- cross-posted to:
- technology@lemmy.zip
- pulse_of_truth@infosec.pub
- cross-posted to:
- technology@lemmy.zip
- pulse_of_truth@infosec.pub
“Signal is being blocked in Venezuela and Russia. The app is a popular choice for encrypted messaging and people trying to avoid government censorship, and the blocks appear to be part of a crackdown on internal dissent in both countries…”
- freedomsailor ( @freedomsailor@programming.dev ) 116•5 months ago
It’s like a medal of honor for a privacy preserving app 😄
- ReallyZen ( @reallyzen@lemmy.ml ) 22•5 months ago
Indeed. If whatsapp isn’t on the list, then I have all the confirmation I need.
- ivn ( @ivn@jlai.lu ) English14•5 months ago
The Russian government has also allegedly begun preparations to block the WhatsApp messaging app.
https://kyivindependent.com/messenger-signal-blocked-in-russia-media-says/
- OneMeaningManyNames ( @whydudothatdrcrane@lemmy.ml ) English3•5 months ago
Some US bank got in trouble for using it internally.
- manuallybreathing ( @manuallybreathing@lemmy.ml ) 5•5 months ago
Maduro uninstalled whatsapp live on television a few days ago
- aaaaace ( @aaaaace@lemmy.blahaj.zone ) English5•5 months ago
Zucks check didn’t clear yet.
- Dessalines ( @dessalines@lemmy.ml ) 19•5 months ago
Smart move, considering Signal is a US-hosted centralized service that has to comply with US NSL laws.
These comments below seem to be unaware of all the issues privacy advocates have of signal.
- ivn ( @ivn@jlai.lu ) English18•5 months ago
I don’t get it, are you really arguing that Russia and Venezuela are blocking Signal to protect their citizens from American snooping?
- Dessalines ( @dessalines@lemmy.ml ) 17•5 months ago
All countries should ban US-domiciled companies like signal, or any communication platform hosted in Five-eyes countries, and especially ones domiciled in the US, which has to adhere to National Security Letters.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English8•5 months ago
Mass censorship is never good for civil liberties. Let people decide on there own.
Also Signal is cryptographically sound. Many other messagers use a similar protocol
- Dessalines ( @dessalines@lemmy.ml ) 3•5 months ago
As I commented below, US security forces aren’t that interested in message content anyway, since they don’t have time to parse through every message to construct meaning. Signal does require your phone number tho, as well as message timestamps, meaning they can build social graphs of real people. Tons of metadata living on a single US-based server.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English6•5 months ago
It doesn’t matter if it is US based. You shouldn’t trust the server.
Signal has known issues. That doesn’t mean it is entirely bad though. Saying things like Signal is insecure is simply untrue. It has weaknesses but it also has the benefit of protecting your messages completely and being well established.
- ivn ( @ivn@jlai.lu ) English4•5 months ago
My question was more about the motives in this case.
- Dessalines ( @dessalines@lemmy.ml ) 10•5 months ago
Well IMO all countries should have the motivation to prevent US spying on their country’s populations. You generally don’t know about honey pots before they get exposed.
- ivn ( @ivn@jlai.lu ) English6•5 months ago
The question of what should be done can be interesting, but that was not my question. It’s obvious this is not the motive here.
If you are in your own country opposition it’s better to use a foreign tool, even better if it’s in a country that’s not gonna collaborate with yours.
- LarmyOfLone ( @LarmyOfLone@lemm.ee ) 3•5 months ago
I imagine just using metadata you can look for people who are discontent, then provides list of those people to the opposition to contact and mobilize them and get them to protest.
Or target them with stories and bots to turn them into a revolutionary force, but that would be more useful for social media networks instead of signal.
- marcie (she/her) ( @marcie@lemmy.ml ) 5•5 months ago
they hated him because he spoke the truth smh
use matrix, briar, simplex in that order
also what email platforms + vpns do you recommend, out of curiosity?
- Possibly linux ( @possiblylinux127@lemmy.zip ) English1•5 months ago
Matrix isn’t as good as Simplex Chat. Briar is good as it is very hard to censor but it does use battery and requires you to be only all the time. (unless you count Briar mailbox)
- marcie (she/her) ( @marcie@lemmy.ml ) 2•5 months ago
sure, simplex is very private, but its also a pain in the ass to use currently. i feel like matrix makes a decent tradeoff between easy use and privacy
- Possibly linux ( @possiblylinux127@lemmy.zip ) English2•5 months ago
Signal has strong cryptographic protocols that are not easily broken. It pioneered the use of double ratchet encryption. (Different keys for each message)
It does expose phone numbers to Signal and the US government but that may or may no be a concern depending on what your threat model is.
- Churbleyimyam ( @Churbleyimyam@lemm.ee ) 16•5 months ago
Would peer to peer apps be resistant to this sort of thing?
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English11•5 months ago
It depends. Somehow it has to discover the peers. Other than that, they could block traffic between residential IP addresses and there goes large part of the P2P network
- dm9pZCAq ( @dm9pZCAq@lemmy.ml ) 15•5 months ago
why telegram is not blocked? makes you think…
- ivn ( @ivn@jlai.lu ) English13•5 months ago
Telegram is not secure, I guess if you can listen to it better not block it.
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English6•5 months ago
I mean it was blocked before Signal was blocked. Russia somewhat famously badly broke their Internet trying to shutdown telegram… and eventually gave up.
I’m guessing Signal finally has enough market share to get the Russian government’s attention but not enough market share that they think the web of proxies that kept Telegram online will keep Signal online.
- dm9pZCAq ( @dm9pZCAq@lemmy.ml ) 2•5 months ago
and eventually gave up
or maybe they came to an agreement on mutually beneficial terms
- Dark Arc ( @Dark_Arc@social.packetloss.gg ) English1•5 months ago
Maybe, maybe not, maybe I’m a duck in a suite.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English3•5 months ago
It isn’t private
- Possibly linux ( @possiblylinux127@lemmy.zip ) English11•5 months ago
Honestly I would’ve expected it to be blocked much earlier
- marcie (she/her) ( @marcie@lemmy.ml ) 10•5 months ago
matrix stays winning
- vga ( @vga@sopuli.xyz ) 12•5 months ago
Probably mostly because almost nobody uses it.
- haui ( @haui_lemmy@lemmy.giftedmc.com ) 4•5 months ago
Couple million is absolutely nobody /s
- vga ( @vga@sopuli.xyz ) 2•5 months ago
Almost is absolutely \s
- Possibly linux ( @possiblylinux127@lemmy.zip ) English11•5 months ago
Matrix isn’t secure depending on how you use it. It also doesn’t protect individual identities terribly well.
Simplex Chat would be the better option however the main Simplex Chat server and matrix server could end up blocked as well.
- Dessalines ( @dessalines@lemmy.ml ) 18•5 months ago
Matrix is entirely self-hostable, and you can turn off both federation, and the requirements for any linkable identifiers.
Signal by contrast requires your phone number, isn’t self-hostable, and is based in a five-eyes country.
- Lemongrab ( @Lemongrab@lemmy.one ) 6•5 months ago
Matrix doesn’t protect metadata, which is arguably just as (if not more) important than message data. Signal by contrast does protect metadata and proper implements Perfect Forward Secrecy for all chats. I do think Signal’s centralized design and phone number requirements problematic, but Signal still has many merits. Such as its massive user base for a AGPL-only project.
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English7•5 months ago
Matrix also implements Perfect Forward Secrecy, and that’s been the case for a very long time: https://security.stackexchange.com/questions/162773/are-matrix-messages-encrypted-using-perfect-forward-secrecy
What do you mean by AGPL-only? Synapse is also AGPL. And you can only guarantee that there won’t be projects with other licenses if you prevent them from existing… which is not something to be desired
- Lemongrab ( @Lemongrab@lemmy.one ) 1•5 months ago
- AGPL-only is a license, I didn’t want to misrepresent the license by being general. I was just trying to say that it is surprising that a fully open source application like signal has a large user base.
- PFS isnt enabled by default for group chats and generally feels messy as the end user to deal with. I was unaware that they have properly implemented it for group chats as well.
- My point about metadata still stands. Matrix still does not protect metadata (one eg: reactions to messages are in unencrypted).
- ReversalHatchery ( @ReversalHatchery@beehaw.org ) English3•5 months ago
PFS isnt enabled by default for group chats and generally feels messy as the end user to deal with. I was unaware that they have properly implemented it for group chats as well.
Isn’t it? Maybe I’m misunderstanding something, so let’s start from the definition. PFS is when future joined users can’t read messages sent before they have joined, right?
In that case, it is not just implemented, but cannot be avoided and is a major hassle to deal with. In my understanding when someone joins, all members start a new olm session, meaning they now encrypt future messages with a new key. The old keys are not being sent to the joined users, not even if the room has been set up to allow reading history, and this results in them only seeing undecryptable messages, and all the metadata you’re taking about (except when the client hides these to reduce new user’s confusion).Former keys are not shared among clients for now because there’s no mechanism (for now, but this is planned) to verify that a new member is actually a legit member, not just someone popped in by the server admin by DB editing or whatever.
Earlier there was a workaround mechanism, where with element clients, when you have invited someone, your client has sent keys to all the previous messages which it had, to the invited user. That was not (yet?) reimplemented in their new crypto library, but apparently they’re working on it.But the point is, that afaik PFS is on and cannot be disabled for encrypted rooms, new rooms are encrypted by default, you have to toggle that off by yourself if you don’t want it, and it can’t be toggled off after room creation.
My point about metadata still stands. Matrix still does not protect metadata (one eg: reactions to messages are in unencrypted).
That’s right. I don’t think that’ll ever change, but it’s for sure that it’ll not change for a long time, because fundamental changes would be needed.
But! For when that is a concern, you are not entirely unprotected. For example you can set up a room to never federate, or only federate with specific homeservers. If your group runs their own, on owned real hardware, information can’t really leak from your control.- Lemongrab ( @Lemongrab@lemmy.one ) 4•5 months ago
In my experience, room encryption is opt-in and permanent for a room.
- poVoq ( @poVoq@slrpnk.net ) 3•5 months ago
for a AGPL-only project.
Citation needed. It is undisputed that the software that runs on their servers is not identical to the code they release; if they release at all because sometimes they just stop for a year, until people complain 🫠
- breadguyyy ( @breadguyyy@r.nf ) English3•5 months ago
plenty of servers for both though
- Possibly linux ( @possiblylinux127@lemmy.zip ) English2•5 months ago
The overwhelming majority of users are on the main servers. It also impacts self hosted Matrix servers that use the matrox.org identity server.
- ivn ( @ivn@jlai.lu ) English2•5 months ago
Couldn’t they block them too? Monitor the domains people connect to, check if it’s a Matrix server and block it if it is.
- Railcar8095 ( @Railcar8095@lemm.ee ) 10•5 months ago
Why countries that do not prosecute political dissent bock apps used by political dissenters? /s
- Catsrules ( @Catsrules@lemmy.ml ) 4•5 months ago
So signel proxy for the win?
- coolusername ( @coolusername@lemmy.ml ) 3•5 months ago
they figured it out that it’s CIA :)