[Unman]

While applauding the stated mission of Open Whisper Systems to make cryptography usable by large numbers of people I think it is fair to hold Moxie & Co. to the same high standards to which they held PGP: https://moxie.org/blog/gpg-and-me/

    The journalists who depend on it struggle with it
    and often mess up (“I send you the private key to
    communicate privately, right?”), the activists who
    use it do so relatively sparingly (“wait, this thing
    wants my finger print?”), and no other sane person
    is willing to use it by default. Even the projects
   that attempt to use it as a dependency struggle.

Breaking this up into constituent parts and trying to guess whether those standards are met seems to leave us somewhere in this territory:

1) Journalists communicating with WhatsApp struggle with it and mess up.

Given the confusion around under what circumstances one can communicate securely with WhatsApp ("Is it OK if I have two checkmarks? Is it OK because Facebook would never let a government have access to the RedPhone part?")

2) Activists who use WhatsApp do so relatively sparingly. I have no idea on this one. I hope they're using Signal and/or GPG with all their attendant bother, complexity and confusion though.

3) No other sane person is willing to use WhatsApp by default. Hmmm.. more confusing value judgements. Is someone that uses a communication method open to abuse by corporations and governments "sane"?

4) Dependency struggle. AFAICS no other projects can piggy-back off WhatsApp because it's proprietary and closed. So the user base can't scratch their own itches. OK, so what about Signal? Sounds like the dependency on Google Cloud Messages and Play Services can be hacked around with great difficulty.

I dunno. Fair play to Moxie and Perrin for what they've done, but so far GPG looks like a better bet for actual secure end-to-end communication, using an already existing, widespread distribution mechanism which is widespread and redundant: email.

Reports of GPG's death may have been grossly exaggerated.

[tptacek]

Can you find a single practicing cryptographic engineer who will go on the record as saying that PGP (in any of its incarnations) and email is better than Signal Protocol for message encryption?

[ethbro]

If one is going to be paranoid, then one should at least be consistently paranoid.

v1 of the internet as used now seems wildly naive of state surveillance.

v2 may be better, but if most traffic goes encrypted, then there are going to be a lot more attacks (both legal and extra-legal) against the nuances of implementations.

v2 is certainly an improvement on v1. But one of the reasons v1 was deployed is because we believed things like "The US government would never tap traffic at the backbone" or "The US government would never tap private links between data centers."

Valuing both, I think it's important to keep eyes on the future so in 10 years we don't look back on statements like "The US government would never compell Google / Microsoft / Facebook / Whisper to distribute a poisoned version of their application" with the same amount of surprise.

[tptacek]

I don't understand what this has to do with whether we should use risky, leaky cryptosystems like PGP over things like Signal that were designed specifically to deal with these threats.

[ethbro]

I'd agree with the top of Unman's comment about striving for more, while disagreeing with the bottom.

Signal is better than PGP.

Running crypto without PFS in this threat environment is an irresponsible bet to make with data.

My point was that failing to continue to maintain vigilance, even if it sounds paranoid, is also irresponsible. Unless one is willing to be that we have a perfect crypto system, some amount of humility (as evidenced by Moxie's speech) is warranted. Else we'll be talking about Signal in 20 years in the same way we're talking about PGP.

[kasey_junk]

Can you give the 5 cent description of why Signal would be preferred to encrypted email?

[tptacek]

Signal is a system designed always to be encrypted with no plaintext opt-out, with secrets that change automatically over the life of a conversation (which could last years) so that a single point-in-time loss of secrecy has minimized damage, with no exposed message metadata so you can't accidentally betray your conversation with a dumb subject line, and with deniability so that someone wiretapping you can't cryptographically prove you to have said anything.

PGP and email is essentially the opposite.

[Johnny_Brahms]

> 4) Dependency struggle. AFAICS no other projects can piggy-back off WhatsApp because it's proprietary and closed. So the user base can't scratch their own itches. OK, so what about Signal? Sounds like the dependency on Google Cloud Messages and Play Services can be hacked around with great difficulty.

There is a pull request that got some quite thorough code review by moxie recently that gives users the option of _not_ using GCM, but it won't be merged until call/video support is implemented with webrtc (because it can't support calls over websockets, and just not being able to call some users isn't an option.)

And GPG is too hard for people to use. I have helped journalists with GPG, and even intelligent somewhat tech-litterate people struggle with the concepts of it. Look no further than Glen Greenwald, who almost wasn't able to communicate with Snowden.