[micheljones]

Yep, some of the imposed limitations (single server, necessary to sign up with your phone number) make the conspiracy-theorist part of my brain fire up. And the longer this goes, the less beliveable are Moxie's excuses for doing it that way.

Conspiracy-theorist mode: spooks wanted to control the scene once it was obvious that it will be impossible to stop the proliferation of the idea of 'e2e encrypted secure messaging'. For this, they had to have an actually secure product without obvious backdoors (to gain and keep marketshare), but also some way to sidestep it. As long as they have the necessary metadata (who is contacting who, and the phone numbers they use), they can just sidestep the end-to-end encryption and hack the endpoints to access data. And moxie is insisting pretty hard on the 2 aspects of Signal that are unnecessary for the stated goal of the project, but are necessary for this purpose: 1) single central server, 2) having to share your phone number to communicate

[nasredin]

"necessary to sign up with your phone number"

Just want to plug Tox: https://tox.chat/

I recommend "Isotoxin" client.

It is server-less, no phone numbers required (Sorry NSA :( )

I looked at all the "secure" chat clients (Facebook, WhatsApp, Riot, Matrix, etc.) and Tox seems to be the only one that is SECURE (read: encrypted) and more importantly PRIVACY-FOCUSED (no phone numbers & central servers).

After ICQ, MSN, AIM, XMPP, Jabber, GoogleTalk, etc. I learned my lesson: Not gonna trust any single entity EVER! No matter how "secure" they say they are.

[DiThi]

> and Tox seems to be the only one that is SECURE (read: encrypted) and more importantly PRIVACY-FOCUSED (no phone numbers & central servers).

I wouldn't bet on that just yet. Tox is not secure right now. [0]

For now Riot (Matrix) through Tor fills this purpose nicely. It's completely encrypted end to end, and Tor avoids being identified from metadata. It does use servers, but you can choose any of the public servers available[1] or create one yourself and have people use it for plausible deniability (while you use it through Tor). There's interest in making Tor-only Matrix servers that can communicate with regular servers[2] but I think Matrix clients through Tor is secure enough.

Also, allowing using phone numbers for authentication is in my opinion very important for a service to reach some level of popularity (and therefore more work put into it, more audits, and not having to use a gazillion of clients yourself, etc). Riot main server has it but of course it's not required at all.

[0] https://github.com/TokTok/c-toxcore/issues/426

[1] https://www.hello-matrix.net/public_servers.php

[2] https://github.com/matrix-org/synapse/issues/2111

[dogma1138]

The problem that unless you are going to blow up the Empire State Building it's very hard to convince people to use yet another not to mention switch to a different messaging app.

What happens is that the person who does it effectively being cut out of the loop with maybe a handful of their contacts becoming partial converts that might serve as human routers for a while.

WhatsApp and Signal work because they are easy they are mom/grandpa proof and they have a huge user base.

[bmn__]

> After […] XMPP, Jabber […] I learned my lesson: Not gonna trust any single entity EVER!

Those are not single entity, but federated.

[cheshire_cat]

Have you had a look at GNU Ring? It's also decentralized (except the name server but you don't have to use it) and works better for me than tox.

https://ring.cx/

[probably_wrong]

Can I add the amount of required permissions to the conspiracy theory? For a privacy-oriented app, requiring access to EVERYTHING is what has kept me away so far.

(Or maybe there's a "Signal Lite" I'm not aware of?)

[StavrosK]

Can't you just deny the permissions?

[nucleardog]

Right from the get go, if you deny it access to SMS it forces you to wait 2 minutes (no way to skip), then only gives you the option to receive a phone call with a code to enter.

Why not work like every other app and allow me to just enter the code from the SMS I received?

As someone whose primary motivation had little to do with "hiding my conversations" and much more to do with "not having my entire address book, unrelated SMS history, and identity sucked up and sent to some company I don't trust", Signal just wasn't a great onboarding process at all. In the time I spent waiting to see what happened when the SMS timed out, I'd already installed Telegram and gotten setup. And if I remember correctly, even once I went through the phonecall process Signal was basically non-functional without access to my contacts.

So Telegram it's been - shitty crypto and all. Though I'm open to other recommendations.

[qengho]

Exactly. Signal is #privacyfail because is requires access to contacts. Wire is better.

[micheljones]

Thank you for that addition. I do not use Signal myself so I was talking from an observer perspective.

[hackermailman]

The server is open source, you can run your own private Signal network and rewrite the authentication if you wanted or remove the sms verification. Now that there's no longer a google play dependency this is possible. There's other software that is designed for nyms and is federated I don't get why people demand Moxie cram more features when what they want is already built.

[micheljones]

I don't understand why are you accusing me of 'demanding moxie cram more features'. I do not use signal at all.

> you can run your own private Signal network and rewrite the authentication if you wanted or remove the sms verification.

You can. What's your point? Most important thing with IM is network effect, i.e. how many people can you contact with it.

You propose putting effort into rewriting the code, then running your own server, then only talking to people who you get to install your modified version of signal on their devices. This is not a solution to the problem, because if you're gonna put all that effort in, there already are viable alternatives.

My main point with my 'conspiracy theory' was that spooks would want to control the scene by being in control of the most popular IM networks. I do not see how you disprove that.

[zeveb]

I'll grant that the conspiracy theory does explain the facts you mention (as well as the fact that Signal shares contacts with OWS), but I think that a simpler theory explains the facts too: the the OWS guys really do want to get some crypto into the hands of the masses, and are willing for their product to be less secure than it could be if it means that end users are more secure than they'd otherwise be (i.e., they believe the alternative to Signal-as-it-is is not Signal-as-it-could-be but rather SMS).

Tying things to a phone number makes sense in order to reduce Sybil attacks, but I think that OWS could operate a phone-number-based identity service which would be relied upon by federated Signal servers, reducing the degree centralisation while still preserving Sybil resistance. This matters because without Sybil resistance it'd be pretty easy for a malicious party to send a Signal user 10,000,000 messages per second, saturating his data connexion and depleting his battery; tying identity to phone number makes it easier to limit & block such bad actors.

[mullen]

> Tying things to a phone number makes sense in order to reduce Sybil attacks, but I think that OWS could operate a phone-number-based identity service which would be relied upon by federated Signal servers, reducing the degree centralisation while still preserving Sybil resistance. This matters because without Sybil resistance it'd be pretty easy for a malicious party to send a Signal user 10,000,000 messages per second, saturating his data connexion and depleting his battery; tying identity to phone number makes it easier to limit & block such bad actors.

I think people who are for anonymous use of Signal don't understand that the bulk of Signals users don't want anyone who is anonymous to contact them. If I don't know who you are or I can not track you down, then you can't contact me.

[zeveb]

I don't think too many people want the people they communicate with using Signal to be anonymous to them; they want them to be anonymous to Open Whisper Systems. Ideally, OWS would have no way to know that I'm talking to my best friend, or who we are.

Getting that to work is tricky, but it'd be awesome.

I can imagine a system where users prove possession to OWS of their phone numbers via SMS — as they currently do — and OWS issues them certificates using some sort of blind signature scheme; they can then use those certificates to prove to any server they talk to that they are someone with an identity, and the server can use a subsidiary certificate to demonstrate to other servers that it's acting on behalf of someone with an identity (but not whose identity), and the recipient's server can rate-limit based on that identity, and potentially even record information to aid in manually tracking someone down — without revealing the identity in normal use.

I could be wrong, and I've definitely not proven that it can work. But I think it can be made to.

[micheljones]

I agree with you; I'm not some crazy kookoo yelling about judgement day on the corner, this is just some 'food for thought' discussion.

For the first part of your argument, the issues I mention do not affect the security of the product (signal) itself, they would just enable spooks to more easily sidestep the whole product.

I also do not have anything against using the phone number as uid, it's 'good enough' for most people, and it greatly simplifies things. It is a very sensible default. What I'm questioning is the hardline stance of not allowing anything else at all - while 90% of people would be fine with signal as is, why not give the remaining 10% of us kookoos a bit more freedom?

As for the Sybil attack, does signal allow users not in your 'buddy list' to send you messages?

[zeveb]

I'm with you — I'd love it if (internally) Signal user IDs were URLs, e.g. tel:+12025551212 — which would mean they could also be email addresses or anything else.

I think Signal allows anyone to send messages; I don't think it only permits communication when both parties have one another in their contact lists.