Greetings!
A friend of mine wants to be more secure and private in light of recent events in the USA.
They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.
But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! ✨
I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!
Thank you! ✨
I can’t speak about telegram, but signal is absolutely not secure to use. Its a US-based service (that must adhere to NSLs), and requires phone numbers (meaning your real identity in the US).
Matrix, XMPP, or SimpleX are all decentralized, and don’t require US hosting.
This gets shared a lot as a major concern for all services requiring a phone number. It is definitely true that by definition, a phone number is linked to a person’s identity, but in the case of signal, no other information can be derived from it. When the US government requests data for that phone number from Signal, like they occasionally do, the only information Signal provides them with is whether they do have a signal account and when they registered it last and when they last signed in. How is that truly problematic? For all other services which require a phone number, you would have much more information which is where it is truly problematic, say social graph, text messages, media, locations, devices etc. But none of that is accessible by Signal. So literally the only thing signal can say is whether the person has an account, that’s about it. What’s the big deal about it? Clearly the US government already has your phone number because they need it to make the request for Signal, but they gain absolutely no other information.
So if I understand it Signal has your phone number but only logs sign up date and last activity date. So yes they can say this person has Signal and last used it on date X. Other than that no information.
Matrix doesn’t require a phone number but has no standard on logging activity so it’s up to the server admin what they log, and they could retain ip address, what users are talking in what, rooms, etc. and E2EE is not required.
I think both have different approaches. I’m just trying to understand. On one hand you have centralized system that has a standard to minimize logs or decentralized system that must be configured to use E2EE and to remove logs.
They have your phone number (meaning your full identity, and even current address), and as the primary identifier, it means they have message timestamps and social graphs.
Its impossible to verify what code their server is running. Or that they delete their logs, because they say they do? You should never rely on someone saying “just trust us”. Truly secure systems have much harder verifiability tests to pass.
This entire article is guessing at hypothetical backdoors. Its like saying that AES is backdoored because the US government chose it as the standard defacto symmetrical encryption.
There is no proof that Signal has done anything nefarious at all.
There was also no proof that a ton of US companies were spying on their users, until the global surveillance disclosures. Crypto AG ran a honeypot that spied on communications between world leaders for > 40 years until it got exposed.
Right but Signal has been audited by various security firms throughout its lifetime, and each time they generally report back that this messenger has encryption locked down properly.
As an outsider, I mean isn’t that the same for news coverage for chinese/russian backdoors, but everyone believes it without any proof.
Why is US company being a US honeypot a big surprise, and its government recommending it not a big red flag? but it is when China recommends wechat? Can’t we be critical and suspicious of both authoritarian countries?
Do you have access to Signal servers to verify your claims by any chance? Afaik their servers are running modified codebase, and third party apps cannot use them. So how do you claim anything that goes behind closed doors at all? Genuinel curious.
Being critical is good, and we should always hold them accountable for our security. We can look to third party audits for help with that.
https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
That’s not how it works. The signal protocol is designed in a way that the server can’t have access to your message contents if the client encrypts them properly. You’re supposed to assume the server might be compromised at any time. The parts you actually need to verify for safe communication are:
Thank you for your post!
I want you to know your effort and knowledge is appreciated, this will help future readers make better decisions.✨
But the situation stands that my friend and their friends are not as technologically literate as we are, and I would rather have them on something easy and secured than unsecured at all, especially from my experience with getting communities to use such decentralized platforms you mentioned.
Matrix is no more difficult to sign up on than signal, and they don’t forward your information to the US government.
I am not uneducated in this matter, I run Matrix instances and have dabbled in development of tools around it.
Perhaps our experience is different, but I have had great difficulty in helping groups on the ground to use Matrix.
Regardless of our agreement that Matrix is better than Signal, it should not cloud our judgement in at least reducing the harm that is Telegram.
In the future we can keep joining hands to work towards a better future, but for now I hope you can understand my perspective and choice.
Matrix is centralized around Matrix.org or servers they run tho. Since the protocol is a big data/metadata sync by design & medium–large-sized servers are expensive to run, almost all of metadata is with Matrix.org—of which was originally funded my Israeli intelligence & I wouldn’t be surprised if they were getting data out of it to this day.
Further, they’re hosted in Germany, so they must still follow German law and court requests.
How is setting up e2e on matrix these days?
On by default, and just works.
SimpleX is taking a lot of venture capital money which makes it just slightly suspect, imho. Those guys usually want a return of some kind on their investment. I simply don’t trust the motives of technocrats like Jack Dorsey.
The Matrix Foundation, on the other hand, seems a lot more democratic in governance and stewardship of the protocol.
Good projects require money. And SimpleX is still way better than Signal and Telegram, so imo it’s worth supporting and using
As you say yourself (cryptocraphic nerd here):
So a shame there are no free servers, are the server soft not open source, only the signal app itself?
The server is supposedly open source, but they did anger the open source community a few years back, by going a whole year without posting any code updates. Either way that’s not reliable, because signal isn’t self-hostable, so you have no idea what code the server is running. Never rely on someone saying “just trust us.”
I have read that it is self hostable (but I haven’t digged into it) but as it’s not a federating service so not better than other alternative out there.
Also read that the keys are stored locally but also somehow stored in the cloud (??), which makes it all completely worthless if it is true.
That said, the three letter agencies can probably get in any android/apple phones if they want to, like I’m not forgetting the oh so convenient “bug” heartbleed…
Reding the link now " The reason the US government hasn’t tried to block or hinder Signal, is because it’s satisfied with the amount of information Signal can provide to it." Well the metadata of who is contacting who can be acquired by other means. CIA also like to have secure tools. Just like you can argue the CIA connection in the TOR case . It doesn’t mean backdoors and so on.
Centralisation argument sure, but that issue will always be there at some level, even for matrix.
Phonenumber discovarability argument is no longer correct as it is possible to use signal and not disclosing it to contacts, but yes still to signal.
I have a signal account with a fake number so that is an option as well, if even more work than matrix process.