
WhisperPush – End of Life - sheepdestroyer
http://www.cyanogenmod.org/blog/whisperpush-end-of-life
======
sheepdestroyer
One of the stated reason is "issues with various countries". They really need
to be more clear here. What issues, which countries? Are governmental
pressures against encryption the real reason for the move? How much weigh
these particular issues have over the support cost? That would be quite lame
from Cyanogen to be weak that way and may make me reconsider installing this
on my phone if they are susceptible to outside pressure. If they are willing
to remove encryption features to please totalitarian states, what backdoors
are they also willing to include?

~~~
SEMW
> If they are willing to remove encryption features to please totalitarian
> states, what backdoors are they also willing to include?

That's a rather uncharitable interpretation. If a state was ordering them to
include a backdoor in the next release, their options boil down to either
'include a backdoor' or 'shut down the service'[0]. Implying that a service
that chooses the latter is more likely to also include a backdoor doesn't seem
justified.

[0] (or 'have the resources for a massive secret legal battle', which may not
even be possible depending on the nation state and nature of the order).

~~~
sheepdestroyer
They may very well be prevented to explicitly name the what and who, but then
it essentially becomes a trust issue.

If there is now one less security feature to please anonymous (for now)
states, how to trust them not including other "features" on their requests?
Uncharitable, and a tad paranoiac, as it may be...

~~~
SEMW
Your trust model doesn't make sense to me. A trust heuristic that penalises
even the _least worst_ public action they could take on being served with a
backdooring+gag order -- i.e. shutting down the service to avoid complying --
is effectively rewarding services that take no public action at all, ie
silently comply.

Such a heuristic isn't paranoid -- if anything, it's rather credulous (by
applying comparatively less scrutiny to services which operate out of the same
jurisdiction (one known to serve orders of this type) yet which somehow
happily continue operating).

~~~
sheepdestroyer
It only makes sense on this specific case as something slipped through. So
now, without more (possibly unobtainable) details we are left wondering. In
general, we are in desperate need of an effective Warrant Canary system. Being
able to trust is important and difficult.

------
edent
There are two problems I have with Signal - although I generally love it.

* It's not possible to use without a phone number. If you want to use it on a WiFi only device, you're out of luck.

* Which wouldn't be so bad, but there's no way to transfer between devices. You can't take an encrypted backup (on Android) and because you use their encryption keys, moving to another device means other Signal users get scary messages about not trusting you.

Minor problems & edge cases, sure - but still frustrating.

~~~
akerro
Another problem is, Signal is broken by design. NSA cares about metadata, not
content. Signal exposes a lot of metadata to Google CM, which is in
relationship with NSA. They also forbid releasing their app outside of Google-
Play story, and that makes it even worse broken...

Read more here: [https://fdroid.eutopia.cz/](https://fdroid.eutopia.cz/)

~~~
exo762
I'll cite moxie:

> If we were going to rank our priorities, they would be in this order:

> 1) Make mass surveillance impossible.

> 2) Stop targeted attacks against crypto nerds.

As long as US Army is not using metadata to shoot people with hellfire
missiles on American soil, Signal is good enough for general population.

If you want perfect protocol - work on Vuvuzela. But good luck porting traffic
analysis resistant solution to mobile phones with their limited battery
capacity.

~~~
glogla
> on American soil, Signal is good enough for general population.

What do you know, general population of the world does not live on American
soil.

I can't trust Moxie after he called Google, Microsoft and Apple having
absolute control over people's good thing, and called people having control
over their own devices "going back to the old broken desktop security model".

Can you trust someone like that? It all makes me think that Signal is some
kind of honeypot.

~~~
simoncion
> I can't trust Moxie after he called Google, Microsoft and Apple having
> absolute control over people's good thing, and called people having control
> over their own devices "going back to the old broken desktop security
> model".

When speaking about non-technical, generally-clueless-about-computers people?
This is _ABSOLUTELY_ the correct attitude to have. Being able to trick someone
into installing softare that reports back _everything_ you do on your computer
by getting the user to Punch The Monkey is a _BUG_ , not a feature. The
screaming hellpit that is the state of PC security is _very_ bad for the
average computer user.

For technical users, systems (like Secure Boot, along with a chain of
bootloader/kernel/userspace software verifiers [0]) that let you -say-
securely attest that you trust an alternative source of software are _really_
good, when implemented properly. They help prevent drive-by malware
installation, as well as let you know when your machine has been tampered
with. This is a _GOOD_ property to have.

What about users who want to run their homebrew software (or even start to
learn how to code), but don't want to be bothered with code signing key
enrollment? On the one hand, I guess -in this world- they're left out in the
cold, if they're not doing something in the browser. On the _other_ hand,
_any_ programmer is going to quickly face challenges far greater than any non-
pathologically-bad key enrollment mechanisms... if the would-be non-web-
programmer _never_ gets over this hurdle, it's very likely (in its absence) he
would have been stopped by any of the other couple-hundred difficult things
along the way.

[0] It's late, so some of these verifiers (particularly the userspace one)
might not exist in any mainstream distro.

------
blfr
The problem with installing Signal on CM is that it's only available from
Google Play and requires some Google components. You cannot install it from
F-Droid on a Google-free Android.

~~~
Sir_Cmpwn
And the maintainer has no interest in fixing this. There was a very long
thread on Github where all of his concerns around this were addressed and
solutions found, but he doesn't give a shit. I don't think Signal should have
any kind of first class support in CM until it can be used without nonfree
software.

~~~
sheepdestroyer
Signal does not have any specific support in CM. That's why WhisperPush was
great, same technology, directly integrated and no need for Google Play. It's
disappearance is bad for Cyanogen users in countries without GPlay. And CM are
not transparent as to who and why. If difficulties with specific countries,
they should be explicitly named.

~~~
SEMW
> If difficulties with specific countries, they should be explicitly named.

That's easy to say when you aren't the person who'll be subject to criminal
liability for violation of a gag order.

~~~
sheepdestroyer
You do see the big trust issue for the users here? Warrant Canaries, or
something similar, become a necessity in today's world. The thing is : in this
case we already know there were unspecified issues with anonymous countries.
And they are now corrected I guess? And without much more details, that may
well be enough of a dead canary for the security minded to turn to something
else.

------
sneak
Those first two paragraphs might as well have been written in a different
language than 1980 English.

