| ▲ | upofadown 5 hours ago |
| Putting on my user hat... "OK. Signal has forward secrecy. So messages are gone after I receive them. Great!" Oh, you didn't turn on disappearing messages? Oh, right, then forensic tools like Cellebrite can get them. You have to turn on disappearing messages. The default is off. Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Turns out Apple was doing that. There is an option you can turn on to prevent that. It is off by default. "I'll just delete the entire app!" No, sorry, the OS still has your messages... At what point does the usability get so bad that we can blame the messaging system? This same app had a usability issue that turned into a security issue just last year: End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article) https://articles.59.ca/doku.php?id=em:sg |
|
| ▲ | microtonal 3 hours ago | parent | next [-] |
| I think one of the main issues is that end-to-end message encryption is a sham as long as backups are not encrypted. I could have good device security, but if the person I'm talking to does not use ADP, iMessage and WhatsApp messages get backed up with only at-rest encryption (I think Signal opts out of standard iOS backups) and possibly the same for backups of the iPhone notification database (which the article suggests as a possibility). Similarly on Android, WhatsApp suggests unencrypted backups to Google Drive by default. Putting on my tinfoil hat, I am pretty sure that Google/Apple/Meta have some deal (successor to PRISM) where end-to-end encrypted messaging is tolerated as long as they have defaults that make it possible to access chats anyway. Apple not enabling ADP by default and WhatsApp doing Google Drive backups that are not end-to-end encrypted is the implementation. Since most people just use the defaults, it undermines security of people who care. It's a 'win-win', the tech companies can wash their hands in innocence, the agencies get access to data, and phone users believe that they are chatting in a secure/private manner. |
| |
| ▲ | AJ007 2 hours ago | parent | next [-] | | "end-to-end message encryption is a sham as long as" -- I agree with that but would add even more caveats. If someone can't list those caveats off the top of their head they shouldn't be pretending they aren't able to communicate securely. Just look at Salt Typhoon, every single person should be way more paranoid than they are, including government & agency officials. The attach surface and potential damage - financial and reputation - will only get worse with AI automation and impersonation, and that's for people who are doing nothing interesting and are law abiding citizens. | | |
| ▲ | sph an hour ago | parent | next [-] | | Given the shoddy state of network security at large, especially on infrastructure projects (power plants, hospitals, dams, etc.) I always feel like major governments sit on so destructive potential to disrupt communications and anything connected to the Internet of its adversaries to have mutual assured destruction potential of a nuclear bomb. No one’s crazy enough to push that button, because once you do there is no turning back. | |
| ▲ | microtonal 2 hours ago | parent | prev [-] | | I mean the Hungarian minister of Foreign Affairs briefed Lavrov on internal EU matters and there are recordings of one or more calls. It seems that opsec is bad at pretty much every level. | | |
| ▲ | alfiedotwtf 43 minutes ago | parent [-] | | We’re already forgetting when the Secretary of War invited a journalist to the secret SIGNAL group chat |
|
| |
| ▲ | tapoxi 2 hours ago | parent | prev | next [-] | | Signal data is not backed up, they have a local backup solution and an in-app e2e cloud backup for $2/month. | |
| ▲ | alfiedotwtf an hour ago | parent | prev [-] | | This is what I’ve always hated with Apple Time Machine, which I think MUST have been deliberate: - create an encrypted disk
- install Mac OS on the encrypted disk
- use Time Machine to back it up with encrypt turned on
All good so far. Ok, time to restore: - Restore from Time Machine
- enjoy your PLAIN TEXT install :poo:
|
|
|
| ▲ | jacquesm 3 hours ago | parent | prev | next [-] |
| People keep pushing signal because it is supposedly secure. But it runs on platforms that are so complex with so much eco system garbage that there is no way know even within a low percentage of confidence if you've done everything required to ensure you are communicating just with the person you think you are. There could be listeners at just about every layer and that is still without looking at the meta-data angle which is just as important (who communicated with who and when, and possibly from where). |
| |
| ▲ | dingaling 2 hours ago | parent | next [-] | | I've raised concerns about the Signal project whitewashing risks such as keyboard apps or the OS itself, and the usual response is that it's my fault for using an untrustworthy OS and outside Signal's scope. At some point there need to be a frank admission that ETE encrypted messaging apps are just the top layer of an opaque stack that could easily be operating against you. They've made encryption so slick and routine that they've opened a whole new vector of attack through excessive user trust and laziness. Encrypting a message used to be slow, laborious and cumbersome; which meant that there was a reticence to send messages that didn't need to be sent, and therefore to minimise disclosure. Nowadays everything is sent, under an umbrella of misplaced trust. | |
| ▲ | OutOfHere 2 hours ago | parent | prev [-] | | There is nothing secure about sending encrypted content to notifications. If it were secure, it would only notify that there is a message, with no details included. | | |
| ▲ | david_shaw an hour ago | parent | next [-] | | > If it were secure, it would only notify that there is a message, with no details included. You're right. This is configurable via settings, but is not the default state. That said: if I can get friends and family to use Signal instead of iMessage, that gives me the opportunity to disable those notifications and experience more security benefits. But I agree with your point: most people think that Signal is bulletproof out of the box, and it's clearly not. | |
| ▲ | anon84873628 2 hours ago | parent | prev [-] | | Once again there is a trade off between security and user convenience. If security is the main differentiator then app should start in the most secure mode possible. Then allow users to turn on features while alerting them to the risks. Or at least ask users at startup whether they want "high sec mode" or "convenient mode". As the app becomes more popular as a general messaging replacement, there will be a push towards greater convenience and broad based appeal, undermining the original security marketing as observed here. |
|
|
|
| ▲ | DevX101 4 hours ago | parent | prev | next [-] |
| The median user isn't going to change default settings, so your app is as secure as whatever the default it. |
| |
| ▲ | stvltvs 2 hours ago | parent [-] | | Even if I change the setting, my messages aren't truly secure against this unless all recipients do the same on all of their devices. |
|
|
| ▲ | GeekyBear an hour ago | parent | prev | next [-] |
| > Oh, you did turn on disappearing messages? We send the messages in notifications. So the OS can keep them. Worse than that, they did not take advantage of the ability to send that message data as an encrypted payload inside the notification. https://blog.davidlibeau.fr/push-notifications-are-a-privacy... Either do not include sensitive user data inside a notification by default, or encrypt that data before you send it to the notification server. |
| |
|
| ▲ | ransom1538 an hour ago | parent | prev | next [-] |
| 0) send a public key. 1) encrypt the file with your private key 2) send file. WTF. This is super simple stuff. |
|
| ▲ | dist-epoch 3 hours ago | parent | prev [-] |
| Use SimpleX if you really want a secure messenger. Endorsed by Whonix, which in endorsed by Snowden. https://www.whonix.org/wiki/Chat#Recommendation |
