Conversation

Notices

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Friday, 14-Feb-2025 10:55:17 JST Rich Felker
@kkarhan @signalapp @monocles @lauren Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal.
The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties.
There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...

In conversation about a year ago from hachyderm.io permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Friday, 14-Feb-2025 11:24:49 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren That's that sealed-sender is best effort, which is roughly equivalent to saying "trying to approximate what you'd get with a Tor-based or Velid-based approach on top of open internet is best-effort". It's still way better than all the posers who say "Signal is insecure because it's centralized, try my hand-rolled crypto instead!"
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Friday, 14-Feb-2025 11:24:50 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Some people like to make bold statements without verifying first.
  The server *can* do malicious things (even targeted, so it maybe already is happening without anyone known) that result in exactly an "undetected breakage of privacy properties". Here's an issue about this, closed with the comment that privacy features are only best-effort with no guarantee: https://github.com/signalapp/Signal-Android/issues/13842
  In conversation about a year ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
    
    Signal silently falls back to "unsealed sender" messages if server returns 401 when trying to send "sealed sender" messages · Issue #13842 · signalapp/Signal-Android
    
    Guidelines I have searched searched open and closed issues for duplicates I am submitting a bug report for existing functionality that does not work as intended This isn't a feature request or a di...
- Embed this notice
  GNU Too (gnu2@gnusocial.jp)'s status on Saturday, 15-Feb-2025 07:41:46 JST GNU Too
  in reply to
  
  @dalias lol at getting normie to use Telegram
  
  In conversation about a year ago permalink
- Embed this notice
  GNU Too (gnu2@gnusocial.jp)'s status on Saturday, 15-Feb-2025 07:41:46 JST GNU Too
  in reply to
  
  @dalias the decision to stop natively supporting SMS has led to fewer people I know using it at all. They'd rather just use unsecure everything rather than use multiple applications.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:14:46 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Signal can't do that because they do not have arbitrary code execution privileges on the client. The client is FOSS and anyone can read the source, verify that it matches what's shipped, and audit what it does. Users who lack the skills or time to do that can refrain from updating right away until updates have received scrutiny.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:14:48 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  People always go with "Signal has the best crypto" to argue why Signal and only Signal. However, crypto alone is not the only thing in the world.
  Good crypto might be necessary for good privacy and security, but it doesn't alone solve the problem. If Signal would send a clear test backup of all messages to their servers, all this great crypto would be worth nothing.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:16:51 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren No, not being a source of metadata, location data, contacts graph, etc. harvesting for Facebook, along with having open and auditable source, are the main things distinguishing Signal from WhatsApp.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:16:52 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Specifically for this context, sealed-senders is one of the few features of Signal that differentiates it from WhatsApp, which uses largely the same crypto. If the few extra privacy features of Signal are just best-effort and it's fine they only work if the server does not misbehave, Signal becomes almost the same as WhatsApp - except that the one company that controls everything has a different name.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:18:48 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren The above made-up threat you scaremongered about with Signal (malicious client behavior) already exists in WhatsApp and *will escalate* as soon as they want to please the fuhrer.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:19:44 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Citation needed.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:19:45 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Users, to a large degree, download the Signal app from the Google Play Store and Apple App Store. The apps shipped through this can hardly be verified by endusers. A modified version of the app could be delivered to selected users.
  The official Signal app for Android is not fully open source and in its non-free parts does have a mechanism built-in that allows the code to be changed at runtime without allowing external auditors to review it.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:21:38 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Because it's not sent to them.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:21:39 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  How do you know that Signal company does not share their metadata and contacts graph with Facebook. You make this assumption and you are probably right, but you have no way to verify.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:39:04 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Gradle is a Java build system not a runtime dynamic code injection system...
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:39:06 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Here's the link to the Signal source code dependency file importing a proprietary, obfuscated library that is known to dynamically load and execute arbitrary code from a server in the context of the calling process, thereby granting it access to everything that happens inside the app: https://github.com/signalapp/Signal-Android/blob/main/gradle/libs.versions.toml#L123
  In conversation about a year ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
    
    Signal-Android/gradle/libs.versions.toml at main · signalapp/Signal-Android
    
    A private messenger for Android. Contribute to signalapp/Signal-Android development by creating an account on GitHub.
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:43:17 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Obviously you don't let it read your contacts book. It works fine if you opt not to. WhatsApp is almost impossible to use without granting it access - you can't initiate chats unless you know how to construct chat invite links to marshall them in.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:43:19 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  And I'm not even talking about Signal directly uploading the numbers in your device's phone book (although encrypted in a way that they likely have no direct access to it, but others likely do).
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:43:20 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Contact graph is who you are sending messages to. Signal servers can always see who receives a message and they can trivially see who sent a message if sealed senders is turned off (which, as is shown, can be done by the server). So Signal in fact has access to your contact graph.
  They also have access to a bunch of other metadata, like the Apple/Google push token that is known to be used to spy on people: https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/
  In conversation about a year ago permalink
  Attachments
  1. Untitled attachment
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:46:43 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren As discussed, yes sealed sender can be blocked causing fallback, but that's a visible and non retroactive attack. It never exposes your chat history or non Signal contacts or anything else, only who you received from while the attack is in progress.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:51:07 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren You could have cited it by name then. I can't find any details on it right off much less whether it has RCE vectors. If you believe it does, can you please either file an issue on the tracker or provide sufficient information on where to find the evidence so that someone else can?
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:51:08 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Mastodon removes the line number from the shared link in the nice preview.
  In the shared file, line 123 is the reference to a proprietary and obfuscated library that is included as part of the build process. This library was never audited, but it is known to, when used, dynamically load and execute code without any additional sandboxing (thus inheriting all the permissions and access to the private files of the app calling into the library).
  In conversation about a year ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    http://preview.In/
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:54:11 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren
  In conversation about a year ago permalink
  Attachments
  1. Signal settings screenshot: Show status icon Show an icon in message details when they were delivered using sealed sender.
    https://media.hachyderm.io/media_attachments/files/114/031/587/771/772/720/original/ef06517cc7ef73ee.png
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 01:54:12 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  As is described in the issue, the fallback to revealing the sender when sealed sender fails is not in any way communicated to the user and happens fully automatically. In fact, it randomly happens to users every now and then and that is by design. If it were to notify users when this happens, it would be very confusing.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 01:58:09 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren But again, hiding essential metadata that takes hard cryptographic routing work to hide is way above the scope of the class of messengers we're comparing.
  The claim is not that Signal makes it impossible to recover some of this essential metadata. The claim is that it is not purposefully scooping up as much other private data as it can for an owner whose whole business model is scooping up personal data.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 02:00:58 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Again, citation needed.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 02:00:59 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  Honestly, "RCE" is the whole purpose of the library embedded here. That's not an issue, it's a feature, Google sells this as dynamically updating your dependency. This is why Signal cannot be made available in the F-Droid store.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 02:03:00 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren Of course (assuming your claim) it's "not an issue" for the library provider (Google). It's absolutely an issue for Signal and reportable as such. If your claim is true I expect them to remove it.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 02:11:39 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren What you're imagining is an organization which has no mission or profit motive in tracking its users, but existential threat from being perceived as betraying its mission, spending inordinate resources and hiring labor to implement & host this, without anyone whistleblowing. All for the sake of a very small attacker capability. This just makes utterly no sense.
  
  In conversation about a year ago permalink
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 02:11:41 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  As far as I know, this is turned off by default and even then only visible if people look at the details of a message (which they don't do, realistically). Remember that this only has to happen for a single message to create the link in the contact graph. So if any, this is a red herring, not a mechanism that prevents Signal servers from creating a contact graph, if e.g. forced by the crazy government of the country they are located in.
  
  In conversation about a year ago permalink
- Embed this notice
  Rich Felker (dalias@hachyderm.io)'s status on Thursday, 20-Feb-2025 02:15:08 JST Rich Felker
  in reply to
  @pixelschubsi @kkarhan @signalapp @monocles @lauren It gives you full protection against state actors intercepting the contents of your communications.
  As advertised.
  It does not protect you from compromised client devices, compromised contacts selling you out, or some possibility of state actors determining who you're making contact with. But on the latter it's still better than anything else in its class.
  If you need stronger, use Cwtch or Veilid and deal with reduced functionality & drawing more attention to yourself.
  In conversation about a year ago permalink
  Attachments
  1. Untitled attachment
  2. No result found on File_thumbnail lookup.
    
    http://advertised.It/
- Embed this notice
  pixelschubsi (pixelschubsi@troet.cafe)'s status on Thursday, 20-Feb-2025 02:15:10 JST pixelschubsi
  in reply to
  @dalias @kkarhan @signalapp @monocles @lauren
  If you are saying, Signal is doing a better job in ensuring that big tech doesn't get rich with the data of its users than WhatsApp, I'll happily sign that.
  But to me - and also how Signal advertises itself - it's not only against big tech, but also against state actors. And then this becomes a whole different story.
  
  In conversation about a year ago permalink

Public

Conversation

Notices

Feeds