I don’t trust Signal
I’m sure you have already formulated an opinion about how I’m wrong. That’s fine, but I invite you to at least open your mind a little before you hit back and inform me of how stupid I am.
After the hackernews reaction I should also preface this post by saying that the title should really be "I don't *inherently* trust Signal". This is an important point because nothing of what I talk about here is a reason to not use Signal by itself; it just lends a skeptical person to the conclusion that there's no concrete reason to trust them, and that ultimately Signal makes it hard to function the way they do without half-blindly trusting them.
This is decidedly not a rehashing of Drew Devaults essay of the same name, he mostly talks about Google Play and Federation.
I am here to talk purely about trust, about how it’s something you verify- something that is hard earned, something you try to avoid giving, that’s easily lost and worries you when people forcefully ask for it.
Let me start with a perhaps controversial statement:
I do not believe that end-to-end encryption means anything at all when the network and the client are the same entity.
What do I mean?
Well, back in the old days, by pure virtue of not having large companies that could do everything, we used to bolt on security mechanisms to insecure transports. PGP, OMEMO and the foundation of Signals encryption OTR are all known primarily for being developed as third-party client side implementations. – for everyone else TLS was good enough since if you trust MSN or AIM (the client) then you trust Microsoft or AOL, right!?
What running an encryption overlay means in practice is that your transport could never collude against you with your client; better: it usually means multiple client implementations of the same standard (though not always; in the case of PGP for example) – and often the clients are fully open source.
That leads directly into two of my next grievances:
Signal is not open source #
Why would I say something so provably untrue? “Of course signal is open source, it’s on f-droid! (it’s not, actually1); there are even sources on github!” … I can already hear it coming.
How is it then dear reader, that they developed MobileCoin integrations for over a year without anyone knowing?
That would be because, they stopped updating sources. We can be reasonably sure that private & unpublished code was in production, otherwise they left some security vulnerabilities unpatched for a long time2. This throws into question the entire nature of what they consider “open source” to mean, they are clearly comfortable deploying non-public software.
It’s also vanishingly small amounts of people who will use the from-FOSS versions of the client, nearly everyone will be downloading it from Google Play or Apple’s App Store; and they have a long way to go when it comes to verified builds which seems to work when you google it and there’s a page; but in reality if you read the page you’d realise is not possible.
Which gives a false appearance in my opinion, and that is a large part of my issue honestly; that there is a surface level of “everything is by the book” but underlying it all is: nothing, really.
Signal doesn’t give you any option to verify their claims #
If I were in a situation to be signal, if there was a competing implementation that I could point my clients to (similar to how headscale is an implementation of tailscale’s control server); I’d certainly be a lot more comfortable, since then I could be in a situation where I can see all traffic to my server and jail/inspect all traffic coming from the binary distributed Signal client; thus it would allow for independent verification of the binary distributions delivered via Play or the iOS App Store.
As it stands the whole thing is built on trust and people believe that someone else will do the hard part of reverse engineering every version.
Which I don’t have to tell you is significantly more effort, requires much more advanced skills and might not even yield results even if there were concerning items yet to be discovered.
“Moxie says you can run your own server though!”3; I’d like to see where I can change the endpoint in the signal app that’s distributed via Play or App Store; my claim is purely that I can’t verify those and that few enough people run the custom compiled versions to be meaningful. If I was to be smart and want to hide a back door I’d only need one side of every conversation. – please note though, I’m not saying they do this, I’m just saying that they could do this and the only thing that says they don’t is “trust me”.
Signal is fairly hostile to any other clients #
OK, so, it’s unlikely you run a from-source client, it’s less likely everyone you know runs a from-source client. It’s less likely that everyone you know audited it– but that’s easier than reverse engineering of course.
However something that could increase trust is to decouple that client/network collusion possibility, perhaps by having independent clients based on a spec.
Moxie has explicitly said several times that third-party clients connecting to the main Signal servers are actively not supported and has threatened to start blocking them or enforcing the Signal trademark if they get big enough4.
Signal took money from the US Government #
I’ve heard the argument about this,
NSA OTF5 funds loads of projects, “You’re being a conspiracy theorist Jan!”
Sure. NSA gave us SELinux, NRL gave us Tor (which the CIA loves), sometimes the stars align and the security services actually release something that makes us more secure. However I still find Signal an odd choice, it’s not inherently better than any other client that supports OMEMO, including Jabber clients. The only things it’s better in is that it’s a foundation that is under US jurisdiction- it was founded around the same time as Telegram which was likely seen as a competitor- and… it has good marketing? I don’t honestly see any reason to fund Signal over anything else. Additionally: Tor and SELinux genuinely are used by their respective agencies,
yet Signal is not being used by NSA. I know this for fact.6
Signal seems to have a lot of strong and emotional advocates #
This is also conspiratorial, but if you take my first point as fact: that E2EE is meaningless if the client and the network are the same; then Signal seems to have a lot of people foaming at the mouth on popular sites like Reddit and HackerNews doing everything possible to convince you that it’s the one true secure messenger. If you do anything more than what signal provides: you’re paranoid and probably doing it wrong anyway; if you do anything less or god forbid you use something like Telegram; you might as well telegraph all your messages to every person on the planet!
Ok, I’m being hyperbolic; but there is a really strong sentiment that cannot be argued or reasoned with (especially on hackernews), and legitimate complaints are brushed aside with snide remarks about paranoia or trust or that you’re not doing enough for privacy. Which, if you really do buy my first argument: feels massively disingenuous.
Signal requires a phone number #
I know, this ugly thing. People say that it’s to combat spam. Unfortunately you know what else it combats: basically anybody being able to register with signal without disclosing their ID to someone. Even more annoying is that locating someone via phone number is pretty trivial if you have the right equipment or you have the ability to ask a carrier. Heck, that’s how they got Mitnick.
I am really not a major privacy nut, and when you get to the end of this blog post you’ll see just how true that is, but my point here is simple: You cannot claim to be running a secure messenger and have your only method of connecting with other person be a globally unique number that is easily tied to a real world person. Physical security is a pretty major part of security.
They say they’re working on this, and someone mentioned something recently about a very complicated command-line, I haven’t looked into it any further honestly – However people are definitely advocating on hackernews and reddit to keep the phone numbers because (and I quote: “Keeping the numbers makes it easy, if I wanted usernames I would use Riot/Element”).
The hagiographies of Moxie #
OK, I actually have a soft spot for Moxie, he gave a talk on not trusting CA’s and instead developed (a now defunct) system that used multiple third party brokers to act as notaries. It was called Convergence7.
One of the things I really liked about that approach was that it inherently didn’t trust the “authority”.
Now it seems Moxie really likes the idea of authority, so long as it’s his foundation.
I’ll be honest, despite me having a soft spot for Moxie, I am inherently distrustful of being told what to think, I am even more distrustful of anything that uses emotive language (such as Fox News or the Daily Mail) in order to illicit a particular feeling on the state of the world. When I read articles like his profile in The New Yorker I am left thinking:
Who paid for this? Why?
From everything I personally know about the media, articles like that are usually paid for, though almost never directly8.
And it goes back again to “authority” for me; I’m being told to trust this guy, this foundation, that they’ve got the right moxiehaha, that they’re in it for good reasons.
But, only if they’re the authority.
You could argue that Convergence, the anti-authority system, is defunct and thus his new approach is more poised for success as he has learned that authorities are good; and honestly I wouldn’t have a good argument against that. It’s possible. Coincidentally though the best form of government is absolute dictatorship; so long as the dictator is benevolent. it says nothing about future corruptibility… which brings me to my final point:
Signal wants to move fast9 #
This, is the common argument used against federation, and when I first read it I thought that basically they want the ability to forcefully change the software and protocol actively used for users without any consent (much less informed consent), which renders it functionally immune to any criticism or review because any aspect of the protocol could be changed (‘improved’) at a moments notice.
Final Word #
OK, I talked about trust, I don’t think any individual issue I’ve mentioned here is a dealbreaker, and most in isolation can be argued away. For me, though, in the larger context with all these pieces I can’t really say that I have full faith in Signal. It’s fine for me as an insecure messenger, but the UX is just worse than other insecure messengers. I don’t personally have any reason to trust it more than telegram; other than that people get mad when you say that. Which, is incredibly unconvincing.
I mean, we have an ecosystem that:
- Can change at a moments notice10; and works hard to keep it that way;
- Attempts to avoid you extending their messengers;
- Is centrally controlled;
- Handles all traffic (via the USA, no less);
- Took money from US intelligence agencies;
- Is not used by at least one US intelligence agency that I know of;
- Has engaged hiding updates before;
- Can be easily tied to your person;
- Asks for your contact list and “encrypts” them in a way that is trivially broken11;
Those things combined, with the strong push that it is truly the “secure” messenger gives me enormous pause.
Telegram might be cryptographically flawed12 and does not have E2EE enabled by default; but you know what it has? An open protocol, third-party clients, accounts without phone numbers, it’s eas(y|ier) to use- and if I get paranoid: fuck it, I’ll customise one of their open source clients to use OMEMO. Ironically the messenger which is widely thought to be less secure has a similar enough trust stance but is open enough to actually be more secure…
Or maybe we should all chip in with what Matrix/Element are up to, instead of allowing these walled garden authorities to exist with “trust me bro” marketing and a cool looking hacker dude as the frontman being the only major selling points. (yeah, you too Telegram)
Thanks to Signal’s centralized model, implementations of backdoors are one (perhaps even targeted) software update away. By the time the “nerds” find out, it’d probably be far too late and lives could be at stake.
It’s unfortunately such the nature of the beast that being half-hearted about security does not yield a half-secure product, or a product that’s fully secure against half the hostile actors, it yields a product that only gives the presumption of safety, which is far more dangerous.
I use many messaging services in my life as security absolutism leads to a miserable, paranoid life, but my expectations are accordingly tempered when I use them, and I let my contacts know my expectations too. Everyday chat? Sure. Sensitive, personal info? Maybe, depends on the exact topic. Trade/state secrets (if I were to handle them)? Hell no.
If Signal’s security boils down to reputation and community trust, why not just use WhatsApp or Facebook Messenger or really any chat product where the makers claim it’s secure and private?
Common Responses #
“Who do you trust? they literally do all they can.”
Commercially, truthfully, I only really trust Mullvad; they do everything possible to keep their customers anonymous even to themselves and are pushing open source systems transparency that we can all benefit from even as non-customers of the service.
Otherwise; I will always have more trust toward the people who create FOSS that is easy to use by yourself or allows you to be independent from central control which aids in making you a small enough target that the government isn’t going to knock your door. Federated or independent alternatives that live outside centralised control, that do not need to consider nation state threats because they are practically anonymous if used correctly.
“it’s easy to criticise, what have you built!”
IDK, games and stuff. I’m aware of how people can be overly critical; but Signal invited these problems and has been ignorant or dismissive of peoples concerns on these points. My point is mainly that we should probably be funnelling money, resources and time to things like Matrix/Element – rather than the authoritarians. Or otherwise that Signal’s tradeoffs don’t amount to more than trusting them. Which for me defeats the whole point.
“They make trade-offs to make it easier”
Yep, but if you’re willing to take those tradeoffs there’s no difference between a fully E2EE messenger program where the client and network are the same entity; and a TLS connection to the network with any client. It’s the same level of trust.
“x problem is so small/x problem is not an issue!”
Unfortunately all of these points are dots on a line, none big enough to cause any real distress, most easy to hand-wave away. However when put together they paint a picture: a picture of a company that is being heavily promoted but who’s principles boil down to ensuring they are in total control. There is no straw that breaks the camels back here, none of these are strong objections, just minor and quite numerous. Handwave as many of these issues away as you’d like, I’m certain there are some core factual errors here. At the core of it though: I contend that E2EE means nothing if the clients and the network collude are one entity- and I see no true external reason why I should trust Signal more than anyone else if you consider that statement to be true.
“You are wrong about y”.
Yeah, probably, this is my outside observation, I wrote this at 2am on a night when I couldn’t sleep and someone argued passionately in favour of Signal over everything else (to them: more paranoid solutions are completely unusable, less paranoid solutions are tantamount to a billboard in times square!) and I got frustrated. Not everything is post is fully fact checked, mostly it’s based on gut feeling. I can be wrong about any and all of this article but the problem is that the core of the argument doesn’t lie in the semantics. The issue is one of centralised control and the notion that E2EE is functionally useless if your client can be updated randomly. This post is a collection of minor grievances or feelings that make me not trust them more than other providers.
It’s not on f-droid and Signal has “preferred” to avoid it’s inclusion there; https://forum.f-droid.org/t/signal-on-f-droid/13742 ↩
OTF has a long and storied history as “Radio Free Asia” which is a propaganda outlet. It was devised under Secretary of State Hilary Clinton who coincidentally endorses Signal and is featured heavily in the book Propaganda, Power and Persuasion: From World War I to Wikileaks. ↩
To be clear about payment for articles, it’s often not the case that established journals will directly take payment for an article. It is much more common to take lunches with PR firms whom you’ve hired, for your marketing spend to drive up your profile in other ways and it always helps to be close to an advertiser in some way. This is not conspiracy, that’s just how the media machine works. Drive up your image, someone will write about you. Be it via PR lunches or marketing spend. ↩
Signal updates without consent: https://github.com/signalapp/Signal-Desktop/issues/4578 ↩
there is no evidence or reason to believe that is the case, there was a great outcry when Telegram launched that they had home-rolled their own crypto; after getting a security review they appear to have fixed four flaws that were discovered: https://ethz.ch/en/news-and-events/eth-news/news/2021/07/four-cryptographic-vulnerabilities-in-telegram.html ↩