[pelzatessa]

This is actually disturbing, as the article suggests that all previous messages sent using Signal are decryptable with quantum computers. If there are people with, for example, selfhosted mailservers sending PGP encrypted emails to each other, then, while they have to worry about them not leaking out from the server either by someone hacking to it or someone sniffing the traffic with the encrypted messages beforehand, they know for sure that their messages are safe.

Meanwhile Signal users have been sending messages onto signal servers for years now, as far as I know they aren't sent directly through some p2p protocol. I don't know what their policy is about storing messages, and I believe that they have a lot of other countermeasures, but it still points to the problem with Signals centralized nature.

[ale42]

As far as they say, messages are deleted once delivered, or retained up to 45 days if not:

   Devices are always retrieving messages from their mailbox when they are 
   online, and as soon as the device confirms they’ve gotten a message, it is 
   deleted from the Signal servers.

   If a device has been offline for a while, it may have a lot of messages 
   waiting in its mailbox when it returns. Today, Signal will hold a message in 
   a device’s mailbox for up to 45 days, giving an idle device a chance to wake 
   up and fetch it.

(source: https://signal.org/blog/a-synchronized-start-for-linked-devi..., dated Jan. 2025)

[pelzatessa]

It is possible for them to say that they deleted the messages without actually deleting them though. One has to trust a pretty big company in order to not worry about the messages actually not being stored anywhere.

I'm not aware of all techniques that Signal uses to somehow make the message anonymous even when if the encryption would have been broken, but sealed sender seems to be one of them:

https://signal.org/blog/sealed-sender/

So at least there's that. Unless the encrypted sealed sender messages aren't somehow being fingerprinted by the IP address of client and the timestamps of connections. Signal probably also says that they don't log these, but with self hosted mailserver I wouldn't have to trust them on that too.

[cristoperb]

> One has to trust a pretty big company...

Or a medium-sized (~50 employee) nonprofit, anyway.

[pelzatessa]

Huh, it's true. I thought an organization that needs $50M yearly to function[1] would employ more people. Still, I think it's fair to call them "pretty big" looking on how much media exposure they get or their operating costs. Perhaps a bit misleading from my part with the "company" part, as I'm not english-native, every type of firm,company,foundation in my head translates to a "company", sorry about that, will be more clear next time :)

[1] https://www.wired.com/story/signal-operating-costs/

[cristoperb]

No worries, I don't think "company" is even technically wrong. But I do think given the nonprofit structure (and Moxie Marlinspike's track record), that there are fewer incentives for Signal to lie about its privacy guarantees than a messaging app backed by a commercially-driven big company.

[633212490]

Using PGP over self-hosted email servers won't help you against a post-quantum adversary. While people have discussed post-quantum extensions to PGP, it doesn't exist yet. Similarly, while post-quantum TLS _does_ exist, it was only just implemented in OpenSSL; I doubt Postfix supports it yet.

So you're in an even worse post-quantum situation with email, even if you end up with TLS-encrypted PGP-encrypted messages, you're still not post-quantum secure.

[pelzatessa]

My point is that to this date everyone was not post-quantum secure, and only the people whom had their messages stored on their servers only can be sure that someone won't read their contents.

Also PGP emails were just an idea that seemed the most basic for me to illustrate an example of selfhosted encrypted messaging. Probably they lack more security features than just post-quantum, compared to the other messengers anyway :)

[palata]

> If there are people with, for example, selfhosted mailservers sending PGP encrypted emails to each other

In good approximation, nobody does that.

[pelzatessa]

Yeah, that's true. If they did though, then I think that they'd be more secure than with Signal, at least in this certain aspect of message storage.

[FergusArgyll]

Why do you need the mailserver to be self hosted? just pgp encrypt client side

[pelzatessa]

In the scenario with mailservers with PGP encrypted messages I did intend the messages to be encrypted client side, perhaps it was not clear enough. When I selfhost my own server (and my trusted friend selfhosts his), I can be completely sure that the encrypted messages will not be dumped either through storage or while relaying them. If sent PGP end-to-end encrypted messages through, say, gmail, then I'm not 100% sure that gmail won't store these messages somewhere and decrypt them whenever quantum computing becomes available for them.