Post 846741 by micahflee@mastodon.social
(DIR) More posts by micahflee@mastodon.social
(DIR) Post #842093 by micahflee@mastodon.social
2018-10-29T18:33:06Z
0 likes, 3 repeats
Signal is testing out a new feature that encrypts message metadata. Once it's widely deployed, their server will facilitate delivering messages but without having access to who is sending themhttps://signal.org/blog/sealed-sender/
(DIR) Post #844390 by lapingvino@esperanto.masto.host
2018-10-29T20:34:30Z
0 likes, 0 repeats
@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.
(DIR) Post #845695 by tuxicoman@social.jesuislibre.net
2018-10-29T21:23:54Z
0 likes, 0 repeats
@lapingvino @micahflee Can you give more details?
(DIR) Post #845696 by micahflee@mastodon.social
2018-10-29T21:47:06Z
0 likes, 0 repeats
@tuxicoman @lapingvinoyeah, what are you referring to?
(DIR) Post #846447 by lapingvino@esperanto.masto.host
2018-10-29T22:10:43Z
0 likes, 0 repeats
@tuxicoman @micahflee 1. Signal has closed source elements and as such cannot be trusted as a whole2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.
(DIR) Post #846448 by lapingvino@esperanto.masto.host
2018-10-29T22:17:48Z
0 likes, 0 repeats
@tuxicoman @micahflee basically Signal is in the business of security theater, not actual security. and honestly, usually that's good enough, but I don't trust it enough myself. your experience may be different.
(DIR) Post #846449 by micahflee@mastodon.social
2018-10-29T22:26:56Z
0 likes, 0 repeats
@lapingvino @tuxicoman What part of Signal isn't open source? Here is the server code https://github.com/signalapp/Signal-ServerSignal doesn't have a business model. It's not a business, it's a non-profit funded by a billionaire. It doesn't have ads, sell (or collect) data, etc.One thing I appreciate about the Signal project is they don't make claims about security that aren't true.Projects like bitmessage are great, but really need to prioritize UX if they want to be accessible outside of a tiny niche.
(DIR) Post #846485 by lapingvino@esperanto.masto.host
2018-10-29T22:30:21Z
0 likes, 0 repeats
@micahflee @tuxicoman client side calling code ("optional functionality") is not open source. this hooks directly into the rest of the code and can be used for spying even if the rest is completely honest. We cannot check on that. Any kind of business model is honestly irrelevant. A billionaire doesn't want payment in money, they are in it for the leverage. And they got Whatsapp. Whatsapp is basically the current business model.Again, you are probably right that I am paranoia about this...
(DIR) Post #846503 by lapingvino@esperanto.masto.host
2018-10-29T22:31:09Z
0 likes, 0 repeats
@micahflee @tuxicoman I agree about bitmessage having terrible UI and other stuff by the way. It's not for mainstream usage. I don't really use it.
(DIR) Post #846600 by micahflee@mastodon.social
2018-10-29T22:37:00Z
0 likes, 0 repeats
@lapingvino @tuxicoman what do you mean "client-side calling code"? Are you referring to all this webrtc code for voice calls? https://github.com/signalapp/Signal-Android/tree/master/src/org/thoughtcrime/securesms/webrtcSignal is very well designed and easy to use, and secure for what it tries to do: end-to-end encrypted replacement for unencrypted SMS and voice calls.It's not the right tool for every situation, but like, it's pretty awesome.
(DIR) Post #846635 by lapingvino@esperanto.masto.host
2018-10-29T22:35:23Z
0 likes, 0 repeats
@micahflee @tuxicoman Another problem about Signal is that it is not very clear in communications about what it protects you from and what not. Insecurity by obscurity, people don't know what will give them away. That's what I mean with security theater: they are technically providing protection and that is tried and works, but people don't understand crypto and security well enough to understand how safe on which parts it actually is.
(DIR) Post #846636 by lapingvino@esperanto.masto.host
2018-10-29T22:36:54Z
0 likes, 0 repeats
@micahflee @tuxicoman Adding metadata encryption will lure people into a bigger sense of security that might not be justified, so people take more risks and any spying done on data that is giving itself away will be much more effective. You basically know that security minded people will use it, and might risk their lives doing so.
(DIR) Post #846637 by micahflee@mastodon.social
2018-10-29T22:38:05Z
0 likes, 0 repeats
@lapingvino @tuxicoman So you think it's better that they don't work on encrypting metadata?I'm just confused by your arguments. Can you use specific examples of when when Signal has communicated something unclearly?
(DIR) Post #846639 by lapingvino@esperanto.masto.host
2018-10-29T22:38:11Z
0 likes, 0 repeats
@micahflee @tuxicoman If that's WebRTC now and that uses an open source implementation I might be out of date and I have to beg for excuses about that.
(DIR) Post #846698 by lapingvino@esperanto.masto.host
2018-10-29T22:41:33Z
0 likes, 0 repeats
@micahflee @tuxicoman encrypting metadata is good... the point is that good security makes you not stand out. using those features might make you a target, and figuring out who uses those features is still basically possible.
(DIR) Post #846741 by micahflee@mastodon.social
2018-10-29T22:43:18Z
0 likes, 0 repeats
@lapingvino @tuxicoman But once it's released and everyone updates their apps, every Signal user will be using that feature.
(DIR) Post #846842 by bob@soc.freedombone.net
2018-10-29T22:46:12.169567Z
0 likes, 0 repeats
@micahflee @tuxicoman @lapingvino I'm not sure that ephemeral sender certificates really tackles the problem of metadata. Instead it just moves the problem to a different location which arguably could be more susceptible to surveillance.Bitmessage is the scattergun approach in which messages are sent to many peers and the only way to know if you are the intended recipient is that a valid decrypt happens. This does defend the recipient information, but at a high cost to the network.
(DIR) Post #846843 by micahflee@mastodon.social
2018-10-29T22:49:06Z
0 likes, 0 repeats
@bob @tuxicoman @lapingvino I don't think it's completely solved because of user IPs and timing correlation attacks, but it's the first step to solving it in a scalable way
(DIR) Post #848891 by aadilayub@fosstodon.org
2018-10-30T00:38:03Z
0 likes, 0 repeats
@micahflee wow. This entire time I thought Signal didn't leak metadata.
(DIR) Post #849167 by micahflee@mastodon.social
2018-10-30T01:08:25Z
0 likes, 0 repeats
@aadilayub well it most likely doesn't.When you send a message, the connection between your phone and the server is encrypted with TLS, so people spying on the network can't see metadata. Once it hits the server, it can see who the message is from and to. It uses this to route your message to the right user. Signal promises to not log the metadata to disk, and there's strong legal evidence that they're telling the truth.But still, you have to trust them.1/x
(DIR) Post #849221 by micahflee@mastodon.social
2018-10-30T01:11:05Z
0 likes, 0 repeats
@aadilayub This new feature, "sealed sender", basically encrypts the "from" part of the metadata to the recipient, so the server can instead only see the "to" part.This makes it so the metadata the server can see is just who is receiving messages, without being able to know who is sending them.It means users will no longer have to trust that Signal is complying with it's privacy policy. Instead, Signal is making it impossible for them to access it.
(DIR) Post #849543 by amcewen@mastodon.me.uk
2018-10-30T01:17:39Z
0 likes, 0 repeats
@micahflee Bah, just as I thought I was getting close to getting Arduino IoT comms to be as secure (by porting libsignal to it) they go and move the goalposts... 🤣 🤣 🤣
(DIR) Post #852427 by senser@mastodon.social
2018-10-30T05:40:10Z
0 likes, 0 repeats
@micahfleeWhile I use Signal on daily basis, Wire is becoming my preferred communication app.Me and my friends have more and more issues with Signal like very big delays in message delivery, problems with successfully making calls and so on. I would blame my phone for that, but I hear about this also from friends who communicate with their contacts with the same issues.Wire also lets me retain my phone number for myself and use the same account on several devices. 😉@lapingvino @tuxicoman
(DIR) Post #853156 by jr@social.wiuwiu.de
2018-10-30T07:24:56Z
0 likes, 0 repeats
@micahflee my big problem with signal is that you can't host your own server, you have to stay stuck with their centralised infrastructure...
(DIR) Post #853196 by gdr@aleph.land
2018-10-30T07:33:44Z
0 likes, 0 repeats
@micahflee Not sure what it protects against. Isn't it easy for the server to associate a TLS socket with an user / phone number? Then what extra protection do the users gain by hiding the sender when the message is being sent via an authenticated TLS socket on a server they can't control?
(DIR) Post #859463 by freakazoid@retro.social
2018-10-29T22:44:23Z
0 likes, 0 repeats
@lapingvino @micahflee @tuxicoman Signal were far from the only people criticizing Telegram. Also, Telegram's ICO (which I imagine you've invested in, hence all the FUD about Signal) was super shady.https://gizmodo.com/why-you-should-stop-using-telegram-right-now-1782557415
(DIR) Post #859464 by lapingvino@esperanto.masto.host
2018-10-30T11:16:09Z
0 likes, 0 repeats
@freakazoid @tuxicoman @micahflee I don't invest in any ICO. I trust Telegram because it keeps my dear friends in oppressive regions safe.
(DIR) Post #859465 by micahflee@mastodon.social
2018-10-30T15:42:08Z
0 likes, 0 repeats
@lapingvino @freakazoid @tuxicoman Telegram doesn't use end-to-end encryption by default
(DIR) Post #860002 by freakazoid@retro.social
2018-10-30T16:18:10Z
0 likes, 0 repeats
@micahflee @tuxicoman @lapingvino And my understanding is that what e2e crypto it does have is home-grown, which is a big no-no. Double ratchet is open source and well-audited.I do like that Telegram is in F-Droid, but the absence of Signal there is (AIUI) because of a dependency on closed source Google code. You have to trust Google anyway to use it because Android, so I don't see this as a problem.
(DIR) Post #870319 by tuxicoman@social.jesuislibre.net
2018-10-30T23:21:42Z
0 likes, 0 repeats
@freakazoid @lapingvino @micahflee This is the problem...Forcing useage of a closed source build (signal APK) on a system needed a closed source root administrator (Google Apps) is a very strange move from an open source advocate.
(DIR) Post #870320 by micahflee@mastodon.social
2018-10-31T00:11:49Z
0 likes, 0 repeats
@tuxicoman @freakazoid @lapingvino That's not true though.You can build Signal from source if you want, or download the apk from https://signal.org/android/apk/ instead of the Play Store, and it runs fine on phones that don't have Google Play Services, or even any proprietary software.
(DIR) Post #870354 by lapingvino@esperanto.masto.host
2018-10-31T00:14:02Z
0 likes, 0 repeats
@micahflee @tuxicoman @freakazoid true, the same friend of mine that explained the closed source thing told that too.
(DIR) Post #871477 by tuxicoman@social.jesuislibre.net
2018-10-31T00:48:38Z
0 likes, 0 repeats
@lapingvino @micahflee @freakazoid I don't understand then why there is no #Fdroid build of it. It would bring updates easily without Google Apps.Moxie won't even notice it (other than putting a closed source stuff into his build)
(DIR) Post #871478 by micahflee@mastodon.social
2018-10-31T01:08:51Z
0 likes, 0 repeats
@tuxicoman @lapingvino @freakazoid There's nothing closed source in the official build.Personally I'd like Signal in F-Droid. But I think Moxie's argument is that secure software delivery is hard, releasing to two app stores introduces complexity, and F-Droid doesn't give analytics or crash reports. In the end, I think he just doesn't care much because only a tiny (but loud) fraction of the user base doesn't have the Play Store
(DIR) Post #873491 by lapingvino@esperanto.masto.host
2018-10-31T00:20:24Z
0 likes, 0 repeats
@freakazoid @tuxicoman @micahflee the home grown crypto is made for easy usability (it's much easier on phone hardware) and if it breaks down some time, it can easily be replaced. The problem with well-audited generally known crypto is twofold: 1. if one thing breaks, everything breaks. You want diversity to be able to switch to something not broken yet if something breaks down all of a sudden. [1/2]
(DIR) Post #873493 by lapingvino@esperanto.masto.host
2018-10-31T00:20:37Z
0 likes, 0 repeats
@freakazoid @tuxicoman @micahflee 2. mainstream crypto is US government grown, and there are unverifiable by the nature of the problem suspicions that they might have built in a one-way backdoor in the crypto by choosing the default parameters (e.g. in the case of Bitcoin using non-standard parameters I think that might be a reason) in use by everyone. This means that with non-diverse crypto, a problem means that everybody is spied on instead of a part. [2/2]
(DIR) Post #873494 by freakazoid@retro.social
2018-10-31T03:52:00Z
0 likes, 2 repeats
@lapingvino @micahflee @tuxicoman Signal uses Curve25519, which was developed by Dan Bernstein, who does not work for the US government.The notion that home-grown crypto is going to be safer than widely analyzed crypto from well-known cryptographers is utter nonsense.
(DIR) Post #874774 by mkb@mastodon.social
2018-10-31T06:03:24Z
1 likes, 0 repeats
@micahflee @lapingvino @freakazoid @tuxicoman Also the people who created Telegram’s protocol are not cryptographers. Cryptographers who have analyzed the protocol come away scratching their heads.
(DIR) Post #887461 by El_django@mastodon.social
2018-10-31T20:48:44Z
0 likes, 0 repeats
@wlanpu long thread pero vale pa comprender las diferencias entre Signal/Telegram