I don't buy his arguments. It's one thing to say we have to be on Google Play Store or we have to use phone numbers despite the privacy implications because that is what people use. But ignoring much of the developing countries (see whatsapp), China or the people who are your strongest user base by saying "you can just" isn't pragmatic at all.
Nor is it actually reasonable that we should expect to or rely on a few people to secure something that should be a fundamental and a fundamental right of communication. Not to rant to much, but it feels like going to parties (conferences) and talking about how much good you do and then being dismissive in the real world is how much of the security industry operates and that Signal has just become the latest excuse to why nothing has to be fixed.
I'll give him credit for the whatsapp integration though. More people in the field should consider working with companies where they can have a lot of impact.
Signal itself works, but since Google is blocked no phones are sold with Google Play Store and even if you hack it onto your phone (which will break when it wants to update play services) it will drain your battery trying to connect to blocked services. Unless you use vpn (which will drain battery by itself and also eventually be blocked), but notifications probably still won't work because of the phones original firmware. So yes it works if you hack it onto your phone and then remove play services and checks the application manually. Until it wants to update the app that is, which is often.
Point. It doesn't really work because it only supports the Google Play Store, even as most Chinese phones can load apps directly (because of the fragmented ecosystem). So at least it doesn't work in the "prevent mass surveillance" way.
I guess maybe it works from the Apple App Store? (which isn't blocked)
I reproduce here the dead message from "uola" I think the message deserves a proper response and not to be flagged.
"Signal itself works, but since Google is blocked no phones are sold with Google Play Store and even if you hack it onto your phone (which will break when it wants to update play services) it will drain your battery trying to connect to blocked services. Unless you use vpn (which will drain battery by itself and also eventually be blocked), but notifications probably still won't work because of the phones original firmware. So yes it works if you hack it onto your phone and then remove play services and checks the application manually. Until it wants to update the app that is, which is often.
Point. It doesn't really work because it only supports the Google Play Store, even as most Chinese phones can load apps directly (because of the fragmented ecosystem). So at least it doesn't work in the "prevent mass surveillance" way.
I guess maybe it works from the Apple App Store? (which isn't blocked)"
By giving NSA the only thing what they want: metadata from Google
>2) Stop targeted attacks against crypto nerds.
Who don't have google services on their devices and don't use google chrome... yeah. Thanks for helping me so much.
The Senate is considering reauthorizing the law the NSA says authorizes it to collect hundreds of millions of online communications from providers like Facebook and Google as well as straight off the internet’s backbone:https://theintercept.com/2016/05/10/senate-kicks-off-debate-...
More worried about NSA correlating the two after getting the data from Google, but the one good thing about their centralization model probably is that with millions of users to a central server (and something you do as often as texting) this makes timing analysis extremely difficult.
But the "observer" can still know which mobile phone is yours and who communicates with whom? Especially if the "observer" has the info from the Signal servers.
Edit (as i can't post you reply to your answer):
And based on the NSA principle of the "thee levels of distance" everybody is reachable as long as some common numbers are in our contact lists which we happily upload.
The problem is that, at that point, Moxie couldn't confirm that the uploaded binary was the same one as packaged by their official release. Secure communication protocols are irrelevant if the client which you are communicating on is compromised.
What you have described is pretty much an opposite of how F-droid works. One can't just take binary (whether official or compromised) and upload it there. [1]
Instead, to publish an app there, you need to provide source code repository [2], and their build farm would build it, sort-of [3] providing guarantee that source code you can inspect is the same one you got running on your phone.
[1] There are exceptions, i.e. apps uploaded as binary-only (for example Firefox), but those come with big red warning that user sees before installing them.
Signal has reproducible builds for Android: https://whispersystems.org/blog/reproducible-android/ ...that just doesn't work with F-Droid. And building on their farm means that you have to trust them, and their build farm becomes a prime target if you want to infect lots of apps at once. In the play store, you sign your build, and Android will only let you install builds signed with that same key as updates. By moving the signing to F-Droid, you have to completely trust them.
I assume the Docker image provided by Signal does reproduce the Android build, but since the Docker image is a giant non-reproducible binary blob it is (as stated in the blog post) a "weekend hack" rather than a useful reproducible build system.
A user that is prepared to access the apk can verify the signature of the app they have on their device.
(So the compromise of F-Droid that results in a signed, compromised binary can't happen on Google Play, the apk is signed before it is sent to the store)
What does Play Services have to do with anything? APKs downloaded from the Play Store are signed by a key the developer holds and validated by Android's PackageManagerService which is open source.
He's doing great and useful work, there's no doubt. But requiring a phone number for an internet instant messenger is still a deal breaker even with Chromium as an alternative.
The most useful piece of metadata available to anyone harvesting user profiles for surveillance or profit. Governments must love phone numbers. Getting an anonymous phone number for each separate service you register with is practically infeasible.
I worry about how influential people like Moxie Marlinspike are seemingly turning the modern 'mobile-first' development paradigm into a 'mobile-only' mindset. I don't believe in secure and private computing when you are making it very hard for people to use your tools on (or via) anything but the two dominant mobile operating systems.
"Yes, phone numbers are public enough that they are shared everywhere, but unique enough to lead to a single person not to speak of that persons movements. And "just use twilio" isn't a motivation for using phone numbers in the first place.
If he had said "the benefits of finding friends are greater than the privacy implications" or something like that there would at least been a case for a discussion, but now he's seemingly saying "oh, if you really care about privacy you could/should use a fake phone number"."
---
Personally, I don't know how "a fake phone number" setup can be implemented, especially in the countries where each phone number is assigned to one ID at the time of purchase, so to me "use a fake phone number" sounds like "let them eat cake."
> If he had said "the benefits of finding friends are greater than the privacy implications" or something like that there would at least been a case for a discussion
This has already been discussed at length many times. Perhaps uola hasn't seen this blog post yet:
That post still goes from the starting point of "social graph" and "5000 users in the contact list." It's completely the opposite of what's the most reasonable need: say if I want to communicate using the encryption only with my girlfriend, I don't want any of other contacts be ever seen by any server, and I can agree with her how we'll identify each other, but we surely don't need real phone numbers transferred to any servers, and we don't even have to use always the same real numbers.
Yes, phone numbers are public enough that they are shared everywhere, but unique enough to lead to a single person not to speak of that persons movements. And "just use twilio" isn't a motivation for using phone numbers in the first place.
If he had said "the benefits of finding friends are greater than the privacy implications" or something like that there would at least been a case for a discussion, but now he's seemingly saying "oh, if you really care about privacy you could/should use a fake phone number".
Nor is it actually reasonable that we should expect to or rely on a few people to secure something that should be a fundamental and a fundamental right of communication. Not to rant to much, but it feels like going to parties (conferences) and talking about how much good you do and then being dismissive in the real world is how much of the security industry operates and that Signal has just become the latest excuse to why nothing has to be fixed.
I'll give him credit for the whatsapp integration though. More people in the field should consider working with companies where they can have a lot of impact.