[kwlug-disc] Secure IM news

CrankyOldBugger crankyoldbugger at gmail.com
Thu Nov 24 11:02:33 EST 2016


I just installed Signal on my Android phone a couple of weeks ago.  It runs
nice, but of course I'm the only person in my SMS list who uses security of
any form...  :(

I'm still waiting on a one glorious all-encompassing multi-platform,
multi-device, secure, open source chat program that ties into Skype, IRC,
Hangouts, ICQ, whatever...


On Thu, 24 Nov 2016 at 10:50 locklin.jason at gmail.com <
locklin.jason at gmail.com> wrote:

> There are certainly two problems in the IM sphere: the lack of
> privacy/security, and the silos. Signal makes a huge leap in terms of the
> first -by making good e2e encryption work with good UX. The lack of
> federation and requirement of GCM means that that advancement can really go
> no further. The signal servers are going to have all the metadata, and
> Google is going to track everyone's device.
>
> This feeds into the second problem. With a silos, there is no room for
> sustained growth. You may be able to convince people to settle on Signal,
> but convincing them to move on to another system with better metadata
> security down the road will be very difficult -and what ultimately
> convinces them to move on will likely be something other than privacy.
> Silos have always been, and will always be a long-term loss strategy. They
> will only ever lead to long-term system-hopping, without incremental
> improvement (of course, silos can be very short-term lucrative for the
> winners).
>
> The only long-term solution for truly free and private communication is
> either a federated or p2p network, based on open standards. Of course,
> those systems are hard to get started because they are technically and
> economically more challenging. I have certainly installed and experimented
> with dozens of such, to see them go unused and quiet. I think Matrix has a
> shot though. It has the unusual confluence of long term potential for truly
> free and private communication, while actually being very useful now. I
> basically use it daily as my general IRC client/bouncer for (un-secure)
> group messaging in large existing groups. I use Signal daily as well, as it
> doubles as my SMS client, so both have figured out ways to be useful
> immediately, while pushing for change.
>
>
>
> On Thu, 24 Nov 2016 04:44:16 +0000
> Chamunks <chamunks at gmail.com> wrote:
>
> > "Yep! Signal has made great improvements to OTR. I personally think the
> > best change is rather that the ratchet, being based on deterministic
> > algorithms (hashes), supports offline messaging in a way OTR couldn't and
> > therefore couldn't be used (effectively; you could with xabber but it was
> > The Worst Thing) for mobile. Actually, my belief was that OTR also used a
> > different key for each message, but it had to negotiate the key actively
> > with the partner, which is why you had to have an active
> both-people-online
> > session to use it. Do you know if I'm wrong about that?"
> >
> > After some review you are correct.  I'm not entirely certain of the
> > difference at this point I always thought / was under the impression OTR
> > was per session.
> >
> > As for google's GCM, it's literally just a push system/relay and index of
> > registered devices on the GCM network it acts as a secure relay for data.
> > As you basically have to trust the internet underneath your fibers there
> > will be some proprietary systems in there somewhere you're not even going
> > to be aware of.  Cisco/Juniper etc they're all proprietary IIRC.  I would
> > be more concerned about the data sent via GCM more so than the fact that
> > its using GCM.
> >
> > The benefit of this system is that you don't add security holes opening
> up
> > sockets to the internet meaning it's more secure than leaving an open
> > web-socket/socket.  Or the alternative of having a DHT or something
> > tracking the online status of your neighboring devices.  Signal isn't
> > intended to be an anonymity network its intended to provide provably
> secure
> > conversations past beyond the common standard.
> >
> > If you want something ultra-secure that won't have anyone on it ( the
> > biggest problem with a messaging protocol is that someone needs to
> actually
> > use it for it to be useful ) you could try TOX
> > <https://wiki.tox.chat/clients> or something via the TOR network.
> That'd
> > really be the only truly open-source messaging system that would be
> secure
> > end to end and also anon and free of proprietary backing.
> >
> > I do really like the concept of open standards though but I think that
> > Moxie Marlinspike is rightfully defending his protocol at the moment
> though
> > because if I were trying to build the reputation for my protocol I would
> > fend off people who would likely run things poorly and at the moment it
> > seems like he's doing a better job than anyone else.  Once you get mass
> > adoption maybe he might be convinced into opening the standard.
> >
> >
> >
> > On Wed, Nov 23, 2016 at 11:16 PM Nick Guenther <nguenthe at uwaterloo.ca>
> > wrote:
> >
> > >
> > >
> > > Le 23 novembre 2016 21:41:08 HNE, Chamunks <chamunks at gmail.com> a
> écrit :
> > > >SignalApp is perfectly open they only use GCM for an efficient method
> > > >to
> > > >tell clients where to send the message to p2p. None of the messages
> > > >actually travel through GCM.  This is how android's designed to work
> > >
> > > There are multiple layers of openness here. The code is open, but the
> > > service is not because they don't federate, and to protect the brand
> (the
> > > argument being that for the non-obsessed-geek crowd, that also protect
> a
> > > security by avoiding imitators) they actively stamp out anyone running
> even
> > > an alternate copy of the server. On top of that, the fact that any
> part of
> > > the infrastructure depends on Google's non-free systems is a lack of
> > > openness; isn't one of the core FSF software freedoms the ability to
> use
> > > the software wherever you can? Well, because of the tie into to
> GCM/Apple
> > > Push, you can't run it on BlackBerry 10, you can't run it under Pidgin
> > >
> > > >
> > > >The best part of the signal protocol is that unlike the OTR spec, it
> > > >ratchets its keys for every message since its so cheap on the CPU
> these
> > > >days to make more keys.
> > >
> > > Yep! Signal has made great improvements to OTR. I personally think the
> > > best change is rather that the ratchet, being based on deterministic
> > > algorithms (hashes), supports offline messaging in a way OTR couldn't
> and
> > > therefore couldn't be used (effectively; you could with xabber but it
> was
> > > The Worst Thing) for mobile. Actually, my belief was that OTR also
> used a
> > > different key for each message, but it had to negotiate the key
> actively
> > > with the partner, which is why you had to have an active
> both-people-online
> > > session to use it. Do you know if I'm wrong about that?
> > >
> > > I am not sure if you were debating my reluctance with this message. If
> you
> > > were, let me clarify that I'm not reluctant about Signal; it sucks that
> > > they have decided they don't have the resources to do federation, but I
> > > have peace with that and use and recommend Signal every day. My
> reluctance
> > > is about Matrix claiming "e2e group chats!" without maybe fully
> thinking
> > > through the threat model.
> > >
> > >
> > >
>
>
> --
> locklin.jason at gmail.com <locklin.jason at gmail.com>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20161124/42daa361/attachment.htm>


More information about the kwlug-disc mailing list