Hacker News new | past | comments | ask | show | jobs | submit login
Private contact discovery for Signal (2017) (signal.org)
54 points by tchalla 43 days ago | hide | past | favorite | 36 comments

"Signal is social software. We don’t believe that privacy is about austerity, or that a culture of sharing and communication should mean that privacy is a thing of the past."

I don't agree. All I want from Signal is an e2ee, cross-platform replacement for SMS. I don't think of SMS as "social software" and to the degree Signal keeps acting like it wants to be a social network the more uneasy it makes me. I do appreciate that, unlike Telegram, I can use Signal without giving it access to my contacts but I wish it didn't try to leverage my contacts list at all.

Signal is not a social network, and it's the cross-platform replacement for SMS that you want it to be. Essentially RCS in that it requires a data network, but is better designed.

I don't think it's an issue that it uses your contact list. Why should that be a concern? It doesn't upload them into a database like other services.

Signal is a privacy app, not an anonymity app.

I see people expressing their concern about seeing their boss using the app, etc. and I just cannot relate. Is their argument that they prefer to use insecure SMS with their boss instead? What's the point? Both parties _already have_ each other's phone number as a unique identifier.

I only have a limited # of people I can use Signal with because I don't post my phone number everywhere, though I am old enough that I remember telephone books back when people used to give out their phone number and address and nobody thought anything of it.

Beyond the KYC requirements in 200 countries that make phone number based systems useless for those in high risk situations... They have other less obvious problems.

Today with a phone number you can:

1. Port it, steal 2FA and password resets, take over critical accounts that don't allow alternate 2FA (happened to two friends of mine)

2. Pay first party or shady second party bounty hunter cell carrier APIs to get current GPS location on a number.

I do not even have a cell carrier anymore for these reasons, social consequences be damned.

You can set a PIN in Signal to protect against SIM swap attacks.

That won't stop contacts that now know your phone number from swapping you anyway to compromise other services that use SMS for 2FA.

My whole point is revealing cell numbers you rely on to strangers is a bad call.

Being forced to do it by baking them into a chat protocol is idiotic.

Can you prove to me it doesn't upload your contacts into a permanent database, without relying on trust of Intel SGX® brand DRM?

> I see people expressing their concern about seeing their boss using the app, etc. and I just cannot relate.

Here's a situation I ran into: I have a stalker ex with whom I went no-contact ages ago. Years have gone by, I've been lucky enough to not hear from them in a while, it finally seems like the nightmare is over. They forgot about me and moved on to other things.

Then, they sign up for Signal. The app, for no discernable reason, sends them a message informing them that I'm also using it. Now I'm back in their head. I blocked their number on Signal, but I'm seeing "X viewed your profile" messages on LinkedIn, so it looks like the stalking frenzy might start again, all because Signal wants to be Whatsapp.

Why? It's one thing to let any signal user message me, it's another to actively remind people that I'm still around and reachable using it. SMS does not do this.

> Both parties _already have_ each other's phone number as a unique identifier.

Do both parties need to have each other's phone number or is enough that one party has the other's phone number for the contact suggestion? I couldn't find it clearly stated in the article.

Practical example: someone has a spam list of phone numbers in his contact list. Will Signal suggest passively profiles that match that numbers?

Let your "someone" be Bob and anyone on his "spam list" be Alice, and you've made it a given that Bob's contacts include Alice.

If Alice installs Signal and Alice's contacts include Bob, then yes both parties will see the other suggested in their Signal app. Else no.

In the past Alice could assume Bob is capable of receiving phone calls and SMS, and now Alice could assume Bob is capable of receiving phone calls and SMS and Signal messages. Is it too revealing for people to be able to know this 1 extra thing when they already knew 2 extremely similar things?

Why is it a concern that an app wants to use my contact list? Really??

Given that it isn't uploaded into a database, it shouldn't be a concern for you, and if it is, you better stop using your smartphone because you're already sharing it with Google.

I use Signal and don't like that it wants access to my contact list. I want a better way and if my little voice adds to a call for a better way, great. Don't tell me I shouldn't care.

It’s fully functional without access to your contact list. You just lose auto discovery of contacts, and need to enter their numbers manually. It’s kinda like being back on ICQ, only without the additional contact search functions.

The way I see it, you have three options:

1. Apps that upload your contact list to their server to contact match (like WhatsApp, and others)

2. Apps that use your contact list locally to match (like Signal, and others)

3. Apps that work without your contact list and let you do it manually (like Signal, and others)

Are you looking for a fourth option? If so, what is it?

You got the better way already. It's not being uploaded into a database.

If a delivery pipeline is compromised such that the APK received through automatic updates in the Play Store no longer matches the published source code, the Contacts permission we already granted allows the app to start exfiltrating our contact lists. People who build from source (or regularly compare Play Store APKs to vetted builds before installing/updating) are the only ones who really have the assurance you're describing.

(Substitute other OSes as able.)

And if the same thing happened to your banking app, or a root level CA...

At some point it's a problem I'd like someone to be working on, but taking on a huge amount of individual burden for a low probability scenario isn't anyway to live life.

Heck, switching to Signal wasn't high on my agenda list until the Whatsapp TC change suddenly made my entire Facebook Messenger contact list worry about these things - and now I'm completely off Messenger, but it took collective engagement.

I agree completely and I give Signal permission to use my contacts without the due diligence I wrote about. Just treating this more like a logic problem than an advice column, FWIW which isn't much I suppose.

How can I make sure of this? In practical fact, I can't.

> I do appreciate that, unlike Telegram, I can use Signal without giving it access to my contacts

It is 100% possible to use Telegram without giving it access to your contacts. It is even easier than Signal, because your contact can set usernames, etc. You can also chat with people without sharing your phone number.

Even if you give Telegram access to your contacts,you can disable syncing of contacts to their server.

You can also create your own contacts on telegram and add a select few people manually. Like a custom address book just for Telegram. I don't think that is possible on Signal.

Signal simply is not going to be the app for you as you want austerity, and they believe austerity impedes adoption of private chat.

Just use email with autocrypt or jabber with OMEMO. Signal will always have its way because it isn't federated.

I am pretty sure that SMS leverages your contact list, though. If you want Signal to replace it, then, why should it not do the same?

How does this ensure that the code on the server is running on the secure enclave, and not in an emulation[2]? Or that the whole attestation is not emulated? How do we know that the team who built the SGX does not work closely with the NSA[1]?

I would probably just concatenate the phone numbers with the user's numbers, throw in some hard to guess salt like the Dow Jones index, and hash it with bcrypt. It's not perfect, but I would consider it good enough. And most importantly, easier for me to verify.

([1] Only half kidding: My favorite paranoid theory is that most security tech is thoroughly backdoored, and most of the 30000-40000 employees of NSA are actually doing parallel contruction all day long for the data they get this way.)

[2] Edit: from skimming the previous HN discussion, it seems that SGX relies upon Intel's remote attestation service. The code you run is signed by Intel, and you have a chain of trust stemming from a key held by Intel. It's a clever construction, but I still feel it is too clever to be comfortable with.

But the signing key could of been extracted via a number of side channel attacks on SGX.

SGX remote attestation is, given those exploits, a super weak assurance of anything.

Centralization of security and privacy is universally a mistake.

I haven't signed up with Signal because it's a source of surveillance for me. It gives out a phone number.

It also leaks contact lists making it worse.

A communication medium has no need to force people under surveillance. Why not just assume you're an adult dealing with adults and let people choose. Choose their handle, need to opt in to sharing contacts. (Would also be ethical that they're forced to tell each person that they gave away their details.)

> It gives out a phone number.

To who? The article linked is literally explaining how Signal doesn't know who your contacts are, or you.

> Why not just assume you're an adult dealing with adults and let people choose. Choose their handle,

You'll be interested to know that this is coming this year.

>> It gives out a phone number.

> To who?

To the recipient of any message you send. https://support.signal.org/hc/en-us/articles/360007061452-Do...

I mean... that's kinda how phones work. Really any communication system you have to give out some identifier. For the vast majority of us we know who we're communicating with. If you're that concerned, buy a burner phone with cash or wait a few months. But I don't understand why this would be a big issue. Who are you handing out your number to?

I mean conversely at this point in the spam world I'm blocking anyone who doesn't give the phone number they're sending from. If I don't need to know who you are, you don't need to talk to me.

To the best of my understanding, the service only gives out your phone number to people you message (the recipient needs some way to message you back, after all), and the service does not receive nor leak your contact list.

Source: TFA

i don't want to share my phonenumber with everyone that i communicate with.

my main concern is that i want to be able to block contacts if needed and i can't effectively do that if they have my number

You'd like Threema.

Previously discussed here: https://news.ycombinator.com/item?id=15340729

As an engineer, I appreciate the depth of this post. However, I'd also appreciate a more approachable version that I could share with a broader audience. E.g., without understanding anything about hashing, SGX, etc., how can we best explain the advantages of this approach over the "upload your contacts list" request that you encounter in other chat apps?

Some low-tech alternatives

(1) Each client app to submit x randomly generated phone numbers for every real number, making any reconstructed social graph useless and deniable. Where x is the slowdown their very cleverly over-engineered solution introduces...

(2) As long as Signal user base is relatively small — submit n-1 digits of the number, then wait for confirmation there is at least one Signal user matching before submitting the final digit.

(3) If user base is larger - submit n-1 digits of the phone number, and receive all of the up to 10 matching users

I assume you can still build a social graph with number 1 with enough people using the service if you just check for 2 way connections between contacts (i.e. if Jane submits a contact list including Simon, Pete and Paul, and Paul submits a contact list including Sarah, Francis and Jane, I can imply that Jane & Paul are real contacts).

2 & 3 seem to match the 'bloom filter' concept described here: https://signal.org/blog/contact-discovery/

Do they still need your phone number to sign up?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact