Mastodawn

https://signal.org/blog/signal-is-expensive/

Signal Dec 11, 2024

And if you want to know more about the economic reality behind running high availability, actually innovative tech…

Privacy is Priceless, but Signal is Expensive

Signal is the world’s most widely used truly private messaging app, and our cryptographic technologies provide extra layers of privacy beyond the Signal app itself. Since launching in 2013, the Signal Protocol—our end-to-end encryption technology—has become the de facto standard for private commu...

Signal Messenger

@signalapp If possible, wouldn't it be cheaper and as secure for the Signal Foundation to be on the receiving end of the account verification SMS? The new #signal user:

Installs the Signal app

Creates a new account by providing their phone number and desired username

The app encrypts number&username from step 2 and shows it together with a short declaration, e.g.:

I hereby open a Signal account. My hash is: gdhduehdbyrifhhdywuhdjcisncuqihdusjhdywofpaljwkduejgdhd

The user copies the text via copy button into the SMS app and sends it to the Signal Foundation phone number provided in the app

The Signal Foundation server decrypts the text, checks whether the phone number of the SMS sender matches the number provided in the hash. If the check succeeded, the app unlocks the account for the username provided in the encrypted text and links the phone number to the username.

Perhaps, step 3 and 4 can be automated in a way that the Signal app creates a SMS draft that the new Signal user just has to send out after double checking.

@duxsco @signalapp Wouldn't it be much cheaper and just as secure to not have SMS or phone number as a requirement at all?

SMS confirmations would be insecure, actually, because SMS is susceptible to MITM attacks. And I didn't even mention hijacking such as SIM swapping or phishing.

What's worse is that Signal relies on Twilio, a company that has already been breached numerous times, to send out SMSes, that come to about $6 million/year, which is mindbogglingly insane and a waste of money.

Even more so, because by sending an SMS, you directly expose your actual phone number, compared to a hash that Signal stores on their servers, so anyone breaching Twilio could read the phone numbers, or if Signal gets compelled by law enforcement, and if they collect the SMSes themselves, law enforcement could also find the phone numbers.

@alextecplayz @signalapp People moaned about the reliance of Signal on SMS already often enough for the Signal Foundation to be aware of people being displeased. I didn't see any point in adding to that. Considering that there will be no move away from SMS, at least, in the foreseeable future I wanted to just suggest an alternative approach to the current SMS based account verification that potentially doesn't incur these huge costs. I didn't make a statement on the level of security SMS provides. This has already been covered in the past, and there have been incidents with SMS verification and the use of SMS TANs without Signal Foundation seeing the need to improve user onboarding. No point going through this again and again.

@alextecplayz @signalapp With my approach, there wouldn't be a need for Twilio's services. The Signal Foundation just receives SMS.

@duxsco Yes, they'd receive the SMS, which means they'd also receive the user's ACTUAL phone number, unlike the encrypted hash Signal stores on their servers currently.

Which means, that if Signal gets compromised or subpoenaed by law enforcement, they would have to share both the hashed phone number AND the plaintext phone number, which would allow law enforcement or a nefarious third-party to directly create graphs that would identify specific users by matching the phone numbers to the hashes.

This is very dangerous, so it's not a good idea at all. Unless they decide to drop the phone number requirement altogether, they cannot switch their SMS approach without creating massive privacy issues for the user base.

@alextecplayz Signal already has your phone number with the current approach. I joined this thread to make user onboarding cheaper and not more secure. The Thread started with Signal pointing out costs.

@duxsco Signal already has a user's encrypted phone number, but they can't decrypt it. Your proposed approach hands Signal both the encrypted number and the plaintext number. Which, for Signal, just can't work from a privacy perspective.

They can reduce cost by de-centralizing Signal, and allowing it to federate. That and cutting compensation for employees, especially executives.

@alextecplayz With the involvement of Twilio, the phone number is already exposed with the current approach.

@duxsco Yes, it's exposed to Twilio specifically, but not Signal. So even if Twilio were to be breached, they couldn't match the phone numbers to accounts - not as easily as if Signal would receive SMSes directly.

@alextecplayz As soon as I type in my phone number in the app for onboarding and click on "submit", it's exposed in my eyes to Signal: data at rest vs. data in transit

@alextecplayz IMHO, the only way my phone number is not exposed is the number not being part of the equation. Mullvad does the right thing and doesn't collect data if not absolutely necessary:
https://mullvad.net/en/help/no-logging-data-policy

No-logging of user activity policy

We do not keep activity logs of any kind. Learn more about what this means and why we choose to operate this way.

Mullvad VPN

@alextecplayz IMHO, Signal just isn't an app for anonymous communication, possibly confidential communication, but definitely not anonymous communication.

AlexTECPlayz

@duxsco ...Signal is used everywhere by whistleblowers and journalists, at every major news outlet worldwide, that and SecureDrop for file sharing. It is supposed to be both confidential and anonymous, where needed. Thankfully usernames do help in this regard, but we'd cycle back to "Wouldn't it be great if Signal didn't require a phone number?"