Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 00:47:52 JST Soatok Dreamseeker

   Session be like

   "We're metadata-resistant. Also, we recently passed the 1 million user milestone. Don't ask how we distinguish unique users!"

   https://www.404media.co/email/9ee8f6a1-348a-4fb1-b1b3-30c8898d7581/?ref=daily-stories-newsletter

   • Haelwenn /элвэн/ :triskell: and feld like this.
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 00:47:58 JST feld

     in reply to
     @soatok oh good i was wondering about them
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 02:33:20 JST feld

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     @soatok @jkmcnk @gsuberland I don't know if intercepting messages without PFS is such a huge threat vector as people make it out to be though.
     
     Q: How are they getting your key?
     
     A: They seized and unlocked your phone.
     
     Even criminals are too dumb to have all their chats set to a short timer for auto-delete, the feds just read your scrollback :laugh:
     
     Isn't it also using TLS so they'd have to crack the TLS PFS too?
   • Embed this notice
     jaKa Močnik (jkmcnk@mastodon.social)'s status on Wednesday, 23-Oct-2024 02:33:21 JST jaKa Močnik

     in reply to

     • Graham Sutherland / Polynomial

     @gsuberland just "yeah, we're forking a sophisticated e2e messaging protocol" is enough for the bells to ring, never mind the sting ops. :D @soatok

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 02:33:21 JST Soatok Dreamseeker

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik

     @jkmcnk @gsuberland Didn't Session also remove forward security?

   • Embed this notice
     Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Wednesday, 23-Oct-2024 02:33:23 JST Graham Sutherland / Polynomial

     in reply to

     @soatok having just watched that DEFCON talk by the 404media guy about the FBI running one of the biggest encrypted phone companies as a sting op, the words "Signal fork" are some of the loudest alarm bells ever.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 07:14:45 JST Soatok Dreamseeker

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     • feld

     @feld @gsuberland @jkmcnk Making things ephemeral eliminates so many attack vectors. Long-lived secrets are undesirable.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 07:14:45 JST feld

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     @soatok @gsuberland @jkmcnk yes that is true, but to make sure we're on the same page:
     
     Tor already has PFS
     
     Signal, if it didn't have PFS, would still have PFS via its usage of modern TLS
     
     So the question is: how could they even intercept the E2EE messages that don't have PFS in the first place?
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 07:33:05 JST Soatok Dreamseeker

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     • feld

     @feld @gsuberland @jkmcnk I think this is asking the wrong question

     Building PFS into a protocol costs almost nothing and makes security proofs easier, simplifies analysis, and lets us focus on other areas of the attack surface.

     PFS should be the default for any protocol designed after the 1990s, and any design that doesn't include it should justify their choice to exclude it, rather than the converse.

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 07:33:05 JST feld

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     @soatok @gsuberland @jkmcnk I don't disagree, but unless there's a reasonable vector here this discussion is just a circle jerk about MAXXXX possible security posture.
     
     Why not also write your Signal messages using a One Time Pad lol
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 07:47:03 JST feld

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     @soatok @gsuberland @jkmcnk Still another layer
   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 07:47:04 JST Soatok Dreamseeker

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik
     • feld

     @feld @gsuberland @jkmcnk Because one-time-pads don't offer protection against chosen-ciphertext attack.

   • Embed this notice
      (mint@ryona.agency)'s status on Wednesday, 23-Oct-2024 08:08:57 JST 

     in reply to
     @soatok >what are webserver logs
   • Embed this notice
     Jess👾 (jesstheunstill@infosec.exchange)'s status on Tuesday, 12-Nov-2024 13:34:16 JST Jess👾

     in reply to

     • Graham Sutherland / Polynomial
     • jaKa Močnik

     It is frustrating that Signal still insists on requiring a phone number for everyone who uses their app, though. At least they finally made usernames so you don't have to share your phone number with others, but I don't really want to share it with Signal either.

     @jkmcnk
     @gsuberland @soatok

     Haelwenn /элвэн/ :triskell: likes this.