As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
Non of your points are really any concrete proof of Signal being backdoored.
I also addressed this, in the NSL section. It is illegal for signal to tell you that, otherwise they all face heavy prison time. Your default position then is to “trust” US services… not a good idea from a privacy standpoint given the history of surveillance disclosures.
However, Signal is like the one application that’s user friendly and is NOT compromised, and you seem to be completely attacking it.
I have reason to believe that Signal is NOT compromised. and the code is indeed Open Source and can be trusted.
I don’t trust the US, but I do trust Moxie Marlinspike to be a privacy advocate, he has spent his entire career being an advocate for privacy.
although Signal went a whole year without publishing server source code because they were being subtle about introducing mobilecoin crypto-asset support, and they didn’t want people to jump hog wild into mobilecoin. However, they now have released the server source code, therefore I do not think this is a valid argument.
I appreciate your critique and well written essay, as well as your motivation. Thank you again for writing this, and I will heed your advice and be more skeptical of signal foundation. However, but I have followed Marlinspike for years, and was an early signal adopter, so I do have some trust that the project is not compromised.
comment from lobster also makes some good points here, and I tend to agree with this guy
This take comes up every so often, e.g. in some of the linked articles. I’m sympathetic to many of the concerns raised, but I’ve yet to see serious engagement with some of the deeper issues raised. For example:
A significant number of security and privacy-enhancing technologies (PET) have received US military funding or other support. See: Tor from the Naval Research Lab, OpenBSD from DARPA. SELinux comes from the NSA. The Open Technology Fund has also support Ricochet, WireGuard, ?
Delta.chat, and Briar (that the author recommends), etc. (link). Are all these tools suspect?
As an aside, the EU also funds a significant number of PETs. While not as egregious as the US, the EU is no enemy of mass surveillance, either.
One reason for Signal’s centralization is, in short, that it’s hard to update federated protocols, including their security features. E2E encryption in XMPP or email is still a pain, and far from usable for most people. I hope that e.g. Matrix can pull it off, but they face challenges that centralized services don’t. With a centralized service, you know that you can handle unforeseen security developments quickly. Shouldn’t this be a key priority for a security tool?
Using phone numbers as identifiers has its benefits: you don’t need to store users’ contacts on your servers. A service like Wire, that does allow you to sign up without a phone number, has to store your full social graph on their end. Avoiding this sort of metadata is a hard problem — Signal has opted for minimizing the amount they store.
It’s hard to overstate how much ease of use matters when it comes to gaining mass adoption for these tools. For a long time, privacy & security tools were super user-unfriendly, reserved only for a small technical elite (see PGP). If we want to combat mass surveillance, we need tools that the masses want to install (in my experience, it’s hard enough to convince activist groups to migrate off Discord or Slack — the alternatives need to be similarly easy to use).
How do you feel about the guy who donated 50 million to Signal? He probably has the most influence on the project second only to Marlinspike.
Thanks for linking Libresignal, read over its readme.
But really 3rd party clients are beside the point: the main thrust of the article is about signal being a single, us domiciled, centralized service. They don’t let you self host a server, and you also have no way of verifying their server code. You just have to “trust them”.
What I mean is that Signal is more of a code dump rather than a truly free software project, it’s developed mostly internally, in that way Matrix is much more a true community project.
So if we don’t know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn’t that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.
I self hosted early on and it wasn’t particularly time consuming.
Again, the specific issue with Signal is that it is located in the US, which has pretty authoritarian practices against exactly the type of organisation that runs Signal. This potentially makes Signal problematic even if the people running it have the best intentions.
Is this context the use of phone numbers is questionable too, in my opinion at least. The given rational is that it makes it easier for users to sign up, but that’s really not true. Email is used by pretty much everyone and doesn’t rely on phone numbers. I’m sure someone thinking half a day about user IDs that aren’t carrying inherent privacy risk will likely come up with something.
I had my parents using matrix for years without issue in a quite advanced age and they had no issues desite not using phone numbers…
Got to ask now: are you working for Signal? It really sounds like it…
Re sysadmin and self hosting it really depends on the scope. You can follow basic security recommendations, which you will set up once, and which will protect you from bots and scripts. What about targeted attacks? Not sure, but if you host for yourself or family and friends only, I wouldn’t take this as my threat model.
I have a Nextcloud server running for about 4 years now with close to zero downtime. During those years I had perhaps two instances where I did larger upgrades which took me perhaps an hour on two weekends to prepare (basically backing stuff up, dealing with the excitement, reading up) and then maybe one evening to execute.
I’m sure hosting for millions of people who might end up sending lawyers your way is difficult. Running something like matrix yourself for friends and family simply isn’t and it removes all the security and privacy risk that comes with trusting an US based organisation that had its share of controversies, and more importantly is subject to the questionable laws and enforcement practices.
Anyone who had installed linux and is happy to work with a console would be capable of learning how to self host in a reasonable amount of time.
deleted by creator
As I noted in my article, remember when signal went a whole year without publishing their server source code updates?
I also addressed this, in the NSL section. It is illegal for signal to tell you that, otherwise they all face heavy prison time. Your default position then is to “trust” US services… not a good idea from a privacy standpoint given the history of surveillance disclosures.
I appreciate and admire your motivation @dessalines@lemmy.ml
However, Signal is like the one application that’s user friendly and is NOT compromised, and you seem to be completely attacking it.
I have reason to believe that Signal is NOT compromised. and the code is indeed Open Source and can be trusted.
I don’t trust the US, but I do trust Moxie Marlinspike to be a privacy advocate, he has spent his entire career being an advocate for privacy.
although Signal went a whole year without publishing server source code because they were being subtle about introducing mobilecoin crypto-asset support, and they didn’t want people to jump hog wild into mobilecoin. However, they now have released the server source code, therefore I do not think this is a valid argument.
How do you feel about marlinspikes ruthlessly banning all third party clients and server implementations? Or his choice of phone # identifiers?
Yes I do not see why we should trust any system which forbids self-hosting, especially when alternatives exist.
I appreciate your critique and well written essay, as well as your motivation. Thank you again for writing this, and I will heed your advice and be more skeptical of signal foundation. However, but I have followed Marlinspike for years, and was an early signal adopter, so I do have some trust that the project is not compromised.
comment from lobster also makes some good points here, and I tend to agree with this guy
How do you feel about the guy who donated 50 million to Signal? He probably has the most influence on the project second only to Marlinspike.
False.
There are a few 3rd party clients. They all identify themselves to the server that they’re 3rd party clients and they haven’t been banned.
Thanks for linking Libresignal, read over its readme.
But really 3rd party clients are beside the point: the main thrust of the article is about signal being a single, us domiciled, centralized service. They don’t let you self host a server, and you also have no way of verifying their server code. You just have to “trust them”.
deleted by creator
deleted by creator
This would be a truly problematic sentiment in some other cases. But the point here, is that unlike Matrix, Signal is not really ours.
deleted by creator
What I mean is that Signal is more of a code dump rather than a truly free software project, it’s developed mostly internally, in that way Matrix is much more a true community project.
deleted by creator
Sure. Signal is a better choice than the clown that’s Telegram.
deleted by creator
So if we don’t know what runs on the server side, how do we know then that this is not used to map user networks, i.e. who communicates with who? From an activist POV wouldn’t that be a significant risk?
Also, even if you trust the company today, given that it is US based, it is subject to the gag orders the US government agencies hand out. So that makes it still a problem, no?
deleted by creator
Self hosting of the synapse server is pretty well documented. There even is an ansible script to speed it up.
I self hosted early on and it wasn’t particularly time consuming.
Again, the specific issue with Signal is that it is located in the US, which has pretty authoritarian practices against exactly the type of organisation that runs Signal. This potentially makes Signal problematic even if the people running it have the best intentions.
Is this context the use of phone numbers is questionable too, in my opinion at least. The given rational is that it makes it easier for users to sign up, but that’s really not true. Email is used by pretty much everyone and doesn’t rely on phone numbers. I’m sure someone thinking half a day about user IDs that aren’t carrying inherent privacy risk will likely come up with something.
I had my parents using matrix for years without issue in a quite advanced age and they had no issues desite not using phone numbers…
deleted by creator
Got to ask now: are you working for Signal? It really sounds like it…
Re sysadmin and self hosting it really depends on the scope. You can follow basic security recommendations, which you will set up once, and which will protect you from bots and scripts. What about targeted attacks? Not sure, but if you host for yourself or family and friends only, I wouldn’t take this as my threat model.
I have a Nextcloud server running for about 4 years now with close to zero downtime. During those years I had perhaps two instances where I did larger upgrades which took me perhaps an hour on two weekends to prepare (basically backing stuff up, dealing with the excitement, reading up) and then maybe one evening to execute.
I’m sure hosting for millions of people who might end up sending lawyers your way is difficult. Running something like matrix yourself for friends and family simply isn’t and it removes all the security and privacy risk that comes with trusting an US based organisation that had its share of controversies, and more importantly is subject to the questionable laws and enforcement practices.
Anyone who had installed linux and is happy to work with a console would be capable of learning how to self host in a reasonable amount of time.