Hmm. You seem to be right. Article corrected there to reflect that Signal is using empty GCM messages. I must have still had the old situation of TextSecure in my head when I wrote that. Nice to know re the reason Redphone doesn't work, thanks for that insight!
As the previous links from STRATFOR etc. prove, Google is deeply embedded in the security/intelligence apparatus. That part is definitely willing and beneficial to both parties. Of course, they're going to make changes and issue statements to the contrary regarding PRISM, because that would lose them customers.
there are links on that page that point out multiple e-mails from the STRATFOR leaks and other files that point to Google being deeply embedded with the U.S. security apparatus.
True, they are rare. On another unrelated project I'm working together with Bill Binney, the cryptographer who wrote ThinThread at NSA. That's all I can currently say about it.
I see I haven't replied yet to your first point: here goes. Of course clearly an alternative has to be at least cryptographically secure. I fully agree with you on that. I'm not recommending something that isn't, and certainly am not recommending Telegram or Cryptocat.
An alternative needs to be as a bare minimum cryptographically secure. And then on top of that it would be very nice if there was federation, not tied to phone numbers and all the components being open source. Those last 3 points is where Signal fails currently. Federation is something that moxie tried, didn't work out, now he's basically not in favour of that, the phone number issue is of course well known, and the redphone server component is not open source.
Regarding qualifications: I spent years building secure technology (publication platforms, websites) for whistleblowers including Ed Snowden himself (I built his official website (https://edwardsnowden.com) for the Courage Foundation (his official defence fund) plus the tech behind it that supports it. This allows our editors to submit anonymously to the site through the Tor network.
I used cryptographic software as an end-user for many years, like GPG for instance, and agree that it's hard, and we need to train people to use correct security habits (infosec and opsec), to minimise exposure to hostile elements.
I've tought at cryptoparties and other events, I have spoken to many intelligence whistleblowers, some of which I consider to be close friends, and they've told me about some of the techniques used on the national intelligence agency level and how wrong use of crypto and general bad operational security practices can expose you. So while I'm not a trained cryptographer, and do not claim to be, I have extensive experience not only building secure software, but also, thanks to whistleblowers know about some of the ins and outs of the intelligence industry re crypto and surveillance.
Agree. I'm not a cryptographer and never claimed to be either. -- and I think it would be difficult to mistake me for a hipster. For one, I don't have that snazzy majestic beard.. Anyway, on to the point. :)
Yes, the phone number thing is a policy decision by the Signal people. As I write in my article, it's maybe marginally easier to get connected using phone numbers, but I may want to communicate via Signal with someone I don't want to give my phone number to. Handing out personal phone numbers on the willy nilly is not something I'm comfortable with. There's no reason why we couldn't have some other identifier, possibly easy to remember to connect us to via Signal. So this was a policy decision by the Signal people.
Federation is indeed hard to get right, but I think with proper versioning, and various teams keeping their software up-to-date and close to the reference paper/the Signal protocol, I see no reason why it cannot be overcome. For XMPP/Jabber it also works quite well.
Hi there! The Giphy thing is what set me off writing the blog post in the first place. Maybe I should've expanded a bit more on that in the article. As far as I can tell, the idea is that requests to the Giphy API gets proxied through Signal.
I don't see anything in moxie's blog post about whether this is optional. If it isn't and it's sending everything you type to the Giphy API then we have a whole new problem.
In the blogpost by moxie, there's the example of typing "Im excited", which then gets sent in multiple API requests to giphy (basically one of 'I', one of 'Im', one for 'Im+' etc.). Now, if this is an action you don't do explicitly (like pressing a button or something, to search for gifs), then it would basically send everything you type in order to continually search for gifs and then offer suggestions? It's not clear from the blogpost. I hope at least that this is not what moxie had in mind.
for the Android base framework. It has the checkSignatures() abstract definition and some other stuff that seems to be the API you talk about. Now this is all abstract, so some other party (maybe phone manufacturer, possibly others) must implement these methods to conform to the API. Could Google (or some other party) not just override the abstract implementation?
I find it hard to believe this is something only the phone manufacturer would have access to, not Google itself, given that Google has created the entire operating system basically, and is pulling more and more stuff from the AOSP into their proprietary apps (like Play services).
Hi, author here. I don't think LibreSignal or indeed Signal will ever be the dominant mobile messenger out there. There's simply a lot of inertia to fight against. It's the same reason why it's hard to convince e.g. Facebook friends to move to a different social network, why Google+ failed, etc. Whenever the social aspect gets involved, companies can very easily create lock-in by being early, and then the social aspect will prevent the majority of people from considering changing, because 'it works'.
I never said that LibreSignal will replace Signal, and frankly, LibreSignal itself is not the solution either. But maybe LibreSignal will be the catalyst to a better solution.
We all want to prevent people hanging from cranes, but crypto alone does not equal privacy, does not keep you safe, especially not in those countries, where rubber hose cryptanalysis (https://xkcd.com/538/) is much more common. In those dangerous situations/countries, good operational security practices are better to avoid detection/suspicion than using any 'magic' crypto messaging app.
Hi, author here. Yes, my point with that sentence was that the average (non-technical) user (to which Signal is marketed btw), is not going to check signatures. Google has root on the phone, the user is using their app store to install the Signal app that comes up in the store, and basically Google has full control over this, and the user would be none the wiser.
Of course, us more technical inclined people could then check the signature, or compare the apk with one built from the official sources, to see the difference and complain about it.
But between those things is a time frame where this is possible.