Notices by Alyx ⏚ (x_cli@infosec.exchange)

@soatok I have read your series :) What I am saying is that, unless I don't recall it correctly, your focus is not on what metadata is available to Signal servers.

For operation purposes, they necessarily have more data than what they claim (i.e. just the phone number, the IP address of the last connection, date of creation and date of last connection).

They have the remaining prekeys from which you can infer when/how many new conversations were created.

Having stuff (like contacts) in the secure enclave is great, but secure enclaves don't have storage, so when you need to restart the task running in the enclave, either you loose all the data, or you store it on disk in an encrypted form to load it back in in the new task. Where is the encryption key for that data? It has to be known by the operators, unless I am mistaken, and if that key is known by the operator, they can decrypt the data on disk.... so the data ain't really secure from the operator and the DoJ?

Signal has to store a token per account to request notification from the Google/Apple notification services. This token is tied to the Signal identity and to a Google/Apple account, so that's something that authorities would want to have, isn't it?

And these are a sample of the data that Signal has to have. I'm not even talking about the data they claim they don't collect and for which we can just blinding trust them.

So yeah, maybe my reply was lazy. But I did publish a conference that required significant work. Let's not ignore that, please.

@chiraag @khm @kunev @mcc

@chiraag

I'm gonna break your high opinion of Signal, sorry.

https://passthesalt.ubicast.tv/videos/metadata-protection-in-instant-messaging-applications-a-review/

Signal can and do collect a lot of shit. A lot more than what they pretend they have. I have no idea why the USA authorities put up with their incomplete responses. I have theories.

Signal subcontractors do collect shit and they make no privacy promises at all. There are a lot of them. All USA-based

Signal servers can disable privacy features and the Signal app will comply silently.

@khm @kunev @mcc

@chiraag Sure. I also work in the applied cryptography engineering field, but you can trust whoever you like. As it happens, @soatok does not speak about metadata in his blog post. Not once. The word is not even present, and that's all I am talking about, so his claims and mine's are not contradictory.
My feeling about why the Signal president is not in jail right now, considering what we know about the metadata that Signal does have, is that they are actively collaborating with the USA government. Another possibility is that the DoJ is utterly stupid.

If you had watched the video, you would know that I'm talking about AWS, Cloudfront, Cloudflare, GCP and Apple which are all involved in the operation of the Signal service.
@khm @kunev @mcc

@dalias Unfortunately, it is already there... The ship has sailed. And it is the age-old argument "do not invent something that could be misused". We would still be living in caves if we did not invent stuff. What matters is what you do with that stuff and if that stuff can be built to be trusted.

In my town, I would love to be able to set up informal polls/surveys that can only be voted (truly anonymously) by the people living or working in the town. Sounds legit, don't you think?

I mean, if you think about it, there are valid use cases. Maybe you disagree with enforcing age restrictions on some products or content. In many cases, I share that opinion. But I can think of use cases that are benign. For those that aren't, the real fight is to stop their use, not to stop the tech from being invented. But this is debatable, I'm sure ; it is just my opinion :)
@chrisvest @eff

@chrisvest
I believe there might be some anonymous online attribute verification that may be legit.
For instance, for selling drugs like alcohol or tobacco online, or ensuring that someone does have a ID card in a specific region of the world. YMMV.

I'm not saying all attribute verifications are relevant or desirable, but some might me worth discussing democratically, and if some are valid, then we ought to have a truly privacy-preserving way of doing it that does not just pretend to be privacy-preserving by using ZKP just because it sounds secure.

@dalias @eff

@dalias
Exactly. The point of a ZKP is to provide repudiable proof, which goes against the very goal of these age proofs (i.e. allowing verifiers to prove to the authorities that they did verify users age). So if they use ZKP, it is only because the name induces a false sense of security. Nothing more. Digital signatures would be way more appropriate, but they are scary, on paper.
@eff

@Modiie
Si les gens le proposent gratuitement, pourquoi refuser l'économie du don ? Pourquoi rendre tout capitaliste en considérant que "tout travail mérite salaire" ?
Je veux dire, je comprends le cout d'une instance Peertube et du streaming. C'est mon métier. Mais il y a aussi des mécènes 🤷

@playit I heard a lot of great things about Vector (https://vector.dev/) and I had plans to use it in my previous job before I quit.
Vector is featureful and the documentation is great.

@delta Good attempt, but I'll resist the urge of adding you to my talk :D Please implement PFS to be a candidate for the next one: https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/ ;)

@delta

> What does PFS have to do with minimizing metadata?

Absolutely nothing. You are correct.

The thing is the research behind this talk is an unpaid independent research, done on my free time. So I had to set some arbitrary criteria to filter the dozens of applications to study. If people want me to study a specific application, my rate is 500€/day (which is lower than my standard rate; a sacrifice I am willing to make because I think there is a social value to this work).

My belief is that E2EE, PFS and ephemeral messages are the minimum requirements for a secure messaging application to be taken seriously.

These are beliefs. Some people might have different beliefs and that's obviously OK.

So when people ask me "Have you considered Delta Chat?", my answer is "lol, no, they don't even have PFS; let's talk about serious applications".

The truth is I did fund Delta Chat, studied it and even contributed to its translation. There is value in Delta Chat, and I am not denying it. But if I have to use an application to secure my communications, Delta Chat is not a valid option for me. Sorry.
---
> Can you link a real-world case where PFS played a role and protected someone from repressive persecution?

PFS protects against the recovery of past communications that were recorded and ultimately decrypted after the attacker gets access to the key material. People able to setup dragnet surveillance are generally working for intelligence services and law enforcement. They don't tend to brag about their methods in the press.

Still, the NSA (Prism) showed to the world that there are nations recording large amount of Internet traffic. Pegasus showed that mobile phone surveillance and key extraction are a thing.

The (almost) general adoption of ephemeral messages shows that the public is aware that when law enforcement forcefully unlocks your phone, you don't want to have your personal conversation lying around. But what about your key material?

Well, if you don't have PFS, law enforcement will get their dirty hands on it... and with that, they will get access to all past conversations that you thought were confidential because you used ephemeral messages.

My point is ephemeral messages are pretty much useless if your adversary recorded your encrypted conversations and you don't have PFS.

So do I have a real-world case where PFS played a role? No.
Do I know real-world cases where ephemeral messages prevented law enforcement from accessing someone's data? Yes.
Do I know real-world cases where traffic was recorded and decrypted on the side thanks to the lack of PFS? Yes. I even worked for a company building surveillance appliances that do that... (not being too proud about that but hey... not having PFS is a serious flaw in my book).

@Natouille Contradiction détectée 😅

@elzen (je m'inscris en faux sur cette affirmation ; il s'agit de la seule interprétation de @elzen des textes que j'ai fournis et qui, à mon avis, disent l'exact opposé :))
@crowdagger @parleur @lanodan

@lanodan Les lois applicables, c'est toujours les mêmes depuis 20 ans : la LCEN et la LCEN2.

@crowdagger @elzen @parleur

@parleur
Loin de moi l'idée de défendre des racistes.

Je rappelle néanmoins qu'en droit, un hébergeur est un hébergeur tant qu'il ne fait d'action de choix éditoriaux ; autrement tant qu'il se contente de supprimer le contenu qui est manifestement illégal dès lors que celui-ci lui est signalé et dans un délai raisonnable. Dès lors que ses actions de modération s'étendent des décisions sur du contenu qui n'est pas manifestement illégal, alors il devient éditeur, et il est responsable légalement des propos tenus sur sa plateforme.

Est-ce que des messages que tu assimiles à du dog whistle (je te crois sur parole ; je m'y connais pas assez) sont qualifiables de manifestement illégal ? Par définition, j'ai l'impression que non.

Zéro confiance en Olvid.

https://web.archive.org/web/20250228063029/https://infosec.exchange/@x_cli/114071933034464431

1) L'État ne représente pas un risque selon eux ;
2) Épandage de la peur et du doute sur les concurrents ("nos concurrents sont des outils de surveillance de masse", sans justification) ;
3) Usage de post-vérité : "nous avons été audité, contrairement aux autres, que les gogos croient sur parole" ;
4) emploi de comptes marionnettes/ferme à trolls pour poster de la désinformation sur les concurrents (https://mastodon.top/@atchi150585/114078339465195398)

Ne tombez pas dans le piège. Déconseillez Olvid.

@rgacogne
I second that opinion, but the structure has to be a non-profit. This is why I refuse to fund Thunderbird.
@rakoo @exception @sarahjamielewis

Donc l'#ANSSI sort un guide sur la sécurisation des serveurs ACME.

**PAS UNE mention de DNSSEC**

Fucking amateurs

#infosec #acme #cybersecurity

@solene
Nope. Not IPv6 related 😉

Check your #DNS skills:

On GNU/Linux:

ping broken-by-design.fr => name resolution OK

resolvectl query broken-by-design.fr => name resolution OK

wget https://broken-by-design.fr => Temporary lookup failure

apt update => Temporary lookup failure

What did the user (sudoer) change on their system to break it?

For those of you on Atomic Desktops (Fedora Silverblue) wanting to run Signal Desktop and not trusting the non-official flatpak (which is broken anyway...): you can install Signal Desktop on a toolbox.

toolbox create -d ubuntu -r 24.04
toolbox enter ubuntu-toolbox-24.04
<run the commands to install signal desktop as indicated by the Signal website>
apt update && apt install -y alsa

and boom ! You can run Signal Desktop!

Toolbx is an excellent tool, including for running applications with graphic displays. Audio and video calls work too!