That article has some inaccuracies, particularly around brute forcing iPhones in DFU mode which is nowhere near as practical as they make it sound on newer models with Secure Enclaves.
... and as a EU project private alternative to the likes of Dropbox, there's Duple, an app that gives you your full private Dropbox at home. Self-hosted, E2EE, and works just like a Dropbox (currently in beta): https://www.duple.io/en/
...or Owncloud [1], or Nextcloud [2], or Syncthing [3], or Seafile [4], all of them free software, none of them needing 'future discounts' like the Duple site promises to 'beta testers' since they are free software.
If that is really something to worry about you can just copy stuff off and drop the copy off at a relatives house. These days you can get 1-2TB 2.5" drives for cheap. Off site storage has become reasonably convenient even if you are moving physical objects around.
A) Cloud backup solutions already abstract away replicating multiple copies for redundancy.
Unless Google/Dropbox/Amazon/Microsoft go out of business, you are not likely to lose data from your backup via act of god (aka data center fire)
B) The simple interface of web solutions is still ultimately that if you want redundancy, just pick 2 (or 3) different providers. Myself - I use Google Drive for backup of my most core files, and Backblaze for the whole shabang.
Signal's software is timebombed to force you into taking automatic updates. These updates could be used to force targeted users into backdoored builds.
Additionally, the signal has had a long history of being feature hostile to strongly secure use, through things like making it very difficult to cryptographically verify the identity of the party you're talking to... or automatically resending the last message you sent when the far end merely claims its key has changed.
I recommend people treat signal as unencrypted communications-- _actually_ unencrypted private communications are too absurdly insecure to use. But in practice signal does not provide the kind of strong security that we would associate with 'encrypted communication', and maybe UI considerations make that an unrealistic goal. Instead signal provides the kind of security we should expect from _ANY_ communication, but which isn't actually provided due to pervasive surveillance.
That's reasonable, I suppose I'm lucky to have a friend group that universally prefers open source sorftware to good UX -- there was never really a question for us.
It's a little eye opening to me that anyone could have a friend group that "universally prefers open source software to good UX".
I have and use Signal with some friends, but there are also loads of people I communicate with who couldn't even tell you what open source software is, let alone articulate a preference for it over good UX.
Are all of your friends software engineers and/or technophiles?
I don't have many friends, TBH. I've got 2 friends who use normal SMS, and a group of 6 friends (not including myself) who use Signal; of those, three of them are software developers and one of them uses R at work though software development isn't her primary job. The other two are probably more aware of open source software than they would otherwise be due to peer exposure. It's also worth noting that one of my developer friends got the rest of us into programming, though three of us had been running Linux before that -- it's not that I've disproportionately made friends with software developers, it's that a group of people I'd been hanging out with for years assimilated a software developer who converted the rest of us. There may have been some MDMA involved in that.
Edit in case of potential ambiguity: s/a couple of/2
When all your friends are already using Facebook and you start telling them to use Signal instead... well, I can tell you from experience that it's almost impossible to break the status quo.
What has happened to me is that usually there's 1-2 persons from each friend group who care enough that they will relay information to you through Signal.
I still don't have a friend group that is 100% Signal. For that to happen, more than 50% of the group would need to care enough about privacy to completely abandon other communication channels and accept the cost of switching platforms. The rest would probably follow. In reality, I don't have a single non-tech friend who would give a fuck about encryption. You tell them about Signal and they go "cool", that's it.
I like the command line and it doesn't surprise me that other people do too. What surprises me is that there are people where an entire friend group universally prefers open source over good UX, since plenty of my friends couldn't tell you what the terms "command line", "open source", and "UX" mean.
Because everyone uses it. Once a social app becomes mainstream it gets a giant advantage due to the amount of inertia needed to switch entire social circles to a new platform.
Most new social platforms that make it big don't really take over older ones, they just grab a younger generation - usually just by being the network their parents aren't in.
You don't understand why people use a communications app with 1.6 billion users as opposed to one with likely less than a million?
It's network effects
In my own anecdotal experience Signal ranks way below Viber (popular with migrants + expats), Wickr (popular with people doing illegal things and corporate executive scheming), Telegram (popular in crypto, scammers and terrorists)
The only real broad use of Signal i've seen is amongst journalists - and even there i'm not certain how much they actually use it or if it's just the "i'm crypto aware" version of a blue checkmark for their Twitter profiles
It's a much better app, user experience-wise. I prefer Signal for obvious reasons, but WhatsApp is easier to use (and has a much better web interface).
Not only are there network effects, but as you go through various cities in Latin America you will notice on the billboards that mobile service providers advertise "free" WhatsApp. As a result of the success of those ads, your contacts in that region will prefer WhatsApp to other media.
Let me come out and defend Signal
(I usually defend Telegram, but I don't think we should be unfair to anyone):
As far as I am aware no one who knows what they are talking about has come out with anything that says Signals end-to-end encryption is broken.
If I have understood it correctly an as long as that is true, NSA, FSB and the Chinese might be running the message handling together and there's still no reason to be worried that your messages will be intercepted in transit.
Disclaimer:
- as far as I am aware Signal is the safest messenger available for everyone
- even if all the above is true you are still trusting them with your metadata. I think they are good people. If you are scared of them, be aware that they know who you talk to and when. This is however true for any mainstream technology as far as I am aware.
- being good at crypto doesn't make them immune to bugs. There was a nasty vulnerability a few months ago that was remotely exploitable. Again, this is the same, or even worse for every other messenger.
Not that I'm dissing Signal (it is my preferred platform, sadly not most used), but don't both WA and Signal use Open Whispers systems? So isn't there the potential that the same exploit might work on Signal?
WhatsApp allegedly uses an implementation of the OpenWhisper encryption system that Signal created (and still uses). However as there is no source code available unlike Signal, there's no way to verify if WhatsApp "really" is using it (or using it correctly).
It's certainly better to have source, but this seems like a matter of degree? You don't really know what's in Signal unless you compile it yourself, and/or they have reproducible builds and you verify checksums. Instead you're trusting that the source matches the binary, and probably also that someone else who knows more about crypto is reviewing the source carefully.
In the modern world we basically outsource everything, including trust and verification. An open, social process of verification can be better, though.
Yes, this is generally called "reproducible builds". Signal has reproducible builds for Android, here is how to build it and compare against the one on your phone:
This is true, but that also doesn't answer the question. It still leads to a possibility. The hack could also sidestep OW in some other way and only be WA specific, but still begs the question. Security is a constant cat and mouse game, so if someone says: "well, that only affects WhatsApp, it won't affect us -- even though we use the same underlying structure." sounds kinda naive.
It might be a bit difficult (but not impossible) to do that... the APK you download is not the APK that the developer uploads to the Play store. Usually, developers upload a "bundle," and then Google optimizes it by stripping out irrelevant media, i18n, etc., to deliver a smaller optimized APK to the end user.
So you can't just generate an MD5 of your APK and match it against the store description like the good old days when you could make sure your Linux ISO was legit, but there's probably some way to make it work?
EDIT: It might be possible to circumvent Google's bundling/optimizing by just uploading a regular old APK, but IIRC that was becoming more difficult these days. Unfortunately I'm not an Android dev expert.
The app its self is the weakness not the protocol. But also the article says "that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones".
Yeah, I pretty much assume that targeted attacks will always succeed when a well-funded state actor is involved.
For me, I look at encryption as a mitigation for surveillance. Anything that increases the marginal cost to monitor an individual makes broad surveillance less economic.
Signal will always have the edge for surveillance due to the relative difficulty of hiding a back door. Whatsapp will always be suspect in that they could easily be forwarding everyone’s messages to third parties.
How many people actually worry about these spy agencies? If a state actor wants you or your information they'll just pull up in a black van and take you and use a $5 wrench to beat it out of you.
Much of what NSO Group does is sell to smaller despotic regimes who then use them to spy on dissidents who live abroad and would be quite hard (and embarrassing) to black-bag. Not everyone can send a murder team to Stockholm (or wherever).
Some despotic regimes do have large kidnap-and-murder programs (ex Rwanda) but if you just want to keep tabs on exiled dissidents and learn exactly who they're talking with back home, NSO Group has a product for you.
I get the implication but America isn't Russia and they just don't do it, too big of a headache, too easy to blowback into political realm. Officers hate when clandestine work erupts into public political drama.
Plus, why would you hire a team of people to kidnap a citizen and beat them when you can assign a ticket to a government blackhat at the NSA who will run the commands against your devices and take what they need without you ever knowing.
Even then, there is substantial risk of whistleblowing for illegal data collection against citizens (Snowden et al) so they would instead in a clandestine manner ask a fellow member of the Five Eyes to perform the surveillance "legally".
Our society has known about Five Eye roundabout spy agreements for a long time and has largely shrugged, so the risk of public political blowback doing this would be minimal.
> How many people actually worry about these spy agencies?
I don't really worry about the spy agencies themselves -- I am not of any interest to them.
However, I worry a lot about the likes of NSO and the tools they produce. They are likely to end up being used, in one form or another, by criminals and corporations.
These tools keep authoritarians in power and indirectly impact hundres of millions of people. It's like saying you don't care about pacific ocean plastic because you live on the east coast.
I get your point that a highly-motivated attacker has other, less sophisticated, ways of getting to your data.
However, if we're playing poker and I learn your tell, it's in my best interest that you are naive to that fact. While not the best analogy, I would think that the same concept would apply to state actors.
There have been a few electron vulnerabilities that affected signal. Plus signal demands that you have a phone number in order to use it. Also the fact that each device has its own key promotes the users to just blindly accept new keys.
-Use a private cloud, so that your data is in your control.
We've actually developed a self-hosted private cloud solution as a substitute to Dropbox for exactly these reasons. Basically a private Dropbox at home (no complicated installation and no server needed)
The point is to have a product that works just like a Dropbox, as simple and straightforward, but that is actually private with no one interfering, playing, accessing or reading your data.
Somehow I don't understand how you say Syncthing's disadvantage in comparison is that it's a P2P system[1], but at the same time your website says duple doesn't need a server.
Maybe I've misunderstood, but this sounds just like Syncthing with an always-on client - except for the file versioning, that sounds like an interesting feature to me.
I've been using SyncThing for over 4 years and while it has a few rough edges (synced/shared/global file ignore would be great) still it's been fully reliable and a generally great user experience. So if you're trying to cater to existing SyncThing users don't mince words to make it appear that something which you claim is a negative with SyncThing doesn't exist in your product - which it clearly does.
SyncThing has a huge advantage: years of trust. They have been around since 2013 and continue to crank out features and builds consistently. Duple hasn't been around for one year at the time of this writing. Beyond that it's clear from the Duple site that it's main goal is to take my data and file replication hostage via licensing fees. I'm curious how or why I'd donate before I've even installed the Beta (based on your click flow to even reach the downloads page)? No thanks.
Also, let's clarify something Duple has wrong...
Duple states: "Syncthing is P2P, so you get the disadvantages along with it e.g. all your devices need to be turned on at the same time. If not, you get a desynchronisation between your devices and create conflict." - This is wrong. You do not need all your devices on at the same time with SyncThing. Yes, it is true that it's good to have a device with a consistent state, however it's not required. The second part of the statement is FUD. When conflicts happen it's generally around odd permissions or file updates with regard to versioning. This was more problematic in versions prior to 1.0. At this point in time I haven't run into this issue other than because of disparate problems caused by file permissions which SyncThing does a great job preserving.
Duple also states SyncThing has no IOS support and yet, itself, has neither IOS or Android. Or Windows... Or an open source repo of what I'm supposedly using.
In my mind Duple doesn't compete with SyncThing and, really, never will. But here's the thing... Don't pretend to compete where you don't. SyncThing users aren't looking for Duple. You'd do yourself a better service to take that verbiage out because all it did for me was give me the impression that Duple is lying about competitors that they simply didn't take the time to understand. That leaves a bad impression in my mind.
I know this is a late reply,but maybe you'll see it.
Regarding the synced/shared/global file ignore, there's an imperfect but usable work-around:
You can use #include statements in your .stignore, so you can include another file that contains the global ignore list, then sync that file. You have to set up the .stignore with the include statement for all of your devices/folders, but after that, it's essentially a global ignore list.
I'm sure what they mean by all devices needing to be on and connected, is that if only one device is connected, there will be nothing to sync to. So if I take some photos while on vacation, but my desktop at home is asleep, then I can't sync my photos to it. So if I lose my phone before then, I'm sunk.
Of course this is fixed by simply having the desktop on all the time, which would then make it similar to a client server setup.
Well, they don't say that so it doesn't really matter what they mean. And they imply that by not having a device on all the time it is the cause for synchronization issues which is completely incorrect.
If I take photos on vacation and throw them in a sync'd folder the next time both devices are online they will resolve the new file delta between that shared folder. That doesn't imply I always need one or the other device online. The more devices syncing the less likely it is that only one would be online at a time, but again there's no requirement there for an always on device.
Anyway... SyncThing is fantastic for users who are willing to invest some time learning how the software works. Every paid for product seems to cater to the "it just works" mentality thereby sacrificing control to me, the user, to handle situations that can't be handled by overly simplified, cloud-first, lock the user into our licensing model solutions. And don't get me wrong, those are fine for many people. For users who want more control via more responsibility - then SyncThing is great. But I don't like how they are spreading FUD about it just to get some name association.
Syncthing does file versioning, although a bit noobishly. It just keeps n copies of the old file in a hidden folder with DATE_MODIFED appended to each copy.
Digital privacy / security.
People and companies are becoming more and more privacy aware/conscious/concerned. All the scandals (e.g. data breaches, targeted advertising, selling of user data) and new regulations such as GDPR are only increasing the need and demand for privacy
"our battle is not lost, but that we can control the use of our data, [...] that the privacy laws that protect us are obeyed."
Privacy, privacy. We've actually developed a self-hosted private cloud solution as a substitute to Dropbox for exactly these reasons. Basically a private Dropbox at home (no complicated installation and no server needed)
The point is to have a product that works just like a Dropbox, as simple and straightforward, but that is actually private with no one interfering, playing, accessing or reading your data.
There's more to do than that. We need decentralized replacement for social media And our own email servers for starters. This should all come in one box like a wifi access point or modem.
We have always had email servers. You can set up one today. What we need is to to convince more technical people to use the internet the way it was designed for. And to find ways for these people to make money, because the monopolized internet of today makes that unattainable.
Been there, done that... It is a waste of time and effort if you can't convince other people to join your services. I have operated a jabber server for quite some time (2008ish - 2012). Mostly for me and some friends to organize lan parties and such. I told other people about it but after a week of interest, no one seriously used it, since everyone was already using other services to communicate -- also using a XMPP client seemed to be to much to ask for the non-techies.
As time goes on our communications moved towards facebook and teamspeak. And after dropping out of the local gaming scene I stopped operating it altogether -- if I am the only one using a comms-infrastructure its kinda moot, even if it's a federated system. I had some contacts outside of the gaming-bubble but by the time no one seemed to have used it anymore.
Group iMessage = CC list, cc list becomes messaging group. I suppose one way this could play out would be simply to add an email submission API for text messaging app(s), but it's an incomplete idea so far. :)
That's doable. The image in my mind was the reverse: a chat program that displays email threads. Interactions in chat become mailing list replies emailed out, and replies to the CC list are displayed in the chat channel.
