@resist1984 @ilyess That worries me indeed.

@sergeant @resist1984 you’re right. Unfortunately, as it stands today #Signal remains the best #privacy preserving messaging service out there for novice users. I’m thinking of users who just wanna put in their phone number and find all their contacts and start conversations, just like they did on Whatsapp.

We might not all agree with Signal’s move to introduce crypto but we don’t have proof that it makes the messaging service less secure or less private.

@ilyess @sergeant The mobile phone number requirement makes #Signal less secure than #Wire, #Jami, #Briar, & #Snikket. It creates a large & unpredictable attack surface in addition to expanding threat agents from the cryptocurrency. The worst part is it pushes an ultamatim on people: get mobile phone svc (huge can of worms) or be excluded.

@sergeant @ilyess Excluding people for not having mobile phone svc is privacy abuse, as it creates pressure for them to subscribe to a service that tracks them. It also then puts users in a position of financing privacy offenders, like AT&T.

@resist1984 Absolutely! While that bothers you and me, the reality is that most users already have a phone number, and don't see this as an issue, because in this day and age you can't do much in society without a phone number. In some countries it's even part of your identity. At the hospital? What's your phone number? Wanna order delivery? What's your number? Need internet at home? Phone number.

@ilyess I do not have a mobile phone & I function quite fine. I'm not interested in accts on Facebook, Twitter, Signal, and MS LinkedIn so it causes me no issues. Mandatory GSM registration is reason *not* to have a mobile phone subscription, not the contrary. The only number I give businesses is a voicemail-only number. Using #Signal to marginalize ppl w/out a mobile# is not okay.

@resist1984
@ilyess
not sure the point here. are you saying people should be like you in their daily lives? no phone number, no phone to carry to have?

or you're just saying that's how you want to live?

@NatCor @ilyess Different people have different operational requirements. If you have kids, it might be hard to avoid having mobile phone service b/c you need to always be on-call for the kids. Or maybe you need to on-call for work emergencies. But if you don't have an operational need for mobile phone service always on standby, then you may have made a bad compromise. This is just part of my point

@ilyess @NatCor Having a mobile phone w/out service gives a good amount of availability w/out making a huge security compromise. The phone can still use wifi & work for voip,wire,briar,tutanota etc. Since some people have mobile svc & some don't, opting for Signal marginalizes ppl who don't have mobile phone svc b/c they are excluded. So my point is that it's bad to encourage or push Signal on ppl

@resist1984
@ilyess

I believe it's any phone number landline, voip, or mobile.

If signal it can't text you, it will call you for a confirm code. A small percentage will have random voip numbers with spoofed id info though. with landline mostly tied to specific location.  some advanced users can spoof that as well.

@resist1984 Wow, I truly respect that. The voicemail-only service you’re using did not ask for you personal information upon signup? How is it different from a regular phone number?
If you wrote about this somewhere else feel free to send me the link. I don’t want you repeating yourself but I’m genuinely interested in your experience.

@ilyess The voicemail-only service sends the VMs to an email address, so I had to supply an email address but nothing else. And because it was gratis at the time of registration, I'm anonymous in principle (no payments to track). Of course there's no way to be anonymous when callers leave detailed voicemails, but I escape all the mass surveillance that's inherent in mobile phone service.

@resist1984 That’s pretty cool. Would you mind sharing their website? I’d like to take a look.

@resist1984 That depends on your threat model, right? I don't think requiring a phone number makes #signal less secure, it makes it not anonymous for sure but the cryptographic strength of the underlying Signal protocol remains state-of-the-art.

Wire and Briar are not fair contenders here because the former is not free and the latter solves a different problem than Signal which comes with its set of feature limitations.

1/2

@resist1984 I'm not trying to say that those products are bad or shouldn't exist. The point I'm trying to make is that for a novice user, comfortable with and used to a free messaging app like Whatsapp, it would be remarkably easier to transition to #signal than to any other #privacy preserving alternative on the market right now.

2/2

@ilyess It's the other way around. Your threat model depends on the threats. By inviting a new threat (by introducing cryptocurrency), you must expand your threat model. If you don't, your threat model simply suffers from being unfit for purpose. The phone number also makes Signal less secure because that's a needless vector for key recovery.

@ilyess #Wire *is* gratis.

@resist1984 Oh is it? They must work on their website then, it only shows 2 tiers on the Pricing section: Pro, and Ent. https://wire.com/en/

It also seems focused on corporate users and not individuals. Not a reason to discard obviously, just something to point out. What are your thoughts on the product in general, if you’ve used it?

@ilyess #Wire is not forthcoming about the gratis service. Obviously the corp premium service pays their bills so it makes sense that they would focus on that & downplay the less profitable services. Wire #justWorks, it's usable for normies, and most importantly it's inclusive (unlike #Signal). It works on mac,win,linux,ios,android. The metadata is public but it works over tor automatically

@resist1984 Metadata is public as in details about who’s talking to who, when, and for how long is accessible by Wire?

@resist1984
@ilyess

Can you explain your remark
"The metadata is public but it works over tor automatically"

Can you provide your source of that info? I was not aware Wire works over tor. Thanks.

@NatCor @ilyess This differs between the desktop & mobile versions. The mobile version seems Tor-unaware when I look at the settings, but a transparent proxy (#Netguard + #Orbot) will force it over Tor (and it works). The desktop app is based on #Electron. It's broken the recent #Debian #Bullseye but when I ran it on past OSs I noticed that it detected and utilized Tor automatically.

@ilyess @NatCor But I still don't like relying on that auto detection (I don't know the nuts and bolts of how it detects a Tor installation), so I passed this CLI parameter => --proxy-server='socks5://127.0.0.1:9050'

@NatCor @ilyess Apart from that, I don't recall if or where this is documented. I just know from my own tests.

@resist1984
@ilyess

So Wire does not officially claim their msgr is tor enabled. As I have not read anywhere on the Wire website their msgr is tor enabled. I just want to be clear. Its the own user setup. ok.

@NatCor @ilyess I see nothing written that claims Wireapp auto connects to Tor, only that it is Tor-capable. See https://github.com/wireapp/wire-webapp/issues/1882 and https://support.wire.com/hc/en-us/articles/115005697189-How-I-can-connect-through-a-proxy-server-on-desktop- I think it was a forum or blog that told me Wire connects to Tor automatically, and I confirmed it w/tests.

@ilyess @NatCor But i have to say this statement is a bit alarming: “some features like calling might not work or lower the anonymity of Tor or I2P”. I think what drives that comment is the latency inherent in Tor (which harm voice quality substantially), but I've not had signficant issues with that.

@NatCor @ilyess Wire does not require a phone number, but you must give either a phone number OR an email address. If you choose to give a phone number, or you give Wire an email address that is tied to your identity, then that metadata could then perhaps be aggregated with the Tor exit node that you might be using. But OTOH every app gets a different Tor circuit anyway.

@resist1984
@ilyess

What's your thoughts on Session Msgr?

No phone, No email. federated, virtually zero metadata, e2ee, PFS, ephemeral, 3-hop onion routed, data locally stored on device, non profit org, FOSS, voice video onion routed on the horizon.

Between the 2, #Session and #Wire, which one would you use?

@NatCor @resist1984 #session is great especially for a one-off exchange with a stranger thanks to the lack of phone number requirement. I also use it with more privacy-conscious contacts that don’t mind the reduced feature set.

@NatCor @resist1984 @ilyess prefer session over wire.

@ilyess
@resist1984
wire has a free plan they don't post prominently on their website. just download the app without registering for a paid plan. it will work as a free personal plan (if its personal use only as they say)

https://wire.com/en/download/

@resist1984 @ilyess Simply, OP has good NOVICE reccomendations, except switch #ProtonMail to @Tutanota and that's all. There are better alternatives but these are the best balance between easy and private; nothing more.

@Tutanota @resist1984 @foreverxml There’s certainly a balance between convenience and privacy/security. Most people favour the former to the detriment of the latter unfortunately. We have no choice but to make #privacy more convenient.

@resist1984 I disagree. Threats are different per individual. What consists a threat to you might not be one to me, and this is true regardless of the additional exposure the product we’re both using gains by onboarding new features. E.g.: if my only threat is my telecom company, as long as transport is properly encrypted and IPs obfuscated I’m good. If tomorrow, metadata start leaking on AWS because of a new feature, I’m still good because AWS is (and was never) a threat.

@ilyess Some threats vary by individual; some do not. You may not need targeted fbi surveillance in your threat model, but if mass surveillance isn't in your threat model then you're delusional. Mass surveillance is a threat to everyone & only absent from threat models of the naive. Bringing cryptocurrency onto the platform expands mass surveillance to an extreme that cannot be ignored.

@resist1984 @ilyess
>Bringing cryptocurrency onto the platform expands mass surveillance to an extreme that cannot be ignored.
I don't understand how. Especially if the CC in question is (supposedly) private (not saying there aren't other problems with it). Look into #Monero if you are interested in how a CC can be private.

@Hyolobrika @ilyess @resist1984 crypto transactions are traceable by EVERYONE.

@dhfir @ilyess @Hyolobrika there's a good discussion of it here: https://www.schneier.com/blog/archives/2021/04/wtf-signal-adds-cryptocurrency-support.html The feds are becoming diligent at tracking cryptocurrency. And if they were to hypothetically encounter a cryptocurrency where they couldn't see the ledger, they would simply cripple it by actions like banning its use, banning fiat exchanges with it, etc.

@Hyolobrika @ilyess @dhfir Not sure if you followed the big recent ransomware attacks on US infrastructure, but the ransom was paid and then US feds were able to follow the money and hack the recipients. The feds took the money back. Anyway, bringing cryptocurrency to a msging platform invites all kinds of unwanted attention from regulators who would happily atk msgs while they are there probing the money.

@dhfir @ilyess @Hyolobrika It's the money that brings various feds to probe Signal, who wouldn't normally be interested or funded if the platform were purely msgs.

@resist1984 @dhfir @ilyess Any technology that relies on adversaries not wanting to crack it instead of not being able to crack it is weak though.

@Hyolobrika @ilyess @resist1984 there are few things nobody can crack.
Most things rely on making it not worth the effort of at least those who are interested.

@dhfir @ilyess @resist1984 Why is cryptocurrency worth the effort to crack but not encrypted messaging? And if its just cryptocurrency that they want to crack then why would they touch the rest of Signal while they are at it?

@Hyolobrika @ilyess @dhfir Different spy orgs and regulatory agencies have different motivations, financing, and scope. They are all collecting data that's in the slightest relevant to their mission. Bringing money into the mix more than doubles the snooping. Signal has made a big effort to minimize metadata to conceal who talks to who. Bring an open ledger into the mix just shit-cans all that benefit.

@dhfir @ilyess @Hyolobrika It weakens security. And it's not so much the chance that a payload will be /cracked/ (sure they are working on that, but it's actually not a big threat b/c even if they succeed they won't act on it & blow their secret unless it's to foil a terror plot). The biggest problem is that the ledger will reveal metadata which can fill the gaps on msging metadata.

@Hyolobrika @ilyess @dhfir Complexity is bad. Every time you increase the complexity a system, it inherently weakens the security of it because complexity is proportional to the number of defects. Bringing cryptocurrency onto #Signal obviously increases complexity & attack surface, & it also increases the quantity of threat agents as well as the skill & resourcefullness of threat agents.

@dhfir @ilyess @Hyolobrika Having both messages and money pass through the same platform makes it a juicy target. It's almost like the weakness of centralization. When too many eggs are in one basket, you have more risk for 2 reasons: more interesting for more attackers (gov & criminals both), and you have more to lose.

@resist1984 @Hyolobrika @dhfir I agree but I still don’t see how that’s gonna compromise the security of the Signal protocol. You’re worried the unwanted attention is going to find holes in the communication protocol and exploit them?

@dhfir @ilyess @resist1984 Including Monero?

@Hyolobrika @ilyess @resist1984 I meant in most cases.

@dhfir @ilyess @resist1984 Well, I specifically mentioned Monero and the conversation is about MobileCoin, which both have privacy features.

@Hyolobrika @ilyess @resist1984 and the feds are putting massive effort into cracking monero.
They haven't succeeded yet, but they're making progress.

@resist1984 @ilyess @sergeant For any average user there should be the right balance bw privacy & convenience; else, most of them wont even bother, there are always other options for ultra paranoid people which they will find eventually; This makes signal the best choice for privacy among other mainstream IM's.

@srashwan @resist1984 @ilyess I agree. I do prefer #Threema myself though.

@sergeant @resist1984 @ilyess There is a new player #sessionapp which looks very promising & deserves attention however, I havent seen them being endorsed in any leading privacywatchers.

@srashwan @resist1984 @ilyess Never heard of it.