Greetings!

A friend of mine wants to be more secure and private in light of recent events in the USA.

They originally told me they were going to use telegram, in which I explained how Telegram is considered compromised, and Signal is far more secure to use.

But they want more detailed explanations then what I provided verbally. Please help me explain things better to them! ✨

I am going to forward this thread to them, so they can see all your responses! And if you can, please cite!

Thank you! ✨

  • Aria@lemmygrad.ml
    1·
    21 hours ago

    If I share an IP with 100 million other Signal users

    That’s already not very likely, but ignoring IP, you’re the only one with your SSL keys. As part of authentication, you are identified. All the information about your device is transmitted. Then you stop identifying yourself in future messages, but your SSL keys tie your messages together. They are discarded once the message is decrypted by the server, so your messages should in theory be anonymised in the case of a leak to a third party. That seems to be what sealed sender is designed for, but it isn’t what I’m concerned about.

    daniel sent a user an image…

    Right, but it’s not other users I’m scared of. Signal also has my exit node.

    What you’re describing is (not) alarming (…) Signal’s security team wrote.

    I mean if strangers can find my city on the secret chat app I find that quite alarming. The example isn’t that coarse, and Signal, being a centralised platform with 100% locked down strict access, they well could defend users against this.

    What do you mean when you say “conversation” here?

    When their keys are refreshed. I don’t know how often. I meant a conversation as people understand it, not first time contact. My quick internet search says that the maximum age for profile keys is 30 days, but I would imagine in practice it’s more often.

    Even if we trust Signal, with Sealed Sender, without any sort of random delay in message delivery, a nation-state level adversary could observe inbound and outbound network activity and derive high confidence information about who’s contacting whom.

    That is true, but no reason to cut Signal slack. If either party is in another country or on a VPN, then that’s a mitigating factor against monitoring the whole network. But then if Signal is sharing their data with that adversary, then the VPN or being in a different country factors has been defeated.

    Here’s the blog post from 2017

    I appreciate the blog post and information. I don’t trust them to only run the published server code. It’s too juicy of an honeypot.

    I don’t have any comment on SGX here. It’s one of those things where there’s so many moving parts and so much secret information, and so much you have to understand and trust that it basically becomes impossible to verify or even put trust in someone who claims to have verified it. Sometimes it’s an inappropriate position, but I think it’s fine here: Signal doesn’t offer me anything, I have no reason to put so much effort into understanding what can be verified with SGX.

    And thanks for the audits archive.

    • hedgehog@ttrpg.network
      1·
      13 hours ago

      you’re the only one with your SSL keys. As part of authentication, you are identified. All the information about your device is transmitted. Then you stop identifying yourself in future messages, but your SSL keys tie your messages together. They are discarded once the message is decrypted by the server, so your messages should in theory be anonymised in the case of a leak to a third party. That seems to be what sealed sender is designed for, but it isn’t what I’m concerned about.

      Why do you think that Signal uses SSL client keys or that it transmits unique information about your device? Do you have a source for that or is it just an assumption?