364

Signal's Meredith Whittaker scorns anti-encryption efforts as 'parochial, magical thinking' | TechCrunch (techcrunch.com)

submitted 3 months ago by Dehydrated@lemmy.world to c/privacy@lemmy.ml

44 comments fedilink hide all child comments

top 44 comments

sorted by: hot top controversial new old

[-] kbal@kbin.melroy.org 42 points 3 months ago* (last edited 3 months ago)

Well, she's not wrong that we need more influential people fighting back against this latest push in the global coordinated effort to put an end to communications privacy. It's really quite alarming how little attention it seems to get most of the time. Civil society seemed much more robust when it fought off similar attacks in the 1990s. I do hope that the "VC community" isn't our only hope.

But of course Signal can’t interoperate with another messaging platform, without them raising their privacy bar significantly

Signal is supposed to be free software. You could probably manage to interoperate at least with other operators of actual Signal-Server instances, if you wanted to.

[-] possiblylinux127@lemmy.zip 8 points 3 months ago

The problem with trying to be compatible with everything is that no one can agree on what a good protocol should be. Trying to force apps to work together is problematic as you end up creating a large attack surface.

I appreciated what they want to do but the GDPR has kind of gone over the top in my opinion.

[-] LWD@lemm.ee 8 points 3 months ago

There's already something like this and it's called SimpleX. Messages are sent through relays and a very familiar form of ratcheting encryption is used.

It's still in its infancy, but anyone can run and use their own relay.

[-] possiblylinux127@lemmy.zip 3 points 3 months ago

Simplex is a great example of why trying to force apps to work with each over is bad for a number of reasons.

Simplex chat would be massively compromised as a messager if it was required to work with Telegram. Imagine the amount of spam you would get if nothing else.

[-] LWD@lemm.ee 1 points 3 months ago

IMO a better example is Matrix bridging - in order for an app like Signal to work on your Matrix account, you do have to compromise your Signal messages on it.

But otherwise, yeah, I definitely agree with your assessment. Even if Signal and SimpleX used an identical protocol, the nature of sealed sender messages would make spam prevention and server abuse more difficult to handle IMO. SimpleX is still relatively obscure, and I'm not sure what scaling up will look like for it.

[-] haui_lemmy@lemmy.giftedmc.com 6 points 3 months ago

I run a matrix server that interoperates with signal, whatsapp and discord so people who need to use those platforms are able to use one app instead of three and also keep their info private.

[-] LWD@lemm.ee 5 points 3 months ago* (last edited 3 months ago)

How's that keep people's info private? Every Signal-Matrix integration I've seen decrypts the data and just holds it unencrypted on a (Matrix) server.

[-] haui_lemmy@lemmy.giftedmc.com 2 points 3 months ago

I‘m talking about apps like discord or whatsapp that have a lot of info on you when you open them. The open source clients are a lot less data hungry afaik.

But yes, the encryption between the apps is not seamless so you‘d need to activate encryption again for this if you want it.

[-] LWD@lemm.ee 4 points 3 months ago

Maybe. If you communicate on Matrix with someone who is bridged from Discord, you have now given Matrix data to Discord and Discord data to Matrix. Which isn't great for privacy at all.

Granted, I guess you don't have to use the Discord app at that point, but the extra data is a server-side treasure trove regardless.

[-] haui_lemmy@lemmy.giftedmc.com 2 points 3 months ago

I dont know where you got that info from but afaik the most data collection is automated and does not include manually sifting through stuff. Having a discord bot does not give discord the info from a persons matrix account. Its the persons decision if they want to name the matrix account the same (which they shouldnt).

[-] LWD@lemm.ee 1 points 3 months ago

Well, it's not all your Matrix data, but if you don't trust Discord with writing an app that runs client-side, I'm not sure why it's helpful to trust them with holding onto your conversions with other Discord users either...

I've also run a Matrix server and I can tell you from experience... You shouldn't trust me with your conversations. Even if I was a good friend, I'm definitely not a security professional!

[-] haui_lemmy@lemmy.giftedmc.com 1 points 3 months ago

Well, I‘m not a security professional but an admin. Keeping people out of your matrix chats isnt that hard if you follow some standard procedure.

Sending 1000 texts to discord through matrix is a lot different than having 1000 texts and all photos, geo coding, contacts and microphone accessible.

[-] LWD@lemm.ee 2 points 3 months ago

You can't keep the admin out of your Matrix chats and bridge them to Signal (or Discord) though. Either they sit around effectively unencrypted on a server that's built to hold data and especially metadata forever (which is one data breach away from being everybody's data) or the user has to just not use Signal bridges.

I guess if you're comfortable with that it's fine, but I'm really not.

[-] haui_lemmy@lemmy.giftedmc.com 2 points 3 months ago

Thats what I meant. The admin is the person that most always has your data but data breaches are other people getting in which is not that hard to prevent. You dont have to run faster than the bear… just faster than the guy next to you.

For signal we assume that native connections are e2ee, for whatsapp I‘m less sure thats really the case and for discord we know that nothing is encrypted.

So yes, if someone got into the server and started poking around undetected, one might have their signal texts laid bare. I‘m pretty sure the likelyhood isnt as high as a phone getting hacked, especially for small servers that are obscure.

In any case, you do you.

[-] LWD@lemm.ee 2 points 3 months ago

Which gets right back around to my point. If you use Signal, but you stick a Matrix server onto it, you have made your data less private.

It's not choosing between "your phone could get hacked" OR "another admin can see or accidentally leak your data"...

It's choosing between "your phone could get hacked" or "your phone could get hacked and extra points of failure are added too."

Matrix bridging is a convenience service, like Beeper was... Definitely not a privacy one.

[-] haui_lemmy@lemmy.giftedmc.com 2 points 3 months ago

And it turns right around into my point: aside from signal, there is no such thing as privacy and discord and whatsapp should at best not be executed on your phone. And no, the person using a bridge on a server that is not their own is not the person that correctly sandboxes the app or roots their phone.

[-] honk@feddit.de 2 points 3 months ago

free software doesn't necessarily mean federating with other services.

They have stated their reasons why they don't wanna do it. You might disagree with them or not. But the technology they built is still open. Anybody could take what they created and use it as a foundation that does federate.

[-] turkishdelight@lemmy.ml -1 points 3 months ago

I have been disappointed by signal so much that I'm not suprised by this. There is no legitimate justification to why they don't distribute on F-Driod.

[-] turkishdelight@lemmy.ml 27 points 3 months ago

Why is Signal not on FDroid, or heavily use Google services?

[-] Dehydrated@lemmy.world 39 points 3 months ago* (last edited 3 months ago)

Signal doesn't "heavily use Google services". They only use proprietary libraries and integrations for 2 purposes: Donations and push notifications. Signal uses the platform's native way of handling push notifications, on iOS it's APNs and on Android it's FCM. This is also the reason why it's not available on F-Droid. You can use a fork of the app like Signal-FOSS or Molly. These remove all proprietary dependencies and you can download them from their custom F-Droid repositories.

[-] geoma@lemmy.ml 14 points 3 months ago

Molly is wonderful but I use signal-foss because it shares openstreetmap location by default 🤩

[-] Dehydrated@lemmy.world 4 points 3 months ago* (last edited 3 months ago)

Molly claims to use OSM in their FOSS builds: https://github.com/mollyim/mollyim-android/blob/main/README.md#dependency-comparison. I can't confirm this because I never use any Signal features that require map integration.

[-] geoma@lemmy.ml 3 points 3 months ago

Wow, this is news for me. I've been following this issue on the git but there's no news about this there at least.

https://github.com/mollyim/mollyim-android/issues/203

[-] Dehydrated@lemmy.world 2 points 3 months ago

Have you tried out Molly? If yes, did you use the normal version or the FOSS build? Btw the Version available on Accrescent is also FOSS

[-] roguetrick@lemmy.world 2 points 3 months ago

Have you tried out Molly?

Nah, I get hypomania from buproprin. I think ecstacy would put me straight into serotonin syndrome.

[-] zwekihoyy@lemmy.ml 2 points 3 months ago

fkn same

[-] Dehydrated@lemmy.world 2 points 3 months ago

I like the direction this is going

[-] geoma@lemmy.ml 1 points 3 months ago

I have used it (molly-foss)but haven't in a while, just waiting for it to enable OSM location sharing to switch back to it. Didn't know about accrescent. What's the deal about it compared to droidify or f-droid?

[-] Dehydrated@lemmy.world 2 points 3 months ago* (last edited 3 months ago)

It's more secure than F-Droid. It's still in a pretty early stage of development though and currently only offers a handful of apps.

App signing key pinning: first-time app installs are verified so you don't have to TOFU.

Signed repository metadata: repository contents are protected against malicious tampering.

Automatic, unattended, unprivileged updates (Android 12+): updates are handled seamlessly without relying on privileged OS integration.

First-class support for split APKs: downloaded APKs are optimized for your device to save bandwidth.

No remote APK signing: developers are in full control of their app signing keys.

[-] geoma@lemmy.ml 1 points 3 months ago

Cool.thanks!

[-] Buddahriffic@lemmy.world 2 points 3 months ago

I have to be misunderstanding what you're saying because it sounds like you're happy that app shares your location by default? Or do you mean it uses that format by default when you decide to share a location?

[-] geoma@lemmy.ml 9 points 3 months ago

I meant that it uses the OSM "format" when I decide to share it voluntarily. That totally makes sense for me. I don't want to be sharing no Google links.

[-] ruplicant@sh.itjust.works 17 points 3 months ago

there is a fork with proprietary dependencies removed called Signal-FOSS, whose repo you can add to F-Droid if you decide to trust it

[-] Unreliable@lemmy.ml 15 points 3 months ago

There are several Signal forks on f-droid that remove the need for Google services iirc.

[-] onlooker@lemmy.ml 13 points 3 months ago* (last edited 3 months ago)

To answer your second question: they advertise Signal as a secure and private messenger, so heavily using Google services would be kind of counter-productive. To answer your first question: here.

[-] possiblylinux127@lemmy.zip -1 points 3 months ago* (last edited 3 months ago)

Because they don't seem to care about free software I guess

You can use Molly if you want more freedom. I do wish that Signal would build in orbot to avoid censorship.

[-] delirious_owl@discuss.online -4 points 3 months ago

Because signal doesn't care about privacy or anonymity

[+] banneryear1868@lemmy.world -17 points 3 months ago

Might as well use whatsapp in that case which is debatably on par or better than signal for encryption.

[-] turkishdelight@lemmy.ml 11 points 3 months ago

We don't have any clue on how good whatsapp encryption is. It's closed source.

[+] banneryear1868@lemmy.world -14 points 3 months ago* (last edited 3 months ago)

The whitepaper explains it in detail. Closed source doesn't mean worse by default. In a lot of cases the opposite since professionals were hired and paid for their work and the company thinks they have an edge on the competition. Open source is more of a grab bag. Commercial use of open source is plagued by abandoned projects and lack of support obligations, even though it might be better in certain instances.

[-] Huschke@lemmy.world 8 points 3 months ago* (last edited 3 months ago)

Closed source does mean it's worse by default because we can't verify what the app does. The only things we really know about Whatsapp are:

Meta is scanning your texts before the message is sent. Back when I last used it you could easily verify this by typing a url and having the app underline the url for you.
Meta is collecting an enormous amount of Metadata. This can also be verified by checking the permissions the app has and by various people that have monitored the background activity of the app.
Meta is using the Signal protocol to send the message. However, as previously explained this means nothing because they already scanned the message prior to sending it.

So with no way to look at the code we have to assume that Meta is collecting and storing the messages and their metadata.

[-] banneryear1868@lemmy.world 0 points 3 months ago* (last edited 3 months ago)

Most industry standard software that people use in their jobs is closed source. When you watch movies or listen to music or play video games you're supporting proprietary software. Same with finance and basically any office job. Niche IT jobs are the exception but I've been in enterprise IT for 20 years and this is just how it is in a capitalist economy. I'd prefer for public ownership of technology platforms but it's basically reduced to a consumption model within the current system. Like the platforms people consume media through isn't very significant, which the open source community puts a lot of ideological importance on. Most open source projects are also abandoned and become obsolete too quickly. I've basically been relying on the same set of proprietary Adobe software for part of my income since the 90s, can't name an open source alternative that does what I need it to do or has this longevity even though I'd prefer it.

Btw a way you can verify the security of a chat app is by reading case docs from law enforcement about what's required to obtain communications through said platform. With whatsapp the closest they can get to message content is by retreiving cache from the iPhone chatsearch database, and metadata from WhatsApp about who sent a message to whom and when but not the message contents. Retrieval of WhatApp messages through proprietary security forensics software is limited to how certain phone models and OSs locally cache messages basically. This applies to different platforms the same way though and isn't something special about WhatsApp or Meta. The unique thing to Meta is how quickly they respond to law enforcement requests about metadata collection.

[-] turkishdelight@lemmy.ml 6 points 3 months ago

I'm not using closed source Zuckchat

[-] autotldr@lemmings.world 9 points 3 months ago

This is the best summary I could come up with:

AI is “not open in any sense,” the battle over encryption is far from won, and Signal’s principled (and uncompromising) approach may complicate interoperability efforts, warned the company’s president, Meredith Whittaker.

“We’re seeing a number of, I would say, parochial and very politically motivated pieces of legislation often indexed on the idea of protecting children And these have been used to push for something that’s actually a very old wish of security services, governments autocrats, which is to systematically backdoor strong encryption,” said Whittaker.

” ‘Accountability’ looks like more monitors, more oversights, more backdoors, more elimination of places where people can express or communicate freely, instead of actually checking on the business models that have created, you know, massive platforms whose surveillance advertising modalities can be easily weaponized for information ops, or doxing, or whatever it is, right?

One specific such proposal is comes via the Investigatory Powers Act in the United Kingdom, under which the government there threatens to prevent any app updates — globally — that it deems a threat to its national security.

“And honestly,” she added, “I think we need the VC community, and the larger tech companies more involved in naming what a threat this is to the industry, and pushing back.”

But of course Signal can’t interoperate with another messaging platform, without them raising their privacy bar significantly,” even ones like WhatsApp that support end-to-end encryption and already partly utilize the protocol.

The original article contains 1,027 words, the summary contains 238 words. Saved 77%. I'm a bot and I'm open source!

this post was submitted on 04 Mar 2024

364 points (98.9% liked)

Privacy

29777 readers

903 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS