But wait – it gets much, much worse
As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s #Firestore database.
Thanks for the breakdown, I’ll be sure to stay away from Converso! You should 100% check out DataBag. It’s my current favorite as its pretty much selfhosted signal. Except without the need for phone numbers and while decentralized, it can be federated too. Definitely my current favorite up and comer in the messaging world
Hadn’t heard of it, is this it?
That’s it
is the databag protocol/design documented somewhere? does it claim to have forward secrecy?
from a quick glance I see here they’re generating an AES key from a passphrase and using it to encrypt an RSA private key, which is… not a good sign.
fwiw https://simplex.chat is another thing which seems to have similar goals and functionality but is better documented.
Unfortunately, Converso is not open source and their website is totally silent on cryptographic primitives and protocols
The most insane part is this somehow wasn’t the worst part in the article
A quick look at Seald’s homepage answers many questions. Seald is a drop-in SDK for app developers to integrate end-to-end encryption ‘into any app in minutes’.
LOOOOL
Not only does Converso include a Google Analytics tracker to record how you use the app
This is an encryption app that claims to not even have metadata, btw
As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s Firestore database.
As someone who integrates Firebase for work, this made me tremble
I wrote a few lines of code to see what would happen if I tried to pull from the users collection:
No way
Looks like I accidentally breached Converso’s user database
I quit
It turns out the Seald username is the user’s phone number, and the encryption password is just their user ID.
HOW IS IT GETTING WORSE???
TFA claims Signal is the gold standard, which raises my eyebrows, especially as th] author - in the same breath - admits Signal leaks metadata.
There are chat clients, less popular, less well funded, that don’t leak metadata. Signal may be a good choice for the average non-techie, but it’s hardly the gold standard for private chat.
I’ve read from SME’s that Signal is the gold standard for encrypted private messaging. I haven’t seen that claim of any other messenger. What are the alternatives?
I’ve tried Briar and that seems like it may be good in 5+ years, but not something I’d ask non-techy people to use in its current form. Sessions dropped Perfect Forward Secrecy because it was too hard to make it work. I don’t want security features dropped just because they’re “hard” so that’s an immediate no from me. What are viable alternatives that don’t leak metadata?
“Popular,” and even “ease of use,” are not relevant for the label of Gold Standard when we’re talking about security. Functionality for purpose is relevant, but if we’re allowing for weaker security in trade for ease of use then I’d say just use SMS; sure, it’s not as secure as Signal, but it’s a lot easier.
Reductio ad absurdum aside, there are by my count about a half-dozen systems which are more secure than Signal. Systems which don’t require you to give up your phone number, or publish it, or leak other personal metadata. You mentioned one, Briar, and there’s SimpleX Chat, Tox, and Jami (the latter two have been around for a few years, and IIRC Jami’s been audited). There are any number of apps (web and mobile) that claim encryption and anonymity such as Confide, Onion Chat, ChatS, Speek!, Peekno, and Threema. Ocelot and retroshare.io are peer-to-peer with no central servers, and are probably (metadata) secure.
I wouldn’t call any of these individually the gold standard, but several are obviously more secure than Signal.
I can’t get over how any system that required such a tracable and abusable piece of PII as a cell phone number could be considered the gold standard for privacy.
“Popular,” and even “ease of use,” are not relevant for the label of Gold Standard when we’re talking about security
First, ease of use is absolutely relevant when it comes to security. If it’s too technical, difficult, or confusing, nobody will use it. Just look at how prevalent PGP is in emails - it’s basically doesn’t exist outside of niche nerd circles. What percentage of Linux admins ever deal with SELinux before getting told to just us AppArmor because it’s easier? So yes, ease of use is a factor.
Second, ‘security’ is too broad a topic. I don’t see a point in debating what is “the best” if a threat model isn’t outlined first.
I originally stated “Signal is the gold standard for encrypted private messaging”, which stands true regardless of other security features because it defaults to end-to-end encryption for everything by default and works out of the box. At the end of the day your messages are guaranteed to be encrypted and private - anonymity is not in the equation.
That said, I did bring up the point about leaking metadata, but looking at SimpleX I see that even they claim [0]:
The protocol does not protect against attacks targeted at particular users with known identities - e.g., if the attacker wants to prove that two known users are communicating, they can achieve it. At the same time, it substantially complicates large-scale traffic correlation, making determining the real user identities much less effective.
So, without digging much into it, it seems there’s some limitations to your claims about SimpleX’s superiority to Signal in terms of even anonymity.
Jami
I tried it when it was called Ring, tried it again sometime after the name change. It’s a P2P messenger that provides E2EE. The architecture means all metadata leaks to ISPs and the internet. So you should be using it with Tor (or some other layer), and because your contacts also need to do that, and one of them is bound to fuck up, it’s better to use either something that’s metadata-resistant by default (like Briar) or to stick to Signal. Also, because its P2P, it requires both parties to be online to even work - at least last I tried it. This doesn’t work in the modern world.
Tox
Without getting into the various security issues over the years (here are two recent ones [3] [4], one which allowed remote code execution!), the Android client is spartan to say the least, and there’s no iOS client [1], making this unusable with half the people I’d like to communicate with in the US. Your regional mileage may vary [2].
Confide
Isn’t even open source so completely out of the question - security through obscurity, as the story post about the Converso apps proves, cannot be trusted.
I’ll skip the rest as I’ve already spent too much time on this, but I will say I do believe Threema might be as good if not better than Signal, but it’s a paid app and it’s hard enough to convince friends/family to get onboard with a free app, never mind something that requires payment.
[0] https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#trust-in-servers
[1] https://tox.chat/clients.html
[2] https://www.statista.com/statistics/236550/percentage-of-us-population-that-own-a-iphone-smartphone/
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44847
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25022
Oh, I didn’t intend to skip the Tox comments. I haven’t used that in a whole, and was unaware of the CVEs. Those, and the fact there’s no iOS app, are good reasons to not use it. I found its use of DHT limited its performance and often had device battery life impacts; it still had a better protocol than Signal. The CVEs and other issues are technical implementation problems that can be fixed, unlike Signal’s design flaws.
Confide was just an example of a new class of fully anonymous, ephemeral chat clients, and maybe not the best choice. There are a half-dozen of these, all using similar mechanisms, some of which are OSS. I need to do a deeper survey of these, because they’re an interesting new approach to full-security chat.
Anyway, just saying I hit "sendx prematurely.
Man, this is great. I’ll admit that after leaving Reddit I was starting to miss the petty arguing about semantics. It’s great to see Lemmy picking up the slack!
First, ease of use is absolutely relevant when it comes to security.
Eh, I disagree. A little convenient security is not as good as full inconvenient security. Governments and corporations everywhere are glad that there are many people who share your opinion, though - and a very many people do agree with you, as you point out in your comment about PGP.
Just to be clear, I didn’t mean to accuse you of ignorance about leaking metadata. I was expressing greater value of it than you do; metadata is a tool of oppression and exploitation, and companies like Signal minimize its impact in order to support their business model. Private messaging, to me, means privacy; not partial privacy. Not privacy of some things. It’s why it’s important to secure DNS queries. Google absolutely exploits DNS metadata from 8.8.8.8 queries - a perfect analog to Signal’s collection of phone numbers and routing. Who you talk to is extremely valuable metadata, metadata which is not private under Signal. So, again, I disagree with you that simplicity trumps metadata privacy in declaring a “gold standard” privacy protocol.
For SimpleX, the key is the statement “individuals with known identities.” If you publish your identity publically on your web page, and your friend does too, yeah. Attackers can tell you two are communicating. The difference from Signal is that, with SimpleX you can not publish your identity. You can also easily create new (unpublished) identities, and use a different one for each friend. With Signal, you have no option other than buying burner phones and having your friends all reconnect every time you get a new phone. And knowing what I do of the telecom industry, burner phones - while improving privacy - are not immune to a committed attacker such as a government.
You’re right that Jami has flaws; I won’t begin to try to defend them, although it still has better metadata protection than Signal.
It’s a false equivalency to claim that because a protocol is not perfect, that it’s no better than an even less perfect protocol. I might as well claim that because Signal isn’t perfect, it’s no better than SMS.
Maybe I should be asking: why do you believe that a system that requires users to expose their identities and route centrally unencryptable metadata through a central server is sufficient? Does it not concern you that, because Signal (the company) effectively shut down the use of third h party servers, giving them full access to all of this metadata? Why do they deserve the label “gold standard” - purely as a result of their popularity?
SimpleX is my current favorite, but I won’t suggest that it’s easy to use. It needs one missing feature (multi-device channel sharing) and some usability enhancements. It could also benefit from easier ID rotation to enhance its already quite good anonymity protection. But the core protocol is the most solid of the existing options, and it works well. And for people who are at risk, and truly need security - e.g. political dissidents - including privacy of metadata, I would recommend putting up with little inconveniences, and not cut corners on privacy.
No messaging platform exists where zero metadata exchange will happen, and the only way to reduce metadata exchange is via centralisation. Federated platforms by design will leak a lot of metadata. It is only for developers and users to decide what is acceptable.
It’s not about metadata exchange, but metadata exposure.
Two of those platforms use self-hosted node servers. Behind a VPN with multiple customers, this is virtually untraceable. And certainly far less easily traced than by giving away your cell phone number to a company.
This is why I said it is for developers and users to decide what is acceptable. The sensitivity of what you are doing, and the required threat model, determines what elements are acceptable to leak.
We were talking about it in a chatroom a week ago. The whole app is a giant red flag. Claims of zero metadata exchange while being closed source? Sure, I will give it a pass.