Just like WhatsApp, Signal is de facto a closed system, also uses only phone numbers for registration, uses the same encryption, and is also headquartered in the United States of America (USA). Co-founder Matthew Rosenfeld (a.k.a. “Moxie Marlinspike”) resigned as CEO (external) in January 2022 and is (as of 03/2023) only still on the board. Current CEO at Signal is his former WhatsApp co-founder Brian Acton.
At this point extra again the hint: If a wrong or outdated information is found, please let me know! >> Contact <<
Hash values from phone numbers are not a security feature, because phone numbers can be determined from the hash values without any problems (keyword “rainbow table” (external)). Signal also sends a registration SMS to each individual user. In plain text, the number may not be transmitted to Signal, that may be true - but at the latest during registration, it is known and thus they know every number of all users. Even internal phone numbers or secret numbers of companies, authorities and organizations with security tasks (BOS) or women’s shelters that use Signal. This is all fine - of course not!
Tip: For the registration at Signal it is not necessary to enter your actually used mobile number. You can use an extra SIM card with a different mobile number - or an unused landline number (also works with the phone number of a public phone booth!). In this case, the confirmation SMS with the verification code is read out over the phone.
Critical voices and reactions to Signal Payments:
One can easily take Signal from the Aurora Store or download it directly as APK from the Signal website (external), which then runs quite smoothly on google-free devices.
Alternatively, you can also use Signal forks like Langis, Molly (external) and Signal FOSS (external) via an additional F-Droid repo. Replicas/forks are prohibited from using Signal servers according to Mr. Rosenfeld (Moxie), but perhaps Signal has not yet established a system that actively detects and blocks this. With each fork, there is also the question of whether and how the code for the cryptocurrency was taken out and whether Signal then still allows client access to the quasi-proprietary servers.
Signal itself does not want the original app to be made available via F-Droid.
Source: Github (external)
Signal has always been hailed as the security-conscious alternative to WhatsApp and co. because it’s open source. But the company got “caught” in the fact that the server code that was in use didn’t match the public code for almost a year. Here are the published versions of the server code until (as of) 07/14/2021 from which it can be seen that even in the past many versions (external) were repeatedly not published:
The reason will be the integration of the cryptocurrency (MobileCoin), which is already completely (pre)mined.
Notes on the license (“AGPL”):
https://androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/ (external; English)
Mr. Rosenfeld (“Moxie”) has called OpenSignal a “product” and forbidden them to address the official Signal servers or have anything with Signal in the name:
I’m not OK with LibreSignal using our servers, and I’m not OK with LibreSignal using the name “Signal.” You’re free to use our source code for whatever you would like under the terms of the license, but you’re not entitled to use our name or the service that we run.
If you think running servers is difficult and expensive (you’re right), ask yourself why you feel entitled for us to run them for your product.
In response to the question about the federation of servers:
It is unlikely that we will ever federate with any servers outside of our control again, it makes changes really difficult.
Source: https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165 (external; Englisch; 05.05.2016)
Encryption includes authentication, because without authentication the best encryption is useless. But Signal has (apparently) a weak one:
_“… Unfortunately, Signal’s default authentication scheme is weak. It is arguably worse than X.509’s CA system as used on the web, which is notoriously bad. It relies on a single CA, which is controlled by Signal who also controls the messaging infrastructure. This places Signal in an optimal position to perform a machine-in-the-middle attack on their users like the one described in GCHQ’s Ghost proposal. But, Signal has rightfully earned a trustworthy reputation. …”
Source: sequioa-pgp.org (external; Englisch)
I understand that PGP and authentication are great and important ideas, but unfortunately they no longer have a place in the modern world. Moxie Marlinspike
Signal has technical ability to compromise e2e encryption via a simple man-in-the-middle attack, as all key exchanges are vendor-mediated. While Signal offers security code verification, it’s optional and still requires an out-of-band channel that is trusted not to replace messages (one of the points of criticism of SimpleX), and it is not presented prominently in Signal app when security code changes. Experts’ view that a small share of users using this feature protect all users is misleading, as it only protects against large-scale attacks when all (or a substantial share of) the users would be compromised, but it offers a poor mitigation against targeted attacks - users have to be diligent in re-verifying security code every time it changes, and in some cases it may be very difficult to find a reliable out-of-band channel. Therefore I would argue that Signal cannot be used as a platform for mission-critical secure communications, because Signal servers can trigger keys renegotiation at any point, and that would require out-of-band security code verification to confirm that it is caused by contact’s device change and not a compromise - affected users cannot confirm it in Signal conversation, because once security code changed users no longer have proof of who they are communicating with.
Source: reddit.com (external)
Next time someone asks for “encrypted database because Signal” do give them…
iOS: https://blog.elcomsoft.com/2019/08/how-to-extract-and-decrypt-signal-conversation-history-from-the-iphone/ (external) Android: https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ (external)
Secure data recovery
Also the “secure value recovery (SVR)” this is in the criticism: blog.cryptographyengineering.com
In Signal messages and calls cannot be viewed by us, or by third parties, as they are always end-to-end encrypted, private to us secure.
“are secure to us” is not a typo on my part - it’s not content that’s interesting here, but the metadata that accumulates (security =/= privacy).
And in the “Terms of Service” of the further:
Additional technical information is stored on our servers, including randomly generated authentication tokens, keys, push tokens, and other material that is necessary to establish calls and transmit messages.
… which keys are actually stored there?
Apparently Google automatically gets that you use Signal:
PING contentproxy.signal.org (188.8.131.52) = Google
Sieht man auch gut so:
$ host contentproxy.signal.org
contentproxy.signal.org has address 184.108.40.206
$ host 220.127.116.11
18.104.22.168.in-addr.arpa domain name pointer 22.214.171.124.bc.googleusercontent.com.
Warum Signal auf Amazon Servern (AWS) läuft -dieser Part aber bei Google- erschließt sich nicht so ohne Weiteres. Vielleicht wollen sie nicht, dass AWS alle Zugriffsdaten abgreifen und korrelieren kann oder vielleicht sollen die “Verkehrsdaten” und die “Metadaten” nicht beim selben Dienstleister und getrennt voneinander sein?
Bei https://signal.org/blog/looking-back-on-the-front/ (extern) wird zumindest erklärt, warum keine eigenen Signal Server genutzt werden.
Das Sicherheitsmodell in Bezug auf Metadaten läßt sich verkürzt mit „vertraue dem zentralen Betreiber“ beschreiben, denn „The ecosystem is moving“ …
From Moxie (co-founder and CEO), building on an execution from 2016, there is a talk from 12/28/2019 with the topic “the ecosystem is moving” at the Chaos Computer Club (“CCC”). Here, advantages/disadvantages of centralized and decentralized systems are discussed. Of course, Signal is touted here as the solution.
However, the argumentation of Signal’s CEO for his product is controversial and often overrated. Many arguments listed there are true, but the “value of freedom” is ignored. In the end, (many) are not only concerned with technical security, but rather with future security.
Here are various sources/information on “The ecosystem is moving” (all English):
10.05.2016: Article Matthew Rosenfeld (alias Moxie Marlinspike) (external)
30.11.2016: Objections Daniel Gultsch (external)
28.12.2019: Lecture Matthew Rosenfeld (alias Moxie Marlinspike) (external; deleted)
Note: The talk is also no longer available at berlin-ak.ftp.media.ccc.de (external; deleted) - it can currently nevertheless be found In Youtube (external).
Dec 29, 2019: Reason Matthew Rosenfeld (aka Moxie Marlinspike) for taking the video offline:
I had asked for it not to be recorded (which is what I’ve been doing with talks for the past 5yrs or so). Seems like there was some confusion, and it was recorded/published, then removed. … I just prefer to present something as part of a conversation that’s happening in a place, rather than a webinar that I’m broadcasting forever to the world. I have less faith in the internet as a place where a conversation can happen, and the timelessness of it decontextualizes.
Quelle: https://nitter.net/moxie/status/1211443530335281153 (extern)
29.12.2019: Opinion from Jabber(XMPP) (external)
02.01.2020: Opinion from Matrix (external)
HOWEVER: all of this completely ignores one critical thing - the value of freedom. Freedom to select which server to use. Freedom to run your own server (perhaps invisibly in your app, in a P2P world). Freedom to pick which country your server runs in. Freedom to select how much metadata and history to keep. Freedom to choose which apps to use - while still having the freedom to talk to anyone you like (without them necessarily installing yet another app). Freedom to connect your own functionality - bots, bridges, integrations etc. Freedom to select which identifiers (if any) to use to register your account. Freedom to extend the protocol. Freedom to write your own client, or build whole new as-yet-unimagined systems on top.
It’s true that if you’re writing a messaging app optimised for privacy at any cost, Moxie’s approach is one way to do it. However, this ends up being a perversely closed world - a closed network, where unofficial clients are banned, with no platform to build on, no open standards, and you end up thoroughly putting all your eggs in one basket, trusting past, present & future Signal to retain its values, stay up and somehow dodge compromise & censorship… despite probably being the single highest value attack target on the ‘net.
Quite simply, that isn’t a world I want to live in.
We owe the entire success of the Internet (let alone the Web) to openness, interoperability and decentralisation. To declare that openness, interoperability and decentralisation is ‘too hard’ and not worth the effort when building a messaging solution is to throw away all the potential of the vibrancy, creativity and innovation that comes from an open network. Sure, you may end up with a super-private messaging app - but one that starts to smell alarmingly like a walled garden like Facebook’s Internet.org initiative, or an AOL keyword, or Google’s AMP.
So, we continue to gladly take up Moxie’s challenge to prove him wrong - to show that it’s both possible and imperative to create an open decentralised messaging platform which (if you use reputable apps and servers) can be as secure and metadata-protecting as Signal… and indeed more so, given you can run your server off the grid, and don’t need to register with a phone number, and in future may not even need a server at all.
Here are the headlines from a lengthy commentary “7 valid reasons why you should never trust Signal over the air, either“
Source: Comment in Heise-Forum (external)
Source: https://webbkoll.dataskydd.net/de/results?url=http%3A%2F%2Fsignal.org (external)
Signal as a messenger is certainly “safe” - however, one is dependent on a single provider.