Viewing a single comment thread. View all comments

quandyalaterreux wrote

Reply to comment by celebratedrecluse in F-Droid bans fascist gab by ziq

I'm sorry but the 'decentralization' argument against Signal is flawed, see this excellent blog post by m0xie on federation:


celebratedrecluse wrote (edited )

very telling that the post makes no mention of any of the specific security problems with Signal, some of which I mentioned. It merely dwells on platitudes about how email is google-centric-- meanwhile, Signal makes it intentionally very difficult to stop that very same company from swiping all the important metadata.

Contact discovery, profiles, and tying the entire identity to a phone number are also terrible ideas as far as an at-risk end user is concerned: anonymity, privacy, and plausible deniability would be at least as important as the security of the message contents, but unfortunately there are a bunch of holes in how the Signal service works now. Again, I'm not saying this is inherent to the Signal application, which appears fantastic to me. I'm speaking about the particular, "main" fork which is called Signal Private Messenger.

However, if you are mainly concerned with growing the service as fast as possible and retaining as much control over the service's parameters, then the decisions of the Signal devs begin to appear much more aligned with the priorities. However, this bizzarely replicates the logic which is critiqued in the essay you linked, by creating in practice a central social node around which all the other services orbit.

I don't accept the central premise of the blog post. Federated systems don't have to be stagnant. In Signal's case, compatibility between multiple servers could be implemented, without compromising on the security of the "official" app to "official" app communications, or even involving major changes in design. At any rate, the combination of unencrypted text messages into the Signal app, and the nature of the program's phone number based identification system, says pretty clearly that the developers aren't about to discard the federated model on a desire to increase the security/functionality of the service internally, not when it comes to large corporate actors.

To the contrary, it seems that only the smaller players are pushed out of the field: people who want to run their own servers for personal use, or even just run the application on Linux, or not use a phone number to you can see, this seems like either bad faith or bad reasoning, to a lot of anarchists. It's important to make sure that there isn't one target for state surveillance in a particular domain! If you haven't learned from all the market busts in the last 5 years, this invites the kind of attention which will ultimately compromise a project: as soon as something becomes dominant, the go-to, it paint a reticle on its chest. That's just the social and political reality, unfortunately. So my perspective is that Signal, by encouraging the development of a central node for targeting, will ultimately be found to have been seriously compromised by some state actor and used as a passive listening system to track people of interest, build a case, and then establish parallel construction.

Rather than building a single solid United Front against all these numerous & well-equipped enemies, I think it is a more effective and trustworthy to focus on creating an ecosystem where multiple projects with different priorities (privacy, anonymity, ease of use, etc) can coexist and intercommunicate under common standards that focus on security. This requires direct communication and coordination, but there's no reason why it couldn't be done if people felt is was necessary and decided to operate that way while developing their projects.

my opinion: The Signal service is designed to be very easy to use, but it has all these obvious flaws which are papered over quite thinly with buzzwords. This isn't a problem unique to Signal, and it is an incredible project and has added a lot to the FOSS community in terms of visibility and code. However, I can't help but be suspicious of all these red flags.

edit: made my post less passive aggressive, and added some further points. Sorry about the initial comment


crabbers wrote

Thanks, mate. I appreciate you taking the time to lay this all out for me.


celebratedrecluse wrote

No problem, nobody has to ask me to launch into an unsolicited tirade about opsec lol so I'm glad you got something out of it