Meredith Whittaker reaffirms that Signal would leave UK if forced by privacy bill::Meredith Whittaker, the president of the Signal Foundation, the organization that maintains the Signal messaging app, spoke about the U.K.'s controversial new privacy bill at TC Disrupt 2023.

  • NocturnalMorning@lemmy.world
    link
    fedilink
    English
    arrow-up
    72
    arrow-down
    1
    ·
    1 year ago

    What are the governments around the world afraid of? Always so quick to go for overly invasive privacy laws. They should be afraid of the citizens, not the other war around.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      92
      arrow-down
      1
      ·
      1 year ago

      They are afraid of the citizens, that’s why they want to be able to read all the messages.

      • ZoopZeZoop@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        I think they’re saying that they are supposed to be (i.e., this doesn’t need fixing). If they “fix” it, the people will be afraid of the government.

  • DigitalNirvana@lemm.ee
    link
    fedilink
    English
    arrow-up
    54
    arrow-down
    2
    ·
    1 year ago

    This is why I use, support, and promote the Signal Foundation. Thanks for what you do!

    • Varyk@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      3
      ·
      1 year ago

      People vaguely disparage signal on social media a lot, what’s the evidence for signal having a backdoor?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        63
        arrow-down
        5
        ·
        edit-2
        1 year ago

        The fact that they store encryption keys on their servers in the cloud, relying on SGX lock boxes to prevent trivial exploitation of those keys.

        In information security, as with intelligence work, it’s about capabilities not intent.

        Signal has the capability, to brute force the SGX enclosures, or even use trivial code signed by Intel to simply export the keys from SGX enclosures, which means all of the encryption keys stored in signals cloud, which is all of them, could be compromised. That is a capability they have.

        SGX has had multiple exploits, especially side channel attacks through timing, and other metadata in the CPU. Intel is a US corporation, and their subject to national security letters, so they could be compelled to release their SGX signing keys…

        All the Lego pieces are there for signal to have a back door. It’s about capabilities. I’m not saying they have a back door, but the pieces are there for one.

        If you recall a few years ago, there’s a big hullabaloo about signal storing encryption keys in the cloud behind four digit pins… this is why people are so angry about it. It means we have to trust the central servers, which is antithetical to the capability model that we talked about.

        That being said we are reasonably sure the signal client code is secure. So if you disable pin codes and signal, your encryption key is still sent to signal cloud, but it is signed with a cryptographically secure 128-bit something code. So that’s fine. But if everybody you’re talking to hasn’t disabled the pin, then the other side of your conversation is still exploitable.

        TLDR: signals great if your threat model does not include five eyes intelligence services, and if your threat model does include five eyes intelligence services you should use something else. Not by intent, but by capabilities.

        • Varyk@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          25
          arrow-down
          1
          ·
          1 year ago

          Thanks very much for the breakdown. I was totally unaware of the keys being stored in the cloud, that seems like a terrible idea for a privacy based messaging system.

          Are there more secure alternatives?

          • hedgehog@ttrpg.network
            link
            fedilink
            English
            arrow-up
            21
            ·
            edit-2
            1 year ago

            Just to be clear, the referenced keys are not for your conversations, but for your contacts, groups, settings, and profile: https://signal.org/blog/secure-value-recovery/ Your conversations are fully e2ee and those keys are stored only on your devices.

            Also the “disable your pin” advice you’ve been given is misleading. You should not disable your pin; instead, you should use a secure alphanumeric pin. Disabling your PIN means you cannot enable Registration Lock, which makes you vulnerable to account hijacking attacks, e.g., by SMS interception or simjacking.

            • Varyk@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              Oh. Well yea, the keys not relating to my conversations does flip everything on its head again. So back on its feet?

              Are there other keys for your conversations in signal?

              Do you use signal?

              • hedgehog@ttrpg.network
                link
                fedilink
                English
                arrow-up
                7
                ·
                1 year ago

                I do, yes. Signal’s not perfect, but it’s very good, especially for everyday conversations. Compared to comparable secure alternatives, it’s more user friendly and in many cases it’s more consistently secured (specifically thinking of Matrix here).

                There are keys for your conversations on every device you have linked to Signal, but not on the Signal servers. Each device gets its own set of keys, which are discarded and updated with new derived keys as you send and receives messages. Your phone is the one in charge of handing the initial keys out to other devices and in charge of revoking them. The server has a message queue for each device, but not the keys. (The messages are deleted from the queue after being delivered to the device or after 30 days, at which point that device is unlinked.)

                I also found this article that discusses the data that ends up getting stored on Signal’s servers.

                One big vulnerability for Signal is that it trusts your local machine too much, especially on Desktop but also, to an extent, on mobile. If you have malware on your system, if you don’t encrypt your drives, or if someone is able to guess your password, then someone can get full access to your conversation history. On desktop, the database with all your conversations is stored in an encrypted database, but the key to decrypt the database is stored in plaintext. That key could be secured in the system keychain, which would make it resistant to being read by malware, but it isn’t. It could be encrypted locally with a user-provided PIN or password… but it isn’t. And I have seen enough of people struggling to contribute code to Signal that I suspect if someone contributed a PR to fix that, it wouldn’t get merged.

                That all said, if someone stole your laptop, even if they got access to past conversations you can cut them off from future conversations by unlinking the device from your phone. And if someone cloned your Signal data and tried to connect as you, then it would be pretty obvious that something was going on when you logged in on your own laptop, since it would get very glitchy, and as soon as you unlinked and re-linked it would cut off the attacker’s access.

                This whole vulnerability makes Signal’s resistance to a proper, securely encrypted, user-managed cross-platform backup system even more frustrating. It feels, honestly, like security theater. But even so, I prefer the current state over having the backup in Signal’s cloud, regardless of whether SGX is involved; I want to manage my own backup. Like other proponents of a proper backup system, I believe that the user should be in charge of determining if a conversation should be ephemeral, and Signal provides a tool to do that - disappearing messages.

                The other big vulnerability Signal has is not being anonymous, largely thanks to being linked to a phone number. Anyone you chat with has your number, and anyone who has your number can check to see if you’re on Signal (though you can at least disable the latter option). Things like Sealed Sender help protect your identity and the identities of your contacts from outside observers, but they aren’t perfect. This lack of anonymity is the main reason given for not trusting Signal when your threat model involves state surveillance, but as a counterpoint to that - as recently as 2021, Edward Snowden endorsed Signal and said he uses it every day. If Snowden trusts it to secure his conversations, I’m not worried about it for my own.

                • Varyk@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  1 year ago

                  Okay, thanks for taking the time to write all of this down and explain it to me, I feel like I understand signal a lot better now.

                  And I feel better knowing that the keys to the conversation are regularly replaced in the app and that there are plenty of steps to take to make it more secure anyway.

                  Man, that was a really interesting reply hah, I’ve read through it like three times… I’ll be checking out the links you sent also.

              • SimplePhysics@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                Almost every chat platform uses encryption by default, including telegram. If you are talking about E2EE, you have to enable that manually for each chat.

            • orcaA
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              Do you still have to consciously enable encryption in Telegram? That was the gripe people had with it for a while. Chats weren’t encrypted by default.

            • SirEDCaLot@lemmy.fmhy.net
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              3
              ·
              edit-2
              1 year ago

              Matrix is really awesome and I hope it becomes the gold standard. However, if I were a Snowden, I would pick signal over matrix for the simple reason that signal doesn’t store your conversations on the server. Matrix does. Those conversations are encrypted client side with a key the server doesn’t have, but they are still stored centrally. That has advantages and disadvantages. It is much better for usability, because you can log in from any device and you see all of your conversations in one place. Unlike signal, there are no primary and linked devices, you can run matrix on desktop, laptop, phone, tablet, or straight from a web browser. When logging in from a new device, you need your username, password, and to either authenticate the session from another device, or manually put in your encryption key to decode the chats. That also means there is no need for backup or restore of anything other than your encryption key. For that reason, I am more frequently pushing people to install matrix than signal these days.

              However if security is more important than usability, signal wins, if only because there is never a question of storing anything on any server. Start a chat with somebody, make the messages disappearing, and you can be pretty sure that as long as neither of your devices are captured while the chat is in progress it will never be seen by anybody.

              • orcaA
                link
                fedilink
                English
                arrow-up
                5
                arrow-down
                1
                ·
                1 year ago

                This breakdown makes me much more hesitant to ever use Signal over Matrix. Signal is storing the keys themselves, where as Matrix is storing messages that can’t be decrypted and no keys. If the keys on Signal’s servers are ever stolen, you can kiss all of your message privacy goodbye. If a Matrix server is hacked, the user can’t do anything with the messages because they’re encrypted and no keys are stored.

                You also have the option to host your own Matrix server and have more control—something that is not an option with Signal.

                • hedgehog@ttrpg.network
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  The key that is stored server-side by Signal are only used to decrypt your profile, your contacts and groups, and your app settings. It is not used to decrypt your messages. And my understanding is that if you set a secure password instead of a pin, the key will be encrypted by your password before being uploaded, anyway, meaning that it’s e2ee, too.

                  Also, you can host your own Signal server, though I suspect doing so is more complicated than hosting a Matrix server. The code is almost fully open source (and I only say “almost” because, in the past it was not uncommon for the code on Github to be several months out of date - the license is a FOSS license). However, Signal isn’t federated, so you wouldn’t be able to talk to anyone using the Signal app or a fork on the main Signal server - unless you forked the app and made it able to manage accounts on multiple different servers.

                  Matrix also doesn’t encrypt metadata and it syncs conversation metadata to every involved server. As recently as 2022 Matrix had several critical vulnerabilities discovered (and patched). I wasn’t able to find any record of the audits mentioned in that article, so I have no clue how they performed, but regardless, even if just based on the metadata alone, currently Signal is more secure.

                  From a FOSS perspective, it makes sense to prefer Matrix over Signal (or maybe XMPP?). Signal - Moxie specifically - has been downright hostile to forks (refusing to allow them to use the Signal server with their frontend fork) and I remember him rejecting PRs and being rude toward contributors, too, though my memory’s a bit fuzzy on the specifics. That was a few years ago, so maybe it’s gotten better, but even if so, Signal isn’t federated and likely never will be, so any developer would have a lot more flexibility building things for Matrix or contributing to existing Matrix projects.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            12
            arrow-down
            1
            ·
            1 year ago

            Yes. But signal is the gold standard, it’s going to be hard to get your contacts onto any other platform.

            https://www.privacyguides.org/en/real-time-communication/

            Reviews the options nicely, I use briar, it’s rough around the edges. But it does the job.

            I’ve been meaning to try simple x, but I haven’t given it a go yet.

            You can follow the privacy guides guide on hardening signal, it’s useful. Net net the easiest thing to do is disable your PIN, and ask any friends you’re speaking with to disable their PIN.

            https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/#signal-pin

            • hedgehog@ttrpg.network
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              Why are you recommending people disable their Signal PINs? Best practice as far as I’m aware is to set a secure passphrase (rather than a 4 digit PIN) and to enable Registration Lock.

              This article is the only one I was able to find with a recommendation that you opt out of setting a PIN, and even there they recognize that if you set a secure passphrase instead of a PIN, you aren’t reliant on SGX’s security anymore.

              That article also doesn’t talk about how having a PIN is required to enable Registration Lock. Since Signal is dependent on phone numbers, disabling Registration Lock makes you vulnerable to account hijacking attacks. I would personally be more concerned about my contacts having their accounts hijacked - with the only indication of this on my end being that their Safety Number changed - than by them using a 4 digit PIN; if I were to recommend anything, it would be for them to use a secure passphrase (like an EFF dice-generated passphrase or a 12-word BIP39 phrase) and enable Registration Lock.

            • Varyk@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              Okay, thanks. I’ll read both of those articles and for now disable my pin on signal and talk to my contacts.

            • AbidanYre@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              Simplex is working pretty well for me. One of the people I chat with has an apple device so briar wasn’t an option, otherwise that’s probably what we would be using.

  • WuTang @lemmy.ninja
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 year ago

    is there any privacy bill for the elected? I would love to have a view on their:

    • banks accounts
    • stocks
    • cooopsspace@infosec.pub
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      Which ones have inappropriate relationships with minors.

      And we know they exist. They keep telling us.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    23
    ·
    1 year ago

    This is the best summary I could come up with:


    The Online Safety Bill, which was passed into law in September, includes a clause — clause 122 — that, depending on how it’s interpreted, could allow the U.K.’s communications regulator, Ofcom, to break the encryption of apps and services under the guise of making sure illegal material such as child sexual exploitation and abuse content is removed.

    Whittaker didn’t mince words in airing her fears about the Online Safety Bill’s implications.

    “We’re really worried about people in the U.K. who would live under a surveillance regime like the one that seems to be teased by the Home Office and others in the U.K.”

    Whittaker noted that Signal takes a number of steps to ensure its users remain anonymous regardless of the laws and regulations in their particular country.

    Asked onstage what data Signal’s handed over in the instances that it’s received search warrants, Whittaker said that it’s been limited to the phone number registered to a Signal account and the last time a user accessed their account.

    She pointed to reasons for optimism, like Meta planning to roll out end-to-end encryption on Facebook Messenger and Instagram in spite of the U.K.’s Online Safety Bill.


    The original article contains 506 words, the summary contains 194 words. Saved 62%. I’m a bot and I’m open source!

  • HurlingDurling@lemm.ee
    link
    fedilink
    English
    arrow-up
    21
    ·
    1 year ago

    My one wonder is, what would banks use to securely provide access to their customers online? What about online stores for local small, medium, and large businesses? Or is this going to knly target messaging and social networks?

    • darklamer@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      My one wonder is, what would banks use to securely provide access to their customers online?

      Considering that it would be illegal for banks to securely provide access to their customers online the answer is simple: they wouldn’t.

    • EnderMB@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Given that the UK’s tech industry is strongly tied to Fintech, and without it utterly crumbles into becoming cheap support for the US, I hope there is some serious clapback from the likes of Monzo, Starling, and co.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    11
    ·
    edit-2
    1 year ago

    I was kind of worried that India did not ban signal when they banned all the end-to-end encrypted chat applications.

    If the UK follow the same path, namely signal is exempted, that would be a strong indication that signal is compromised at the nation state level at the very least.

    Update: what’s with all the down votes? I’m a signal cheerleader, this is a test of signal, we’ll see how they react, how the ecosystem reacts. It’s curious. We should pay attention. That’s all I’m saying

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        2
        ·
        edit-2
        1 year ago

        I don’t recall. I just know India did not ban signal. But they banned all the other end and encrypted apps I use. So it’s very curious.

        One of my colleagues said, and a very reasonable and intelligent colleague at that, if you were going to design a global intelligence honey pot for encrypted messaging, signals how you would do it.

        I’m not saying they are, but they have the capability to, structurally their ideal for honeypot. The fact that India didn’t ban them, that’s a data point…

        I still use signal, on the balance of probabilities it’s still the best platform for a general end to end encryption, but nothing is forever so I keep my options open

        • elmicha@feddit.de
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I’m curious how such a ban works. Of course they’ll tell Google and Apple to stop distributing the apps, but can’t you just sideload the app? Or are they blocking some network connections at the country level, or filtering DNS?

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            11
            ·
            1 year ago

            It could get really interesting. Delisting from the app store would probably cover 90% of users.

            People could still sideload, or use fdroid or VPNs.

            If the UK got aggressive with internet filtering and blocked signals endpoints, signal proxies exist. But they would be slower for day-to-day use. Just like signal does for Iran.

            We might see a resurgence of domain front running, which I believe cloudflare and AWS had harsh words for signal when they used it before. But if it’s the only option.

            The internet will find a way to route basically. I have full faith in that

    • AllNewTypeFace@leminal.space
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      There’s a difference between the spooks being able to read everyone’s messages and the ordinary police being able to do so. Assuming that Five Eyes or similar have a secret way of decrypting Signal messages, it won’t remain a secret if every drug dealer who uses Signal is swiftly arrested. (Even with the trick of parallel construction, postal inspectors magically getting lucky every time someone uses Signal would get suspicious pretty quickly.) If the spooks can read your Signal messages, they are compelled to ration that capability rather than burning it.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Agreed 100%. So I think signal matches most people’s threat models, so it’s still great to recommend to people.

        If you were running some countries internal messaging service for diplomats. You might use signal, but you’d have to mirror the infrastructure to completely host it. And then probably add your own ciphers on top.

        All down to the threat model.

    • solidsnail@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It doesn’t necessarily mean that. It could also be that they attempt to block the rise of new platforms, and by doing so limiting the amount of platforms that they have to compromise.