SpaceLifeForm

@thegibson

There is still a phone number involved last I checked.

Which means SS7 under the hood at some point.

But SS7 is not secure.

https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/

Why is Signal asking users to set a PIN, or “A few thoughts on Secure Value Recovery”

Over the past several months, Signal has been rolling out a raft of new features to make its app more usable. One of those features has recently been raising a bit of controversy with users. This i…

A Few Thoughts on Cryptographic Engineering
Dec 4, 2024 at 3:11amWeb
Show threadCharles U. FarleyDec 4

@SpaceLifeForm Phone number is only used for the initial authentication. The safety number is supposed to help catch if someone's account gets hijacked, but nobody really pays attention to that, so there's no substitute for setting a password.

Even if someone were to manage to hijack your account with a SIM swapping attack or something, they wouldn't get any of your chat history. I think they do get your contacts, though.

@thegibson

Show threadStrypeyDec 4

@freakazoid
> Phone number is only used for the initial authentication

.. allowing users to be identified by datamatching the phone number. The main argument for using phone numbers is that people can find their friends, ie this de-anonymisation is a feature, not a bug.

You can avoid it by using a burner number, but this is not possible in many countries (eg China). Signal could provide the same anonymity by making phone numbers optional, like most other E2EE apps.

@SpaceLifeForm @thegibson

Show threadCharles U. FarleyDec 5

@strypey If you have a username set, you can turn off the ability to find you by phone number or see your phone number. I don't think you can sign up without a phone number yet, though I seem to recall they've said they plan to implement that in the future.

Does "most other E2EE apps" include any with nearly Signal's user base? AFAIK the only bigger one is WhatsApp, and I'm pretty sure that provides even less anonymity.

@SpaceLifeForm @thegibson

Show threadStrypeyDec 5

(2/3)

@freakazoid
> Does "most other E2EE apps" include any with nearly Signal's user base?

I don't understand why you ask.

Firstly, this is highly relevant for a publishing tool, where "reach" matters. But entirely irrelevant for a private communication tool, where the important questions are 'how well does it protect the privacy of people using it' and 'are the people you want to talk to willing to use it?'.

Show threadStrypeyDec 5

(3/3)

Secondly, there is an inverse relationship between how privacy-protecting a network is, and how easy it is to take a census of the population. Lower *apparent* population is potentially a sign of better privacy protection, rather than low interest in using it.

Show threadStrypeyDec 5

(1/3)

@freakazoid
> I don't think you can sign up without a phone number yet, though I seem to recall they've said they plan to implement that in the future

If and when Signal do that, there will be one less reason to laugh into the back of my hand when people pimp it as a privacy app. Especially for activists and journalists (I've been both).

@SpaceLifeForm @thegibson

Show threadStrypeyDec 4

"Signal has historically chosen the more cautious and safer approach — as compared to more commercial alternatives like WhatsApp"

#MatthewGreen, 2020

https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/

Except when it's integrating third-party search engines so people can search for reaction GIFs in-app;

https://signal.org/blog/giphy-experiment/

... adding a new and totally avoidable attack surface.

@SpaceLifeForm
@thegibson

Why is Signal asking users to set a PIN, or “A few thoughts on Secure Value Recovery”

Over the past several months, Signal has been rolling out a raft of new features to make its app more usable. One of those features has recently been raising a bit of controversy with users. This i…

A Few Thoughts on Cryptographic Engineering