|
Content:
Just like WhatsApp, Signal is de facto a closed system, also uses only phone numbers for registration, uses the same encryption, and is also headquartered in the United States of America (USA). Co-founder Matthew Rosenfeld (a.k.a. “Moxie Marlinspike”) resigned as CEO (external) in January 2022 and is (as of 03/2023) only still on the board. Current CEO at Signal is his former WhatsApp co-founder Brian Acton.
At this point extra again the hint: If a wrong or outdated information is found, please let me know! >> Contact <<
Hash values from phone numbers are not a security feature, because phone numbers can be determined from the hash values without any problems (keyword “rainbow table” (external)). Signal also sends a registration SMS to each individual user. In plain text, the number may not be transmitted to Signal, that may be true - but at the latest during registration, it is known and thus they know every number of all users. Even internal phone numbers or secret numbers of companies, authorities and organizations with security tasks (BOS) or women’s shelters that use Signal. This is all fine - of course not!
Signal assures you that the hash values of the telephone numbers are stored on a separate server area. Why? It means that they do not offer any additional security but are just as worthy of protection as the corresponding telephone numbers. Quite apart from that, it doesn’t matter where the hash values (= phone numbers) are stored at Signal - they are stored.
In addition, Signal also accesses the user’s entire phone book and you can see who in your own environment is using Signal. So you can’t just select individual users with whom you want to communicate via Signal and you can’t keep your own access private.
The name has been changed from “MobileCoin” to now “Sentz” (external) (the original Internet address “mobilecoin.com” is automatically redirected to the new address “sentz.com”).
Critical voices and reactions to Signal Payments:
Here is some interesting information on cost structure:
We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.
Source: https://signal.org/blog/signal-is-expensive (external)
At the end of 2023, the cost breakdown for operating a large messaging platform at Signal was as follows:
… and that’s just the cost of the infrastructure. You have to add all the associated costs of running an organization with more than 50 employees.
Source: process-one.net (external)
One can easily take Signal from the Aurora Store or download it directly as APK from the Signal website (external), which then runs quite smoothly on google-free devices.
Alternatively, you can also use Signal forks like Langis, Molly (external) and Signal FOSS (external) via an additional F-Droid repo. Replicas/forks are prohibited from using Signal servers according to Mr. Rosenfeld (Moxie), but perhaps Signal has not yet established a system that actively detects and blocks this. With each fork, there is also the question of whether and how the code for the cryptocurrency was taken out and whether Signal then still allows client access to the quasi-proprietary servers.
Signal itself does not want the original app to be made available via F-Droid.
Source: Github (external)
It seems that Signal has the ability to recognize “outdated” clients (or replicas of the app) and then reject communication with them if necessary. This is indicated by an error code in the command line tool “signal-cli”:
Error while checking account +XXXXXXXXXXX: StatusCode: 499 org.whispersystems.signalservice.api.push.exceptions.DeprecatedVersionException: StatusCode: 499
Sending and receiving messages with signal-cli also seems to throw a “DeprecatedVersionException” (as of 2022-10-05, 21:59 UTC). This exception seems to be intended to disable obsolete clients.
Source: https://github.com/AsamK/signal-cli/issues/1022 (external; 20.12.2022)
Signal has always been hailed as the security-conscious alternative to WhatsApp and co. because it’s open source. But the company got “caught” in the fact that the server code that was in use didn’t match the public code for almost a year. Here are the published versions of the server code until (as of) 07/14/2021 from which it can be seen that even in the past many versions (external) were repeatedly not published:
The reason will be the integration of the cryptocurrency (MobileCoin), which is already completely (pre)mined.
But:
Notes on the license (“AGPL”):
The license applies only to anyone who ever uses signal code published under this license. The original authors of the code may change the license at any time. Licenses are generally only the terms of use for everyone else who does not hold the copyright or relevant usage rights to the code itself. See also Contributor License Agreement (CLA) (external). Also unreleased software (in this case parts of the server software that have an update) is their property. Presumably that’s why there are no allowed merge requests from others on GitHub.
Report:
https://androidpolice.com/2021/04/06/it-looks-like-signal-isnt-as-open-source-as-you-thought-it-was-anymore/ (external; English)
Mr. Rosenfeld (“Moxie”) has called OpenSignal a “product” and forbidden them to address the official Signal servers or have anything with Signal in the name:
I’m not OK with LibreSignal using our servers, and I’m not OK with LibreSignal using the name “Signal.” You’re free to use our source code for whatever you would like under the terms of the license, but you’re not entitled to use our name or the service that we run.
If you think running servers is difficult and expensive (you’re right), ask yourself why you feel entitled for us to run them for your product.
In response to the question about the federation of servers:
It is unlikely that we will ever federate with any servers outside of our control again, it makes changes really difficult.
Source: https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165 (external; Englisch; 05.05.2016)
Encryption includes authentication, because without authentication the best encryption is useless. But Signal has (apparently) a weak one:
_“… Unfortunately, Signal’s default authentication scheme is weak. It is arguably worse than X.509’s CA system as used on the web, which is notoriously bad. It relies on a single CA, which is controlled by Signal who also controls the messaging infrastructure. This places Signal in an optimal position to perform a machine-in-the-middle attack on their users like the one described in GCHQ’s Ghost proposal. But, Signal has rightfully earned a trustworthy reputation. …”
Source: sequioa-pgp.org (external; Englisch)
I understand that PGP and authentication are great and important ideas, but unfortunately they no longer have a place in the modern world. Moxie Marlinspike
Source: searched
Signal has technical ability to compromise e2e encryption via a simple man-in-the-middle attack, as all key exchanges are vendor-mediated. While Signal offers security code verification, it’s optional and still requires an out-of-band channel that is trusted not to replace messages (one of the points of criticism of SimpleX), and it is not presented prominently in Signal app when security code changes. Experts’ view that a small share of users using this feature protect all users is misleading, as it only protects against large-scale attacks when all (or a substantial share of) the users would be compromised, but it offers a poor mitigation against targeted attacks - users have to be diligent in re-verifying security code every time it changes, and in some cases it may be very difficult to find a reliable out-of-band channel. Therefore I would argue that Signal cannot be used as a platform for mission-critical secure communications, because Signal servers can trigger keys renegotiation at any point, and that would require out-of-band security code verification to confirm that it is caused by contact’s device change and not a compromise - affected users cannot confirm it in Signal conversation, because once security code changed users no longer have proof of who they are communicating with.
Source: reddit.com (external)
Next time someone asks for “encrypted database because Signal” do give them…
iOS: https://blog.elcomsoft.com/2019/08/how-to-extract-and-decrypt-signal-conversation-history-from-the-iphone/ (external) Android: https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/ (external)
There is a cross-platform decryption and export utility for Signal Desktop: https://github.com/aaronsdevera/sigkill (external) A description is available at Github (external; PDF).
Also the “secure value recovery (SVR)” this is in the criticism: blog.cryptographyengineering.com
Signal has implemented this type of encryption. From their documentation:
This document describes the “PQXDH” (or “Post-Quantum Extended Diffie-Hellman”) key agreement protocol. PQXDH establishes a shared secret key between two parties who mutually authenticate each other based on public keys. PQXDH provides post-quantum forward secrecy and a form of cryptographic deniability but still relies on the hardness of the discrete log problem for mutual authentication in this revision of the protocol. …
Source: signal.org (external)
here are no German terms of use and no German privacy policy. Do the English version have legal validity in Germany? Regardless, Signal writes in the introductory words to the GDPR (external):
In Signal messages and calls cannot be viewed by us, or by third parties, as they are always end-to-end encrypted, private to us secure.
“are secure to us” is not a typo on my part - it’s not content that’s interesting here, but the metadata that accumulates (security =/= privacy).
And in the “Terms of Service” of the further:
Additional technical information is stored on our servers, including randomly generated authentication tokens, keys, push tokens, and other material that is necessary to establish calls and transmit messages.
… which keys are actually stored there?
In the “Privacy Policy” it is explicitly (but unnecessarily) pointed out that the phone number, the profile name and the profile picture are of course always end-to-end encrypted - but what was that again with the metadata in central systems?!
Apparently Google automatically gets that you use Signal:
PING contentproxy.signal.org (107.178.250.75) = Google
Sieht man auch gut so:
$ host contentproxy.signal.org
contentproxy.signal.org has address 107.178.250.75
$ host 107.178.250.75
75.250.178.107.in-addr.arpa domain name pointer 75.250.178.107.bc.googleusercontent.com.
Why Signal is running on Amazon servers (AWS) -but this part is on Google- is not readily apparent. Perhaps they don’t want AWS to be able to access and correlate all access data, or perhaps the “traffic data” and the “metadata” are not supposed to be with the same service provider and separate from each other?
At least https://signal.org/blog/looking-back-on-the-front/ (external) explains why they don’t use their own Signal servers.
The security model with regard to metadata can be shortened to “trust the central operator”, because “the ecosystem is moving” …
From Moxie (co-founder and CEO), building on an execution from 2016, there is a talk from 12/28/2019 with the topic “the ecosystem is moving” at the Chaos Computer Club (“CCC”). Here, advantages/disadvantages of centralized and decentralized systems are discussed. Of course, Signal is touted here as the solution.
However, the argumentation of Signal’s CEO for his product is controversial and often overrated. Many arguments listed there are true, but the “value of freedom” is ignored. In the end, (many) are not only concerned with technical security, but rather with future security.
Here are various sources/information on “The ecosystem is moving” (all English):
10.05.2016: Article Matthew Rosenfeld (alias Moxie Marlinspike) (external)
30.11.2016: Objections Daniel Gultsch (external)
28.12.2019: Lecture Matthew Rosenfeld (alias Moxie Marlinspike) (external)
The talk can be found In Youtube (external) too.
Dec 29, 2019: Reason Matthew Rosenfeld (aka Moxie Marlinspike) for taking the video offline:
I had asked for it not to be recorded (which is what I’ve been doing with talks for the past 5yrs or so). Seems like there was some confusion, and it was recorded/published, then removed. … I just prefer to present something as part of a conversation that’s happening in a place, rather than a webinar that I’m broadcasting forever to the world. I have less faith in the internet as a place where a conversation can happen, and the timelessness of it decontextualizes.
Quelle: https://nitter.net/moxie/status/1211443530335281153 (extern)
29.12.2019: Opinion from Jabber(XMPP) (external)
02.01.2020: Opinion from Matrix (external)
HOWEVER: all of this completely ignores one critical thing - the value of freedom. Freedom to select which server to use. Freedom to run your own server (perhaps invisibly in your app, in a P2P world). Freedom to pick which country your server runs in. Freedom to select how much metadata and history to keep. Freedom to choose which apps to use - while still having the freedom to talk to anyone you like (without them necessarily installing yet another app). Freedom to connect your own functionality - bots, bridges, integrations etc. Freedom to select which identifiers (if any) to use to register your account. Freedom to extend the protocol. Freedom to write your own client, or build whole new as-yet-unimagined systems on top.
It’s true that if you’re writing a messaging app optimised for privacy at any cost, Moxie’s approach is one way to do it. However, this ends up being a perversely closed world - a closed network, where unofficial clients are banned, with no platform to build on, no open standards, and you end up thoroughly putting all your eggs in one basket, trusting past, present & future Signal to retain its values, stay up and somehow dodge compromise & censorship… despite probably being the single highest value attack target on the ‘net.
Quite simply, that isn’t a world I want to live in.
We owe the entire success of the Internet (let alone the Web) to openness, interoperability and decentralisation. To declare that openness, interoperability and decentralisation is ‘too hard’ and not worth the effort when building a messaging solution is to throw away all the potential of the vibrancy, creativity and innovation that comes from an open network. Sure, you may end up with a super-private messaging app - but one that starts to smell alarmingly like a walled garden like Facebook’s Internet.org initiative, or an AOL keyword, or Google’s AMP.
So, we continue to gladly take up Moxie’s challenge to prove him wrong - to show that it’s both possible and imperative to create an open decentralised messaging platform which (if you use reputable apps and servers) can be as secure and metadata-protecting as Signal… and indeed more so, given you can run your server off the grid, and don’t need to register with a phone number, and in future may not even need a server at all.
Here are the headlines from a lengthy commentary “7 valid reasons why you should never trust Signal over the air, either“
Source: Comment in Heise-Forum (external)
Tip: For the registration at Signal it is not necessary to enter your actually used mobile number. You can use an extra SIM card with a different mobile number - or an unused landline number (also works with the phone number of a public phone booth!). In this case, the confirmation SMS with the verification code is read out over the phone.
Sources: netzwelt.de (external) / vice.com (external; English)
Source: https://webbkoll.dataskydd.net/de/results?url=http%3A%2F%2Fsignal.org (external)
Signal as a messenger is certainly “safe” - however, one is dependent on a single provider.