hhmx.de

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό
@Andromxda@infosec.exchange

· Föderation EN Sa 01.03.2025 16:08:16

@zeh I agree that SimpleX is better from a purely technical standpoint, but it has very few users and still isn't as easy to use and straightforward as Signal. There's nothing fundamentally wrong with Signal, and they're constantly improving (e.g. adding PQ crypto, usernames, etc.)

There are some inherent flaws with federation/other forms of decentralization, Signal itself even has experience with that. TextSecure (the predecessor to Signal) used to federate with servers run by CyanogenMod, and it was a huge mess.
Keep in mind, there were only 2 parties in this federated network.
It becomes much worse and complicated if anyone can run a node and federate with the network.
Matrix is a perfect example of how not to do it.
It's not just leaking metadata all over the place, but there are also constant state resolution conflicts.

As good as it may sound, federation is not always the answer, and often (unfortunately) just doesn't work well enough for a messaging service that people can rely on.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:22:59

@Andromxda
signal is centralised and controlled by the signal foundation. they make sure no one else can run servers. they can maliciously id and map the connection graph of everyone. (even soatok admits this in the addendum here: soatok.blog/signal-crypto-revi). big, architectural, fundamental problems.

simplex seems to have cracked the federation problem by using dumb relays. works well and can grow in adoption.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 16:27:48

@zeh

The article says:

In the absolute worst case, a totally malicious Signal Server can perform traffic analysis to correlate the IP address assigned to the messages arriving with the delivery token for a recipient.

That can easily be mitigated by using a VPN or Tor. Even using a shared IP address via CGNAT (very common on cellular networks) would mitigate this.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:42:12

@Andromxda
who's going to add tor? people won't know about the threat, won't know how to do it. and it's way beyond the ip, they have everyone's phone number. if the server is malicious, they can log and correlate (and be compelled to do so).
centralised systems are not under our control. they can disappear at any moment, attacked by tech or social or legal means. we can't be at the mercy of centralised systems and their owners. we should have learned this by now.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 16:53:34

@zeh

who's going to add tor?

Those who need it.

I also figured that one could use a Signal TLS proxy as a privacy mechanism. It's usually used for censorship circumvention in countries like China, Russia or Iran, but it also works just fine for increasing privacy.
Again, the network layer is gonna be an attack vector for every messaging app.
Network-level privacy is the user's responsibility, that's how all modern systems work.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 16:59:01

@Andromxda
certainly not all modern systems. not cwtch, not briar nor simplex. (at least) these include metadata and network-level privacy in the threat model and add measures to mitigate.
simplex does that while being relatively easy to use, right now.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 17:02:52

@zeh

Cwtch and Briar just use Tor, I'm not sure about about SimpleX. I can name another messenger with a similar approach: Session uses Lokinet, but it has some stupid integration of crypto currency, and massively reduces the security of the Signal protocol by removing forward secrecy. Soatok even wrote an article about it: soatok.blog/2025/01/14/dont-us

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 17:04:33

@Andromxda so you agree, and that was not correct. many systems address net privacy and metadata protection, not just leave it for the user to contend with.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 17:07:48

@zeh No, what I'm saying is that neither Briar, Cwtch nor Session actually solved the issue, they just mitigated it by using some form of a mixnet. You can do the same on Signal, but it will make the UX a lot worse. There's a reason why not everybody is using Tails OS or the Tor Browser. Sure, it solves the network privacy issue, but the UX sucks.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 17:12:11

@Andromxda they addressed the issue by using tor underneath. the users won't have to do it by themselves, contrary to your claim.
simplex uses an unidirectional routing system that provides some protection and then makes it easy to route through tor, on top.

in any case, my argument was about centralisation and the very serious problems it brings in.

0x   1   0x

Andromxda 🇺🇦🇵🇸🇹🇼

Andromxda πŸ‡ΊπŸ‡¦πŸ‡΅πŸ‡ΈπŸ‡ΉπŸ‡Ό
@Andromxda@infosec.exchange

Föderation EN Sa 01.03.2025 17:51:22

@zeh

contrary to your claim

This is not true. I never disputed that Briar, Cwtch and Session route the traffic through mixnets by default.

makes it easy to route through tor, on top

Not a unique advantage of SimpleX, you can also route Signal through Tor just fine.

The exact same article you linked to also notes that:

That isn’t to say that federated encrypted messaging apps cannot ever meet the bar set by Signal. But they should focus more on improving their use of cryptography than weak arguments about jurisdiction or data sovereignty.

Signal provides top-notch cryptography, great usability, as well as a large userbase. Network-level privacy is each user's own responsibility. Imagine if every single app on your phone that makes network connections had its own VPN/mixnet client. The UX and battery life would be horrendously bad. This is exactly why all modern operating systems offer an API that makes it easily to globally connect to a VPN. Some VPN clients even allow you to only route specific apps through the tunnel, if that is what you desire. Commercial VPN services are becoming more and more popular, and almost every user has at least heard of them. Most people just don't use one, because they simply don't need it. The situation is very different in countries with heavy internet censorship like China, Russia, Iran, Saudi Arabia, etc.

0x   1   0x

zeh

zeh
@zeh@mstdn.io

Föderation EN Sa 01.03.2025 18:14:04

@Andromxda
contrary to your claim that i had pointed out, this one: "Network-level privacy is the user's responsibility, that's how all modern systems work."

you are trying to minimize the importance of centralisation and metadata protection. i think it should be clear that everyone needs it, especially in these times of rising fascism, and that it should be part of secure messaging systems. you don't. ok.

0x   0   0x