Submitted by southerntofu in Tech (edited )
Yet another instance of Signal making very wrong technological choices placing people in dangerous situations. Previously, in "Signal fails":
- Signal uses phone numbers, which are both uniquely-identifiable (and are further tied to a unique IMEI number per device) and easily hackable (thanks to SS7 known vulnerabilities)
- Signal refuses to federate with other servers, claiming they know security better than everyone else and so everyone on this planet should trust them for their privacy because everyone else is incompetent
- Signal actively bans 3rd party clients implementing their protocols, or forks trying to remove anti-features (such as LibreSignal did years ago by removing Google Play Services malware dependency)
- Signal publicizes everyone's phone numbers in public chatrooms, so perfect strangers can end up harrassing you on the phone just because you were in the same room as them
And now, in this episode of #SignalFails:
- A: the Iranian government just decided to ban Signal by dropping packets to the Signal servers
- B: quick, deploy a TLS proxy!
- A: done! But we still advertise "signal.org" destination in plaintext SNI headers, because we don't want to terminate TLS on the proxy itself. Won't this put people at risk? (EDIT: this was a wrong assumption on my part)
- B: noooooo way lol and if it happens we'll just say it's the fault of the government and we had no way to know
- C: hi i'd like to report a life-threatening bug in your proxy for iranian folks
- A: close ticket, remove Github issues entirely
- C: (on forums) hi i'd like to report a life-threatening bug in your proxy for iranian folks... CENSORED BY AUTO-MODERATOR BOT
- D/E/F: (on forums) why is signal doing it this way? there's plenty of good proxies like Tor for such situations, and the method you use is highly insecure! (EDIT: the method is not "highly" insecure, though the server can be proved to be a signal proxy (see comments))
- G: we cannot do anything against powerful attackers, and they can't know what we're doing with this HTTPS trafic without doing weird complicated stuff
- D/E/F: WTF G? we told you that's not how SNI header works and they can just record/block anything SUPER easily. They know what service your proxy is serving to users because that's what the SNI header was invented for in the first place, and that's why in the past years there's been a push to encrypt SNI headers (with ESNI). Why don't you facilitate usage of Tor with Signal, and keep on working what you know how to do? (EDIT: not entirely true, see comments)
- H: we're never gonna use Tor network or its obfuscation methods (obfs4/snowflake) because why the hell would we?
In the next episode of #SignalFails...
86944 wrote
Because it's being used outside of it's designed use case. Signal is just a more secure replacement for SMS and normal telephone calls. It wasn't meant to provide perfect anonymity, it wasn't meant for use in oppressive regimes like Tor and tails are.
Signal makes a fine replacement for standard SMS and phone calls. the signal foundation and people in general need to stop pretending it's ready for anything more in it's current state.
That said they claim they're working on removing the phone number requirement.