Criticism of Signal
Zimmermann was a hacker in the oldest sense of the word. In the preceding years, he had grown freaked out by a proposal, put forward by a still-not-young Joe Biden, to force internet companies to give the U.S. government access to their users’ communications.
Zimmermann knew it was do-or-die time. Either the internet would be a free and open thing, or it would be subject to American meddling and surveillance.
[…]
When I first emailed Zimmermann, using an encrypted email client that traces its lineage to PGP, he called me back within an hour: “Do you have Signal?” We moved our conversation to the encrypted app, also a direct descendant of PGP, quickly thereafter.
[…]
So imagine my surprise when, this week, I came across a thinly-written essay arguing that Signal had “a problem.” It had, the essay argued, been compromised by the American intelligence state. Not from the outside, but from the inside.
I’ve always assumed that it is, because it’s such an important target and the agencies are good at what they do. I haven’t seen any solid evidence (which is what you’d expect if the compromising were done well), but there have been scattered reports suggesting that conversations have been intercepted (though perhaps this was through the phone or the recipients). That said, it’s probably better than the alternatives, and most of us are not government-level targets. As far as I know, Edward Snowden still recommends it.
Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.
There is no evidence Signal is hooked into the US government as described by Durov.
[…]
“The US government spent $3 million to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype,” the Telegram leader said. “It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference.”
The CEO also claims that users’ Signal messages have popped up in court cases or in the media, and implies that this has happened because the app’s encryption isn’t completely secure. However, Durov cites “important people I’ve spoken to” and doesn’t mention any specific instance of this happening.
First things first, Signal Protocol, the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.
[…]
One concern with open source code is that even if you review the open code, you don’t know that this code was used to build the app you download from the App Store. “Reproducible builds” let you build the code on your own computer and compare it to the downloaded code.
Signal has these for Android, and it’s a relatively simple process. Because Android is friendly to this. For various Apple-specific reasons this is shockingly hard to do on iOS. Mostly because apps are encrypted. (Apple should fix this.)
I want to give Telegram credit because they’ve tried to “hack” a solution for repro builds on iOS. But reading it shows how bad it is: you need a jailbroken (old) iPhone. And at the end you still can’t verify the whole app. Some files stay encrypted.
josephg (2021):
I spent a few hours trying to get a local build of signal-ios working a few weeks ago, in order to write a PR fix a bug with lost voice messages. The xcode project uses a plethora of device entitlements I’m not allowed to have (since I don’t have the proper signal signing key). Even after a couple hours of tweaking to get it building and deployed to my device, its currently crashing on startup because it can’t access some special signal local device store.
You can certainly get your own build working (without notifications and other features). But personally I found it prohibitively difficult to do so.
Previously:
Update (2024-05-15): Nadim Kobeissi:
Ways through which a complacent Board of Directors can harm Signal:
- Approve the roll-out of usernames while still keeping phone numbers mandatory, thereby avoiding the elimination of a core metadata element,
- Roadblock the integration of anonymity tech, such as @nymproject
It is possible to have trust issues towards Signal based on who @mer__edith appointed towards its board of directors (eg. Katherine Maher), while also agreeing that there is no evidence of “undisclosed vulnerabilities” in its source code. Lots of effort to shift the discourse.
When Katherine Maher’s appointment to the Signal board gained attention, Signal began pushing a narrative that Elon Musk is conspiring to push people from Signal to Telegram. But Elon hasn’t mentioned Telegram once, and this seems like an attempt to divert the narrative.
I was surprised to see this, but I did some searches and it really doesn’t seem like Musk has pushed Telegram at all, or even mentioned Twitter DMs much.
Update (2024-05-29): Mike Butcher (Hacker News):
I sat down with the president of Signal at VivaTech in Paris to go over the wide range of serious, grown-up issues society is facing, from disinformation, to who controls AI, to the encroaching surveillance state. In the course of our conversation, we delved into Signal’s interactions with Elon Musk and Telegram’s Pavel Durov[…] Among other things, Whittaker is concerned about the concentration of power in the five main social media platforms, especially in a year when the world faces a large number of general elections, not least in the U.S., and Europe’s reliance on U.S.-based, external tech giants.
12 Comments RSS · Twitter · Mastodon
Oh, also the anti-Signal campaign seems to have been started by admitted liar and white nationalist Chris Rufo, not a technical person, because the new CEO of NPR is the chairman of the Signal organization and Rufo thinks she's too much of a leftist.
That's it. That's the whole thing.
https://www.city-journal.org/article/signals-katherine-maher-problem
@Jon Why would Musk want people to use Telegram instead of Twitter’s encrypted DMs? Rufo may be behind the campaign for partisan reasons, but there were others before him who questioned whether Maher was connected to intelligence and supported censorship. See also.
"Why would Musk want people to use Telegram instead of Twitter’s encrypted DMs?"
He's probably supporting Rufo due to Rufo's far-right politics. And maybe Twitter's DM encryption isn't all that good.
The trivial way to hack Signal is to hack a custom keyboard (Naomi Wu predicted this). Or you could hack the OS, for which there are a number of solutions: even if you make your own keyboard, as long as the OS can capture the locations touched on the screen, and capture an image of the screen, you have captured the message (and since we can't talk directly to the hardware, the OS has that data).
Ultimately, I wouldn't trust any modern device with a large market. Even Crypto AG of Switzerland which was trusted by many world governments turned out to be a Western intelligence front. Bunnie's precursor ( https://www.crowdsupply.com/sutajio-kosagi/precursor#products ) is worth investigating, if one wants real security.
Also, Pavel's brother designed Telegram's encryption, so he might be biassed. On the other hand, trusting anything Western experts deem "safe" can be debated since it'd be in the interest of Western intelligence agencies to get everyone to use something they can crack.
My problem with Signal has always been that its user experience stinks.
You need to use a mobile app in order to sign up for it, and you need to use a phone number. I don't want to associate my phone number of messaging apps if I can help it, even ones that promise privacy. And I don't want to involve my phone when I'm not going to be using it on my phone.
You need to "connect" your desktop devices with the mobile app using a QR code, which on its own is kind of annoying, but more importantly, it keeps "losing" the connection. This happens constantly to me! I have to keep relinking all of my devices.
Signal forces you to update *in the app*, interrupting me in the moment I want to message someone. Nothing grinds me gears more than apps forcing you to update in the exact moment you need to rely on them.
All of these are major impediments to getting other people to use it, and if they don't use it, there's literally no reason for me to use it because then I have no one to message.
I'm sure there's more stuff I'm forgetting. But it's got the same bad design patterns as most modern apps these days.
"but there were others before him who questioned whether Maher was connected to intelligence and supported censorship. See also."
I'm not sure if that link is going to the wrong place, but I see nothing about Maher there. The whole Maher thing seems to be the typical right-wing character assassination that happens all the time. Maher said that the first amendment was the primary challenge with combating Covid misinformation, and people immediately made the bad-faith interpretation that she was against freedom of speech, which is absurd, given what she's done all her life.
The reason they attacked her is primarily that she was NPR's CEO, and the same people who love Covid misinformation also hate actual journalism.
This is all complete bs, and it blows my mind that we have become so bad at navigating misinformation that we're now discussing this whole clown show as if it was in any way a serious topic. And that includes the whole Signal discussion.
Nothing you do on your Android phone or your iPhone is private from state actors if they want to target you. There's no need to invent some kind of conspiracy where Maher is secretly working with the CIA to intentionally leave known bugs in Signal. Is it possible? Sure, everything is possible. Is it particularly plausible? I think not.
@Plume The See Also was meant as a link to some related thoughts and where I’m coming from with this story. I think the Musk/Maher stuff is mostly a sideshow, which is why I didn’t mention it in the original post. If you believe that Signal is not actually private from state actors, surely it was thus long before she got there. The reproducible build issue is troubling, and of course there are also potential security holes outside of the app itself, and all the decisions they are making, e.g. about user names and phone numbers. I found Whittaker’s response a bit disingenuous, in that she is claiming that nefarious changes to the iOS binary would somehow be noticed immediately and also (hypothetically granting the premise about Maher) that it doesn’t matter whether there are rogue actors in the organization, which makes no sense. It seems like there are two campaigns, one targeting Signal via Maher, and one defending Signal, not on the merits, but as anti-Elon.
Yep, really it's the centralisation that poses the problem—centralisation that Signal have (IMO disingenuously) always defended on the basis of UX and speed of development. Well, this is the price—you just can't be sure if any protection offered is unconditional, because something as simple as downloading and using an unaltered binary can't be guaranteed. I daresay there are many eyes on it, and of course state actors have friendly Israeli spyware outfits they can always rely on, but fundamentally you need multiple decentralised implementations of your known-good crypto to be sure you're getting the real deal.
Which, of course, is how a right-wing ideologue turns it into a wedge issue, notwithstanding actual concerns about potential government influence operations. It's all just sad.
When 70 year old professors of history are detained entering the US and have their phones copied... it might be good to avoid using your phone for anything for which you think Signal would be useful.
https://twitter.com/jeremyscahill/status/1790874217828827473#m
FWIW, Telegram does not end-to-end encrypt messages by default: https://twitter.com/naomibrockwell/status/1788634952269009390#m
From Paul Cantrell on Mastodon yesterday:
"So…there is a concerted campaign, with Musk as its mouthpiece, to discredit Signal and get people to switch to Telegram. It’s disinformation, but there’s also useful information in it. The useful information is that a hideous, powerful, right-wing crank — or whoever’s yanking his chain — really, really wants people to use Telegram.
We’ve long known Telegram’s security is weak. But now, in light of this new information, we should move forward assuming that Telegram is actively compromised."