Hacker News new | ask | show | jobs
by Moodles 1614 days ago
I remember seeing this bug years ago. As Filippo mentions at the end, I'm still not sure whether to attribute this to malice or incompetence as per Hanlon's razor. I have not really followed what's up with Telegram lately, but I recall they had a rather brusque attitude towards the cryptography community at the time: "we have maths PhDs!", "Here's an encrypted message with no other context whatsoever: 0x459457453494530453409abc74f, $1 million if you can break it. No? Didn't think so!". To be honest, their consistent hubris at the time combined with (as far as I'm aware?) no other suspicious code (in the sense of backdoors, not just weird crypto) since, actually leads me to think it might genuinely be incompetence rather than a deliberate backdoor. I do think it's true that the security community can be a little outraged and not very welcoming to newcomers in the space if they get anything wrong: even Signal, pretty much the gold standard, receives constant (in my opinion, unfair) criticism for not being federated. Though, given the high stakes, I suppose this can be forgiven.
2 comments
godelski 1614 days ago
The thing I'm most confused about is why Signal and Telegram are always seen as competing. WhatsApp has better encryption than Telegram, but then again, the bar is so low it's unfair.

The unfederatedness of Signal seems to be a HN phenomena. Though someone did make a feature request that could be something that's kinda middle ground and seems more in line with Signal's philosophy[0]. Personally I think Signal works so well because you don't have to worry about servers, domains, and whatever. It just works. Exactly like texting. It's for the masses, not us nerds. I want to see Matrix grow, but I don't see it being usable by the masses anytime soon.

[0] https://community.signalusers.org/t/signal-airdrop/37402/8

link
sjburt 1614 days ago
I think it's because Signal and Telegram are the leading non-FAANG, non-SMS options.
link
azalemeth 1614 days ago
Particularly with WhatsApp I think also a big reason is also the metadata. People want to leave it, and are looking for somewhere to go. Any "where" is therefore competing.
link
goodpoint 1614 days ago
> The unfederatedness of Signal seems to be a HN phenomena

No, it's as huge issue. You cannot trust yet another walled garden. Especially when there's no way to verify the servers.

link
tptacek 1614 days ago
I don't know what relitigation of this issue has to do with this thread. You can use the search bar below to find probably 100 different dissections of it, starting from Moxie's post about federation that kicked the whole debate off. Let's leave it be, since this thread isn't about Signal at all.
link
SahAssar 1614 days ago
Isn't that why we have collapsible subthreads?
link
godelski 1614 days ago
But if the app is working correctly you shouldn't have to trust the servers. I thought that was the whole point.
link
goodpoint 1614 days ago
No, that's a misunderstanding.

Signal is vulnerable to timing correlation. An observer on the servers or on network devices nearby can easily infer the social graph of users: at what time they communicate, with whom and how often.

This is not a minor issue. Quote from the former CIA director: 'We kill people based on metadata'.

link
godelski 1613 days ago
So the solution to that is get a lot of people on Signal because then that metadata is noisy. It's impossible to have a system with zero metadata but it's very clear that Signal is the best game in house. Timing attacks aren't solved by federation btw.
link
goodpoint 1613 days ago
> the solution to that is get a lot of people on Signal

Wrong. Do they all use the very same server? No, and therefore timing attacks are still there.

> it's very clear that Signal is the best game in house

Wrong. There are protocols designed to provide good security in the first place, like Briar.

> Timing attacks aren't solved by federation btw

Also wrong. Federation makes timing attacks very difficult, especially when servers are delocalized because it increases the amount of access required by any global observer.

I'm going to stop replying. You clearly are not familiar with the topic.

link
woobilicious 1614 days ago
Signals protocol is designed so you don't have to trust the server.

Just look at how much information they hand over to the feds:

https://signal.org/bigbrother/cd-california-grand-jury/

I'm not sure what you mean by walled garden, but I assume you mean that you can't setup your own servers and join the network? What's stopping a federated network from forming a cartel and blocking small players, or servers they deem morally objectionable?

link
godelski 1614 days ago
By walled garden I think they mean the servers. Because the app isn't a walled garden. It is open source though centralized (Moxie has argued extensively about how this allows faster development. Though ironically Signal is known for slow development). But the servers are also open sourced so there's nothing stopping people from creating private (or even federated) "Signal" apps. You just couldn't call it Signal in name. And I don't blame Signal for keeping their servers to themselves. They're not a data center and already running a tight ship.

I've never really understood the argument. Just because someone hasn't done something doesn't mean it is a walled garden.

link
goodpoint 1614 days ago
Not only Signal refuses to have any 3rd party server federate with theirs, but they also refuse 3rd party clients. This is exactly the definition of walled garden.
link
godelski 1613 days ago
There's also risk to letting others host servers. We know about bad tor nodes. Federation doesn't solve the problem you're looking to solve
link
goodpoint 1614 days ago
> Signals protocol is designed so you don't have to trust the server.

That's not true, see the other reply.

link
egberts1 1614 days ago
WhatsApp’s Biggest problem is the lack of a default ENCRYPTION-ENABLeD for group chat.
link
Moodles 1614 days ago
WhatsApp group chats are E2E. I actually worked on this. It is true (unless they’ve changed it) that the precise security guarantees of the group protocol are different, but it is still ends-to-ends encrypted.
link
md_ 1614 days ago
Doesn’t Telegram not even support e2ee for group chats?
link
egberts1 1614 days ago
That’s right, nothing like default-EE2E-enabled group chat, viewable and auditable server code, AND encrypted-data-at-rest; like Signal, unlike Telegram.
link
eitland 1614 days ago
> The thing I'm most confused about is why Signal and Telegram are always seen as competing.

Well, this is a good question. Telegram is an allround day-to-day messenger with channels, massive groups, broadcasts etc that also works as a login provider while Signal is a research project to create a secure messenger and also something about crypto coins ;-)

Yet, while Telegrams encryption scheme has left a lot to be wished for and their communication has been arrogant:

- Signal has had more than one really bad security problems like remotely exploitable XSS in desktop app and that rather long time span when Signal sometimes sent images to wrong recipients

- Meanwhile Telegram hasn't seen such problems since they were starting out

And WhatsApp? Why it is even mentioned in a discussion about secure messaging after all the blunders they've made I don't know:

- Sending deliberately unencrypted backups to Google with the intention that Google could datamine them.

- Lately there has also been talk about "filtering content on the edges". So much for E2E-encryption when the endpoints report your content through a separate channel.

I believe in Signal and E2E-encryption, but, as I have said a number of times and a number of ways before:

There is a lot more to security than just cool algorithms and buzzwords.

All the E2E-encryption in the world doesn't save you when the service provider gets away with the abuses WhatsApp have been caught red handed with and no algorithm saves you when you can get remotely exploited by receiving a message.

Some might think I am extremely pro Telegram. I have one place where I want a lot less of it:

It really scares me when I see police use it. For any kind of communication that needs to be super secure: stay far away!

link
FiloSottile 1614 days ago
Can you keep elaborating about the abuses that WhatsApp has been caught red handed with?

You mentioned only unencrypted OS backups (which were a major issue, but also industry standard, affecting everything but Signal which takes a severe usability hit over it, and apparently fixed https://faq.whatsapp.com/general/chats/about-end-to-end-encr...). "Filtering content on the edges" is a whole debate but not something that ever materialized.

It sounds there's a list, what are the others?

link
SahAssar 1614 days ago
Didn't they stop people from forwarding certain messages? https://www.nbcnews.com/tech/tech-news/whatsapp-limits-forwa...
link
throwawayair557 1613 days ago
"The Facebook-owned smartphone app said in a blog post that once a message has been forwarded from one user to another more than five times, anyone getting the message will be able to send it along to only one other person or chat group."

They can't read message contents.

link
matheusmoreira 1614 days ago
And yet WhatsApp encryption has literally defeated my country's justice system. Judges demanded that the content of the messages be revealed and they didn't get what they wanted. I'll never forget that day. This was years ago before all this client-side content filtering nonsense but still.

WhatsApp is a Facebook product and obviously cannot to be fully trusted. However, I'm still really happy that nearly everyone in my country is using something this secure. There's no point in having the perfect system if nobody uses it.

link
throwawayair557 1613 days ago
Here are some cases of mass 'hacking' of Telegram. The problem with Telegram is these 'hacks' give attackers access to entire Telegram chat histories, unlike E2E apps like Signal, WhatsApp, Wire etc.

[1] Brazil politicians' Telegram 'hack' of 2019

https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash...

[2] Iran Telegram 'hack' of 2016

https://www.reuters.com/article/us-iran-cyber-telegram-exclu...

[3] Israeli cryptocurrency executives' 'hacked' on 2020 including their Telegram

https://www.haaretz.com/israel-news/tech-news/.premium-exclu...

[4] Moxie Marlinspike of Signal app on Telegram

https://twitter.com/moxie/status/1474067549574688768

Hack is in quotes because all involve SMS interception.

link
exo762 1614 days ago
> Meanwhile Telegram hasn't seen such problems since they were starting out

There is no point of even looking into Telegram's code - it is not encrypted. Why would researchers waste their time?

Encrypted one-to-one chats is not really a feature. It is rarely used since parties need to explicitly request such session. And even than it's clunky as hell.

link
KennyBlanken 1614 days ago
It doesn't really matter whether it was incompetence vs deliberate weakening. The end result is the same: not secure.

They're a russian-HQ'd and staffed company which alone makes them suspect, and the government seems to have no problem with them, which doubles the suspicion given it's a perfect tool for anti-government groups and terrorists and if the FSB couldn't read everything, they'd be harassing the company, its founders, etc.

link