@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.
1. Signal has closed source elements and as such cannot be trusted as a whole
2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.
3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.
What part of Signal isn't open source? Here is the server code https://github.com/signalapp/Signal-Server
Signal doesn't have a business model. It's not a business, it's a non-profit funded by a billionaire. It doesn't have ads, sell (or collect) data, etc.
One thing I appreciate about the Signal project is they don't make claims about security that aren't true.
Projects like bitmessage are great, but really need to prioritize UX if they want to be accessible outside of a tiny niche.
@micahflee @tuxicoman client side calling code ("optional functionality") is not open source. this hooks directly into the rest of the code and can be used for spying even if the rest is completely honest. We cannot check on that. Any kind of business model is honestly irrelevant. A billionaire doesn't want payment in money, they are in it for the leverage. And they got Whatsapp. Whatsapp is basically the current business model.
Again, you are probably right that I am paranoia about this...
@lapingvino @tuxicoman what do you mean "client-side calling code"? Are you referring to all this webrtc code for voice calls? https://github.com/signalapp/Signal-Android/tree/master/src/org/thoughtcrime/securesms/webrtc
Signal is very well designed and easy to use, and secure for what it tries to do: end-to-end encrypted replacement for unencrypted SMS and voice calls.
It's not the right tool for every situation, but like, it's pretty awesome.
@micahflee @tuxicoman Another problem about Signal is that it is not very clear in communications about what it protects you from and what not. Insecurity by obscurity, people don't know what will give them away. That's what I mean with security theater: they are technically providing protection and that is tried and works, but people don't understand crypto and security well enough to understand how safe on which parts it actually is.
@micahflee @tuxicoman Adding metadata encryption will lure people into a bigger sense of security that might not be justified, so people take more risks and any spying done on data that is giving itself away will be much more effective. You basically know that security minded people will use it, and might risk their lives doing so.
While I use Signal on daily basis, Wire is becoming my preferred communication app.
Me and my friends have more and more issues with Signal like very big delays in message delivery, problems with successfully making calls and so on. I would blame my phone for that, but I hear about this also from friends who communicate with their contacts with the same issues.
Wire also lets me retain my phone number for myself and use the same account on several devices. 😉
@bob @micahflee @tuxicoman SSB has a kinda in-between approach for private messages. it hides metadata better than the signal plan and it provides less load than bitmessage because it uses network proximity. it is expected in the network that some messages won't reach their destination. bitmessage has better reliability if you don't have an existing social network you can route the private message through. Telegram makes the right trade-offs for a server oriented system.
I do like that Telegram is in F-Droid, but the absence of Signal there is (AIUI) because of a dependency on closed source Google code. You have to trust Google anyway to use it because Android, so I don't see this as a problem.
There's nothing closed source in the official build.
Personally I'd like Signal in F-Droid. But I think Moxie's argument is that secure software delivery is hard, releasing to two app stores introduces complexity, and F-Droid doesn't give analytics or crash reports. In the end, I think he just doesn't care much because only a tiny (but loud) fraction of the user base doesn't have the Play Store
@freakazoid @tuxicoman @micahflee the home grown crypto is made for easy usability (it's much easier on phone hardware) and if it breaks down some time, it can easily be replaced. The problem with well-audited generally known crypto is twofold: 1. if one thing breaks, everything breaks. You want diversity to be able to switch to something not broken yet if something breaks down all of a sudden. [1/2]
@freakazoid @tuxicoman @micahflee 2. mainstream crypto is US government grown, and there are unverifiable by the nature of the problem suspicions that they might have built in a one-way backdoor in the crypto by choosing the default parameters (e.g. in the case of Bitcoin using non-standard parameters I think that might be a reason) in use by everyone. This means that with non-diverse crypto, a problem means that everybody is spied on instead of a part. [2/2]
@freakazoid @tuxicoman @micahflee @lapingvino Ditto the idea that we need crypto that's "much easier on phone hardware". https://mcqn.com/files/images/GNL-SignalComms.gif shows the Signal code running on 48MHz ARM Cortex-M0 hardware - both encrypting and decrypting (and doing a tiny bit of local network comms in between). There's no way Signal crypto is taxing your smartphone
@freakazoid @tuxicoman @micahflee @lapingvino @amcewen I hear that https://github.com/ctz/cifra also has a Salsa20 implementation that can be used IRL, but I haven't actually tried it. http://www.cs.haifa.ac.il/~orrd/LC17/paper39.pdf might also be an interesting read.
Hell, I can do useful encryption on a 10-yo laptop which is definitely worse than a modern, high-end smartphone.
Low-power devices are important for a lot of people, we didn't need to wait for smartphones to develop appropriate crypto...
@micahflee Bah, just as I thought I was getting close to getting Arduino IoT comms to be as secure (by porting libsignal to it) they go and move the goalposts... 🤣 🤣 🤣
@micahflee my big problem with signal is that you can't host your own server, you have to stay stuck with their centralised infrastructure...
@micahflee Not sure what it protects against. Isn't it easy for the server to associate a TLS socket with an user / phone number? Then what extra protection do the users gain by hiding the sender when the message is being sent via an authenticated TLS socket on a server they can't control?
@wlanpu long thread pero vale pa comprender las diferencias entre Signal/Telegram
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!