Signal is not the place for top secret communications, but it might be the right choice for you – a cybersecurity expert on what to look for in a secure messaging app
-
Out of band key exchange is great -as long as people can physically meet and exchange QR codes. In reality, they are often sent via less secure means. As always, the humans are the weakest security link.
Fair point, it always feels dirty to send invite-link through WhatsApp, the dominant messenger in EU.
How would one go to solve the invite problem? How does Signal handle this?
-
Anyone who uses Facebook messenger as their only messenging app will need to text or call me. Fuck that. I do, however, use WhatsApp and discord for work and uni group chats. If or when that's no longer the case, people who only use those will need to text me, too.
That sucks, didnt know charging by the minute was still a thing at all in some places.
-
Seeing as RCS with encryption based on the MLS standard hasnt been deployed yet, can you show exactly what metadata is leaking?
MLS only deals with encryption and key management, which is great but that's been a "solved" problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.
What I'm aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):
- Sealed sender so only the recipient knows who sent the message.
- Not storing metadata or logs.
- No built in crash reports.
- Private contact discovery.
- Published government requests providing evidence that they don't have any data.
- Open source client.
- Looking at the Google Play store, Google's Messenger shares precise location data with third parties, Signal doesn't.
- Also on the Google Play store, Google's Messenger app list a lot of data collected. Signal only lists phone number.
-
Wherever Signal is mentioned, I shall mention SimpleX-Chat.
Zero user ID needed to use. No phone numbers and no username.
SimpleX-Chat!!!
SimpleX is kinda good, but also we have briar, it does have ids, but more secure and 2P2, i don't know if simpleX was checked by third parties about security, briar was audited by cure53 for example.
-
SimpleX is kinda good, but also we have briar, it does have ids, but more secure and 2P2, i don't know if simpleX was checked by third parties about security, briar was audited by cure53 for example.
Briar... not familiar with, thx for sharing privacy goodies. Will check it out.
As for audits on SimpleX, there have been some. Not sure when the last one was tho, they prob have something on their site with a date.
-
PEBCAK
Problem Exists Between Chair And Keyboard!Knew of an IT help desk employee who used this as a resolution in a ticket. Yeah, he got fired as soon as the customer looked up what it meant.
-
Pretty sure they still store the phone number you sign up with, though - the usernames are just for sharing your contact with other people.
Most peoples' phone numbers are easily linked to their identity. Which means the government knows who's using Signal.
Usernames are definitely an improvement, but there are fundamental limitations in Signal's design.
If you want to get really technical, each Signal account actually has a 'secret' account number that the phone number is linked to. The phone number requirement is actually a means to reduce spam and scam accounts.
-
SimpleX is kinda good, but also we have briar, it does have ids, but more secure and 2P2, i don't know if simpleX was checked by third parties about security, briar was audited by cure53 for example.
I believe Briar can't do offline messaging without setting it up to use another app. That's the main reason my friend group shifted to SimpleX instead of Briar.
-
Wherever Signal is mentioned, I shall mention SimpleX-Chat.
Zero user ID needed to use. No phone numbers and no username.
SimpleX-Chat!!!
SimpleX is what I use. I tried Signal in the past, but there was a noticeable delay in receiving messages and it caused problems when using it to communicate with family.
I have no problems with SimpleX so far. It works well and looks modern. A feature I like is that you can create a different user identity for each contact/ chat thread.
-
What kind of private communication can we talk about if you must have a valid phone number to use Signal?! Lol
Privacy != anonymous
-
Consider Briar.
Uses Tor. Works directly over Bluetooth/WiFi if the internet is censored or shut down. Decentralized, no accounts. No phone number required.
The app is super barebones right now - feels like SMS - but it works.
That feels like a huge downside!
-
You can easily redirect xmpp to port 443 which is not blocked by most firewalls. If you have problems with firewalls or public wifis your xmpp server is misconfigured.
China will definitely block xmpp on any port. I know this because I have tested this very specifically from my own server. It lasted about a day and a dozen messages before it was blocked, and the box got slammed with vulnerability scans.
-
China will definitely block xmpp on any port. I know this because I have tested this very specifically from my own server. It lasted about a day and a dozen messages before it was blocked, and the box got slammed with vulnerability scans.
This is odd because I know a few mainland Chinese people that use XMPP without problems (and afaik without a VPN).
Sounds like your server got blocked for another reason?
-
This is odd because I know a few mainland Chinese people that use XMPP without problems (and afaik without a VPN).
Sounds like your server got blocked for another reason?
I can almost guarantee you they are using it through a VPN or they have a western SIM card. If not I'd love to know what server they use, as I've tested this a bunch of times on several public and private servers and it's always the same result. If it isn't blocked on day 1 it will be blocked quickly.
-
Wherever Signal is mentioned, I shall mention SimpleX-Chat.
Zero user ID needed to use. No phone numbers and no username.
SimpleX-Chat!!!
Not sure I want to tell all my friends to get simplex with me.
-
SimpleX is decentralized, requires no phone number, based on Signal code. Screws up invitations via FB/Messenger though.
-
It does, I tried it. Though, that may have been an addition since the attacks started.
Though, in that specific case - Russian agents conducting espionage via targeted individuals - it's very likely they surveil their targets long enough to catch their device PIN before they nab the phone and return it. In the end, there is very little recourse to defend against this type of Evil Maid attack. Signal is really better at protecting against mass surveillance, but for individuals directly targeted by state espionage? You would need serious opsec, using air-gapped computers kept in safes or guarded by humans 24x7 and other crazy stuff. They have rules about what can be physically done with devices containing top secret information for a good reason.
If they could surveil the device to see the PIN being entered then no app would protect them.
My Signal only asks for a PIN about once per month so that would be a lot of screen surveillance hours to sit through in order to catch that moment.
More likely is that it was fixed since the breach but I cannot find release notes (hard to search on my phone).
-
Privacy != anonymous
No, but it's easy enough to be both. There's a pile of IM packages out there that manage it.
Metadata is valuable info, look at what a pen order nets law enforcement and why it's the first step in an investigation. The idea that a messaging app that's supposed to be used for political action but the chain of association is visible and verified is absolutely suspect.
-
Wherever Signal is mentioned, I shall mention SimpleX-Chat.
Zero user ID needed to use. No phone numbers and no username.
SimpleX-Chat!!!
Finally someone who understands! Haven't found anything better. Just missing the bridging bit, though that comprises the privacy/security and overall personal opinion why I started using SimpleX.
UI-wise it isn't there yet, but actively being developed so. I miss posting photos (combined) with a comment, now they are all sent separately.
Anyhow if you are looking for privacy go for SimpleX!
-
If you want to get really technical, each Signal account actually has a 'secret' account number that the phone number is linked to. The phone number requirement is actually a means to reduce spam and scam accounts.
So they could have replaced it with, like, email verification or something, but they instead stuck to the design that lets governments identify all users?
<Insert rampant and unfounded speculation about FBI compromise here>
