Or... you know... just use something like Telegram that isn't owned by Facebook. Their data-sharing / privacy policy is pretty simple https://telegram.org/privacy
The author of Signal (Moxie Marlinspike) seems actively hostile to not only federation efforts but also compatibility with other clients, even one that only removed the dependency of Signal on Google Play Services: http://news.dieweltistgarnichtso.net/posts/signal-lock-in.ht...
Yeah. Telegram is sketchy, and their "we are Russian math PhDs, we don't need to listen to other people about crypto" attitude is very unhealthy, but unlike Moxie, I can at least think we are on the same side.
Not to mention the questionable ethics of supporting companies that are so blatantly anti-user. Facebook and Google can now tout "Moxie approved" crypto while their business models of surveillance remain intact.
Federation and security is a hard problem. The code is there for anyone to use, but it's an entirely reasonable and prudent security decision to announce your lack of support for a forked version using the same servers.
(Also, does Telegram have a version without Google Play Services?)
The XMPP ecosystem has federation, security and almost every client can talk to almost every server. If Moxie Marlinspike claims that interoperability does not work well in the context of instant messaging, I see this as him trying to manipulate the users so they do not judge him for his behaviour.
The XMPP ecosystem doesn't have security anywhere comparable to what we're talking about (well-implemented, end-to-end, forward-secure, multi-device messaging).
I did not know that blog post. However, it does not give evidence that Moxie Marlinspike is friendly to federation and third-party clients. If anything, it shows that he opposes open, interoperable protocols as well.
Moxie Marlinspike asserts that federation needs standardization and that standardization inhibits changes. He also asserts that protocols have to change to keep up with changing requirements. His unspoken assumption is that it is impossible to create real-world forward-compatible protocols.
While I agree with the first assertion, I strongly disagree on the latter two. Consider that protocols and data formats that do not have to change exist. An encoding like UTF-8 will probably never have to change to keep up with new codepoints. Also consider that forward-compatible protocols and data formats exist. HTTP seems to be a very good example for that.
I've been thinking about this a bit, and I think it would be possible to setup a non-profit, 'Federation Authority' (if you will), that could transparently govern a network of independent operators (that interoperate). Wikipedia works pretty well (IMO), and there would be an opportunity to iterate on their model (e.g. live web stream of board meetings).
I believe with enough traction, we could get hedge funds to give money while shorting the publicly traded companies that operate walled-garden networks.
N.B. I read your link when it was written originally, and have not taken the time to go at the issues raised point-for-point, but I'd like to see more efforts made in the direction I mentioned above.
Edit: The protocol has to have federation built-in from the beginning, and the ability of any server to granularly discriminate against any given TLD at their operator's discretion.
Even worse, he tries to deny people their legal right to build their own clients to services they have the right to use.
Which is a legal right in the EU (and even allows you to reverse engineer proprietary code for the purpose of writing your own system that interoperates with a proprietary one), so this is very sketchy.
The Axolotl key management algorithm was jointly developed by Moxie and Trevor Perrin. Both of them are widely respected in cryptography, and the protocol has undergone formal cryptanalysis.
A novel crypto algorithm someone puts up on GitHub is "home-brewed." The Axolotl algorithm can no longer fairly be described as "home-brewed."
For me, Telegram's small user base is actually what got me on it. My whatsapp is full of way too many groups that I can't leave without negative social consequences. So the one group that I cared about the most (a group with my siblings), we all decided to move to Telegram and haven't looked back since! It's awesome to just have the few closest people on an app and not having to fear that you'll accidentally send a message to the wrong person or group.
Regarding negative social consequences ... Today I switched phones and wanted to transfer my Whatsapp contacts to the new phone. What Whatsapp did: Somehow they managed to delete me from each and every group I had been in, deleted every chat and I cannot access this anymore.
I already had to explain to three friends why I left our group as they were furious because we had talked about important things in those groups.
Just to say this didn't happen with Telegram. Recovered everything smoothly with no errors.
This happens because whatsapp stores all the information in your phone itself. On the server side, at least before FB bought it, they didn't store your info. this is the reason their team was so small despite the billion users, because they just need to store data on a need basis, since they were a paid messenger.
The moment you switch phones, all the data is lost, because they do not have it in the cloud! This is the reason your phone needs to be connected to Internet when using whatsapp web or whatsapp desktop, because they literally stream your data i.e. chats from phone to desktop!
Telegram is a cloud messenger, data is stored in the cloud and loaded everytime in your devices, ironically this makes whatsapp better than telegram :D at least before facebook bought it.
Well... I did, at least I thought so. I had it on "weekly" but am not able to recover it. Doesn't matter, just wanted to make the point that I'm in favor of adapting a new messaging up not as widely used as WhatsApp.
I didn't say you can't, I said Whatsapp doesn't store it. I meant to say that it won't automatically backup and restore your stuff when you change phones.
You have to backup the data yourself in an sd card or a cloud service that you choose. It isn't stored in Facebook's servers.
Try to convince them anyways. Once they get past the grumbling of installing a new app and the entirely hypothetical inconvenience of having multiple chat apps, they'll realize that in practice it isn't really much cause for inconvenience.
Oddly enough I expected to run into that problem, but in practice it's hardly ever been an issue. I think in my particular case it helps that I generally insist on using email or telegram for communication where it's important to find it again later.
But you're right. At times I've had to search for information because I didn't remember which communication tool we used.
I work on lots of projects with lots of people, and I end up with hundreds of conversations spread over Email, SMS/Signal, Facebook, Skype and WhatsApp. It frustrates the hell out of me. The great thing about Signal for me is that it also handles SMS so there's no extra app to check. But yeah, no group chats, no desktop client, most conversations are unencrypted anyway because normal people don't care about privacy. If anybody were to ask me to use Telegram I'd be pleased they had an interest in encrypting our communications but annoyed about having to install yet another app.
Is this really a concern people have? Do people think on-prem is somehow inherently more secure? They expose their services through the internet. Minus a few details it's all the same. There are pros/cons in both sides.
There was a serious FUD campaign started by one of the developers of now competing app Signal a few years ago. Now if you mention Telegram on Reddit you're immediately bombed with "OMG TELEGRAM CRYPTO IS BROKEN!" even though 0 people on earth have ever provably decrypted a Telegram message. They even offered a $300K bounty where you could act as the server... no takers.
I don't have skin in this game, but I want to mention that contests are not evidence of security. Furthermore, cryptographers other than those working at Signal have expressed distrust for its security.[1][2]
What Telegram should do to earn the trust of the technical community (specifically, the security savvy people who criticize it for unorthodox encryption methodologies), is contract a real audit from a leading security firm that specializes in cryptanalysis, like Riscure.
>is contract a real audit from a leading security firm
Suggestions like this do nothing to dispell the image that modern security firms are little more than a protection racket. If you don't pay for "an audit" from an "industry leading" firm, you'll be shunned by everyone.
You pay for an audit, or you release the code/algorithms for the community to publicly audit.
Otherwise, you're just making claims that are unbacked by anything. Presumably only the fact that there hasn't, yet, been a public exploit. But that's not a useful metric.
Somehow, I don't think you are going to find more sympathy for Telegram's broken crypto (or Signal's "FUD" campaign) here on HN.
At the end of the day, for many nerds looking at these two pieces of software and their developers-- Moxie comes out looking a lot more serious about privacy and more experienced with crypto than Nikolai and Pavel. To say nothing of Telegrams closed source cloud app model, questionable financing strategy or debatable ties to the Russian intelligence apparatus.
Well... People said to them "don't roll your own crypto. Whatever you've got going now doesn't look too sane".
The Telegram devs more or less said "f*ck you, we are programming world champions and PhDs".
Then, about 6 months after they were all cocky, a russian guy showed that the telegram server could mitm every secret chat by providing the client with shitty entropy. Either it was a back door, or the telegram devs showed that everyone else was right.
Don't use it for the crypto. If that is what you want, use something else.
Probably not, but the hilarious thing is that a year or so after attacking Telegram for that, the developers of Signal took a substantial chunk of cash from Google to promote Allo as using Signal Protocol and end to end encryption, even though it's disabled by default so Google can mine your chat history for ad targeting (and enabling it has the inconvenient side effect of disabling your own local chat history).
Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.
The protocol is publicly described. They've blogged about it. I can imagine people being able to reconstruct it from memory.
The first Google result for "signal protocol license" is https://whispersystems.org/blog/license-update/ , clarifying that it's under GPLv3 (i.e., patent grant) with an exception for the App Store. Has anyone paid money to license the protocol? Has Signal asked for money? Is it even possible to give them money for the protocol?
GPLv3 is cool as open source goes, but is pretty restrictive. Basically you can't link to it and distribute your app without it being open source. A company like Google can probably not use it.
What I meant with GPLv3 is "and they are even willing to grant any patent rights to the general public". I don't know if they hold patents on it, but if they either don't, or are willing to license them freely, then you can implement the protocol from the public documentation of it.
That's not true. The patents grant in GPLv3 or other licenses (like APL) only holds if you're actually using that project in your work. So either you fork the GPLv3 project, and comply with a compatible license, or you don't have a patents grant.
This is basically why Google could be sued by Oracle, because Dalvik and their class library based on Apache Harmony were not a fork of OpenJDK.
Of course I cannot speak for Signal's protocol. Maybe it has no traps. I'm just commenting on that license. It's a strong license that makes some demands: good fit open source but bad for Google.
Sorry, I am being unclear. I don't mean that GPLv3 gives you a patent grant for all implementations, yes. I mean that the willingness to license code under GPLv3 means that there's an upper bound on how much Open Whisper Systems cares about licensing the protocol for money.
Which brings me back to the original question—why do we think that OWS's pushing of Signal Protocol is about money? Yes, I expect that for Allo they got paid by Google to write and maintain some code. But I don't think that their general claim "Signal Protocol is good crypto for everyone solving this problem" is motivated by money, because so many people solving this problem could use the GPLv3 version.
Is Allo using the same code, or a different implementation?
(And it's not so obvious to me. The thing I linked is licensed under GPLv3 + MPL if used on the App Store. You can totally ship an Android app that runs a separate GPLv3 subprocess, and an iOS app that uses it under the terms of the MPL. The GPLv3-subprocess thing is what JuiceSSH does for running Mosh.)
It does not use end-to-end encryption for normal chats. They're encrypted only during transport on the network, but stored as plain text on the devices and on the Telegram servers in order to make multi-device sync and searching easier. Only "Secret chats", which are restricted to one device on each side, are encrypted end-to-end.
If their own FAQ is correct, then definitively NO.
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.
Multi-device support and message sync do not necessarily preclude end-to-end encryption. Of course, it's a lot easier to accomplish these without end-to-end encryption.
Wire [1] (which I discovered a few months ago) is a platform that has end-to-end encryption, multi-platform support and multi-device sync. It also has text chats, voice calls, video calls, doodling, etc. The UX still needs a lot of improvement (compared to Telegram).
Telegram is way ahead on several fronts - UX, feature rollout speed, message delivery speed, multi-platform support, multi-device message sync, etc. Signal is still improving slowly and is nowhere close to Telegram (in my experience) in any of these areas. Of the three apps I use for messaging, my current position is that Telegram > Wire > Signal.
> sounds like it's generally a tradeoff of UX vs. Security
Not necessarily. Wire has shown that a Telegram like UX is possible with end-to-end encryption, multi-device sync and multi-platform support. It's just that Wire and Signal are slow in catching up and seem like they need a slightly larger team and/or better management of the development.
> didn't know things were that much better in the Telegram world.
I keep trying any new messaging platform like this, especially if it promises privacy and better security. So I'd recommend you try Telegram and see for yourself what it provides. I'm heavily impressed by what it offers and use it as my primary messaging client, but don't like the crypto and the fact that normal chats are not end-to-end encrypted.
> Seems to me though that if you're willing to use telegram you might as well just use iMessage or What's App though?
That depends on which company one is more comfortable with on the privacy front. I don't consider iMessage to be equivalent to Telegram in features or UX (it's actually inferior and has issues with handling SMS as a backup option). WhatsApp being connected to Facebook is a no-no from the privacy point of view.
> Not necessarily. Wire has shown that a Telegram like UX is possible with end-to-end encryption, multi-device sync and multi-platform support. It's just that Wire and Signal are slow in catching up and seem like they need a slightly larger team and/or better management of the development.
To clarify not that it's a fundamental tradeoff that you can't have end to end encryption with good UX, but that the current choice between Signal and Telegram is a choice between security (Signal) and UX (Telegram).
From everything I've read you'd probably be better off trusting iMessage or WhatsApp over Telegram.
Almost all apps on Android are signaling push notifications through Google's play services, because keeping your own connections open keeps the phone from going in standby and thus it leaks battery. I doubt that Telegram doesn't use it.
And on push notifications, the app only receives a signal that there's fresh content to be requested. There shouldn't be any metadata leaked. Source?
So this argument is just a technicality. Please understand a little more about the background:
There is basically one person writing the app[1], and given the company has just a few[2] people _volunteering_[3] for them, you cannot expect them to release a large amount of code across so many devices. They prioritized the highest volume first.
Open Whisper Systems primarily develops a strong encryption protocol (Moxie's efforts). If you didn't realize, this protocol was adopted by WhatsApp[4] and also Facebook Messenger[5]. So, the developers of those other applications needn't spend time/resources on the encryption, but can release Desktop clients for people like yourself to enjoy.
People who use Signal trust Moxie. People who dislike Signal _may_ care more about features than the security properties of the software (note, WhatsApp doesn't open-source their software[6], and Telegram instead bets people cannot break their encryption[7]).
Also, their app will supposedly run on any OS that Chrome runs. I'm sure that was the intention.
> Pavel Durov, who shares our vision, supplied Telegram with a generous donation through his Digital Fortress fund, so we have quite enough money for the time being. If Telegram runs out, we'll invite our users to donate and add non-essential paid options to break even. But making profits will never be a goal for Telegram.
Yeah, I think the "pot" might just be Pavel's bank account. He also recently offered to fund $1 million of grants: https://telegram.org/blog/botprize. I assume he announced the Crypto Contest and hoped/assumed nobody would win.
1. Sharing data
We never share your data with anyone. No.