Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption App Signal Wins Fight Against FBI Subpoena and Gag Order (dailydot.com)

Posted by BeauHD on from the nothing-to-see-here dept.

An anonymous reader quotes a report from The Daily Dot: Signal, widely considered the gold standard of encrypted messaging apps, was put to the test earlier this year when a FBI subpoena and gag order that demanded a wide range of information on two users resulted in a federal grand jury investigation in Virginia. The makers of Signal, Open Whisper Systems, profoundly disappointed law enforcement. The app collects as little data as possible and therefore was unable to hand anything useful over to agents. "That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman told the Associated Press. "It's just that it couldn't." "The Signal service was designed to minimize the data we retain," Moxie Marlinspike, the founder of Open Whisper Systems, told the New York Times. The subpoena came with a yearlong gag order that was successfully challenged by the American Civil Liberties Union. Signal's creators challenged the gag order as unconstitutional, "because it is not narrowly tailored to a compelling government interest." The challenge was successful. In addition to being popularly considered the best consumer encrypted messaging app available, Signal's technology is used by Facebook for Secret Conversations, WhatsApp for encrypted messages, and Google's Allo. Confronted with the subpoena, Marlinspike went to the ACLU for legal counsel. The ACLU responded with a letter saying that even though Signal did not have data the FBI sought, it still strenuously objected (PDF) to the fact the FBI wanted so much information.

88 comments

  1. Encrypted, Ordered, and Gagged by Bob_Who · · Score: 1, Funny

    Those Feds sure have a kinky power trip going on... I wonder if they wear zipper masks...

    1. Re:Encrypted, Ordered, and Gagged by Anonymous Coward · · Score: 0

      Nah, zipper would catch on their anus if they ever decided to pull their heads out.

    2. Re:Encrypted, Ordered, and Gagged by amiga3D · · Score: 2, Insightful

      Under a FOIA request I finally managed to find out how they manage to function under those conditions. It seems Federal Agencies have been issued glass belly buttons. Now, since they can't pull their heads from their anus they no longer have to. They can still see where they are going.

    3. Re:Encrypted, Ordered, and Gagged by pem · · Score: 0

      Glass or plastic?

    4. Re:Encrypted, Ordered, and Gagged by AHuxley · · Score: 2, Interesting

      The US always expected junk crypto and tame big brands to help with their crypto under PRISM, Bullrun, https://en.wikipedia.org/wiki/....
      Keeping most users on a few big US brands generational "free" applications helped a lot too.
      If the gov cant get in thanks to real encryption try and get into one end of the users computers.
      As some point the users is going to be reading plain text again and could even be typing in a message.
      Some software sent down to any user of interest to capture the message as decoded and as created is the next step.
      For communications to stay secure, anonymity and privacy is needed.
      Once anonymity is lost, privacy is lost.
      But for that a staging server with a cover story is needed, ready to use malware per OS is needed per case vs just read it all thanks to a tame brand.
      Back to keystroke logging software and ensure all AV application globally never get too smart?
      https://en.wikipedia.org/wiki/...
      The other issue is file change or realtime request to alter any interesting file detection and outgoing firewalls.
      Such deep third party security software is slowly gaining traction and is well beyond most OS bands expected and well understood internal "protection" efforts.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:Encrypted, Ordered, and Gagged by Bodhammer · · Score: 1

      Sapphire. (Or maybe Harambe Glass)

      --
      "I say we take off, nuke the site from orbit. It's the only way to be sure."
    6. Re:Encrypted, Ordered, and Gagged by Anonymous Coward · · Score: 0

      Keeping most users on a few big US brands generational "free" applications helped a lot too.

      Remember kids, open source will not save you. Diversity will. Actually you need both.

    7. Re:Encrypted, Ordered, and Gagged by Bob_Who · · Score: 1

      This is why I come to Slashdot. Superior insights and wisdom.

      Thank you, and Cheers!

  2. Tor Messenger? by Anonymous Coward · · Score: 0

    Has anyone tested Tor Project's Tor Messenger ?

  3. Damn Fine Marketing by Anonymous Coward · · Score: 0

    I bet their business will pick up with a sterling endorsement from the ACLU.

    1. Re:Damn Fine Marketing by BlueStrat · · Score: 4, Insightful

      I bet their business will pick up with a sterling endorsement from the ACLU.

      s/ Yeah, those sneaky bastards having the unmitigated gall to actually stand by principles to protect their users when challenged which tends to engender trust in return from their users!

      I mean, how low will some people go, right? 'Principles' are nothing but unscrupulous marketing tools and obstacles to the smooth and efficient functioning of the government, and therefor should be abolished! /s

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re: Damn Fine Marketing by Anonymous Coward · · Score: 3, Insightful

      I'm afraid your sarcasm will fall on deaf ears. Over 30 years of right wing pro corporate and cop worshipping propaganda have made some people react negatively to the mere mention of the term ACLU. Most of them can't even articulate a valid and actually factual reason why they hate that organization.

      This trait of ignorant subservience to propaganda sadly is now adopted by a lot of shrill people on the left now when asked why they dislike Trump. So now both sides sport tons of ignorant idiots.

      It's fine to dislike something or someone, but having a visceral reaction without knowing why is a problem, not a badge of honor. Anti intellectualism just keeps chugging along.

      There's no argument you're going to be able to use because you just can't fix stupid.

    3. Re:Damn Fine Marketing by AmiMoJo · · Score: 2

      It sounds like they didn't even need to stand by their principals, they simply designed the system to not collect the data that law enforcement was seeking. That seems to be the most prudent option now, build your system so that it can't be used by law enforcement to gather evidence and you don't have to waste time and money servicing their requests.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Damn Fine Marketing by Anonymous Coward · · Score: 0

      That's an odd thing to say. They built the system to avoid collecting data precisely because it is in line with their principals. It wasn't a happy accident.

    5. Re: Damn Fine Marketing by BlueStrat · · Score: 3, Insightful

      Most of them can't even articulate a valid and actually factual reason why they hate that organization.

      I have no particular love for the ACLU. They seem to be only interested in protecting *some* rights. Others, like the 2nd Amendment's noninfringable right for individuals to keep and bear arms for self defense and as part of the many disincentives towards tyranny built into the Constitution...not so much.

      Be that as it may, I still call this a good move by the ACLU and hope they prevail. I will cheer them when they are right and chide them when they are wrong the same as anyone else regardless of party or ideology.

      People need to stop thinking in terms of groups and group rights and concentrate on what is right for individuals. That's the real problem. TPTB have spent the last 60 years dividing people into subgroups and ethnicities and pitting them against each other to create the emotional tension to create partisan followers fueled by hate and resentment for their fellow Americans.

      Let's just worry about what is *good*. Those basic principles that built the US and made it the most prolifically-generous and charitable nation to have ever existed. Just look out for your neighbor. Lend a hand if you can. Don't let them play Emperor Palpatine; "Yes!...Let the hate flow through you!"

      "With malice toward none, with charity for all, with firmness in the right as God gives us to see the right, let us strive on to finish the work we are in, to bind up the nation's wounds, to care for him who shall have borne the battle and for his widow and his orphan, to do all which may achieve and cherish a just and lasting peace among ourselves and with all nations." - President Abraham Lincoln, Second Inaugural Address

      Don't let the hate-merchants who want to divide us all up, stir up hatred, and pit us against each other like Roman Coliseum gladiator-slaves, win.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    6. Re:Damn Fine Marketing by Anonymous Coward · · Score: 0

      I was being honest. I really think this was a good endorsement of their business model. I think the ACLU is an excellent organization. They are also limited in size and focus more on marginalized voices in society. The reason they don't stand up for certain rights is because there are already strong lobbies. The ACLU isn't needed for the second amendment because there are organizations like the NRA that brings more weight to the discussion.

    7. Re: Damn Fine Marketing by pnutjam · · Score: 5, Insightful

      Why should the ACLU waste their resources on the 2nd amendment. There are plenty of other organizations.

      --
      Cheap storage VM.
    8. Re: Damn Fine Marketing by quintus_horatius · · Score: 2

      People need to stop thinking in terms of groups and group rights and concentrate on what is right for individuals. That's the real problem. TPTB have spent the last 60 years dividing people into subgroups and ethnicities and pitting them against each other to create the emotional tension to create partisan followers fueled by hate and resentment for their fellow Americans.

      60 years? Is that all? In America?

      What about legal Jim Crow racism, which officially ended almost 50 years ago but persisted for over a century before that? Discrimination against the Japanese in the 1920s, '30s and '40s, or against Chinese, Irish, and Italians (none of whom were considered "white" at the time) during the last half of the 19th century and early 20th century? Native Americans since the 1600s?

      I'm not saying your message is wrong, but you need to check your history. This has been going on a lot longer than you think, and the sources "stirring up" discrimination are probably different than you believe. A lot of it is inborn and doesn't require stirring because, face it, humans are naturally assholes to each other.

    9. Re: Damn Fine Marketing by Anonymous Coward · · Score: 0

      The ACLU defends the second amendment at times. But the NRA really wants that job, so why not let them run with it and focus ACLU resources elsewhere?

    10. Re: Damn Fine Marketing by Anonymous Coward · · Score: 0

      Others, like the 2nd Amendment's noninfringable right for individuals to keep and bear arms for self defense and as part of the many disincentives towards tyranny built into the Constitution...not so much.

      My position on gun control:
      - If you want me to live, then I want you to have a gun.
      - If you want to hurt or kill me, then I don't want you to have a gun.

      That's my position and I'm sticking to it.

    11. Re: Damn Fine Marketing by Anonymous Coward · · Score: 0

      Not really. The NRA is just a gun manufacturing lobby; that's why they won't stand up for 3D printed guns.

    12. Re: Damn Fine Marketing by Anonymous Coward · · Score: 1

      Jim crow laws are on the books still. One was struck down a year or two back, because it was being used to bar minorities from owning guns. It hasn't just been 'going on' it's still going on. People use law as a weapon to hurt groups they want to discriminate against. That's why the highest laws are set in stone as things that a lawful government can never do. politics is all about dividing people by arbitrarily inventing reasons why "things a lawful government can never do" actually means "Things* a lawful* government* can never* do" with exceptions for every asterisk as needed.

    13. Re: Damn Fine Marketing by Anonymous Coward · · Score: 0

      People need to stop thinking in terms of groups and group rights and concentrate on what is right for individuals. That's the real problem. TPTB have spent the last 60 years dividing people into subgroups and ethnicities and pitting them against each other to create the emotional tension to create partisan followers fueled by hate and resentment for their fellow Americans.

      There's a famous quote about fascism coming to America wrapped in the flag, meaning that fascism will come wrapped in a package appearing to be the exact opposite. The author of that quote did not have a crystal ball and could not have foreseen that fascism was coming to the US, not wrapped in patriotism and the flag, but as "diversity" and "safe spaces." Today we have kids who are being forced to attend "re-education" for "gender misconduct" for referring to themselves as "handsome," kids being punished for sexual harassment for not knowing the name of the female lab assistant in their class, and major universities sponsoring "no whites" events. Communicating views and beliefs that do not conform to the globalist agenda of a borderless world is verboten and can get you permanently banned from the social communication networks of the day. Google will exact monetary penalties from users who express forbidden opinions by "demonetizing" their YouTube videos.

      The irony is that fascism and neo-apartheid has landed in the US and it's not coming from conservative Republicans (where most of us alive for the moral crusades of the 1980's imagined it would come from), but from those who label themselves as "progressive."

    14. Re: Damn Fine Marketing by Anonymous Coward · · Score: 0

      I have no particular love for the ACLU. They seem to be only interested in protecting *some* rights. Others, like the 2nd Amendment's noninfringable right for individuals to keep and bear arms for self defense and as part of the many disincentives towards tyranny built into the Constitution...not so much.

      Like this?

    15. Re: Damn Fine Marketing by quintus_horatius · · Score: 1

      Not really. The NRA is just a gun manufacturing lobby; that's why they won't stand up for 3D printed guns.

      But that counts. There's an entire industry, with money and motivation behind it, fighting for the second amendment.

      Who fights for the other amendments? Nobody, which is why the definitions for things like "freedom of speech" (first), "fair and speedy trial" (sixth), and "excessive bail ... fines ... cruel and unsual punishment" (eighth) are so loose and squishy.

    16. Re:Damn Fine Marketing by Anonymous Coward · · Score: 0

      The ACLU isn't needed for the second amendment because there are organizations like the NRA that brings more weight to the discussion.

      The problem with this talking point is that the ACLU has refused to take or simply ignored cases that were about violations of other civil rights like the 1st Amendment freedom of speech when the topic of the infringed speech (or other right) is pro-gun.

      They do more than simply leave 2nd-A cases for others to defend. The ACLU typically does not take a case when the victim's other civil rights were infringed while peacefully and lawfully exercising and/or promoting 2nd-A rights.

      Selective defense weakens all civil rights. If one right that you may not like personally is allowed to be infringed then the same reasoning and methodology can (and will, sooner or later) be used to infringe on rights dear to you.

    17. Re: Damn Fine Marketing by Agripa · · Score: 1

      Why should the ACLU waste their resources on the 2nd amendment. There are plenty of other organizations.

      So it is a waste of ACLU resources to defend the 2nd Amendment but not a waste to attack it?

    18. Re: Damn Fine Marketing by pnutjam · · Score: 1

      The ACLU disagrees, with the NRA, on how the 2nd amendment is meant to be read. Many American's do, with many laws. That's why we have courts.

      --
      Cheap storage VM.
    19. Re: Damn Fine Marketing by Agripa · · Score: 1

      The ACLU disagrees, with the NRA, on how the 2nd amendment is meant to be read. Many American's do, with many laws. That's why we have courts.

      That will be very comforting when the USSC changes their mind, rules that the 2nd amendment means what the ACLU thinks it means, and that "the people" only have collective rights.

    20. Re: Damn Fine Marketing by pnutjam · · Score: 1

      Yes, it will be comforting to many.

      --
      Cheap storage VM.
    21. Re: Damn Fine Marketing by Agripa · · Score: 1

      So collective rights will then include the 1st, 4th, 9th, and 10th:

      "... or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
      "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures ..."
      "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
      "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."

      Ya, that seems like a great idea for the ACLU.

    22. Re: Damn Fine Marketing by pnutjam · · Score: 1

      I'm not sure what your saying. We don't need gun rights enshrined in the constitution. For example, there is no constitutional prohibition on murder. It's just not an appropriate place for that sort of regulation.

      --
      Cheap storage VM.
    23. Re: Damn Fine Marketing by Agripa · · Score: 1

      I'm not sure what your saying. We don't need gun rights enshrined in the constitution.

      Then repeal them instead of sacrificing the meaning of the other rights recognized in the Bill of Rights.

      For example, there is no constitutional prohibition on murder. It's just not an appropriate place for that sort of regulation.

      We never needed a 5th Amendment anyway. Maybe we can sell it on Ebay.

  4. Whispering should be illegal by naughtynaughty · · Score: 2, Insightful

    People should be compelled to speak loudly enough that their communications can be recorded by law enforcement.

    If you have nothing to hide you have no reason to whisper.

    1. Re:Whispering should be illegal by Stan92057 · · Score: 0

      Why do government scumbags/nsa scumbags/cia scumbags/local cop scumbags,you, want to record/listen to me whispering to my wife, i want to fuck her in the ass tonite ?

      --
      Jack of all trades,master of none
    2. Re: Whispering should be illegal by Anonymous Coward · · Score: 0

      Used to feel that way, but it's simply not accurate.

    3. Re:Whispering should be illegal by Anonymous Coward · · Score: 0

      People don't need to be compelled. They do it quite freely; it's called Facebook. The real problem is getting them to shut the fuck up.

    4. Re:Whispering should be illegal by Anonymous Coward · · Score: 1

      RTFA. They just should that they cannot help criminals. They do not have the data the criminals want.

    5. Re:Whispering should be illegal by Anonymous Coward · · Score: 0

      So true!

      Martha, HEY MARTHA! can you grab three packs of glow in the dark condoms and some anti bacterial lube? -yes, this guy right here. He has nothing to hide.

    6. Re:Whispering should be illegal by RivenAleem · · Score: 1

      The US government has already shown that is it not above compelling people to speak loudly. The problem, though, is that it is impossible to trust loud conversation which was compelled.

    7. Re:Whispering should be illegal by Anonymous Coward · · Score: 0

      Whispering is like a suppressor on a rifle.

      It allows you to continue " whispering " for much longer before you are noticed.

    8. Re:Whispering should be illegal by Anonymous Coward · · Score: 0

      Tell that to Anne Frank......

      Oh Wait :(

    9. Re:Whispering should be illegal by unixisc · · Score: 1

      Maybe they should come up w/ an encryption algorithm where the amount of data collected is inversely proportional to the volume in which one speaks. If one shouts over the phone, as little data as possible will be collected. If one whispers, the data will all be collected w/o even being encrypted, or using the simplest of encryption/decryption schemes.

  5. Re:non-starter by Anonymous Coward · · Score: 0

    the phone number is for two factor authentication/verification.

    moxie is legit, man.

  6. They can supena the certificate's private key by aberglas · · Score: 1

    That is something that Signal does know. And with the key they can man-in-the-middle the site.

    I wonder what happens if the key is put inside a Hardware Security Module (HSM). They are carefully designed never to release the key, each request needs to be process by the HSM itself. I would be suprised if Signal or anyone else in this space uses one though.

    And of course, the Feds will have their own CA and so could just forge the cert.

    Doing SRP on a HSM though, that would slow them down. SRP also kills phishing. Which is why no security company will want to support it.

    1. Re:They can supena the certificate's private key by naughtynaughty · · Score: 2

      Signal has protections against MITM attacks. Once you've securely connected with someone a MITM attack isn't going to break that secure communication channel, keys have already been exchanged.

    2. Re:They can supena the certificate's private key by JesseMcDonald · · Score: 1

      The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
    3. Re:They can supena the certificate's private key by geek · · Score: 2

      OWS doesnt own the private key, so subpoena away mother fucker

    4. Re:They can supena the certificate's private key by Anonymous Coward · · Score: 0

      Right, that sounds nice and all, but in the real world, Signal exists, and is used by Snowden, and they just proved in court that they aren't in cahoots with even potential tyranny.

    5. Re:They can supena the certificate's private key by Fruit · · Score: 1

      Assuming Signal uses some form of (elliptic curve) diffie-hellman, subpoenaing the private key will not allow the FBI to decrypt a single message. And since Moxie Marlinspike designed this system you can be sure it does.

    6. Re:They can supena the certificate's private key by jittles · · Score: 1

      The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.

      The may not be able to MITM the connection, but with the developers' signing key they could push an update out which would send the cleartext straight from the app to the FBI's servers. To avoid that attack vector you would need to disable auto-updates and only install versions (manually, after verifying the signature on the binary) which have undergone a thorough security audit by someone you trust—preferably yourself.

      You're assuming I can trust myself. What if my other personality received a NSL and isn't telling me about it?

    7. Re:They can supena the certificate's private key by Anonymous Coward · · Score: 0

      Signal has protections against MITM attacks. Once you've securely connected with someone a MITM attack isn't going to break that secure communication channel, keys have already been exchanged.

      Sounds like the same fascist assholes that recentralized usenet as reddit figured out a way to monetize ssh while screwing everyone else.

    8. Re:They can supena the certificate's private key by Anonymous Coward · · Score: 0

      Google Man In The Middle.

    9. Re:They can supena the certificate's private key by Anonymous Coward · · Score: 0

      No. This just proves that Signal is a front for the spooks, and this case is just a way to make people like you think that it is real.

      That is the biggest problem. You do not know who you are dealing with.

      Personally, I would hide in the crowd. Use Facebook or GMail.

    10. Re:They can supena the certificate's private key by kenshin33 · · Score: 1

      It's more complicated thant that

    11. Re:They can supena the certificate's private key by kenshin33 · · Score: 1

      that is why it is imperative to verify identities.

  7. Apple and Google by Anonymous Coward · · Score: 1

    So when is Apple and Google going to stop keeping logs?

    1. Re: Apple and Google by Anonymous Coward · · Score: 0

      Never. Nor will they ever admit to cooperating with state agencies to collect your data.

  8. Re: non-starter by Anonymous Coward · · Score: 0

    This code has been audited thoroughly... The requirement for sms distinguishes it from alternatives using the same codebase: WhatsApp secret etc.

    Fyi the Infosec community at large uses signal... Your paranoia is not unwarranted and perhaps you are willing to avoid it, but your sms/phone number isn't private nor should you treat it as such.

  9. Are the keys stable? by Anonymous Coward · · Score: 0

    I mean by that are the public keys the same over time (long time!) without key revoke and update mechanisms. Or is it just a session key you're talking about?

    One of the things I think are the trojan horse of crypto is "oooo we must revoke the public key if its stolen", by which they add a backdoor mechanism that lets them silently change the public key, or enable the start of a man-in-the-middle attack.

    Certificates take this process further by *expiring* the cert, typically annually. Making a clear start point for the MITM attack to begin. TLS is a joke now.

    I think *time* is the best check, and if you can ensure the key is not change by any 'revoke' or 'expire', then the key must be the same, and you can ensure its the same contact point from day-one. If the key is stolen, then the key change is a BIG DEAL, IS public and the fact it changes IS noticed. The other party is no longer the trusted entity you've been dealing with over the years. Your trust was built up in the public key, not the email address or message address it was attached to (which is usually trivial to fake).

    1. Re: Are the keys stable? by Anonymous Coward · · Score: 0

      Block chain for crypto keys? Once deep in the chain it would be computationally impossible to change one.

  10. I'll be that guy today. by Anonymous Coward · · Score: 0

    Makes for a really good false sense of security. Adds confidence to encourage users to speak more freely. Overall effective article for all intents and purposes.

    Weak spot via the shared Google libraries it's compiled with when you download it from the play store.
    MITM attacks.(they occur)

    Several of Moxie's postings raised the hairs on the back of my neck, which means nothing but I trust my intuition.

    I doubt signal comms will ever make it to a courtroom but I'd wager they are very accessible to those who have the interest and resources.

    Those who care more about intelligence(hooray) rather than simply law enforcement.

    All your comms are owned, if they want to own you, you are owned. Give me that kind of budget, those resources, and that authority and I'll own anyone.

    1. Re:I'll be that guy today. by Anonymous Coward · · Score: 2, Interesting

      Wait, what? You're saying it uses Google libraries?

      If so... uh, no thanks. I don't care HOW "secure" their own code is. Once you use Google services, you have to consider that you are backdoored. If not today, then in the future when G updates the libs because it wants some more of your data.

      ANY use of Google services - the biggest advertising dataminer on the planet -means that product CANNOT be trusted. They are the biggest force against privacy on the internet, and that's saying a lot.

    2. Re:I'll be that guy today. by Anonymous Coward · · Score: 0

      Yeah, Moxie's been fighting this tooth and nail. There have been attempts at forking Signal in order to allow it to work without GCM/Google Play Services, but Moxie has taken a hard stance against that and pretty much shut them out of the Signal servers.

      Also, the app has a 90 day expiration date. If you don't update it every 90 days, it will stop working.

  11. Best part of the story ... by stigmerger · · Score: 1, Insightful

    [blah blah blah ...] Moxie Marlinspike

  12. Re: non-starter by Anonymous Coward · · Score: 0

    I've been playing with ejabberd and Conversations on Android with OMEMO.

    Look it up.

  13. I thought this app was for privacy? by Anonymous Coward · · Score: 2, Informative

    It says it needs access to:

    Device & App History
    Identity
    Calendar
    Contacts
    Location
    SMS
    Phone
    Photos/Media/Files

    I have a hard time feeling private with all those permissions. I'm surprised it didn't ask for my blood type.

    I know pretty much everything "requires" access to everything these days. When your printer wants access to your contact list, something is wrong. This is a privacy app, why is it so intrusive?

    On their page, it even says "Using Signal, you can communicate instantly while avoiding SMS fees". So why does it want access to SMS?

    1. Re:I thought this app was for privacy? by TechyImmigrant · · Score: 1

      >So why does it want access to SMS?

      For the authentication phase.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    2. Re:I thought this app was for privacy? by heypete · · Score: 5, Informative

      It says it needs access to:

      Device & App History

      [snip]

      All the permissions Signal requires are explained here. They all make sense in context, and many can be disabled without affecting normal use (e.g. location, calendar, camera, etc.).

      To answer your question about SMS in particular, OWS says "Signal is capable of functioning as a complete replacement to your phone’s stock messaging application. In order to do this, it needs to be able to send and receive text messages (both SMS and MMS). You can also import your existing messages into Signal when it is first installed, and these permissions allow that database to be read as well."

    3. Re: I thought this app was for privacy? by Anonymous Coward · · Score: 0

      Why does an 'authentication' phase need my phone number or access to the public SMS phone system? If I'm using an app for privacy in a hostile regime, the last thing I want is a traceable text message saying "Welcome to this illegal secure communications app that marks you out as a dissident and subversive!"

      Just let me pick a screen name and a password. You know, the way setting up a messenger account used to work, before WhatsApp and Telegram fucked things up.

      Yes, if I'm an idiot and forget my details, I'm locked out, and you can't send me an SMS to log me back in. I accept that. GIVE ME THE OPTION to register with just a name and password.

    4. Re:I thought this app was for privacy? by Anonymous Coward · · Score: 0

      It's also open source.

      https://github.com/WhisperSystems/Signal-Android

      You can go look at what the permissions do, and even compile a copy yourself. In terms of mobile messaging security, it simply does not get any better than this!

    5. Re:I thought this app was for privacy? by Actually,+I+do+RTFA · · Score: 1

      Location and calendar are literally "we may use these in the future." It's bad practice to request preemptive permissions.

      --
      Your ad here. Ask me how!
    6. Re:I thought this app was for privacy? by Anonymous Coward · · Score: 0

      >...can be disabled

      But why is it on in the first place? Imagine if every day life was like this- set up to drain from you just because 'it can'. I can see it now:
      - when entering a restaurant, one must ask to NOT be mugged by your waiter.
      - when driving you must re-program the car to NOT eject you from the driver seat.
      - when flipping on a light switch, you must have previously turned OFF the auto-electrocution capabilities.

      See? Sure it may be 'explained' in the manual or product white papers. But that's childish. Literally, telling a kid to not cross the busy street. "But I NEEED to because I want to be over there..." *Thwomp!* Explanations are merely divulgences, not moral high ground.

  14. Judges, courts are just words and thus powerless! by Anonymous Coward · · Score: 0

    > being popularly considered the best consumer encrypted messaging app available

    The NSA wants you think that. It is a Potemkin village with a kabuki theatre. Since secret services and agencies operate outside of the law, it is moot what wig-wearing, priestly robed judges proclaim about them.

    American people have been indoctrinated to falsely think that words have powers. No, words like those written on the rawhide of constitution, declaration of independence, scotus verdicts, etc. have no power. They are just babble. What counts is the power to conduct action.

  15. Bush's Fault! by Anonymous Coward · · Score: 0

    ....Oh..... wait.

    Are people finally getting this is not a partisan thing?

  16. is the google, facebook implementation the same? by Anonymous Coward · · Score: 0

    article says they use signal - and trust being what it is these days in regard to our privacy - are facebook and google also respecting our privacy or do they grab other data - INCLUDING compiling metadata which is being treated as public property these days by the sheer amount stupid a the NSA?

  17. Not Related To Need by JimSadler · · Score: 1

    All governments repress conversations between citizens. It does not relate to a need to do so. It is not because a nation has enemies or the danger of some potential emergency. It is almost as expected as the fact that a banana will ripen and turn black. It can have to do with corruption and a seeking of ways to make money, a desire to maintain power, or a desire to squash people not liked by an administration. And frankly it is next to impossible to stop. If a spy agency wants to steer certain people to use a particular encryption system there would be one heck of a motive to get refused to break an encrypted product as a lure and announce in a subtle way that the government is frustrated at not being able to penetrate the product. We never know if it is not a spy agency actually creating the encryption programs. This went as far as a very superior cell phone being sold in Miami that was designed to lure drug dealers to use that phone and every conversation went right to the FBI and probably other agencies as well.

  18. "Law enforcement should be difficult" by Anonymous Coward · · Score: 0

    Really interesting quote from ZDNet article:

    Speaking at the RSA Conference this year, [Moxie] Marlinspike said that while encryption may be a thorn in the side of law enforcement and has caused technology vendors and police to grapple with each other over the last few years, we need it.

    "I actually think that law enforcement should be difficult," Marlinspike said. "And I think it should actually be possible to break the law."

    +1

  19. So, we are expected to believe... by Anonymous Coward · · Score: 0

    ...that the combined resources of the US government can't defeat Apple or Signal. Yet, the US gov even pushed other businesses to the wall. Even Snowden is pushing Signal and Tor...when Tor has a hand-picked intel asset board and the whole platform is mainly routed through NATO providing a global view.

    I call bullshit on this and state that any surviving US tech giant is backdoored in some fashion and part of the 'apparatus'.

  20. Objection by pgfault · · Score: 1

    "Oh. Well, if you /strenuously/ object then I should take some time to reconsider."

  21. Re:non-starter by unixisc · · Score: 1

    How about Telegram?

  22. So what happened? by SoftwareArtist · · Score: 1

    What a completely incoherent article! The title says they won a fight. What fight was that? Was there a court ruling? If so, what issue did it decide and what did it say? Or does it have something to do with the grand jury investigation mentioned vaguely and confusingly in the summary? Who or what was that grand jury investigating? Did they just make a decision about something? I really can't tell what the story is here.

    --
    "I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
  23. Tor Messenger by Anonymous Coward · · Score: 0

    The Tor Project has a testing release of "Tor Messenger". See blog.torproject.org

    But you see, it's not popular or cool enough to post about Tor here.

    ONLY if it's BAD news about Tor, then that gets front page treatment!

  24. grenades by Anonymous Coward · · Score: 0

    I have no particular love for the ACLU. They seem to be only interested in protecting *some* rights. Others, like the 2nd Amendment's noninfringable right for individuals to keep and bear arms for self defense and as part of the many disincentives towards tyranny built into the Constitution...not so much.

    You seem to have some thorough and strong opinions. Please explain to me why a 50cal is OK, but grenades, fully automatics, silencers, and tactical nukes are not?

    1. Re:grenades by BlueStrat · · Score: 1

      You seem to have some thorough and strong opinions. Please explain to me why a 50cal is OK, but grenades, fully automatics, silencers, and tactical nukes are not?

      You'd have to ask those who decided those things don't fall under the 2nd Amendment.

      My opinion is that any weapons normally carried by a current US infantry soldier as basic battlefield infantry loadout is protected. That means M4 carbines w/select-fire, grenades, etc should be protected and legal to own. The whole point of the 2nd Amendment besides self-defense is to create a civilian military force to repel threats to the nation from either foreign invaders or as a disincentive to domestic tyranny which would require a rough equivalence in weaponry to the regular army in order to be effective.

      Since the 2nd Amendment deals with individuals, crew-served weapons like heavy machine guns, howitzers, mortars, and large explosive/area-effect weapons such as tactical nukes and ballistic missiles are outside the 2nd-A's purview, as are landmines and nerve gas.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.