[HN Gopher] Technical analysis of the Signal clone used by Trump...
___________________________________________________________________
Technical analysis of the Signal clone used by Trump officials
Author : micahflee
Score : 504 points
Date : 2025-05-02 23:20 UTC (2 days ago)
(HTM) web link (micahflee.com)
(TXT) w3m dump (micahflee.com)
| LordShredda wrote:
| The decision to use a signal knockoff was a planned and managed
| one, not just on a whim. Who's responsible for managing the
| phones?
| namdnay wrote:
| It's not really a knockoff, it's a deliberately cracked version
| of a B2C app to adapt it to a corporate setting
| Zak wrote:
| The Signal client app is open source; it's probably not
| reasonable to describe a modified version as "cracked".
| Signal does discourage the use of modified clients for
| security reasons, but does not actively block most of them.
| namdnay wrote:
| You're right for Signal! Their WhatsApp client, however...
| that's definitely "cracked"
| mdhb wrote:
| The big part of this story which nobody is talking about is the
| fact that the app is literally controlled by a bunch of "former"
| Israeli intelligence officers. Who now have what is arguably the
| worlds most valuable access out of anyone.
| wmf wrote:
| The US and many other countries have been buying Israeli
| surveillance tools for years or decades.
|
| I would hope that any message archiving is being done on an
| organization-owned server though.
| duskwuff wrote:
| > I would hope that any message archiving is being done on an
| organization-owned server though.
|
| There's compelling evidence that the messages all pass
| through TM servers before being archived.
|
| https://www.404media.co/the-signal-clone-the-trump-admin-
| use...
| userbinator wrote:
| _There 's compelling evidence that the messages all pass
| through TM servers before being archived._
|
| The question is where the E2E encryption goes between.
| Klonoar wrote:
| The E2E encryption is likely not even relevant, unless
| I'm missing something?
|
| The builds that are distributed would likely just send
| the plaintext un-encrypted message separately to the
| archive, and I'm guessing that means it goes right to TM
| servers before being dispatched elsewhere.
| Y_Y wrote:
| Ah yes, it's end-to-end alright, end-to-end cleartext.
| lysp wrote:
| > The US and many other countries have been buying Israeli
| surveillance tools for years or decades.
|
| Yes, tools like Cellebrite and zero-day exploits.
|
| Those are tools which are used to spy on people outside of
| the government.
|
| This is a tool that has data created by the government.
| woodruffw wrote:
| I don't think it's that big: USG procures defense and
| intelligence tech more or less constantly from Israel. It's
| unlikely that Israel would threaten that relationship (and the
| value they extract from it in terms of favorable relations) in
| exchange for military intelligence that's already shared with
| them.
|
| (I feel like I have to say this in every thread that insinuates
| something sinister about being a "former Israeli intelligence
| officer": the structure of Israel's military and mandatory
| service is such that _just about everybody with technical
| skills_ serves in some kind of "intelligence" capacity. It's
| not a very big country. This is, of course, independent from
| any normative claims about Israel's government, politics, etc.
| -- it's what you'd expect in any small country that has
| mandatory military service with a significant intelligence
| component.)
| like_any_other wrote:
| > I don't think it's that big: USG procures defense and
| intelligence tech more or less constantly from Israel. It's
| unlikely that Israel would threaten that relationship (and
| the value they extract from it in terms of favorable
| relations) in exchange for military intelligence that's
| already shared with them.
|
| Correct - they would not use that intelligence to threaten
| that relationship, but to _maintain_ it. Knowing the
| political leanings of politicians and government officials
| (for example, identifying any that think that relationship is
| more of a cost than a benefit) is extremely valuable to that
| end.
| woodruffw wrote:
| The over/under there doesn't make sense: the US hasn't had
| a meaningfully hostile-to-Israel policy _ever_ , so
| pervasively tapping some of the most sensitive USG
| communications would be a _stunning_ risk to take with a
| very safe ally.
|
| (It also beggars belief in the current climate -- I would
| be hard-pressed to name a single member of the current
| administration who hasn't yelled until purple in the face
| about their support for Israel's current government and
| wartime policies.)
| like_any_other wrote:
| You might think so, but they didn't face any backlash for
| buying politicians [1,2] and bragging about it [3], so
| why would they worry? You also assume that the US is a
| "very safe ally" naturally, and not as a consequence of
| means such as these.
|
| [1] _After House Speaker Mike Johnson Pushed Through
| Israel Aid Package, AIPAC Cash Came Flowing In_ -
| https://theintercept.com/2024/01/20/israel-aipac-house-
| mike-...
|
| [2] _The Israel lobby and U.S. foreign policy_ -
| https://www.hks.harvard.edu/publications/israel-lobby-
| and-us...
|
| [3] _More than 95% of AIPAC-backed candidates won their
| election last night! Being pro-Israel is good policy and
| good politics!_ -
| https://x.com/AIPAC/status/1590362232915132417
| immibis wrote:
| Everyone is tapping everyone else to the extent they can
| get away with it - especially allies, because they can
| get away with it more. You don't think the NSA monitors
| every single bit that flows in and out of the USA?
|
| Periodically, someone gets caught red-handed, a fuss is
| made, some diplomats get thrown out and replaced with
| other ones, and then everyone continues doing it.
| iAMkenough wrote:
| They have never had a hostile-to-Israel policy and never
| will because of the leverage Israel has over US
| politicians.
|
| There's a reason the US bought this app from Israelis,
| and it wasn't because of improved security or archive
| compliance.
|
| For how much they like to beat the "buy American" drum,
| this contradicts that.
| senderista wrote:
| Really?
|
| https://en.wikipedia.org/wiki/Jonathan_Pollard
| woodruffw wrote:
| You'll note that this case caused exactly the kind of
| outcome I'm talking about: Pollard was an _anomaly_ (to
| my knowledge, the only recorded case of a US citizen
| spying for a US ally) whose activities caused a massive
| intelligence break between US and Israel that lasted for
| years and probably did more damage than "good" it served
| for Israel's intelligence apparatus[1]. That kind of
| lesson is hard-learned and probably not forgotten,
| regardless of the fact that Pollard is a poster-boy in
| Israel's version of a culture war.
|
| [1]: https://www.thedailybeast.com/israeli-spies-arent-
| exactly-re...
| arandomusername wrote:
| The most "hostile to Israel" policy was under JFK, which
| is interesting.
| woodruffw wrote:
| Yep. In general there's been no truly "hostile to Israel"
| US president. The closest thing to "hostility" has been
| negotiating (under JFK, Carter, Bush Sr., and Obama most
| notably) with regards to one or more of Iran, the '67
| border, WB settlements, etc. Israel has increasingly (and
| wrongly) considered these "meddling" under its far-right
| government, which is a internal change within their own
| politics rather than a marked change in the US's own
| tactics.
| mdhb wrote:
| I'm saying this as someone who almost certainly has a lot
| more knowledge about intelligence and the US / Israeli
| relationship than you do.
|
| While some of the points you make are indeed correct it
| actually paints an inaccurate overall picture.
|
| For example: not widely known but 100% true, Israel is and
| has been for a long time classified as the highest level of
| counterintelligence threat to the US on par with China,
| Russia, Cuba and others.
|
| I assure you, this is a big fucking deal and not something to
| be waved away with "everyone's intel, don't worry it's
| probably nothing".
| woodruffw wrote:
| I'm not saying it's not a big deal. It obviously is.
|
| I'm saying that the fact that it's Israeli tech is not
| _itself_ the biggest part of the story.
| aucisson_masque wrote:
| Israel have different interest than the usa.
|
| Today they may collide in most instances, who's to say
| tomorrow it will still be the case. For instance when Iran
| gets the nuclear bomb and threaten Israel with it ?
|
| An encrypted messaging system, used by the American
| government, is in my opinion even worst than the supposed
| Huawei 5g antenna data collection.
|
| Huawei wouldn't have had access to secret talk between top
| government official, at least not decrypted.
| krunck wrote:
| It's not like Israel doesn't already have the highest level of
| access to the administration's plans. Canada could be made the
| 51st state and Israel would still have more access to the Trump
| administrations plans. There is some sort of strong connection
| between the USA and Israel. What that is, I don't know.
| lesuorac wrote:
| I know it's pretty fun to do the espionage angle with this
| comment.
|
| But is this really just evidence that a mandatory draft is
| actually good economic policy? Having a forced networking event
| where a bunch of similar skilled individual meet each other
| seems to be producing a ton of economic value for Israel.
| mdhb wrote:
| This isn't a one or the other thing. You're just bringing up
| an unrelated point.
| jcgl wrote:
| What are the visually distinguishing features of this TM SGNL app
| compared to the official one? To my eyes, the app in the Waltz
| picture looks the same as the official one.
| micahflee wrote:
| It says "Verify your TM SGNL PIN" instead of "Verify your
| Signal PIN". That's the only difference.
| dang wrote:
| I appended a 'd' to the end of the title to pre-empt objections
| that they're not still using it. If it's known for sure that they
| are, we can de-'d' that bit.
|
| Edit: this subthread is obsolete now - I took a phrase from the
| author's update to the article to use as the title above.
| 1oooqooq wrote:
| honest question, but you decided to go against the "don't
| change titles" rule to choose one unprovable point until
| another just as unprovable point is proven? it could be argued
| both ways with the same argument.
| dang wrote:
| There's no "don't change titles" rule, though it's
| interesting how the actual rule gets truncated to that in
| people's minds! Here's the actual rule:
|
| " _Please use the original title, unless it is misleading or
| linkbait; don 't editorialize._" -
| https://news.ycombinator.com/newsguidelines.html
|
| In this case I was thinking of both the 'misleading' and
| 'linkbait' bits of that 'unless'. (By the way, this is common
| HN moderation practice--bog standard, as I often say.)
|
| > to choose one unprovable point until another just as
| unprovable point is proven
|
| You might have a, er, provable point if that were the case!
| but I'm taking for granted that the officials in question did
| actually use this client, so "used" is known while "use"
| (which I took to mean "are still using") isn't yet known for
| sure. Did I miss something?
|
| Edit: btw, in case anyone's wondering why we left the
| submitted title up instead of reverting it to what the
| article says, one reason is that the submitted title struck
| me as arguably less linkbaity (and therefore ok under the
| rule) and the other reason is that we cut authors a bit of
| slack when they post their own work.
| 1oooqooq wrote:
| the "use" assume nothing happened after the report (app
| still in managed domain). "used" assume an extra action
| taking place, which is a stretch imo.
|
| but i assumed wrong that you added the "d", not that you're
| only exempting the submitter title. thanks for the insight
| into your always nice moderation.
|
| follow up question: you work seven days a week??
| tailspin2019 wrote:
| > i assumed wrong that you added the "d"
|
| dang seems to be saying that he _did_ add the "d" though?
|
| FWIW I would have preferred it to be just left as "uses"
| per the article title.
| dang wrote:
| I did add the 'd' but I am sorry to say that all
| information associated with that instance of that letter
| has already been flushed out of my memory.
|
| > you work seven days a week??
|
| By no means all day every day, but yes in the sense that
| my hours get distributed semi-randomly.
| emmelaich wrote:
| "Used" still allows "use" in the mitch-hedbergian sense.
| ComputerGuru wrote:
| White House communications director previously revealed (after
| "Signalgate") that Signal was an approved and whitelisted app for
| gov't officials to have on work phones and even discuss top-
| secret matters on. But I haven't heard that TeleMessage was
| approved (and I'd have serious questions if it were given the
| foreign intelligence factor). Anyone know if there is a clear
| answer to whether it's been approved?
| ceejayoz wrote:
| The White House communications director lies continually, so
| the value of that statement is nil.
| donnachangstein wrote:
| The correct answer is no one outside US Government IT knows for
| sure what is or isn't approved per their own rules. Every
| article (and comments therein) are just speculation and people
| trying to confirm their own biases, desperately looking for
| something to blame someone for, to produce more rage-bait and
| thus feed more ad clicks.
|
| Every single article is written with the presumption that there
| are no actual IT people in the White House, that someone
| wheeled in a Starlink dish on a dessert cart in the yard which
| is somehow running the entire government. It's silly and
| ridiculous.
| ceejayoz wrote:
| > It's silly and ridiculous.
|
| As is putting someone with a brain parasite and anti-vax
| beliefs as the head of HHS, but here we are.
|
| "Silly and ridiculous" does not mean "implausible" with this
| administration. It's the _standard_.
| gopher_space wrote:
| I mean, have you actually met many pro-Trump IT folks? Worked
| with them in any capacity? Real bargain-basement shit.
|
| If you ever get the chance to talk to a recruiter who's been
| in the game for a few decades, ask them about conservative
| brain-drain. It's a really weird phenomenon to have someone
| just lay out for you from a functional perspective,
| especially if you grew up around people doing dev work for
| the military back in the day.
| mmooss wrote:
| Palantir has a lot of IT employees, as does Oracle and
| Musk's companies, which actively support Trump.
| runlevel1 wrote:
| Are you trying to prove their point?
| gavin-1 wrote:
| What does conservative brain drain mean?
| michaelt wrote:
| A few decades ago, the Republican party had one foot in
| the anti-intellectual camp, but only one.
|
| They were the party of young-earth creationists,
| religious pro-lifers, climate-deniers and gun-lovers -
| but also of educated fiscally conservative folks. The
| party would welcome economics professors and leaders of
| medium-sized businesses, promising no radical changes, no
| big increases in spending or regulation, and a generally
| pro-market/pro-business stance.
|
| The genius of Trump was in realising the educated
| fiscally conservative folk were driving 95% of the
| republican policy agenda but only delivering 10% of the
| votes. The average Republican voter loves the idea of
| disbanding the IRS and replacing all taxes with tariffs
| on imports. Sure, you lose the educated 10% who think
| that policy is economic suicide - but you can more than
| make up for it with increased turn-out from the other 90%
| who are really fired up by the prospect of eliminating
| all taxes.
|
| And it works - jumping into the anti-intellectual camp
| with both feet has delivered the house, the senate, the
| presidency (electoral college _and_ popular vote), and
| the supreme court.
|
| The conservative movement has a brain-drain because
| they've realised they don't _want_ the votes of smart,
| educated people.
| Tabular-Iceberg wrote:
| What's anti-intellectual about religious pro-lifers?
| gopher_space wrote:
| Their take on scripture is deliberately anachronistic. We
| didn't have the medicine or sanitation 2000 years ago to
| place their kind of value on a fetus.
| protocolture wrote:
| >that someone wheeled in a Starlink dish on a dessert cart in
| the yard
|
| That situation was ridiculous, in that to score the marketing
| points, but fighting with the whitehouse IT the starlink is
| installed at a remote location with much the same point of
| failure as their fibre services.
| skissane wrote:
| > The correct answer is no one outside US Government IT knows
| for sure what is or isn't approved per their own rules
|
| Veterans Affairs actually publishes a list of approved
| software as part of their Technical Reference Model:
| https://www.oit.va.gov/services/trm/ (don't know how complete
| it is)
|
| But I'm not aware of other agencies doing this. I suppose
| that VA, given the nature of what they do, likely feels that
| there is less risk in publicising this information
|
| There's also the FedRAMP program for centralized review of
| cloud services - fedramp.gov - I haven't looked to see if
| Telemessage is listed as approved but I see some references
| to FedRAMP and Telemessage online suggesting that it may be
|
| Another source of info is SAM.gov -
| https://sam.gov/opp/ab5e8a486e074d73bfe09b383ba819ab/view
| (that's for NIH) - if there is an agency paying for it, you
| can assume they've approved it for use (or are in the process
| of doing so) even if they haven't otherwise publicly said
| they are. But, not all contracts are public, so just because
| you can't find it on SAM.gov doesn't mean it doesn't exist
| ipv6ipv4 wrote:
| It was incontrovertibly approved as it is only installable via
| MDM.
|
| A likely explanation is that the communications director (or
| the people informing her) wouldn't know to distinguish between
| Signal the app, and a Signal compatible app that is nearly
| indistinguishable from Signal. A lot like Kleenex is a common
| term for tissue paper regardless of brand.
|
| When the leak was first revealed, there was loud speculation
| about the legality of government chat messages being set to
| auto-delete. This additional revelation, about the use of
| TeleMessage, shows that someone with a security background has
| actually thought about these things. It makes perfect security
| sense to archive messages somewhere secure, off phone, for
| record keeping compliance while ensuring that relatively
| vulnerable phones don't retain messages for very long. It's
| also an easy explanation for why such an app was created in the
| first place. There is an obvious market for it.
| ceejayoz wrote:
| > This additional revelation, about the use of TeleMessage,
| shows that someone with a security background has actually
| thought about these things.
|
| We only have evidence they used TeleMessage _after_ the
| scandal. When the same guy let the press take a photo of his
| messages with Vance, Rubio, Gabbard and others.
| ryanwatkins wrote:
| > It was incontrovertibly approved as it is only installable
| via MDM.
|
| Only if this his standard govt issued phone. It's also been
| shown they are also using their own personal phones. The
| could easily be using unapproved phones some random DOGE'er
| bought gave them with an MDM setup, without any real
| oversight.
| be_erik wrote:
| This is currently my bet. This looks like something I would
| set up-- state actors are not in my threat list. But, I'm
| usually being paid to protect the employer not the
| employee.
| namdnay wrote:
| The device would have to be jailbroken right? These apps
| are (obviously) not in the App Store, I mean one of them is
| a cracked WhatsApp ...
| _djo_ wrote:
| No, you can distribute custom managed apps through
| Apple's MDM programme. https://support.apple.com/en-
| gb/guide/deployment/dep575bfed8...
| namdnay wrote:
| Sorry yes I meant for personal devices. These are
| designed to be deployed under MDM on corporate devices
|
| edit: found their install doc! https://smarsh.my.salesfor
| ce.com/sfc/p/#30000001FgxH/a/Pb000...
| kube-system wrote:
| You can put personal devices on an MDM, many have special
| modes for this too.
| Hobadee wrote:
| > The could easily be using unapproved phones some random
| DOGE'er bought gave them with an MDM setup, without any
| real oversight.
|
| No. Even if you managed to get the app and push it to
| devices, you can't just use TM-SGNL without having an
| archiving account from Telemessage.
|
| Source: I manage this exact setup for several clients.
| diggan wrote:
| > you can't just use TM-SGNL without having an archiving
| account from Telemessage
|
| Why wouldn't the government (DOGE in this scenario) be
| able to get an archiving account?
| tmpz22 wrote:
| If DOGE can storm into government offices and get root access
| to sensitive system without proper procedure, couldn't SECDEF
| and co. strong arm their way past the IT worker managing the
| MDM?
| watusername wrote:
| According to the new 404 Media article [0] about the app's
| archive server actually being hacked, TeleMessage does have
| contracts with several governmental agencies. Still not a
| direct answer to the question, I know, but it tilts the answer
| overwhelmingly towards "yes."
|
| [0]: https://www.404media.co/the-signal-clone-the-trump-admin-
| use...
| be_erik wrote:
| This is so frightening. I worked in corporate security, and
| that was occasionally a leaking ship, but this wouldn't even
| fly with our engineers even if we wanted their message
| history. This is negligence.
| namdnay wrote:
| The scariest part? They also sell to corporations...
|
| Read their install guide and weep at the idea of pushing
| cracked WhatsApp binaires through MDM https://smarsh.my.sal
| esforce.com/sfc/p/#30000001FgxH/a/Pb000...
| watusername wrote:
| > cracked WhatsApp binaries
|
| On a more meta note, I wonder who even works at companies
| founded on ideas that are just... bad. On average, I
| expect good engineers to push back on such business
| requirements and also have better job mobility so they
| can leave and work elsewhere. The researcher found the
| vulnerabilities "in less than 30 minutes" so it seems
| there's some lack of competence here.
|
| Unfortunately, misguided business requirements like this
| won't simply disappear and I get that those can be niche
| offerings that attract juicy contracts.
| jjani wrote:
| Casinos, scams (both of these Web3 as well as
| traditional), game hack developers, ransomware and
| database hackers. Adtech, which thousands of HNers work
| in (anyone at Google). Temu, Shein, gacha/lootbox games,
| dopamine drug dealers (Meta, Bytedance). NSO group,
| spyware. Policeware, Clearview, surveillance tech. You
| could name defense as well, but I find that more
| ambiguous.
|
| I wouldn't be surprised if it at least 25% of HN has
| worked for such companies for at least 2 years of their
| career.
| icedchai wrote:
| People generally need jobs, and some of these jobs aren't
| so good. Not everyone is talented enough to work at the
| next hot startup building a frontend to ChatGPT.
| sandworm101 wrote:
| >> Signal was an approved and whitelisted app for ... discuss
| top-secret matters on.
|
| No. Just no. Anyone who has handled TS information would know
| how nutz that sounds. Irrespective of software, TS stuff is
| only ever displayed in special rooms with big doors and a man
| with a gun outside. The concept of having TS on an everyday-use
| cellphone is just maddening.
| mmooss wrote:
| The publicly known recommendations, from CISA for example, was
| to use Signal for non-classified information only.
| Hobadee wrote:
| It would have to be approved; there is no way for lay-users to
| install/configure TM-SGNL in their own; it needs to be deployed
| via MDM.
|
| Source: I'm the admin who installs TM-SGNL for many users.
| jetbalsa wrote:
| Would be interesting to dump the app binaries so people can
| take a look at how its put together, I suspect its a
| minefield of sloppy injection functions into how signal
| works.
| XorNot wrote:
| Signal is open source for the client, no one is doing work
| they don't have to cracking a binary you can just compile.
| philipwhiuk wrote:
| > Source: I'm the admin who installs TM-SGNL for many users.
|
| So... is it properly open source?
| axus wrote:
| I felt the writer implied open source code was a
| bad/insecure thing, since they downloaded a zip file from
| some WordPress upload folder. I'm guessing the code was
| being made available to companies that "legally" obtained
| TM-SGNL.
|
| His repo, not theirs: https://github.com/micahflee/TM-SGNL-
| Android/commits/master/
|
| He points out that "You must license the entire work, as a
| whole, under this License to anyone who comes into
| possession of a copy."
| voytec wrote:
| > 404 Media journalist Joseph Cox published a story pointing out
| that Waltz was not using the official Signal app, but rather "an
| obscure and unofficial version of Signal that is designed to
| archive messages"
|
| Wow. And that's while their entire point of using Signal is to
| have conversations scrapped after a week to leave no no traces of
| criminal activity.
| tedunangst wrote:
| I don't think it follows that they selected the archiving
| messenger because they wanted disappearing messages. The whole
| disappearing messages thing was just internet speculation.
| mingus88 wrote:
| This TM SGNL app is compatible with legit Signal clients and
| servers.
|
| It's also possible that they are using this app to archive
| chats that other parties _believe_ to be disappeared.
|
| In other words, set your chats to disappear in 5 minutes and
| convince your target to dish some sensitive info. They think
| it's off the record, but it's instantly archived
| nine_k wrote:
| The counterparty should be naive or stupid to think that
| whatever they send has no chance to be recorded forever.
| They should always assume otherwise.
|
| The only interesting use case of disappearing messages is
| that messages one _receives_ will disappear securely, even
| if they forget about receiving such messages, or have no
| access to the device at the time.
| doctorpangloss wrote:
| Naive or stupid? No way, not the counterparties of
| alcoholic media personalities.
| ceejayoz wrote:
| Whether it was for that purpose or not, the messages did wind
| up disappearing. The CIA admitted it in a court filing.
|
| https://www.nytimes.com/2025/04/15/us/politics/cia-
| director-...
| an0malous wrote:
| No it was reported by the journalist who was in the chat.
|
| > Waltz set some of the messages in the Signal group to
| disappear after one week
|
| https://www.theatlantic.com/politics/archive/2025/03/trump-a.
| ..
| duxup wrote:
| Distantly reminds me of the Nixon tapes ... what could go
| wrong?
|
| I wonder what the people he communicated with knew / thought?
| Mbwagava wrote:
| You can turn off message disappearance with the app store app
| so this seems like a red herring.
| jasonfarnon wrote:
| Maybe they wanted to use Signal to thwart eavesdropping but
| they had to modify it in order to comply with govt record
| retention requirements?
| motohagiography wrote:
| this appears to be the most concise answer. TM SGNL provides
| interop with Signal users in the field, but also includes
| FOIA archiving.
|
| who manages the archiving service is a general government
| problem, and less of one for Signal or appointees. NSA should
| have been operating the archiving service and not a foreign
| country imo.
| khaki54 wrote:
| Do you think they are using the message archiving version so
| that they can meet organizational message retention
| requirements? Maybe they are using signal to ensure they have
| e2e encrypted messaging on their devices?
| crooked-v wrote:
| There are already government e2e apps. The only reason to use
| something else is to have selective auto-deletion and/or to
| use personal devices for official classified data.
| ceejayoz wrote:
| Another reason: all of the folks on that group chat have
| legitimate reasons to have contacts on their phone that
| would be outside government apps. Foreign leadership.
| Journalists. Etc.
|
| Signal is likely to be one of the main ways of
| communicating with those.
| wmf wrote:
| Using separate apps for government and external
| communication might have prevented the recent scandal.
| snovv_crash wrote:
| It wouldn't actually. The contact in his phone
| (incorrectly added by Apple AI from a forwarded email)
| would be the same regardless which app he was using.
|
| Instead, Signal (and this forked version) would have to
| do its own independent contact management, maybe based on
| in-person scanning of QR codes plus web-of-trust.
| johnmaguire wrote:
| The contact (a journalist) wouldn't be reachable on a
| government messaging app.
| voytec wrote:
| Signal does have its own contacts management and doesn't
| have to be allowed access to OS-native contacts.
| rkomorn wrote:
| If only it would a- not ask you to access your contacts
| and b- accept when you say no instead of saying "we'll
| ask again later" (and then, indeed, asking again later).
| Mbwagava wrote:
| Do you have the link to this alleged government-produced
| e2e software so we can inspect ourselves? I realize they
| have an incentive to appear incompetent, but surely there
| must be evidence (further than your testimony) of such
| gossip popping up somewhere
| _djo_ wrote:
| There are not just government e2e apps, but government-
| provided and customised smartphones specifically for
| them, like the DMCC-S programme. [0]
|
| Some of the apps are listed in that brochure.
|
| There's no excuse for using Signal on personal devices
| for classified conversations.
|
| [0] https://www.disa.mil/~/media/files/disa/fact-
| sheets/dmcc-s.p...
| Mbwagava wrote:
| Are the apps usable? The jargon seems intentionally
| impenetrable. The editor of that document should be shot
| every time they used an acronym. Like i get the DOD is a
| profitable dick to suck but this is just embarrassing for
| a document intended for the public.
|
| Anyway can you link the source? That's presumably the
| useful half. The marketing bit doesn't add anything.
| _djo_ wrote:
| I don't care how usable they are, this is the DoD and
| NSA-approved mechanism for conducting classified
| conversations and viewing classified data on mobile
| devices. The adversaries here are other countries who are
| very good at what they do, security is far more important
| than convenience.
|
| As for further research, there's plenty online about his
| programme and these devices. Feel free to Google it
| yourself. You're asking to be spoonfed.
| 7bit wrote:
| What? The point of Signal is not message scraping, but a good
| E2E encryption. Message scraping is just one feature the app
| provides that you can turn of if you wish.
| spenvo wrote:
| There is new reporting that a hacker has breached the parent
| company, TeleMessage, including live data being passed across
| servers in production.
|
| https://www.404media.co/the-signal-clone-the-trump-admin-use...
|
| It was marked as a DUPE of this discussion, despite being a major
| new development https://news.ycombinator.com/item?id=43890034
| Hopefully that decision can be reconsidered
| Mbwagava wrote:
| How does this happen when signal itself is open source?
| be_erik wrote:
| They used an internal fork delivered via MDM. There are no
| guarantees that Signal can make about the software running on
| those phones and per the reports it's a lot of phones.
| pvg wrote:
| You can just link the new development in an ongoing story
| that's already on the front page, just like you did. The
| alternative would be a second front page thread which splits
| the discussion and is worse all-round.
| spenvo wrote:
| That's a fair point, and it's your call - however, if the new
| (major) development is covered in this way then 1) users on
| the front page won't see mention of it at headline level and
| 2) the discussion of that development on HN will be affected
| by/limited to the time-decay of a post that is 12 hours
| older. I understand that there are tradeoffs at play, it
| really comes down to if the development at hand is big-enough
| to justify another post, and, again, that's your call.
| watusername wrote:
| I concur. An analysis of potential risks and
| vulnerabilities is a different beast from actual proof that
| the app has indeed been hacked. I call for the other
| discussion to be restored.
|
| Edit: Wanted to respond to the top-level comment but you
| get the point.
| pvg wrote:
| It's not my call, I'm just explaining how HN typically
| works. If you want some story handled differently, you
| should send an email to hn@ycombinator.com. But 'two or
| more things about the same thing on the fp at the same
| time' is a big barrier to overcome, it almost never
| happens.
|
| There is mod commentary on 'people might miss things
| because of the title' as well, it's mostly 'it's ok for
| people to click through the story or thread to figure
| things out' and that's also a fairly longstanding 'how HN
| works most of the time' thing.
|
| https://hn.algolia.com/?dateRange=all&page=0&prefix=true&so
| r...
|
| The operating assumption here is that people are smart
| enough to follow the developments in the story themselves -
| in the the thread and outside.
| baobun wrote:
| There seems to be a coordinated and consistent campaign to bury
| submissions from 404 Media on HN. Hopefully something can be
| done about that, too.
| viraptor wrote:
| In August last year I got this from dang when reporting a
| dead 404 link: "The site 404media.co is banned on HN because
| it has been the source of too many low-quality posts and
| because many (most?) of their articles are behind a signup
| wall."
|
| Not that I've really seen the low quality and the signup
| requirement doesn't stop other domains. There's quite a few
| things that originated from 404, so I hope HN gets over
| whatever it was that annoyed them originally.
| tomhow wrote:
| The main issue is the (sometimes) hard signup wall. I've
| been a moderator on HN for longer than 404media has
| existed, and I know from experience that this changes from
| time to time or article to article. Other paywalled sites
| that appear on HN (WSJ, NYT etc) have a porous paywall; you
| can (almost) always get around it by using an archive site
| like Archive.today.
|
| If it's a good article (contains significant new
| information and can be a topic of curious conversation) and
| a paywall workaround works for that article, we'll happily
| allow it.
| phonon wrote:
| If they do their own, original, investigative reporting,
| you may want to be a bit more permissive.
| viraptor wrote:
| Since HN doesn't really facilitate any workarounds anyway
| and we've been doing manual archive links and content
| reposting as needed in other cases... I suspect we can
| handle 404 as well as a community.
| dredmorbius wrote:
| Even porous paywalls can have a marked effect on story
| performance on HN.
|
| The _New York Times_ tightened its paywall markedly in
| August 2019, with a net effect that appearances in the
| top-30 stories on HN 's front-page archive (the "Past"
| links in the site header) fell to ~25% of their previous
| level.
|
| I'd asked dang at the time if HN had changed any of its
| own processes at the time. Apparently not.
|
| I suspect then that this reflects frustrations and/or
| inability to access posted articles behind the paywall.
|
| See: <https://news.ycombinator.com/item?id=36918251>
| (July 2023)
| mullingitover wrote:
| http://archive.today/HqMvy
|
| It's insane that this isn't front page news. This takes the
| original Signalgate breach to an order of magnitude higher
| level of severity.
| internet_points wrote:
| > The data includes apparent message contents; the names and
| contact information for government officials; usernames and
| passwords for TeleMessage's backend panel; and indications of
| what agencies and companies might be TeleMessage customers.
| ryanwhitney wrote:
| https://archive.is/2025.05.04-225615/https://www.404media.co...
|
| Why are these being instantly marked as dead?
| dashundchen wrote:
| Anything with a potentially negative impact on Musk, Trump or
| DOGE seems to get flagged immediately. Coordinated or not it
| extremely frustrating people flag rather than honestly engage.
| baobun wrote:
| Seems to be a censorship campaign targeting 404 Media. Been
| going on for at least weeks.
| WalterGR wrote:
| Submissions from some domains aren't prevented but
| automatically get deaded. It's not a campaign.
|
| See https://news.ycombinator.com/item?id=43891088 in which a
| user reports that moderator dang said why that happens for this
| domain.
| croemer wrote:
| The fact that archive link works should make this eligible
| for unflagging. From tomhow (mod)
|
| > If it's a good article (contains significant new
| information and can be a topic of curious conversation) and a
| paywall workaround works for that article, we'll happily
| allow it.
| jimmydoe wrote:
| We should all feel relieved that trump admin are following law to
| archive their chats after all.
|
| Unfortunately this Israeli company is just incompetent, should
| try something from Russia next time, given that's all the data
| end up to be anyway.
| 1oooqooq wrote:
| cutting the middle man is very neo lib of you. you may have a
| bright future in this administration.
|
| also keeping government honest and open is also very
| libertarian. covering all fronts.
| watwut wrote:
| I am pretty sure China has some backups too.
| namdnay wrote:
| I wonder if they were using it from the start, or if after the
| first SignalGate, someone scrmabled to find a supplier who
| could "make their Signal compliant" (which is exactly what
| TeleMessage/Smarsh are selling)
| awongh wrote:
| According to this tweet the government contract for the
| software was originally from 8/24 during the Biden
| administration: https://x.com/_MG_/status/1918148557670105354
| lynndotpy wrote:
| Can you quote the contents of this tweet for those of us
| without Twitter accounts?
| immibis wrote:
| Just replace x.com with xcancel.com
| senectus1 wrote:
| what is going on in the US gov IT?
|
| They took an Israeli app, that is a modified version of signal.
| the modification BREAKS the one thing signal is excellent at
| (keeping your messages encrypted so that only the desired
| endpoints can read them), then distributed it within the US Gov.
|
| This is insanity!
|
| US's enemy's couldn't manufacture a better result themselves!
| bathtub365 wrote:
| The messages do need to be recorded in a way that can be read
| by people other than the intended recipients due to federal
| record keeping laws. I'm curious if this particular app has
| been in use for a long time within the government and only
| recently became a target after it was accidentally revealed in
| that cabinet meeting photo.
| namdnay wrote:
| It's not just the US gov - TeleMessage/Smarsh sell to everyone:
| banks, corporations etc. Their USP is that your employees get
| to "keep using their apps" but still comply with all the boring
| data retention stuff - instead of using a dedicated corporate
| chat app
|
| What's interesting is that they also sell a hacked version of
| WhatsApp, and the Meta legal team haven't steamrolled them yet
| GuinansEyebrows wrote:
| > US's enemy's couldn't manufacture a better result themselves!
|
| in the game of nationalist geopolitics, it's only a matter of
| time before a current strategic ally becomes an enemy. it's the
| natural order of nationalism at global scale.
| be_erik wrote:
| This news story has been strange for me for awhile because on one
| hand NO our public officials should not be using Signal, but it
| isn't because Signal is a bad technology choice. Signal is great.
| It's probably the most useable service that's verifiably secure.
| be_erik wrote:
| Installing Signal using this method provides none of the
| guarantees Signal can normally provide by being an open
| verifiable application. It not only opens you up to state actors,
| but also IT folks like us. This is very much tech news. It helps
| explain why MDM is both critically important for businesses and
| terrible for security.
| be_erik wrote:
| There's chatter on bsky.
|
| But tl;dr anything said on those phones is assumed to be
| compromised until proven otherwise by time or a whole lot of very
| interesting security verifications. So far the evidence that this
| is a very large leak looks probable based on the evidence
| presented.
| croemer wrote:
| Why do you say "everything said on those phones" - did you mean
| "on this app"? If the backend of an app was compromised, that
| wouldn't mean the phone itself was rooted?
| be_erik wrote:
| By installing MDM you're effectively chaining your security
| to the security of the MDM. The MDM gives you the ability to
| install arbitrary code via a blessed backdoor. There's no
| reason currently not to suspect that anything said on that
| phone (signal or not) is compromised.
| croemer wrote:
| The MDM admin can do whatever the user can do (or more),
| sure. So yes the MDM admin can potentially read/hear/see
| stuff, but everyone knows that. That's not a vulnerability,
| that's by design.
|
| The compromise is only wrt the admin. Are you claiming the
| admin itself is compromised? What's the evidence for that?
| Zak wrote:
| It is reasonable to assume that the intelligence services of
| unfriendly countries are actively devoting significant
| resources to compromising both issued and personal phones of
| top-level officials in the US government. They would be
| negligent not to. It's also a good guess that those efforts
| would be increased after the first time it became public
| knowledge the officials were likely using those phones for
| secret official business.
|
| It is also reasonable to guess that such services have access
| to malware similar to the infamous Pegasus and a nonzero
| success rate at deploying it. In short, it's careless to
| assume none of the phones _aren 't_ rooted by a hostile
| actor.
|
| That's one of several reasons the government has rules
| requiring that classified conversations take place on
| specific approved devices which aren't used for anything
| else.
| dang wrote:
| (this was originally a reply to
| https://news.ycombinator.com/item?id=43890827 but since it's an
| on-topic comment, I moved it to the merged thread)
| abhisek wrote:
| Still trying to grasp the idea of archiving messages from E2E
| encrypted communication system into a storage that entirely
| breaks the purpose of using something like Signal.
|
| It's like encashing on the trust of Signal protocol, app while
| breaking its security model so that someone else can search
| through all messages.
|
| What am I missing here?
| RIMR wrote:
| There are compliance reasons where you want the communications
| encrypted in flight, but need them retained at rest for
| compliance reasons. Federal record keeping laws would otherwise
| prohibit the use of a service like Signal. I'm honestly
| impressed that the people involved actually took the extra
| effort for compliance when nothing else they did was above
| board...
| abhisek wrote:
| > There are compliance reasons
|
| Makes sense. But still debatable if the compliance
| requirements are acting against the security model or perhaps
| there are biggest concerns here than just secure
| communication.
| actionfromafar wrote:
| I would _not_ assume the archives were meant for compliance
| and federal records.
| ceejayoz wrote:
| We also have no evidence it was in use back in March. It
| may be a response to that oops.
| Xylakant wrote:
| You can never control what I do on my device with the message
| received- I can make screenshots, or, if the app prevents that,
| take a picture of the screen.
|
| The goal of signal is trusted end-to-end encrypted
| communication. Device/Message security on either end is not in
| scope for Signals threat model.
| colanderman wrote:
| TM SGNL changes the security model from "I trust the people
| in the chat" to "I trust the people in the chat _and also_
| the company archiving the chat ".
|
| If you don't trust the people in your chat, they shouldn't be
| in your chat.
| ceejayoz wrote:
| > If you don't trust the people in your chat, they
| shouldn't be in your chat.
|
| I assure you, none of these people trust each other.
| Backstabbing is normal.
|
| They're also likely using it to talk to foreign
| counterparts. Again, most of whom they don't trust a bit.
|
| Encryption isn't just about "do I trust the recipient".
| colanderman wrote:
| You are conflating levels of trust.
|
| The trust level required with Signal is, "do I trust the
| people _in this chat_ not to share the _specific
| communications_ I am sending _to them_ with some other
| party whom I _do not want to have a copy_ ".
|
| There are many many situations where this level of trust
| applies that "trust" in the general sense does not apply.
| It is a useful property.
|
| And if you don't have that level of trust, don't put it
| in writing.
|
| TM SGNL changes the trust required to, "do I also trust
| this _3rd party_ not to share the contents of _any of my
| communications_ , possibly _inadvertently_ due to poor
| security practices ".
|
| This is a categorical and demonstrably material
| difference in security model. I do not understand why so
| many are claiming it is not.
| philipwhiuk wrote:
| > This is a categorical and demonstrably material
| difference in security model. I do not understand why so
| many are claiming it is not.
|
| Because all it takes is one user to decide they trust the
| third party.
|
| Right now you actually have to do more than trust
| everyone, you have to trust everyone they trust with
| their chat history. Which already can include this sort
| of third party.
| Muromec wrote:
| >TM SGNL changes the trust required to, "do I also trust
| this 3rd party not to share the contents of any of my
| communications, possibly inadvertently due to poor
| security practices".
|
| That's the same level of trust really. Signal provides a
| guarantee that message bearer (i.e. Signal) can't see the
| contents, but end users may do whatever.
|
| You can't really assume that counterparty's device isn't
| rooted by their company or they are themselves required
| by law to provide written transcripts to the archive at
| the end of each day. In fact, it's publicly known and
| mandated by law to do so for your counterparty that
| happens to be US government official.
|
| The people who assume that they are talking with one of
| the government officials and expect records not to be
| kept are probably doing (borderline) illegal, like
| talking treason and bribes.
|
| No, this is not a "nothing to hide argument", because
| those people aren't sending dickpics in their private
| capacity.
| grishka wrote:
| Any client-side limitations are not part of the security model
| because you don't control other people's devices. Even with an
| unmodified app, they're trivially bypassed using a
| rooted/jailbroken device.
| colanderman wrote:
| Not part of Signal's security model, but trusting people in
| that chat very much can and should be part of the _user 's_
| security model. If you don't trust them, why are they in the
| chat in the first place?
| barryrandall wrote:
| It's not a person in the chat, it's an account. The account
| is usually controlled by the person associated with it, but
| you can't assume that it's _always_ controlled by that
| person.
| philipwhiuk wrote:
| Is it though? I think TM Signal is just emailing the
| chats to a server from the phone it's installed on.
| ceejayoz wrote:
| > If you don't trust them, why are they in the chat in the
| first place?
|
| Journalist? Taliban negotiator? Ex-wife?
| colanderman wrote:
| You are conflating "trust in all ways" with "trust to
| receive the communications in the specific chat they are
| party to". The former is not relevant.
| Muromec wrote:
| Well the ex-wife in question can be trusted to receive it
| a-okay and screenshot them to send to her lawyer and cops
| too, depending on contents. So do US government
| officials. Now we just know how exactly they do it.
| pmontra wrote:
| Or with the more affordable (in terms of skills) method of
| using another phone to take pictures of key messages on the
| screen of the first one.
| namdnay wrote:
| > What am I missing here?
|
| OK, say you're a bank. The SEC states you need to keep archives
| of every discussion your traders have with anyone at any time
| (I'm simplifying things but you get the point). You keep
| getting massive fines because traders were whatsapping about
| deals
|
| So now you've got several options - you can use MS Teams, which
| of course offers archival, compliance monitoring etc. But that
| means trusting MSFT, and making sure your traders only use
| Teams and nothing else. You can use a dedicated application for
| the financial industry, like Symphony or ICE Chat or Bloomberg,
| but they're clunkier than B2C apps.
|
| And then the Smarsh (owners of Telemessage) salesman calls you,
| and says "your users can keep using the apps they love -
| WhatsApp, Signal - but we make it compliant". And everyone
| loves it (as long as no-one in your Security or Legal teams are
| looking too hard at the implications of distributing a cracked
| version of WhatsApp through your MDM...)
|
| Edit: here's the install document for their cracked WhatsApp
| binary
| https://smarsh.my.salesforce.com/sfc/p/#30000001FgxH/a/Pb000...
| protocolture wrote:
| Seems like it doesnt resolve the trust issue it just shifts
| it to a smaller firm with more to lose.
| namdnay wrote:
| It definitely doesn't resolve the trust issue! I would
| trust MSFT a million times more than these cowboys. What it
| does give you is peace with your traders (who can be real
| divas..) - they can keep using "WhatsApp" and "Signal" and
| you can monitor everything
| amarcheschi wrote:
| ok, this absolutely reminds me of using indian whatsapp mods
| years ago. stickers, more features, local and portable
| backups... wouldn't try that as a member of the government
| though
| homebrewer wrote:
| Is it a coincidence that it reads almost exactly like SMERSH?
|
| https://en.wikipedia.org/wiki/SMERSH
| lupusreal wrote:
| Probably not. It's trendy to give edgy names to companies.
| See: Palintir.
| 77pt77 wrote:
| You mean Palantir
| duskwuff wrote:
| Probably coincidence. The founder of the company was named
| Stephen Marsh.
| JumpCrisscross wrote:
| > _say you 're a bank. The SEC states you need to keep
| archives of every discussion your traders have with anyone at
| any time_
|
| These records are encrypted in storage.
| Etheryte wrote:
| That is more than overly optimistic given how slow the pace
| of any technical innovation in finance is. The recent and
| not so recent issues with Citi are a good example of that.
| jjani wrote:
| Huh? If the goal is compliance, you wouldn't use something
| that's _worse_ for compliance - which is why the Legal and
| Security wouldn 't like it. If it helped with compliance,
| they'd love it! So the reason can't be compliance.
| MrDarcy wrote:
| The goal is the appearance of compliance, not actual
| compliance. Check the boxes.
| catlikesshrimp wrote:
| Maybe someone wanted to please the procedure of law but also
| had to please the bros. The result is a hack of a secure
| program that adds conversation archiving.
| sneak wrote:
| One of the most popular "e2ee" communication systems, iMessage,
| does exactly this each night when the iMessage user's phone
| backs up its endpoint keys or its iMessage history to Apple in
| a non-e2ee fashion.
|
| This allows Apple (and the US intelligence community, including
| FBI/DHS) to surveil approximately 100% of all non-China
| iMessages in close to realtime (in the usual case where it's
| set to backup cross-device iMessage sync keys).
|
| (China, cleverly, requires Apple to not only store all the
| Chinese iCloud data in China, but also requires that it happen
| on machines owned and operated by a joint venture with a
| Chinese-government-controlled entity, keeping them from having
| to negotiate continued access to the data the way the FBI did.)
|
| https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...
|
| Yet Apple can still legitimately claim that iMessage is e2ee,
| even though the plaintext is being backed up in a way that is
| readable to them. It's a backdoor by another name.
|
| Everyone wins: Apple gets to say E2EE, the state gets to
| surveil the texts of everyone in the whole country without a
| warrant thanks to FISA.
| nearbuy wrote:
| I suppose if both you and the recipient have cloud backups
| disabled, then Apple can no longer view your messages.
|
| But outside of that scenario, is there any advantage to
| iMessage using e2ee instead of just regular TLS?
|
| Edit: Apparently it's up to you whether you want your iCloud
| backups to use e2ee. There's an account setting:
| https://support.apple.com/en-us/102651. Standard protection
| is a sensible default for regular who aren't tech-savvy, as
| with e2ee they're at risk of losing all their iCloud data if
| they lose their key.
| watermelon0 wrote:
| That's an old article. According to Apple docs, Advanced Data
| Protection covers Device and Messages backups, which means
| they are E2EE.
| sneak wrote:
| Correct, but nobody turns it on because it's opt in, and
| even if you turn it on, 100% of your iMessages will still
| be escrowed in a form readable to Apple due to the fact
| that the other ends of your iMessage conversations won't
| have ADP enabled because it's off by default.
|
| Again, Apple gets to say "we have e2ee, any user who wants
| it can turn it on" and the FBI gets to read 100% of the
| texts in the country unimpeded.
|
| If Apple really wanted to promote privacy, they'd have
| deployed the so-called "trust circle" system they designed
| and implemented which allowed a quorum of trusted contacts
| to use their own keys to allow you to recover your account
| e2ee keys without Apple being able to access it, rolled
| that out, and then slowly migrated their entire user base
| over to e2ee backups.
|
| They have not, and they will not, because that will
| compromise the surveillance backdoor, and get them
| regulated upon, or worse. The current administration has
| already shown that they are willing to impose insanely
| steep tariffs on the iPhone.
|
| You can't fight city hall, you don't need a weatherman to
| know which way the wind blows, etc. The US intelligence
| community has a heart attack gun. Tim Apple does not.
|
| Separately it is an interesting aside that Apple's 1A
| rights are being violated here by the presumptive
| retaliation should they publish such a migration feature
| (software code being protected speech).
| immibis wrote:
| And yet, it's somehow so effective that it's illegal in
| the UK because it doesn't let the government read
| everyone's messages.
| Terr_ wrote:
| TBF, governments trying to outlaw some kind of privacy
| doesn't necessarily mean it's a current impediment to
| them. They can be planning ahead, securing their
| position, or just trying to move the window of what is
| considered acceptable.
| kelnos wrote:
| Are there any stats as to the percentage of iPhone users
| that enable Advanced Data Protection? Defaults matter a
| lot, and I wouldn't be surprised if that number is (well)
| below 10%.
|
| If you are the only person out of all the people you
| correspond with who has ADP enabled, then everyone you
| correspond with is uploading the plaintext of your messages
| to Apple.
| nicce wrote:
| The same applies to WhatsApp. Messages backups are
| unencrypted by default and even the whole iPhone backup
| includes the unencrypted chat history of WhatsApp by default.
| One reason why it was a big deal for UK to disable iCloud's
| E2EE backup.
| jowea wrote:
| My guesses:
|
| You want to talk to people who want to use Signal, but you
| yourself don't care about E2E
|
| You trust Telemedia, but not Telegram, or Meta. And you want
| convenient archiving.
| macrolime wrote:
| So this whole app exists because Signal doesn't have a way to
| archive messages on iPhone. Maybe they should take the hint and
| see that this is actually something a lot of people would find
| useful, instead of keeping it the backlog for a decade.
| WinstonSmith84 wrote:
| Well no, then you could just use Messenger or WhatsApp. The
| point of Signal is to be as secure as possible
| namdnay wrote:
| TeleMessage/Smarsh also sell a cracked WhatsApp :)
| namdnay wrote:
| It's not a question of archiving on the device - it's a
| question of your employer being able to archive/monitor your
| conversations
| tomhow wrote:
| See also: " _The Signal Clone the Trump Admin Uses Was Hacked_ "
| https://www.404media.co/the-signal-clone-the-trump-admin-use...
| croemer wrote:
| https://archive.is/6J8mf
| dang wrote:
| See also https://news.ycombinator.com/item?id=43890179 for
| discussion of whether that article should count as a follow-up
| or SNI.
|
| Normally I wouldn't link to meta discussion but this was such a
| weird borderline case that I spent over an hour trying to
| figure it out. Maybe that makes it interesting.
|
| Edit: in case anyone's confused about the sequence here,
| micahflee posted the current thread 2 days ago. The timestamp
| at the top of this page is an artifact of us re-upping it (http
| s://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...).
| matsemann wrote:
| FWIW, I never clicked into this when I originally saw it
| because I'm not that interested in a "technical analysis",
| but gained interest when the other title said that the app
| was hacked. To me, that's worth discussing, but here that
| lede is a bit buried. And I now only know about it because a
| friend sent me the link.
|
| I do feel there's a pattern of me reading some interesting
| tech news, then thinking "wait, why didn't I see this
| discussed on HN?", to searching for it and finding a
| buried/flagged HN discussion due to it being somewhat tied to
| politics (what isn't?)
| myvoiceismypass wrote:
| I have recently switched to the "active threads" feed which
| shows flagged content: https://news.ycombinator.com/active
| jFriedensreich wrote:
| Here is the thing about e2e encrypted messengers: They lock you
| and your data in and do not allow you control of your life. There
| is a right to data portability (at least in the eu) that they
| violate and there is no one fighting for it. Whenever i engage in
| conversation about this i get empty faces, hostility and vague
| references to features that are crippled or just don't work at
| all. There are people and institutions that have to archive the
| communication centrally and they don't have control over how they
| are contacted and cannot have conversation about the channel used
| in every interaction all the time. The solution is to finally
| force messengers to allow api access to all communication data
| and then show a sign similar to ssl warnings in browsers to the
| other side that this user is using an archival api service.
| woodruffw wrote:
| I don't understand this: there's nothing intrinsic to e2e that
| makes interoperability particularly hard. There are multiple
| open-source e2e protocols that demonstrate this tidily, and my
| understanding is that there are governments in the EU that are
| adopting e.g. Matrix for this reason.
|
| > show a sign similar to ssl warnings in browsers to the other
| side that this user is using an archival api service.
|
| There is no sound way to do this and there probably never will
| be, _especially_ if the protocol is interoperable and therefore
| the user can pick any client they please. The other client can
| always lie about what it 's doing or circumvent detections
| through analogue means, e.g. pointing a camera at the screen.
| Analemma_ wrote:
| If you have interoperability, then you need cipher
| negotiation between clients with different capabilities (and
| they will _always_ have different capabilities), and that 's
| a huge, juicy attack surface. Multiple critical SSL/TLS
| CVEs-- including some we know for a fact the NSA relied on--
| came from cipher negotiation.
| woodruffw wrote:
| > If you have interoperability, then you need cipher
| negotiation between clients with different capabilities
| (and they will always have different capabilities), and
| that's a huge, juicy attack surface.
|
| Not really. The degree of malleability in cipher
| negotiation is widely considered to have been a Bad Move in
| SSL/TLS's early design, and modern (well-designed)
| cryptographic protocols don't enable the kinds of
| parametric malleability that made SSL/TLS so exploitable at
| the time.
|
| Signal's protocol, for example, is perfectly interoperable;
| the lack of interoperability comes from a (not
| unreasonable) constraint at the application layer, not the
| protocol itself. Another example would be MLS[1], which
| supports fixed suites rather than parametric malleability
| and uses the technique from RFC 8701[2] to prevent clients
| from getting clever and trying to add their own extensions
| that undermine the fixed suites.
|
| [1]: https://datatracker.ietf.org/doc/rfc9420/
|
| [2]: https://www.rfc-editor.org/rfc/rfc8701.html
| RiverCrochet wrote:
| There's a difference between data transport and data hosting.
| Modern expectations of messengers seem to blur this line and
| it's better if it's not blurred.
|
| Incidentally: The reason why they blur it is because of 2
| network asymmetries prevalent since the 1990's that enforced a
| disempowering "all-clients-must-go-through-a-central-server
| model" of communications. Those 2 asymmetries are A) clients
| have lower bandwidth than servers and B) IPv4 address
| exhaustion and the need/insistence on NAT. It's definitely not
| practical to have a phone directly host the pictures posted in
| its group chats, but it would be awesome if the role of a
| messaging app's servers was one of caching instead of hosting.
|
| In the beginning though: the very old IRC was clear on this; it
| was a transport only, and didn't host anything. Anything
| relating to message history was 100% a client responsibility.
|
| And really I have stuck with that. My primary expectation with
| messaging apps is message transport. Syncing my message history
| on disparate devices is cool, and convenient, but honestly I
| don't really need it in a personal capacity if each client is
| remembering messages. I don't understand how having to be
| responsibile for the management of my own data is "less control
| of my life," it seems like more control. And ... I'm not sure I
| care about institutional entitlement to archive stuff that is
| intended to be totally personal.
|
| I understand companies like to have group chats, and history
| may be more useful and convenient there, but that's why I'm not
| ever going to use Teams for personal purposes. But I'm not
| going to scroll back 10 years later on my messaging apps to
| view old family pictures. I'm going to have those saved
| somewhere.
| cesarb wrote:
| > Those 2 asymmetries are A) clients have lower bandwidth
| than servers and B) IPv4 address exhaustion and the
| need/insistence on NAT.
|
| There's a third asymmetry: C) power-constrained clients which
| are asleep most of the time. And this applies not only to
| battery-powered phones/tablets and laptops, but also to
| modern desktops which are configured by default to suspend on
| inactivity.
| zitterbewegung wrote:
| Molly is a fork of signal that is allowed to access Signals
| APIs and their APIs are much more open than any other similar
| service [1] . Signal is not really designed for communicating
| with people that you don't know in real life such that you can
| be beyond suspicion that they would be archiving messages but
| it is basically impossible to monitor if your conversations are
| being archived if someone is just taking pictures of their
| phone with another device.
|
| [1] https://github.com/mollyim/mollyim-android
| throw7 wrote:
| I thought the only client allowed on Signal was the official
| build provided by Signal itself? Does this mean Signal does
| officially allow another build (Telemark's TM SGNL) access to the
| Signal network?
| captn3m0 wrote:
| From what I know, Signal tries to block known bad clients. But
| guaranteeing such blocks is impossibly hard short of forcing
| attestations via things like SafetyNet that would legitimately
| impact users as well.
|
| There was a case where a teenager in India rose to news media
| popularity by publishing a messaging app, which was a simple
| rebranding of Signal he made using some other tool which
| patches assets iirc.
|
| It was blocked by Signal, but only after reports surfacing
| about it being an insecure rebrand.
| IshKebab wrote:
| That's correct, but presumably this is unpopular enough to fly
| under the radar (until now at least).
| thenewwazoo wrote:
| [edit: apparently I responded to the wrong post. uh, oops. that's
| embarrassing.]
| dgellow wrote:
| I would say, you maintain a blog where you demonstrate your
| skill and knowledge. As a side effect, I'm pretty lots of
| people here would be interested to read your debugging, design
| process, etc :)
| thenewwazoo wrote:
| Sorry I nuked my comment after realizing it was in the wrong
| article but I wanted to say I appreciate the response. I'm a
| decent writer (which is why I think I should probably get
| around to applying to 0xide) but finding time to blog with a
| full time job and a kid is hard. Not that that's an excuse.
| jadayesnaamsi wrote:
| Mike should have used a GDPR-enabled app.
| ramesh31 wrote:
| More and more I am starting to understand that making money with
| software really has nothing to do with quality. It's about
| checking boxes. Enterprise SSO? Check. Auditing? Check. Does it
| "kinda" do the thing as advertised? Sort of, poorly, and slower
| than many free open source offerings. Oh, and also the company is
| in talks for an acquisition, so the entire engineering team is
| just drawing up plans for their vacation homes and picking out
| their BMWs at this point, while the product rots. Doesn't matter,
| here's your eight figure contract so we can tell the SLT we did a
| thing. By the time enough people have had to deal with it to get
| rid of it, all the decision makers will have moved on to
| something else.
| quantadev wrote:
| To me the shocking thing about the USA Gov't is that they manage
| to lose trillions in the defense dept that they can't account
| for, but somehow are unable to develop their own communications
| apps? What? Signing messages with a crypto key takes like 4 lines
| of code. It's not rocket science. Yet they use some corporate
| app?
|
| My only theory is that they're pretending to have only 'Signal'
| so that when they want to they can allow hackers to "see" stuff
| they WANT to be seen. Like a disinformation honey pot designed to
| misdirect America's enemies. While they actually have a totally
| separate secret app that _is_ secure and _is_ developed by the
| NSA.
| mikrotikker wrote:
| There are 2 secure messaging apps in the US govt according to
| reporting. But I dunno maybe they didn't have emojis....
| quantadev wrote:
| I heard they use "Signal" as an official app. That blew my
| mind. Sure they must have others, but why are they even
| allowed to use commercial apps at all? That's insane.
| cycomanic wrote:
| The bigger story is the follow up that shows someone already
| hacked telemessage because the app seems to be vulnerable to
| several exploits (and transmits data in the clear apparently).
|
| https://news.ycombinator.com/item?id=43896138
| mmooss wrote:
| Is Signal allowing arbitrary apps to connect to its network? How
| do I know that my correspondent is using TM Sgnl or another
| unofficial app?
|
| Doesn't that break Signal's security guarantees? For example,
| what if I set my message to delete in 1 hour but TM Sgnl archives
| it, or some other app simply ignores the retention setting?
|
| If Signal allows it, it seems like a major vulnerability? I
| suppose I must trust other users - they could always screenshot a
| conversation. But while I trust them not to intentionally cheat
| me, I shouldn't have to trust them to accurately evaluate the
| security implementation of a software application - something
| most people can't do, Mike Waltz being the most famous example.
|
| Maybe Signal should identify users unofficial clients. A downside
| is that it would provide significant identifying information -
| few people use unofficial apps.
| Sniffnoy wrote:
| > Doesn't that break Signal's security guarantees? For example,
| what if I set my message to delete in 1 hour but TM Sgnl
| archives it, or some other app simply ignores the retention
| setting?
|
| Disappearing messages has never been a security guarantee of
| Signal. People can always archive things their own way
| (screenshots in the worst case). It's just a convenience
| feature, not a security thing.
| CaptRon wrote:
| Kinda curious why meta isnt the one developing these government
| versions of messaging apps. Seems like a nice side biz
| abvdasker wrote:
| At this point given what we know about his political sympathies,
| it seems more likely than not that Waltz is an agent of Israel
| and this (possibly deliberately) compromised app was a roundabout
| way of passing high level intelligence to Mossad.
___________________________________________________________________
(page generated 2025-05-05 23:00 UTC)