It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users.

How do you sue death squads over ToS?
posted by They sucked his brains out! at 11:44 AM on April 22, 2021 [2 favorites]

Am I understanding Marlinspike's post correctly if I assume that simply having Signal on my phone, maybe occasionally launching it without bothering to actually use it, now provides a measure of protection (of privacy, from prosecution, whatever) if my phone is taken by the police?
posted by at by at 11:45 AM on April 22, 2021 [11 favorites]

(I mean, yes. He's being allusive in his final paragraphs. I'm just trying to get a grasp of the minimum effort required on the part of the user for these changes to take effect.)
posted by at by at 11:46 AM on April 22, 2021 [2 favorites]

I don't know that it will provide much protection of privacy. Your device will still be readable by Cellebrite. But there might be some doubt about the results? Seems like this is more of an attack to make end-users of Cellebrite's products unsure about the product. The legal prosecution issue might be arguable in court, but would require more evidence than an online video.
posted by rikschell at 11:56 AM on April 22, 2021 [4 favorites]

Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding.

Installing Signal now to get "protection" apparently will not work?
posted by Aardvark Cheeselog at 11:57 AM on April 22, 2021 [1 favorite]

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.

Excited to be part of a game where developers troll police with weird porn images.
posted by Going To Maine at 12:01 PM on April 22, 2021 [11 favorites]

Signal's CEO Just Hacked the Cops' Favorite Phone Cracking Tool and Became a Legend (Gizmodo summary)
posted by Iris Gambol at 12:01 PM on April 22, 2021 [1 favorite]

... that, no doubt, do some kind of random exploit as well.
posted by Going To Maine at 12:01 PM on April 22, 2021

I'm not sure how the Apple Store will react to an application that's deliberately downloading malicious software, regardless of intent, and I'm reasonably confident that Cellebrite is one software update away from putting any risk this causes behind them.

This is funny enough, but it's not going to protect anyone for more than the the next few weeks and I'm wondering what makes Moxie so confident that this won't result in Signal getting pulled from the App Store that he's willing to throw those dice.
posted by mhoye at 12:01 PM on April 22, 2021 [3 favorites]

This is delicious:

Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.

Basically any organization with a Cellebrite kit has a vector right into what's probably the most secure part of their network, perfect for a Stuxnet-style attack.
posted by Kadin2048 at 12:02 PM on April 22, 2021 [5 favorites]

This is a shitty experiment to run on your unsuspecting customers. I'm sure law enforcement is going to be real happy with someone whose phone they just pulled. :(
posted by introp at 12:02 PM on April 22, 2021 [1 favorite]

(I mean, yes. He's being allusive in his final paragraphs. I'm just trying to get a grasp of the minimum effort required on the part of the user for these changes to take effect.)

Short answer - anyone using cellebrite absolutely cannot trust the data extracted from any mobile device is at all accurate - just scanning a particular file can screw with the machine running the extraction software and make all past or future scan reports stored on it entirely wrong.

The cellebrite flaws are also legion, so it's gonna need more than a single patch, the thing is basically a rickety shitshow.

It just so happens that mobile devices with signal installed may now just happen to download small files on occasion - that I'm sure entirely by accident - may mess up cellebrite scans of such a device and futz with the scanning PC and all stored and future scans, but have no other effect.

For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.

So it will come down to the legal system weighing appropriately testimony from a police office saying they scanned a suspect's phone and found all sorts of juicy evidence and of course it's legit, vs a defence computer expert testifying how the evidence could so easily be entirely wrong or faked due to huge flaws in the scanning software, quoting this report as an example.

Alas, I imagine it will probably work as well as testimony that police-gathered evidence may have been planted usually does.
posted by Absolutely No You-Know-What at 12:03 PM on April 22, 2021 [17 favorites]

Cellebrite currently has a security vulnerability allowing arbitrary code execution. The company is aware of this but has not called on people to stop using it.

Isn't it time for antivirus such as Microsoft Defender to quarantine Cellebrite as malware?
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 12:04 PM on April 22, 2021 [11 favorites]

“By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me.”

Unbelievable indeed!
posted by sjswitzer at 12:04 PM on April 22, 2021 [16 favorites]

I'm not sure how the Apple Store will react to an application that's deliberately downloading malicious software

Software that prevents unauthorized users from accessing your data, i.e., prevents the sole purpose of Cellebrite, is not malicious. It's security software.
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 12:11 PM on April 22, 2021 [12 favorites]

That IS a very entertaining blog post!
posted by Sterros at 12:17 PM on April 22, 2021 [3 favorites]

Oh, I get it now. Signal is, in fact, not going to add any anti-Cellebrite code to its app, so they're in the clear with Apple. But now there is a publicly-evident risk that they will do so. So now no-one can use Cellebrite without that risk to themselves. And because the presence of the alleged anti-Cellebrite code is so rare and unpredictable, its absence cannot be proven. Genius!
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 12:18 PM on April 22, 2021 [6 favorites]

> The cellebrite flaws are also legion, so it's gonna need more than a single patch, the thing is basically a rickety shitshow.

What amuses me is the evidence that Cellebrite is effectively pirating some Apple code. This means that Apple has potential legal recourse against Cellebrite.

I imagine some team within Apple has long had the Cellebrite toolkit and knows everything that Marlinspike published. But Apple would have a hard time going after Cellebrite in court for using Apple's code, since providing evidence that Cellebrite is violating their intellectual property coincidentally violates Cellebrite's own licenses. So Signal's blog post is useful for Apple in this regard, if Apple can use third-party findings as leverage to request legal intervention against Cellebrite.

I was kind of hoping that Apple's awareness of Cellebrite's use of old iTunes code would provide the potential to incorporate detection of unauthorized use of the relevant code in future versions of iOS (and, for example, auto-wipe or something), but it's also possibly not that easy.
posted by at by at 12:21 PM on April 22, 2021 [3 favorites]

As a kid, anytime I asked my father where he got anything, he always told me it fell off the back of a truck. 6 year old me wondered how all these truck drivers could be so irresponsible, and how my father always somehow managed to be in the right place at the right time.
posted by nevercalm at 12:23 PM on April 22, 2021 [53 favorites]

nevercalm, you have the first paragraph of your autobiography all set
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 12:24 PM on April 22, 2021 [78 favorites]

Authoritarian regimes do not, as a rule, seem big on notions of truth or integrity about their human targets. Whether someone is "innocent" or "guilty" seems to miss the point of why such governments collect this data, in the first place. Will Cellebrite's customers care much if the data they collect cannot be guaranteed to be 100% authentic?
posted by They sucked his brains out! at 12:25 PM on April 22, 2021 [3 favorites]

Okay, so my hot take is:

So while people in the technical community understand how huge this is and how it compromises cellebrite, do the cops actually fucking care? They lie through their teeth and make up evidence and deny expert evidence all the time. Until they're made inadmissible in court like polygraphs, I don't see anything changing.

See: bad coding practices for breathalyzers
posted by deadaluspark at 12:26 PM on April 22, 2021 [12 favorites]

Cellebrite is one software update away from putting any risk this causes behind them

Shipping a 9 year out of date library with 100 known security holes suggests they have no process to produce such a software update. Let alone keeping up with the constant incoming stream of *new* security holes. Let alone delivering those to their customers and getting them onto the devices.

The worse thing for them though is that their system's design seems entirely unprepared for this threat model. A properly designed system would have layers of protection. Such systems are hard and expensive to build, and a really secure design capable of dealing with all the file formats in the wild often has important usability tradeoffs. SecureDrop's Secure Viewing Station comes to mind as one really good attempt at that, although its threat model seems less extreme than Cellebrite's.

Also this device is probably gonna fall off a truck into a succession of other hackers' lawns, resulting in a lot of fun presentations at the next CCC about all the non-tfrivial security holes in it; the things you don't find with a simple search for obsolete libraries.
posted by joeyh at 12:27 PM on April 22, 2021 [9 favorites]

I took Signal off my phone because almost nobody I know uses it (making the encryption moot), and its features were pretty limited (no SMS/MMS). But after having read the blog post I may install it again - you know, just in case...
posted by Greg_Ace at 12:27 PM on April 22, 2021 [4 favorites]

Cellebrite response from the Gizmodo article linked by Iris Gambol:

"Cellebrite enables customers to protect and save lives, accelerate justice and preserve privacy in legally sanctioned investigations. We have strict licensing policies that govern how customers are permitted to use our technology and do not sell to countries under sanction by the US, Israel or the broader international community. Cellebrite is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available."

Anybody else find the phrase "accelerate justice" unnerving?
posted by forbiddencabinet at 12:27 PM on April 22, 2021 [9 favorites]

I would like to think an appeals court would care if the evidence used to convict someone is technically unreliable in a way not expressed to the jury. But it would depend on the jurisdiction.
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 12:28 PM on April 22, 2021 [1 favorite]

I said, "I wonder what Moxie Marlinspike is up to these days" out loud something like three days ago, so I appreciate the update, even if I am now concerned that Metafilter is surveilling my couch.
posted by evidenceofabsence at 12:29 PM on April 22, 2021 [5 favorites]

"and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available"

They be doing a really shit job of it then.
posted by Absolutely No You-Know-What at 12:31 PM on April 22, 2021

I'd be curious what sort of information a couch would contain beyond old farts, food crumbs, loose change, and the occasional TV remote.
posted by Greg_Ace at 12:32 PM on April 22, 2021 [1 favorite]

do the cops actually fucking care?

Probably not.
posted by They sucked his brains out! at 12:33 PM on April 22, 2021 [1 favorite]

It's going to be less whether the cops care and more whether District Attorneys realize that in all their current prosecutions the only electronic evidence recovered from the accused are several thousand files named goatse.jpg.
posted by at by at 12:39 PM on April 22, 2021 [12 favorites]

Cops and intelligence services might not care, but judges might, so I'm assuming this could have implications for the admissibility of evidence or the issuance of warrants, which would constrain the ways in which cops rely on Cellebrite's tools?

On preview, what at by said.
posted by evidenceofabsence at 12:44 PM on April 22, 2021 [3 favorites]

I took Signal off my phone because almost nobody I know uses it (making the encryption moot), and its features were pretty limited (no SMS/MMS). But after having read the blog post I may install it again - you know, just in case...

I use Signal as my default messaging app (on Android) and it sends SMS and MMS messages to people not on Signal without issue.
posted by any portmanteau in a storm at 12:45 PM on April 22, 2021 [10 favorites]

That's interesting. Nevertheless your messages aren't encrypted unless they're using Signal too, so there seemed to be little point in using it at the time.
posted by Greg_Ace at 12:49 PM on April 22, 2021

Authoritarian regimes do not, as a rule, seem big on notions of truth or integrity about their human targets.

As this is described, right now, seems to be a way to cast doubt on evidence. You're right, thought: authoritarian regimes are not, as a rule, concerned with evidence.

Intelligence, however, may be another matter. Perhaps it creates enough uncertainty that scanning people's phones does not create enough that they have a high enough confidence in to act on (i.e. not waste resources or tip their hand).
posted by MrGuilt at 12:53 PM on April 22, 2021 [1 favorite]

I really hope Signal's payload is rewriting all data gained by Cellebrite to be "Never Gonna Give You Up".
posted by Your Childhood Pet Rock at 12:56 PM on April 22, 2021 [16 favorites]

In other news, Signal becomes the most downloaded app in the history of the Apple App Store. Overnight.
posted by Thorzdad at 12:56 PM on April 22, 2021 [1 favorite]

This hack prompted Foone to repost their dissection of a Cellebrite Touch, and yes, they do eventually run DOOM on it.
posted by subocoyne at 12:59 PM on April 22, 2021 [2 favorites]

Intelligence, however, may be another matter

It seems doubtful that the authoritarian nations that make up Cellebrite's customers would discard any intelligence collected from related cell phone data. It's all just added to the other data and metadata they collect to make their assessments. Its value might be reduced, but probably not written off.

That there would be doubt cast on evidence will probably not bear out in practice. By the time a target is brought to a courtroom in one of these countries, that person is effectively already determined guilty, and any evidence presented is there to cover for the show trial and provide legitimacy to the ruling to come.
posted by They sucked his brains out! at 1:14 PM on April 22, 2021 [3 favorites]

This almost makes up for them pushing a cryptocurrency scam onto their users.
posted by acb at 1:14 PM on April 22, 2021 [7 favorites]

Nevertheless your messages aren't encrypted unless they're using Signal too, so there seemed to be little point in using it at the time.

If any of your contacts install Signal, it will recognise your number from their contacts, so having an active Signal account encourages those people to actually use Secure messaging. Otherwise a lot of people install the app and just never use it.
posted by Lanark at 1:26 PM on April 22, 2021 [1 favorite]

"If any of your contacts install Signal, it will recognise your number from their contacts, so having an active Signal account encourages those people to actually use Secure messaging. Otherwise a lot of people install the app and just never use it."

This sucks if its on an iPhone and they immediately forget they installed it, so they never see your texts, because they all go to Signal, which they don't actually use or check.

I literally have to text certain contacts using my Google Voice number because of exactly this and it is infuriating. Like, just uninstall it folks, you're making it harder for me to text you.
posted by deadaluspark at 1:29 PM on April 22, 2021 [2 favorites]

Apple does not allow other apps to replace the default SMS/messaging app.

If you are on an iPhone trying to contact Android users who are no longer using the Signal app, you can just delete that contact from within Signal and send with iMessage.
posted by Lanark at 1:42 PM on April 22, 2021 [1 favorite]

Good on him for taking on Cellebrite, but yeah, fuck Signal.
posted by Joakim Ziegler at 2:08 PM on April 22, 2021 [1 favorite]

Here in Massachusetts, a huge number of drug convictions got overturned by not one, but a few scandals in which it turned out that chemists had either been falsifying results, or improperly analyzing samples. Eventually the courts were so gummed up with appeals that an entire group of convictions was vacated simply because it was the only thing they could do.

If a strong case can be made by a public defender's agency and other concerned citizens, any case relying on cell phone data could be appealed simply because the chain of command was compromised.
posted by explosion at 2:18 PM on April 22, 2021 [4 favorites]

This almost makes up for them pushing a cryptocurrency scam onto their users.

From said link:

Which means that the only way to use Signal to talk to other people using Signal is to use the official app. And you have no way of knowing what's actually going on inside it. Maybe it's running the same code as what they publish. Or, you know, maybe not.

Spamming intel agencies with a bunch of goetses might be good for a laugh, but asking what else might be put into their app might also seem a fair question.
posted by They sucked his brains out! at 2:23 PM on April 22, 2021 [1 favorite]

If Signal weren't taking cash from the US government* I'd be amused. This is just ... uh, what is it called when you pretend you're edgy and cool and all black-hat and soooo anti-cop, but actually take money from the cops?

* Open Technology Fund. Look it up.
posted by seanmpuckett at 2:54 PM on April 22, 2021

what is it called when you pretend you're edgy and cool and all black-hat and soooo anti-cop, but actually take money from the cops?

A smart move? Marlinspike's reputation in crypto circles is basically solid gold. If he wants to take DARPA dollars or USAGM money or whatever, and use it to harden Signal, that seems like a win.

It's not like the US government is a monolith. It's entirely within the realm of expectation that that there are agencies who want fully-encrypted, totally anonymous, state-actor secure communications tools in general circulation, and are willing to pay for it, and others who shit their pants at the very thought, and probably have Cellebrite kits.

Now I wouldn't put it past certain agencies to put in a backdoor if they had the opportunity to do so, but I think at this point they have realized that untargeted backdoors are more of a liability than a benefit for the US. (Now, targeted backdoors, on the other hand...)
posted by Kadin2048 at 3:08 PM on April 22, 2021 [2 favorites]

OTOH, given that only blessed Signal binaries can function on Signal's network, what's to say there isn't some extraordinarily subtle code in the blessed binary that will, for example, reduce Signal's key space from more-than-the-number-of-H-atoms-in-the-universe to still-too-big-to-think-about-but-small-enough-for-a-NSA-sized-rainbow-table or similar?
posted by acb at 3:16 PM on April 22, 2021 [1 favorite]

Hi, seanmpuckett! Your mention of Open Technology Fund piqued my interest.

I have been working for years on getting funding for open source infrastructure (in particular, the Python software packaging and distribution toolchain). Some of it has come from Facebook, Google, Bloomberg, and so on. Some of it has come from private foundations or individual donations. Recently some federal agencies (such as NASA) have shown interest in funding important existing open source software and services that millions of people depend on.

As part of this work, I helped write a grant proposal to get money from the Open Tech Fund, which we used to add two-factor authentication and other security features, plus accessibility and internationalization/localization, to the Python Package Index. In my opinion this benefits everyone's security and privacy, and in fact reduces the risk of state actors backdooring the subjects of their investigations. Could you be more specific on how the specific work that Signal did, with money from OTF, makes it easier for state intelligence/law enforcement to do their work? Or perhaps you simply discount the credibility of any privacy-related tool -- such as Signal, Tor, etc. -- that has taken money from any government, because you believe they will be less likely to take hard stances in the future?
posted by brainwane at 3:27 PM on April 22, 2021 [9 favorites]

I know what the International Traffic in Arms Regulations says about software code exploits as munitions, so it's possible that having Signal installed when you cross a border (where, say, your phone gets cloned in customs) is also a breach of ITAR. I'm not {a, your} lawyer to say whether ignorance is a defence and I think I'd try my best to avoid handing over an unlocked phone. This allusion to "aesthetic items" might cause people to unwittingly break international arms export laws, which sucks.
posted by k3ninho at 3:34 PM on April 22, 2021

Did I read something somewhere about this being payback for something? Is there a grudge in play?
posted by bq at 3:40 PM on April 22, 2021

If Signal weren't taking cash from the US government I'd be amused. This is just ... uh, what is it called when you pretend you're edgy and cool and all black-hat and soooo anti-cop, but actually take money from the cops?*

Open Technology Fund. Look it up.

Man, TOR takes money from the government! The US government is a big, complicated thing, and is often funding things in both directions at the same time.
posted by Going To Maine at 3:42 PM on April 22, 2021

what's to say there isn't some extraordinarily subtle code in the blessed binary that will, for example, reduce Signal's key space from more-than-the-number-of-H-atoms-in-the-universe to still-too-big-to-think-about-but-small-enough-for-a-NSA-sized-rainbow-table or similar?

Absolutely nothing. But then that applies to any binary produced by any company within the reach of the US government. For all we know, there are NSA backdoors in the closed bits of Android (Google Play Services, f.ex) and iOS that record your keystrokes if you're a person of interest and exfiltrate them quietly in the constant encrypted traffic back to head office.

Or there's the $5 wrench bypass tool. Once you're of interest to state-level security services who can arrange your quiet disappearance to a black site, all bets are off.

What crypto DOES do is keep you safer from dragnet trawling of network data by automated systems, and some protection from attracting the attention of lower-level goons who have at least some level of functioning oversight preventing them just shooting people they don't like.
posted by Absolutely No You-Know-What at 3:42 PM on April 22, 2021 [2 favorites]

OTOH, given that only blessed Signal binaries can function on Signal's network, what's to say there isn't some extraordinarily subtle code in the blessed binary that will, for example, reduce Signal's key space from more-than-the-number-of-H-atoms-in-the-universe to still-too-big-to-think-about-but-small-enough-for-a-NSA-sized-rainbow-table or similar?

Yeah, that is a hard problem. Signal has reproducible builds, at least on Android, so you can verify yourself (if you are so inclined) that the published source code produces the same binaries as are available on the website, and on your device.

But, admittedly, very few actual users are going to do that, and I don't know if you can do it for the iOS build. At the end of the day, you have to choose who you are going to trust. I, personally, trust Marlinspike and, largely by extension, the Signal team. I haven't personally reviewed their codebase and don't plan to (I wouldn't trust my own ability to detect some subtle corruption anyway), but I trust that the people on the team are careful enough about reviewing submissions to mitigate that risk.
posted by Kadin2048 at 3:43 PM on April 22, 2021 [1 favorite]

I notice that Cellebrite announced their plan to go public earlier this month.
posted by bq at 3:48 PM on April 22, 2021

This is profoundly unsurprising to me. Law enforcement has historically demonstrated very little interest in forensic tools' accuracy, as opposed to their ability to give them some favorable result to wave around. It's really really really depressing.
posted by praemunire at 4:43 PM on April 22, 2021 [5 favorites]

Yeah, the shit I heard (and occasionally saw) back when I occasionally helped defense attorneys evaluate the results of digital forensics was pretty embarrassing. On a couple of occasions I wasn't particularly enthused about helping because it was pretty clear the people involved were guilty, but the shoddy practices, obvious speculation, and exaggerations bordering on outright lies in the reports made it a lot easier.
posted by wierdo at 5:12 PM on April 22, 2021 [1 favorite]

It's both true that the US government isn't a monolith and that there are people working for it who are doing okay things, and that government funding can add a kind of asterisk to your assessment of a project, since funding comes with expectations and can be withdrawn.

Based on Open Technology Fund's treatment by the Trump administration and the way the Fund pushed back against it (the whole thing sounds as absurd as it was awful), I'd like to think that at least some of the people working there wouldn't take kindly to seeing a project they funded perverted in the service of intelligence agencies.

That said, the asterisk is still there. Based on my limited understanding of Signal and the opinions of people I know who have a far better understanding of it, I think it's unlikely that the app is an op, but there's always a chance.

Then again, on my more paranoid days, I wonder how Marlinspike's life story and Ubercyberpunk persona could possibly be real and not the waking dream of someone who dropped a bunch of DMT before going to see Hackers in theaters in 1995.
posted by evidenceofabsence at 5:49 PM on April 22, 2021 [2 favorites]

My thing is that anyone developing a theoretically state-level-actor -proof communication tool that passes a certain threshold of acceptance (somewhere in the tens-to-hundreds of millions of installs) is going to either get shut down or compromised.

I would expect that using Signal to conduct run-of-the-mill stupidity would be fine. Cheating on your partner. Small time drug deals. But using it in an activism or protest scenario, especially if you're in a large group, is going to get you flagged. And any kind of anti-state activity is going to get you and all your buds swept up.

One time pads, folks, that's where it's at. When life is on the line, trust nothing else.
posted by seanmpuckett at 6:16 PM on April 22, 2021 [2 favorites]

I would expect that using Signal to conduct run-of-the-mill stupidity would be fine. Cheating on your partner. Small time drug deals. But using it in an activism or protest scenario, especially if you're in a large group, is going to get you flagged. And any kind of anti-state activity is going to get you and all your buds swept up.

This's been about the extent of Naomi Wu's (justified, imo) concerns about Signal, agreed. Basically "it might be good for what it can handle, but it's playing itself up to a level of hardening that it can't back up, and Moxie has been weirdly defensive about known-vulnerabilities"
posted by CrystalDave at 6:52 PM on April 22, 2021 [4 favorites]

Of course the real answer is to never do anything illegal, right guys? ...Right?
posted by Greg_Ace at 7:34 PM on April 22, 2021 [1 favorite]

I wonder if one of the more emboldened ransomware gangs will use this as a way to get ransomware onto machines that people with a lot of money depend on? For once this seems like it could only lead to good things.
posted by pulposus at 8:20 PM on April 22, 2021

I think Naomi's issue has been rather more specific - the android/etc plugins for doing keyboards are simple for romance languages and something like signal can easily roll their own - but the plugins used for Chinese languages in particular are not, and may even go out to external servers as part of their normal operation - or may key log behind your back to some black hat - what Naomi was originally campaigning for in her wonderfully shouty way was for Signal to make this potential risk obvious to her compatriots.

Moxie has now acknowledged that and Signal does (I believe) warn people - Naomi still does seem pissed with him though
posted by mbo at 11:05 PM on April 22, 2021 [2 favorites]

Of course the real answer is to never do anything illegal, right guys? ...Right?

Post Snowden - or indeed any number of police murders of POC that weren't even investigated - you need to be very naive or ignorant to believe that matters much these days. For us UK peeps, it's not much better.
posted by Absolutely No You-Know-What at 11:18 PM on April 22, 2021 [3 favorites]

> what's to say there isn't some extraordinarily subtle code in the blessed binary that will, for example, reduce Signal's key space

There's a lot wrong with Signal from what I understand but that's more to do with centralisation, harvesting of contacts and interoperability with alternatives, the cryptography itself is supposedly very good (IANAC), and crypto is always the strongest link in the chain.

Adding to the already mentioned $5 wrench, why worry about a backdoor in Signal when all mainstream hardware from the last decade contains factory backdoors? Or when privilege escalation exploits are so common?

It's not a movie plot, the government doesn't need to plant a targeted backdoor in your messaging software, they can seize your phone, torture you, or own your hardware remotely using any of the other dozens of security holes.
posted by Bangaioh at 2:33 AM on April 23, 2021 [1 favorite]

That doesn't scale as well as being able to decrypt messages in flight. If they're targeting the regional commander of Antifa or something, they can task some agents to pwn their phone or install a keylogger on their laptop. They're not going to spam everyone with zero-days to get everyone's plaintext to put through a secret Palantir neural network that identifies potential troublemakers from linguistic cues or whatever.

The big threat is scalable mass surveillance.
posted by acb at 3:48 AM on April 23, 2021

Maybe I misread, but isn't he saying that if I as a signal user send a file to another signal user, then both phones will now have this, and if Cellebrite is used, it will suddenly be full of 0's or cat pics or whatever? The not-quite-a-threat that he could do it from inside the app serves to make the Cellebrite results dubious if relied on in court, but also to stop the magic hacking device from working entirely, iF the person using signal wants it to.
posted by fizban at 4:43 AM on April 23, 2021

I'd be curious what sort of information a couch would contain beyond old farts, food crumbs, loose change, and the occasional TV remote.

Ask Frank and Violet
posted by flabdablet at 8:48 AM on April 23, 2021 [1 favorite]

Riana Pfefferkorn explains the situation and notes: "Signal has made an important point that may help push the mobile device forensics industry towards greater accountability for their often sloppy product security. Nevertheless, I have a raised eyebrow for Signal here too."

I know Riana and I laughed aloud at:

Signal maybe could’ve handled this situation a little differently

Allow me to just keep being a total wet blanket and demonstrate conclusively that my years as a corporate lawyer ate all the parts of my soul that used to have a punk-rock hacker ethos.

posted by brainwane at 6:08 AM on May 13, 2021 [1 favorite]

Pfefferkorn:

I must admit, though, that for all my quibbles with their comms strategy, Signal is looking more and more like the only reasonable E2EE messaging app option given the direction the alternative is taking.

Personally I like Keybase better than I like anything else. The main things I like about it are that everything is e2ee, all the encryption and decryption and key generation and management is done client-side by code that's open source, clients are available for iOS, Android, Windows, Mac OS and Linux, and it has good multi-device support that doesn't require trust-on-first-use for every new device added to an account.
posted by flabdablet at 2:22 PM on May 13, 2021 [1 favorite]