this post was submitted on 19 Jul 2025
281 points (94.0% liked)

Technology

73331 readers
4133 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
281
Giving Up on Element & Matrix.org (xn--gckvb8fzb.com)
submitted 1 week ago by mesamunefire@piefed.social to c/technology@lemmy.world
197 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] moonpiedumplings@programming.dev 2 points 1 week ago* (last edited 1 week ago) (1 children)

So Signal does not have reproducible builds, which are very concerning securitywise. I talk about it in this comment: https://programming.dev/post/33557941/18030327 . The TLDR is that no reproducible builds = impossible to detect if you are getting an unmodified version of the client.

Centralized servers compound these security issues and make it worse. If the client is vulnerable to some form of replacement attack, then they could use a much more subtle, difficult to detect backdoor, like a weaker crypto implementation, which leaks meta/userdata.

With decentralized/federated services, if a client is using other servers other than the "main" one, you either have to compromise both the client and the server, or compromise the client in a very obvious way that causes the client to send extra data to server's it shouldn't be sending data too.

A big part of the problem comes with what Github calls "bugdoors". These are "accidental" bugs that are backdoors. With a centralized service, it becomes much easier to introduce "bugdoors" because all the data routes through one service, which could then silently take advantage of this bug on their own servers.

This is my concern with Signal being centralized. But mostly I'd say don't worry about it, threat model and all that.

I'm just gonna @ everybody who was in the conversation. I posted this top level for visibility.

@Ulrich@feddit.org @rottingleaf@lemmy.world @jet@hackertalks.com @eleitl@lemmy.world @Damage@feddit.it

EDIT: elsewhere in the thread it is talked about what is probably a nation state wiretapping attempt on an XMPP service: https://www.devever.net/~hl/xmpp-incident

For a similar threat model, signal is simply not adequate for reasons I mentioned above, and that's probably what poqVoq was referring to when he mentioned how it was discussed here.

The only timestamps shared are when they signed up and when they last connected. This is well established by court documents that Signal themselves share publicly.

This of course, assumes I trust the courts. But if I am seeking maximum privacy/security, I should not have to do that.

[โ€“] jet@hackertalks.com 1 points 4 days ago* (last edited 4 days ago)

Consider that your the french intelligence services and you need to setup secure communication for the french government.

  • Would you use signal out of the box? Clearly not.
  • Would you copy signal and setup your own servers and clients, same source, different end-points? Probably not.

If you said yes to either of the above, what if you were not a ally of the US, maybe Russia, China, DPRK.... Does that change your answer?

What capabilities does the runner of a centralized service have?

  • See all traffic
  • Can block traffic
  • Can slow traffic
  • Can record all traffic
  • Timing analysis of metadata

Does this mean Signal is a bad product? No not at all. But it does mean its very well positioned for intelligence harvesting. Add in storing private encryption keys in the cloud SVR relying on intel SGX security... and well... you get everything even decrypted messages.

The US controls Signal, the US controls Intel - Thus the US can get any code they want signed into SGX enclaves, thus the enclaves are pointless if your threat model includes the US as a adversary

Does this mean the protocol should be thrown away? No. Does this mean Signal shouldn't be used (depends on use case)? No. Signal has value, but its not the ultimate form of privacy and security.

I support projects like Briar because there is till much improvement needed in this space.

Notice: I'm not telling others to "educate yourself", if I didn't want to talk to people I wouldn't be here, or I'd link to the proper discussion. I dislike people who come to social places and act antisocially