> government actor can intercept the text message Signal and others use for verification and set up the victims account on a new device
Yes, but if they only control the phone number, you they will register a new account (different cryptographic keys) for you, which is why everyone previously chatting with you will get that "Your Safety Number with Bob changed" message.
About the paper: if someone has gotten access to your identity (private) key, you are compromised, either with their attack (adding a linked device) or just getting MitM'ed and all messages decrypted. The attacker won.
The attack presented by Google is just classical phishing. In this case, if linked devices are disabled or don't exist, sure, you're safe. But if the underlying attack has a different premise (for example, "You need to update to this Signal apk here"), it could still work.
You will always have to root your trust in something, assuming you cannot control the entire pipeline from the sand that becomes the CPU silicone, through the OS and all the way to how packets are forwarded from you to the person on the other end.
This makes that entire goal moot; eliminating trust thus seems impossible, you're just shifting around the things you're willing to trust, or hide them behind an abstraction.
I think what will become more important is to have enough mechanisms to be able to categorically prove if an entity you trust to a certain extent is acting maliciously, and hold them accountable. If economic incentives are not enough to trust a "big guy", what remains is to give all the "little guys" a good enough loudspeaker to point distrust.
A few examples:
- certificate transparency logs so your traffic is not MitM'ed
- reproducible builds so the binary you get matches the public open source code you expect it does (regardless of its quality)
- key transparency, so when you chat with someone on WhatsApp/Signal/iMessage you actually get the public keys you expect and not the NSA's
I agree. Perhaps it's why I find the discussions like nonce-lengths and randomness sources almost insane (in the sense of willfully missing the forrest from the trees). Intelligence agencies have managed to penetrate the most secretive and powerful organizations known to man. Why would one think Signal's supply chain is impervious? I'd assume the opposite.
I don't think they are insane, they are quite useful when designing security mechanisms, while at the same time being utter noise for the end-user benefiting from that system.
> If you're building a chip to generate prime numbers I do surely hope you know how to select randomness or make constant time & branch free algorithms, just like an engineer designing elevators better know what should be the tensile strength of the cable it'll use. In either cases, it's mumbo jumbo for me, and I just need to get on with my day.
Part of what muddies the water is our collective inability to separate the two contexts, or empower tech communicators to do it. If we keep making new tech akin to esoteric magic, no one will board the elevator.
I almost find it worse. Using your analogy its akin to doing atomic simulations on the elevator cable quality, but the elevator car is missing a bottom/floor.
But depending on your threat model, it can still be useful. If a state actor has a backdoor into something, would they burn that capability to get you? If you are a dissident in a totalitarian government, you would expect them to throw everything at you and not tell anyone how/why. If you are terrorizing and could be tried in a “classified” setting, you would expect them to throw everything at you. If you are Jane Average passing nudes and talking about doing a little Molly last weekend and would have a lawyer go through discovery, you are probably safe.
Showing a big snackbar when a new device is added is probably enough, especially if the app can detect there was no "action" on your phone that triggered it.
Key transparency, once rolled out, would help to ensure there is no lingering "bad" device around, but phishing will always be a problem.
Snackbar isn't a particularly new term, it goes back, IIRC, to the first version of Material Design and is similar to a toast but different in that snackbars may support interaction whereas toasts are non-interactive.
Unrelated most likely, signal.me is a legitimate domain used by Signal. Doubt twitter is so on top of Threat Analysis when they fumbled their own redirects from twitter.com to x.com for a while.
Unrelated most likely, signal.me is a legitimate domain used by Signal. Doubt twitter is so on top of Threat Analysis when they fumbled their own redirects from twitter.com to x.com for a while.
I would also read it from another perspective. Attackers, especially at the level of nation states, will always try to get as many avenues for achieving their goals as possible.
If you have compromised a service, it would be in your interest to make it more popular (assuming you think you are the only one in possession of it).
If you cannot, you don't give up; you just go back to the drawing board (https://xkcd.com/538/). Maybe I don't need to break Signal if I can just rely on phishing or scare tactics to get what I want.
Yes, but if they only control the phone number, you they will register a new account (different cryptographic keys) for you, which is why everyone previously chatting with you will get that "Your Safety Number with Bob changed" message.