Viewing a single comment thread. View all comments

ziq OP wrote

It began when US officials got involved in the development of An0m, a supposedly secure encrypted messaging app, which was then sold to organised crime networks.

The FBI helped to infiltrate the phones into 300 criminal groups in more than 100 countries, Calvin Shivers of the FBI’s criminal investigative division told reporters in The Hague.

In a pattern repeated elsewhere, one Australian underworld figure began distributing phones containing the app to his associates, believing their communications were secure because the phones had been customised to remove all capabilities, including voice and camera functions, apart from An0m.

4

[deleted] wrote

4

celebratedrecluse wrote

Signal refuses to let anyone else run their own server and mocks federated approaches, uses phone #s for user identification, and boasts about their "world class opsec"

Signal's app is open source, but the servers are not. This is to purposefully obstruct privacy enthusiasts from forking the project, to make sure they can keep control of the millions of dollars they collect from philanthropists affiliated with some of the worst privacy-killing platforms in existence.

We have to simply take at their word that, the server doesn't have any more useful info than what they say they have, which is the time the account was registered and the last time it was accessed.

However, random people can find out you have joined signal, if you are in their contacts list and they are also a user. This makes it quite easy to develop a list of everyone phone number in the world, which uses signal. Not sure if this is still a feature, don't use signal for this and many other reason

There is also the "MobileCoin" fiasco, where they are apparently selling out the app to promote a garbage crypto which will be KYC compliant and cooperate with the US government to that end. Not sure where Signal Foundation is at, with regards to implementing this in the app, but it was reported in a confusing way.

5

another_i wrote

Signal is "open source". The servers and client code were published to a repository on github, and for the past year, they weren't updated at all. Only recently there was an update to the repository for the server. Its clear the public repository is not the canonical repo, so how can anyone trust what they're actually running. Having a zero trust hash signature of the codebase from the servers would be nice

5

celebratedrecluse wrote (edited )

I agree, great suggestion. How could one implement this? Perhaps other apps will do this, which could indirectly pressure Signal to adopt best practices.

also, yes, you are right that I was mistaken-- Signal does publish that "source code", but as you said it is not updated or the actual full code running on their servers.

3

another_i wrote

Yeah , good question. I'm thinking like returning a sha1 hash salted by the client on the running server processes bytecode. But..... I don't know how the client could prove that is the hash of the server process.

4

celebratedrecluse wrote

Perhaps there could be an encryption key which uses the code data as a cipher, which signs tokens and then can be verified by a user or the browser via an extension, etc. The key would have to be maintained by the instance developers, and people would have to trust the code developers. This is a point of failure, to be sure, but it also minimizes the amount of people who need to be trusted from the server operator and the developer of the code, to just the developers of the code. So, perhaps this is in fact implementable, and could be a useful approach? Or perhaps I have made an oversight.

3

celebratedrecluse wrote

Additionally, signal uses WebRTC for calling etc, which to my knowledge breaks any VPN connection the user has for the rest of their device.

4

86944 wrote

Signal is open source and set up so you don't need to trust the server. You can't even compare it to mystery software on a phone you bought off the internet.

Telegram isn't even encrypted for the most part, there's no need to compromise it. Mix in the questionable homebrew encryption they use on their "secret" chats and I feel it's no more secure than SMS.

5

AnarchoDoom wrote (edited )

"open source" ain't a measure to make software less problematic. Signal is centralized/un-federated (the founder also has a record of talking against federation) and its devs are cultish. It always comes down to a political issue of development process and how it's managed.

Telegram is more secure than SMS in the way that the servers are based outside of Five Eyes countries That's its only better security. Taking aside the encryption issue, SMS are also obviously managed through domestic data centers.

0

NoPotatoes wrote

Personally I have concerns about Graphene, another service where you send your device to them and they flash their software.

4

another_i wrote

If you're talking about GrapheneOS, I've been running the OS myself for the past year.

I didn't send them my device to flash, I compiled it from their repository and flash my device myself.

With that said, the project is complex and the likelihood of an individual to verify there are no exploits seems pretty low.

Moreover, the Over-the-air updates are nice for my lazyass, but its another attack vector

4

NoPotatoes wrote

Is your boot loader unlocked? Do you have a secure root of trust active on your device? From what I understand, flashing the image in a locked down way is a difficult process on many devices. More difficult than just unlocking the boot loader and disabling all of the secure boot functionality.

3

another_i wrote (edited )

No, not unlocked. I followed these instructions. It was straight forward from what recall. IIRC, now that i think about it more, I used a precompiled binary, but checked the hash before installing it. That's not to say I can trust their hashes, but I'm counting on the community to raise hell otherwise.

https://grapheneos.org/install/cli

3

NoPotatoes wrote

Ah. It looks like Graphene OS is updating the trust store so that you can re-lock the bootloader after flashing.

Unfortunately my device is not supported. I wanted a replaceable battery and expandable storage :/

3

another_i wrote

Fwiw, a lot of phones with removable batteries, also have an embedded battery. I'm sure you can validate which models do before you acquire yours.

Removable battery is desirable, for sure.

I don't mind my device, its nice, but yeah, I acquired it specifically for Graphene.

3

Bettywhite4dinner wrote

Ziq, it's me, could i email you please? Its regarding your guide for security tags!! Pleaseee!

I dont know how to come back and see if u replied sonif so, email me at [email protected] ok ty!!!

0