Slashdot Mirror

← Back to Stories (view on slashdot.org)

Egypt Has Blocked Encrypted Messaging App Signal (engadget.com)

Posted by msmash on from the blocking-encryption dept.

An anonymous reader writes: Egypt has blocked its residents from accessing encrypted messaging app Signal, according to the application's developer. Mada Masr, an Egypt-based media organization, reported yesterday that several users took to Twitter over the weekend to report that they could no longer send or receive messages while on Egyptian IP addresses. Open Whisper Systems, the team behind the app, told a user asking about a situation that everything was working just as intended on their end. Now that the company has confirmed that the country is blocking access to Edward Snowden's preferred messaging app, it has begun working on a way to circumvent the ban. They intend to deploy their solution over the next few weeks.

44 comments

  1. Huh by wanderung · · Score: 4, Funny

    Apparently you can stop the signal.

    1. Re:Huh by Anonymous Coward · · Score: 0

      only if its cloud generated. use on prem encryption solutions.

    2. Re:Huh by wanderung · · Score: 1

      only if its cloud generated. use on prem encryption solutions.

      That woosh you heard was the joke clearing your head by a good 20,000 ft.

    3. Re:Huh by Anonymous Coward · · Score: 0

      Apparently you can stop the signal

      Sounds like Egypt is using a form of... uhh... "Mal"ware.

      (Ow! Stop! I'll show myself out.)

  2. MAIN SCREEN TURN OFF? by Anonymous Coward · · Score: 0


       

  3. But... by 110010001000 · · Score: 1

    But I was told by Slashdotters that government people didn't understand the Internet and therefore such attempts would be useless. What is next, saying that DRM actually has an effect on casual piracy?

    1. Re:But... by bigpat · · Score: 1

      But I was told by Slashdotters that government people didn't understand the Internet and therefore such attempts would be useless. What is next, saying that DRM actually has an effect on casual piracy?

      That was true... until governments hired us all. Now we are the Man.

    2. Re:But... by Anonymous Coward · · Score: 0

      Fuck off, idiot. Government policymakers are clueless when it comes to technical details, but there are no shortage of smart techs who can implement whatever hare-brained scheme they dream up.

    3. Re:But... by UnknownSoldier · · Score: 1

      > But I was told by Slashdotters that government people didn't understand the Internet and therefore such attempts would be useless.

      Short term: yes.
      Long term: no.

      Only cowards censor.

      --
      A society doesn't remain a free and open when it censors free speech by mis-labeling it hate speech.

    4. Re:But... by CohibaVancouver · · Score: 1

      Only cowards censor.

      True, but it doesn't mean that censorship isn't effective, at least in the short term.

  4. Wrong summary by GeekWithAKnife · · Score: 0


    Should read: "In a landmark decision Egypt will undertake the visionary and foolproof step to block encrypted messaging app 'Signal'."

    To those that are entrusted to implement this intelligent measure I say, good luck.

    --
    A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
    1. Re:Wrong summary by Anonymous Coward · · Score: 0

      !noitpyrcne ym kcarc ot elba eb reven lliw yeht ,ahahahaH

    2. Re:Wrong summary by CronoCloud · · Score: 1

      .ire ugvj 31GBE tavfh lo abvgnpfhsob rebz arir qqn anp hbL


      -----BEGIN PGP MESSAGE-----
      Version: GnuPG v2

      owE7rZvEEBE5UcS/SKEkI7UoVb0YRCukF6QbKegmKujqFpfkF6Uq5BeUZObn6XEB
      AA==
      =wuLg
      -----END PGP MESSAGE-----

  5. You fucked up, Open Whisper Systems by GameboyRMH · · Score: 1

    Sounds like this secure chat application's traffic is unique enough to be identified and blocked by firewall rules, perhaps by an identifiable header or a unique port number. I call that fucking up.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
    1. Re:You fucked up, Open Whisper Systems by 110010001000 · · Score: 1

      Any applications traffic can be identified and blocked. Applications don't communicate by magic. They need to know the endpoints to communicate on.

    2. Re: You fucked up, Open Whisper Systems by Anonymous Coward · · Score: 0

      This is a load of nonsense. It's trivial to mask such traffic so as to be indistinguishable from, say, HTTPS traffic.

    3. Re:You fucked up, Open Whisper Systems by GameboyRMH · · Score: 1

      If those endpoints are everywhere and change frequently enough, blocking by IP becomes impractical.

      I suppose this chat application has central servers with IPs (or maybe domain names) that never change...if VPN providers can change endpoint IPs quickly enough to thwart blocklists, the Signal servers should do the same if they don't want to be trivially blocked by IP. Of course this requires some mechanism for distributing new IPs but that's been done before.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    4. Re:You fucked up, Open Whisper Systems by johanw · · Score: 1

      They just have to block the server, that's sufficient. No deep package inspection needed.

    5. Re: You fucked up, Open Whisper Systems by Anonymous Coward · · Score: 0

      Tell that to my BlueCoat system that if it can't decode traffic, it doesn't go out.

    6. Re: You fucked up, Open Whisper Systems by Anonymous Coward · · Score: 0

      Sorry but when did ows ever suggest that signal traffic was hidden in transit? I think their decision to not support federation is very short sighted, but signal is a secure communication system, not an anonymizer or stealth/hidden service.

    7. Re: You fucked up, Open Whisper Systems by Anonymous Coward · · Score: 0

      Fuck you bluecoat

  6. 'Signal', but no 'WhatsApp' ? by Anonymous Coward · · Score: 1

    So they blocked encrypted 'Signal', but not encrypted 'WhatsApp' ? Oh, they have access to these messages, even though the vendor *claims* it's 'encrypted'. Got it. Thanks

    1. Re:'Signal', but no 'WhatsApp' ? by fph+il+quozientatore · · Score: 1

      Have you RTFA? They blocked Skype, Viber and Whatsapp in 2015.

      --
      My first program:

      Hell Segmentation fault

  7. Re: solution over the next few weeks by slashrio · · Score: 1

    As in: Signal didn't see this coming and wasn't prepared?
    Thanks, that's a big fuck-up indeed.

    --
    "Trump!!", the new Godwin.
  8. Re:Egypt are LUDDITES. by Anonymous Coward · · Score: 0

    in this particular instance, the apps had been aped by luddites, trump 2016

  9. Federation by corychristison · · Score: 2

    If Marlinspike would stop being such a prick, and embrace Federation, this issue would be solved so easily.

    It is possible for anyone to use the Signal Server and set one up for themselves. Unfortunately, Marlinspike is refusing to Federate and proclaims the centralized approach is much, much better for everyone..

    I'm seriously considering forking it and removing the dependence of a telephone number and moving to an e-mail address instead. Having to set up a Twilio account (though I already have one) to send authentication codes via SMS is cumbersome (and gets expensive) and I have no idea how this trend caught on. People looking to use IM don't always want to use their phone number as their account identifier. Not to mention Signal piggybacks incoming message signalling over Google's Cloud Messaging platform.... there are other ways to do this without Google.

    1. Re:Federation by Anonymous Coward · · Score: 0

      There are two arguments for using phone numbers. One is that it cuts down on SPIM. (Just because getting and verifying lots of unique new phone numbers is difficult.)

      The other is that if all IM protocols use the phone number as the identifier, you can add your friends across protocols automatically, just by looking at contacts.

      The same could be said of email, but I suspect that got deprecated by the Mobile First (that turned into 'Mobile as the only first-class citizen') mindset. Adding an option to verify a phone number and associate it with an account would capture the same usability benefits.

      I just hope Mr. Marlinspike's centralized, unfederated God failing so dramatically will persuade him to stop being horrible.

    2. Re: Federation by corychristison · · Score: 2

      I understand the case for using phone numbers, but for privacy reasons alone should rule it out for an encrypted, private, secure messenger.

      Signal already rules out Spam by using public/private cryptography as a whitelist, essentially. If you don't have a key to communicate with someone, you can't send them anything.

      Being able to use an anonymized email address to communicate in a war torn area is a good thing.

      Going the email address route would also make it really easy to integrate with other communication services (eg authenticate against an LDAP or IMAP server for a quick, company wide deployment).

      E-mail addresses for authentication, plus federation would make it a better alternative to Jabber/XMPP, which does not natively support secure communications. OMEMO is great, but isn't widely supported by servers and clients.

    3. Re:Federation by Anonymous Coward · · Score: 0

      > Not to mention Signal piggybacks incoming message signalling over Google's Cloud Messaging platform.... there are other ways to do this without Google.

      There are ways to do this without Google, but GCM is _really_ good, and deployed everywhere.

      I don't expect that you've looked closely at the Signal server and client source, but all Google sees is a request to send data from Open Whisper System's servers to an Internet-attached computer. Signal clients don't talk directly to each other, their encrypted messages pass through OWS's systems. If you're one to hyperventilate about the possibility of Google doing traffic analysis on securely encrypted messages to determine if two computers are engaged in a Signal conversation, don't forget that:

      * Every operator of network equipment between you, the OWS servers, and your conversation partner can do the very same thing.
      * Those operators are very likely substantially less scrupulous than Google. https://en.wikipedia.org/wiki/Room_641A , anyone?
      * ATT is probably an operator at some point along the path of both sides of your conversation.

    4. Re: Federation by Anonymous Coward · · Score: 0

      > Signal already rules out Spam by using public/private cryptography as a whitelist, If you don't have a key to communicate with someone, you can't send them anything.

      How can that be true? OWS's servers are incapable of decrypting data sent from one Signal client to another. They have no way of determining if a message to another Signal user has been properly encrypted with that user's key, or if it would be interpreted as garbage data. Therefore, -modulo some hypothetical anti-abuse mechanisms- they will send data from one Signal client to another, if the data is properly addressed. The receiving client would indicate that each message received failed to decrypt, but it _would_ get the messages.

    5. Re:Federation by corychristison · · Score: 1

      My issue isn't privacy, it's that it's being tied to a centralized, paid service like that. As the majority of my post mentioned, their centralization, closed minded approach is stifling their growth and, in my opinion, credibility.

      It's another hurdle that makes it more difficult for people so set up their own private, federated IM network.

      To be honest, it seems like the developers are just being lazy. I understand that in a pinch that GCM is a useful, reliable way to get an app to market... but this isn't your every day messenger. They proclaim that it's an open source project, but neglect to tell you it's tied to non-open services that are no longer in your control.

    6. Re: Federation by Anonymous Coward · · Score: 0

      So if it's not readable, what is the incentive to send it? In of words, no point in wasting time sending garbage messages when sending millions of emails is so much easier.

    7. Re:Federation by grcumb · · Score: 1

      If Marlinspike would stop being such a prick, and embrace Federation, this issue would be solved so easily.

      Here's a good discussion of his rationale for not federating. I'm not particularly sold on his stance, though I agree that the experience of trying to design by committee is generally only for the masochistic.

      But while I was reading his excuses—er, argument—I realised that his entire point boiled down to 'It's hard!' That perfectly fine, as far as it goes. And because I'm not willing to say, 'Fuck you Moxie, I'm going to show you how it's done!' I don't really have a lot of weight to put against that.

      But I'm actually a little disappointed to hear this from a developer/designer whom I genuinely admire. There were a couple of times as I read through his objections to federation where I found myself muttering, 'How did you not anticipate that?'

      And he may bitch about the fact that IPv6 may be impossibly difficult to roll out universally, but he's drastically undersold what has been achieved on top of a federated system as archaic as IPv4. See, his problem is that he wants homogeneity to reach too high up into the user experience. And in doing so, he's taking away from user choice, as well as leaving the entire system open to physical take-down by governments. That last part kind of matters to journalists like me.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    8. Re:Federation by grcumb · · Score: 2

      Here's a good discussion of his rationale for not federating.

      Actually not. The fucking link tag didn't get closed. Here: https://lwn.net/Articles/687294/

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    9. Re:Federation by Anonymous Coward · · Score: 0

      And what happens when someone goes after ows and shuts the whole thing down? A service like Signal is illegal to run currently in the UK. So when the insanity goes to the US, and OWS is shut down, then what? When net neutrality ends and contacting OWS is prohibitively expensive, then what?

      Having a decentralized federated system, where for example, a server can be hidden behind a regular SSL-enabled web server for plausible deniability would be groovy.

  10. All because of Sissi by OneHundredAndTen · · Score: 1

    She should have remained an Austrian empress, rather than becoming Egypt's latest strongman.

  11. Problem solved already with Signal 3.25.2 release by johanw · · Score: 5, Informative

    Apparently Egypt (and the UAE) were just blocking the server. Moxie just released 3.25.2 in the beta channel to circumvent this. These changes in build.gradle show it's quite easy to circumvent such a block:

                      buildConfigField "String", "TEXTSECURE_URL", "\"https://textsecure-service.whispersystems.org\""
    + buildConfigField "String[]", "CENSORED_COUNTRIES", "{\"+20\", \"+971\"}"
    + buildConfigField "String", "UNCENSORED_FRONTING_HOST", "\"https://www.google.com\""
    + buildConfigField "String", "CENSORED_REFLECTOR", "\"signal-reflector-meek.appspot.com\""

    In case those countries banned Signal from Google Play I just uploaded 3.25.2 to apkmirror.com (I don't know when they'll publish it though).

    If all else fails, you can still use the fork Silence, which uses tghesms/mms encryption that Signal dropped in 2.7.0. Blocking sms will fuck off all kinds of industrial controllers so that's not really an option.

  12. Question: by Anonymous Coward · · Score: 0

    How is Signal better than using XMPP for text/IM, or Jingle/Mumble with a crypto wrapper for VOIP type services?

    Personally between ICQ, then AIM, then Yahoo, then MSN, then GTalk/Facebook/Twitter and now Kik (In the US. Your chain of IM services may vary by region.) I have a hard time understanding why communication seems to stick to proprietary platforms and how the meshnet of XMPP federated nodes hasn't gotten more attention drawn to it.

    There ARE other options out there, with securable and anonymous capable infrastructure, but nobody seems to be taking advantage of it (XMPP for instance has few active chatrooms across the dozens of servers that support them.)

    1. Re: Question: by corychristison · · Score: 1

      My experience with XMPP/Jabber has been this:
      - bloated, complicated protocol (descriptive XML for all communication, really?)
      - only 1 real contender for end to end Crypto (OMEMO), but it requires support at the server and client layer
      - server software is way overly complicated to set up and configure
      - security (cryptography) is not a core goal of XMPP/Jabber. It's all bolted on, and complicates the protocol and server setup even further

      This is just my experience. The mobile clients all suck, too. Conversations is the best I have found for Android.

  13. a way to circumvent the ban by fustakrakich · · Score: 1

    Making internet censorship unenforceable and messaging untraceable is music to my ears. A worthy goal if there ever was one.

    --
    “He’s not deformed, he’s just drunk!”
  14. So you can stop the signal. by sethstorm · · Score: 1

    So much for Firefly fans.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  15. Use a VPN? by Anonymous Coward · · Score: 0

    Im not an expert so please correct me if Im wrong, but could you solve this using some VPN to use some non Egyptian IP ?

  16. Re:Problem solved already with Signal 3.25.2 relea by Anonymous Coward · · Score: 0

    Well that's sure to last... Too bad Moxie was more interested in teaming up with Google to collect data on user messages and removed the SMS option.