Egregoros · Phoenix Framework

Post

Remote status

Context

Michał "rysiek" Woźniak · 🇺🇦

#Signal seems to be down, so this is a good moment to consider if you have backup comms channels with people you care about.

A Signal Contingency Plan, if you will:
https://signal-contingency-plan.info/

I agree with the recommendation there and am working on making Delta Chat @delta that kind of backup channel for me and mine.

#Resilience

David Penfold

@davep@infosec.exchange remote

@rysiek @delta
Bugger, it's not even sending messages. Yikes.

Michał "rysiek" Woźniak · 🇺🇦

@rysiek@mstdn.social remote

@davep I'm sure it's going to come back up sooner rather than later. But it's a good reminder how much we rely on it, and to have a backup plan.

Alexandre Oliva

@lxo@snac.lx.oliva.nom.br remote

GNU Jami servers have never gone down on me. how could they? it doesn't need any servers!

CC: @davep@infosec.exchange

feld

@feld@friedcheese.us remote

@lxo @rysiek @davep You can't send messages over Jami unless the other person is online... which is... kinda useless......

Alexandre Oliva

@lxo@snac.lx.oliva.nom.br remote

of course you can. they just won't get it before they come online. which is kind of duh! for instant messaging, isn't it?

now, if you're concerned about the two of us never being online at the same time, install Jami on your home server, or on a VPS, link your account there, and it will get a copy of your messages whenever you send or receive them, and it will transfer them to your peers or to your own device whenever they come online.

now, if that's not good enough for you, I guess you really prefer to share your conversations with third parties for them to do this for you. me, I prefer my autonomy.

CC: @davep@infosec.exchange @rysiek@mstdn.social

David Penfold

@davep@infosec.exchange remote

@lxo @feld @rysiek Are you implying Signal shares your information with third parties? Or that they even can?

I understand your desire for autonomy, which is cool. That doesn't mean you have to throw shade where it's not needed. The issue here yesterday for Signal was resilience, not access to your data.

Alexandre Oliva

@lxo@snac.lx.oliva.nom.br remote

nope. I'm told they don't even have access to data, or even metadata, thanks to some technology indistinguishable from magic in its protocol. but I won't pretend I really understand how that works.

the main problem with signal is their insistence on demanding a snoop phone to get started. that spoils the entire experience, and probably exposes its users' conversations, metadata and even secret keys to third parties. see https://blog.lx.oliva.nom.br/2026-02-01-signal-of-awareness.en.html and https://blog.lx.oliva.nom.br/2026-01-25-compromising-encryption-keys.en.html

the secondary problem with signal is its insistence on centralization. this makes the "not being online at the same time" a problem for all its users, when their centralized servers are not online

CC: @feld@friedcheese.us @rysiek@mstdn.social

David Penfold

@davep@infosec.exchange remote

@lxo @feld @rysiek
I agree with the centralisation risk. But those articles have nothing to do with needing a telephone number. They're more of an indictment of Windows and tend to back up Signal's worry about LLMs embedded into the OS.

If your endpoint is compromised, anything you read is also compromised.

As for the "magic" comment, it's just that they encrypt basically all the metadata that the likes of WhatsApp don't. And with the double ratchet protocol they can't decrypt that data. They *could* make logs of who called or messaged who, but don't. If this were decentralised, what's to stop a bad actor logging such information? Just curious. It may need a rethink of the whole architecture (I'm not saying that's a bad thing by the way).

David Penfold

@davep@infosec.exchange remote

@lxo @feld @rysiek
That second article rails against MS stealing your private keys etc. IIRC, Signal now uses the TPM (this wasn't always the case) on Windows, so in theory MS doesn't have access to it. But if you want to reduce your attack surface, just don't install the Windows client.

Alexandre Oliva

@lxo@snac.lx.oliva.nom.br remote

you seem knowledgeable about signal. I hope you don't mind if I shoot you some questions.

does it use TPM features on mobile phones as well?

how does it deal with linking multiple devices to an account? does each device get a separate key generated locally using TPM? or do they all share the keys first generated in a compromised mobile phone?

when you link a new device to an account, does it gain access to past messages, or only to future messages?

is there any way for you to tell in case someone else uses your compromised keys/credentials to gain access to your account, e.g. by linking a device that becomes visible to other devices or somesuch?

thanks in advance,

CC: @feld@friedcheese.us @rysiek@mstdn.social

feld

@feld@friedcheese.us remote

@lxo @davep @rysiek

> does it use TPM features on mobile phones as well?

yes

> how does it deal with linking multiple devices to an account? does each device get a separate key generated locally using TPM? or do they all share the keys first generated in a compromised mobile phone?

AIUI same keys, there's just a different identifier that tells you which device it is. Someone wrote a tool that can sniff "read receipts" and determine if someone is "at home" based on if it was sent from their phone or desktop.

> when you link a new device to an account, does it gain access to past messages, or only to future messages?

Yes, as of last year you can choose to sync old messages when you link a new device (like your Desktop)

> is there any way for you to tell in case someone else uses your compromised keys/credentials to gain access to your account, e.g. by linking a device that becomes visible to other devices or somesuch?

There is *now* after Russian soldiers were infiltrating Ukrainian military Signal chats by linking their own devices to existing Ukrainian military members accounts through hacks/tricking them into following links, or just taking phones off their dead bodies.

Not mentioned in this thread is that your Signal account key is stored in Signal's cloud as you can recover your account with a PIN which wouldn't be possible if they didn't have your key

Alexandre Oliva

@lxo@snac.lx.oliva.nom.br remote

your Signal account key is stored in Signal's cloud as you can recover your account with a PIN

holy gnu! that's bitlocker all over again 😞

is that at least optional? hopefully there are other means to back up and recover your keys?

this also means that the key is not exclusively held in TPM; in order for it to be possible to upload it, it must have existed outside the TPM

CC: @davep@infosec.exchange @rysiek@mstdn.social

David Penfold

@davep@infosec.exchange remote

@lxo apparently there are secure enclaves behind the pin so your data is protected. It's pretty clever.

https://signal.org/blog/secure-value-recovery/

@feld @rysiek

Light

@light@noc.social remote

@davep
Doesn't Intel hold private keys for SGX enclaves or something? I remember hearing something like that. Is that a concern?

Then again, I guess we are trusting chip designers anyway. But Intel has recently been partly bought out by the US gov; which is concerning as all the Minneapolis ICE watchers and similar groups are using Signal.
@lxo @feld @rysiek

Replying to @light@noc.social

David Penfold

@davep@infosec.exchange remote

@light No idea, to be honest.

@lxo @feld @rysiek

Replies

Replying to @davep@infosec.exchange

feld

@feld@friedcheese.us remote

@davep @light @lxo @rysiek

> Doesn't Intel hold private keys for SGX enclaves or something? I remember hearing something like that. Is that a concern?

I shouldn't think that to be true. What good is an HSM if the vendor has master keys?