i’ve just seen a comment in a post, in this very community, saying people trust signal because of missinformation (from what i could undertand).
if this is true, then i have a few questions:
-what menssaging app should i use for secure communications? i need an app that balances simplicity and security.
-how to explain it to my friends who use signal because i recomended?
-what this means for other apps in general?
You must log in or register to comment.
I am under the impression that Signal encrypts metadata so that is useless to sell. The only thing they can turn over to law enforcement after a lawful warrant is the phone number an account was opened with (and maybe the date that happened) and the date of the last time the account was used. That is all.
Like many said, signal is centralised and requires a phone number.
Meaning it’s not anonymous and the server owners can technically sell your metadata, not the content of the messages but who talks to who, what time, the length of the chat/call etc.
Either-way having to use a phone number to register an account, for me is not acceptable for several reasons besides privacy and metadata.
On top of that, the server side of signal isn’t free software (as in freedom), which means that the whole program requires non-free (as in freedom not beer) network services in order to work. Which isn’t acceptable for free software advocates.
Alternatives:
Simplex: If you don’t require voice calls there are more options available there are many text messages, but very few support calls, which for me is a critical feature.
In theory Simplex is the best, it’s e2ee, quantum resistant, each chat (message queue) is it’s own “account”, each “account” is just a private key, and you can switch servers with the tap of a bottom, it also supports private routing, which from what I understand is like some sort of onion routing between simplex servers.
Hosting your own server is also extremely easy, (tho note that running your own server can actually be detrimental to privacy depending on your threat model), supports calls, group chats and all the features I would ever need.
Unfortunately at least for me and my contacts, SimpleX it’s terribly buggy, specially on phone, literally tonight I missed the opportunity to be with a friend because I only saw the message one hour late.
Very often messages just stop being received until the app is restarted, usually I have my friend send me a message via other (centralised) app in order to warn me that he messaged me, I also do the same for him. After restarting the app it usually works fine for a while until it does it again. And needs restarting again.
On top of it, it’s taking more and more time to get the first message when in background even during normal operation, tho I blame Samsung for this one and not Simplex, and understand that Simplex doesn’t use push notifications for improved privacy, but it has become a real problem, what used to take 5 minutes now sometimes takes more than half an hour. Maybe my phone is overloaded, idk.
Calls could be improved too, takes several tries for it to actually work, and it doesn’t help when the other person calls me back and I call them at the same time.
On top of it, the volume of a call seems very quiet compared to a normal phone call and it’s very hard to hear the other person, I’m guessing a simple compressor DSP could fix this.
Unfortunately also has been news of Simplex planning to enshittify the app with cryptocurrency, something that I politically and morally oppose.
Session:
I’ve used it for a month years ago, before I knew about SimpleX, whatever technical merits it may or may not have, (and from what I understand it’s privacy is still below SimpleX) it relies on some cryptocurrency network in the background, so I won’t use it. Self-hosting it also seemed to me no easy task, but I could be wrong.
Jami:
Never got it to work.
Matrix:
I haven’t tried Matrix yet, I think I read long ago that calls aren’t e2ee tho that may have changed now. I also read that Matrix leaks a lot of metadata which can be a problem. Maybe not if you self-host, but self-hosting comes with it’s own privacy problems. Maybe I should research it again and try to self-host it and see how it goes.
So as bad as Signal is, I can’t give you a working alternative, I put all with Simplex despite all the bugs but I don’t think most people are willing to go though it, however if you (and your contacts) have a high end phones maybe it works better. But it’s not something I can recommend.
Signal is great, but it is centralized. Session messenger is a great example of decentralizes e2ee messaging.
I used Session for a couple of years, but switched back to Signal because it did a poor job with media sharing.
It’s been a while since I switched back, so maybe it’s fixed now?
It’s always gonna be a moving target. Wife and I started using Telegram because it wasn’t monitored like Facebook Messenger (which I don’t have an account for) or WhatsApp. Now people are saying Telegram isn’t good enough, use Signal. It’s still good enough for us. I also have Signal. No one I know uses it, but I have it in case they wanna start using it.
Honestly though, iMessage is secure enough for most people. Basically texting through Apple servers.
But any security or privacy expert will tell you that you need to determine your own threat model. No one else can tell you what that is.
telegram doesnt encrypt by default, its a hidden feature. i wouldnt be too sure about iMessage, i believe E2EE is a bare minimum for everyone.
-
Messages in iCloud are E2EE protected only if iCloud Backup is disabled or if iCloud Backup is enabled with Advanced Data Protection (ADP). Otherwise, Apple stores a copy of the encryption key, allowing Apple (or authorities with a court order) to access your messages.
-
Probably obvious, but messages sent over SMS (green bubbles) are not E2EE.
-
Telegram uses a proprietary encryption protocol called MTProto, so who knows if it can be trusted.
-
using Telegram because it wasn’t monitored […]
That is an interesting statement regarding the fact its centralized and deletes accounts / channel all the time.
Signal is fine for normal/social chatting. It is centralised which makes it much harder to obscure identifying conversation metadata, and I wouldn’t recommend it for comms with a state threat model. I like SimpleX for addressing those issues.
If you just want to chat to friends and nothing else, I probably would recommend Signal for the most polished experience and most widely adopted open-source private messenger.
I moved some chats to Threema and im satisfied… they have family options so paying for one license is for 6 people
i’m concerned that they require phone numbers and host on AWS, and don’t have a clear monetization scheme. but for now it seems reasonably secure.
The signal protocol is end-to-end encrypted, not even signal themselves knows what is being sent to what.
As I understand it, while they can’t see the contents, the Metadata is still exposed.
not to shit on you specifically but I see this over and over, folks asking how to be “secure”. secure against what?
if you’re into this, you need to set up a “threat model” i.e. what are your threat vectors and then you build your defenses against that model. a defense against blanket surveillance doesn’t handle targeted threats. a successful defense against your government doesn’t preclude other nation-state actors getting at you.
like, if your threat vector is e.g. your SO “inspecting” your phone, you set up a passcode and you’re safe against that threat. but, if there’s a toddler going around smashing stuff, your defense isn’t valid. defense against that vector is placing your phone high up. but that defense isn’t effective against SO.
I am sure any messenger recommended here can be successfully red-teamed, be it design flaws, operator error, the famous wrench comic, or whathaveyou. but that doesn’t mean it’s ineffective in your specific case.
Did you ask the commenter what the issue was? Seems like the logical place to start.
You’d think so, but sometimes they just angrily rant with no clear point or references.
But that would mean that you shouldnt accept their claim, regardless of how conceivable the claim might appear to be. Otherwise, we loose our minds to common sense.
There is none. Theres like 0.1% of people who complain about it who have a valid point.
And those points are always meaningless in light of the alternative’s drawbacks.
Even the alternatives like Briar acknowledge on their FAQ that Signal has pros
Agreed. I wound add that most detractors don’t understand what a threat model is and want a perfect solution, for no cost, and easy to use. Something which is impossible.
Being tied to US infrastructure isn’t a valid concern?
What then is the difference between it and Whatsapp? Both claim to use the Signal secure protocol but you can never confirm that since their codebases are closed source and proprietary.
One is run by an advertising company that has been proven in court to be a bad actor and a strong motive to log and track anything they can
The other is a non-profit without any real motive to sell you out, or any history of doing so
Thats good enough for me and most others unless you’re an extreme “trust no one” level of paranoia
Its in usa, and its big. The chance that its compromised by cia is 100%.
XD you think the CIA can’t crack your closet server? Bruh, get real.
Considering that all other alternatives are either
- extremely difficult if not impossible for non-technical users to leverage, or
- much, much worse, up to even eagerly giving out your data
I consider Signal to be the best option out there. It’s not perfect, but nothing is. It simply is the best general option out there, by far, for a general audience.
Yes, you can be totally secure, untraceable, and ultimately unfindable. But being cut into pieces, with each separate piece entombed in its own barrel of concrete, and each barrel dropped into a different oceanic trench, tends to be a bit beyond what I consider to be reasonable to achieve that.
everyone around here talking about the CIA and nation states as part of their threat model…
bro… you’re worried about the CIA and mossad, and you think spinning up your own chat servers (simplex, matrix, etc.) as an amateur sysadmin is going to be MORE secure?
Signal is open source. GitHub
It was on the leaked Paragon Solutions selfie (containing the Graphite surveillance tool), indicating there are actively exploited zero days? Just a guess.
Edit: https://open.substack.com/pub/ahmedeldin/p/the-israeli-spyware-firm-that-accidentally
Those reports do NOT show active zero days in signal. The pieces of spyware talked about in those are capable of reading messages once already having compromised a device which isn’t insane as if you have access to read storage from a device arbitrarily, of course you can just read the messages. If you want to solve this, A: Use GrapheneOS or an iPhone on lockdown mode with data over USB disabled or B: Use Molly with local encryption.
Signal does have your phone number, which is a problem.
On the other hand, the only information linked to that phone number is, “the person with this phone number uses signal”. AFAIK your phone number is not linked to your contacts, your message content, etc.
So in practice, the fact that Signal has your phone number is probably only a problem insofar as you don’t want anybody to know that you use Signal.
But to be fair, why have that issue if you don’t have to. Signal is actually good, still, but there are even better alternatives.
Well, it’s 100% linked to your contacts in one way or another because when you install it Signal will happily alert you to which ones of your contacts are already using Signal. I can’t see how they could manage that without slurping up your contact information.
I can’t see how they could manage that without slurping up your contact information.
AFAIK the client slurps up your contacts, but the E2E encryption ensures that the Signal server cannot actually see those.
It’s fine as long as you don’t do something silly like invite a journalist to your top secret government group chat.
Or use a third party client that doesn’t have as much scrutiny on the source code and will Leak your message s
man imagine trusting in an israeli signal fork lmao
Would you say Molly is big/trustworthy enough for this to be negligible, or is it a huge risk?
Don’t let the perfect be the enemy of the good. Signal is easy to use, and that is what really protects millions of people. Otherwise, they would never use a complex or decentralized alternative.
Something being easy to use has nothing to do with privacy or security. Apple, just like signal, also sold it’s products as secure, yet they also were forwarding all communications to the US government as part of the prism program.
Signal is not a stepping stone, it’s a honey pot. Best to avoid US services that require your identity entirely.
I checkedout the SimpleX website and the webdesign looks like “crypto rugpull”
Not to mention the owner of simplex is a horrible person.
i agree with everything you said about signal, but i’m uncomfortable with a lot of the alternatives. a cryptographer i follow has written about a couple of these: xmpp, matrix three or four times (linked in the introduction to the post), others
Look at Delta chat.
Given what you’ve said, Signal is still what you want and is good for it.
There are two main issues people have with Signal:
First is that it requires a phone number to sign up. That makes some people who want it to be truly anonymous unhappy. It’s not meant to be anonymous, though. It’s meant to be private. Those aren’t the same thing.
Second is that it runs on AWS. This isn’t a problem in the sense that it’s possible for it to still retain privacy while running on AWS. Some people don’t like it because they view the dependence on the infrastructure of an American company to be a risk to availability. They also believe that it would exacerbate a security flaw if one were found.
Personally, I know these risks and still find it to be the best balance between privacy, security, and ease of use.
And what about suspicion of intrusions in some accounts of european imlrtznts poeple by the FSB recently ?
I don’t know if it’s a social ingeneering
But now, i think “good enough” attitude is not the good idéal, we are not in 2000’ it’s finish…
Another app exists :
Session
simpleX
Anonymous messenger
Briar
Twinme
But it’ always better to use a verified and audited app, need to have a safe team
Second is that it runs on AWS. This isn’t a problem in the sense that it’s possible for it to still retain privacy while running on AWS. Some people don’t like it because they view the dependence on the infrastructure of an American company to be a risk to availability. They also believe that it would exacerbate a security flaw if one were found.
Let’s not pretend the hypervisor doesn’t have full access to the VMs memory and execution. The only thing protecting the Signal server is Intel SGX.
I don’t think Signal trusts the AWS server either, that’s the point of E2EE encryption.
I’m not claiming the contents of the messages are at risk here. You’re social graph and metadata though is another story.
The only data they store are account creation time and last connection time.
The thing if someone has memory access Signal doesn’t need to store anything, transiting data is now available. For example all of your contacts when doing contact discovery. It used to be a simple hash, something for which you could build a rainbow table in a few hours, at the worst. It’s lightly better now, but still.
Don’t take it from me, take it from Moxie:
https://signal.org/blog/private-contact-discovery/
It also doesn’t really matter if the software itself can easily be tampered with in memory by the hypervisor. Like I said, they are putting a lot of trust in Intel SGX.
And let’s not even get into the digital sovereignty issues, and financing of right wing billionaires. Yes, running on AWS is an issue. It’s multiple issues even.
I don’t take anything from someone I don’t trust that also explicitly doesn’t use warrant canaries because he says they don’t work in contradiction to every legal authority.
It’s also an issue that they run the signal server on one done AWSv region.
It isn’t hard or even all that expensive to run on multiple regions.
It’s not me you need to tell this though.
https://signal.org/blog/private-contact-discovery/
Since the enclave attests to the software that’s running remotely, and since the remote server and OS have no visibility into the enclave, the service learns nothing about the contents of the client request. It’s almost as if the client is executing the query locally on the client device.
… Providing you trust Intel SGX (and AWS for giving them access to actual SGX and not just emulating a compromised instruction set)
