Signal Adds Cryptocurrency Support

According to Wired, Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.”

Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. “There’s a palpable difference in the feeling of what it’s like to communicate over Signal, knowing you’re not being watched or listened to, versus other communication platforms,” Marlinspike told WIRED in an interview. “I would like to get to a world where not only can you feel that when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal.”

I think this is an incredibly bad idea. It’s not just the bloating of what was a clean secure communications app. It’s not just that blockchain is just plain stupid. It’s not even that Signal is choosing to tie itself to a specific blockchain currency. It’s that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI.

And I see no good reason to do this. Secure communications and secure transactions can be separate apps, even separate apps from the same organization. End-to-end encryption is already at risk. Signal is the best app we have out there. Combining it with a cryptocurrency means that the whole system dies if any part dies.

EDITED TO ADD: Commentary from Stephen Deihl:

I think I speak for many technologists when I say that any bolted-on cryptocurrency monetization scheme smells like a giant pile of rubbish and feels enormously user-exploitative. We’ve seen this before, after all Telegram tried the same thing in an ICO that imploded when SEC shut them down, and Facebook famously tried and failed to monetize WhatsApp through their decentralized-but-not-really digital money market fund project.

[…]

Signal is a still a great piece of software. Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business. This is not the way.

Posted on April 7, 2021 at 6:24 AM86 Comments

Comments

Harald K April 7, 2021 6:47 AM

This appears to not be a “real” blockchain currency in the sense you define it in the linked article (“just plain stupid”). It doesn’t seem to use mining.

But it does seem to be built on the assumption that participants have a duty to participate in obfuscating the origin and recipient of transfers, making it very likely to run afoul of money laundering laws. Maybe that’s why the repos are full of warning against using it in the United States.

(Although I believe people have a right to secure and private communication, I disagree with those who extrapolate from this that we have a right to anonymous property transfer. It’s totally in the public’s legitimate interest to keep track of who owns what, and to settle which transfers of ownership are legitimate, for instance by disallowing coerced ones.)

So I agree it’s not the best move. Also you’re also totally right on the “why the bundling” point. I guess the costs of scaling to its newfound popularity were high enough for them to bet on something like this.

Clive Robinson April 7, 2021 7:15 AM

@ Bruce, ALL,

WTF: Signal Adds…

Yes in deed.

As some know there is a lot of money to be made in stealing “electronic wallets” or even locking them up for ransomware.

Thus the advice is never conect “value storage” on an Internet Facing/Connected machine, it will be found and you will pay the price of the loss.

Likewise for financial transactions the advice is again avoid or be very cautious and carefull if doing it across the Internet.

As I’ve noted on several occasions the way Signal is designed, it is not secure. The same is true for all “Secure Communications Apps” that put the “user interface” on the same device as the “communications interface”. That is they have in effect put the insecure “communications Endpoint” interface in the security chain beyond the “security Endpoint” which means an attacker can bypass all the crypto and get at the plaintext user interface, or other interfaces such as the file system.

So…

Now there is potentially a nice solid financial reason to break Signal’s illusion of security shall we “Open a book” on how long it is before ways to steel the crypto-currancy via Signal’s failings takes to occure?

bobby April 7, 2021 7:20 AM

Not necessarily an argument I fully buy, but as for the reasoning for the integration: if Signal is an app for free speech, we’ll at least according to the US Gov paying/donating can be a form of speech.

And also, if we’re being honest, all the big chat apps are adding payment in one way or another (WhatsApp, iMessage, etc.). That Signal would try to match that behavior in a privacy preserving way doesn’t surprise me.

More broadly I don’t know how I feel about the whole thing. They’ve done good work in the past and on the whole it seems they’ve thought through the decisions they made keeping in mind a specific vision (easy to use for the lay person, privacy preserving [though not necessarily anonymous], low friction messaging basically). It seems this has been in the works for a while so I can’t imagine they haven’t put a lot of thought into it. We’ll just have to wait and see how it plays out.

Richard April 7, 2021 7:24 AM

I have mixed feelings on this topic because I’m coming from an American perspective. I know that in chat payments are EXTREAMLY popular in other parts of the world on other messaging platforms, such as WhatsApp. And Brian Acton (co-founder of WhatsApp) is financially involved in Signal after leaving Facebook. So we have people who are looking beyond America’s boarders to see what other people are using messaging for & attempting to provide a solution. The ‘software bloat’ is something that concerns me greatly. The more complex a system is, the more potential insecurities there are. Just my two cents.

RogerBW April 7, 2021 7:36 AM

If someone were leaning on me to make the best-of-class anonymous communication platform more dangerous to use and subject to heavier regulation, this might be what I did to it.

Fork time?

Barney April 7, 2021 7:55 AM

There are some (many!) who’d claim allowing complete privacy for communication and not creating a backdoor for the feds “muddies” the morality of the app. Who’s to say you’re right and they’re wrong?

Having true privacy and freedom from censorship/surveillance includes all aspects of life, including economic activity and value transfer, as well as moving data around. As far as I can see any communication system that with those aims is incomplete without some form of cryptocurrency capability/integration. The idea of a separate app from the same organisation sounds reasonable but I think it fails all the same tests that prevented other secure, private messengers succeeding where Signal did. At this point it’s either in the main app or it’s not getting adopted (take a look at the Chinese messenger ecosystems for the extremes of how well this can work), and there’s a very reasonable argument that that is worth the complexity/security/regulatory risk trade-off.

tT may not be the mission you have in mind, but there are plenty of people who see it that way, and I think it’s fantastic to have a founder led project like Signal be able to take these decisions and move in this direction even if the majority of users don’t care or actively don’t want it.

Bufford April 7, 2021 8:21 AM

The addition of crypto-currency will increase pressure to crack the encryption as well as efforts to compromise a wider range of accounts.

Not good, IMO.

Bruce Schneier April 7, 2021 8:25 AM

@John Travise:

“Another out of touch old man shouting at clouds.”

Is that me, or Moxie?

I try not put as little as possible in the cloud.

SayIt April 7, 2021 8:29 AM

Signal is not secure. First, it is trivial for them to shutdown the use of Signal by particular parties they are following. That forces use of a less secure or insecure mode of communication. Second, phones are not secure, which means implanted software can eavesdrop on both ends of the communication before and after encryption/decryption. Yes, your conversations with your therapist are secure, unless you’re a person of interest. And it doesn’t take much to be one. You certainly don’t need to have committed any crimes at all.

wiredog April 7, 2021 9:05 AM

@SayIt
By the standards you laid out secure communication is impossible. It’s possible to shut down any communication line, and usually trivially so, forcing the use of another less-secure one. The PGP email only works if the switches don’t inspect for crypto going across the line and don’t shut it down when detected. And, yes, phones can be compromised. So can snail-mail. If you’re a reasonably high value target a microphone can be placed in your bedroom, and a parabolic mic can be used to eavesdrop from across the street.

Signal is secure enough for most purposes requiring security.

Wayen April 7, 2021 9:45 AM

Let’s be honest. No one can say the truth about Signal without being labeled either a conspiracy theorist, an anti-semite, or both.

Anonymous April 7, 2021 9:56 AM

+1 “Secure communications and secure transactions can be separate apps, even separate apps from the same organization.”

Anonymous April 7, 2021 10:35 AM

Jesus. If users want to use cryptocurrencies, so be it. But implementing a completely new cryptocurrency into Signal is just a waste of time. Who asked for this? Certainly not the folks who are already using cryptocurrency.

Signal should do just one thing and do it well: provide secure, encrypted instant messaging platform, and nothing more.

Clive Robinson April 7, 2021 10:44 AM

@ Wiredog,

If you’re a reasonably high value target a microphone can be placed in your bedroom, and a parabolic mic can be used to eavesdrop from across the street.

You forgot the “spike mike” in the wall from the adjoining property…

Well over three decades ago I purchased a house that was,

1, On a very busy main road to the front.
2, A long garden to the rear.
3, A large school playingfield on the other side of the main road.
4, A large sports field at the bottom of the rear garden.

Which gave me atleast 600yards clear to the front and rear that I could easily observe in various ways not just via optics. The problems were the sides, detached properties in large grounds were not then in my price range…

Which is the main point realy “Privacy is easier when you are rich than when you are poor”.

name.withheld.for.obvious.reasons April 7, 2021 11:10 AM

@ Clive

Thus the advice is never conect “value storage” on an Internet Facing/Connected machine, it will be found and you will pay the price of the loss.

Yes, I functionally segregate systems and applications on their value to specific business activities. I have four layers of network segregation and isolation:
1. Public, where I am now
2. Research, document retrieval, information gathering, and other data
3. Business, specific business activities including banking and account management
4. R&D — Business specific intellectual property and programmatic development
5. Air-gapped hardware development tools, not even network cards or transmitters except for serial communications (IEEE 448, etc.)

Each layer has access controls about which specific applications or network aware programs can access another layer, the permission go from high to low and not the other way. So R&D (No. 4) can touch specific apps/data in research (No. 2) but research (No. 2) cannot reach into number 3 or 4. Pubic is considered hostile, even though it is two firewalls and routers deep and layers 2 – 4, yet another firewall, and logical layer two isolation.

Where would I put a Signal app, layer 1. Where would I put cryptocurrency, based on a threat model, layer 1. But as other have suggested, with the threat model you must consider that you’re a target for wallet theft. So I would have a very hard time integrating the application into the above model. I would need to provide for another layer with specific application rules. All the applications are audited and the traffic is logged between layers (a DMZ of sorts at each layer for logging).

Anonymous April 7, 2021 11:15 AM

Sometimes when I am reasonably … in another state of the elevator, I do use Signal to contact my … butter milk supplier. I do would like to pay him. Where is the problem? I do not get it.

mau April 7, 2021 11:32 AM

This, in addition to their “viral” announcement of any person in your phonebook having a Signal account, which is NOT GOOD if the person is using Signal to have a clean and safe line of communication to avoid stalkers/abusers.

I think they may now allow you to opt out by compiling your own client and setting a flag but that’s not acceptable for the average person they want to bring “privacy” to.

I really wish we could have civil libertarianism without the deregulationist pyramid scheming. I really do.

ex-signal-user April 7, 2021 12:10 PM

Mau, the “viral” announcement is exactly what turned me off signal and caused me to uninstall it within a week. Heck I had people I hadn’t spoken to in years congratulate me on finally getting signal… also the nagging doubt about whether or not my messages got through was getting to me (I believe that problem has been fixed).

Also, how you can make a secure messaging app rely on a GSM phone number is beyond belief (they are as far as I know changing it soon so you can use usernames, but the damage has been done from my point of view).

xcv April 7, 2021 1:07 PM

@ ex-signal-user

Mau, the “viral” announcement is exactly what turned me off signal and caused me to uninstall it within a week. Heck I had people I hadn’t spoken to in years congratulate me on finally getting signal…

Yeah, it sounds like a Communist Party trope.

also the nagging doubt about whether or not my messages got through was getting to me (I believe that problem has been fixed).

It’s like you told a joke in bad taste, or communicated with a minor for immoral purposes or something like that. The other party didn’t “get it” when you sent the message.

Also, how you can make a secure messaging app rely on a GSM phone number is beyond belief (they are as far as I know changing it soon so you can use usernames, but the damage has been done from my point of view).

No shit. It’s a local police jurisdiction Stingray interception point.

Here’s How Much a StingRay Cell Phone Surveillance Tool Costs

I don’t know what the hell they’re after, but the the Feds have probable cause for a wiretapping warrant on your cell number as soon as you have something like that installed.

BjornW April 7, 2021 1:39 PM

Hi Bruce,

Do you still stand behind your words on the Signal homepage, now that Signal is adding support for the cryptocurrency MobileCoin and the rumors of conflict of interest by Moxi Marlinspike? I am referring to this quote:

“I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.”

Thanks for your time (and the free sharing of your knowledge over the years)!

Erdem Memisyazici April 7, 2021 2:17 PM

Yea, let’s base a decentralized economy on the birthday paradox. 😂

Mr. Peed Off April 7, 2021 3:46 PM

Approximately 79% of cryptocurrency is now being mined by China (power is more economical when you own the generation). I suspect Winnie the Pooh’s picture will be on most of the new currency. Unfortunately, Winnie has a much different view of security than you or I.

Jed April 7, 2021 3:51 PM

Now that a dark cloud has appeared over Signal do we start considering other options – my apologies for going off topic but it seems to have slowed down enough to give it a boost.

We are, of course, entering a twilight zone but I offer three suggestions to start the ball rolling.

Session
Teleguard
Threema

onlytimewilltell April 7, 2021 4:06 PM

Why do you guys scream so much, are you lonely or something, needs some attention? It’s in beta, for testing (and debugging) & only in uk (probably never will allowed in us), maybe there is a bigger picture nobody sees. Sometimes to go around the ‘6’ you have to do some acrobatics.

JO April 7, 2021 4:15 PM

You used to have a contest to come up with the most ridiculous terror movie plot. I’m not sure why you quit that, but I can’t help but feel you are increasingly starting to sound like some of those movie plots. You seem less and less a proponent of true privacy and freedom, in favour of “security” bestowed upon us by the government.

The truth of the matter is, the people are taking their freedom back from the government using technology. Their attempts to stop it will end up looking the same as the silly keylength munition restrictions the US tried to enforce back in the late 90s. This is an irreversible trend, fighting it will be futile.

You say “And I see no good reason to do this.” I’m sure that’s true. However, the freedom to privately transact is just as paramount as the freedom to communicate. You could argue that transfer of value is indeed a form of communication. You may never understand it, but it will happen around you regardless.

Weather April 7, 2021 6:00 PM

They might be trying to increase the uptake of signal, there is apple pay that uses the phones RFID to pay for things.

xcv April 7, 2021 6:18 PM

@ Mr. Peed Off • April 7, 2021 3:46 PM

Approximately 79% of cryptocurrency is now being mined by China (power is more economical when you own the generation). I suspect Winnie the Pooh’s picture will be on most of the new currency. Unfortunately, Winnie has a much different view of security than you or I.

What a waste! Mine gold or oil: something useful for motive power or at least pretty to look. But cryptocurrency isn’t even that. Absolutely worthless, full of bit rot, copyright violation, child pornography, crypto-slander, crypto-libel, etc.

Bruce Schneier April 7, 2021 7:16 PM

Re JO:

“You say ‘And I see no good reason to do this.’ I’m sure that’s true. However, the freedom to privately transact is just as paramount as the freedom to communicate. You could argue that transfer of value is indeed a form of communication. You may never understand it, but it will happen around you regardless.”

You misunderstand me. I see no good reason to tie the two functions together in a single product, for the reasons I outlined above.

Bruce Schneier April 7, 2021 7:19 PM

Re BjornW;

“Do you still stand behind your words on the Signal homepage, now that Signal is adding support for the cryptocurrency MobileCoin and the rumors of conflict of interest by Moxi Marlinspike?”

I still think that Signal is the most secure texting app out there.

Clive Robinson April 7, 2021 7:55 PM

@ Weather, ALL,

They might be trying to increase the uptake of signal

The Internet has fairly well proved it’s self to be a “First to Market is the winner takes all of the market” despite what a course in economics will imply (due to the fact of the hidden assumption in economics of “distance costs”).

So from those behind it there is probably the thinking of “Signal has to grow or die”. And if it’s the latter all that they have sofar invested will be lost, or not reach the potential they are after. But tying themselves to a highly volatile trading/speculating crypto-currency is actually going to make Signal’s demise more likely.

there is apple pay that uses the phones RFID to pay for things.

But there is a big difference between a conventional fiat currency independent transaction system and a crypto-currency payment and reconciliation system and that’s “Risk” with a very large “R”.

By and large all crypto-currency systems are designed to be inherently unstable thus they tend to hyper inflation/deflation cycles as people with sufficient funds manipulate the system creating volitility to their advantage. The volitility in turn means that exchange and reconciliation systems carry bigger risk, therefore will charge significantly higher fees.

You have to only try and live in a country with hyper-inflation for a very short time to know what that does to a civil society. Then realise it has a reinforcing effect on the entire economy as more and more labour is devoted to try and shorten the time any one actually holds currency in their hand.

In fact providing a mechanism to speed up the aquire/divest cycle just facilitates hyper-inflation. It’s one of the reasons certain people carry out “High Frequency Trading” and will thus pay hansomly to have the shortest network path between them and the point of trade (yes even traders have to obay the laws of physics with respect to the delay caused by the speed of light).

So irrespective of if it’s Signal or some other secure messaging app making the movment of crypto-currency fast is not going to end well for the security of the app or it’s greater environment.

The reason is “cryptography-costs” in CPU cycles so both in work/power and delay/time. On a per bit basis the fastest form of cryptography is the stream cipher as the work of generating the key stream can be done well in advance and in most cases in parallel.

The problem with security is that it’s rather more than just hiding information via cryptography. So whilst you can hide information on a bit by bit basis other things have to be taken into account (CIA triade for old timers). For instance bitwise encryption is easily subject to active “bit flipping” attacks, because the cipher alphabet size is considerably smaller than the plaintext alphabet size. This has consequences at higher levels in the security stack especially where known message formats are used, especially when optomised to remove redundancy (ie made more efficient).

Thus with financial transactions and a highly volatile trading currency there will be a pull in two different directions. Firstly that of privacy from security which is what would be desired by ordinary users (otherwise why use a secure messaging app?[1]) which increases delay. Secondly to minimise transaction times/delay to reduce the effects of trading currency volitility which generally will act against security thus privacy.

We can see from the state of the current finance markets who will win in that game, and it will not be privacy.

But aside from the fact that security will decrease in time to reduce delay thus trading currency volitility effects, there is the ROI on “breaking the system” to consider.

At the moment very few have the resources or desire to break the security of secure messaging apps. That is the value of the messages are by and large of no value except to,

1, SigInt agencies of various forms (mostly funded by a nations wealth).
2, Information brokers, who mostly deal with bulk or industrial scale data collection.

As these are few and far between it is entirely possible that the privacy via the security has already been broken “by design” but is generally not known (Skype?).

Making messages have direct value as in financial transactions obviously attracts two other types of attacker,

3, Those looking to greatly polish their C.V.’s reputation.
4, Criminals.

The fact that they have succeeded will not be kept secret for very long at all thus there will be a significantly increased preasure to find more and more breaks in the security of the secure message app system and thus the increased loss of privacy.

There are other reasons not to get involved with high volitility trading currencies let alone “build them in” to your secure messaging app not least of which is legislation and regulation. But also and perhsps more importantly you tie the fortunes of your secure messaging app to the fortunes of the highly volatile trading currency, which with crypto-currencies is in effect a “Suicide Pact”.

It’s why they should be developing a currency independent transaction system not a currency dependent one. And that way leave all the other issues to those that take on the currency volitility risk such as financial exchanges, banks, and sovereign nations.

[1] There appears to be three basic reasons why a security messaging app gets increased usage,

1, It’s hip/trendy/cool.
2, It offers increased privacy or functionality over it’s competitors.
3, It’s got the most users you commonly interact with using it.

In the long term it’s the third reason for “winner takes all”.

lurker April 7, 2021 8:07 PM

@onlytimewilltell

It’s in beta, for testing (and debugging) & only in uk (probably never will allowed in us)

What, you mean in the land of the free “they” can stop you choosing what software to use for purposes that are still legal?

SpaceLifeForm April 7, 2021 9:17 PM

@ Bruce

Rumour: Twitter is looking at doing similar. Hopefully not cryptocurrency.

Hmmm April 7, 2021 9:39 PM

Having just watched Moxie’s Webstock 2015 presentation, I realized he may want to do this to address the USA’s unbanked dispensary trade.

Someone needs to. It is dangerous for the USA’s dispensaries to do business in cash. It makes no sense.

NY just legalized recreational and will be adopting Colorado’s laws, in addition to home delivery. In Colorado and California, having armed guards is not a big deal. In NY it is really difficult to obtain a concealed carry license.

Plus NY State regulates all the global banks, whereas Colorado and other States do not. This means there’s no option to circumvent the dispensaries exclusion from financial services in NYS. Because this is a cash only business, which includes salaries, supply chain, taxes, rent, utilities, insurance and you cannot write checks or deposit your cash receipts you need to hire armed guards and Brinks trucks to remove the cash to some safe house. If you have a successful dispensary you will need to do this numerous times a day.

In Colorado all of the dispensaries (hundreds) are owned by only 3 men due to this.

Governors and ranking Senators want the cash trade to end. Irrespective he will have to institute an Anti-Money Laundering and KYC program in the US or UK. This is not trivial. And he will need a influx of money to do that (staff and software). Signal won’t be able to be anonymous for those that want to use it for bitcoin. If he restricts it to existing gift card limits it might be manageable from a regulatory perspective.

Deep Breath April 7, 2021 10:41 PM

@Bruce Schneier, @Peter:

MobileCoin was built, from the start, for the purpose of providing a payment function for Signal. It’s a not a cryptocurrency that Signal happened to choose. It makes sense that Moxie is on the board. See the CEO’s comment here:
https://news.ycombinator.com/item?id=26726246

Regarding the risk of attracting regulatory attention, what if limited it to small transactions, say under $1,000 or under %100?

Winter April 8, 2021 3:17 AM

@Deep Breath
“Regarding the risk of attracting regulatory attention, what if limited it to small transactions, say under $1,000 or under %100?”

Sounds “sane”. Signal is legally based in Switzerland and Switzerland will ratify the upcoming regulations on virtual assets and transactions.
https://www.elliptic.co/blog/fatf-updates-virtual-asset-guidance-public-consultation

I think our host is right, it would be most logical to use two apps that can communicate: Signal for communication, and a cryptocurrency wallet for payments.

Note that the privacy preserving currencies, e.g., Mondeo and cash, can implent a disclosure key so that you can always prove what payments you made if required.

Winter April 8, 2021 4:27 AM

@Winter
“Mondeo and cash”

Autocorrect is at it again. Should be “Monero and Z-cash”

Here are links to the mechanics of viewing keys.
Monero view key:
https://www.monero.how/how-to-verify-your-monero-funds-with-a-private-view-key

Zcash view key:
https://bitzec.github.io/blog/viewing-keys-selective-disclosure/index.html

Note that in the original Wired publication, Matt Green aired the same worries as Bruce. Marlinspike and Goldbard say that Signal only allows to easily use Mobilecoin and that Signal will not have any other connection to the currency.

homunculus April 8, 2021 4:37 AM

What is your opinion on this article?

Signal is a government op – Signal was created and funded by a CIA spinoff. It is not your friend.

Is it a conspiracy theory?

I always thought that it would be clever from intelligence services to build a secure messenger with backdoors and the snowden revelations would have been a good time to start. Operation Rubikon showed how impudent those actors are. Also the delay of keeping the Signal’s server side code published up to date made some people nervous.

If I trust the audits the end to end encryption probably works. If I go the conspiracy hypothesis further down the line I could think of the Signal’s servers recording metadata. Who can say which code is really running there?

I don’t say this is true. I think the linked article is out there and should be discussed.

Winter April 8, 2021 4:59 AM

@homunculus
“Is it a conspiracy theory?”

It is a theory about people conspiring to deceive the public, so how would you call it?

The real question is, is there any evidence that those involved in developing and operating Signal are working for the CIA?

The link you post is from a person who seems to hate anyone left of Trump (and immigrants) with a vengeance but does not give any evidence for his accusation except that he hates Marlinspike.

Without even a shred of evidence, would I trust the judgment of Yasha Levine more than that of Bruce Schneider or, say, Edward Snowden and Laura Poitras? You must be joking.

Show us evidence, then we can make up our minds.

noone April 8, 2021 6:02 AM

@Winter It’s evident from the FOIA documents published by Y. Levine that the Tor Project is somehow tied to CIA and NSA.

Apparently, Levine thinks the same is the case for Signal. Marlinspike has also worked for Tor, so why not?

Y. Levine is a conspiracy teller, in a podcast episode on Spotify (https://open.spotify.com/episode/03xtqacT2e0MTWaWUOHhcw) he thought loudly there is probably “one guy” who controls everything.

I recommend reading his book (Surveillance Valley) though, he does a great job in explaining the ideology that lead to the creation of the internet. (I am not sure about some claims, though.)

I don’t know if any of this is true but it is somehow exciting to view this from another perspective.

Winter April 8, 2021 7:05 AM

@noone
“It’s evident from the FOIA documents published by Y. Levine that the Tor Project is somehow tied to CIA and NSA.”

Tor was developed with money from the US Navy. See Tor history page. Not exactly a revelation. Tor is FLOSS, so if you want to look for backdoors, have a go. Tor’s finances are public, as is the USA’s public support.

Levine seems fond to condemn people on baseless suspicions alone.

Anyway, I respond to all accusations with a request for evidence. A vehement hate for a person’s personal believes is not evidence in my book.

Hmmm April 8, 2021 7:12 AM

@Winter

Cryptos will be regulated. Sooner than later. Last night Jamie Dimon made a plea for immediate regulation. Just having servers in Switzerland means nothing.

Once the US regulates cryptos, anyone doing business in the US will need to comply. All foreign banks doing business in the US comply with US bank laws for anti money laundering and KYC. No secret Swiss accounts for Americans.

But Biden is doing more than that. He’s going to tax any company doing business in the USA even if domiciled outside the US. He promised it before elected and the other day. The EU wants to do this too to American companies. https://www.cnbc.com/2021/04/07/biden-tax-plan-recaptures-2-trillion-in-corporate-profits-from-overseas-treasury.html

Everyone knows this is going to happen. Both sides of the aisle want it.

Trump even gave American companies amnesty and some Big Tech took it. Now the EU will try to grab that money and the US will too. Primarily impacts American Big Tech.

I’m a realist, not an idealist. It makes my job easier when I know the constrains of what I have to work with. I cannot afford to ignore or pretend something is not happening. My job is to be prepared.

Hmmm April 8, 2021 7:44 AM

@all

One more point. Banks know who is buying cryptos. You buy it through PayPal or Venmo that is coming out of your bank account, but your bank knows ultimately where it is going. Banks have the data whether those consumers procuring cryptos can afford to lose it. If they could it wouldn’t concern Dimon. There’s a saying on Wall St “only invest what you can afford to lose”. It becomes problematic for banks primarily if their customers are risking more than they can afford.

There’s hard data out there. Your bank knows more about you than the government can ever hope for. And many of them keep that data locked up tight, except if you use apps. Then you are broadcasting your private data.

Question with signal, at what point does the encryption kick in? After you hit send? If that’s the case, there’s no privacy because the clipboard scrapes with each keystroke.

I’ve noticed some banks are more protective with data than others. I give Chase a 10. I give American Express a 4. They broadcast your data knowing it will be scraped. So do other banks, but AMEX is purposely trying to hurt customers because they even include unmasked sensitive data in email that they know is insecure. There’s laws about that. Your bank data is required to be encrypted. Some don’t pay attention to this law.

Winter April 8, 2021 8:03 AM

@hmmmmm
“All foreign banks doing business in the US comply with US bank laws for anti money laundering and KYC.”

All foreign banks doing business in the developed world do so.

“No secret Swiss accounts for Americans.”

That has been a fact for years.

What is happening is that all crypto currency that cannot be traced to a kyc account is blacklisted.

Hmmm April 8, 2021 8:41 AM

@Winter

So why all of this concern about the privacy of Signal and Crypto when we know it’s not private, at least in the US?

It’s an app. They’ve all been busted for scraping. It is not that Signal is untrustworthy, it is all of the other apps on your phone and the device itself. I look at technical solutions holistically.

My concern about data privacy is from the data protection perspective. In my view there’s no way to protect data without first assuring it is private. Cybersecurity is dependent upon data privacy. You cannot have one without the other.

GDPR is the General Data PROTECTION Regulation. But everyone thinks it is a privacy law.

It seems unrealistic to me to think that Signal has any chance of being truly private without these data privacy laws. That is why Signal and ProtonMail is in Switzerland. No?

Bruce Schneier April 8, 2021 8:54 AM

@homunculus:

Yes, that is a conspiracy. Signal is not a CIA op. I consider it the best, and most secure, chat app out there. And I worry about the government interference it’s inviting on itself by adding a cryptocurrency. I don’t want to lose Signal.

Winter April 8, 2021 8:55 AM

@hmmm
” They’ve all been busted for scraping”

Where did you hear about Signal scraping? I never heard of that.

“So why all of this concern about the privacy of Signal and Crypto when we know it’s not private, at least in the US?”

How so it is not private in the USA now? There are plans, but nothing is real now. And how is Signal not private?

“GDPR is the General Data PROTECTION Regulation. But everyone thinks it is a privacy law.”

The GDPR does not protect data as such, only data that leads to, or identifies, a human individual. That is actually Privacy: Being able to hide information about your person or actions from the public.

not moxie April 8, 2021 9:07 AM

time for transparency.

moxie and the signal foundation should release all contracts and documents regarding the ponzi.. aeh… mobilecoin deal

Hmmm April 8, 2021 9:16 AM

@Winter

I am NOT accusing Signal of doing anything wrong. I am not making any accusation.

I am asking a question. Apps can be scraped by the clipboard. It’s not Signal that may be scraping. It may be other apps that are scraping. They aren’t necessarily scraping Signal. Apps scrape keystrokes. They capture all.

Upcoming iOS changes will notify which apps are scraping. But if Signal encrypts after you hit send it is not secure from other apps scraping your keystrokes. Unless you never had an app on your device except Signal.

I have found evidence that deleting apps is not sufficient. They don’t ever seem to be truly deleted. Plus the app owner is notified or has ability to see the deletion which is problematic to me.

My next phone will be app and email free. I won’t use it for authentication either. I will keep authentication on another device just for that purpose. I look like a crazy person when TSA makes me take out all my devices. Sometimes I’ve even put devices in my luggage and they don’t seem to like that.

But you see I’m not protecting myself from my Gov. I could care less what they see about me. I’m more concerned with everyone else. And quite frankly I’m all about protecting my employers too. Compromised employee is a compromised employer.

Hmmm April 8, 2021 9:31 AM

@Winter

I also suspect that device notifications (ie: message alerts) are scraped by clipboards too. So it’s not only an outgoing communication that can be scraped. It’s incoming too. At least the header and first few lines. We need more insight into what the clipboard picks up.

I disabled all notifications and found after doing so I stopped receiving messages from my vendors that like to leak my data. I suspect some might be paid to surreptitiously leak protected data. They are circumventing existing laws by doing so.

I think this clipboard issue is a problem for big business too. Most of the spying going on is not about consumers. Consumers are the conduit. They are after our employers and their IP.

Winter April 8, 2021 9:45 AM

@hmmm
“Apps can be scraped by the clipboard.”

Your phone/tablet is a public place. You should not use it for things you want to keep secret. There are guides for how to communicate given your threat model. Look for advice for journalists and (human rights) lawyers.

Never take your phone to a place where you want to be unnoticeable.

That said, Signal and Tor are nice when you want to protect yourself from people or organizations with limited resources, e.g. OSint, or limited interest.

Goat April 8, 2021 9:48 AM

Re:”I also suspect that device notifications (ie: message alerts) are scraped by clipboards too.”

@Hmmm, It may also be due to google push service, google is an advertising company

Clive Robinson April 8, 2021 10:01 AM

@ Hmmm, ALL,

But if Signal encrypts after you hit send it is not secure from other apps scraping your keystrokes. Unless you never had an app on your device except Signal.

Signal is not, nor is any other secure messenger application, banking/finance application, nor any other application secure from this sort of attack even if it encrypts key stroke by key stroke.

The design of Operating Systems lends themselves to the use of “Software shims” in the I/O and User Interfaces. Such OS’s also lend themselves to “end run attacks” that connect the insecure comms end point around the security end point in the application.

All apps with such OS controled I/O are vulnerable to such end run attacks, thus all mobile devices and consumer electronics are insecure by default and adding a “secure app” makes no difference to it.

The only way to improve the security of such devices is to take the security end point off of them in such a way that there is no way for an attacker to get at the plaintext or metadata of mrssages.

That is in some respects a non trivial excercise that nobody so far as I know appart from myselh has even remotely considered doing on consumer Smart devices or computers. For the very simple reason people want the illusion of security not the actuality, especially when it interferes with convenience.

Which is why I can confidently say that as secure as the supposed “secure messenger apps” are in the communications path, they can not make a secure system as their security end point is very much in the wrong place.

Now personly I care not a jot if users believe me or the hype, that’s their choice not mine. What I can and do, do is to “not play” the stupid game of “my app is more secure than your app”.

Two things arise from this,

1, I do not use secure messenger apps at all.

2, I find it very ironic that the man who in theory owns WhatsApp uses Signal for his personal communications.

As I said the other day he’s “Not prepared to eat his own dog…”.

As for why I refuse to use secure messaging apps… Hopefully it will get those who feel they must communicate with me to think, especially about what they send me as I chearfully remind them “It’s more than just a post card, the postal workers might read, it’s a mobile advertising board shouting out your message to the world.”

Do I do secure communications yes, but that is where I have a duty of proffessional confidence and it’s done in ways I’ve reason to believe are secure if the correct procedures are followed and people do not betray themselves to third parties.

@Winter April 8, 2021 10:05 AM

@Winter

I am not concerned with keeping secrets. My focus is Cybersecurity. I protect companies for a living and the whole BYOD is problematic for companies requiring security. There is no hope of privacy nor security so long as this scraping takes place.

The US Gov had to replace DHS employee phones recently due to this. People think that encryption is the solution. But it won’t work for 99% of the people. It is disingenuous for Signal to pretend it is secure as a plug and play app.

I’ve worked with CISO who use Signal on they personal phones for corporate business and think it is secure. While signal may be secure, the device is not. 99% of those using it don’t get that. I

Winter April 8, 2021 10:32 AM

@hmmm
” I protect companies for a living and the whole BYOD is problematic for companies requiring security. ”

I understand your pain. But perfect security is, like anything perfect, unattainable.

You should construct threat models and aim at securing against those. Humans are the weak link and all that. Compartmentalization, Need to know, security in depth, etc. etc.

But you probably know all this much better than I do.

Still, smartphones are like designed to be insecure. I have yet to hear from anyone who thinks she can secure a smartphone.

Hmmm April 8, 2021 10:46 AM

@Winter

Corporations and the Government need a new type of phone for high value target employees. Employers bought into let’s add MDM on employee devices so we can spy on them all the time. Never did they realize that spying would compromise their security too. Once you open that door, you cannot control who comes through. I worked for only one smart employer that taught employees how to protect themselves. They secured against insider threats other ways without compromising their employees. But we’ve gotten to the point where the people in Cybersecurity today either have no clue or no ability to speak up.

Ultimately I hope vaccines work and everyone goes back to work. But there are those of us who are thinking about the additional security required if we don’t.

Most cell phones only work in office bldgs through the corporate WiFI. Now with work from home it is so dangerous having an employee with Nefarious apps on their phone sitting on Teams all day.

I’m not calling Signal nefarious. I’m of the mindset presently that they all have no place in corporate America or WFH environment.

noone+srube April 8, 2021 11:28 AM

@winter Yes, I know. I think its more about the issue that the people at Tor do not only work for Tor, they also have meetings with FBI and CIA guys. And they might discuss vulnerabilities with them so they can exploit them.

Theres another point Levine makes: todays debates are too much focused on technology and not policy. “Crypto cult” seems to be a far rightwing thing, if you believe him. He accuses that Snowden was more like “Use Signal” and not “get active in politics and make this world a better place where police and secret services dont have so much power”.

And the latter is a valid point, in my opinion. Its extremely important. This topic got also covered on this blog. Or look at Shoshana Zuboff’s opinion: She is also for finding a collective solution, not an individual ones like paranoid people like you and me follow.

Its also about that people develop a kind of cargo cult where apps save their lives and get obsessed with opsec.

While its evident that Levine doesnt like nazis, he at least sympathizes with communists or socialists.

In my opinion, using Signal is like driving a belt while sitting in a car. Doesn’t make you perfectly secure, but is an improvement. Now, we have to implement regulations that all cars are manufactured with belts.

@Hmmm there are “secure”, hardened smartphones like cryptophone.de.

Regarding android theres already work that only apps can read the clipboard or record something if they are in foreground. No need to be paranoid here. You complain that “normal” phones are not secure enough – you can find many pledoyers on this blog about regulation to make all mobile devices more secure. I think this is the best “solution”.

Winter April 8, 2021 12:22 PM

@nooone+drive
“And they might discuss vulnerabilities with them so they can exploit them.”

Evidence please.

” “get active in politics and make this world a better place where police and secret services dont have so much power”.”

GDPR+. That is what I have said for years.

Amelia April 8, 2021 12:54 PM

You misunderstand me. I see no good reason to tie the two functions together in a single product, for the reasons I outlined above.

In relation to this, and the two comments about forking, I can see a reason—but it’s not “good”. The reason is that Signal has set itself up as a cryptographic identity provider (kind of; they rely on the phone network too). People need to know they’re sending money to the right person.

Marlinspike et al. have been openly hostile to the concept of interoperating with other software, such as Signal forks. (You can fork Signal, but then your forked software won’t be able to communicate with people using the official version of Signal.) Maybe they could release their own cryptocurrency app and give themselves a backdoor to use Signal’s identity services. Otherwise, it’ll be as inconvenient as any other “out-of-band” currency transfer service. Another agreement to read and understand (repeatedly, as they update it); another entity collecting personal information (possibly banking information—Paypal in particular is not to be trusted with such, and what about the unbanked?). Likely multiple such services, because the sender and recipient have to have one in common. They’ll have to negotiate this and share account details over Signal or whatever. Overall, a bit of a pain in the ass. They might as well use cash if they can meet in person, and then no business gets to extract a fee.

And, hey, the Signal people like money. They can’t straight-up charge money for the app, ’cause then a bunch of people will switch to something else, and even the willing buyers might switch after their friends do. In-app advertising will similarly alienate people. Cryptocurrency is an easy way to get money, from users and also from venture capitalists who see it as “hot”. So, that’s a second reason, with nothing “good” for the users.

Jeff April 8, 2021 2:40 PM

Amy Castor showed that MobileCoin primarily benefits Binance and some VCs. Binance is (in)famous for pump and dump scams.

It’s plausible MobileCoin might not become a pump and dump scam, but one should avoid supporting Binance’s endeavors on general principle.

We should clarify that MobileCoin is clearly centralized, since they simply trust three privileged servers. If you trust authorities so much then simply adopt Chaum-ian blind signatures like GNU Taler, which provide cryptographic privacy and run even faster.

In this vein, Intel SGX gets broken multiple times per year, blackhats, spies, etc. have stacks of exploits, so worthless for privacy. Arguably MOB having only three nodes provides privacy, except three sounds weak against nation state hackers.

If you honestly trusted SGX, TrustZone, etc. then you could build and deploy the obvious payer-to-payee trusted hardware solution which requires zero infrastructure. You’ve privacy like cash, no chain, no servers, etc., just everyone’s TEE trusts everyone else’s TEE.

Anyways, we’re left with only MOB’s non-succinct ring signatures. I’d love it if anyone works out the ring size and membership, but anything non-succinct leaks lots when used inside a blockchain.

I’d expect MOB’s privacy for repeated payments turns out weaker than gmail-to-gmail plaintext emails, simply because google has good security people and small-ish ring sizes fare poorly for repeated payments.

humdee April 8, 2021 2:47 PM

@bruce.

Tired of the idle cryptocurrency bashing from you. Let’s take it as a given that CC is stupid. What now? Bitcoin is trading above $50K. Coinbase has gone public. Signal now wants to jump on the fad. So what now?

CC may be a stupid idea but it has become obvious that institutions are backing this stupid cultural experiment. So what now? Does this backing from traditional trust centers degrade those institutions or power up cryptocurrencies?

All we seem to get from you is pearl clutching and hardwringing.

TBH the speculator in me is sad that I listened to you and missed out on all those easy riches. That is water under the bridge. Where do we go from here?

Etienne April 8, 2021 3:27 PM

Mark me down as highly disinterested in cryptocurrency.

I am against cryptocurrency, because it already takes more energy than Cuba generates, it is nearing what two nuclear power plants can provide.

Anyone dealing in cryptocurrency is gambling on astronomical leaps in power technology like fusion on every corner, and massive drilling into middle-Earth magma.

Clive Robinson April 9, 2021 2:40 AM

@ SpaceLifeForm,

If it is free and easy to use, it likely is not really secure.

Kind of true in an ironic kind of way… But first “To set the scene”,

“You are stood on a narrow road between The Land and whence you came. To the north and south are the small foothills of a pair of majestic mountains, with a large wall running round. To the west the road continues, where in the distance you can see a thatched cottage opposite an ancient cemetery. The way out is to the east, where a shroud of mist covers the secret path by which you entered The Land.”

Originally a quote from the first true MUD[1]…

IT Might be appt for the cover of Intel’s book on SGX if they ever get it together[0] which they still have not for various reasons.

It is however an appropriate quote to use when talking about Secure Enclaves, for more than one reason. Firstly it could be seen as a “Here be dragons” warning which is appt enough. But secondly that people still get system memory security baddly wrong because they make assumptions about it for some strange reason. Why I realy don’t know, after all it’s a known Class of vulnerability from the 70’s if not earlier[2].

[0] Anyone trying to understand Intel SGX is going to have a rough old passage getting to know the lie of the land… Other’s have tried to detail some of it,

https://graphene.readthedocs.io/en/latest/sgx-intro.html

Their first paragraph likewise helps set the scene for the drama to follow…

[1] The Essex University MUD game from oh a life time or three ago running on a Dec PDP-10, available to some on dial up who aimed for immortality as a Wizard or Witch (it was an equall opportunity MUD, and “Sue the Witch might have been a Jonny Cash fan[3]) some of whom later would drop a cat on you just for fun…

[2] The thing about MUD was it exploited a security fault in the DEC PDP-10 that Roy Trubshaw had found. You can read about it hear,

https://www.filfre.net/2017/12/games-on-the-net-before-the-web-part-2-mud/

That such a potential security fault existed in a modern computer back in 1977 was quite a shock to many people then… The funny thing is getting on for half a century later similar faults in hardware design are still occurring in computers, Intel and AMD both adding their share. When I say “this was known about in 70’s” this is just one example, there are others, I found my fair share of in the 80’s with Prime and various *nix platforms including Perq. Likwise in the multiplexed terminal system developed for AT&T Unix Sys 5 RV 4 that I purchased in the 1990’s.

[3] One of Johnny Cash’s most well known songs is “A Boy Named Sue” he first sung it in front of possibly one of the toughest audiences around,

https://en.wikipedia.org/wiki/A_Boy_Named_Sue

Oh as for Sue the Witch, it is rumored that during the day he was called Jeff…

Tatütata April 9, 2021 11:55 AM

Regardless of whether cryptocurrency support could be technically be integrated safely with a comm app such as Signal, such a move would be perilous as it provides a ready-made excuse to censors and bullies for attempting to control or shut down the channel, on dubious grounds of money laundering, forex control, criminality, and suchlike.

Hyolobrika April 9, 2021 8:04 PM

How does adding a cryptocurrency to an end-to-end encrypted app muddy the morality of the product?
I get your point about regulatory attention.

Clive Robinson April 10, 2021 5:04 AM

@ Tatütata,

such a move would be perilous as it provides a ready-made excuse to censors and bullies for attempting to control or shut down the channel

It’s actually an easy risk to mitigate.

As I noted above, the trick is to provide a mechanism to trancport “any” currency, not a locked in mechanism to transport only a suspect crypto-currancy.

That way you provide the equivalent of a “common carrier” significantly minimising the risks your service provides to what is managable.

But more importantly you avoid all the risks of association or identification with a questionable currency. You also avoid all that banking, lending, securities, money laundering, etc legislation that very few people realise how easy they are to transgress thus give not just an excuse to take action but a method to smash down hard on all involved.

It is very very unwise to provide “stored value” systems even banks etc get it wrong, but they have the reserves and stature to ensure they get only fines and the fines are managable (except in Iceland where jailing bankers almost became a competative sport).

There are only a handfull of tech companies with the reserves. But they have no stature in finance and are certainly not anywhere close to being a “too big to fail”. Thus they represet little risk that can be used for effective counter barganing.

Even the sociopath in charge of Facebook realised that, which is why he tried to partner with financial organisations, who having looked at the risk/reward split of the deal he was putting on the table smiled politely and declined rather definitely.

If Moxie and those behind him think they are any smarter, than I suggest they rather rapidly reevaluate their position…

No doubt that is why some people think it is actually a “pump and dump” activity similar to that the likes of Hedge Funds routinely do to tech company stocks.

I guess the question is,

“Is there sufficient cause for the proboscis of the genus Camelus that is possessed by the SEC to start not just sniffing along the hem of the skirt, but forcing it’s self intrusively via the rear entrance flap up into Signals tent?”

I guess we will have to wait and see.

Joe April 10, 2021 7:52 AM

@Bruce Schneier:

It’s not just that blockchain is just plain stupid.

Wow. This is a (refreshing) view that I have not heard expressed often from a heavy hitter like Bruce.

SpaceLifeForm April 10, 2021 6:30 PM

@ Clive, ALL

Some dots to ponder.

EncroChat used Signal protocol.

How did that work out?

Clive Robinson April 11, 2021 3:38 AM

@ SpaceLifeForm, ALL,

EncroChat used Signal protocol.

Yes they did… and,

How did that work out?

The sysyem failed very badly in exactly the ways I said it would long before.

What the EncroChat developers did is what I’ve repeatedly been saying you should not…

That is they put “user conveniance ahead of security” by “alowing the communications end point to have reach around the security end point”.

Which by the way is true for all Signal systems as far as I am aware (and all other current secure messaging apps as well).

So whilst it is true that Signals very limited communications security did not fail, just about everything else with Signal’s use did in the worst possible ways.

Thus the overal “Signal based system” as I’ve repeatedly predicted failed misserably and people are receiving significant harms because of it[1].

Hear we have exactly the same argument fleshed out to an article size,

https://www.techdirt.com/articles/20210331/21563346529/new-info-about-encrypted-messaging-service-bust-shows-signal-protocol-is-still-secure-law-enforcement-can-still-bypass.shtml

However what the article does not say is that,

All current secure messaging apps as currently deployed fail this way

Yes read that again till it sinks in.

That is this is not an “instance break” of great difficulty by clever authorities we are talking about but a fairly simple and very predictable “class break” which currently includes simple instances for all consumer systems using communications encryption.

So untill developers move the security end point beyond the reach of the communications end point they will all be vulnerable, as will the users.

@ ALL,

I’m sorry if I sound like a “stuck record” on this subject, but untill people learn to strip away the hype of the application developers from the reality of secure system design and usage, then headlines about criminals and FBI claims that everyone who uses encryption is a criminal are going to be the least of your worries.

If you want security, then invest some time to master the simple basics, because this problem with all consumer secure messaging apps is about as basic and simple as it gets.

There are even jokes about “end run attacks”, like the vault/safe door on the front of a tent, a lone 50ft fence post, and back in the early 1970’s the now “not fit for work” non PC satirical Mel Brooks movie Blazing Saddles had the “toll gate” scene about incorrect thinking on security (search you tube for “Blazing Saddles toll gate” but don’t say you were not warned about language).

[1] Yes the media have hyped the FBI line that all users of encryption are criminals, but we actually know that some of those EncroChat users were not criminals but people with either a “Duty of care” or a “Duty of confidentiality” trying to do the best with the legal requirments laid upon them. And that’s before we start talking about journalists and whistleblowers and those who’s lives are in even more danger. They need honest real security, not the at best intellectualy dishonest hype that Moxie and similar put out.

Winter April 11, 2021 6:50 AM

@Clive
“I’m sorry if I sound like a “stuck record” on this subject, but untill people learn to strip away the hype of the application developers from the reality of secure system design and usage, ”

Untill there is a fully secure communication system available to the masses, the masses have no choice but to use the means that are available to them. Signal is not perfect, but breaking it is more work, and therefore gives more protection, than breaking no protection. It all depends on prudence and opsec.

In Roman times, representatives of the “state” could hunt down dissidents through the whole empire on horseback. That is no different now. And then, as now, the prudent schemer and criminal could lower risk of detection and arrest with good opsec.

We all know by now that Smartphones are a liability. But every politkcal activist, spy, or criminal needs to communicate. So what are the options when you know even RFC 1149 (or for that matter RFC 2549) are not secure from interfering?

Dirk Wemhomer April 11, 2021 10:08 AM

@Stephen Deihl

Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy.

Actually Signal fails the grandma test because of its exclusivity. Nothing is more important to grandma than including everyone in the conversation. Signal excludes those without mobile phones and also those unwilling to share their mobile number with an organization.

Wire passes the grandma test, not Signal.

Clive Robinson April 11, 2021 5:01 PM

@ Winter,

<

blockquote>Untill there is a fully secure communication system available to the masses,

There is and has been for atleast half a century prior to the development of the original cellular radios. I’ve repeatedly explained the process required with the simple to understand use of a secure paper and pencil cipher[1][2]

The problem is the majority of users do not want to learn to do anything more then press a button or say the word “send”.

Thus it’s the pandering to the whims of “convenience” that stops thete being as much security as you would desire, nothing else.

So people get the illusion of security not the actuality of security with these apps.

Worse though they only find this out when the “midnight knock” happens or their loved ones find the person has “disapeared” or been found “suicided” or “double tapped” in some out of sight place, or draged outside by security services and executed violently and messily as a deterent to others. All of which and more have happened in very recent times.

Security is not a “convenience” and never has been and in all probability never can be, you have to work at it. Because security needs work, in turn privacy needs work, and in turn so does liberty that rests upon them as foundations.

Benjamin Franklin nearly three centuries ago put pen to paper and wrote,

“They who can give up essential Liberty to obtain a little temporary Safety, deserve neither Liberty nor Safety.”

Understood the notion of what was required. Thus today “safety” could be replaced with “concenience”.

[1] I used as an example the One Time Pad (OTP) which is both simple to inderstand and simple to use securely and has been for nearly a century. Whilst the OTP has many failings for the incautious, they are well understood. Unlike the myriad of failings of more convenient electronic devices. That is not to say you can not use seperate electronic devices/tokens[3], but you have to understand what you are doing and that is way way more dificult with electronic devices involved (see TEMPEST and EmSec rules for Red/Black seperation for Passive EmSec and how to screen etc against Active EmSec).

[2] https://www.schneier.com/blog/archives/2020/01/mailbox_master_.html/#comment-344813

[3] See the use of optically issolated TFC hardware security system, Marcus Ottela, developed with a little assistence of this blogs “Usuall Suspects” of the time,

https://github.com/maqp/tfc/wiki

Security April 12, 2021 3:06 AM

The brightness of the spot from the laser beam depends on the laser power and the reflectivity of the surface. At the same power, the human eye is the most sensitive in the green region (wavelength 520-570nm) of the spectrum, which seems to be brighter than other colors. The sensitivity of red or blue wavelengths is decreased.
high power fiber coupled laser diode

Rachel April 12, 2021 4:45 AM

Moxie did an interview with Joe Rogan not long ago. Joe made a point of expressing his use of and love for the app thus probably influencing about 1 million extra downloads after the interview

Honestly it was a mostly uninspiring interview. The technology and social media zeitgeist was touched upon in occasionally interesting ways.
Joe [almost] losing his temper with Moxie over a game challenge and Moxie discussing sailing briefly were the highlights.

Moxie was harrassed by border security for passwords every single time he flew for two years, and quickly learnt to stop flying with any tech.

Moxie did comment on the phone number broadcast component of Signal. I think Joe Rogan asked him about it. It’s simply the functionality of the app. Using a contact list for point to point identification is part of the design ethos of relying on inhernet phone functionality.
It is deliberately considered.

Operating instead via a univresal search function to connect with other users, like a social media app, is intrinsically more complex and yet, they are working on it, but it’s harder to do. (he said)

One thing I find challenging is the option to have a recovery password, automatically backs up the contents of the account, Google style. Except the user is not informed this is whats happening.

And, the new imminent update offers a seamless transfer of the account contents to a new device. I’m confused by this.

It’s entirely, entirely possible, even likely? Some unpleasant characters in sunglasses and balaclavas bumped into Moxie one rainy San Francisco night, and advised his future was more interesting than he had planned.

Moxie, you can have the sealed envelope containing the plans for side channels, gradually rolled out over 24-36 months. This envelope is attached to a briefcase stuffed full of unmarked bills Or, his loved ones could be introduced to a $5 encryption breaker His choice.

RE: fork. Moxie has refused and discussed reasons for refusing a repo, it’s functionally not possible

Rachel April 12, 2021 4:56 AM

Thanks for the nod to TFC, Captain

I hope you are feeling well. Wishing for you an influx of warmer elements of a seasonal variety, and otherwise, to support you increasingly, consistently and indefinitely

Anyone using TFC? Success and pleasure? Or less thereof?

Winter April 12, 2021 10:40 AM

@Clive
“the simple to understand use of a secure paper and pencil cipher”

When I am up to a murderous nation state, e.g., Vlad the Poisoner, I will write with a hard pencil on paper on a glass mirror (Stasi style). But then how to get it at its destination?

But to communicate with my family, I take Signal as currently sufficient.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.