[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Home]
Board
Settings Home
/g/ - Technology



Thread archived.
You cannot reply anymore.



Is signal just a meme or is it actually secure!?

There are a lot to talk about here, like if they intercepted the calls, can they hear everything? And an they decrypt it easily?
It's really important that I make sure that my texts are secure, please help anons, also if there's a more secure app for iPhone and Android let me know
>>
Anyone?
>>
https://www.eff.org/node/82654
>>
>>63316744
you think some random no name just has the coding expirience and funds to start a secure app to btfo the NSA and the three letter agencies?

signal is literally a honeypot created by the CIA to deceive people into thinking they are not being watched while actually every keystroke is being sent directly to their servers

normal people with nothing to hide use whatsapp or facebook massenger
>>
>>63316744
Honeypot operated by a literal Jew.

People who want privacy use Conversations with OMEMO encryption + ejabberd on a self hosted server.
>>
>>63316744
If you don't own every node in the network then it aint secure.

An aside what do you need this level of security for..?
>>
>>63316992
Sorry but no. OMEMO is a nice idea but it has many quirks. Gajim on the desktop is a pain in the ass. Crashed if you suspend your laptop, loses messages and looks like software from 1999. Anyways what do you gain by a selfhosted server if nobody else uses it and you send your messages always via federated servers.
>>
Signal is the most secure messenger you can get. The software is not bug-free - almost nothing is - but I've peer-reviewed the protocol. It passed.

Calls (in recent versions) are securely encrypted and authenticated with keys exchanged via the Signal protocol (the Axolotl double-ratchet and associated infrastructure). Unlike some other VBR codecs, the variable bitrate of the Opus codec does not have sufficient resolution for an attacker to perform phoneme reconstruction given packet lengths (I tested this after Wire tried CBR).

The servers are (auditably, to the limits of TPM attestation, which are significant) honest and retain nothing they aren't supposed to (and far less than any other messenger), and the cryptography is best-in-class.

It isn't perfect (for example, it makes no attempt to protect metadata; note that strong metadata protection remains an unsolved research problem for real-time communication!) but it is damn good.

>>63316953
Please don't cite this, their scorecard is all over the place.

>>63316959
This is even more all over the place. Trevor Perrin and Moxie Marlinspike are far from no-names, the software is completely open source and reproducibly built and contains no keyloggers (I make no promises about the rest of your phone's operating systems or keyboard) and only a real idiot would slander Signal and suggest WhatsApp or Facebook Messenger, not knowing that WhatsApp uses an offshoot of the same protocol (as does Messenger's Secret Conversations, not that anyone uses that much).

You are correct that WhatsApp is responsible for dragging the same high standards further into the mainstream to people who don't care about it, and that is valuable and worthwhile.
>>
>>63317078

>If you don't own every node in the network then it ain't secure.

The point of end-to-end encryption is that you do not have to trust every node on the way.

>An aside what do you need this level of security for..?

Weakest argument in the history of mankind.
>>
>>63316959
>>63316992
Stop lying in the Internet.
>>
>>63316744

It's secure. Now same issue as always: secure end-to-end, but is your end secure?

I myself don't even trust the hardware, why bother with a secure pipe, let alone with the software? If you want to be truly secure, you'll have to go an extra step.
>>
File: Telegram.png (31 KB, 640x480)
31 KB
31 KB PNG
What about Telegram ?

That's what we use with my friends. And the dekstop app is very convenient.

That's what use the politicians in my country to avoid being spied by US agencies.
>>
>>63316744
Everyone working on it is madly butthurt about google still not wanting to buy them out despite years of corporate whoring and tailoring every single technical decision with an acquisition in mind. I wouldn't trust them with my shoelaces.
>>
>>63317439
The good thing about open source shit is it can be forked.
>>
>>63317464
What has that to do with anything? Source code is cheap labor anyway, and just a tiny part of what it takes to build a successful app. And as far as security is concerned it's almost useless, dynamic analysis is what takes 99% of a serious audit anyway
>>
>>63317520
>Source code is cheap labor anyway
Shitty india source code maybe, good one isn't, and then there's the whole design that comes with it.

>and just a tiny part of what it takes to build a successful app
Who cares about success? Everyone's main concern, aswell as the main reason for using Signal, is security. If Signal was the least popular app on the market, I couldn't care less. If anything, it'd keep it under the radar instead of catching everyone's attention.
>>
File: 1482784852229.jpg (63 KB, 600x720)
63 KB
63 KB JPG
>>63316744
Isn't recommended by prism-break, requires a phone number, third party services for signup and bundled in their apk.

I can't really understand why recommends that pile of shit here.

Just use XMPP +OTR.
>>
>>63318210
it doesnt advertise itself as an anonymous messaging app, it advertises itself as a private messenger
The other person will know it's you talking, but noone will be able to tap into the communication via the app.
Your hardware being compromised is another issue
Also, its only real issue is metadata, since literally noone secures that
>>
>>63316744
https://arstechnica.com/tech-policy/2016/10/fbi-demands-signal-user-data-but-theres-not-much-to-hand-over/
>The only information responsive to the subpoena held by OWS is the time of account creation and the date of the last connection to Signal servers
>>
>>63316959
get out CIA nigger
>>
>>63317429
In Russia citizens are not allowed to use encrypted messaging apps, however if they use encrypted telegram chats it's fine. Go figure.
If you don't mind Russian intelligence agencies having access to your communication, it is okay, encryption isn't as strong as signal.




Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.