Signal's software is timebombed to force you into taking automatic updates. These updates could be used to force targeted users into backdoored builds.
Additionally, the signal has had a long history of being feature hostile to strongly secure use, through things like making it very difficult to cryptographically verify the identity of the party you're talking to... or automatically resending the last message you sent when the far end merely claims its key has changed.
I recommend people treat signal as unencrypted communications-- _actually_ unencrypted private communications are too absurdly insecure to use. But in practice signal does not provide the kind of strong security that we would associate with 'encrypted communication', and maybe UI considerations make that an unrealistic goal. Instead signal provides the kind of security we should expect from _ANY_ communication, but which isn't actually provided due to pervasive surveillance.
That's reasonable, I suppose I'm lucky to have a friend group that universally prefers open source sorftware to good UX -- there was never really a question for us.
It's a little eye opening to me that anyone could have a friend group that "universally prefers open source software to good UX".
I have and use Signal with some friends, but there are also loads of people I communicate with who couldn't even tell you what open source software is, let alone articulate a preference for it over good UX.
Are all of your friends software engineers and/or technophiles?
I don't have many friends, TBH. I've got 2 friends who use normal SMS, and a group of 6 friends (not including myself) who use Signal; of those, three of them are software developers and one of them uses R at work though software development isn't her primary job. The other two are probably more aware of open source software than they would otherwise be due to peer exposure. It's also worth noting that one of my developer friends got the rest of us into programming, though three of us had been running Linux before that -- it's not that I've disproportionately made friends with software developers, it's that a group of people I'd been hanging out with for years assimilated a software developer who converted the rest of us. There may have been some MDMA involved in that.
Edit in case of potential ambiguity: s/a couple of/2
When all your friends are already using Facebook and you start telling them to use Signal instead... well, I can tell you from experience that it's almost impossible to break the status quo.
What has happened to me is that usually there's 1-2 persons from each friend group who care enough that they will relay information to you through Signal.
I still don't have a friend group that is 100% Signal. For that to happen, more than 50% of the group would need to care enough about privacy to completely abandon other communication channels and accept the cost of switching platforms. The rest would probably follow. In reality, I don't have a single non-tech friend who would give a fuck about encryption. You tell them about Signal and they go "cool", that's it.
I like the command line and it doesn't surprise me that other people do too. What surprises me is that there are people where an entire friend group universally prefers open source over good UX, since plenty of my friends couldn't tell you what the terms "command line", "open source", and "UX" mean.
Because everyone uses it. Once a social app becomes mainstream it gets a giant advantage due to the amount of inertia needed to switch entire social circles to a new platform.
Most new social platforms that make it big don't really take over older ones, they just grab a younger generation - usually just by being the network their parents aren't in.
You don't understand why people use a communications app with 1.6 billion users as opposed to one with likely less than a million?
It's network effects
In my own anecdotal experience Signal ranks way below Viber (popular with migrants + expats), Wickr (popular with people doing illegal things and corporate executive scheming), Telegram (popular in crypto, scammers and terrorists)
The only real broad use of Signal i've seen is amongst journalists - and even there i'm not certain how much they actually use it or if it's just the "i'm crypto aware" version of a blue checkmark for their Twitter profiles
It's a much better app, user experience-wise. I prefer Signal for obvious reasons, but WhatsApp is easier to use (and has a much better web interface).
Not only are there network effects, but as you go through various cities in Latin America you will notice on the billboards that mobile service providers advertise "free" WhatsApp. As a result of the success of those ads, your contacts in that region will prefer WhatsApp to other media.
Let me come out and defend Signal
(I usually defend Telegram, but I don't think we should be unfair to anyone):
As far as I am aware no one who knows what they are talking about has come out with anything that says Signals end-to-end encryption is broken.
If I have understood it correctly an as long as that is true, NSA, FSB and the Chinese might be running the message handling together and there's still no reason to be worried that your messages will be intercepted in transit.
Disclaimer:
- as far as I am aware Signal is the safest messenger available for everyone
- even if all the above is true you are still trusting them with your metadata. I think they are good people. If you are scared of them, be aware that they know who you talk to and when. This is however true for any mainstream technology as far as I am aware.
- being good at crypto doesn't make them immune to bugs. There was a nasty vulnerability a few months ago that was remotely exploitable. Again, this is the same, or even worse for every other messenger.
Not that I'm dissing Signal (it is my preferred platform, sadly not most used), but don't both WA and Signal use Open Whispers systems? So isn't there the potential that the same exploit might work on Signal?
WhatsApp allegedly uses an implementation of the OpenWhisper encryption system that Signal created (and still uses). However as there is no source code available unlike Signal, there's no way to verify if WhatsApp "really" is using it (or using it correctly).
It's certainly better to have source, but this seems like a matter of degree? You don't really know what's in Signal unless you compile it yourself, and/or they have reproducible builds and you verify checksums. Instead you're trusting that the source matches the binary, and probably also that someone else who knows more about crypto is reviewing the source carefully.
In the modern world we basically outsource everything, including trust and verification. An open, social process of verification can be better, though.
Yes, this is generally called "reproducible builds". Signal has reproducible builds for Android, here is how to build it and compare against the one on your phone:
This is true, but that also doesn't answer the question. It still leads to a possibility. The hack could also sidestep OW in some other way and only be WA specific, but still begs the question. Security is a constant cat and mouse game, so if someone says: "well, that only affects WhatsApp, it won't affect us -- even though we use the same underlying structure." sounds kinda naive.
It might be a bit difficult (but not impossible) to do that... the APK you download is not the APK that the developer uploads to the Play store. Usually, developers upload a "bundle," and then Google optimizes it by stripping out irrelevant media, i18n, etc., to deliver a smaller optimized APK to the end user.
So you can't just generate an MD5 of your APK and match it against the store description like the good old days when you could make sure your Linux ISO was legit, but there's probably some way to make it work?
EDIT: It might be possible to circumvent Google's bundling/optimizing by just uploading a regular old APK, but IIRC that was becoming more difficult these days. Unfortunately I'm not an Android dev expert.
The app its self is the weakness not the protocol. But also the article says "that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones".
Yeah, I pretty much assume that targeted attacks will always succeed when a well-funded state actor is involved.
For me, I look at encryption as a mitigation for surveillance. Anything that increases the marginal cost to monitor an individual makes broad surveillance less economic.
Signal will always have the edge for surveillance due to the relative difficulty of hiding a back door. Whatsapp will always be suspect in that they could easily be forwarding everyone’s messages to third parties.
How many people actually worry about these spy agencies? If a state actor wants you or your information they'll just pull up in a black van and take you and use a $5 wrench to beat it out of you.
Much of what NSO Group does is sell to smaller despotic regimes who then use them to spy on dissidents who live abroad and would be quite hard (and embarrassing) to black-bag. Not everyone can send a murder team to Stockholm (or wherever).
Some despotic regimes do have large kidnap-and-murder programs (ex Rwanda) but if you just want to keep tabs on exiled dissidents and learn exactly who they're talking with back home, NSO Group has a product for you.
I get the implication but America isn't Russia and they just don't do it, too big of a headache, too easy to blowback into political realm. Officers hate when clandestine work erupts into public political drama.
Plus, why would you hire a team of people to kidnap a citizen and beat them when you can assign a ticket to a government blackhat at the NSA who will run the commands against your devices and take what they need without you ever knowing.
Even then, there is substantial risk of whistleblowing for illegal data collection against citizens (Snowden et al) so they would instead in a clandestine manner ask a fellow member of the Five Eyes to perform the surveillance "legally".
Our society has known about Five Eye roundabout spy agreements for a long time and has largely shrugged, so the risk of public political blowback doing this would be minimal.
> How many people actually worry about these spy agencies?
I don't really worry about the spy agencies themselves -- I am not of any interest to them.
However, I worry a lot about the likes of NSO and the tools they produce. They are likely to end up being used, in one form or another, by criminals and corporations.
These tools keep authoritarians in power and indirectly impact hundres of millions of people. It's like saying you don't care about pacific ocean plastic because you live on the east coast.
I get your point that a highly-motivated attacker has other, less sophisticated, ways of getting to your data.
However, if we're playing poker and I learn your tell, it's in my best interest that you are naive to that fact. While not the best analogy, I would think that the same concept would apply to state actors.
There have been a few electron vulnerabilities that affected signal. Plus signal demands that you have a phone number in order to use it. Also the fact that each device has its own key promotes the users to just blindly accept new keys.
