[HN Gopher] Show HN: ZuccNet - Encrypted Facebook Messaging
___________________________________________________________________
Show HN: ZuccNet - Encrypted Facebook Messaging
Author : tomquirk
Score : 63 points
Date : 2021-01-19 13:27 UTC (9 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| modeitsch wrote:
| Just create a Facebook without Facebook knowing your activity
| Gys wrote:
| Interesting idea. The problem that I see is once me and my
| friend(s) decide together to use some special tool we could just
| as well decide to use another platform. Might be easier to use as
| well (even my father knows how to use, for example, Signal).
| Surely Zuck will not be reading other platform messages if
| preventing that is your goal ;-)
| xuhu wrote:
| A browser extension that does exactly this would be useful.
| xanax wrote:
| I would still stay away from Facebook even with this. That
| platform is a data miner. Nothing more, nothing less.
| RandallBrown wrote:
| And all these years I've been using it as a photo sharing site,
| trip planning site, event planning site, news aggregator,
| messenger, and about a dozen other things.
|
| Data mining is the price you pay to have those things for free.
| I'll leave it up to individuals to decide whether or not it's
| worth the cost.
| sweis wrote:
| Facebook Messenger already has Secret Conversations, which is
| end-to-end encrypted mode based on the Signal protocol.
|
| Here's the technical whitepaper: https://about.fb.com/wp-
| content/uploads/2016/07/messenger-se...
|
| Here's some of the academic work on messaging franking that it
| has driven: https://eprint.iacr.org/2017/664.pdf
|
| Here's the instructions how to use it:
| https://www.facebook.com/help/messenger-app/1084673321594605
|
| Of course, you need to trust that the client from the app store
| and no, the implementation is not open source.
| stiray wrote:
| If you are trusting facebook in any matter, you are
| misunderstanding something. Whatever they say, they have the
| keys to decrypt it. It is like trusting the thief to guard your
| house.
|
| I dislike this "ZuccNet" as the real goal should be abandoning
| facebook ecosystem but I still think that anything for naive
| people is better than nothing, so thumbs up.
| sweis wrote:
| Your assertion is false. Please read the whitepaper.
|
| Facebook does not have the key to decrypt messages sent with
| Secret Conversations. It is generated on-device. You can
| confirm that using simple reverse engineering tools on, say,
| the Android APK.
|
| Yes, Facebook could subvert the binary by pushing an update.
| That is the risk you are accepting.
| stiray wrote:
| This is whitepaper, it is not implementation of closed
| source application.
|
| Let me explain how this works in PR world. You publish
| (with all the bells and whistles) that you have end to end
| encryption and explain protocol that uses asymmetric
| cryptography (just for the sake of simplicity I will
| simplify - you have public and private key, you send public
| key to all chatters with you, they will encrypt randomly
| generated symmetric key with it (asymmetric crypto is slow,
| you don't want to use it directly) and send it back (where
| you decrypt it) and vice versa. Then you use symmetric key
| that you have safely exchanged for use in block cypher,
| lets say Rijndael 265635238 bits (as big numbers mean more
| safety(tm) /s).
|
| You publish white papers of protocol, get all the
| cryptographers on your side. Fanboys are screaming, public
| is applauding, girls wants to sleep with you and president
| is thankful. What you don't tell is that you also encrypt
| symmetric key with YOUR public key that is embedded into
| application and send it along as a "status_check" field.
|
| And everyone is happy forever after. /s
|
| > Your speculation is not interesting to me.
|
| This works in both directions. But bottom line, whitepaper
| is not the application (and even if it would be, have fun
| reading http://www.underhanded-c.org/ or
| https://en.wikipedia.org/wiki/Dual_EC_DRBG and who has more
| motive as the corporation that profits from spying on
| everyone and everything). It is just as the name says.
| Whitepaper.
|
| "Timeo Danaos et dona ferentes"
|
| or maybe you will like this one more:
|
| "Trust is built in drops and lost in buckets"
|
| And you dont trust someone as Facebook or Google any more.
| They have lost trust in ship containers not buckets.
| sweis wrote:
| Your speculation is not interesting to me.
|
| What is interesting to me are actual bugs and
| vulnerabilities that credible people have found and
| gotten fixed: https://link.springer.com/chapter/10.1007/9
| 78-3-319-63697-9_...
| 52-6F-62 wrote:
| With respect, I don't think the other commenter is
| deferring to Facebook's abilities and openness to resolve
| bugs in the cryptographic process, but pointing out ways
| they can continue to act that align with open questions
| from their past.
|
| e.g. https://www.cnet.com/news/facebook-bug-has-camera-
| activated-...
|
| Where the question arises: was it a bug that the camera
| was on, or that it was revealed inadvertently? Hence the
| discussion of trust in the client. That is an instance
| where Facebook lost some of that trust "in buckets".
|
| It's true that "shit happens", but when it "happens"
| reptitively the questions begin to emerge. I don't think
| that's unfair. I mean, I'm sure few people would use a
| stock Ford Pinto as their regular driver, regardless of
| Ford's intentions or engineering capabilities.
| HenryBemis wrote:
| Why we should never trust Facebook:
|
| 1) well.. their CEO is a scumbag.
|
| 2) not only the CEO is a scumbag, apparently there are
| plenty more where he came from (scumbagland??)of them in
| there: https://www.forbes.com/sites/davidphelan/2019/02/0
| 1/apple-bl...
|
| That second point didn't "just" happen. It was organized.
| It was planned. It was tested. It was approved. It was
| rolled out. And I didn't read about 10-50-100 people
| quitting/getting fired after this fallout. So.. another
| day at work. This time they got busted. So with CA. So
| with experimenting on our psychology by manipulating
| order of showing posts (effectively cancelling out the
| chronological order).
|
| PS: and right when I thought I would only post positive
| messages on HN from now one.. a FB post comes up..!! PS2:
| I guess FB is useful to some. I wish them the best!!
| (there is a positive note!)
| sweis wrote:
| The original statement I had disputed was "[Facebook has]
| the keys to decrypt [Secret Conversations messages]",
| which is false.
|
| If you think the contrary, then the evidence is in the
| client.
| klyrs wrote:
| I'm perfectly willing to accept that they don't have
| access to the keys. But that's not the only kind of
| security failure -- the "steel door in a wooden frame"
| sorts of issues. For example: can the app take
| screenshots of decrypted messages?
| [deleted]
| Grustaf wrote:
| > Yes, Facebook could subvert the binary by pushing an
| update. That is the risk you are accepting.
|
| That's exactly the kind of risk you should never accept
| when it comes to Facebook.
| Moodles wrote:
| > Whatever they say, they have the keys to decrypt it.
|
| This is a baseless assertion.
| snypher wrote:
| "When you report a secret conversation, recent messages
| from that conversation will be decrypted and sent securely
| from your device to our Help Team for review."
|
| So they either have the keys or a way to force the client
| to decrypt.
| arrosenberg wrote:
| Trust is earned.
| seniorivn wrote:
| but it is a safe assumption
| sweis wrote:
| It's a falsifiable assumption. Audit the binaries if you
| want to convince yourself. You will see code to generate
| and use keys locally, with no mechanism to fetch or share
| keys from a server.
|
| If you want to go beyond generic concerns, there are
| plenty of academic papers that have looked at Facebook
| Secret Conversations, found actual issues, and helped get
| them fixed: https://link.springer.com/article/10.1007/s00
| 145-020-09360-1 https://link.springer.com/chapter/10.1007
| /978-3-319-63697-9_... https://link.springer.com/chapter/
| 10.1007/978-3-319-96884-1_...
| na85 wrote:
| Why are you so eager to trust an organization that has so
| often demonstrated it's not worthy of trust?
|
| This is _Facebook_ , for pete's sake. The same company
| that conducted psychological experiments with zero
| clinical/ethical oversight by manipulating its users'
| feeds to see if it could cause depression/anxiety (or the
| opposite).
|
| Facebook is evil and you should not trust them even a
| little bit.
| mattigames wrote:
| The app can auto-update itself at any time and install
| some binaries that do share the key with the server;
| trust is virtue of every single thing the company (im
| this case FB) can do and auto-updates is one of them.
| godmode2019 wrote:
| In Australia its illegal to encrypt user data with out the
| ability to decrypt it.
|
| Do they offer this service in Australia? Yes. Then they
| have the keys.
| RandallBrown wrote:
| Facebook isn't doing the encrypting. You are. You have
| the key on the phone.
| 34kj2h4234 wrote:
| You could also have the law enforcement public key that
| was compelled to be installed in your corespondent
| keyring, invisibly, re-encrypting all those messages for
| FB, LEA and IC. That way its all "end-to-end encrypted"
| and giant public messaging system can be selectively
| tapped by authorities. Everyone loses!
| Barrin92 wrote:
| as of a few months ago[1] it seems like Facebook and
| other tech companies haven't complied with it yet. I
| think governments are still just pestering them about it.
|
| [1]https://www.independent.co.uk/life-style/gadgets-and-
| tech/go...
| sweis wrote:
| Also, ZuccNet is using RSA-2048-OAEP to encrypt each message:
| https://github.com/tomquirk/zuccnet/blob/master/src/util/cry...
|
| This is not forward secure. It will also only work for messages
| under 256 bytes. I don't know what happens in this code if you
| exceed that message length.
|
| You want to use ephemeral session keys here. Read the Secret
| Conversations whitepaper as an example.
| matmann2001 wrote:
| From Facebook Secret Conversations FAQ:
|
| > If you think a message you've received in a secret
| conversation goes against our Community Standards, you can
| report it. Learn more about what a secret conversation is. When
| you report a secret conversation, recent messages from that
| conversation will be decrypted and sent securely from your
| device to our Help Team for review. We won't tell the person
| you're talking to that you reported it.
|
| Since Facebook's software is managing the keys, they have the
| ability to decrypt Secret Conversations. You have to trust
| Facebook not to snoop. Whereas w/ ZuccNet, the public keys can
| be exchanged via a separate channel from Facebook, thus
| rendering Facebook unable to snoop.
| ballenf wrote:
| The metadata of our conversations is really more important than
| the content most of the time. Especially if FB is tracking the
| conversation participants before and after the chat.
|
| If we chat and then shortly there after you search for some
| fringe political group, it's pretty safe to see that as a
| strong indication that I'm involved with that group. Or if my
| geolocation places me at some political event and we chat
| during or just after it, you're implicated.
|
| FB doesn't need the contents of messages, they need the
| metadata plus all the other user tracking.
| benbristow wrote:
| Can't seem to login if I'm using 2FA, even with an 'app
| password'.
| gigel82 wrote:
| I bet Facebook gets a lot more value out of tracking you across
| services and locations than from the actual contents of your
| messages.
|
| This doesn't address it; if you're willing to go to these
| lengths, just switch to another platform that encrypts E2E.
| netsharc wrote:
| True, if you can get your friend to care enough to install this
| exotic app, you can also get them to install the WhatsApp
| alternative of the day...
| some_furry wrote:
| This isn't safe to use:
|
| https://github.com/tomquirk/zuccnet/blob/42e351e36b3b5dbaef0...
|
| 1. Try encrypting a message larger than 256 characters. Even if
| you somehow succeed, it will fail to decrypt. (My understanding
| of JS crypto is that it will throw an error if you try.)
|
| 2. It lacks forward secrecy.
|
| A much better design would be to encrypt with an ephemeral (one-
| time) 256-bit AES key (using CBC+HMAC), then _encrypt the key_
| with RSA. (AES-GCM is probably easier, but if you 're worried
| about message commitment, that's not recommended.)
|
| (On sweis's comment about Secret Conversations: I don't trust
| closed source implementations--and neither do a lot of us on HN,
| so that's a non-starter. Tell the Facebook team to open source
| it, with reproducible builds, if you want it to be trusted.)
|
| Recommended reading for the author:
| https://soatok.blog/2020/11/14/going-bark-a-furrys-guide-to-...
| faitswulff wrote:
| Will this result in getting locked out of your account for
| "suspicious spam messages?"
| foolinaround wrote:
| great as an academic exercise, but not useful in reality.
| e12e wrote:
| Reminds that Facebook messenger started out as (non federated)
| XMPP and worked with OTR until they re-factored everything.
|
| For a little while it was possible to just use pidgin, and have
| OTR work with Google talk (also boycotting federation), Facebook
| and general XMPP.
|
| But now the silo walls have been reinforced.
| armoredkitten wrote:
| The Venn diagram of "people who would be willing to use a tool
| like this" and "people who are already using Signal" is a circle.
|
| Still, it's a fun proof of concept tool.
___________________________________________________________________
(page generated 2021-01-19 23:02 UTC)