I get a lot of credit for the stuff that Open Whisper Systems does, but it's not all me by a long shot. Trevor Perrin, Frederic Jacobs, Christine Corbett, Tyler Reinhard, Lilia Kai, Jake McGinty, and Rhodey Orbits are the crew that really made all this work happen.
Given that we have the man himself onboard - can I urge you to ask the WSJ to remove the comment at the start of the article about WhatsApp implementing your encryption schema? Unless I've missed something, there's absolutely no way for an end-user to determine if their messages are being encrypted (with whatsapp). Or how they're being encrypted for that matter. I feel like WhatsApp latched onto your groundwork (potentially even with good intentions) - but never actually has opened up about the implementation, opened the code to audit, or been forthright about exactly who/how many users are covered.
I fear articles like this just make the average joe think "oh, whatsapp == secure" when recent events have proven that's far, far from the truth.
>Last fall, WhatsApp added Mr. Marlinspike’s encryption scheme to text messages between users with Android smartphones, but there is no easy way to verify that the encryption software is actually turned on.
So they're being pretty open about the fact users can't determine if their messages are truly encrypted.
Yes but that's so deep down. A large number of people read the beginning and skim to the end. They might miss it. So it is a bit misleading IMO. Disclaimers should be more obvious
"Absolutely no way"? I'm sorry to be impolite about it, but that's a bit of an exaggeration: one could jailbreak their phone, pull the binary into their computer, decompile it, and inspect it for implementation structures that would be coherent with how the two or three most popular encryption algorithms are commonly implemented. The expertise to be able to accomplish it doesn't come cheap, but it's certainly in the realm for anyone willing to invest the time.
If anyone out there does it, feel free to post your findings to http://imfreedom.org/.
I'd be willing to bet that WhatsApp has some competent programmers, and looks very similar to how Apple's built iMessage. I think everyone is entitled to the most security possible, but unfortunately when you're at the scale of WhatsApp, perfect security would make all that ultra-tantalizing data pretty hard to analyze. They're a business, they have a responsibility to their investors to grow the business, and data right now is a _big_ business.
So you've probably just broken the law by doing so. And you have to do this everytime the app gets updates. And you have to be sure that the encryption is actually getting used on every message. And that the key is strong and not known to Whatsapp. And also that the recipients copy of the app is behaving the same as yours. So I guess the question is, if you had something to hide would you bet your life on it?
Many countries have laws against reverse engineering programs. Whilst I think these laws are stupid I would prefer to just use the open source program than mess around with the closed source alternative.
According to Wikipedia[0], reverse engineering is generally legal in the US:
In the United States even if an artifact or process is protected by trade secrets, reverse-engineering the artifact or process is often lawful as long as it has been legitimately obtained.
Actually have another look at that before you break the law on this yourself.
As far as I can see that article says that reverse engineering is legal in the case that: (1) the EULA doesn't mention it (I've no idea what Whatsapp EULA says - do you?). (2) it is done for the purpose of interoperability. What is being proposed by the GP is in fact not interoperability but security testing.
As I said before I think that the laws on this are stupid. But why worry about this when there is a great FOSS program in the same space?
Yes but it has 350M people living in it, half the HN, Silicon Valley, and Moxie with his team. It's not honest to say the US is just another country among 200.
yep, in other words around 4% of the world's population live in the US and of course this pales in comparison to actually large nation states, like india or china.
> one could jailbreak their phone, pull the binary into their computer, decompile it, and inspect it for implementation structures that would be coherent with how the two or three most popular encryption algorithms are commonly implemented.
There's a much easier way. Turn off your phone's cellular connection, but turn on wifi and connect it to a wifi network you control. Then just sniff the packets.
2) make a public statement about it (believe it or not, that hasn't happened yet. Perhaps it will come when the iOS versions supports it - or perhaps it never will)
3) commit to the new encryption system in their privacy policy (make it at least somewhat legally binding - which could also be used against abusive law enforcement orders)
even if an Android application would communicate with others 100% securely, Google has wireless administrator privileges and can be served secret letters that can order Google to do anything, so technically they could log the data before it's encrypted.
I don't really know much about what kind of network chatter Android generates generally, but I imagine that, even if its encrypted, you can detect that there's suddenly network traffic to Google?
And then, depending on how silly the eavesdropping is, repeating the same message might cause the same encrypted payload to be transmitted?
traffic to Google is probably very common... and to be sure that you get the whole picture, you would probably need to intercept wireless signals going to the cellphone company which are also encrypted
Thank you for http://www.youtube.com/watch?v=unZZCykRa5w. Your notion of 'bundling' was one of my top three most mulled ideas in the past five years. Once I started looking, I see it everywhere.
Watched it last night. The very short summary is "bundling" is a kind of inside out Trojan Horse, the example Moxie used was "Google Analytics" which has some functionality that is undesirable to some users, enough so that it was blocked by some privacy extensions. Over time, Google started adding "useful" features to the GA code for websites, arguably because "you're already loading GA, why not get some utilities for your web site?" Well... this means that if you (the web dev) use the GA "utilities" on your web site, privacy extensions will break the website or have to allow GA to load. Some of those privacy extensions started to whitelist GA because of this.
Now the undesirable effects have come back and users now have to make a harder choice between a broken website or being another datapoint for someone's analytics.
The talk is not just about this, but more so about the way the world changed from attempted mandatory "controls" upon people to allowing them the "choice." The scope of "bundling" (features added to encourage use) gets larger and larger until you realize that you're living in a corporate panopticon along with everyone else. If you're not paying for it---you're the product---and bundling becomes the method used to keep you providing them with the best product.
You are a gentleman for redistributing the credit. I have unfortunately worked for people who would not have. Regardless, thanks for your contribution to privacy, and may whatever karma exists rain invisibly on you ;)
Moxie, the progress on TextSecure/Signal integration seems to have slowed down quite a bit (at least as seen from the outside). I think it's been almost a year since Signal for iOS came out - yet still no word on Signal for Android.
What is taking so long, if you don't mind me asking? Is there some sort of Signal 3.0 overhaul planned for all the platforms along with a big launch?
Also, I think you've been quite retreated in the past year or so, I assume so you can focus on working. But I believe you should personally get more involved in promoting your apps (as you do in this piece here). Go on more TV shows, podcasts and so on. Look how much Telegram has grown, not because it's any better than Signal (far from it), but because they've actively promoted themselves and took a more pro-active role in building a community.
More mainstream users need to know that "Skype is not secure, but Signal is" - which reminds me - I hope Signal will eventually get encrypted video-chat support as well, to make it a true alternative to Skype (and of course a desktop app, but I know your team has been working on that).
To monetize the apps have you considered trying to get Signal into enterprise, as a much more secure alternative to what enterprise customers are currently using, and then get paid for support? Or do you believe that would complicate things too much and make the apps worse off in the end?
I used to be a "fan" of TextSecure, but have become disillusioned lately. The development have always been slow. Very few people use it, even among my geek friends. Convincing people to use it is hard as well. Confusion over what it does, having to give out their phone number and no desktop client doesn't help. When I'm actually in need of encryption it doesn't even work, since Google Play services are blocked in China. I personally agree with the team behind hemlis, it's to late to become mainstream. Not that I expect most people to care. TextSecure fulfills it role as a political and technical wank.
I've used TextSecure since sometime last year and my impression is that development has been speeding up in the past few months. [0] Seems like there's a new version every week. Most recent update brought a nicer UI, week before that "quick reply" from notifications, .. it really is very slick these days, and it works so well as a drop-in replacement that I've had no problem making my whole family (and various friends) use it. Not much explaining needed: you send texts just like before, but if the other person also uses TextSecure it's - well - secure (and free) and you don't have to think about it.
There are too many different encrypted texting apps and no market winner. How does text secure compare to Bleep by the bitorrent people, for example?
For there to be enough users, we need public proclamations of support from Bruce Schneier or and maybe Moxie, celebs like that. Maybe interoperability.
This. I used to recommend TextSecure to all my friends, but it didn't interact well with other services, and then IIRC it stopped working with SMSes entirely.
> To monetize the apps have you considered trying to get Signal into enterprise
I agree with this bit. It seems weird that people with clear requirements for privacy, like doctors, lawyers, insurers etc, remain totally clueless about encryption.
While we might have more personal sympathy / affinity with political activists and nerds, they don't seem to be very good at proliferating encryption technology.
Just in case you're not aware. RedPhone for android does encrypted calling, and TextSecure for android does encrypted messaging, so there doesn't seem to be a reason for Signal on Android aside from the brand unification.
Moxie, how do you do it? There are other good crypto people, good developers, good designers, and you're probably not the best at any of those things, but how do you make results like:
>A few years ago, Matthew Green, a cryptographer and professor at Johns Hopkins University, unleashed his students on Mr. Marlinspike’s code. To Prof. Green’s surprise, they didn’t find any errors. He compared the experience to working with a home contractor who made “every single corner perfectly squared.”
While having Signal is great, one thing I don't like is the use of phone numbers as identifiers. Why can't we have the option of using a random string?
I'll also take this opportunity to give thanks and respect the whole team.
Though I have to say, whilst I understand the absolute ballache of technical reasons for dropping SMS support, I'm _still_ extremely sad to see it gone :(
Maybe you could answer a few questions? That'd be cool.
Is there much hope for strong privacy and anonymity using smartphones? Even with secure apps, there's the baseband, controlled by the cell provider. Can it be isolated?
What are the chances for open-source hardware?
What are the main pros and cons of iOS and Android?
It seems interesting. But they want an address just to create an account. At least they don't demand a mobile number ;) And the only payment options are bank wire and PayPal. I don't see that they accept Bitcoin. Also, I see no option for anonymous fulfillment.
DocScrutinizer05 says on IRC that neo900 will accept cash by mail and Bitcoin. And "anonymous fulfillment" (on-site pickup, I presume) for wholesale (N>50) orders. Cool. Someone could sell them for cash at conferences, etc.
I would take this opportunity to say a big thank you to the whole team, textsecure is my default messaging software and it's really well done. Thanks to all of you ! :)
I remember being in an applied crypto class with you at CMU taught by Virgil Gligor if I am not mistaken and was thoroughly impressed with your knowledge of cryptosystems. I am happy for you! Way to go.
I tried TextSecure through bluestacks and captured the stream to find out that it is using TLSv1. I am a noob in computer security, but isn't TLSv1.2 more secure?
What infuriates me the most is that is such a blind, selfish, first world argument. It assumes freedom of speech is granted, ubiquitous, and irreversible, so those who want extra protection must be criminals.
In some countries you can be killed for your political views. You can also be killed for what you are -- gay, for example.
Anyway, in most cases the person who said that is a complete hypocrite, like a politician/businessman who wants to ban encryption to be able to spy on their competitors, not to "protect children".
That's even a higher level of blindness. Those people understand how the world works. They know that hackings, theft, revolutions, and coups d'etat exist, and those who once were righteous, legal and legitimate may be prosecuted.
What if there were a revolution and the new government decided that now being a sports fan were illegal? That new government may have access to apparently innocent communications where people discussed sports events. Communications that were legally intercepted and innocent in one scenario may be life-threatening if laws change.
That's why we need encryption, that's why all person-to-person communications must be private (we can discuss the transparency degree for governments communications), and that's why governments must find some other way of fighting crime than just exposing everybody naked to make it easier to pick the bad apples.
Sorry for the rant, but encryption is saving lives of gays, illegitimately prosecuted politicians and such. Banning it with lame excuses is short-sighted and may backfire some day.
I wonder how many of the people on that think of the children side were either affected as kids, had children who had some awful experience, or are of close relation to someone who was or had kids who did. Because I could easily see something like an awful event happening to a child really warping a persons world view in a strong way.
On the other hand, I wonder how many privacy advocates have never experienced anything awful in that sense.
I'm on the privacy side myself and it's true child touchers are just hearsay for me. I know they exist, I know it happens, but it's not generally at the forefront of my mind when thinking about much of anything really. And I really wonder what I'd think if everytime I thought about policy I also had poor Timmy's story echoing away for all eternity in my head.
And then I wonder for the motivations of the people for whom child touchers are hearsay but are really opposed to privacy. Their motives must include things like drug dealers, terrorists, a belief in their own clean slate, money. It's pretty interesting to think about what goes on behind the scenes of any argument that gains popular traction.
I heard several survivors that were appalled of the "Think of the children" approach because it is too often used to push an agenda that doesn't help children at all.
For example, internet blocking of child abuse media (hot topic in Germany a couple of years ago) doesn't help children (who aren't abused 'over the internet' but in real life) because it routes resources away from public education on the matter (such as encouraging victims to speak up), social and health support (so victims that spoke up don't fall into a void) and regular police work (so that the perpetrator gets busted).
I guess child abuse on the internet is a popular topic with policy makers because "protecting children" is an easy way to score points in public and "on the internet" hides the fact that this abuse happens somewhere - and closer to any single person than they may be comfortable with.
"internet" became a code word for "somewhere else".
That's a great platform to win an election.
Now, pick any company with > 10000 employees. Just by running the numbers it likely employs a child abuser. You work for such a company? It's likely that one of your coworkers, maybe even somebody you deal with every day, is a child abuser.
> I wonder how many of the people on that think of the children side were either affected as kids, had children who had some awful experience, or are of close relation to someone who was or had kids who did. Because I could easily see something like an awful event happening to a child really warping a persons world view in a strong way.
I know more than a few people who were abused as children, but none of them have become think-of-the-children anti-privacy advocates. It's probable that it's a selection effect, since the prior for my knowing someone who disagrees with my politics so deeply well enough to know their abuse history is low. But at the same time, I'd expect to run into at least one person by now.
I think that most people with first-hand experience around child abuse are probably not anti-privacy advocates. At that level it becomes clear that the real problems are social conventions that adults can exploit (family and professional relationships with defined subordinate roles for children), enabling them to commit abuse. Having secure communications doesn't help with this much. In fact, if a child thought they could tell someone about abuse without their abuser knowing, it might be helpful.
I think that the anti-privacy activists are actually people who are rather far away from the societal evils they claim to oppose privacy to protect against. The people who have opinions about the NSA reading email or encrypted messaging tend not to be personally affected by social instability from terrorism, or the drug war, just by basic socioeconomics. Child molestation is probably a similar, far-off evil. It's enough for these people that these systems could hide evildoing, and because of that they clearly need to be compromised so that the state and legitimate community forces can hunt evildoers. I think the real motive is simply a naive belief in the goodwill of those community forces.
This in turn can be explained by a naive moral system, where it is moral to obey rules. This is the 3rd or 4th level of the Kohlberg moral development scale, and the level Kohlberg conjectured most people remain at during their lives. Background: https://en.wikipedia.org/wiki/Lawrence_Kohlberg%27s_stages_o...
> And then I wonder for the motivations of the people for whom child touchers are hearsay but are really opposed to privacy. Their motives must include things like drug dealers, terrorists, a belief in their own clean slate, money. It's pretty interesting to think about what goes on behind the scenes of any argument that gains popular traction.
If I had an ulterior motive for arguing against a particular technology, spinning it as "think of the kids" would be something easy and safe to do. Anybody arguing against you could be painted as horrible horrible people who don't think of the kids.
What if a military could fight its way into another country, capture it's people, torture them, and take sexually humiliating pictures of them that will be broadcast around the world?
> Science tells us of bad effects that certain kinds of discharges can have on our children, born and unborn, but we don't seem to see the analogy between a perverted individual sexually molesting a child and an industrial discharge affecting the basic sexuality of a child.
The Making of a Conservative Environmentalist, by Gordon K. Durnil, at p. 43
I've had a ton of respect for Marlinspike ever since he published sslstrip, an incredibly simple defeat of HTTPS.[1]
It's a perfect demonstration of the fundamental insecurity of the web thus far. When an insecure communication mode (HTTP) is the default and perfectly ok most of the time, the browser has no idea when you are supposed to be operating on a secure channel (HTTPS) but have been tricked into downgrading by a man in the middle attack.
I can't prove it but I believe his work is a significant factor behind the shift towards deprecating HTTP in favor of HTTPS all the time. That is the only real solution.
All of these defenses post-date sslstrip/sslsniff, and if you look at mailing list conversations in the early days of HTTPS Everywhere, you can see that it was developed as a direct response to these attacks.
All HTTPS all the time is the only real solution. Both those band aids rely on distributing rules to browsers describing when to use HTTPS with what sites. That is totally unscalable, not to mention only as secure as the ruleset distribution channel.
Moxie and Frederic and Christine and the rest definitely deserve a lot of credit.
Half of me is really happy every time I see Signal getting more popular. The other half is more like OH GOD THE STAKES ARE HIGHER NOW WHAT IF I MADE AN EXPLOITABLE MISTAKE BETTER RE-READ SOME CODE.
But seriously, you should read the code. It's there, open for anyone to audit after all. Maybe start somewhere random in the guts [1][2][3] and check for things like "ereh 2# roodkcab"?
The sailing documentary they briefly mention in the article is called Hold Fast. If there are any HN readers that are into sailing I highly recommend it.
> President Barack Obama called [protected-messaging apps] “a problem.”
but
> Encrypted messaging was viewed [by the U.S. State Department] as a way for dissidents to get around repressive regimes. With help from Mr. Schuler, Radio Free Asia’s Open Technology Fund, which is funded by the government and has a relationship with the State Department, granted Mr. Marlinspike more than $1.3 million between 2013 and 2014, according to the fund’s website.
Interesting article and interesting guy. I like the work he and his team does on these apps. Unfortunately, they typically run on the type of endpoints that everyone from script kiddies with money to High Strength Attackers can hit. Usually alongside apps not as strong as theirs on TCB's that can at best be described as insecure foundations.
I recommend against such apps and platforms for anything other than stopping the riff raff. That's what I use them for. I pointed out the difference between secure code and secure systems in this [1] writeup. Shared much of my framework for analyzing or designing-in security in the process. The TCB of most solutions today is ridiculous: people are building on foundations of quicksand. There's only a few exceptions I've seen such as GenodeOS (architecturally) or Markus Ottela's Tinfoil Chat. Markus has been unusually alert to our concerns and updated his app appropriately even for covert, channel suppression. Quick question: which of the many crypto apps on the market can deliver a covert channel analysis to you at app and system level? Answer: few to none despite it's importance over decades with a rediscovery in past 5+ years in mainstream security.
Strong security is hard. Moxie seems awesome as a coder and good to great in both crypto and OPSEC. Thing is, his offerings break the decades old rule of having a strong TCB. Just like most of the rest. It's why they're usually bypassed or broken by strong attackers. Gotta do the whole thing with concern for each aspect of the system. TFC is a clever cheat on that even more than my MILS scheme with a KVM and a highly-assured guard. If you don't cheat around it, you better do it right or your users will suffer the consequences. Those trying to contain vulnerabilities of mainstream OS's and components with any success are expending literally hundreds of thousands of dollars worth of labor per year. It's why I push for clean-slate, hardware and software platforms like DARPA and NSF have been funding recently (eg SAFE, CHERI processors). Alternatives using COTS tech are pretty complex and most users will probably fail to secure them to be honest.
My bad. Glad I caught it before I went to sleep. Trusted Computing Base (TCB): everything in a system that the security argument depends on. Bigger and more complex the worse. Tinfoil Chat (TFC). MILS = separation kernels, basically. A more secure form of microkernel. KVM = Keyboard-Video-Mouse switch for separate, physical devices. COTS is commercial tech and FOSS is often developed with similarly low-quality methods. Hope that helps in your translation of the comment.
There's quite a few that's been developed in both business and academia with some deployed. NSA didn't do shit except maybe backdoor the closed ones. Genode.org is one of better-structured one's that's FOSS and usable today. Build on it.
You can also negotiate source from one of the separation kernel vendors, compile it on target of your choice, and port L4Linux (user-mode Linux) to it to keep legacy apps. CHERI processor and CheriBSD are open source. EROS source was published and could be extended. JX Operating System has almost everything under JVM's safety protections with relatively small TCB. Cool tools like Softbound and Astree knock out bugs in what's left.
There's many tools to start with to get smaller, strong TCB's. They're just the only one's the open-source community doesn't work on. Tiny, tiny set of exceptions. People not wanting to worry about it can just build on Tinfoil Chat: largely eliminated TCB with clever use of data diodes and physical separation. A Moxie-coded version of that portable to arbitrary embedded systems could be made NSA-proof. So, there's options for anyone wanting to get started.
Meanwhile, I'll keep using GPG on airgapped machines with diverse hardware and interface protection. Only thing that works per Snowden leaks. For now...
I still can't get over Moxie wanting Google and Apple and Microsoft to be gatekeepers of what you can and can't do with your device and calling sideloading "that old broken desktop security model".
I admire your work Moxie, but sadly we stand on different sides of war on general purpose computing. I can't help but be saddened that "the other side" got someone so talented and dedicated.
I don't know about Apple or MS, but building TextSecure from source and installing it on an android phone is about as easy as you could reasonably expect it to be. It seems churlish to complain that there are also easier ways to install it.
Edit: although, of course you have to trust Github or whoever if you install from source.
Also have to trust Google closed binary framework app isn't spying, or can't be remotely exploited to start spying, as it's a hard dependency for Textsecure/Redphone
Sorry, either you don't understand the concept or you haven't been paying attention. The whole movement by big manufacturers has been towards closed ecosystems, with the end user unable to exercise much control over their hardware, to the point where many people consider devices leased rather than owned. You can't even change the battery on Apple devices now without voiding the warranty. The same is happening with cars, TVs, you name it. If it's something that can be repaired or otherwise messed around with, the companies don't want you to be able to do it.
Yes. This is really annoying it was one of the major selling points - I'd got several people to install it on this basis. They had a reason for the change but I was un-impressed
The best thing that one can say is that it is well indicated by the UI whether the message will be secure. Blue for encrypted. Green for clear. I've managed to explain this to some very tech unsavy people.
Is that a setting? I use TextSecure, and when my data cuts out, it simply fails to send the message and tells me. Every message I've ever sent (that I can quickly see) has the padlock icon next to it, which I'm assuming guarantees it was encrypted.
Sweet article! The movie about Moxie fixing up and sailing a boat was actually was super fun to watch! I'm feeling grateful the comments section hasn't turned into a massive argument over TextSecure dropping SMS support like the whisper systems mailing list alwayssss is...
Moxie gave a great high-level talk on cryptography and Open Whisper Systems at Webstock this year too, for anyone that's interested: https://vimeo.com/124887048
I was a great fan of TextSecure until a few days ago. I had encouraged a bunch of friends to install it. One of them couldn't get rid of a notification from TextSecure about an unread message despite there being none, and eventually they uninstalled it. Then, for the next 4 months TextSecure blackholed every message I sent this friend without warning either them or me. They never received a single message from me. After discovering that I uninstalled it.
You'll find that this is true for every messenger on Android, since there is no way to detect someone uninstalling without unregistering.
TextSecure has delivery receipts so you can see when your messages aren't being delivered, and there's a web-based unregistration flow on the Open Whisper Systems website so that users can unregister their numbers if they've uninstalled.
Thanks for the reply, Moxie. I realise I sound negative, but I do love your work. The app gave me no indication that delivery was failing. Couldn't you detect the failure when you try and forward on the message from your servers (if it is a push architecture)? Happy to give you my details if you want to look into it.
It's using the Google Android push stuff, which means to deliver a message to a phone, Moxies server sends a message to Google to ask Google to push a message to the phone ASAP. So he gets no feedback.
"there is no way to detect someone uninstalling without unregistering"
The TextSecure app could ping your server with a "I am still here" message if it goes a week without sending any messages. Don't hear from it for two weeks? Unregister it.
Kudos to moxie and team for their work and their example of positively enabling others to speak freely, for inspiring others to build better alternatives, and for being the change they wish to see in the world.
Also wanted to share one of the most provocative moxie-isms I've heard in recent years from him, in reference to WL:
Well, _maybe_ you can. I spent several days six months ago trying to unregister, and finally just accepted the fact that TextSecure will never let me go. Oh well.
Address book based social networks are nice to get a bit of bootstrapping, but becomes pretty bad when you want to add someone as a text secure contact, or you want to run a version without using SMS gateways. It gets pretty complicated pretty fast compared to 'what is your username'.
I hope text secure gets usernames one day that you can associate with phone numbers & emails.
The web-browser version is a good development, it shows that desktop and multi-device versions are on the way.
It's awesome seeing so many privacy and secure messaging apps spring up. The tough part is getting people to use them. I've been using Wickr (I know the black box arguments, but they have a reasonable bounty in place) and it doesn't require number, contact info or addy. The phone call feature of Signal sounds interesting so I'll check it out.
I tried installing TextSecure recently but it wouldn't work without the Google Play services.
I hadn't herd of their new app Signal. Has anyone tried it? I'm really interested in hearing anyone's experience using it.
BTW, I ended up installing Telegram ...and it may be mere co-incidence, but I started noticing some weird things happening that I've never seen before. I connect to the internet exclusively via tethering to my phone and while tethered I started seeing messages in Firefox from my desktop machine giving warnings that were something like "Could not establish secure connection because the server supports a higher version of TLS". My guess is that it was some sort of MITM attack... and I was possibly targeted due to the traffic to Telegram servers.
One other thing regarding Telegram: I really don't like that it reads my contact list and uploads it to their server to check if my contacts have a Telegram account. I've blocked the permission for now.
Telegram isn't secure. There's been no public audit of their "secure" code and most messages aren't even sent via the secure channel unless you expressly tell it to do so.
It has a pretty UI though, so most people seem to think it's great.
As TextSecure no longer secures text messages (texts) I really _wan't_ expecting it to be about Moxie and figured it was actually about the implementer of A5/1...
Even if it's open source, we should say that unless the binary can be reproduced exactly by end user, you can never trust what you are using is actually what you think it is.
Is thst possible, in general? If someone published an open source app to Play, could I compare the Play downloaded app to a local build, and set config appropriately, and get a match?
(Deterministic|reproducible) (compilation|builds) are a fairly recent endeavor; though they're not yet common they are technically feasible. The two efforts I'm aware of are Debian[1] and Chromium[2], though I'm not sure what state they're currently in. From their site, Chromium appears to include Android builds.
There may be Android-specific concerts w.r.t the JVM's JIT, but if you can't trust the onboard runtime, you've already lost IMO.
We can disprove the existence of strong encryption with a wireshark, but cannot prove it.
Entropy of a rot13 message would be much lower than that of a properly encrypted channel. High entropy is not proof of "meaningful encryption", mind you, since a compressed rot13 or plaintext message would have high entropy too.
Encryption on the transport != end-to-end encryption if you consider the users as the ends. The encryption might very well just be from your device to WhatsApp.
Or it might be like with skype - where according to some report (I don't have link right now, sadly) the encryption is used mostly for obfuscating the protocol and to make building alternative clients harder, but it is give so small entropy pool that it's useless for security.
I am thinking about why encryption was only used by the military in the first place, back when the infamous Bell monopoly on phone service existed. I think cracking encryption was one of the reasons computers was created in the first place, right?
that's not how the Play store (or Android) works. Moxie signs the APK, phones will only install updates that are signed with the same certificate as the version they already have. Google cannot modify apps.
Edit: In contrast, the F-Droid builds were built and signed by F-Droid, so they could at any time include any code they wanted. Whom do you trust more, the developer or some alternate app store?
Google could also distribute a differently signed apk to selected users. And there's no way for users to check the signature of an apk (if they didn't have it installed before).
And I certainly trust an open source project much more than a US company.
But that angle of attack only works if they target you from the moment you first install the app. It would be much easier to just push a modified Google application update to your phone if that is what they wanted.
What it boils down to is that with the Play store, you can be sure that you're not getting malicious updates from some intermediary, as each developer signs their own APKs, and Google doesn't have the keys. Whereas if f-droid is compromised, all applications they build are compromised. That's a much greater risk.
