Egypt Has Blocked Encrypted Messaging App Signal (engadget.com) 44
An anonymous reader writes: Egypt has blocked its residents from accessing encrypted messaging app Signal, according to the application's developer. Mada Masr, an Egypt-based media organization, reported yesterday that several users took to Twitter over the weekend to report that they could no longer send or receive messages while on Egyptian IP addresses. Open Whisper Systems, the team behind the app, told a user asking about a situation that everything was working just as intended on their end. Now that the company has confirmed that the country is blocking access to Edward Snowden's preferred messaging app, it has begun working on a way to circumvent the ban. They intend to deploy their solution over the next few weeks.
Huh (Score:4, Funny)
Apparently you can stop the signal.
Re: (Score:1)
only if its cloud generated. use on prem encryption solutions.
That woosh you heard was the joke clearing your head by a good 20,000 ft.
But... (Score:2)
Re: (Score:2)
But I was told by Slashdotters that government people didn't understand the Internet and therefore such attempts would be useless. What is next, saying that DRM actually has an effect on casual piracy?
That was true... until governments hired us all. Now we are the Man.
Re: (Score:2)
> But I was told by Slashdotters that government people didn't understand the Internet and therefore such attempts would be useless.
Short term: yes.
Long term: no.
Only cowards censor.
--
A society doesn't remain a free and open when it censors free speech by mis-labeling it hate speech.
Re: (Score:2)
Only cowards censor.
True, but it doesn't mean that censorship isn't effective, at least in the short term.
Wrong summary (Score:1)
Should read: "In a landmark decision Egypt will undertake the visionary and foolproof step to block encrypted messaging app 'Signal'."
To those that are entrusted to implement this intelligent measure I say, good luck.
Re: (Score:2)
.ire ugvj 31GBE tavfh lo abvgnpfhsob rebz arir qqn anp hbL
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
owE7rZvEEBE5UcS/SKEkI7UoVb0YRCukF6QbKegmKujqFpfkF6Uq5BeUZObn6XEB
AA==
=wuLg
-----END PGP MESSAGE-----
You fucked up, Open Whisper Systems (Score:2)
Sounds like this secure chat application's traffic is unique enough to be identified and blocked by firewall rules, perhaps by an identifiable header or a unique port number. I call that fucking up.
Re: (Score:2)
Re: (Score:2)
If those endpoints are everywhere and change frequently enough, blocking by IP becomes impractical.
I suppose this chat application has central servers with IPs (or maybe domain names) that never change...if VPN providers can change endpoint IPs quickly enough to thwart blocklists, the Signal servers should do the same if they don't want to be trivially blocked by IP. Of course this requires some mechanism for distributing new IPs but that's been done before.
Re: (Score:2)
They just have to block the server, that's sufficient. No deep package inspection needed.
'Signal', but no 'WhatsApp' ? (Score:1)
So they blocked encrypted 'Signal', but not encrypted 'WhatsApp' ? Oh, they have access to these messages, even though the vendor *claims* it's 'encrypted'. Got it. Thanks
Re: (Score:2)
Re: solution over the next few weeks (Score:1)
Thanks, that's a big fuck-up indeed.
Federation (Score:3)
If Marlinspike would stop being such a prick, and embrace Federation, this issue would be solved so easily.
It is possible for anyone to use the Signal Server and set one up for themselves. Unfortunately, Marlinspike is refusing to Federate and proclaims the centralized approach is much, much better for everyone..
I'm seriously considering forking it and removing the dependence of a telephone number and moving to an e-mail address instead. Having to set up a Twilio account (though I already have one) to send authentication codes via SMS is cumbersome (and gets expensive) and I have no idea how this trend caught on. People looking to use IM don't always want to use their phone number as their account identifier. Not to mention Signal piggybacks incoming message signalling over Google's Cloud Messaging platform.... there are other ways to do this without Google.
Re: Federation (Score:3)
I understand the case for using phone numbers, but for privacy reasons alone should rule it out for an encrypted, private, secure messenger.
Signal already rules out Spam by using public/private cryptography as a whitelist, essentially. If you don't have a key to communicate with someone, you can't send them anything.
Being able to use an anonymized email address to communicate in a war torn area is a good thing.
Going the email address route would also make it really easy to integrate with other communication
Re: (Score:2)
My issue isn't privacy, it's that it's being tied to a centralized, paid service like that. As the majority of my post mentioned, their centralization, closed minded approach is stifling their growth and, in my opinion, credibility.
It's another hurdle that makes it more difficult for people so set up their own private, federated IM network.
To be honest, it seems like the developers are just being lazy. I understand that in a pinch that GCM is a useful, reliable way to get an app to market... but this isn't
Re: Question: (Score:2)
My experience with XMPP/Jabber has been this:
- bloated, complicated protocol (descriptive XML for all communication, really?)
- only 1 real contender for end to end Crypto (OMEMO), but it requires support at the server and client layer
- server software is way overly complicated to set up and configure
- security (cryptography) is not a core goal of XMPP/Jabber. It's all bolted on, and complicates the protocol and server setup even further
This is just my experience. The mobile clients all suck, too. Conversati [conversations.im]
Re: (Score:2)
If Marlinspike would stop being such a prick, and embrace Federation, this issue would be solved so easily.
Here's a good discussion of his rationale for not federating. I'm not particularly sold on his stance, though I agree that the experience of trying to design by committee is generally only for the masochistic.
But while I was reading his excuses—er, argument—I realised that his entire point boiled down to 'It's hard!' That perfectly fine, as far as it goes. And because I'm not willing to say, 'Fuck you Moxie, I'm going to show you how it's done!' I don't really have a lot of weight to put against
Re: (Score:3)
Here's a good discussion of his rationale for not federating.
Actually not. The fucking link tag didn't get closed. Here: https://lwn.net/Articles/687294/ [lwn.net]
All because of Sissi (Score:2)
Problem solved already with Signal 3.25.2 release (Score:5, Informative)
Apparently Egypt (and the UAE) were just blocking the server. Moxie just released 3.25.2 in the beta channel to circumvent this. These changes in build.gradle show it's quite easy to circumvent such a block:
buildConfigField "String", "TEXTSECURE_URL", "\"https://textsecure-service.whispersystems.org\""
+ buildConfigField "String[]", "CENSORED_COUNTRIES", "{\"+20\", \"+971\"}"
+ buildConfigField "String", "UNCENSORED_FRONTING_HOST", "\"https://www.google.com\""
+ buildConfigField "String", "CENSORED_REFLECTOR", "\"signal-reflector-meek.appspot.com\""
In case those countries banned Signal from Google Play I just uploaded 3.25.2 to apkmirror.com (I don't know when they'll publish it though).
If all else fails, you can still use the fork Silence, which uses tghesms/mms encryption that Signal dropped in 2.7.0. Blocking sms will fuck off all kinds of industrial controllers so that's not really an option.
a way to circumvent the ban (Score:1)
Making internet censorship unenforceable and messaging untraceable is music to my ears. A worthy goal if there ever was one.
So you can stop the signal. (Score:2)
So much for Firefly fans.