Did the assassinated politicians in Minnesota have anything to hide? Because their data was purchased from data brokers for the hit.
Also, can we backup our messages yet on iOS?
If people insist on me using Signal to communicate with them, these people probably have far-too-inflexible values concerning privacy for me to bother anyway.
It's entirely possible to sway your group of friends from Whatsapp to Signal. I've done it myself. I'm not saying you should. I'm just saying your comment is logically self refuting.
"WhatsApp Cofounder Brian Acton Gives The Inside Story On #DeleteFacebook And Why He Left $850 Million Behind" (https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive...)
* It really seems like matrix is superior in every way to both of these.
It is much easier to backup, restore, and change devices (one of the chief complaints about both Signal and WhatsApp of course), has more cognizable (and yet less intrusive!) information displayed about the cryptological situation for any given chat, and is much more flexible. Also, it has clients which are just as stable (at least that's my experience with Element on both linux and android).
My only complaint about the current generation of Element clients is that there is, unless I'm missing something, no way to globally search across all saved chats. Which is really a blocker sometimes when using it for work.
But yeah, at the risk of sounding like I'm blinding emitting the cliche response of "why no my favorite app?!", I really think it's time to ask why we're always using and recommending signal rather than matrix.
People are already too deeply invested in convincing people to use Signal and they can't easily amend this choice because Signal is not a Matrix client -> sunk cost fallacy
That’s not a reasonable assumption IMO. The report API most likely takes the message your phone has decrypted (so that you can read it) and sends it over to Meta. This doesn’t break end-to-end encryption. Neither does me copying the message from a friend and posting it on Twitter.
What does E2EE potentially give you? A promise, which does not involve trusting the service provider, that messages can only read by the recipient.
What does making the app closed source take from you? The freedom of requiring trusting the service provider = facebook
It does change the requirement of collection.
It's no longer "Well all this data is rolling in, what shall we do with it".
It's "Hey, if we commit THREE BILLION FELONIES of backdooring our every users' encryption, we can access all that data".
Surely you realize that's a leap.
The world will neither like the same messenger nor will it make the switch at the same time.
So you need to give people the choice to choose an app they like without needing to convince their social network to do the same (potentially x-times, because you are not their only contact).
This is why you should switch to a messaging standard such as Matrix, not a centralized messenger.
Then you will have a venn diagramm, people with WhatsApp (a lot), those with signal only (no one almost) and those with both (getting more and more, in my circles).
I reach to signal to contact a person and if they don’t have it I’ll consider WhatsApp or RCS or iMessage…
Sure, but for all we know it is a wholly owned subsidiary of the CIA. See Crypto AG[1].
>...if we all start to do this, it will mean more people are on Signal, hopefully gradually making it more attractive to move across!
Signal is controlled by a single entity and is not federated. So it is only a matter of time before things fall apart. So it is not a good idea to promote it as some sort of messaging standard.
I mean, Signal is OK and is a fine replacement for Whatsapp, but all these rabid expressions of Signal fandom are starting to get annoying.
This is such a sad propaganda tactic.
Signal's client is 100% open source. The Android client has reproducible builds. You can verify yourself the cryptographic primitives are used, and function correctly with test vectors.
E.g. Here's those for the key exchange X25519 https://datatracker.ietf.org/doc/html/rfc7748
Here's the test vectors for AES https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algo...
>Signal is controlled by a single entity and is not federated. So it is only a matter of time before things fall apart.
It's backed by the Signal foundation, donations, and it doesn't suffer from bike shedding bigger federated systems struggle with. Take OpenPGP v5 fingerprints that are still, 15 years after SHA-1 was considered weak, not available in gpg, if at all. Federated systems and standards bodies with disengaged management are easy to subvert from the inside with tactics like these https://www.404media.co/declassified-cia-guide-to-sabotaging...
>So it is not a good idea to promote it as some sort of messaging standard.
The protocol isn't a standard, but its security properties are the gold standard. That's why it's being used in most networked TCB apps that take their security as serious as they can.
You're also not proposing a solution so I take it you're advocating for Matrix.
Assuming you mean V5 PGP keys. There are 2 proposed key formats due to the standards fork which actually supports your argument. But since there is no actual weakness, it is safe to just stick with what people have been using since forever.
SHA-1 is only broken for collisions. Fingerprints do not require collision resistance. PGP used to use only 32 bits of the SHA-1 hash for the short form of the fingerprint. That became problematic because they could be straight up forged from an existing fingerprint so now 64 bits are used. Such fingerprints are trivially collideable simply because of the length. But, again, that is not an issue. You have to look at the security of the system when evaluating things like this, not just looking for particular primitives.
>You're also not proposing a solution so I take it you're advocating for Matrix.
Yeah, fans tend to assume that everyone is a fan of something... Just saying...
That's what they're literally there for. To avoid situation where someone generates a key with matching fingerprint, and the person importing the key doesn't detect it's a forgery.
>Yeah, fans tend to assume that everyone is a fan of something... Just saying...
Yeah I'm a fan of adequate computational headroom where it doesn't cost anything.
That would be a preimage attack. No one knows how to do that with SHA-1. The best you could do would be to generate two different keypairs with the same fingerprint. That doesn't have any security implications. ... which is lucky, otherwise we would need unusably long fingerprints in the 256 bit range. Note that Signal effectively only has 100 bits per identity for the key fingerprint (they combine two identities to make the 60 decimal digit safety number). Using a birthday attack, generating a collision would only involve 2^50 operations, which is practically feasible.
My bad you're right with the terminology.
>The best you could do would be to generate two different keypairs with the same fingerprint. That doesn't have any security implications.
Except undetectable MITM attacks.
If you're encrypting with adversary's keys you think is valid because the attacker's keys' fingerprint matches with what you're expecting, you're going to have bad time. PGP's main use case is of course use of pinned long term keys, but nation states won't mind swapping values during TLS MITM access if they can. (Which is why E2EE is a thing.)
>Note that Signal effectively only has 100 bits per identity for the key fingerprint (they combine two identities to make the 60 decimal digit safety number)
Thanks I learned something new today.
"However, there are some more advanced use cases which per-conversation safety numbers might not provide for (such as Charlie verifying Alice’s fingerprint by checking with Bob), so we designed the safety number format to be a sorted concatenation of two 30-digit individual numeric fingerprints. Advanced users that would like to use fingerprints for more complex use cases can separate the two fingerprints from the safety number if necessary." https://signal.org/blog/safety-number-updates/
OK, an attacker creates two keypairs with the same fingerprint. How specifically can that attacker use those colliding fingerprints to do a MITM attack? Anything I can think of involves revealing one of the private keys to someone else and having them use that private key as their own.
1. Attacker does TLS-MITM with rogue certificate to replace the the public key of user B on their website with the attacker's public key in real time
2. A gets the MITM attacker's public key instead.
3. A sends introductory message containing their public key.
4. MITM replaces A's public key with that of theirs with colliding fingerprint
5. MITM keeps reading messages in between.
Later when they meet and compare public key fingerprints, they won't detect the attack.
This makes a lot of assumptions, but it's merely complex in terms of number of steps. It's not computationally infeasible.
Also, a better attack is of course to just hack the endpoints and exfiltrate private keys and passively read all messages since PGP lacks forward secrecy, and since that's according to Snowden, been happening for over 10 years, it's probably the modern approach. Much less noisy.
Signal is the best messaging app in almost every meaningfully measurable way. (Source: me.) People's gripes seem mostly to be around "But my barber still uses WhatsApp"... Yeah, it's called the network effect. So do your part and go promote one of the best "free" apps we all have the privilege of using, before even this option is removed from us.
Umm... This not true. And the anon said "Signal Fandom in getting annoying" is 100% true on how misinformed they are or just straight up spreading misinformation. Signal is not 100% open source you can easily look at that on their github repo and how much Google proprietary blobs they using and Signal's definition of "reproducible" is "download this binary docker image and build Signal inside of it". And not only that Signal released their own anti-spam detection which is closed source. Which what you said is 100% completely wrong.
Everyone around me uses Whatsapp. 5% use Signal, 2% Yelegram and I know one gal who uses Viber. I have all of them.
Ditch <hugely popular> service is philosophically nice, but like with all of philosophy - pretty much useless in real life.
alex1138•7mo ago
josh2600•7mo ago
tcfhgj•7mo ago