from Hacker News

Technology Preview: Signal Private Group System

by stablemap on 12/9/19, 5:10 PM with 152 comments

  • by tptacek on 12/9/19, 5:38 PM

    Again, in the theme of "features every group messaging system had already, but Signal didn't, because they hadn't figured out a way to implement it without turning Signal's central servers into a database of who's talking to who about what". Signal didn't even have user profiles until recently, for the same reason. Here, they've slightly expanded the state of the art in MAC-based anonymous credentials to accomplish their goal.

    One interesting aspect of this is that Signal gets to do this, because they have immense goodwill with the cryptographic research and engineering communities; though it's no guarantee of soundness, they have the advantage of having the feature designed, implemented, and ultimately reviewed by cryptography engineers that aren't generally/economically available to other messaging projects.

    This is either a reason you love Signal (raises hand) or can't stand Signal. My take is, if you're in the latter group, that's fine; I use Slack, too.

  • by badrabbit on 12/10/19, 12:35 AM

    Very nice (seriously!). Now, please let people use the platform without needing a valid phone number. The one major issue I have is that. Phone numbers are the new SSN, just like SSN is being misused by traditional businesses, phone numbers are also misused thse days (due to how you generally can be tracked down to a physical area for antifraud and how "everyone" has a cell phone) to uniquely identify users.

    I don't get why users can't be addressed by both phone numbers and a "signal id", if you opt-in to use a phone number for addressing, your phone will be verified and signal will resolve it to your signal id. If you opt out people will need your signal id to address you and you can't use it for SMS. What are the challenges with that?

    If I have a signal private group system, signal can find out a ton about me and my associations with others using only that information. Many other messaging platforms do not nees this very sensitive information from me to function. And it does not support a desktop only app even if you give them a phone number and verify you control that number.

    I am always reminded of General Hayden (Former NSA chief) was saying how they love PGP at the NSA because they can sniff metadata and know who talks to who, it lets them easily find who has something to hide so they can target them. Not that I have the NSA in my threat model but I am very sensitive to unnecessary metadata being generated

  • by pepijndevos on 12/9/19, 6:41 PM

    I really want Signal to succeed. Or rather, I want anything that has decent cryto and is not FAANG to succeed.

    The problem is not which messaging app I want to use, it's which messaging app my friends are using.

    That said, if I had to choose, I think Matrix has a slight edge in my books because it's a protocol rather than a silo. Even though Signal is private and open source, they are hostile towards people running their own Signal builds on company servers, and unwilling to federate with other servers.

    Essentially, you run the official Signal app on the official Signal servers, or GTFO.

  • by unnouinceput on 12/10/19, 6:07 AM

    I really hope Signal takes over the world from Whatsapp. I hate Whatsapp and yet I am forced to use it due to all my friends / family / parents use of it. I try to fight but is hard and currently FB mess and WA are the only ones with a consistent reliability of delivering notifications promptly, while rest of chat apps either are too hard to use for non-computer people or they lose notifications. I mean, c'mon Microsoft!!! Is it really that hard to make Skype reliable again?!!

  • by RustyRussell on 12/10/19, 2:02 AM

    What I really want from Signal is the ability to use it as an application transport. In particular, I want to authorise certain people to request my phone's location.

    At the moment I share it with Google so I can share it with friends or family, which sucks.

  • by SheinhardtWigCo on 12/9/19, 6:41 PM

    The point of this seems to be hiding the identity of users when they fetch or modify group attributes - but why? The user’s identity is otherwise known to the server: they know that account X was accessed by IP address Y, and that IP address Y fetched metadata for group Z, therefore account X is in group Z. They can also figure out group membership by tracking clusters of messages that are sent simultaneously. What am I missing?

  • by beyprotester on 12/10/19, 12:49 AM

    Using a throwaway for obvious reasons... I am grateful these are being worked on because they are extremely needed for some use cases.

    I have been part of a group organizing protest in Beirut and I was surprised there was no clearly go to app that provided the security features we need.

    We started off with WhatSapp because that's what everyone used before security became a concern. We then moved to Signal mostly to get auto-deleting messages. We then ran away to Telegram because there was no way to kick a compromised phone outside of a Signal group.

    We considered using Wire which seemed to have what we needed but the interface was a bit clunky and it did not run well on all the phones of the group... We are currently evaluating an considering Keybase.io which seems to have all the feature too, but not sure how it will handle about a hundred people in the group...

    If anyone has ideas about which apps are recommended for that (or has additional useful things) please help, the main things we need are:

    - Encryption E2E is nice to have but not a deal breaker.

    - Possibility to kick a user from the group, deal breaker ( a thug stole someone's phone in the protest once and another time we got a message saying someone's security code changed then they became inaccessible) both incidents ended up ok but there was no way to kick the person out of the group and proceed while clearing things out with signal.

    - no old history kept of the conversation. Either auto-deleting messages set to short duration like signal, or if not possible we can survive with an admin at home deleting old messages constantly and clearing the chat for everyone in sensitive situations ( like telegram allows)

    - Free. For various reasons, some people can't buy apps no matter how cheap.

    - easy to use. Most protesters are not too technical.

    - possibility to display sender and group but not the content of messages in the notifications.

    - having an easy way to add password to the app itself. (nice to have)

    - making screenshots inconvenient to take (just nice to have).

    - Not tied to phone numbers also really nice to have but not mandatory.

    Our main threat is riot police and pro government thugs taking protesters phones and forcing people to unlock them or running away before the phone is locked then snooping around. Very rarely are people alone when this happens so we almost always get a notification that X is compromised, so we clear chats and kick them out of the group before their phones are really compromised.

    I don't think the government is running sophisticated deep packet inspection. I don't think our group has been infiltrated but that is always a possibility.

    We are also trying to find some free device management solution to remotely track / lock and maybe wipe phones when they get taken.

    Sorry for the wall of text... just though now might be a good time to ask...

  • by panda921 on 12/10/19, 2:47 AM

    I noticed this from the paper:

    > Note that a user who has acquired a group’s GroupMasterKey and then leaves the group (or is deleted) retains the ability to collude with a malicious server to encrypt and decrypt group entries. We deem this risk acceptable for now due to the complexities in rapid and reliable rekey of the GroupMasterKey.

    Does this mean that the server and a deleted user can always collude to get the deleted user readded to the group? Also, is there no provable audit trail of who added or deleted whom? Unless I'm misunderstanding, it seems like deleting a user is therefore enforced only via server trust, but please correct me if I'm wrong.

  • by e12e on 12/9/19, 11:27 PM

    Overall cool stuff. It feels like this has implications for auth/authz schemes in general, like a variant of kerberos, or a way to do auth/authz for a ssh like service - maybe even a way to anchor trust (in user principals and service principals - like ssh keys and/or certificates)?

    If we replace "the signal server" with "the authentication/authorization service ("the AD service" / the organization's internal certificate authority")...?

    Maybe I'm just needlessly afraid of the complexity of managing a real world certificate authority (keeping it secure, keeping it running, keeping as much as possible off line..).

  • by misrab on 12/10/19, 9:43 AM

    Is it a coincidence this came up on HN at the same time Telegram is getting dissed on HN? Can't help but think it was coordinated...which is sad for HN

  • by jolmg on 12/10/19, 5:26 AM

    I think I know the answer already, but just in case: is there a way to use Signal to communicate with users using Whatsapp? IOW, can I receive Whatsapp messages in Signal?

    The only reason I use Whatsapp is because it's what all my contacts use. It's everywhere. It's the de facto standard for text communication. And I hate the app. I hate its guts.

    I read that whatsapp implemented the signal protocol, does that mean anything with respect to being able to communicate with people using a different app? Because I was hoping so, but I can't find a way to see my whatsapp messages in signal.