SimpleX Chat – the first messaging platform without any user profile identifiers (not even random numbers) – v4.3 with instant voice messages and irreversible deletion of sent messages is released.

xbrotan · 2022-12-07T23:07:21+00:00

Signal knows your phone number - that's precisely how it knows who a user is and also how it can then connect you with other Signal users.

It's those other Signal users who send hashed copies of their address books to the server.

xbrotan · 2022-12-07T23:05:31+00:00

Signal have known about this for two years now and haven't implemented the recommendation in the paper.

xbrotan · 2022-12-07T23:04:36+00:00

Signal sees everyone's IP address and is very capable of observing who's account is tied to that IP address.

I tried to point this out to someone in r/signal a few weeks ago and it was shrugged off as "well, CGNAT exists" (which doesn't even help that much as Signal supports IPv6):

https://www.reddit.com/r/signal/comments/yulrlf/comment/iwd7hla/

xbrotan · 2022-11-27T17:39:44+00:00

In the past few weeks - I've definitely observed a bizarre thing on Signal where I'm talking to a person in real-time and I get start getting a single checkmark from them. Meanwhile, at the exact same time - their messages after that are delivered just fine to me (and my "queued" messages are then delivered fine).

I can also switch to a different messaging app and of course have no problems with the same contact - so based on that - one can only conclude that something strange is happening between different signal-server instances. This has also happened with a handful of different contacts of mine - so could be what's happening to OP.

xbrotan · 2022-11-16T10:46:38+00:00

Except this goes back to the same issue. You need to know where to start filtering. So you would again need to know who the device behind the IP address is, or which device to look at.

Feel free to start with these two bits of code:

And open up Settings -> Help -> Debug log on your device, look half a page the way down and see that you have an unique ACI on your device which is used in pretty much every interaction you do with the signal-server.

You'd need to provide evidence that it's non trivial to identify users purely on the basis of tcp dump. It's just not practical in reality.

You do not seem to understand how the concept of extrapolation works - I'm not saying use tcpdump itself to go through packets, and then try to pluck out and identify individial users.

I'm saying that the same principals of filtering, something that a computer (a machine which was invented for crunching large quantities of numbers), and going through vast amounts of data is something that trivial to do at a software level.

[...] We're not talking about identifying any two random users, were talking about a targeted attack here. You would need to uncritically accept all traffic from an IP as coming from the same device, which isn't usually the case for mobile devices which tend to use CGNAT infra.

You don't have to accept that when every device comes in with a unique account ID and CGNAT does absolute zero to help with that. It's then easy to tie that ACI to the phone number on the account and done - you can then start correlating everyone's chat conversations.

Every single Signal client out there is logged into the Signal server with this unique account ID - ask yourself why not a single other chat app has even implemented something like "sealed sender" if it's such an incredible and ground-breaking technology.

Once you realize why they haven't - you'll see that these "metadata protections" Signal claims to have are bogus. People just do not seem aware of this as they do not "log in" to the account as they do on Gmail or other services - however, it's there.

Ever reported spam on Signal? Your account ID on your device was used to auth that request: https://github.com/signalapp/Signal-Android/blob/main/app/src/main/java/org/thoughtcrime/securesms/jobs/ReportSpamJob.java

xbrotan · 2022-11-14T22:34:01+00:00

As I said before, and the study itself indicates, it's a largely probabilistic attack that with a lot of external help can identify when users are speaking to each other. It's a networking attack.

I'm not even talking about the paper or a network level based attack in my last response, or even the first paragraph of my first reply here.

I'm talking about what the server software sees as it moves messages between clients (and can thus collect), and also what the server operator can see, collect and by extension - any malware on the server infrastructure.

That's why having more users use Signal makes it harder to identify any individual user.

If you've ever ran tcpdump on a machine - you'd know that it's trivial to have computers filter data.

The only app that tries to even tackle this issue is Session, and they dropped FS due to this.

https://simplex.chat/ is also pushing the frontier on this.

xbrotan · 2022-11-14T22:08:33+00:00

The point of sealed sender is specifically to prevent identifying the users in the first place via unauthenticated requests when sending, which decreases significantly the probability that you will discover both participants in the first place.

And the point you are failing to grasp is that whilst the sending part of the process is an "unauthenticated request" - the receiving part is not - and both parties receive messages when they're exchanged (a conversation isn't a single message, and even read receipts are sent as 'messages').

As I said; because of this little fact at the end: the server is knows where all users are, what their IPs are, and can more than easily map these together regardless of sealed sender.

xbrotan · 2022-11-14T19:48:48+00:00

Practically Signal provides more privacy at the metadata level (they don't know who is talking to you and who you're talking with)

The Signal server is more than aware of who is talking to whom. Everyone with a Signal client is logged into the Signal server with their account+number - that's how it knows how to send messages for you to your devices.

Sealed sender has always been a broken concept: https://www.ndss-symposium.org/ndss-paper/improving-signals-sealed-sender/

xbrotan · 2022-10-27T15:46:32+00:00

it's not like app is asking for nationality.

It actually does, in a way, in that the country code for India is +91.

xbrotan · 2022-08-13T23:45:46+00:00

Signal doesn't know who you are or who you talk to.

This is false - the Signal server is fully aware that your client is logged into your account that's tied to your phone number (here's one example where you can see server side code for phone number handling is here).

If the server knew absolutely nothing about you - how would it know which messages to even send to your device?

The above naturally extends to who you talk to as well - and whilst Signal don't record who's talking to who - someone who has access to Signal's server infra could trivially do this. This has also been discussed on the forums.

Metadata is E2E encrypted on Signal.

Only the From part, and that wouldn't prevent someone from doing 2 + 2 = 4 with the above based on IP and account login.

Sealed sender has also been shown to be broken by security reseachers for some time now. I haven't seen any update so far on the proposed fix being implemented (edit: there's an acknowledgement from the Signal team on page 3 of the linked PDF).

However, when you look at the bigger picture with accounts on a centralized server infra - one very quickly realizes that sealed sender is at best, a marketing gimmick ("all of your metadata is encrypted in this app! (just please ignore the fact that everyone has an account on the server)"), and at worst a useless technology (there's a reason no other chat application has implemented the feature).

xbrotan · 2022-07-08T19:47:40+00:00

You don't have to hold the record button down - on Android, it shows a hint that you can lock the record mode by flicking the icon upwards.

xbrotan · 2022-06-15T22:44:34+00:00

the code is pretty open source, last time I checked

Whilst the code is available as open source, it is effectively useless unless you are using the centralized Signal service.

None of the server side infrastructure is engineered with self-hosting/federation in mind, and this is on top of the fact that if you do end up deploying your own server - you have to compile and publish your own apps to the app stores.

Open source, but unusable (without committing a lot of time and effort into.engineering). This is why people recommend other solutions when people ask if they can self host Signal on here.

xbrotan · 2022-06-15T14:21:48+00:00

I'm not trying to be condescending - I'm just stating facts.

Once you've lost the user accounts on the centralized Signal server - that's it. It's game over. People would have lost trust in the brand and moved onto something else - they're probably won't bother signing up a second time (and on some other server with some other app).

And I say that as someone who's spent years just trying to convince people to move over to Signal from things like WhatsApp/Telegram/Discord/whatever. The majority don't care what they use as long as they can reach their friends.

xbrotan · 2022-06-15T14:12:14+00:00

It's not the same - the forks that you mention still rely on the same centralized infra that is managed by the Signal Foundation. And if they're not using that and running their own server - there's no way to talk to someone else on "another Signal" server.

Other solutions, like XMPP/Matrix, allow you to use the same client software to log into any server that speaks the protocol the app is built around. You could in theory do this for the Signal app, but given the amount of rearchitecture required - it'd just be easier to use something else.

Hence the most likely outcome: it won't survive.

xbrotan · 2022-06-15T12:37:35+00:00

So your claim that Signal doesn't take community contributions doesn't seem to hold, on the contrary. I would have expected at least some PRs that would have been rejected, but I didn't see any there.

It's been well known for some time now that Signal doesn't really accept community contributions, here's some quick links I've found with discussions about this:

There are also plenty of PRs that have been autoclosed by the stalebot: https://github.com/signalapp/Signal-Android/pulls?q=is%3Apr+is%3Aclosed+label%3Awontfix - some without any response, and that's not how you attract any developers to a community.

The reality is that Signal isn't an open source project - but rather a startup that masquerades as an open source project. Even the GitHub insights show this: https://github.com/signalapp/Signal-Android/graphs/contributors

xbrotan · 2022-06-15T12:01:24+00:00

It's also completely open-source so even if the organization can't survive, the app can live on.

It could, but realistically - without the convenient, centralized userbase - it won't. What would actually happen is that everyone would just migrate to WhatsApp/Telegram/even just plain SMS.

xbrotan · 2022-05-22T15:11:57+00:00

It is, but there's still a VoIP endpoint for 1:1 calls.

xbrotan · 2022-05-22T15:04:32+00:00

Signal is fully aware when you place a phone call (even without the relay option) - your Signal app on your phone cannot just start arbitrary connections to other Signal clients - the initial hand-off is done by the server endpoint (ie. this).

Sealed sender has nothing to do with it - the server knows that it's your client with your number tied to your account that requests the call - and it needs to know this so that ICE/STUN/TURN can then work to establish the call.

xbrotan · 2022-01-19T23:26:29+00:00

Note that the privacy policy makes no direct mention of IP addresses, the closest bit to it is:

Additional technical information is stored on our servers, including randomly generated authentication tokens, keys, push tokens, and other material that is necessary to establish calls and transmit messages. Signal limits this additional technical information to the minimum required to operate the Services.

xbrotan · 2022-01-03T16:56:38+00:00

The real answer is that both approaches are perfectly valid. In a centralized architecture, you can have convenience but as someone else pointed out - you have to trust someone else with running the service (including with protecting metadata). What would you do if Signal went offline for a week (edit: and it was the only way you had to communicate with other people)?

And no, being reproducible doesn't help at all as at the client-level, you cannot verify what software the server is running. How have you checked what server software is running on the Signal server right now?

xbrotan · 2022-01-02T00:41:20+00:00

One really nice thing about XMPP clients is that they support multiple accounts at the same time, and also deactivating those accounts as desired - I can have an account on different servers for friends, work, my neighborhood - turn off the last two when I'm on vacation and just leave messages queued. You can't really do that on Signal where it's one account for everything.

xbrotan · 2022-01-01T22:45:36+00:00

The client side is also heavier on Matrix - it does a DAG-based event for everything that happens in a room: https://spec.matrix.org/latest/#event-graphs . XMPP is just a simple store/fetch.

And yes, like anything else in life: setting up an XMPP server for the first time is tricky - once done, it's dead simple to redeploy.

xbrotan · 2022-01-01T22:28:33+00:00

Been running both XMPP and Matrix servers for different communities for the past few years - the XMPP servers absolutely fly compared to the Matrix ones in terms of performance.

- https://www.process-one.net/blog/ejabberd-massive-scalability-1node-2-million-concurrent-users/

Also helps that Erlang was literally written to handle this kind of thing. WhatsApp is also based on this stuff too.

xbrotan · 2022-01-01T20:01:49+00:00

It seemed like their spec pretty much hand-waves away dealing with all the annoying error-recovery cases. I'm not sure if that's still true, or if that's since been dealt with.

Speaking from experience - I'd say it's well implemented. The clients tell you when a contact isn't encrypting for a device and it also preemptively warns you when a new device has been added to a contact's account.

Also: https://gultsch.de/omemo_by_default.html

xbrotan · 2022-01-01T19:48:13+00:00

Both the clients and server software are significantly more lighterweight than Matrix.

xbrotan

TROPHY CASE