cypherpunks

cypherpunks, 6 months ago

“Yeah, well, you know, that’s just, like, your opinion, man.” lebowski meme

an opinion millions of people disagree with :)

could i ask your approximate age? and/or if you remember approximately what year you first saw this comic?

i would guess that someone who doesn’t find this comic funny, not to mention historically important, must not be old enough to remember the time when most people hadn’t been online yet.

if you’re curious, read the two links in this post. i think they answer your question.

cypherpunks, 6 months ago

Did you read my other comment which is linked to from the one you’re replying to?

The parts of this reply that are in italics are direct quotes from it.

First, we have to assume a worst case scenario, where Signal not only logs all IP addresses (despite what multiple court cases have shown us), but that they do it both secretly and intentionally in order to store that data. Your theory already requires serious collusion between that company and the government, with no whistleblowers.

No, you don’t need to assume that Signal does anything. As I said, Signal says that they don’t retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that. But someone with the right access at Signal’s ISP (Amazon) and anybody who can coerce, compel, or otherwise compromise those people (or their computers) can log it without Signal’s cooperation or knowledge.

And if that was the case, they wouldn’t want Sealed Sender actually functioning. So we also have to buy into an additional conspiracy that they added it as a red herring. What does your theory say about this: did they know they could work around it, or is it secretly flawed?

I think sealed sender does what it says it does, which is let you send messages without explicitly telling the server who the message is from. But that doesn’t change the fact that you’re connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive, so, the identity of the sender can be easily inferred if the server (or its operator) wants to correlate the information available to it.

Sealed sender only makes sense if the server is honest and doesn’t link the ‘anonymous’ sender with the non-anonymous receiver activities coming from the same IP address. But, if the server is honest, then a “no logging” policy would accomplish the same thing. Sealed sender is performative cryptography.

You can use words like “conspiracy” to dismiss the point, but tell me: if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?

How about the ease of which somebody could use Signal with a VPN? That defeats half of your metadata complaints.

A VPN hides your actual IP address from the server, but that is not the kind of metadata I’m talking about. I’m talking about who (which phone numbers, since that is Signal’s identifier) is talking to who, and when. A VPN only helps with this problem when there are other Signal users coming from the same VPN IP address at the same time as you, and then it only helps a little. It could help if you used a VPN for sending but not receiving, or vice-versa, or used different VPNs for each, but, Signal doesn’t do that (and if they did they’d probably run the ‘different’ VPNs themselves on cloud services anyway).

But if you were being fair, you would have to level the same accusation against every other messaging app, and the only ones I can think of have worse encryption (Session) or explicitly have servers under unilateral control (SimpleX) or fare far worse (Matrix, Threema, Wire, etc).

It’s ironic that the five things you picked actually all have the same major advantage over Signal (and WhatsApp, and Telegram): those five actually all are usable without a phone number! They each have their own problems, but at least it’s possible to use them all without a phone number!

What do you mean about SimpleX having servers under unilateral control? The software comes with several of the author’s servers baked in which you use by default, but I think it is easy to use a different one or to run your own. And a cool thing about SimpleX is that each direction of a conversation is on a different server, so within a single conversation you are often not sending and receiving from the same server, which is the opposite of the metadata centralization of Signal’s design. (Of course, when all of the servers involved are run by a single entity, which I think is probably the case for most SimpleX users today, that entity can still observe who is talking to who. But the protocol is explicitly designed to decentralize metadata instead of to centralize it. And it doesn’t use phone numbers, much less require them.)