this post was submitted on 17 Sep 2023
129 points (82.1% liked)
Privacy
31934 readers
773 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A truly better signal is one that's not using a centralized service.
I don't see an issue as signal is designed not to trust the server. Signal also uses sealed sender and Perfect Forward Secrecy, which is something almost all e2ee messengers lack. What it means in practice is signal leaks very little if any metadata, if you leak metadata you give away details about who your talking to and for how long, etc. Examples might include talking with a suicide hotline, or a doctor, maybe a customer service agent at a company and for how long. Those details will give a lot away about you, even if the messages or calls themselves are encrypted. Matrix is not recommended for communication because it fails to properly hide metadata and actively trusts the servers. When you make a call on signal, as long as both users have "Always Relay Calls" set to disabled, your calls will be peer to peer instead of trusting a central server to facilitate the connection and trusting a middle man. What this means is since the connection is peer to peer you can leak your IP address to the user you're talking to, however a VPN fixes this issue.
Thanks for taking the time to reply. There are multiple issues with centralization.
A prime one is that the entity that you (have no choice but to) trust today will eventually turn against you at some point down the road. In the case of Signal, the writing is on the wall already: using a 3rd party client is against Signal's ToS, and Signal has been seen pushing controversial features like crypto payments that, as a user of their captive ecosystem, you have no choice but to engage with.
Signal is an entity that's incorporated in a jurisdiction and might be compelled by law not to provide service for certain users, or to degrade its encryption to comply with the local regulator. Using a centralized service like Signal makes you an easily identifiable/prime target in such a scenario.
No matter what Signal says, nobody but themselves can verify what code runs on their servers, and what amount of logging/data processing goes there. Because every account checks in through them, because every message is routed through them, there is no technical barrier to knowing who's who, who's talking to whom and when, with the nature of the communication (text, video, image, …) from which a lot can be inferred. As far as I understand the American law, any agency could tap into that, either directly, or via Amazon on which the whole thing is running. I am not paranoid enough to believe that 3 letter agencies belong to one's typical threat model, but with SGX contact discovery from phone number and sealed senders, Signal kindah panders to those? Either way, those are unverifiable mitigations to problems that decentralized systems do not have.
I could go on and on, but the first one is the main one IMO: we are past the need to trust anybody with our instant messaging and put a fundamental aspect of our lives at the mercy of (geo)political and societal woes. That's practically a solved problem in the opensource world, and we can make it ethical and sustainable by just opting out of the dominative model of monopolistic and centralized systems.
As far as it being against signals tos, molly exists and had not received any problems from the signal foundation to my knowledge, discord has the same clause and they don't seem to give a rats ass. Sure they could enforce it but they don't, and personally with how matrix clients are handled they have mixed security, fluffychat has security issues ranging from outdated SDK versions to quite literally ddosing homeservers because of a non-existent rate limit.
The crypto stuff wasn't great but you know what's cool? You don't have to use it. Simple as that. You don't have to engage with it and you and I both know that. It's buried in settings and you have to find it yourself.
Signal is not an anonymity tool, and has never been advertised as such, if you need anonymity, signal is not a good choice. You can make it more anonymous by using a burner phone but that's a different topic.
If everything is encrypted, what could Amazon tap? You do realize sealed sender and PFS take away any trust from the server correct? It's all encrypted, your aren't trusting the server at all, it's completely trust-less, and unless you think Amazon or governments can at this very moment tap any encrypted data and decrypt it, I would recommend taking a walk outside and realize that no one, NO ONE can decrypt current encrypted standards.
Unless you can point me to a reputable article showing in great detail that signal is lying about their e2ee claims then I'll rest my case. Signal has been proven time and time again to not have any data on their users except the minimum required for the service to work, that's called integrity.
Also there will always be someone you trust on the internet, nothing will change that unless we completely rethink how the internet works.
Edit: added quotes Edit 2: added extra info
Federation is different in that:
you can chose amongst a very diverse pool of providers, including local ones that you actually have a chance to meet in person, those with shared ideals that enable long-lasting/mutually-beneficial relationships, some operating truly in the open and enabling a just and provable retribution for the offered service (i.e. "you are not the product"), etc
you can be your own provider, and with "turnkey" self-hosting options like https://snikket.org/ , it's never been easier to do it safely at small/medium scale, and cheaply (e.g. for a family/neighbourhood/association on a shared instance/RPi/…)
choosing a provider never cuts you off from the rest of the network: you are not tied to anyone, and you can migrate with no drama nor loss of contacts/histories/data like is the case when the captive networks "flavour of the year" inevitably shut down.
You must be new on the internet to believe that this is a sustainable state of affairs. Google was letting you use GApps for free until it didn't. Reddit used to be mostly usable and ads/clutter-free until it wasn't. Recently Unity pulled a weird one against their users and customers for a quick buck. Examples are plenty, and more recently people have referred to this as "enshittification" or "the tyranny of the marginal user". Such monopolistic networks are particularly prone to that phenomenon, by design. Personally I don't want to live under the constant threat of a single entity potentially changing its mind/ToS, and I certainly don't want to drag my family, friends and peers into the gamble.
fair but you missed the point: Signal already controls and enforce this aspect of your user experience, which only benefits themselves, in spite of the significant backlash. Sure you can feign blindness, but what's next and what recourse will you have ?
Integrity has nothing to do with that, Signal can absolutely be forced by law to suspend its service in some countries (e.g. to implement sanctions) and whole regions can disappear from the network overnight. In terms of resiliency, that's pretty much how email (federated) just works from anywhere, but things like WhatsApp are blocked in e.g. China or allowed to work without E2EE (e.g. in some Gulf countries).
Sure, but you missed my point, in case of sealed senders and contacts discovery, we are not talking about zero-knowledge/E2EE but about Signal basically saying "trust us, bro, we ain't looking at it" which can't be proven one way or the other.
I'm not sure that you understand what's really going on. All your messages are routed through Signal. You can absolutely infer who's talking to whom with enough frames by just matching packets popping out of X and being received by Y. Encryption plays no role in that because this takes place at a lower level. At least some protocols like XMPP let you host services entirely on Tor or to even skip the central server.
If the messages are E2EE, the server wouldn't have access to this information.
It would, just looking at how much data gets transferred
Unfortunately this is not enough. A malicious Signal server can mount a timing correlation attack and infer the social graph of an user. Having a centralized server makes it more difficult to mitigate such risk.
Relying on a centralized service can still be problematic. If nothing else it's a central point of failure, even if you don't have any particular privacy concerns due to the usage of end-to-end encryption. Signal also relies on Intel SGX for some of their privacy features on the server, which is somewhat dubious. AFAIK this is currently mostly used for contact discovery, which would otherwise be an even worse situation, but it has seemed in the past like they were interested in expanding this, though maybe that's just all speculation. Regardless, my main concern with signal being centralized is that you have a lot less control over your chat. Signal can change on a moments notice and it's all just gone.
Yes and no. decentralization is great for a lot of reasons but it does come with downsides. I don't know about you, but i convinced my family and friends to use and keep Signal for years now and i don't think i would have had such luck with Matrix/Element, let alone a p2p app.
I'm glad decentralized options exist and think they deserve more funding and love, however.
My family uses Matrix, and if some don't, I don't talk to them online.
I managed to convince my family to use XMPP. Since about 2015. It's been great, and apparently is getting better since more are joining :)
Some interesting thoughts on this from the Signal creator: https://signal.org/blog/the-ecosystem-is-moving/
He is dodgy af. Doesn't want any Signal forks (Molly being the only one tolerated) and won't let them connect to the server. That's why the open source version LibreSignal was shut down. He also doesn't want Signal to be on F-Droid, a store which only allows 100% free/open source software.
Take everything coming out of his mouth with a grain of salt.
Totally agreed the project's actions against the community are shit. From a LibreSignal issue:
This sounds like a jaded, cynical individual. It's hilarious, sad, probably even delusional. How do they think the Internet and their operating systems work in this "modern world"? Magic fairy dust? It's difficult, thankless work put in by loads of people around the world despite enormous commercial pressure to do otherwise. Over decades. I respect Signal's work, but it's boneheaded attitudes like moxie's which impede progress, especially for the younger generations.
And an objection by the author of a popular XMPP client: https://gultsch.de/objection.html
That’s a good response I hadn’t read before - thanks. Still so relevant 7 years on.
And since that time, XMPP has improved significantly (more integrated with other protocols, more efficient client and server implementations, bridges from and to activitypub, more approachable, easier to self-host...), but Signal.looks to have ... stagnated? Well... the crypto payments/web3 shady stuff aside :)
10k downloads for a hideous outdated app is popular now?
FYI that's an app that's used by the German police and in several other "sensitive" contexts where users won't just pull it from the play store :) ISIS even had their own fork at a point.
Source?
https://gultsch.social/@daniel/109828650796048124
that website is broken beyond belief, I can't confirm anything
talking about the police site, not the mastodon link
It really took me a second to figure out: https://www.bundespolizei.de/Web/DE/Service/Mediathek/Jahresberichte/jahresbericht_2020_file.pdf , click on the PDF link, hop to page 48. But even without that, do you really believe that the developer of the app, who's making a living of it, would commit financial suicide by lying so openly about such a trivial thing? Either way, with or without Conversations, XMPP is used by millions of users daily: https://www.rst.software/blog/22-companies-using-xmpp-and-ejabberd-to-build-instant-messaging-services
https://xmpp.org/uses/instant-messaging/
Huh interesting, I actually had no idea those big apps used XMPP. Would it be easy for them to add e2ee if they wanted to?
It depends, E2EE is mostly a client thing and most of them implement OMEMO as a standard: https://omemo.top/
OMEMO is XMPP's take on the double ratchet algorithm (very similar to Signal's), MLS is in the works as the hot new cross-protocols standard (but is inferior to OMEMO:2 when it comes to metadata encryption), PGP is often an option for the cases where perfect forward secrecy isn't desired, and OTR is still used in niche cases when you want E2EE across protocols.
In fact, E2EE was a thing in XMPP world since about 10 years… before Signal existed.
Yeah and that doesn't change the fact that decentralization is better for freedom
"It’s what Slack did with IRC, what Facebook did with email, and what WhatsApp has done with XMPP". Doesn't he also notice a certain thing in common? Y'know, that they turned hostile?
For sure he notices; the author runs their own email server and founded a direct competitor to WhatsApp. The author is making the point that what each of those have done - build proprietary software around federated protocols - is a financially lucrative business model. I'm sad to agree.
FWIW my opinion is that Signal's actions against these clients is petty and just shit. Thankfully, elsewhere we can see things happening differently: the interaction between Tailscale, Headscale and Wireguard gives me hope. Sourcehut is a cool project too.
You got me there. There aren't a lot of alternatives that have the same stability
That's what Session is
Which is actually on fdroid, unlike Signal who explicitly refuses to support degoogled ecosystems
You can download the APK from their website and it auto updates itself. It fetches notifications without Google required.
That's not the point
What's the point then? Is it fdroid specifically?
The point is that the community asked multiple times and they only started allowing apk downloads so people would stop asking. The signal project is open source for auditing purposes only, they have voiced their lament of forks and threatened to ban/block anyone not using an official client and refuse to make it easy to install through a package manager of the user's choosing. The version without Google cloud messaging has unreliable message delivery, even though there is unifiedpush as a standard that would allow people to register with any push notification service.