hngopher.com

       [HN Gopher] Private contact discovery for Signal (2017)
       ___________________________________________________________________
        
       Private contact discovery for Signal (2017)
        
       Author : tchalla
       Score  : 28 points
       Date   : 2021-02-27 19:23 UTC (3 hours ago)
        
 (HTM) web link (signal.org)
 (TXT) w3m dump (signal.org)
        
       | A_Duck wrote:
       | Some low-tech alternatives
       | 
       | (1) Each client app to submit x randomly generated phone numbers
       | for every real number, making any reconstructed social graph
       | useless and deniable. Where x is the slowdown their very cleverly
       | over-engineered solution introduces...
       | 
       | (2) As long as Signal user base is relatively small -- submit n-1
       | digits of the number, then wait for confirmation there is at
       | least one Signal user matching before submitting the final digit.
       | 
       | (3) If user base is larger - submit n-1 digits of the phone
       | number, and receive all of the up to 10 matching users
        
         | Closi wrote:
         | I assume you can still build a social graph with number 1 with
         | enough people using the service if you just check for 2 way
         | connections between contacts (i.e. if Jane submits a contact
         | list including Simon, Pete and Paul, and Paul submits a contact
         | list including Sarah, Francis and Jane, I can imply that Jane &
         | Paul are real contacts).
         | 
         | 2 & 3 seem to match the 'bloom filter' concept described here:
         | https://signal.org/blog/contact-discovery/
        
       | mikece wrote:
       | "Signal is social software. We don't believe that privacy is
       | about austerity, or that a culture of sharing and communication
       | should mean that privacy is a thing of the past."
       | 
       | I don't agree. All I want from Signal is an e2ee, cross-platform
       | replacement for SMS. I don't think of SMS as "social software"
       | and to the degree Signal keeps acting like it wants to be a
       | social network the more uneasy it makes me. I do appreciate that,
       | unlike Telegram, I can use Signal without giving it access to my
       | contacts but I wish it didn't try to leverage my contacts list at
       | all.
        
         | swiley wrote:
         | Just use email with autocrypt or jabber with OMEMO. Signal will
         | always have its way because it isn't federated.
        
         | Sunspark wrote:
         | Signal is not a social network, and it's the cross-platform
         | replacement for SMS that you want it to be. Essentially RCS in
         | that it requires a data network, but is better designed.
         | 
         | I don't think it's an issue that it uses your contact list. Why
         | should that be a concern? It doesn't upload them into a
         | database like other services.
         | 
         | Signal is a privacy app, not an anonymity app.
         | 
         | I see people expressing their concern about seeing their boss
         | using the app, etc. and I just cannot relate. Is their argument
         | that they prefer to use insecure SMS with their boss instead?
         | What's the point? Both parties _already have_ each other's
         | phone number as a unique identifier.
         | 
         | I only have a limited # of people I can use Signal with because
         | I don't post my phone number everywhere, though I am old enough
         | that I remember telephone books back when people used to give
         | out their phone number and address and nobody thought anything
         | of it.
        
           | electriclove wrote:
           | Why is it a concern that an app wants to use my contact list?
           | Really??
        
             | Sunspark wrote:
             | Given that it isn't uploaded into a database, it shouldn't
             | be a concern for you, and if it is, you better stop using
             | your smartphone because you're already sharing it with
             | Google.
        
               | electriclove wrote:
               | I use Signal and don't like that it wants access to my
               | contact list. I want a better way and if my little voice
               | adds to a call for a better way, great. Don't tell me I
               | shouldn't care.
        
               | Sunspark wrote:
               | You got the better way already. It's not being uploaded
               | into a database.
        
           | lrvick wrote:
           | Beyond the KYC requirements in 200 countries that make phone
           | number based systems useless for those in high risk
           | situations... They have other less obvious problems.
           | 
           | Today with a phone number you can:
           | 
           | 1. Port it, steal 2FA and password resets, take over critical
           | accounts that don't allow alternate 2FA (happened to two
           | friends of mine that work on financial security)
           | 
           | 2. Pay first party or shady second party bounty hunter cell
           | carrier APIs to get current GPS location on a number.
           | 
           | I do not even have a cell carrier anymore for these reasons,
           | social consequences be damned.
        
         | user-the-name wrote:
         | I am pretty sure that SMS leverages your contact list, though.
         | If you want Signal to replace it, then, why should it not do
         | the same?
        
       | captainmuon wrote:
       | How does this ensure that the code on the server is running on
       | the secure enclave, and not in an emulation[2]? Or that the whole
       | attestation is not emulated? How do we know that the team who
       | built the SGX does not work closely with the NSA[1]?
       | 
       | I would probably just concatenate the phone numbers with the
       | user's numbers, throw in some hard to guess salt like the Dow
       | Jones index, and hash it with bcrypt. It's not perfect, but I
       | would consider it good enough. And most importantly, easier for
       | me to verify.
       | 
       | ([1] Only half kidding: My favorite paranoid theory is that most
       | security tech is thoroughly backdoored, and most of the
       | 30000-40000 employees of NSA are actually doing parallel
       | contruction all day long for the data they get this way.)
       | 
       | [2] Edit: from skimming the previous HN discussion, it seems that
       | SGX relies upon Intel's remote attestation service. The code you
       | run is signed by Intel, and you have a chain of trust stemming
       | from a key held by Intel. It's a clever construction, but I still
       | feel it is too clever to be comfortable with.
        
         | lrvick wrote:
         | But the signing key could of been extracted via a number of
         | side channel attacks on SGX.
         | 
         | SGX remote attestation is, given those exploits, a super weak
         | assurance of anything.
         | 
         | Centralization of security and privacy is universally a
         | mistake.
        
       | devadvance wrote:
       | Previously discussed here:
       | https://news.ycombinator.com/item?id=15340729
       | 
       | As an engineer, I appreciate the depth of this post. However, I'd
       | also appreciate a more approachable version that I could share
       | with a broader audience. E.g., without understanding anything
       | about hashing, SGX, etc., how can we best explain the advantages
       | of this approach over the "upload your contacts list" request
       | that you encounter in other chat apps?
        
       ___________________________________________________________________
       (page generated 2021-02-27 23:00 UTC)