this post was submitted on 23 Sep 2023
529 points (99.4% liked)

Technology

59559 readers
3385 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Meredith Whittaker reaffirms that Signal would leave UK if forced by privacy bill::Meredith Whittaker, the president of the Signal Foundation, the organization that maintains the Signal messaging app, spoke about the U.K.'s controversial new privacy bill at TC Disrupt 2023.

you are viewing a single comment's thread
view the rest of the comments
[–] Varyk 15 points 1 year ago (22 children)

People vaguely disparage signal on social media a lot, what's the evidence for signal having a backdoor?

[–] [email protected] 58 points 1 year ago* (last edited 1 year ago) (21 children)

The fact that they store encryption keys on their servers in the cloud, relying on SGX lock boxes to prevent trivial exploitation of those keys.

In information security, as with intelligence work, it's about capabilities not intent.

Signal has the capability, to brute force the SGX enclosures, or even use trivial code signed by Intel to simply export the keys from SGX enclosures, which means all of the encryption keys stored in signals cloud, which is all of them, could be compromised. That is a capability they have.

SGX has had multiple exploits, especially side channel attacks through timing, and other metadata in the CPU. Intel is a US corporation, and their subject to national security letters, so they could be compelled to release their SGX signing keys..

All the Lego pieces are there for signal to have a back door. It's about capabilities. I'm not saying they have a back door, but the pieces are there for one.

If you recall a few years ago, there's a big hullabaloo about signal storing encryption keys in the cloud behind four digit pins.. this is why people are so angry about it. It means we have to trust the central servers, which is antithetical to the capability model that we talked about.

That being said we are reasonably sure the signal client code is secure. So if you disable pin codes and signal, your encryption key is still sent to signal cloud, but it is signed with a cryptographically secure 128-bit something code. So that's fine. But if everybody you're talking to hasn't disabled the pin, then the other side of your conversation is still exploitable.

TLDR: signals great if your threat model does not include five eyes intelligence services, and if your threat model does include five eyes intelligence services you should use something else. Not by intent, but by capabilities.

[–] Varyk 24 points 1 year ago (20 children)

Thanks very much for the breakdown. I was totally unaware of the keys being stored in the cloud, that seems like a terrible idea for a privacy based messaging system.

Are there more secure alternatives?

[–] SimplePhysics 11 points 1 year ago (3 children)

Matrix has absolute shit adoption, but is open source and pretty secure. Then there is always Telegram.

[–] Varyk 5 points 1 year ago (1 children)

Okay cool. Thanks. Oh I didn't even know telegram had encryption capability

[–] SimplePhysics 3 points 1 year ago

Almost every chat platform uses encryption by default, including telegram. If you are talking about E2EE, you have to enable that manually for each chat.

[–] [email protected] 5 points 1 year ago (1 children)

Do you still have to consciously enable encryption in Telegram? That was the gripe people had with it for a while. Chats weren’t encrypted by default.

[–] SimplePhysics 3 points 1 year ago

Yes, you still do for E2EE.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

Matrix is really awesome and I hope it becomes the gold standard. However, if I were a Snowden, I would pick signal over matrix for the simple reason that signal doesn't store your conversations on the server. Matrix does. Those conversations are encrypted client side with a key the server doesn't have, but they are still stored centrally. That has advantages and disadvantages. It is much better for usability, because you can log in from any device and you see all of your conversations in one place. Unlike signal, there are no primary and linked devices, you can run matrix on desktop, laptop, phone, tablet, or straight from a web browser. When logging in from a new device, you need your username, password, and to either authenticate the session from another device, or manually put in your encryption key to decode the chats. That also means there is no need for backup or restore of anything other than your encryption key. For that reason, I am more frequently pushing people to install matrix than signal these days.

However if security is more important than usability, signal wins, if only because there is never a question of storing anything on any server. Start a chat with somebody, make the messages disappearing, and you can be pretty sure that as long as neither of your devices are captured while the chat is in progress it will never be seen by anybody.

[–] [email protected] 4 points 1 year ago (1 children)

This breakdown makes me much more hesitant to ever use Signal over Matrix. Signal is storing the keys themselves, where as Matrix is storing messages that can’t be decrypted and no keys. If the keys on Signal’s servers are ever stolen, you can kiss all of your message privacy goodbye. If a Matrix server is hacked, the user can’t do anything with the messages because they’re encrypted and no keys are stored.

You also have the option to host your own Matrix server and have more control—something that is not an option with Signal.

[–] [email protected] 3 points 1 year ago

The key that is stored server-side by Signal are only used to decrypt your profile, your contacts and groups, and your app settings. It is not used to decrypt your messages. And my understanding is that if you set a secure password instead of a pin, the key will be encrypted by your password before being uploaded, anyway, meaning that it’s e2ee, too.

Also, you can host your own Signal server, though I suspect doing so is more complicated than hosting a Matrix server. The code is almost fully open source (and I only say “almost” because, in the past it was not uncommon for the code on Github to be several months out of date - the license is a FOSS license). However, Signal isn’t federated, so you wouldn’t be able to talk to anyone using the Signal app or a fork on the main Signal server - unless you forked the app and made it able to manage accounts on multiple different servers.

Matrix also doesn’t encrypt metadata and it syncs conversation metadata to every involved server. As recently as 2022 Matrix had several critical vulnerabilities discovered (and patched). I wasn’t able to find any record of the audits mentioned in that article, so I have no clue how they performed, but regardless, even if just based on the metadata alone, currently Signal is more secure.

From a FOSS perspective, it makes sense to prefer Matrix over Signal (or maybe XMPP?). Signal - Moxie specifically - has been downright hostile to forks (refusing to allow them to use the Signal server with their frontend fork) and I remember him rejecting PRs and being rude toward contributors, too, though my memory’s a bit fuzzy on the specifics. That was a few years ago, so maybe it’s gotten better, but even if so, Signal isn’t federated and likely never will be, so any developer would have a lot more flexibility building things for Matrix or contributing to existing Matrix projects.

load more comments (16 replies)
load more comments (16 replies)
load more comments (16 replies)