Excellent article. Thanks for sharing.
posted by terrapin at 4:35 AM on October 27, 2020 [1 favorite]

“Can’t stop the signal, Mal.”
posted by valkane at 5:05 AM on October 27, 2020 [3 favorites]

I have a super hard time trusting any "secure" channel that receives funding from the NSA. That includes both Signal AND Tor.

Yes, the superficial claim of "we need this secure channel for our own operatives" holds a certain amount of water, but it's simply beyond belief that they would not also gain some other advantage. Even if it's just the ability to analyze metadata.
posted by seanmpuckett at 6:24 AM on October 27, 2020 [1 favorite]

What funding does Open Whisper Systems get from the NSA?
What funding does the Tor Project get from the NSA?
posted by flabdablet at 6:53 AM on October 27, 2020 [4 favorites]

AFAIK, Tor/Open Whisper doesn't get NSA funding, but it does get money from Broadcasting Board of Governors (BBG), which used to get black budget money from the CIA. BBG also funds Western propaganda like Radio Free Asia.

While that does create a connection to the intelligence community, it's seems to me a bit like when Russia funds third party (or even first party) political candidates. It's not about the candidate, it's about the chaos.

It's in the US interest to fund privacy in places like Iran where those needing it are likely to be friendly to the west. Of course, they'll use the other hand to fight privacy in the US itself. The funding doesn't prove control, just usefulness in certain situations.
posted by CheeseDigestsAll at 7:36 AM on October 27, 2020 [3 favorites]

As a follow up, it's worth noting that the first Google hit for "NSA funding Tor" comes from RT (Rusdia Today). It's obviously is Russia's interest to cast doubt on tools like Tor.

Both sides play the hand that suits them at the time.
posted by CheeseDigestsAll at 7:42 AM on October 27, 2020 [5 favorites]

Also, while the Signal client is theoretically open-source, any client you build from the source will not work with the Signal network; only their blessed binary will, for reasons.

It's not inconceivable to consider a possible deal where they subtly modified their blessed binary to restrict its key range to something a Fort Meade-sized rainbow table could handle, or something similar.
posted by acb at 8:01 AM on October 27, 2020 [5 favorites]

For your viewing pleasure: Hold Fast video zine that is mentioned in the article.
posted by sexymofo at 8:28 AM on October 27, 2020 [5 favorites]

It's not inconceivable to consider a possible deal where they subtly modified their blessed binary to restrict its key range to something a Fort Meade-sized rainbow table could handle, or something similar.

If Fort Meade can do it, that means it's "possible" rather than "impossible", and the not quite NSAs of the world would be able to eventually do it too. The only real difference between the nation states and just regular assholes on the Internet is the length of time required for results. And if the answer to "how long?" isn't something like "well past the heat death of the universe" for both the NSA and the regular assholes, someone is going to figure at least that part of it out much quicker that the NSA and fellow nation states would like, and therefore trying to hide that kinda shit is practically worthless.
posted by sideshow at 8:28 AM on October 27, 2020

I use Signal but only three of my contacts also use it so 95% of the time, it just functions as a vanilla SMS client.
posted by octothorpe at 8:38 AM on October 27, 2020 [6 favorites]

People keep taking jabs at Signal, but it is by far the most credible secure communication system I know of. It turns out to be really hard to build secure, usable consumer products and I'm sympathetic to Moxie's argument that some of the compromises they make (centralization, the phone number thing) are in the service of usability. I also know Moxie personally a little bit, mostly second hand through friends who've worked with him, and there's no one I'd trust more to personally be doing his damndest to really build a truly secure product. I do not think he would continue a farce if he or the company were compromised by the NSA.

It's weird how efforts to build secure end to end communication keep failing. I get why GPG email doesn't work; usability problems. And maybe practicality is why IPSEC failed too. But why were SMS messages not secure? Why did Google pull end-to-end encryption out of RCS messaging last year? Why did Facebook's planned rollout of more secure communications fail? Maybe it's all shadowy government interference. Or maybe it's just really hard to build that kind of product securely and make it usable.

On a more personal note, my favorite Moxie story is the time he decided to fly a hot air balloon. Without a license or, really, much training on how to aviate. How hard could it be? Turns out managing ballast and landing safely is not so easy! He's lucky he's not dead. I can swear I read a detailed story about that escapade but it's not on his defunct blog.
posted by Nelson at 8:46 AM on October 27, 2020 [6 favorites]

What funding does Open Whisper Systems get from the NSA?
What funding does the Tor Project get from the NSA?

It’s not the NSA (or not directly). Tor was (as probably a lot of people know) originally a DARPA/naval intelligence project. Tor and Signal as ongoing projects have both received funding from the State Department - directly from various agencies or through spinoffs like the Open Technology Fund. Basically the “Radio Free [wherever]” arm of the government. Which, historically, does have spook-y (CIA) ties. But one plausible way to look at this is it’s a situation where the goals of the regime-change kinda folks end up working counter to the surveillance folks. I‘d bet the actual NSA has a pretty solid capability to deanonymize Tor users if they have to but that’s because you’d be stupid to bet against them on something like that, not because they designed it that way.
posted by atoxyl at 9:04 AM on October 27, 2020 [2 favorites]

How hard could it be? Turns out [it's] not so easy!

siliconvalley.txt
posted by adamdschneider at 9:36 AM on October 27, 2020 [9 favorites]

I use signal to organize birthday parties for friends, which ends up being a great recruitment tool. "Yes, this needs to be a high security secret surprise birthday party, so we're organizing on the most secure messaging app. It might also be helpful for other things, so this is a great time to sign up when the stakes are low!"
posted by kaibutsu at 10:15 AM on October 27, 2020 [4 favorites]

It's sloppy but considering the practical alternative to Signal is unencrypted SMS or actively monitored facebook messaging if only the NSA can read my messages I count that as a win.
posted by Mitheral at 11:22 AM on October 27, 2020 [3 favorites]

It's sloppy but considering the practical alternative to Signal is unencrypted SMS or actively monitored facebook messaging if only the NSA can read my messages I count that as a win.

Well there’s Telegram - I’ve always considered them shadier, however, and certainly a lot of professional security people would. I mean, the founder’s brother home-rolled the crypto, if I remember correctly. Supposedly they did (effectively) get kicked out of Russia, though.
posted by atoxyl at 11:46 AM on October 27, 2020 [3 favorites]

I wouldn't trust Telegram.
posted by Nelson at 12:06 PM on October 27, 2020 [2 favorites]

I wouldn’t either, but I’m not sure that linked section says a whole lot about it one way or another. I wouldn’t rule out that they have Russian government ties but I believe their claim on that point is that they haven’t been welcome in Russia and I can’t prove or disprove that. And anyway one could make a case for using the American app to hide from the Russians and the Russian app to hide from the Americans - except for the more concrete strike against Telegram, which is the closed and homegrown nature of their system.

Signal/OWS has (as far as I know) the problem of proving that what you get from the App Store is what you see in the open codebase, but that probably beats being a total black box.
posted by atoxyl at 12:23 PM on October 27, 2020 [2 favorites]

I do enjoy the name "Moxie Marlinspike." Nearly Pynchonian.
posted by doctornemo at 1:53 PM on October 27, 2020 [1 favorite]

I wouldn't trust Telegram.

Is anybody here who has actual crypto chops aware of reasonable grounds on which to distrust Keybase? Looks to me like it does a whole bunch of things right and I've yet to become aware of anything in particular that it does badly compared to any of its competition.
posted by flabdablet at 3:44 PM on October 27, 2020

I use Signal but only three of my contacts also use it so 95% of the time, it just functions as a vanilla SMS client.

Signal was the default SMS handler on my phone for a while, which worked great when I was communicating with other people who had it, until they experienced device failure/loss and didn't reinstall it on their replacement devices. The Signal server treats phone numbers that have ever had a Signal account associated with them as valid Signal targets, and I could find no way to persuade the Android Signal app to send a vanilla SMS to somebody it's classified as a Signal user, not even to nag them to reinstall Signal.

Enough of my contacts have now fallen off the Signal wagon in this way that it's really not convenient for me to make it my default Android messaging app any more, which is a pity; I really wanted to like Signal. It has other weird quirks as well, like not being able to copy selected parts of message texts for pasting elsewhere; you can copy an entire message or none of it, which is kind of crap when people embed stuff like phone or bank account numbers inside a larger message.

Most of the people I originally recruited to Signal I've since recruited to Keybase, and so far I haven't lost secured contact with any of those. And maintaining two active messaging systems - Keybase for secure comms, and vanilla SMS messaging for grudging compatibility with the thundering herd - is pretty much my usability limit.

If the Signal app could also send vanilla SMS on request, instead of just having that as the fallback option for non-Signal contacts, I'd use Keybase for talking to other Keybase users and Signal for everything else. But for the time being I'm sticking with Keybase and the vanilla Android messenger.
posted by flabdablet at 4:03 PM on October 27, 2020 [2 favorites]

I don't find signal to be completely secure

I'm always interested in exploring other people's thinking on security-related technologies. Could you outline any attacks against Signal and the circumstances under which a prospective user would need to take their likelihood into consideration?

Most of the attacks I can think of myself involve third-party access to the endpoints, and are therefore not really attacks against Signal per se so much as attacks against remote digital communication in general. Which, I agree, can never be completely secure if only because rubber-hose cryptography is a thing.

There are also some feasible device-reset spoofing attacks against the identity proofs of the far-end user, which I think Keybase has largely got covered especially in lockdown mode.
posted by flabdablet at 10:13 PM on October 27, 2020 [1 favorite]

I was in the company of people tapping the device

Sorry, clear one thing up for me: when you say "tapping", are you referring to a process of extracting content from somebody else's device(s) in a manner not apparent to the owner(s), or just to people who have a device in their hand and are physically tapping on its touchscreen?

I noticed they appeared to know information relative only to signal and no other applications

Did these people have (or had they ever had) some degree of physical access to the device whose Signal app was apparently leaking this information, or were they working purely with intercepted Signal traffic?
posted by flabdablet at 10:43 PM on October 27, 2020

I'm genuinely surprised when talking with friends/family about security issues. about the gift Snowden gave us, when I talk about the long nose of the law, mixed in with the long nose of google, facebook, amazon, etc and etc. I'd be amazed if any of them would load Signal onto their phone, and this includes ppll who are techy enough to know the score. So often I hear the completely unbaked "Well, I'm not doing anything wrong and I've got nothing to hide." or "The government *needs* to have access to everything because (you name it: terrorists, child pornography, people coming over our border with Mexico, blah blah blah."

They're exactly the people who bought into Nixon's "War On Drugs" which was of course *not* a war on drugs but instead a war upon our rights, most particularly black peoples rights but hey, they'll take anyone they want. And these are rights -- Rights -- not privileges, but rights, as a human being who is a US citizen. We've gone from Andy in Mayberry to cops as SWAT teans, dressed in black, head to toe, carrying automatic weapons, 19 shot Glocks, rock-hard unions who prevent any cop from any charges. Cops that'll shoot you if you do anything other than lie face-down with hands on your head, and might shoot you then, too, and they'll shoot your dog(s) because they are total scum.

Snowden's second appearance on Joe Rogan's show he pretty much said that if the security apparatus wants access to your data they're going to get it, that doing what we can is good but if "they" ever really want to say hello to you they can and they will. I doubt they can break Signal but there's a zillion other pathways, no way anyone can be careful enough not to do something that'll open a hole into their communications.

It's a great article, I knew nothing about Moxie Marlinspike, now I feel that I know a bit. Pretty much anyone who Snowden loves is good in my book. Marlinspike is super-cool. A great life, looks like from here, high ideals that he's holding to, and money is not where it's at, though I doubt he's having trouble keeping food on the table, whatever table he's sitting at tonight.

I'd not have seen this, thanks for posting it, OP.
posted by dancestoblue at 10:44 PM on October 27, 2020 [1 favorite]

Not really an issue with Signal then, because no messaging app is ever going to be securable against a compromised endpoint.

As soon as there's a way for the sender or receiver to enter or view plaintext on a device, there's a way for a modified version of the same device to capture and re-transmit and/or intercept and modify that plaintext.

There is not and never will be an automated defense that's guaranteed to work against this class of attack. When it comes right down to it the decision about whether or not to trust a given device is always going to be made by a human, humans are susceptible to being fooled in ways that mathematics and software simply can't address, and there's never going to be a sound reason to assume that the quality of engineering devoted to fooling humans is worse than that of the engineering devoted to reassuring us.
posted by flabdablet at 12:22 AM on October 28, 2020 [3 favorites]

Yeah if one is able to log in to a phone I don’t believe Signal provides any additional protection. And if one is trying to extract sensitive data from a phone, it makes some sense to start by looking in the DB for the encrypted messaging app.

This is a real concern (with any system of this type) of course. I know Signal does have some features to auto-delete or to mass-delete messages. It might be a good idea to use them.
posted by atoxyl at 6:13 PM on October 28, 2020 [1 favorite]

Signal does have some features to auto-delete or to mass-delete messages

Keybase has this too: it calls them "exploding" messages. Basically the sender can put an expiry time on any message (and there are defaults that can be set to make that happen automatically for selected classes of messages); after that time, all endpoints that have a copy of that message (including the sender's) delete the message and its ephemeral decryption keys and any plaintext version they might happen to be displaying at the time.

Again, no such facility can protect against an endpoint that isn't playing by the agreed rules. What exploding messages can protect against is endpoints that were playing by the agreed rules until at least the message's expiry time and then get compromised at some later time.

End users employing an external camera to create even-in-principle undetectable screenshots of the plaintext certainly count as endpoints not playing by the agreed rules in this context. But again again, that's not the part of the message transfer path that it's an app like Signal or Keybase's remit to secure.
posted by flabdablet at 6:19 AM on October 29, 2020 [1 favorite]