Signal Developer Explains Why Early Encrypted Messaging Tools Flopped 98
Signal developer Moxie Marlinspike criticized early encryption software's user-unfriendly design at Black Hat 2024, admitting he and others initially failed to consider non-technical users' needs. Speaking with Black Hat founder Jeff Moss, Marlinspike said developers of tools like Pretty Good Privacy (PGP) wrongly assumed users would adopt complex practices like running keyservers and signing keys over dinner. "We were just wrong," Marlinspike said, describing this as "software snobbery" that undermined wider adoption. "You take on the complexity instead of making the user deal with it," Marlinspike contrasted PGP's arcane interface with Signal's more accessible design.
At least he gets (Score:5, Insightful)
A lot of people do not understand that security and privacy are not the same thing. They are not even the most important criterion across the board. They are 2 of several criteria that depend on how the software is being used, who is using it and what is the information that is being put in the software.
1. My mom wants to tell me that she needs a plumber over a message - security is not the paramount feature. Privacy is somewhat important. Convenience is the MOST important thing here.
2. The spy wanting to send the coordinates of the rogue nations nuclear facility....well, you get the picture.
This is common sense and yet we have expectations that PGP will become standard.
Re: (Score:2)
This is common sense and yet we have expectations that PGP will become standard.
This is why I use Telegram and why I've prodded my family to adopt it as well. There are obviously things about it that are somewhat alarming to me (closed-source and non-federated server software, a creator who is becoming more of a diva every day, an increasing promotion of crypto scammery, etc), but it is by far the most user-friendly messaging platform available that isn't owned by a tech megacorp.
If I have something secret to send, I can use PGP to encrypt the message and then send it over literally a
Signal FTW! (Score:5, Informative)
Signal is end-to-end encrypted for all functions across the board [tomsguide.com], (text, audio, video). Telegram is not. It's easy to search for other citations as well.
disclaimer: I'm a Signal fanboi and I tell everyone about it.
I figure if Signal is good enough for Mark Meadows [businessinsider.com], it's good enough for me. /s ...and by all means do not even consider using Whatsapp! Whatsapp can get you killed! [cnn.com]
Re: (Score:2)
The main features I need from Signal are open source clients and federation.
Re:Signal FTW! (Score:5, Informative)
Signal is great. I use it. What people fail to realize is that while the Signal protocol is secure (currently anyway,) and fairly private since they stopped requiring use of your cell number as an ID, the phone itself is not. That is not doubt how the "Signal hacks" happened...malware took screenshots of the SIgnal app rather than intercepting and decrypting the messages themselves.
Re: (Score:2)
I don't know enough about the details of that case (I doubt anyone really does except the perpetrators of that foul act) but afaik whatsapp uses the same encryption model as Signal and has done since about 2016.
In that case it sounds like a phone was compromised at the phone level, which would probably expose Signal messages just as easily as Whatsapp messages.
(I also am a Signal fan and recommend it incessantly and annoyingly but short of that I advise people to use whatsapp over Telegram any day of the we
Re: (Score:2)
I don't know enough about the details of that case (I doubt anyone really does except the perpetrators of that foul act) but afaik whatsapp uses the same encryption model as Signal and has done since about 2016.
In that case it sounds like a phone was compromised at the phone level, which would probably expose Signal messages just as easily as Whatsapp messages.
My understanding of the hack that lead to Jamal Khashoggi's brutal death is that Whatsapp had a zero-day flaw that Pegasus from Isreal's NSO group was able to use to 'own the phone'. The phone was infected using a crafted SMS message that in all liklihood was completely silent. Also it wasn't Jamal Khashoggi's phone that was hacked, but Omar Abdulaziz', Jamal's trusted associate's who Jamal Khashoggi was communicating with supposedly in private. Jamal Khashoggi's wife's phone was also targeted several month
Re: (Score:2)
I have been using Signal since the RedPhone/TextSecure days, when TextSecure replaced the SMS app on Android with one that handled SMS, as well as Signal messages, and stored both encrypted on the device.
I consider it good enough for most communication, and it has been solid, as solid as a secure messaging app can be. However, nothing beats a properly set up GPG web of trust. However, getting people to actually use a GPG web of trust is next to impossible, because most people want a padlock icon to look a
Re: Signal FTW! (Score:2)
I love the security of Signal. But I don't love the practicality . Messages and content do not sync between devices. In particular nor between Signal desktop and Signal on my phone.
I find small touch screens very tedious to type on, especially now that I suffer from macular degeneration.
When I need to type a long message, it's the desktop with full size keyboard and 32" monitor I want to use, not the phone.
There is no option to do this sync with Signal at all, unfortunately, as far as I know.
Obviously, ther
Re: (Score:2)
I love the security of Signal. But I don't love the practicality . Messages and content do not sync between devices. In particular nor between Signal desktop and Signal on my phone.
I find small touch screens very tedious to type on, especially now that I suffer from macular degeneration.
When I need to type a long message, it's the desktop with full size keyboard and 32" monitor I want to use, not the phone.
There is no option to do this sync with Signal at all, unfortunately, as far as I know.
At this moment I do not know what to tell you other than to offer you encouragement to try harder. Signal works for me the way you describe how you would like it to work. I have two devices that automatically, instantly sync with each other: an Android phone and an Ubuntu workstation with Signal Desktop. Android must work well with Signal first, than the Desktop is linked using a QR-code generated from the Desktop as I recall.
In fact I find it convenient when an incoming call comes in to be able to choose w
Re: (Score:2)
All I can say is that my Signal messenger on Android is showing many conversations from 2022, 2023 and 2024, and Signal desktop for Windows is showing no conversations at all.
I just tried to send a "Note to self" on Signal desktop, and it did sync immediately to Android. Perhaps it's only syncing things in one direction.
Re: (Score:2)
Seems that it is indeed a limitation of Signal desktop . After being installed, it will not sync old conversations automatically, only new conversations.
There is unfortunately also no way to import these old conversations manually either. This is documented. This is a showstopper for me. I reinstall my OS periodically, as the Windows registry tends to make the system explode after a few years. And at that point, Signal would be reinstalled also, and old conversations would fail to sync as well. This is a re
Re: (Score:2)
I didn't read the link but I can still offer this comment. As I understand things, Signal works this way by design because messages are sent to a secure device with a key, period. This is a security feature. And if someone captures your latest device, they still cannot access old messages.
I think I understand where you are coming from too and I feel the same way. I have people in my life whose messages I don't want to lose because if I'm lucky I'll outlive them.
For some people in my life and group chats dis
Re: (Score:2)
Preventing access to old messages on a lost/compromised device is all well and good, but that is not good for everybody in 100% of use cases. One can make a case that the current behavior is the most secure, and should be the default. And I would buy that if Signal had any way to deal with the other cases at all. I'm confident that there ways to deal with it with explicit manual steps, and without compromising the security in this case.
I have been using Linux since 1997 in various forms. I have written a lo
Re: (Score:2)
Aside from that, going forward, everything sync'd between devi
Re: (Score:2)
Signal still supports migrating old messages from one Android device to another, or from one iOS device to another, as I understand from the page I linked and which you said you didn't read. Perhaps you should reconsider using Signal, since that capability is actually there on some platforms, just not the ones I care about.
Unless I'm missing something, your suggestion to use a VM as backup only helps with backing up messages going forward - it does not help with the problem of syncing older Signal messages
Re: (Score:2)
Re: (Score:3)
A system which does not assure all three aspects is not secure.
Security means different things (Score:2, Insightful)
When Microsoft talks about "security" they aren't using the same definition of the word as you are.
In Microsoft's mind, security means:
The untrusted end-user is unable to run any software without owning an appropriate software license.
The untrusted end-user is unable to pirate any content without owning an appropriate license to the content.
Re: (Score:2)
I would agree, and virtually all of that can be transparent. The only bit that isn't is the bit where you show the machine that you are indeed the authorised recipient/sender.
Everything else can be automagic.
Re: (Score:2)
Usually security people talk in terms of the (somewhat ironically named) CIA triad [wustl.edu]:
Confidentiality is a superset of privacy: don't disclose information when it should not be disclosed.
Integrity is a superset of your authenticity and non-repudiability: it does what it says it did.
Availability is whether the system or service is available at all. DoS attacks violate availability.
Re: (Score:2)
Oftentimes, I see "security" as in "non-jailbreakability", as in DRM. A lot of companies don't care if the bad guys can compromise a device and turn it into a privacy nightmare, provided the person who owns the device can't do anything about the software running on it.
Guarding against a local user from getting a root prompt is a completely different version of security than guarding against remote root attacks, guarding against privilege escalation attacks, or guarding against an app that needs root for on
Re: At least he gets (Score:2)
Instead of "non-reputability,", I think the correct concept is "non-repudiation". It means you cannot pretend to not have sent (or repudiate) a message that you actually did send out.
Re: (Score:2)
PGP could have been standard, if it had been transparent.
When we log into SSH servers using certs, we don't care about the picky details. Even less so when we log into websites over HTTPS connections, whether the certs used are client-side, server-side, of both.
If I'm connecting to an extranet at work, the router handles the IPSec connection, not me.
I remember saying much the same when PGP came out - it'll be used if it's transparent and users don't have to do anything.
Get your email client to look up the r
Re: (Score:2)
With HTTPS you blindly trust some third parties: the browser and a bunch of certificate authorities. And some certificate authorities proved to not be trustworthy. And a lot of "security" software and devices try to MITM attack you. That assumed trust make it easy to use.
Re: At least he gets (Score:2)
There are lots of tools which do that. I remember a browser extension that added PGP to Gmail. But still nobody uses encryption
Re: At least he gets (Score:2)
Gmail broke S/MIME for the longest time. And I'm not talking about the "hosted S/MIME" but the proper client-side S/MIME over IMAPS/SMTPS where you manage your certs and keys yourself. Which is a PITA to do with multiple devices.
Re: (Score:2)
I remember saying much the same when PGP came out - it'll be used if it's transparent and users don't have to do anything. ...
Get your email client to look up the recipient's encryption key
For email, I think S/MIME is a better analogy to HTTPS and it's ease of adoption. Once a user certificate is issued and installed, S/MIME is very transparent in use, but we're back to trusting CA's, rather than a ring of trust as in GPG/PGP.
To suggest having your email client look up recipients key suggests there would be a single authority for the keys, and we might as well go back to the S/MIME certificate model at that point, IMO.
Re: (Score:2)
Any security that the user don't have to think about or recognize it's there because it's just there doing its job is the good security.
Same thing with privacy features.
Re: (Score:2)
Grandma Test (Score:5, Insightful)
admitting he and others initially failed to consider non-technical users' needs
This is a part of why Linux is a marginal OS on the desktop but thrives under Andriod. Android targets grandma while Linux targets technical users. Linux (Gnome and KDE, really) has made significant progress towards fixing that and has the benefit that it has a large community of developers behind it, so it's not going anywhere. But Grandma has a lot more of a chance of getting things to work on a Mac or Windows than she does on a Linux-based desktop OS. Grandma has always been the benchmark. Techies know how to modify a configuration file, Grandma probably doesn't have a clue, though as we age, some grandmas are familiar with technology.
Re: (Score:1)
+----------> You must be this intelligent to use Linux
.
.
.
+----------> You must be this intelligent to use MS-Windows
+----------> You must be this intelligent (you seem to be breathing without mechanical assistance)
Re:Grandma Test (Score:4, Funny)
Difference in an image
https://images-cdn.9gag.com/ph... [9gag.com]
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I notice that using the Mac here does not actually make any vehicle move.
Re: (Score:3)
This is a common wrong interpretation among those technically oriented. Different people have skills and interests in different areas. You can find quite intelligent people who can't even turn on a computer.
Re: (Score:2)
Re:Grandma Test (Score:5, Informative)
Did you know that desktop Linux has 15.23% market share in India?
And an installed Linux distro is pretty easy to use, even for non-technical and older people, in my experience.
Re: (Score:1)
Re: (Score:2)
FWIW, I use debian mate. I consider most current windowing systems clunky, obscure, and ugly (by default). I truly despise dark mode. As my eyes have gotten weaker, I've despised it increasingly strongly.
OTOH, my tastes may be unusual. MSWind95 would be easy to read. (I don't know at all about modern versions of MSWindows.) That said KDE3 was pretty, and KDE4 had lots of good points. But at some point it got too much and I switched to Gnome2. Then Gnome3 came out and I had to switch to Mate.
Re: (Score:2)
I prefer MATE as well. It strikes the right balance for me in terms of a pleasant aesthetic, low resource footprint and the ability to customize. My hardware these days is beefy enough that resource footprint isn't a major concern of mine, but I still don't like feeling that my DE is doing more than it should. It should look nice, give me everything I need to interact with the machine and then otherwise get out of the way.
The last time I tried KDE as workstation DE was admittedly a very long time ago now, b
Re: Grandma Test (Score:3)
Re: Grandma Test (Score:2)
Re: (Score:2)
As long as thet can use vi to edit the Makefiles to compile drivers for the peripherals...
Not only linux (Score:2)
The Windows desktop every since Windows 8 has been an unintuitive mess particularly when added with "Modern" UI (which actually looks like an escapee from the 1980s to me) where the demarcation between controls and data seems to have been deliberately obscured for [reasons].
Re: Not only linux (Score:2)
Re: (Score:2)
Re: (Score:2)
This is false. Grandma doesn't need to do sysadmin stuff, she is a simple desktop user doing a limited set of tasks. For simple desktop stuff, Linux is there for over 20 years already: you see icons on a desktop, click on them and launch apps.
Re: (Score:2)
Personally, I'm fine with PGP and Linux being too "techie" for dimwits to use. In the case of PGP, others using it without a care in the world would dilute the web of trust it's built upon to the point of being worthless. (Try validating anything PGP signed whe
More complex discussion than a simple comparison (Score:1)
PGP wasn't made for the non-technical user. Back in the day it was quite easy to use compared to many other tools you had to use.
While I applaud efforts to make non-techies access technologies that were used by techies way back, there is more to it.
For example, how do you know that your messages on signal are encrypted so that no-one else than the people involved in the conversation can read them? How do you know that the person you are talking to are the person they are claiming to be?
Tools like PGP/GPG sh
Re: (Score:2)
Yes, but email programs should at least support signing messages with a private key. Kmail could support that over a decade ago. (Too bad it had other problems.)
Re: (Score:2)
Signing is easy. In fact; your mail server can do that - DKIM signing can sign everyone's emails.
Thus in theory the message verifiably comes from someone with access to your account or with control of your mail server.
Exchanging keys in a manner where you can actually verify the signing key belongs to you think it does is harder.
Re: the year of the linux desktop is almost here (Score:2)
Linus provides the OS kernel. Others add various UIs.
In fact, if you want to scare the crap out of some non-techie macOS users, open a terminal on their system and show them all the command line stuff one can do.
Re: the year of the linux desktop is almost here (Score:2)
Torvalds has nothing to do with users' needs, and their convenience isn't his job. Don't forget that Android uses Linux, and that Apple uses BSD Unix which can be even more hairy than Linux. I'm responding to this obvious troll only because I don't have mod points.
Re: the year of the linux desktop is almost here (Score:2)
Your trolling is annoying. Linux isn't a one man project. Also, you've probably not noticed that Windows has a terminal too.
Re: (Score:1)
Re: (Score:3)
Don't blame this sort of thing on autism. Plenty of non autistic people in IT also have a poor understanding of human behaviour and needs because they simply haven't spent enough time with other people who are different and think differently to them. This is particularly apposite with kids just out of uni who get dumped into some webdev job where they're expected to create a user interface and fuck it up totally from a users POV.
Re: (Score:2)
Come back when there is an independent implementation of the Signal protocol.
Do none of these count?
* TextSecure
* Signal
* WhatsApp
* Facebook Messenger
* Secure Chat
* Google Allo - Incognito Mode
* Google Messages - one-to-one conversation encryption using RCS
* Skype - Private Conversations
* Rust based reference implementation - https://github.com/signalapp/l... [github.com]
* C based reference implementation - https://github.com/signalapp/l... [github.com]
* Java based reference implementation - https://github.com/signalapp/l... [github.com]
seems like the proof is all in the pudding (Score:1)
Moxie can jabber all he wants, but you never hear about people using GPG on a linux getting all their communication broken, meanwhile it seems like the NSA has every last signal message before you even finish typing it.
Signal traffic from Sam Bankman Fried, The Proud boys, The Oathkeepers, and countless others have been on open display as if it is a matter of course that the government has access to all signal messages.
Maybe he should rethink the philosophy of making something so easy that anyone can use it
I respectfully disagree that Signal was hacked. (Score:3)
I respectfully disagree the Feds managed to hack into Signal. In almost all cases where evidence is coughed up, it's because there's evidence On The Device, and the Feds, (somehow), got access to the device. Someone's device from the group chat. Possibly with cooperation from the device owner.
Please do not confuse document retention with actually being hacked. If anyone on a group chat gets their device imaged before a private message goes poof, well you get the picture.
The Feds found documents on Mark Mead
Re: (Score:2)
The Hatch Act requires government employees to retain all communications, which excludes the use of Signal outright because the government can't access the records. This is similar to how prior to the Sarbannes Oxley Act corporate types would bypass corporate document retention systems, (including email).
Oops. When I wrote The Hatch Act, that was my error. I meant The Presidential Records Act.
Excuse me for having Hatch Act on the brain, because it gets drilled into my brain.
Re: (Score:1)
Re: (Score:2)
In almost all cases where evidence is coughed up, it's because there's evidence On The Device, and the Feds, (somehow), got access to the device
and they very rarely intercept traffic anyway, so im not sure what the point of signal really is
One can easily make the argument that Signal sucks. But then it still sucks less than everything else.
Re: (Score:2)
> Please do not confuse document retention with actually being hacked.
You are missing the point, utterly.
In a secure system, documents stored either sit behind high entropy or do not get stored at all. Signal defaults to storing all messages sent, and doesn't require anything more than trivial entropy protecting them. To be secure, it should either default to deleting old messages, or else require a high entropy local password. It does neither, so most people have zero privacy with signal.
And, you blithe
Re: (Score:2)
You are missing the point, utterly.
My point was, if you've still got documents on the phone when someone with a $5 wrench hits you hard enough, your documents will become exposed. If they didn't exist, they would not have been.
Re: (Score:2)
...another thing I imagine the DOJ takes into consideration once they've captured a Signal user's phone, (and imaged it), is this:
Still using Mark Meadows phone as an example, for the sake of argument let's say all the war room participants at the Willard Hotel in Washington DC on January 6, 2021 [rollingstone.com] were involved in a conspiracy and a Signal group chat linked everyone together. And the FBI somehow, possibly with a warrant captured and imaged 1 or 2 member's phones, and there's no messages in the group chat whi
Comment removed (Score:5, Insightful)
Give me a second to explain things to you (Score:4, Insightful)
Thunderbird has made it incredibly easy to implement PGP with public keyring technology. Once you've created a PGP encryption key pair, you need merely export the keys and import them on any other host where they are needed to use the same exact encryption keys from multiple devices.
Getting your recipient to implement GPG with public keyring is hard, I'll give you that. Even when you explain the difference between a postcard and a letter in a security envelope, most users will argue that they don't need the privacy that GPG/PGP provides. People who would never send a postcard with pictures of their grandchildren eating chocolate pudding, that ugly bruise on their thigh or their latest gynecological procedure will more than happily attach those pics to the electronic equivalent of a postcard - I think it's because the creep that'll read their correspondence is a nameless, faceless stranger, not our postman.
Re: (Score:2)
Re: (Score:2)
I have a minor quibble with the ease of use of GPG in modern Thunderbird. Pre-v. 78 Thunderbird with Enigmail was the bees' knees. It was flexible, usable, secure, and worked quite happily with my Yubikey. In v. 115, the new built-in stuff is incredibly limited. As I keep my GPG keys on a Yubikey, I had to flip a bit in about:config to even try to use it. Once I flipped it, I STILL couldn't get it to work. I finally gave up and imported my keys directly into the Thunderbird keystore (which exists comp
Re: (Score:2)
Re: (Score:2)
Then PGP is in the wrong place in the email clients, or is improperly integrated.
It should be no harder to read a PGP-encrypted email than it is to access an HTTPS-encrypted website or a signed APT repository.
You should be able to install the key in exactly the same way as you'd install a new cert, and it should then Just Work.
This is a problem I've been arguing needs solving since the mid 1990s. Whilst I'm glad there's now at least a few others on the planet who understand the problem, I do want to know wh
Re: (Score:2)
The folks doing PGP wanted a system that was distributed. That's the real difference. The reason that https works seamlessly is that you have decided to trust someone else to issue certificates and distribute certificates. Back when SSL certs were expensive I maintained my own CA both for work and for some individual projects that I had, and that was definitely clunky. It worked, and it was extra secure, because I actually trusted machines with certificates that I signed, but there was no really good wa
Re: (Score:2)
It should be no harder to read a PGP-encrypted email than it is to access an HTTPS-encrypted website or a signed APT repository.
Someone else should hold your encryption keys in escrow for you? Because that's what you're asking for here: Do all of the work for me, because I can't be bothered with it. FYI: HTTPS is fundamentally broken with the existing CA system. It's been rendered completely useless for one of it's original goals, trust. To the point of all indications of it being removed from modern OSes and browsers. Sure you can use it to place keying material on end-users devices, but all of that is easily compromised by anyone
Says the guy who removed the Signal PIN (Score:2)
Signal removed a trivial PIN password at app launch and told me, "just use the android login" when that doesn't really serve my needs in all situations. I gave up on Signal being hard-core useful and secure a long time ago. He's right about the design mindset of course, but he's guilty of taking useful features away as well. But then he's made his money by selling out, hasn't he? I'm waiting for something better, like the complete dumping of phone numbers and options for a trivial server instance we can
Now do Crypto (Score:2)
This software snobbery is inflicting the world of Crypto as well. And shut up, don't tell me it's easy enough. Shut the hell up and get out of here. Fix the damn thing. Make it EASY. It should get to the point where an idiot who did not finish school can use the damn thing.
Re: (Score:2)
This is hardly a new issue (Score:3)
Keep programmers well away from product design [amazon.com].
You don't know what you're doing. You just throw wrappers around your own harsh, internal APIs, and call it a day and think yourselves great.
The book even dives into the tremendous usefulness of these "dancing bears", programs that do things complex and novel, which is why people even put up with clumsy integration into products. But keep the programmers well away from product design itself.
And now, back to the movie.
Ya know, Darcy, the thing about dancing bears is not how well they dance, but that they dance at all.
Re: (Score:2)
I think you'd want to finger UX designers for the bullshit that passes for
They took over from "programmers" as far as what you see when you use a program... close to 20 years ago.
Re: (Score:2)
I think you'd want to finger UX designers for the bullshit that passes for ... user interfaces.
Those people are fine if the software maker actually wants you to use the product. Most UX design these days is about using psychological tricks to manipulate engagement. Whether that's for ads or to gain traction on a new product you want to push.
Signal being blocked in Russia (Score:2)
MOSCOW, Aug 9 (Reuters) - Russia's state communications watchdog Roskomnadzor said that Signal, an encrypted messaging app, had been blocked in the country for violating local laws, Interfax news agency reported on Friday.
The reason for this blockage is obvious. With Ukraine's attack on Russia and seizing 160 square miles of territory, despite Moscow saying six times the attack has been repelled, destroying a warehouse full of glide bombs, blasting a convoy of Russian vehicles and troops [bbc.com], and in general giving the bully a bloody nose, there is no way Putin wants the public to know how badly things are going for him.
Re: (Score:2)
In what has to be the shortest blurb ever, Reuters is reporting [reuters.com] that Signal is being blocked all across Russia:
MOSCOW, Aug 9 (Reuters) - Russia's state communications watchdog Roskomnadzor said that Signal, an encrypted messaging app, had been blocked in the country for violating local laws, Interfax news agency reported on Friday.
That's all the endorsement for using Signal anyone needs right there!
Wish more developers understood this (Score:2)
It should be tattooed on their foreheads backwards.
UI for email encryption (Score:2)
Re: (Score:2)
They Still are (Score:1)
Re: They Still are (Score:2)
Note that FaceID cannot handle older keys, so if the user used faceID they will have to set that up again.