Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Why Wire/Signal instead of Matrix/Riot? #534

Closed
Nic-Wow1 opened this issue Oct 14, 2018 · 54 comments
Closed

Why Wire/Signal instead of Matrix/Riot? #534

Nic-Wow1 opened this issue Oct 14, 2018 · 54 comments
Labels
[m] Matrix protocol

Comments

@Nic-Wow1
Copy link

Why is Wire/Signal rated above riot.im?

It even lists some of their major flaws:
Signal:
Warning: Requires a mobile number to register but you can securely use a disposable number.
Wire:
Caution: The company keeps a list of all the users you contact until you delete your account.

Riot, is FLOSS and decentralized while Wire/Signal is centralized and non-privacy respecting.

Plz consider recommending Riot over Wire and/or Signal.

@ghost
Copy link

ghost commented Oct 14, 2018

Your statement reads like the typical "XMPP/Matrix are the most secure and most private possibilities to chat on earth" statements.

Riot, is FLOSS and decentralized while Wire/Signal is centralized and non-privacy respecting.

FLOSS is neither a privacy nor a security feature. Furthermore, decentralization isn't a privacy feature and when it comes to security, decentralization most notably provides availability (exceptions confirm the rule.)

Feel free to provide any credible source that confirms your "Wire/Signal is … non-privacy respecting" statement.

@Nic-Wow1
Copy link
Author

Nic-Wow1 commented Oct 16, 2018

@infosec-handbook

FLOSS is neither a privacy nor a security feature. Furthermore, decentralization isn't a privacy feature and when it comes to security, decentralization most notably provides availability (exceptions confirm the rule.)

If it isn't, I wonder why some many decentralized solutions and self-hosting is seemingly always put above centralized services. Just look at I2p-Bote. :/

Edit: FLOSS is a privacy feature in the same way Open Source is.
FLOSS is an Ideology!


Feel free to provide any credible source that confirms your "Wire/Signal is … non-privacy respecting" statement.

Creditable Source? Here are some from the privacytools.io website :)

Signal:

Warning: Requires a mobile number to register but you can securely use a disposable number.

Wire:

Caution: The company keeps a list of all the users you contact until you delete your account.

Source: https://archive.fo/ARZe4#im

@ghost
Copy link

ghost commented Oct 16, 2018

I wonder why some many decentralized solutions and self-hosting is seemingly always put above centralized services

This depends on which blogs you read. Some people tell you that decentralization/federation are privacy features. We doubt this.


FLOSS is a privacy feature in the same way Open Source is. FLOSS is an Ideology!

You said it! FLOSS is an ideology. FLOSS lovers frequently seem to ignore that FLOSS never guarantees either privacy or security.

Feel free to read this article: XMPP: Admin-in-the-middle. FLOSS lovers tell you over and over again that XMPP is extremely privacy-friendly while XMPP admins can log and modify nearly everything including passwords in cleartext. They can even impersonate other XMPP accounts by design. Is this privacy? (Yes, this is about XMPP but is likely also true for Matrix servers.)

"Host your own server" is the typical response here: Hosting your own server requires knowledge about server-side security features, frequent maintenance and without your own server infrastructure you give away physical control of your server. On top of that, your server most likely contains hundreds of proprietary hardware components. Some FLOSS running on mostly proprietary software and hardware looks like a placebo.


Creditable Source? Here are some from the privacytools.io website :)

You simply repeated your first statement. You suggest a service which requires a phone number for registration doesn't respect your privacy.

The Signal warning on privacytools.io links to one of our blog posts: Signal requires an arbitrary phone number which you must control during the registration process. However, you don't have to use your own private cellphone number. You can use the Tor Browser to get a disposable phone number for registration, set a PIN and never need access to the phone number during normal operation.

Furthermore, Signal doesn't need to access any of your contacts and you actually don't have to use a cellphone to register a phone number at all. Besides Signal is open source software and enforces modern, audited end-to-end encryption. I can't identify any problems here.

@kevATin
Copy link

kevATin commented Oct 17, 2018

exactly my thought last time i went over the site- matrix isn't just decentralized it's also federated giving the user an enormous advantage in freedom and privacy compared to non-federated alternatives like signal/wire/etc.

@infosec-handbook

FLOSS lovers frequently seem to ignore that FLOSS never guarantees either privacy or security.

FLOSS doesn't guarantee perfect privacy and security, but without being FLOSS there's absolutely no chance of something being perfect at privacy and security- so what's your point?

@ghost
Copy link

ghost commented Oct 17, 2018

@kevATin

isn't just decentralized it's also federated giving the user an enormous advantage in freedom and privacy

Define "freedom" and the scope of "privacy" in your statement. Personal information exposed to server admins doesn't look enormously private to me.


When I look at @Nic-Wow1's original statement, he/she complains about Signal's usage of phone numbers. As I pointed out, you can use any phone number. You only must control it during registration. The fact that you can use an arbitrary phone number is privacy-friendly.

Then he/she continues to point out FLOSS/decentralization. Signal is open source software. Why is Matrix better here? Once, Signal was also federated but they decided to drop this feature to speed up development of a more secure and uniform infrastructure. Look at the XMPP mess. This decision looks justified.


So what exactly is your (@kevATin) or @Nic-Wow1's point? I only see FLOSS lovers who hate services like Signal due to the centralized nature. Next time, someone turns up to tell us that XMPP must be on the top due to Conversations being so nice. Then someone spots the next messenger on GitHub and wants to see it on privacytools.


Feel free to read this EFF post (and the rest of the series): https://www.eff.org/de/deeplinks/2018/03/secure-messaging-more-secure-mess. This series shows why all messenger recommendations are biased.

@kevATin
Copy link

kevATin commented Oct 18, 2018

@infosec-handbook

Personal information exposed to server admins doesn't look enormously private to me.

I'm not sure what you are referring to, but in almost all cases you have to be able to trust the server(s) you use to a certain degree, you won't be able to get around that, no matter the service architecture. But guess what, since it's federated everyone is capable of hosting their own server (hopefully you trust yourself) and still be able to interact with anyone else- that's why i pointed out how important Federation is.

The fact that you can use an arbitrary phone number is privacy-friendly.
You fail to see my point, you are still bound to just a single server- the one that's owned by Signal.

Once, Signal was also federated but they decided to drop this feature to speed up development of a more secure and uniform infrastructure.
So what? I guess Apple is just doing us all a real favour by locking everyone but their devs out of the system, they should lock down their infrastructure even more tightly, because it would certainly "speed up development of a more secure and uniform infrastructure".
Cutting down on privacy features in the name of "actually doing something good for privacy" is not only counter productive, it's downright evil.

XMPP mess
yeah lots of people tried starting their own thing with xmpp that's why it turned into a mess- which is exactly the reason why everyone should support what Matrix is doing, its a clear standard from scratch that covers all needs from irc to xmpp to voip and etc.

I only see FLOSS lovers who hate services like Signal due to the centralized nature.
ehm yeah? that's kinda a big issue.

@ghost
Copy link

ghost commented Oct 18, 2018

everyone is capable of hosting their own server

everyone is capable of hosting their own server is as theoretical as everyone can read and verify open source code.

Let's change this statement to: technical people with time, money and experience can host their own server which has to be in full physical control to be trustworthy … then you have a server with proprietary hardware. Did you check it for hardware backdoors? Did you check its BIOS? Did you check the source code of the OS? Did you check the source code of the server software? Renting a server and installing server software is easy, securely operating a server isn't easy and for everybody at all.

in almost all cases you have to be able to trust the server

As for Signal, account management happens on the client. Data transfer between clients and servers is encrypted, messages are end-to-end encrypted. No unencrypted fallback and since it's open source, you can check it. Why do I have to trust the server in this scenario? Metadata? Metadata is always there and can be monitored everywhere. The server provider can log your metadata, your ISP can log your metadata … even if you are on Matrix/XMPP etc.

As for XMPP, all your data including your contacts, your account information, your password etc. is exposed in cleartext to the server admin. Admins can arbitrarily change your account data which is then synchronized to your client. That's a big difference.

Cutting down on privacy features

And again you suggest that federation/decentralization are privacy features. No, they aren't.

yeah lots of people tried starting their own thing with xmpp that's why it turned into a mess- which is exactly the reason why everyone should support what Matrix is doing, its a clear standard from scratch that covers all needs from irc to xmpp to voip and etc.

We met mostly people from the XMPP ecosystem and nearly all of them told us that Matrix is absolutely waste of resources.

Nice to see Matrix people telling us that we shouldn't use XMPP and XMPP people telling us that we shouldn't use Matrix. Consequences: XMPP people stay with XMPP, Matrix people stay with Matrix and the majority of people ignores this war of opinions.

ehm yeah? that's kinda a big issue.

See above. Decentralization → no privacy feature.

@ghost
Copy link

ghost commented Oct 18, 2018

Back to topic: Recommend Matrix/Riot instead of Signal/Wire since Matrix/Riot is "FLOSS and decentralized while Wire/Signal is centralized and non-privacy respecting".

As for Signal, I see the following benefits:

  • It is open source software
  • It is developed by computer security researcher Moxie Marlinspike who is also known for the underlying Signal Protocol and other cryptographic findinds
  • It is widely recommended by security experts
  • It is end-to-end encrypted by default, no unencrypted fallback
  • Account management happens on the client-side
  • It is security-focused
  • It is easy to use and people can easily register for this service
  • It is widespread

According to the topics discussed above, there are the following drawbacks:

  • Not federated which forces you to use official clients/servers
  • Not decentralized which could result in non-availability due to service disruption

As for Wire, someone else has to provide some points. We don't know any Wire users.

@ghost
Copy link

ghost commented Oct 26, 2018

Open-source itself isn't a privacy/security feature. An open source keylogger isn't going to provide you with much privacy.

Riot, is FLOSS and decentralized while Wire/Signal is centralized and non-privacy respecting.

How is it non-privacy respecting? This website isn't about recommending unbreakable unusable tools. Convenience also plays a big role. I'll argue that Riot is really non-privacy respecting compared to in-person exchanged one time pads.

A phone number is a good trade-off, you can get one privately.

@skygate2012
Copy link

Open-source itself isn't a privacy/security feature. An open source keylogger isn't going to provide you with much privacy.

Open-source is the foundation of privacy. You wouldn't use an open source keylogger because you know it's a keylogger that steals your privacy, but for a closed-source software you could never know whether there's a keylogger or not. You can only rely on its credibility.

A phone number is a good trade-off, you can get one privately.

Governments could easily lookup the owner of a phone number, even if you buy a so-called anonymous phone number, especially for those totalitarian states where surveillance is omnipresent. There is no privacy for a phone number.

@ghost
Copy link

ghost commented Nov 8, 2018

Governments could easily lookup the owner of a phone number, even if you buy a so-called anonymous phone number, especially for those totalitarian states where surveillance is omnipresent. There is no privacy for a phone number.

If you live in a totalitarian state, it's very likely that no technology will protect your privacy. Try to run your Matrix server in North Korea.

Most governments can easily monitor servers of hosting companies and your internet connection, too. Thinking that governments can't monitor your conversations since you use Matrix/XMPP is somewhat gullible.

@ghost
Copy link

ghost commented Nov 8, 2018

especially for those totalitarian states where surveillance is omnipresent. There is no privacy for a phone number.

More like

especially for those totalitarian states where surveillance is omnipresent. There is no privacy for anything.

The

so-called anonymous phone number

is as private as it gets (when done right).

@gjhklfdsa
Copy link
Contributor

gjhklfdsa commented Nov 27, 2018

@infosec-handbook I would like to point out that if Wire went under/bankrupt. Wire would no longer work.

This isn't the case with federated/decentralized services.

I would also like to point out that if Wire was proprietary and it went under. Everybody would have to start over as copy-right laws would keep us from forking it.

I think this is the point @Nic-Wow1 is trying to make.

Edit:

If you live in a totalitarian state, it's very likely that no technology will protect your privacy. Try to run your Matrix server in North Korea.

I would like to point our Matrix, would work if you set up a .onion/eepsite server. I am unaware of Wire having a .onion/eepsite.

North Korea has an intranet and basically all hardware contains spyware. Not really a fair analysis. :)

A phone number is a good trade-off, you can get one privately.

I don't doubt you, I just really want to know what service your talking about :)
@Shifterovich

Edit 2:
One more "note", phone numbers cost. While Matrix is free.

Privacy activists need to look into long-term solutions and I would hope to end the usage of phone numbers. Matrix seems to agree: https://invidio.us/watch?v=hwFjWDAyG38

@Kcchouette
Copy link
Contributor

Kcchouette commented Dec 19, 2018

Each 3 components of this issue have pro & cons (Matrix is a protocol, so let's speak about riot.im)

  • riot.im e2e encryption is in beta (source: https://about.riot.im/security/) and not used by default, federation is hard (replication of all room) and your message is stocked for 180 days in matrix.org homeserver
  • signal is centralized + need a phone number, but it's the most-advanced apps in term of security / encrypted metadata
  • wire save your contact list in clear

@Mikaela
Copy link
Contributor

Mikaela commented Dec 19, 2018

I would like to point our Matrix, would work if you set up a .onion/eepsite server. I am unaware of Wire having a .onion/eepsite.

I have understood that currently, Matrix federation would break up if all servers aren't able to reach other servers, so all servers would need to be dualstack and also support Tor and I2P, Yggdrasil and Cjdns (where Cjdns-only server has caused issues in the past).

riot.im e2e encryption is in beta (source: https://about.riot.im/security/) and not used by default, federation is hard (replication of all room) and your message is stocked for 180 days in matrix.org homeserver

E2EE encryption is mainly supported only by Riot, and maybe there was also a specification misssing preventing others from implementing it properly, I am not sure.

I would also like to add that currently your removed messages and files are also stored by Matrix homeservers forever and no one seems to be commenting the issue. matrix-org/synapse#1287

@ghost
Copy link

ghost commented Dec 19, 2018

signal is centralized + need a phone number, but it's the most-advanced apps in term of security / encrypted metadata

And mainly, it's easy to use.

@asddsaz
Copy link
Contributor

asddsaz commented Dec 22, 2018

I am the author of PR #613 and I would like to say that Signal is for the most part, ok.
But Wire, is just piggy backing on the same software.

Also, there was a comment on encryption being in beta, many products like Brave are still in Beta and have very few known vulnerabilities (if any).

There is also Wire's well know metadata problem: https://web.archive.org/web/20181222185723/https://en.wikipedia.org/wiki/Wire_(software)#Metadata

@ghost
Copy link

ghost commented Dec 22, 2018

Keep Signal, replace Wire with Matrix/Riot.

Can anyone open a PR?

@asddsaz
Copy link
Contributor

asddsaz commented Dec 22, 2018

@Shifterovich #613
Edit: Fixing branch merge compatibility rn.

@ghost
Copy link

ghost commented Dec 22, 2018

Ah, it's already open, replacing Wire.

Don't worry about it, I'll squash the commits.

@Kcchouette
Copy link
Contributor

So because #613 has been merged, I think you can close this issue @Shifterovich @Nic-Wow1

@ghost ghost closed this as completed Dec 24, 2018
@johnstonesnow
Copy link

Infosec-Handbook said: "Signal requires an arbitrary phone number which you must control during the registration process. However, you don't have to use your own private cellphone number. You can use the Tor Browser to get a disposable phone number for registration, set a PIN and never need access to the phone number during normal operation."

Sorry for chipping into an old thread, but I am currently torn between Wire and Signal. Two things put me off SIgnal:

  1. Phone number needed (I read that you have to have permanent access to the number to keep Signal Desktop working (I only use desktop).
  2. Based in US

If I could remove downside "1", I might see SIgnal as a better option than Wire. Can you confirm if this is still true, that you don't need to use a permanently accessible phone number? If so, do you have a guide or link on how to sign up for Signal without using my own phone number?

Thanks for any help, oh and PS - Now it's 2019, if you have any other recommendations please say. I tried Tox chat and it's private, but buggy as hell and I can't get people to use it. Signal and Wire are possibles because they have decent features, run properly, and I can get people to use them. But which one? :)

@five-c-d
Copy link

@johnstonesnow , as a side-note to ping somebody use @infosec-handbook (just saying their name will not alert them you addressed them).

You actually sound like you have three goals, not just two:

  1. you want to use signalapp, without having a telco-num
  2. you want to use signal4desktop, without having signal4smartphone
  3. you want signalapp to be outside the FiveEyes jurisdiction
signalapp can sorta do that, yes

On the first point, this unofficial-forum thread covers some of the available options, and notes the big downside: signalapp is NOT designed for "cybersquatting" on a telco-num that you do not control, and especially with groupchats this can be severe (Eve can usurp your signal-num more easily if you give up control of the underlying telco-num). Once you start to think about the usurpation-risk you maybe will want to consider highly-compartmentalized sorts of approaches to protecting the underlying telco-num of your signal-num. Worth noting is that any valid telco-num will suffice: you just need to be able to receive an inbound robo-call or robo-SMS at the time of registration (and re-registration).

On the second point, there is an open #967 which covers this matter. I tend to use signal4desktop 99% of the time (linux officially supported though not for my specific distro), and only use signal4android when I want to cryptocall (or when I'm standing up and don't want to haul out a laptop). I own a physical smartphone having playStore, which is the officially-supported way to operate, but I could have also used a custom de-googled ROM and signalapp's https://signal.org/android/apk if I was tech-savvy enough, or even just installed android-in-a-VM on my laptop (or unofficial AsamK/signal-cli as a master-device)... there are a lot of ways to skin the cat. You cannot JUST use signal4desktop though, because at registration-time you need signal4smartphone, and also for certain functionality (like NewGroup + LeaveGroup in groupchat-management and like cryptocalling and like setting and pop-quizzing your registration-lock-PIN for instance). Generally speaking though, if you are like me you can pop the battery out of the smartphone for two or three days at a time, and just use signal4desktop textual and file-attachment and voiceNote capabilities -- there is no reverse-tether requirement.

Signal Foundation is definitely USA-based, however, they minimize server-side metadata pretty stubbornly, have a well-thought-out distribution chain (including reproducible builds), and have some pretty high-profile endorsements from big names on the homepage. In actual practice, signal-server nodes are AWS and GCP based, depending on your country; you might connect via AWS-Tokyo if you live in Japan, GCP-Qatar if you live in the Middle East, or AWS-Frankfurt if you live in the continental EU. It is difficult to use Tor + signal4smartphone because the high jitter/latency messes up cryptocalling, but Tor + signal4desktop is apparently not too shabby. Hard to use Tails with signal4desktop, but you can have a portable-friendly unofficial option, if you are a DIY type.

wireapp is also a reasonable alternative sometimes

Wireapp is a reasonable alternative to signalapp, if you need what it has:

  1. they encourage phone-nums, but you can also use purely-email-based setups, with a bit of care (getting your contacts to do the same is a different matter of course... and because every person you converse with has THEIR copies of your conversation this does actually matter from an overall-security-perspective, in signalapp as well as in wireapp)

  2. wireapp has full support for desktop-flavours, including cryptocalls not just voiceNotes; however, they don't "officially" support linux although I think it works fine (signalapp only "officially" supports debian+ubuntu 16.04+ but it works fine via AUR/flatpak/snapcraft/etc). Wireapp also offers their wire4web which is either a super-convenient way to get chat-access on almost any device, or a super-risky way for your contacts to inadvertently pwn message-bodies, or both at once (my opinion). Signalapp used to support signal4chromeApp which was a browser-based installable flavour, but that was deprecated long ago and has been unsupported since Nov.2018 -- google stopped permitting installable-chromeApps.

  3. wire swiss gbmh is officially based in Zug Switzerland, and thus nominally outside of FiveEyes jurisdiction (as well as FourteenEyes). However, the actual server-nodes are AWS-hosted like signalapp, is my understanding, so in practice your wireapp info will be sitting on the nearest AWS node, much as with signalapp... except wireapp has no SGX enclaves and stores a large trove of server-side metadata. The owners/developers of wireapp are not actually residing in Zug for the most part... they are in San Francisco (same as with signalapp) and in Germany (same as AWS Frankfurt). It is thus a complicated question as to whether wireapp is a winner on the jurisdictional matters; depends on your threat-model.

The main advantage to wireapp that I'm aware of is that it has confcalls, up to 10 people. The main downsides to my way of thinking are that they store lots of server-side metadata (in ways that potentially could be accessed via Germany and USA folks in addition to Swiss), which can obviate the value of email-signup depending on how opsec-savvy and privacy-conscious your contacts are (not you!). They are a corporation, not a non-profit foundation like signal foundation, and they have a paid version of wire ... as well as a proprietary audio-codec, per their github README, which to me is worrisome as a long term temptation. Wireapps also has a significantly smaller userbase than signalapp (roughly 30k playstore reviews versus roughly 300k), which can be important depending on how persuasive you are. Neither one of them has THAT many endusers though, and both are silos for the most part (signal4android has optional SMS-fallback but I leave that disabled because I want to compartmentalize my secure versus my insecure). I think the biggest downside to wireapp is that their crypto is not as well-vetted and field-hardened as signalapp; Proteus is "inspired by" signal protocol, but not as highly-endorsed nor widely deployed.

Depending on what you prioritize more highly though, wireapp is definitely a legit option. If you REALLY want to avoid telco-nums and avoid smartphones and mostly-avoid USA-based jurisdictional worries, plus get e2e confcalls, wireapp is a winner. On the other hand, if you want best-in-class metadata-resistance (which to me trumps jurisdictional questions handily), battle-tested arguably-best-in-class cryptosystem endorsed by bigwigs, and the only foundation besides Tox concentrating on secure chat (with billionaire backing), signalapp is definitely for you. I think the difficulties with desktop-oriented usage of signalapp and with telco-num to register are not that tough to overcome, but it DOES definitely depend on where you live -- some countries are VERY draconian about their phone-systems! There are ways around that such as a twilio-num for a buck a month... definitely a hassle, though.

if you have any other recommendations

Sure :-)

you could try SynapseHomeserver+RiotIM self-host?

If you can run your own synapse homeserver, RiotIM is worth considering (they have a lot of server-side metadata like wireapp but federation tends to mitigate that worry in my view). Crypto is still in late beta, but is non-horrible; run your own synapse -- same recommendation as above -- and you can make sure your chatrooms have on-by-default MegOlm. On a separate compartmentalized node, you can self-host the RiotIM portion too, which makes it somewhat-less-risky that your contacts will utilize an unwise machine to login from. They use a variant of Jitsi for their cryptocalling methinks, but it is somewhat-late-alpha-stage in RiotIM so you might want to just use Jitsi directly.

Some other folks might also recommend Threema for your stated must-have characteristics (decent features + runs properly + easy enough to use + non-telco based + non-USA). To me though they are not really an option: fails perfect-forward-secrecy, most people won't pay money to install it, the codebase is only partially libre-licensed, and there are better options without those downsides in the chat-software industry-niche.

I typically recommend signalapp, since it is very cool :-)

I will ping @strypey and @Mikaela who might give you their thinking. Or might tell us to stop cluttering up the old closed wireapp-and-signalapp-versus-riotIM github issue with discussion not really related to listings-placement of those tools ;-) In which case we can adjourn to some more appropriate area/venue :-) But I don't believe thread-bumping is frowned upon TOO much here in privacyToolsIO

@strypey
Copy link

strypey commented Jun 13, 2019 via email

@johnstonesnow
Copy link

five-c-d - Excellent reply, thank you.

I have to say, as much as I agree Signal stores less metadata (apparently) than Wire, it's jurisdiction and the fact it WANTS a cell number (and makes it so hard to use without), AND the fact it resists so many requests by people to "let us use it without a cell number" - I have some moderate suspicions. I don't think it's compromised, but I can't say I would be surprised if it was. Anyways.... I really don't want to take this off into a discussion about that. Signal is out for me, I did check out Twilio and have seen there are ways to use signal without a phone number, but they are tricky (for me). Also, I don't think it has enough features to get my friends on it. Wire on the other hand..... that's awesome for features, nice jurisdiction, can sign up with just an email, but yes it's a bit of a pig for metadata. I think I can live with that (reluctantly) slightly easier than my issues with Signal, so Wire is front runner.

The current decision I am trying to make is between Riot and Wire. I had never tried Riot. I looked into self-hosted Synapse (not really sure what any of that means by the way, I am no dev!), but I would have to pay (quite a lot, I am poor :D) and manage it etc. I am not sure it brings that much more privacy than just using Riot out of the box.

Interested in your thoughts of Riot against Wire. Thanks again.

@strypey
Copy link

strypey commented Jun 13, 2019 via email

@johnstonesnow
Copy link

Fantastic thanks for chipping in. You have pretty much summed up my thoughts, although with real experience behind yours. I installed Riot and it seems very easy to sign up and very polished compared to what I was expecting. But with encryption being very important to me, I think I will stick with Wire. Signal is out for me for various reasons. I did use it in the past but my entire focus now is on NOT giving anyone my phone number (except maybe a burner/android LineageOS I am setting up). So I will stick with Wire for one to one and family/friends. I may play with Riot some more, I can see a need for groups/rooms in the future with certain contacts I have. However I have got quite interested in XMPP today after learning about Adium, Pidgin etc etc. But that would be more for privacy (and would have to compete with ToxChat), so not entirely sure if I will follow that idea through yet.

Wire it is, sure beats the 5hit out of 5kype :D

@five-c-d
Copy link

five-c-d commented Jun 13, 2019

Agree with pretty much everything @strypey said... exception being their Snowden-tea-leaves-reading which is just mistaken, more on that when I have time to gather the needed URLs... plus, in this particular situation, I'm guessing @johnstonesnow you will have trouble getting people on Jami/etc unless you are tech-savvy, methinks (similar to your effort with Tox which is just not yet widely-deployed enough).

Wireapp should serve you well, if you keep the metadata-risks firmly in mind

If I can ever get nikNums into signalapp and multi-master, you may get yet another chance to reconsider someday ;-) I think that signalapp is mostly aimed at friends-n-family-and-coworker-small-teams type of stuff, whereas riotIM is aimed at chatrooms-and-larger-teams. Wireapp is somewhere in the middle, depending on whether you use wire-gratis or wire-pro to some degree. So you might end up with two of the three installed, or even three of the three, depending on what use-cases you end up finding you must satisfy. And to some degree, depending on how willing your contacts end up being, to follow your lead.

Also worth mentioning, if you do decide to go the riotIM direction at some point, is that the core team behind privacyToolsIO has a homeserver they offer == https://chat.privacytools.io/ you can read the details there, but if you install the android app onto your lineage device for MatrixOrg, and the executable client onto your desktop, you should be able to lessen the metadata-risk by picking a homeserver you can trust, rather than the centralized area.

I have got quite interested in XMPP

You will want to check https://omemo.top and make sure you can get e2e that is fully functional, Adium and Pidgin do not FULLY have it (and may never is my tentative understanding). There is a discussion of which XMPP clients are best/recommended/etc that you can find in #951 (and #948 to some degree)

@ghost
Copy link

ghost commented Jun 14, 2019

  1. Phone number needed (I read that you have to have permanent access to the number to keep Signal Desktop working (I only use desktop).
  2. Based in US

You need an arbitrary previously unregistered phone number. You must be able to access this number in two scenarios:

  • When you register the phone number (this is quite obvious)
  • When you re-register the phone number (e.g. if you lost all of your registered devices)

In any other use case, you don't need access to the registered phone number.

Can you confirm if this is still true, that you don't need to use a permanently accessible phone number? If so, do you have a guide or link on how to sign up for Signal without using my own phone number?

We wrote a short guide how one can install Signal in an Android VM using an online phone number some while ago: https://infosec-handbook.eu/blog/signal-privacy/

@five-c-d
Copy link

arbitrary previously unregistered phone num

This is not quite true. It can be previously-registered, telco-num re-use is allowed. This is so that when a person gets a new telco-num (e.g. with a burner phone), they can register it as their signal-num -- even if the previous holder or previous-previous-holder of the telco-num in question, once upon a time registered it with signal-server.

It can even be CURRENTLY registered as a signal-num, because number usurpation is allowed. This is so that when you buy newPhone, and port your telco-num over to it, you can immediately get Signal working on your new handset and usurp control away from your old handset. Signalapp is not multi-master: "one android to rule them all" ;-)

In any other use case, you don't need access to the registered phone num

This is correct, as written, but not complete. There are no use-cases where retaining control of the telco-num is necessary, but there ARE some attack-scenarios where retaining control of the telco-num is very helpful to Alice. In particular

what if Alice is up against Eve, who can hijack telco-nums?

  1. Alice registers +1-111-111-1111 and retains control of that telco-num
  2. Bob registers +2-222-222-2222 and gives up control of his telco-num
  3. both of them are extra-security-conscious, and set the registration-lock-PIN
  4. Chuck registers +3-333-333-3333 and retains control of that telco-num
  5. Dave registers +4-444-444-4444 and gives up control (i.e. "disposable num")
  6. neither Chuck nor Dave sets any registration-lock-PIN
  7. the all form a groupchat together called ABCD

Eve can try to infiltrate the groupchat by social engineering, such as tricking Chuck into clicking AddMember and adding +6-666-666-6666 to the list. Eve can try to infiltrate the groupchat by attacking the endpoint-devices, such as by confiscating Alice's handset (and coercing her phone-unlock), or by using a high-rez security-cam on Bob's device-screen.

But there is another way for Eve to infiltrate the groupchat, as well: by hijacking a telco-num of one of the existing groupchat members, and usurping control of their signal-num. This requires that Eve be fairly smart and sophisticated, but for some kinds of groupchats (especially ones that are up against adversaries with control of the telco-system!) it is worth considering.

Should Eve manage to hijack Dave's num, he is completely unprotected: he did not retain control of his telco-num, so he is completely unaware the hijack has occurred. He did not set a registration-lock-PIN, so Eve can immediately usurp control. Signalapp does warn Dave and the other groupchat members ("Your safety-num with +4-444-444-4444 has changed" means you might NOT be safe!) But Dave has no way to get control BACK, it was a disposable telco-num. And not all groupchat members will remember what the safety-num alert means, verifying that the newDave is really Dave and not just Eve-pretending-to-be-Dave.

Alice is the best-protected: if Eve hijacks Alice's +1-111-111-1111 telco-num, it will stop working and Alice will get a chance to realize she is under attack. Eve cannot immediately usurp control of Alice's signal-num, because of Alice's registration-lock-PIN ... Eve will need to capture Alice entering that PIN on video, or something (there are server-side rate-limits to prevent Eve brute-forcing it). Most importantly, though, even if Eve manages to get past all those layers of preventative defense... Alice is still the legal owner of the telco-num, and can therefore, once she has undone the hijack, usurp control back away from Eve.

We wrote a short guide how one can install Signal in an Android VM

Thank you for that, by the way. And if you don't mind, while I've got you here, @infosec-handbook can you please affirmatively assert, for the record ==

  • Can you please confirm that you have no financial interest in OWS, are not receiving any kickbacks from Signal Foundation, were not bribed by Moxie Marlinspike nor Brian Acton nor Edward Snowden nor Bruce Schneier, and have not been xkcd 538'd into saying things you would not voluntarily say of your own free will?

  • And also, that you are not now, and have never been, the same human as myself?

Somebody was "asking" aka implying that @infosec-handbook (you) and @five-c-d (moi) are the same humans, shilling for Signal, and although the person in question deleted their github-account and is now @ghost ...I'd still kinda prefer to clear my username of puppetry accusations. :-)

@ghost
Copy link

ghost commented Jun 14, 2019

@five-c-d

This is not quite true. It can be previously-registered, telco-num re-use is allowed.

Actually, I was in a hurry when writing this, so I forgot to mention that part. Signal allows you to set a registration lock PIN to protect against unwanted re-registration, though.

  • Can you please confirm that you have no financial interest in OWS, are not receiving any kickbacks from Signal Foundation, were not bribed by Moxie Marlinspike nor Brian Acton nor Edward Snowden nor Bruce Schneier, and have not been xkcd 538'd into saying things you would not voluntarily say of your own free will?

InfoSec Handbook – as a non-profit blog – is operated by a community of InfoSec professionals in their free time to share their knowledge. We don't get paid by anyone for blogging. We don't accept any kind of sponsoring. And we aren't in bed with any party mentioned by you.

  • And also, that you are not now, and have never been, the same human as myself?

@infosec-handbook is a MFA-protected shared account used by two people from ISH. And we aren't you. 😄

Somebody was "asking" aka implying that @infosec-handbook (you) and @five-c-d (moi) are the same humans, shilling for Signal, and although the person in question deleted their github-account and is now @ghost ...I'd still kinda prefer to clear my username of puppetry accusations. :-)

The now-ghost was obviously @libBletchley who compiled a list of arbitrary reasons against Signal while recommending a far-from-perfect and far-from-complete messenger. We pointed out many errors including obvious double standards (e.g. telling people that Amazon AWS shall not be used while he/she used AWS-hosted GitHub). However, we left the discussion since it turned anything but professional and facts became meaningless.

@five-c-d
Copy link

The reasons weren't arbitrary ... they really were things @libBletchley was worried about (AWS hosting and telco-num causing money to go to Verizon especially). But yeah, there were some double-standards at play since e.g. wireapp is also AWS-hosted.

And we aren't you

Join me, and together we can rule the git-i-verse as ... well, actually I'm not your parent, so nevermind. Thanks for confirming, and keep up the good work on your blog

Signal allows you to set a registration lock PIN to protect against unwanted re-reg

Yes, and it is off-by-default, but I highly recommend using it, for anybody who has a threat-model that might someday include "adversary that hijacks my underlying telco-num"

Because of server-side rate-limits it does not have to be an especially complex-and-long PIN, but it should be something memorized (there is a pop-quiz feature to help with that)

@johnstonesnow
Copy link

Well this rapidly went way over my little head!

However - Wire uses Amazon AWS - For God's SAKE, will you tech people STOP giving me a reason to dislike something I spent weeks deciding I liked?! It's DAMN annoying!!!!

WTF do I do now. Threema paid. Signal wants number. Wire uses AWS (not sure what that is, but it's obviously a flaw!).... I am back to ToxChat which is crap and nobody I know will use it!!

Drawingboard to back the!

@five-c-d
Copy link

Wire uses Amazon AWS

Stands for "amazon web services" which is the #1 provider of cloud-services. Github also uses it. Signalapp also uses it. Some of the Riot/Matrix homeservers will also use it (but the privacyToolsIO is based on OVH methinks not AWS). Whether wireapp using AWS, is actually a problem, depends on your feelings about metadata: they store a lot of metadata, and because they store it on AWS, likely that metadata is available not just via Swiss court-order imposed on WireSwissGbmh of Jus Switzerland, but ALSO available via FiveEyes / FourteenEyes court orders initiated against Amazon sysadmins (the owners of AWS).

rapidly went way over my little head

Short version: you are worried about USA-based jurisdiction (re: signalapp), and because of the way wireapp is architected & hosted, there is some exposure to USA-based entities. But no... to me, being hosted on AWS is not a problem, with wireapp, nor especially with signalapp (which is baremetal methinks -- and carefully designed to avoid metadata).

  1. Is wireapp still a reasonable choice for you? Yes, as long as you keep the metadata thing firmly in mind.

  2. Would signalapp also be a reasonable choice for you? Maybe, as long as you were okay with the hassle of acquiring the secondary-num (and preferably your contacts also did this).

  3. How about RiotIM and using chat.privacyTools.io as the homeserver? Well, perhaps, but it would be something you would use as an adjunct to one or both of the above.

That is just an on-paper analysis though.

STOP giving me a reason to dislike something

There is no silver bullet here. It is shockingly difficult to find a perfect solution, because the software that aims purely for "Perfect" Security/Anonymity/Privacy are so niche, so difficult to use, so poorly-vetted, so experimental... they end up being unable to attract the masses. Software that is serious about stopping mass surveillance, has to be something the masses will actually utilize... which means, compromises are made.

  • Wireapp has too much metadata, and their webapp flavour has a cookie.
  • Signalapp does not have THOSE problems, but signalapp requires a valid telco-num, and has no easy way to shield it from people you commnicate with at present (besides acquiring and maintaining a secondary-num).
  • RiotIM partially solves the metadata-problem via homeserver federation, but the focus on encryption is weaker and the use-case is arguably quite different (Big Rooms not small-groups chat)
  • XMPP mostly solves the metadata-problem via "enforced federation" (everybody 'has to' run an ejabberd or prosody server for their contacts because there is not any recognized central cluster), but the focus on crypto is far weaker, and the community splintered.

Those three (or four) are all reasonable solutions, depending on your threat-model. So my advice is, rather than going back to the drawing board, you should start approaching some of your contacts with your new plan. In other words, rather than making a firm plan, you can run some A/B tests -- maybe A/B/C/D tests even -- with a subset of your more-accommodating contacts: try wireapp for a week or a month, then try signalapp for the same duration, then maybe try riotIM with megOlm and/or xmpp with omemo... then you will have some anecdata to go on.

Usually, anecdata about what @johnstonesnow and THEIR specific contacts found to be the most palatable compromise, is not very helpful... unless your name is actually @johnstonesnow in which case it is invaluable :-) In other words, you've narrowed down the field by analyzing the pros&cons on paper, and getting advice from the interwebz. Now you are ready to start some field-trials, with the eventual winner still unknown.

p.s. And although it is just anecdata, I for one will be quite interested to see what you come up with, so please post details back about how the field-testing went

@johnstonesnow
Copy link

What a great post. I will certainly do that!

I have started testing Riot and i have to say the crypto seems pretty decent (and the optional levels of it too). Device verification, very nice. Audio and video call test - superb, WAY better than anything else I have tested (except Wire as I haven't tested that yet, but I will). Biggest thing so far, NOTIFICATIONS ACTUALLY FRIGGING WORK IN RIOT!! HOORAY!!! Wire notifications are a JOKE. As I told them when I asked them to consider a bit more volume, or hey, hows about a few choices of sounds and volume levels maybe? The answer I got was the same one I got for any other questions I have ever asked Wire - roughly translated to "F*** off, you're a free user, we only help paying users".

Those two points (Lack of functional audio alerts for incoming messages, and don't give a damn about free users, oh, AND how hard they deliberately make it to even FIND the free version download) has pi55ed me off enough to dislike Wire now. Sure, functionally it's pretty good, but only if you exclude the fact that, unless they make some AUDIBLE damn alerts, it's utterly unusable!! That applies both to Mac desktop app and Windows desktop app. I am not bothering to test any other versions as those two are essential for me.

Riot, so far, excellent. Very impressed. I don't know if it has expiring messages (Wire does, and that's a nice feature), where you can set them to 'poof' in hours, days, weeks etc. That would be a nice feature though if it was possible.

I have one big question..... partly due to my lack of knowledge - you mentioned using chat.privacyTools.io - Any ideas how to set that up? Would I have to delete the user account I created in Riot, and install it all again from scratch? What do you think makes the PT.io server better to use than Matrix? Just less metadate recording and lack of AWS involvement?

Thanks

@Mikaela
Copy link
Contributor

Mikaela commented Jun 18, 2019

I have one big question..... partly due to my lack of knowledge - you mentioned using chat.privacyTools.io - Any ideas how to set that up?

In any Riot open advanced settings and enter homeserver chat.privacytools.io instead of matrix.org

Would I have to delete the user account I created in Riot, and install it all again from scratch?

You cannot delete Matrix accounts.

@johnstonesnow
Copy link

Thanks, so ALL i have to do is change that homeserver setting, and all my chats will be on PT.io server?

Does it bring benefits to do that, I would assume so?

@johnstonesnow
Copy link

PS I am just learning about Matrix Bridges - https://matrix.org/docs/projects/bridges/
Looks like there is one for Skype and one for Telegram. This interests me, but only IF it provides any extra security. Forgive my ignorance, but for example with Skype, does it mean that the messages are encrypted in transit via the Skype system, or is it as wide open as Skype, but just enables users to use accounts on other platforms within their Riot client? I assume the latter, but if there is any additional security/privacy by using a Matrix bridge rather than a native app, that could be good to know.

Perhaps more importantly, Telegram. I have resisted using Telegram as I am not sure about its privacy/security. I am tempted though, I dont think it looks too bad, just not as good as others. However I need to talk to one or two people on Telegram, so again I am wondering if the Telegram Bridge for Matrix will add some privacy to using Telegram, does anyone know?
thanks

@Mikaela
Copy link
Contributor

Mikaela commented Jun 20, 2019

Thanks, so ALL i have to do is change that homeserver setting, and all my chats will be on PT.io server?

The chats will be on all servers that have members in the room.

Does it bring benefits to do that, I would assume so?

I guess Privacytools.io is less overloaded than Matrix.org, but I don't know how much it can handle.

This interests me, but only IF it provides any extra security. Forgive my ignorance, but for example with Skype, does it mean that the messages are encrypted in transit via the Skype system, or is it as wide open as Skype, but just enables users to use accounts on other platforms within their Riot client?

I think it will decrease security. If you are currently using Skype, you are trusting Skype (which in my opinion would be a bad idea) and if you add a bridge, then you are also trusting the homeserver which is running the bridge so ther are more places wher things can go wrong.

@johnstonesnow
Copy link

A typically excellent answer. It says a lot about you Mikaela, the fact that when you answer a question it always seems so obvious, like the question was dumb to begin with! Maybe I am dumb, or maybe you're just excellent at explaining things succinctly! Either way, thanks!

@ghost
Copy link

ghost commented Jul 17, 2019

For those who don't trust Signal, here is a good read about what info is available to OWS, thus if someone starts digging into you, the only info they can get out of OWS (creators of Signal) is the registration date, and the date of the last connection...
And yes, I consider that a fair trade-off to the time-consuming hassle with setting up your own server for XMPP... I mean that is kind of "write code for every app you use" logic, and, as it was pointed out, you still cannot be sure, because you still run on proprietary hardware and OS...

PS: As it has been pointed out, messaging apps are created for the "simple user", thus registering with a phone number seems the most logical approach, as most users use messenger apps from phones...

@J316
Copy link

J316 commented Jul 17, 2019

That case doesn't mean much, Telegram can brag many more government attempts to get users data that were denied. It wouldn't take much to set he thing up for propaganda. The truth is Signal cannot be blindly trusted, no one knows what happens in the server rooms (located in the USA). Why forcing people to use a smartphone? Why forcing people to have a phone number (which in most countries has to be tied to an ID)? Something smells. We should look forward to more decentralized/distributed solutions and more trustworthy developers. Riot and Matrix are out of beta, Jami and Tox make progresses. Wire is a more trusted solution at the moment.

@johnstonesnow
Copy link

Oddly, I agree with both of those comments.
I have done a fair bit of research about Signal, mainly about its origins (Moxie) and its background/history up to today. I do BELIEVE Signal is about as PRIVATE as messaging services get. It obviously cant be anonymous (and isnt meant to be), as it is tied to a phone number. Thus, I do not use it for anonymous stuff, but I DO use it for every friend and family member, to try to push them to default to Signal when I say "text me", rather than Apple Messages (which may also be private, but less sure of that than I am with Signal). I use Wire which is also not anonymous UNLESS you take great steps to protect yourself in other ways, ideally using Tor and I use tenminutemail for sign up verification code. But there is a LOT more metadata with Wire.

Just in case it helps, I experimented recently with signing up for SIgnal on an old tablet I bought for $30 (newspaper ad) with LineageOS on. I am no longer a fan of Lineage and wont be using it, but it was ok for this test.

I downloaded Signal APK from the download page (not via play store). It asked for numbger to send a verification code. I tried many of the sites you can find on the web where you can receive an SMS. Most didnt work but a few did, and those can be chosen in any country. I then went on to using a burner sim I had, put it in a crappy old flip phone, gave that number to Signal on tablet, got the text, and all working fine. IF I used tor/orbot on tablet, I can see Signal being anonymous with a bit of effort, and that makes it even better than Wire. But that's IF there isn't some sneaky lying going on, but after the history I read, and the fact that Moxie's cryptography has been independently verified as its open source, I dont think it's a real risk. I also know a few VERY knowledgeable people who want ultra privacy, and they do this sort of thing using Signal.

P.S. Those numbers you can use online to receive a text - interesting - I got one to work, and when I entered the number in Signal app it said somethiung like " this number is already assigned to a Signal account" and therefore it was protected from being used for multiple sign ups. Thats neat, as you can do that in Signal settings. So.... if you find a 'free sms online' type number which works just once to verify Signal, you could lock it down so nobody else can use it, and you now have a totally anonymous Signal account sign up.

@ghost
Copy link

ghost commented Jul 18, 2019

That case doesn't mean much, Telegram can brag many more government attempts to get users data that were denied. It wouldn't take much to set he thing up for propaganda.

Actually, Telegram can't brag about anything, 'cause they have a proprietary encryption protocol, which was designed by mathematicians (mathematicians aren't cryptographers) which hasn't been verified by any 3-rd party, they are under Russian jurisdiction, and they brag that the haven't handed any data to the government... and yet we are speaking about a country where Putin is the president (controlling everything, killing his opponents, and declaring a law that bans government critique and "fake news" ) and KGB has all the power... do you seriously believe that? =)
Also, Telegram writes something interesting here that cloud chats don't use E2E.

Regarding Signal, that case does prove quite a bit, especially the fact that they are truly kind of logless, and that they stand for what they do. Moreover, I'd say Signal is still in development stage, as there are features to implement, but the fact that Facebook and Microsoft asked Open Whisper Systems (currently Signal Foundation) to bring E2EE to WhatsApp, FB Messenger and Skype does also echo in their favor.... Brian Acton and Moxie Marlinspike founded Signal Technology Foundation to develop open source privacy technology that protects free expression and enables secure global communication.

PS: One more point about Signal is Sealed Sender feature.

@strypey
Copy link

strypey commented Jul 18, 2019

@johnstonesnow if you've got some contacts who are technically confident enough to use Tox, then I highly recommend trying Jami. At least on Android, it's much more user-friendly (Antox is awful, although the GNU/Linux UI for Jami isn't great either), and from my testing gives better voice call quality on both Android and GNU/Linux. Sadly the text chat is not that great, messages fail regularly and don't sync between apps on different devices (not yet at least). If you are using mobile devices that can run Android apps, I also recommend trying another serverless chat app called Briar (it's not on iOS). It doesn't do voice chat but does text messages more reliably, and has blogs and forums built in.

Another thing you could try for text messages is delta.chat, which is cross-platform. It's essentially an email client with a chat UI, you can login with your usual email credentials (in theory), as with all native email clients YMMV. It has built-in encryption when sending delta to delta and can also do voice mails. Because it uses email protocols, you can send messages from delta to any email address and if they aren't using delta, they will receive it in their email inbox. I'd love to see delta add Jami protocol support for voice/ video calls and allow users to associate their Jami ID (a huge string of characters) with their email address.

Finally, If you or anyone wants to do some testing of free code chat apps, we have a testing group called VOICE (VOICE Organized Investigation of Chat Engines). We're a pretty friendly bunch who meet about once a month at present, next testing session is scheduled for this Sunday. We started off using Wire to coordinate, but I got cut off every time my VPN failed (Wire is blocked by the Great Firewall) so we're currently using a Matrix room: #voicechat:matrix.org

@strypey
Copy link

strypey commented Jul 18, 2019

For the record ...

@infosec-handbook:

FLOSS lovers frequently seem to ignore that FLOSS never guarantees either privacy or security.

I'm pretty sure I've taken you to task on this straw man elsewhere. If you can find me a comment from a "FLOSS lover" making this claim, a confirmed human with standing in the community not a random Redditor, I will give you $5. The real software freedom position is that source code availability is a minimum condition of software being secure and not spying on its users, not a guarantee of either. A minimum condition because it allows for the possibility of those things being checked independently of the software vendors or code auditors they commission, who we can only either trust or not trust. Libre Lounge podcast did a whole episode on what happens when open source practices fail to ensure security, and the new methods being developed to improve on that (object capabilities, reproducible builds etc).

@five-c-d even I could well be wrong about Snowden withdrawing his endorsement of Signal. Citation please? I gave mine in the issue about the proposal to remove Signal's endorsement. In either case, it doesn't matter. Celebrity endorsements are irrelevant to a discussion at this level for all the other reasons I mentioned in that comment.

@SK1PP3R:

Facebook and Microsoft asked Open Whisper Systems (currently Signal Foundation) to bring E2EE to WhatsApp, FB Messenger and Skype does also echo in their favor

Why? Another way to interpret this is that OWS and Moxie are now funded by the very Big Brother corporations most people come to guides like PTIO to avoid. Like being hosted on AWS, I see this as more of a mark against Signal than in favour of it. YMMV Either way, this is another variation of celebrity endorsement (see above).

EDIT: Final comment on the whole Signal thing. As in every thread I've seen that discusses Signal, a lot of the comments defending it engage in this intellectually dishonest bait-and-switch, where they just mention a threat model in which the aspect of Signal being criticized isn't relevant, as if this addresses the criticism. It doesn't. For example, it doesn't matter if Signal tries to force you to give them your phone number, because that's not relevant if your threat model doesn't require you to be anonymous. This is of course true, it's just irrelevant to the thrust of the criticism.

There are all sorts of reasons to be suspicious of companies (Goggle, FarceBook, WeChart) who want to connect stuff that you (often) have to associate your meat body with (like cell phone numbers) with the online channels you use for private chat. Signal could allow users the option of using email to register and recover accounts, maybe requiring a PGP public key along with the email address, and giving a lecture about why they think it's a bad idea. But despite years of people expressing their discomfort with the compulsory harvesting of phone numbers, they don't. They just send out armies of useful idiots to explain why we're wrong to feel uncomfortable about handing out our phone number to Moxie and co, and trying to distract us with a dog and pony show about all the threat models where anonymity is irrelevant.

@johnstonesnow
Copy link

Some interesting comments. I am not going to comment at length on the Putin/Russia points, as those seem somewhat ideological and I could easily level similar accusations (with perhaps a much bigger barrel of evidence) at western states. I think much of what you said is true however, I am just pointing out that anyone who says to me "West good, Russia bad" - I kinda leave the discussion there because I find most people who think like that have been so brainwashed there's really no point going further. This stuff isn't binary, much as the powers that be want us to see it that way.

More to the point, if someone is worried about Telegram being in Russia, wouldn't the same people be worried about Signal being in San Franscisco? I know I would, Russia does loads of bad shit, no doubt about it (what big nation doesn't?) but if we haven't learned that the leaders of the global surveillance monopoly sits SQUARELY in the WEST (UK and US in particular), then Snowden's efforts and risks were for nothing. I don't distrust Telegram because it's in Russia, I distrust it because it is flawed, and highly skilled people have exposed those flaws, not by pointing to a place on a map, but by pointing to a place in the code. (As well as pointing out some of the things you did, which are of course relevant.)

I actually do trust Signal a fair bit. I know too many highly skilled devs and cryptoanalysts to not do so. BUT - if my life depended on it, I don't think I would use it with confidence, I don't think I would trust ANYONE with stakes that high. I am generally of the mind that "if it's on the end of a wire, it's unsafe", but of course I also need to live in the modern world, so I find life is a myriad of choices on where to RISK placing trust, never forgetting that each decision is a risk in itself. Hell, for all I know my wife could be a mossad agent, some of the food she cooks...... well, that's enough said about that!

Strypey - some very good points there. I am not sure I am quite as suspicious as you are of Signal, but that's not to say I don't have my reservations because I certainly do.

"(Wire is blocked by the Great Firewall)" - What does this mean please? Yes I had major trouble with wire over VPN (which I use around the clock so its a problem). I dont have much time but that might interest me, the chat group, as I have spent the past YEAR testing and playing around with chat apps. I have tried uTox and Qtox (I am on a mac, and I dont use Android, I would though), dire!! But then I am after something very usable, another vote for Signal in my book. I looked into SafeSwiss, I wonder if your group has looked at that? Damn notifications not working was enough for me to uninstall it, but I would try it again as I loved the privacy side of it, just can't be doing with crap which doesnt alert on a message coming in. I also tried Vipole, which is certainly good, but I found the sneaker f***ers blag all day long about their security/privacy/encryption etc, only to quietly omit the fact that much of it doesnt apply to the FREE version, only paid. Grr.

@five-c-d
Copy link

@strypey I have not forgotten my promised collection of Snowden-on-twitter sayings, no, but I doubt you will accept anything less than a comprehensive compilation :-) which is only about a third of the way finished.

since this is an old and closed issue... not sure we ought to keep discussing here? but since I'm enjoying the discussion, click for replies :-)

Stay tuned, or do a bit of digging if you wish, but I'm just not seeing that he isn't still endorsing in his personal capacity as an enduser, in his professional capacity at Freedom Of The Press foundation, and in his technical capacity as a surveillance expert. He is not a "celebrity" like Brad Pitt, he is a security-researcher turned whistleblower and thus does in fact have something worthwhile to say. In my book anyways, but I think this is arguing-from-competence as distinct from arguing-from-authority

Adoption of the actual Signal Protocol into fbWhatsapp+fbMsgr, and into Skype, and "formerly" into GoogleAllo, means that it has seen very wide field-vetting by a lot of competent eyeballs: billions of devices in the case of fbWhatsapp. This matters, and is not an argument-from-popularity, it is an argument from proven-in-the-field. The details of those deals were not disclosed, but I agree that it seems reasonable to assume that a large chunk of signalapp funding from 2014 through 2018 came from the coffers of Whatsapp-pre-fbWhatsapp, then from Facebook, then from Google, then from Microsoft ... which means, endusers of those proprietary products got awesome crypto (though usually zero metadata-resistance), rather than imitations -- Proteus, OMEMO, etc are also "inspired by Signal Protocol" but were unwilling to accept the AGPLv3 codebase and/or comply with the trademark, is my understanding.

Since he quit fbWhatsapp though, the majority of the current funding of signalapp is from billionaire Brian Acton... and there is an ongoing question of how Signal Foundation he co-founded with Moxie (which got put into motion around January 2018) will survive for the long term. See in particular https://community.signalusers.org/t/staring-at-screens-forever/7940 and the links therefrom. I have some ideas about that :-) but that is a story for another day.

Now, although it is certainly true that the long term funding-model of signalapp can be questioned, and might raise concerns, it is with the exception of Tox the only not-for-profit foundation. The others you mention which are in the privacyToolsIO listings, are all run by for-profit entities that have to make money somehow: Jami-fka-SFLphone is primarily driven by the Canadian consulting firm that was the original namesake of the product. Wireapp is explicitly selling their pro-flavour by getting people onto their freemium-flavour. MatrixOrg and RiotIM are operated as commercial ventures (different firms over the years), the long term bizplan is unclear to me yet but there is going to be such a bizplan. Briar isn't yet in the listings I believe, although I think it is worthMentioning with a caveat about platform-support being limited; not sure about delta (have heard it mentioned a couple times but not investigated it deeply yet).

Point being, saying that "well signalapp took money from facebook back in 2015" is very likely true, though we don't know the percentages/amounts... but whether that makes signalapp better-or-worse than wireapp or matrixOrg (or other tools in the privacyToolsIO listings), comparatively speaking, is a question that must be addressed relative to how THOSE tools get THEIR funding.

Second point being, history matters, but it is better to talk about the comprehensive picture and include the current funding models, rather than compare how OWS was funded in 2015 by preFbWhatsapp+facebook && freedomOfThePress+knight+shuttleworth+OTF+etc, versus how MatrixOrg was funded in 2015 by Amdocs, it makes more sense to contrast Signal Foundation 501c3 and Signal Messenger LLC of 2018+ versus MatrixOrg foundation/LBG and New Vector Ltd of 2019+.

engage in this intellectually dishonest bait-and-switch ...

Riiiiight. If you are proven wrong, and Snowden still endorses signalapp, it doesn't matter anyways because he is a "celebrity" and thus presumed to be incompetent? If you are proven wrong, that signalapp is funded as a 501c3 foundation nowadays, instead of getting big bucks from facebook presumably... and more importantly, that it is a foundation as opposed to wireapp which is wholly a commercial venture with a freemium product-line... arrrgh. Remove the mote, etc

They just send out armies of useful idiots

This is beneath you. Yes, you feel strongly about your positions, some of them useful stances and some of them misguided. No, people who think you are incorrect, are not A) paid shills, nor B) necessarily idiots. Retract please and stop that wrongthink.

if my life depended on it, I don't think I would use it with confidence, I don't think I would trust ANYONE with stakes that high. I am generally of the mind that "if it's on the end of a wire, it's unsafe"

Agree, if you are up against nation-state-level adversaries and thinking you can go toe-to-toe while holding a consumer-grade smartphone in your pocket, you are nuts. Old-school whispered face-to-face conversations, and Do Not Stand Out, are better bets. (Though if that really is your situation pretty much anything is perilous.)

my wife could be a mossad agent, some of the food she cooks....

I am not touching that with a ten foot pole. And you can tell your wife that I praised her culinary skills to the sky please, because I don't wanna get on her bad side :-)

Signal could allow users the option of using email to register

We have had this discussion in #779. That's only viable if you are happy storing metadata-server side, or happy to restrict the size of the userbase to a tiny niche of humanity forever. Otherwise you drown in spam, unstoppable because the combination of cheap-infinite-usernames and hardcore metadata-resistance is NOT feasible. This only works if you have a userbase the size of Jami or Briar, not if you have millions like signalapp... and for SURE not if you have hundreds of millions or billions. Number-shielding, on the other hand, is feasible... but quite difficult to implement in a backwards-compatible easy-to-use fashion.

And nikNums would not satisfy you, in any case :-) You want something serverless, and with cheap-anonymous-infinite-signup. That does not mean it is the only valid pathway, it just means, signalapp is not what you want. (The reason that things which are serverless and have cheap-anonymous-infinite-signup such as Tox and Jami fail to gain traction is that everyday endusers are not tech-savvy enough to deal with ethereum-based usernames and Tor exit-nodes and whatnot ... they want software that is easy-to-use and reasonably reliable. Serverless-plus-anonymity apps are VERY tough to make sufficiently easy-to-use, so tough that arguably it has never been done.)

feel uncomfortable about handing out our phone number to Moxie

If you don't feel comfy then don't do it. Nobody is forcing you. Pick another app. But, ahhhh, therein lies the rub: you have to get all your contacts to pick the same app, and signalapp is about the maximum amount of discomfort they can manage. So there is somebody forcing you: friends and family and coworkers. Jami and Tox are just impossible for the everyday non-tech-savvy type of enduser. They aren't gonna be able to install and configure and harden their own Synapse homeserver, either, and if they did manage to get it operational they would botch the infosec aspects. Maybe they can stomach wireapp, but you have to give up all your metadata and all their metadata, server-side, to do that!

If you want cheap-infinite-pseudonymous-signup, you can get it: it is called SMTP, and it has billions of endusers. But not many of them actually like email, because A) spam and B) lack of privacy. Look at the reality though: the vast majority of people that ARE still using email, are on gmail because they care more about getting away from spam than they care about privacy. This is the fundamental core problem for all messenger-apps: if you federate and allow cheap-infinite-pseudonymous-signup, then if you ever manage to succeed (against all odds in the modern world with actual endusers), a predatory proprietary competitor is practically guaranteed to come in, embrace extend extinguish you out of existence, and suck all your userbase away in a very brief timespan by mostly-solving the spam problem.

Signalapp is by no means perfect, and it is fairly hard to acquire a modicum of anonymity whilst using it -- not impossible though, with a bit of legwork, in most countries. The crypto is really really good though, and the metadata-resistance WITH ease-of-use is best in class by a long chalk. That is not everybody's cup of tea, but it solves a lot of the hard problems in a way that makes sense to some very competent folks.

downloaded Signal APK from the download page (not via play store).

Well, there is a https://signal.org/download which has the apps for everyday endusers, signal4android (playStore) and signal4ios (iTunes) plus signal4desktop (foundation repos). The "danger zone" page where tech-savvy folks can sideload via, is https://signal.org/android/apk

It asked for numbger to send a verification code. I tried many of the sites you can find on the web where you can receive an SMS. Most didnt work but a few did, and those can be chosen in any country.

This works, however, do be aware that if you use "gratis inbound SMS online" type websites to register your signalapp, you are going to be a bit less secure against number-hijack attacks (and so will everybody in any groupchats you participate in). If you mostly are using it for 1-on-1 chats and cryptocalls, that might be acceptable, with a registration-lock-PIN. More details/caveats here == https://community.signalusers.org/t/solution-for-registering-signal-anonymously/6329

I then went on to using a burner sim I had, put it in a crappy old flip phone, gave that number to Signal on tablet, got the text, and all working fine. IF I used tor/orbot on tablet, I can see Signal being anonymous with a bit of effort

Yes ... and you can also use landlines/etc, the simcard need not be in the android you install signalapp upon. Though that is "more than a bit of effort" by the standards of what everyday endusers are willing to stomach :-) People that want a modicum of anonymity though, can get a secondary num in various ways -- simcard for cash, burner handset for cash/barter, online voip num via tor and BTC-tumbled-through-Monero, et cetera. Legwork! Sometimes a lot of it, and you cannot really achieve perfect anonymity without functionality/usability compromises (e.g. using Tor every time you connect to signal-server messes up cryptocalls because of the high-jitter-high-latency nature of onion-routing.)

@strypey
Copy link

strypey commented Jul 18, 2019 via email

@strypey
Copy link

strypey commented Jul 18, 2019 via email

@strypey
Copy link

strypey commented Jul 18, 2019 via email

@strypey
Copy link

strypey commented Jul 18, 2019 via email

@five-c-d
Copy link

five-c-d commented Jul 18, 2019

on Wire. But unlike Signal, those accounts don't
have to be connected with a cell phone number

Signalapp does not require a cell-phone-num, or even a simcard. Just, any valid telco-num, where you are capable of receiving the inbound robo-call or inbound robo-sms at the time you register. (You don't need it later, everything is via the internet not the telco-network outside the proof-of-control step during registration and re-registration.) Can be a landline at your work, voip from twilio, burner num, disposable gratis sms online type thing, all kinds of options -- if you are willing to do a bit of legwork.

Wireapp's collection of metadata is mitigated by the option to use email-for-registration, yes... but not eliminated. Many of your contacts will be using their phone-nums (and they will have copies of all the messages on their devices so Eve can target them just as well as she can target you... probably easier in fact). There is also the network-layer, IP addresses and such. Do we know whether wireapp servers record the IP address? What about when one of your contacts uses the webapp flavour of wire, and the log-back-in-cookie? There is a lot of metadata there, and even if you are careful with your own metadata your contacts can still get your messages pwn'd if THEY are not also careful.

This partly applies to signalapp as well: they don't store IP addresses and such server-side, but if a signal-server node is presumed to be malicious, there is a LOT of timing-analysis and IP geolocation that such a node could do. Especially if some of your contacts are utilizing their cellnums and their unshielded IP addresses. Which is a common scenario! But the same exact scenario on wireapp... many of your contacts will be using their cellnums (or email addresses linked to their real legal name) and unshielded IP addresses. Thus, which is better partly depends on how worried one is about metadata... and partly depends on how much one trusts the opsec of one's friends and family and coworkers.

the unbelievers
and the FLOSS heretics

Signalapp is AGPLv3 server-side and GPLv3 clientside. It doesn't get more FLOSS than that. If you think that libre-licensing is not enough, and that signalapp must also be federated otherwise it is not "truly with the spirit of FLOSS" then you are wrong :-)

In addition to you being an unbeliever in signalapp -- which is fine -- you are also often factually mistaken. And you seem intelligent, but very prone to getting into ad hominem ... which you then correct many days later. I'm hoping to cure you of that ;-)

They just send out armies of useful idiots

This is beneath you.
Yes, you feel strongly about your positions,
some of them useful stances
and some of them misguided.
No, people who think you are incorrect,
are not A) paid shills,
nor B) necessarily idiots.
Retract please and stop that wrongthink.

Nowhere did I claim anyone is getting paid

That is true! You just claimed that every person defending signalapp, was "sent out" by Signal Foundation and the billions of dollars behind it. So yeah, pedantically speaking, you CAN wiggle your way out of calling people paid shills. In reality you only said they were shills ("sent out") and merely strongly implied that they were paid shills. Retract please.

I specified "useful idiot"
which is a term with a particular meaning ...
If the cap fits, wear it
Otherwise, why comment on it?

Because I'm not an idiot, infosec-handbook is not an idiot, Edward Snowden (citation still needed o'course) is not, and so on. Every time you comment on signalapp you end up getting emotional and dropping into attacks on the people you are talking with.

You can pretend that calling somebody a useful idiot, is not implying they are an idiot. Pretty much like you are pretending that calling somebody a shill of a billionaire foundation, is not implying they are a paid shill. But I'd have to be an idiot to miss your obvious implications. Retract please, thrice I ask of ye.

This is what I mean by wrongthink: the assumption that, if somebody disagrees with you, you are justified in stooping instantly to name-calling. And then trying to wiggle out of being a name-caller, with semantics! Not productive. Beneath you.

you're really just engaging in more bait-and-switch

I don't think you are clear on the meaning of words here. But then... it is obvious you DO understand the meaning of the words, but since you feel like I'm arguing unfairly, any tactic you "have" to stoop unto, is legit? If I start mass-quoting you, you will just complain about that. I'm quoting the parts where you are either omitting something that I think needs expansion (incompleteness), or stating something untrue (incorrectness). You and I generally agree about most things, except when you are emotionally angry, at which point you decide I'm your enemy and the ends justify the means, anything goes.

I'm not your enemy, but I cannot possibly be your friend when you act thataway. Either shape up and argue the merits of your positions, or just admit you are incapable of sticking to the merits and prefer flaming-now-and-apologizing-belatedly-much-later. To me that is not a useful mode of discussion, and certainly not for github -- if you want flamewars you can get them anywheres, if you want technical and deep discussion on the merits, there are worse places than github.

The only thing that makes these more difficult to use than Signal
is UI that gets chucked together by engineers, who are
more focused on getting a pioneering back-end architecture working ...

I'd consider CDS to be a pioneering backend architecture :-) But that said:

  • in addition to lack of funding due to lack of a plan,
  • in addition to being designed by people who see usability as a secondary thing rather than a prereq to mass adoption, and
  • in addition to prioritizing the complex backend architecture over simplicity,

...there also, on top of all those decisions which hurt usability by everyday endusers, just the design-choice of how users are identified. There are privacy-difficulties with using phone-nums, but those are not insurmountable. NOT using phone-nums, means, using something ELSE which means endusers have to be competent enough to do that without screwing it up somehow. Pseudonyms and passwords are normal... and everyday endusers screw them up. That's just with wireapp, which at least tries to target everyday endusers, and has a bog-standard backend from what I can tell. Get into Tox and Jami and the identifiers become extremely cumbersome, discoverability of friends & coworkers quite difficult, etc.

Naming is hard, and one of the main advantages to piggybacking off the telco-num is that you ARE piggybacking off the telco-num, which almost every potential enduser understands, knows how to remember, knows how to swap, etc. The downside of that ubiquity and usability, is inherent to the upside: it IS a telco-num, and most people aren't very privacy-conscious when they acquire telco-nums, and the carriers make anonymity difficult.

So yeah, it is a huge design-tradeoff to start with phone-nums as the identifier. But if you want to have end2end crypto plus minimal server-side metadata, you HAVE to disallow infinite-cheap-pseudonyms. Second, if you want usability, you REALLY need to find some way to let everyday endusers find their friends in the chat-app... and phone-nums, for all their downsides, do that (plus CDS helps mitigate some of the downside). Plus: phone-nums are expensive/difficulty enough to acquire, that they are out of range of the vast majority of spammers, double-win. People that are serious about getting a modicum of anonymity, can actually do so... mostly just involves legwork and know-how. The key to stopping mass surveillance in the long run, is mass adoption, and without usability you cannot get that. Is there a happy medium, with number-shielding and multi-account setup, or with proof-of-work registration as an alternative to proof-of-telco-num registration? Maybe, in the medium-to-long-run, I think so at least. But that's not easy, it won't happen next week.

@strypey
Copy link

strypey commented Aug 2, 2019

@five-c-d

if you want technical and deep discussion on the merits

I agree this is what is useful here. I apologize for engaging in useless meta-discussion. I still see you reading things into my comments that aren't there, but that wouldn't happen if I either stuck to the topic or disengaged from discussions that devolve into non-technical claims (celebrity endorsements etc). I'll do my best to do so from now on.

BTW as you might expect I disagree with some of your comments on Jami, but they are off-topic here, and another way to avoid useless meta-discussion is to stay on -topic.

@Mikaela Mikaela added the [m] Matrix protocol label Dec 6, 2019
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
[m] Matrix protocol
Projects
None yet
Development

No branches or pull requests