this post was submitted on 02 Feb 2024
15 points (89.5% liked)

The Signal messenger and protocol.

1635 readers
1 users here now

https://signal.org/

founded 4 years ago
MODERATORS
 

Many of us (or at least me) would probably like to see Signal getting decentralized. Here are a few thoughts I had about this recently.

First let me define three persons:

  • Peter (using the official signal.org instance)
  • Ted (using the example.com instance)
  • Andrew (using his own instance under andrew.chat)

Couldn't we use the upcoming username feature to build a decentralized signal network? For example with a modified client or maybe just a modified libsignal library we could parse the instance from the username which would look like an email address (ted.42@example.com or andrew.62@andrew.chat). If the username doesn't have a domain part it just uses the default instance (so Peter just has the username peter.94).

Maybe we have some people here who are already familiar with the Signal codebase and willing to assist?

EDIT: Yes I know Session and Matrix exist but Session is to extreme and technical and Matrix is more focused on communities and groups which aren't even encrypted. Besides that both of them have a much smaller userbase compared to Signal.

top 23 comments
sorted by: hot top controversial new old
[–] mp3@lemmy.ca 17 points 9 months ago

I'm pretty sure the original Signal dev wanted to avoid federation to be able to evolve the protocol rapidly.

https://signal.org/blog/the-ecosystem-is-moving/

That has taken us pretty far, but it’s undeniable that once you federate your protocol, it becomes very difficult to make changes. And right now, at the application level, things that stand still don’t fare very well in a world where the ecosystem is moving.

[–] breadsmasher@lemmy.world 7 points 9 months ago (3 children)

Isnt this basically matrix?

[–] mintdaniel42@futurology.today 3 points 9 months ago (1 children)

Matrix is more for communites

[–] pietervdvn@lemmy.ml 3 points 9 months ago (1 children)

One can perfectly use matrix for chat as well, especually with e.g. Fluffychat as client.

And yes, matrix is encrypted too

[–] mintdaniel42@futurology.today 2 points 9 months ago (1 children)

I've been using Matrix for a few days now and I have to say that encryption is a mess. Rooms and Spaces are not encrypted. 1:1 chats are encrypted but before it worked for my account (whysoever) I had to verify the other person. Also fluffychat is really buggy

[–] KLISHDFSDF@lemmy.ml 3 points 9 months ago

Rooms can be encrypted - in fact its enabled by default now for all new rooms, but rooms that are public don't make sense to encrypt as anyone is able to find/join, and what would be the point of encryption if anyone can just join and access the data anyway?

I will say that Matrix is not as easy, intuitive or as feature-polished as Signal and I think we can thank Signal's decision to not attempt federation for how much better it is at some things than Matrix. That said, Matrix is a great alternative, but I'm not asking my friends/family to join just yet.

[–] Steve@communick.news 2 points 9 months ago* (last edited 9 months ago)

Matrix is more like Discord.

As far as I know SimpleX or Session would be the closest to federated Signal.

[–] Dutchie@lemmy.world 2 points 8 months ago
[–] nimmo@kbin.nimmog.uk 1 points 8 months ago

@mintdaniel42@futurology.today I'm quite happy with my Matrix home server and signal bridge that I've got. My matrix server lets me speak to discord, WhatsApp, SMS and signal users without me needing to worry about which app I need to use to get there. Yes, it took me weeks, if not months, to get working just how I want it, but now that it is, I'm not feeling that same desperation for it to be federated that I otherwise would have done

[–] davel@lemmy.ml 0 points 9 months ago (1 children)

From the last I recall, the owners of Signal have never wanted it to federate. They have their publicly stated reasons, but I think the real reason is that Signal has always been on an enshittification track. JWZ has spoken out against Signal many times.

[–] mintdaniel42@futurology.today 7 points 9 months ago* (last edited 9 months ago) (1 children)

I'm gonna be honest. I chose a random article by JWZ and read it. The only thing they are talking about is the contact discovery system. If they don't want contacts to be uploaded (encrypted) then simply don't give signal the permission. And that the author moves to facebook messenger because there

at least the privacy failings are obvious

just shows how the author isn't even interested in secure and private messaging but only in defamig signal

[–] pinguinu@lemmygrad.ml 2 points 9 months ago

Agreed. And also, it's very old. There are forks of Signal with no proprietary blobs, outside of Google Play (which wouldn't matter anyway since Google can't tamper with the builds distributed). Gotta say the part where you have to use your mobile phone does suck, instead of having a random ID like Jami does.

And about this post, decentralizing Signal wouldn't do much. There are no fully open source implementations, and if you hosted your own instance, you'd have to pay up for AWS and use some proprietary libraries, so you could get unwanted attention.

[–] tcely@fosstodon.org -1 points 9 months ago* (last edited 9 months ago) (2 children)

What's wrong with just switching to Session??

@session
@simplex

@mintdaniel42

[–] mintdaniel42@futurology.today 3 points 9 months ago (1 children)

Has a much smaller userbase and not tech-savy people wouldn't undestand why you want them tp use session.

[–] tcely@fosstodon.org -1 points 9 months ago (1 children)

I think most iOS users have no trouble understanding how user hostile Signal has been after getting a new device or losing all the messages they wanted to save.

As for the user base, that's a problem that fixes itself as more people switch away from Signal.

@mintdaniel42

[–] mintdaniel42@futurology.today 2 points 9 months ago (1 children)

Yes I understand that but there's no messenger that's really perfect. Btw signal is working on free and paid cloud backups for iOS and Android

[–] tcely@fosstodon.org -1 points 9 months ago (1 children)

Signal fails as a useful solution as long as:

- I can't switch devices and keep messages.
- I must give them a phone number.
- Multiple devices can't cooperate to allow me to chat continuously from any device.
- Messages can't be sent/received arbitrarily because the server decided my client isn't acceptable.

Signal is not reliable and very user-hostile.

@mintdaniel42

[–] mintdaniel42@futurology.today 4 points 9 months ago (1 children)

Okay so I've been using Signal for over two years now and would like to address your critical points:

  • I switched from my old phone to my current phone without losing even one message. Not even safety numbers changed
  • Yes you have to give them a phone number. And yes atm everyone is able to see them. This will change this year as usernames are coming. The phone number will from then on only be used for verification and stored encrypted
  • I have three devices: Phone (Android), Tablet (Android) and PC (Linux). All of the messages get synchronized properly and almost instantly
  • I don't know what you mean by this exactly but I think you mean that the official Signal server doesn't support forked clients which is false if you take a look at Molly (which I'm using on my Tablet due to several reasons)

In terms of reliability in general I never experienced any issues with Signal. It works great even in bad internet connection scenarios.

[–] tcely@fosstodon.org 1 points 9 months ago (1 children)

I could have guessed that you used Android before your previous message simply by your positive impression.

Try switching the OS and keeping your messages then you will discover the difficulty. It's worse if you began on iOS.

I just recently had the Signal servers silently stop communicating with the app. I had to create a debug log to find that the server was sending an error for some reason when it was working the previous day. Switching apps was the only solution remaining.

@mintdaniel42

[–] mintdaniel42@futurology.today 1 points 9 months ago

Did you use a forked client? If yes which one?

[–] KLISHDFSDF@lemmy.ml 2 points 9 months ago (1 children)

Figured I'd repost because I see Session being recommended again.

======== Original Post: https://lemmy.ml/comment/1615043

Session's developers dropped Signal's Perfect Forward Secrecy (PFS) and deniability [0] security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer's life easier [1] .

Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.

For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message's encryption is isolated, preventing compromise of current and past interactions [2].

A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they're already capturing. The great thing is that your messages are encrypted, they can't see anything - YAY - but they're storing them basically forever.

Two ways they may be able to compromise your privacy and view ALL your messages:

  1. A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Session, because you use the same key for every message, they now have access to everything you've ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.

  2. Your phone is compromised and they take your encryption keys. If you were using Session, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.

It's important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.

[0] https://getsession.org/blog/session-protocol-explained

[1] https://getsession.org/blog/session-protocol-technical-information

[2] https://www.signal.org/blog/advanced-ratcheting/

[–] tcely@fosstodon.org 1 points 9 months ago* (last edited 9 months ago) (1 children)

That's a fair criticism. I prefer using Session with better multiple device support and without waiting for Signal to finally stop using phone numbers.

When using either, disappearing messages should be enabled.

The part about PFS falls down, for me, when you assume both that keys can be cracked in some shorter than normal time-frame, and that the new key (per message, or less often) won't also be cracked quickly.

@KLISHDFSDF

[–] KLISHDFSDF@lemmy.ml 1 points 9 months ago

The part about PFS falls down, for me, when you assume both that keys can be cracked

The argument doesn't hold because its known that keys aren't 100% secure [0]. This is why recommended key algo's and lengths are constantly changing and increasing in size because either they're found to be weak and/or compute has increased to the point where, although it may not be easy, it's still a possibility for someone with enough resources to break. And again, at least on the Signal side, they're left with having to decrypt every single message, where with Session, one key gets you access to everything.

I do agree that disappearing messages should be enabled for maximum security.


[0] See page 54 in this PDF -> nvlpubs.nist.gov for what NIST recommends for key length and specifically note the caveat that:

The security-strength estimates will be significantly affected when quantum computing becomes a practical consideration.

Page 62 further presses the point:

At some time, the security strength provided by an algorithm or key may be reduced or lost completely. For example, the algorithm or key length used may no longer offer adequate security because of improvements in computational capability or cryptanalysis.