Hacker News new | more | comments | ask | show | jobs | submit login

> Signal Desktop is a Chrome app

That surprises me. I don't trust Chrome for confidentiality; I assume it collects data for Google and I don't know that it protects my data from others.

If Chrome isn't trustworthy for confidentiality, it would seem to fatally cripple the security of Signal Desktop. However, I believe the people at Whisper Systems would see that obvious flaw so I suspect that I'm misunderstanding something - what is it?

Whisper Systems has a track record of prioritizing 'good enough' ease-of-use ahead of 'perfect' security as a practical way of expanding its user base.

Edit: Tried to word the above most neutrally; I believe this approach has both pros and cons.

> Whisper Systems has a track record of prioritizing 'good enough' ease-of-use ahead of 'perfect' security

Why is Telegram always under for their flawed security challenge despite the good-enough track record then? They also have perfect usability, native apps, 3rd party clients, etc. If the security is not the first priority then Signal isn't very attractive compared to the competition I think.

Signal's objective is to make mass surveillance impossible. Telegram stores the entire plaintext transcript of every user's entire conversation history server side by default, so if that's the objective, Telegram is definitely not "good enough." Just the opposite, there's nothing worse.

Signal doesn't have a history of cryptographic flaws and metadata leakage, and Telegram does. The equivalence you're drawing here is false.

Here's an example, from adc and Juliano Rizzo, who co-discovered the TLS BEAST and CRIME vulnerabilities:


I'm not drawing an equivalence at all (not saying that Telegram and Signal are equivalently insecure or flawed, etc.) -- I was only asking why would Signal make any compromise on security if that is their main selling point (and probably the only one). I don't think that releasing a Chrome app is a good strategy considering the audience (but I don't know for sure, they probably have a better overview of their user base).

I could have compared it to Threema as well, actually.

I don't concede that Signal has made any security compromises. That was someone else.

If you care about security, use Signal. If you care about UX, and Threema has a better UX, use Threema. Threema is a closed-source system that apparently relies on Nacl. That is a much better answer than the one Telegram can give, but it still leaves a whole lot of questions unanswered. There's a lot that can go wrong in the layers above Nacl.

Telegram has a tendency to mislead [intentionally or not] about the quality of its security.

Signal is pretty up front about being "good enough" security.

despite [Telegram's] good-enough track record

You may have missed parts of their track record; part of the problem is that Telegram tends to hide these types of things in its past:

"Telegram protocol defeated. Authors are going to modify crypto-algorithm" https://news.ycombinator.com/item?id=6948742

Telegram is closed source so we can't verify that they implemented encryption properly, and only Secret Chats have the messages encrypted.


I thought the Telegram client is open-source, it's even on F-droid. The server side being open or closed source is meaningless:

1. In Telegram's threat model the servers are not trusted.

2. You can't verify server side code anyway.

The Telegram client can just barely be considered Open Source, see the discussion at https://github.com/DrKLO/Telegram/pull/76

F-droid builds those parts separately from source.

> The official source code of the app contains binary blobs, so this tracks a fork which builds those from source. Hence, versions might become available with a certain lag.


The end to end encryption is open source.

The server is published?

No, that's not relevant for the end to end encryption though.

moxie has stated previously someplace that the goals are

1. Simple encryption for everyone to prevent mass data collection 2. Prevent targeted collection for the crypto enthusiasts

The main focus is on step 1. now and they are doing a great job at it. It's slow like anything new, but I managed to convince my parents to switch so that means it's working!

> 1. Simple encryption for everyone to prevent mass data collection

Google might be the second biggest mass data collector, after the U.S. government. Using Chrome, one of Google's tools of collection (if I understand correctly), wouldn't seem to further that goal.

Can you articulate a _specific_ threat model under which this extension fails to protect against mass data collection by Google?

Or is this idle speculation.

The threat is that Google (perhaps forced by the NSA, perhaps only for some users) modifies Chrome to include code that logs all keystrokes or specifically detects the Signal extension (or standalone app if Chrome is also installed) and uploads the plaintext of all messages to Google or to the NSA.

In other words, you have to trust Google to not insert such a trojan by itself and to not bow down to the U.S. government should it try to secretly force Google to do so.

You also have to trust that their security is good enough to prevent third parties from covertly performing such a feat.

That's not say that Google should not be trusted or should be trusted less than other parties, but that's the threat.

Google adds Google Analytics to their browser, to automatically report what a user does in Chrome apps, and "accidentally" your whole chat history ends up on Google’s servers?

This is not an unrealistic example.

last time I checked Google Analytics doesn't record anything like that kind of data.

It records where you click, and when.

"Accidentally" logging keys is possible, as Google can modify the content of the JS on request – for example, in case of being served an NSL, Google can be forced to modify the JS to log that.

Run Chromium, problem solved.

> Google adds Google Analytics to their browser


Someone asked for a hypothetical way Google could, in the future, get the data.

As you are doing automated updates, Google can just add Analytics to the browser, and even publish it as something "good".

The android app already requires Google content manager to be installed, which is probably why the beta is android only. so its no different from the mobile app really.

I think more accurately, it's a standalone app that runs on the chrome runtime. You get windows, osx, linux & chrome os all at once. The chromebook is touted as the secure desktop for the non-technical user.

You can take the app and make your own standalone runtime version if you want and audit / test your standalone version to make sure it's only communicating with open whisper systems.

Can't you run it under Chromium then?

You can! No problem with that.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact