Signal
Signal is open source, so our code is regularly scrutinized in addition to regular formal audits. We also constantly monitor security@signal.org for any new reports, and we act on them with quickness while also working to protect the people who rely on us from outside threats like phishing with warnings and safeguards.
This is why Signal remains the gold standard for private, secure communications. 5/
l
@signalapp Why Signal does not publish those formal audit reports?
Wiki page https://community.signalusers.org/t/overview-of-third-party-security-audits/13243 only contains research papers. There was a TextSecure audit https://www.fox-it.com/be/research-blog/working-with-the-open-technology-fund/ and some evidence that in 2018 Signal paid Doyensec LLC., but no audit reports published.
For comparison, WhatsApp publishes its security audit reports and Wire published some (but not all): https://codeberg.org/kuketzblog/www.messenger-matrix.de/issues/40
Briar, Threema, Delta Chat, Session, SimpleX Chat all published at least some audit reports.
Rich Felker
@david_chisnall @guardianproject @signalapp @fdroidorg That's a perpetual myth that seems to have no basis in reality. The libraries in question have not been shown to be able to inject arbitrary code unless a malicious OS (which already has the capability to inject code into any program it hosts) has instructed them to do so.
(To be clear, this means on a Googled Android, you're just as vulnerable to Google's whims as you already were by running a Google OS, and on deGoogled Android you do not appear to be vulnerable.)
If this is incorrect, I'd like to see evidence.
Still I think on principle Signal should remove all Google code. There's no reason for it to be there and it hurts trust.
David Chisnall (*Now with 50% more sarcasm!*)
@guardianproject @signalapp @fdroidorg
'Our secure messenger is open source and auditable, except for the fact that we allow a data-mining company to inject arbitrary code into our binaries and don't provide a build that doesn't do that' is somehow a less compelling argument than it may first appear.
Guardian Project
@signalapp As a supporter of #Signal, it is important to point out a key detail: Signal's own code is #OpenSource, but Signal uses multiple #proprietary libraries from #Google. Those cannot be scrutinized since the source code is not open. We believe Signal should offer an actual open source version, and are ready to help. This exists already in the fork https://fosstodon.org/@MollyIM Also, apps like #Element #Threema #Wire are #FOSS, and have #ReproducibleBuilds on @fdroidorg #FDroid
Rich Felker
Jörg 🇩🇪🇬🇧🇪🇺
@guardianproject As long as @signalapp is a US foundation it’s subject to the US law. And this is a definite no go. So the only current secure messenger for us European that can’t be jeopardised by the Trump regime is @threemaapp
David Chisnall (*Now with 50% more sarcasm!*)
@dalias @guardianproject @signalapp @fdroidorg The libraries are arbitrary (binary) code provided by a third party. I'm not sure what you think is a myth.
Rich Felker
@david_chisnall @guardianproject @signalapp @fdroidorg No, they're fixed code that contains exactly whatever code was there at the time Signal acquired and linked them in. Regardless of whether you have the source, this is analyzable, and if it doesn't have backdoor communication channels, the likelihood of harm is low even if you haven't done detailed analysis.
"Arbitrary code execution" would mean that they phone home to dynamically obtain code that Google could alter at any time to change the behavior after Signal shipped the app. That's the apparently false allegation folks are making about Signal.
David Chisnall (*Now with 50% more sarcasm!*)
@dalias @guardianproject @signalapp @fdroidorg
When you are making a claim of security as a result of being open source, the fact that that you allow someone else to provide a binary and then inject it into your final build is a problem.
I can only assume that you're arguing for the sake of arguing, rather than making a real point.
Rich Felker
@david_chisnall @guardianproject @signalapp @fdroidorg No, I'm calling out bad faith criticism. Using closed source components from untrustworthy party X is a valid criticism. "Allows party X to inject arbitrary code" is a mischaracterization of that which serves an agenda (usually promoting scammy fake secure messengers).
Richard Johnson
@david_chisnall @dalias @guardianproject @signalapp @fdroidorg
I see a real point challenging your overstatement. This doesn't strike me as arguing for the sake of arguing, but rather as correcting the myth of live code injection into signed builds.
This converts the original overstatement from "signal (and everything else?) will run arbitrary code downloaded at runtime" into "blobs are a risk".
This is a much less compelling and startling (headline-worthy) claim.
Rich Felker
@david_chisnall @guardianproject @signalapp @fdroidorg I know it's not what you were doing, but I saw someone promoting threema in this same thread.
David Chisnall (*Now with 50% more sarcasm!*)
@dalias @guardianproject @signalapp @fdroidorg
Okay, I am not going to argue any more. Allowing a third party to inject arbitrary code is literally what you do when you link a closed-source binary with no sandboxing.
If you think it's bad-faith criticism to state a fact, I am just going to mute you. Especially when you follow it up with 'usually promoting scammy fake secure messengers', which is something I was definitely not doing (and, if you pay attention to my previous posts, you'll see that I have encouraged people to use Signal rather than other things).
Rich Felker
@geco_de @guardianproject @signalapp @threemaapp That's only the case if the promised security properties of the messenger that users are depending on admit subversion by the party who provided it. That's not the case with Signal. The only way they could subvert it is by denying availability (shutting the infrastructure down) or shipping malware in new versions of the application. They are not going to do the latter. Thinking they are is insulting to the people working on it and makes no sense. They have no reason to do that.
Jörg 🇩🇪🇬🇧🇪🇺
@dalias It has nothing to do with the people behind Signal. But the Signal foundation is a US foundation. And it’s subject to the US law. And the Trump administration is converting the US system at least into an oligarchy if not worse.
Messengers under US law won’t be secure anymore. The only solution for the signal foundation is to leave the US and move at least to Canada as a safe harbour.
@guardianproject @signalapp @threemaapp
Rich Felker
@AMDmi3 @geco_de @guardianproject @signalapp @threemaapp Indeed. This is not a problem solved by jurisdiction but by a combination of technical measures, trustworthy people, and transparency that make retroactive subversion impossible and forward subversion sufficiently difficult and obvious if done that there are no incentives for it.
Dmitry Marakasov
@geco_de @dalias @guardianproject @signalapp @threemaapp no jurisdiction is or will ever be 'a safe harbour'.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.