsapp-
founder-brazil-shut-down-facebook)

------
unicornporn
Or you could download [https://wire.com/](https://wire.com/) which allows
developers to build their own clients and still use their infrastructure.
Also, it doesn't force you to use a phone number for registration. It supports
audio/video calls. Also, if you're really privacy minded, it doesn't need
Google Play Services. That way it can be used in CopperheadOS.

~~~
reacharavindh
Do you know how Wire makes money to sustain what they are doing?

Don't want to invest my time into something that will eventually sell out and
do that opposite of what they stand for today.

~~~
bluesign
Last time i checked they have no revenue possibility. So I decided to skip, I
am curious on this too

~~~
unicornporn
There's quite an interesting discussion here:

[https://www.reddit.com/r/privacytoolsIO/comments/57n8ee/inst...](https://www.reddit.com/r/privacytoolsIO/comments/57n8ee/instant_messaging_comparison_table/d8uj3bn/)

As I see it, there's some sort of trade off for all solutions for private
instant messaging right now. Wire comes close to a good solution. The biggest
problem for me is that the official Android client is quite buggy, UI wise...

~~~
Siimteller
Fair enough critique on Android bugs, we're fixing them at a steady pace. But
if you know any good Scala developers in Berlin / interested in moving to
Berlin then we're hiring [https://wire.com/jobs](https://wire.com/jobs)

------
TazeTSchnitzel
A problem for some people with Signal is that it requires you to use a phone
number, and they may not want to disclose theirs.

You can set up an SMS gateway number just for this purpose, but you shouldn't
need such workarounds.

~~~
eli_gottlieb
> A problem for some people with Signal is that it requires you to use a phone
> number, and they may not want to disclose theirs.

That's true, although those of us with unlocked phones can purchase
"throwaway" SIM cards with distinct phone-numbers fairly easily with cash, use
the number for secure communications only, throw the card away, and then go
back to our public lives.

~~~
maxerickson
That will expose your IMEI and not really protect you from people that would
be tracking you based on metadata.

You gotta burn the phone.

~~~
eli_gottlieb
Ah, ok, fair enough.

So other than full-on burner smartphones (ie: throw away $600 every time you
need to do something privately), what's a reasonable heuristic for conducting
private business? Maybe collectively owned or rented burner phones so that the
metadata collector only ever knows, "Someone rented this device for encrypted
communications" rather than _who in specific_ is communicating with whom?

~~~
at612
> what's a reasonable heuristic for conducting private business?

You need to do a threat analysis.

I did not immediately find any good introductory resources via a quick Google
search, but try it yourself. Very very briefly, it involves identifying the
threats and their possible consequences, then working on either removing the
former or minimising the latter.

Be aware that this is not merely a technological process. It is primarily a
social one.

------
billyvg
My friends and I have used GroupMe (which is owned by Skype) for a few years
now and some of us wanted to migrate due to privacy. We tried out Signal, but
there were some major usability problems in you intend to use it as a "group
chat" replacement. My biggest issue with it is that there is no mute feature
for iOS. Yes you can turn off notifications at the iOS level, but I want the
ability to only have @-mentions to have access to notifications.

I made us switch to WhatsApp instead as I think the usability/privacy balance
was better (for our use case).

~~~
zedred
I recently switched from Android to iPhone and was pretty surprised by how
much lower quality the Signal app is for iPhone than Android.

Signal for Android was really amazing, and the switch made me think this could
be one reason why so many people seem to speak both highly and poorly of
Signal. The iPhone app just unfortunately seems to be way behind the Android
app.

Not sure why they have prioritized development in that way.

~~~
moosingin3space
I think it's because moxie uses Android.

~~~
joecool1029
This is the correct answer. Moxie dominates signal-android commits. He doesn't
work on the iOS version.

The programmer working on the iOS version left early this year. If you look it
was pretty stagnant for awhile with him, only really getting bugfixes. Now
they have a new maintainer that's been playing catchup and things really only
started to get rolling in the past couple months.

See: [https://github.com/WhisperSystems/Signal-
iOS/graphs/contribu...](https://github.com/WhisperSystems/Signal-
iOS/graphs/contributors)

------
pwelch
I found a weird issue on a friends phone when I suggested they download it for
iOS. It says "This item is no longer available". They were able to download
other apps from the store. When emailing Signal support they said nothing was
wrong on their end.

Still havent figured out why my friend cant download Signal from Apple App
Store.

~~~
normalfaults
Maybe device management or policy?

~~~
pwelch
No device management policy. :/

------
nikcub
I'm glad that infosec has broken out of the era of endlessly debating the
imperfections and faults of every solution but instead can clearly recommend
practical advice for everyday users that is easy to understand.

Having the NYTimes advocate for crypto so clearly and to such a large audience
will make a real and tangible difference to users - more than can be said for
the years of online nitpicking by experts.

------
Zak
_That said, Signal is not perfect. It lacks some features of other messaging
apps, like the ability to send stickers._

That this is a deficiency worthy of mention reveals just how different the
average person's values about what a messaging app should do are from mine.

~~~
mintplant
I know multiple people who stay on Telegram because it has stickers and Signal
doesn't. It's a real thing, to the point where I've considered diving into
Signal's code and implementing them on top of the existing support for sending
photos.

Missing feature #2: only the Android app can be paired with Signal Desktop;
the iOS app is left out. What's up with that?

~~~
Forbo
#2 has been implemented since September:
[https://whispersystems.org/blog/signal-desktop-
ios/](https://whispersystems.org/blog/signal-desktop-ios/)

~~~
mintplant
Thanks for the update, I missed that!

------
justinph
I'm disappointed that this article doesn't mention iMessage. From what I
understand, it's end-to-end encrypted and Apple doesn't have a key.

~~~
feelslikefelt
But we can't audit it because the source code is not available, which makes it
a no-go for people that actually care about their privacy.

~~~
voltagex_
Except a pair-locked iPhone running iMessage is possibly the most secure and
private device around - people that do care about their privacy (e.g. the
grugq) recommend it.

------
zitterbewegung
Using signal myself I think it has the best trade offs for security and user
friendlyness since I have been able to convince my friends to use it .

------
mi100hael
> Open Whisper Systems said it planned to add these features, noting that GIFs
> are already supported in the Android version of Signal.

And iOS for a while now! [https://github.com/WhisperSystems/Signal-
iOS/pull/886](https://github.com/WhisperSystems/Signal-iOS/pull/886)

------
blunte
Why isn't anyone talking about Wire? [https://wire.com/](https://wire.com/)

The little I've used it, I found it pleasant and effective. But it almost
seems like there is a campaign to ignore Wire; nearly every article written
about Signal and alternatives fails to even mention Wire.

~~~
zedred
That's like saying there's a targeted campaign to ignore Skype because these
articles don't mention it. You might like Wire, but it's not an app that
people concerned with privacy should be using.

They have done a bunch of shady things:

1\. They lied about having end-to-end encryption in their app:
[http://www.pcworld.com/article/2855745/new-communications-
ap...](http://www.pcworld.com/article/2855745/new-communications-app-wire-
tones-down-encryption-claims.html)

2\. They lied about being open source for years.

3\. They lied about being based in switzerland.

They also have serious problems with their app:

1\. The "encrypted" calls leak enough information to be able to reconstruct
the audio.

2\. Many features in the app, like GIF search, transmit plaintext directly
back to Wire.

3\. They rolled their own crypto, and experts disapprove of the choices they
made.

Journalists who write articles like this and don't mention Wire are doing
their job. They've consulted with experts and aren't spreading misinformation.

~~~
mei0Iesh
You can't list a bunch of serious claims like the audio can be reconstructed
with no additional information. There was a feud between the Signal people and
Wire, so there is a lot of false info trying to smear Wire.

GIF searches are obviously going to use a 3rd party service, and nobody should
expect some kind of anonymous encrypted channel for GIF searches. That's
ridiculous.

I've not seen any lying about being open source. They haven't released every
piece of code, but I don't recall them ever claiming they did.
[https://github.com/wireapp](https://github.com/wireapp)

I've never seen any crypto experts who have audited Wire and said there's
anything wrong with their choices, and you supplied no links.

Between all the options, including Signal, I personally think Wire is best,
and nothing you've provided has any reason to change that.

~~~
zedred
> GIF searches are obviously going to use a 3rd party service, and nobody
> should expect some kind of anonymous encrypted channel for GIF searches.
> That's ridiculous.

GIF searches aren't being transmitted to a third party service, they're being
transmitted directly to Wire in plaintext: [https://github.com/wireapp/wire-
android-sync-engine/blob/4d5...](https://github.com/wireapp/wire-android-sync-
engine/blob/4d53351e8a60fb30d933068a25cfafc0cc2f0f8c/zmessaging/src/main/scala/com/waz/sync/client/GiphyClient.scala#L69)

There's tons of stuff like that which leaks in the app. They store your entire
contact list server-side, your plaintext group membership, group info like
plaintext group name and plaintext group avatar, etc etc.

> I've not seen any lying about being open source. They haven't released every
> piece of code, but I don't recall them ever claiming they did.

Since their launch several years ago, they've had a "feature" matrix on their
website that lists Wire as being open source (and their competitors as not
being open source). That was long before their recent "open source"
announcement (which still isn't even fully open source). When pressed, they
said it was because they used some open source libraries. That's really shady.

> I've never seen any crypto experts who have audited Wire and said there's
> anything wrong with their choices, and you supplied no links.

Here's one example I saw recently:

[https://www.cs.jhu.edu/~cwright/oakland08.pdf](https://www.cs.jhu.edu/~cwright/oakland08.pdf)

They're vulnerable:

[https://github.com/wireapp/wire-audio-video-
signaling/blob/c...](https://github.com/wireapp/wire-audio-video-
signaling/blob/ca718494c3091a82ebbb2d4e401f550b268dacec/src/flowmgr/userflow.c#L229)

Even worse, they also apparently include plaintext RTP headers with audio
level information in them.

~~~
kuschku
> They store your entire contact list server-side, your plaintext group
> membership, group info like plaintext group name and plaintext group avatar,
> etc etc.

One has to remember that Signal also stores some social graph data, which is
equally problematic.

I can’t reocmmend either.

~~~
zedred
I don't think that's true: [https://whispersystems.org/bigbrother/eastern-
virginia-grand...](https://whispersystems.org/bigbrother/eastern-virginia-
grand-jury/)

------
at612
Now gents, a number of you in the comments have wondered about what other
alternatives are out there. You may have seen that I specifically advise
against Signal, and other users have also expressed concerns about a number
other applications, amongst which Wire and Telegram.

One that, to my knowledge has not been mentioned yet, but which would _appear_
to meet some common measure of functionality versus convenience expressed
here, is XMPP messaging application Conversations
([https://conversations.im/](https://conversations.im/)).

I am not going to give it my personal recommendation because having tested it,
I did not like a number of design decisions the developers have made, and I
did not like their overall vision for the app. With that said, it's horses for
courses.

On the end to end encryption front (all the rage these days, eh?), it appears
that the Conversations devs have taken Signal's protocol and _done it right_.
That means, they actually specced it
([https://conversations.im/omemo/](https://conversations.im/omemo/)) and had
it audited
([https://conversations.im/omemo/audit.pdf](https://conversations.im/omemo/audit.pdf)),
along with a couple important improvements such as eliminating the requirement
for a trusted server or Google Play, which greatly reduces the attack surface.

Again, I personally do not like Conversations and I'm not going to use it
myself--that's a personal preference thing, but kudos to the devs for doing a
professional job, especially while everyone else are busy selling snake oil.

I say, go give Conversations a try, it may be the thing you were looking for.

------
evolve2k
One thing I'm very worried about with Signal is the high levels of permissions
the app requires when you first install it.

It seems very counter intuitive,. Worried about privacy & security of your
messages? Oh firstly you need to trust all your personal contact info to us.
Yes they say they don't use it off of the phone, but it's asked for and that's
based on trust.

On iPhone it requires access to your contact list. Surely it could run without
this? Snapchat for example makes it easy to add friends in person, by scanning
a code on one phone from another. How is sending unencrypted text messages
announcing your social graph the only way to use the app.

Why is the app asking for so much permissions trust itself?

------
webjames
I ditched Signal in favour of WhatsApp given I believe the tech behind it was
the same and the fact that a lot of my contacts are already on WhatsApp. The
NYT article indicates that WhatsApp is still able to collect more information
than Signal does collect.

~~~
mtgx
The difference is you never know when Whatsapp may switch off that end-to-end
encryption.

Second, Signal only stores account creation date and I believe account
deletion, or some other super-basic info like that. But that's it. Meanwhile,
not only does Whatsapp collect much more metadata, including the groups of
which you're part, but it has also started sharing that data with Facebook
recently.

I'm not saying you should stop using Whatsapp, though. I still think it's a
better alternative to iMessage/Hangouts/Skype/Telegram. But at the same time
you should slowly transition your most important contacts to Signal, too. One
nice extra feature Signal has over Whatsapp now is Snapchat-like disappearing
messages, so at least you may be able to convince some friends with that.

------
tdkl
For anyone wondering - this is an example of an ad posing as an article.

~~~
whybroke
The mere act of using Signal is suspicious. But if usage is universal then
that suspicion can not be acted on.

The suggestion that the motivation for this article is profit for the NYT or
Moxie is quite destructive.

~~~
at612
> The suggestion that the motivation for this article is profit for the NYT or
> Moxie is quite destructive.

No, that's literally how it works. Media need to sell copy (clicks these days)
and companies need to get coverage. And that's perfectly OK _if_ companies are
acting ethically and journalists and editors are doing due diligence.

The person that you mention has good connections in the media and uses them to
self-promote and promote the tat he sells.

~~~
whybroke
>...tat he sells...

It's free.

And normally one would associate such vehement and repetitive insistence on
counter-factuals with trolling

~~~
at612
> It's free.

You misunderstand. He is running a company, what do you think their exit
strategy is? You may want to look at his previous company and "red phone", I
think was his product called.

> And normally one would associate such vehement and repetitive insistence on
> counter-factuals with trolling

I am sorry that you do not like to hear this.

------
rahrahrah
I still haven't been able to register to Signal. It always fails with "error
establishing connection with server". Does anyone want to suggest how I could
get this working?

~~~
jgroszko
I had this issue as well until I cleared the data/cache for my Google Play
services app.

~~~
rahrahrah
Yes, I've seen people mention this. Unfortunately that didn't work for me.

------
hagendaasz
Not until this basic usability scrolling bug is fixed. Almost a year and
people rarely complain about it I started to wonder if people actually use it
heavily.

[https://github.com/WhisperSystems/Signal-
iOS/issues/769](https://github.com/WhisperSystems/Signal-iOS/issues/769)

------
Mgardepe
I wish I had friends/family that were worried enough about their privacy to
use an end-to-end service with me lol

------
maesho
zkc, zero knowledge communications, was released today. It is just the first
release, and a minimal tool with minimal features, but its exactly the solid
foundation I have been waiting for.

[https://blog.decred.org/2016/12/07/zkc-Secure-
Communications...](https://blog.decred.org/2016/12/07/zkc-Secure-
Communications/)

"zkc is a blending of what we consider to be the best parts of both of these
projects, Signal and Pond" "The UI is text-based and emulates the appearance
of irssi, in order to keep UI-related complexity low and avoid large GUI
toolkits as a dependency." "intended to provide the highest level of
communications security balanced with minimal complexity in its code,
configuration and usage."

------
visarga
But downloading Signal after news like these will tag people as trying to hide
something from the state.

~~~
antocv
Not only tag, but also get their identity and possibly use backdoors, because
Signal is only on Google Play, which in order to access it requires a
gazillion identifying data.

Signal is a joke if your adversary is NSA and its likes. You cant run Signal
unless you give up who you are, and that you are using it, and its not very
difficult to analyze _when_ you receiveor send a message due to the Signal
requiring google messaging system.

Signal should just really rename itself to "Google Signal, no really we are
not evil for certain."

~~~
arglebarnacle
Most people only have the NSA as an adversary in the minimal sense that
they're caught up in a very broad mass surveillance net. It's true that if
you're a whistleblower with sensitive government information Signal is not a
complete solution for you. But who cares? Almost nobody is in that situation,
and people in that situation have access to other tools that actually do help.

Your last sentence is extremely unfair to Signal and dramatically underrates
the privacy it provides to ordinary people. It's dangerous to suggest that
because it requires a phone number and lives on an app store it provides no
useful protection at all, because that implies it's no better than e.g.
WhatsApp when in fact it has a much better featureset.

~~~
pdkl95
> Almost nobody is in that situation

Almost everybody _might_ be in that situation, because the NSA is not the only
group that has access to the data they collect. They call it "parallel
construction", where the NSA's "customers" like the DEA simply have to fill
out a form[1] to get surveillance data, and promise to lie about the source in
court.

[1]
[https://www.techdirt.com/articles/20140203/11143926078/paral...](https://www.techdirt.com/articles/20140203/11143926078/parallel-
construction-revealed-how-dea-is-trained-to-launder-classified-surveillance-
info.shtml)

------
kylec
How can I use Signal (on iOS) without giving it access to all of my contacts?

------
at612
Download Signal? No, thank you.

The fact that the guy behind it is hyping it via the New York Times, a
generalist publication, instead of validating the thing through professional
cryptographers (which he isn't) and recognised privacy champions such as the
EFF is very telling.

The thing has not been properly validated or verified (for a start, because
there is no design document to validate against, and no published goals to
verify against), it uses an ad-hoc encryption scheme from a non-cryptographer,
it is not open source (see F-Droid discussion why it's not there), it uses
hardwired servers controlled by a party or parties which are not known to be
trustworthy, and apparently it requires Google Play services, which nobody who
is truly concerned about their privacy is going to use in the first place (and
definitely one should not).

From the way this is going, it is becoming clearer by the day that this is
just another start-up, their target market are unsophisticated but paranoid
users and hipsters with no real need for privacy but who think they should
make some kind of statement. Their plan is to hype it up (e.g., via the NYT),
get enough users, then get bought by one of the so-called "social media"
players. It is more attractive to them than Telegram because the latter is run
by a Russian, which to the American public sounds sinister (Mr Brin and
countless other great scientists and innovators notwithstanding), and their
servers are probably based in Germany, which is a bit more of a problem since
there are (still) some proper privacy laws over there, and which would cause
some headaches to the acquiring party. Besides which, there is a good chance
that their current investors come from those "social media", or are the usual
Silicon Valley VC crowd, so things stay between friends, as it were.

So, in brief:

* If you want a new Skype, go for it.

* If you care about the privacy of your communications, you should avoid it.

* If you _need_ to keep your comms private, you _must_ avoid it.

Anyone disagrees? Feel free to reply and tell me why!

~~~
garrettr_
I'm probably just inviting myself to get trolled by replying to this, but this
comment is just ridiculously wrong on so many levels.

> The fact that the guy behind it is hyping it via the New York Times, a
> generalist publication, instead of validating the thing through professional
> cryptographers (which he isn't) and recognised privacy champions such as the
> EFF is very telling.

Cryptographer Matthew Green on Signal's crypto and code quality (it was called
RedPhone/TextSecure at the time of this writing):
[https://blog.cryptographyengineering.com/2013/03/09/here-
com...](https://blog.cryptographyengineering.com/2013/03/09/here-come-
encryption-apps/)

Version 1.0 of EFF's Secure Messaging Scorecard gave Signal 7/7:
[https://www.eff.org/node/82654](https://www.eff.org/node/82654).

> The thing has not been properly validated or verified (for a start, because
> there is no design document to validate against, and no published goals to
> verify against)

Signal has been analyzed, with favorable results, by academic researchers at
least twice:

\-
[https://eprint.iacr.org/2014/904.pdf](https://eprint.iacr.org/2014/904.pdf)
\-
[https://eprint.iacr.org/2016/1013.pdf](https://eprint.iacr.org/2016/1013.pdf)

> it uses an ad-hoc encryption scheme from a non-cryptographer

Moxie Marlinspike and Trevor Perrin probably wouldn't call themselves
"cryptographers," but almost anybody in the field would agree that they are
experts on applied cryptography.

~~~
at612
> I'm probably just inviting myself to get trolled by replying to this

I'm sorry that you get that impression, but I do appreciate your input.

> Cryptographer Matthew Green on Signal's crypto and code quality (it was
> called RedPhone/TextSecure at the time of this writing)

That's the application that they sold to Twitter, not the one being talked
about here. I do not know how different the code bases are.

It is also around that time that the app had a gaping, amateurish hole in that
it was simply leaking everything via logcat. And what does the guy do? Instead
of addressing the issue like a professional, he goes on a complete tangent
rubbishing F-Droid ([https://github.com/WhisperSystems/Signal-
Android/issues/53](https://github.com/WhisperSystems/Signal-
Android/issues/53)) and then making rather poor excuses as to why you should
get your application from the Google store and not from anywhere else.

Excuses which by the way, have been evolving over time. I think he eventually
admitted that he wants to keep track of how many users are using it (handy to
show to your potential buyers).

He also has a history of lying, such as when he used fake WHOIS details to run
his "Google anonymiser" thing. And of course, when he was shut down by the
registrar, as you do when someone has given you false details, what did he do?
He went to the press to whine about the registrar! After he entered a contract
in bad faith, something which happens to be a prosecutable offence. That's the
sort of person we are talking about here. I hope you will understand if his
word does not exactly fill me with confidence.

> [https://www.eff.org/node/82654](https://www.eff.org/node/82654).

That page starts with: "This is version 1.0 of our scorecard; it is out of
date, and is preserved here for purely historical reasons."

And continues with: "the results in the scorecard below should not be read as
endorsements of individual tools or guarantees of their security"

> Signal has been analyzed, with favorable results, by academic researchers at
> least twice:

Yes, I am aware of those. And that is not what validation and verification is
which, as I said, in the absence of publicly available design documents, is
impossible to do independently. The guy is trying to make it look like he's
selling a "secure" communication platform, but if you presented that to a
defence contractor (which I have some experience with) you would be laughed
out of the building. Proper security is not done like this at all. For a
start, you actually define your goals, i.e., what you intend to secure,
against what threats, etc., etc. If you can show me a paper with that
information I would be grateful.

Notably, you may have noticed that those papers, like Green's, are a protocol
analysis, not an analysis of the entire solution. In that respect, you're back
to the previous situation: the protocol might be ultra-secure, but if you're
still leaking your plaintext on a different channel...

> Moxie Marlinspike and [...] probably wouldn't call themselves
> "cryptographers,"

At the risk of sounding elitist, what is his academic background? (I elided
the other person because I do not know who he is).

> but almost anybody in the field would agree that they are experts on applied
> cryptography.

What do you base that conjecture on?

~~~
platinumrad
>He also has a history of lying, such as when he used fake WHOIS details to
run his "Google anonymiser" thing. And of course, when he was shut down by the
registrar, as you do when someone has given you false details, what did he do?
He went to the press to whine about the registrar! After he entered a contract
in bad faith, something which happens to be a prosecutable offence. That's the
sort of person we are talking about here. I hope you will understand if his
word does not exactly fill me with confidence.

I really don't see why someone should be on my shitlist for lying to godaddy
dot com or whatever giant registrar unless you consider fudging identifying
details about something that really doesn't matter, especially considering he
was very openly associated with the project, some sort of horrible moral
offense. I especially find your taking massive umbridge with fudging personal
information baffling given how privacy-minded you otherwise seem.

>At the risk of sounding elitist, what is his academic background? (I elided
the other person because I do not know who he is).

Combined with the above, the way you're hand-waving away the other of the two
original developers of the protocol really just makes it seem like the
position you've taken against Signal is mostly predicated on some sort of
grudge against Marlinspike himself. Yes, trashing F-Droid was not a great
thing to do and you might see him as someone with a strong penchant for self-
promotion, but the way you keep on tying your criticisms to Marlinspike
personally really muddles your case. For example, you object to him promoting
Signal in a New York Times piece saying it is a generalist publication and
posit he's just trying to drum up attention so he can find a buyer, which may
or may not be true, but isn't one of the most important goals of a secure
messaging application to get people to actually use it and to achieve
widespread adoption? The main lesson I've learned from GPG mail is that a
perfectly private means of communication is worth very little if I can't
actually convince anyone to use it with me.

~~~
at612
> I really don't see why someone should be on my shitlist for lying to godaddy
> dot com or whatever giant registrar unless you consider fudging identifying
> details about something that really doesn't matter,

I think I can see where you are coming from. You seem to compare this with,
say, opening a GMail account under an alias, if I understand correctly.

However, holding domain names and, at the time, SSL certificates requires a
different sort of accountability. I can elaborate on that if you wish, but I
trust it won't be necessary.

> especially considering he was very openly associated with the project,

In the same way that Mr platinumrad or Ms at612 are associated with this
discussion? By the use of an alias?

> some sort of horrible moral offense.

Yes. And please note he did not just lie to the registrar. When he got caught,
he went and whined to some journo who published a piece criticising the
registrar without bothering to contrast the information first. It all being
presented as if it was the registrar in the wrong, when they were following
the rules, which are there to protect the public in the first place. This
coming from some bloke who was saying "don't trust Google, trust me. Because."

> I especially find your taking massive umbridge with fudging personal
> information baffling given how privacy-minded you otherwise seem.

I value my privacy. At the same time, when I enter a contract, I do so in good
faith and of course part of it is letting the other party know who I am.

> really just makes it seem like the position you've taken against Signal is
> mostly predicated on some sort of grudge against Marlinspike himself.

Yes, you are correct. My apologies if that wasn't clear. I question the
ethics, motivation, and competence of this one individual, who happens to be
closely associated with said project.

> Yes, trashing F-Droid was not a great thing to do

To put it mildly. On an incidental note and more generally, have you ever seen
him do a mea culpa?

> [but] isn't one of the most important goals of a secure messaging
> application to get people to actually use it and to achieve widespread
> adoption?

I do not know. I would guess not (based on defence experience). But the main
point is that him saying "oh sure, it's secure" does not make it secure. He
seems to be taking advantage of the public's inherent credulity and lack of
awareness of what "security" actually means and involves. We have gone through
this discussion already, so for an example of what I consider a better
developed and correctly presented security solution, please see the
Conversations IM application.

> The main lesson I've learned from GPG mail is that a perfectly private means
> of communication is worth very little if I can't actually convince anyone to
> use it with me.

This is a different, and long discussion, but it is probable that the reason
why you are seeing that is the other party having mentally (or formally) done
a cost/benefit analysis and deciding that their information is not of such
value to justify the extra effort to protect it. Rightly or wrongly.

------
benevol
Any communication tool that runs on a closed-source OS like Windows or iOS can
certainly not be trusted.

------
Johnny555
_It lacks some features of other messaging apps, like the ability to send
stickers_

That sounds like a feature more than a deficiency.

------
woogiewonka
Signal crashed on me day in day out. That app is junk.

~~~
nvk
They take pull requests
[https://github.com/whispersystems](https://github.com/whispersystems)

There are better ways to give feedback than just saying a free app is "crap"

------
zi0nman
I am really interested why Signal. Why not Telegram? I prefer Telegram over
Signal because of much more better UI and rich functionalities i.e. bots.
Signal app seems clunky and buggy. That's my 2 cents.

~~~
maxerickson
Signal never shares message content with the server.

Telegram does so by default, you have to opt in to keep messages private from
the server.

You also see a lot of people criticizing the design of the secure Telegram
protocol and praising the Signal protocol. There were some stories about
governments actively compromising Telegram's security. There haven't been any
about Signal.

So if you are worried about privacy more than UI and rich functionality, the
choice seems clear enough.

~~~
zi0nman
Yes I'm seeing a lot of people criticizing Telegram on Twitter and in media.
But after doing some research I couldn't find any proof of their claims that
Telegram have a broken crypto.

You can use secret chats, those messages are not stored on the company server.

~~~
uselpa
It seems to be official now that Telegram has been hacked over and over again
(article in German): [https://netzpolitik.org/2016/bundeskriminalamt-
knackt-44-tel...](https://netzpolitik.org/2016/bundeskriminalamt-
knackt-44-telegram-accounts-in-zwei-jahren/)

~~~
eggie
That's not the e2e encryption protocol that they hacked, but the SMS-based
authentication and unencrypted chats that are stored on the server in the
plain. The state has control of SMS, so it can impersonate you. This would
seem to be a potential problem for any service that's backing itself into SMS,
but here the attack would not be possible as messages aren't shared across
devices on e.g. Signal and WhatsApp.

------
reacharavindh
Use Signal and give them access to all your contacts who may or may not be
using Signal. Use their proprietary client and trust them on their pinky
promise that they "can't" look at your messages. The deceptive pretense of
privacy is worse than no privacy at all.

[Edit] - "Use their proprietary client and trust them on their pinky promise"
was factually wrong.

But, they still expect me to trust the signed binary they send through the App
store right? How is that anyway non-proprietary just because there is a Git
repo somewhere that may or may not be the same code running on your phone? Can
I run a client from the Git repo and still use all of their infrastructure?

~~~
lucideer
It's an open source client[0]. It's not a "pinky promise".

There are valid criticisms of Signal (primarily around the use of the Google
Play Services Framework), but your comment seems to be jumping to a lot of
conclusions without any research.

[https://github.com/whispersystems](https://github.com/whispersystems)

~~~
reacharavindh
But, they still expect me to trust the signed binary they send through the App
store right? How is that anyway non-proprietary just because there is a Git
repo somewhere that may or may not be the same code running on your phone? Can
I run a client from the Git repo and still use all of their infrastructure?

Until I'm able to do that, it is still their "pinky promise".

~~~
veeti
[https://github.com/WhisperSystems/Signal-
Android/wiki/Reprod...](https://github.com/WhisperSystems/Signal-
Android/wiki/Reproducible-Builds)

~~~
reacharavindh
Thanks for that link. I'll go through the build process and play with the apk.

But even if I wanted to build my own apk, and run it on my custom Android
build, it would'nt work right? Because of the need for Google Play store?

Verifiable builds are atleast a step in the right direction.

~~~
viridian
Why do you need the play store? You can install apk files without it just
fine, if you have the appropriate dev options enabled in your phone.

~~~
kuschku
Signal requires the Google Play Services to work, and includes several
proprietary libraries from Google in their app, too.

