It’s exciting to hear that Moxie and colleagues are working on something like this. They definitely have the skills to pull it off.
Few in this world have done as much for privacy as the people who built Signal. Yes, it’s not perfect, but building security systems with good UX is hard. There are all sorts of tradeoffs and sacrifices one needs to make.
For those interested in the underlying technology, they’re basically combining reproducible builds, remote attestation, and transparency logs. They’re doing the same thing that Apple Private Cloud Compute is doing, and a few others. I call it system transparency, or runtime transparency. Here’s a lighting talk I did last year: https://youtu.be/Lo0gxBWwwQE
I don't know, I'd say Signal is perfect, as it maximizes "privacy times spread". A solution that's more private wouldn't be as widespread, and thus wouldn't benefit as many people.
Signal's achievement is that it's very private while being extremely usable (it just works). Under that lens, I don't think it could be improved much.
What he did with messaging... So he will centralize all of it with known broken SGX metadata protections, weak supply chain integrity, and a mandate everyone supply their phone numbers and agree to Apple or Google terms of service to use it?
The issue being there's not really a credible better option. Matrix is the next best, because they do avoid the tie-in to phone numbers and such, but their cryptographic design is not so great (or rather, makes more tradeoffs for usability and decentralisation), and it's a lot buggier and harder to use.
Do you know a better alternative that I can get my elderly parents and non-technical friends to use?
I haven’t come across one and from my amateur POV it seems much better than WhatsApp or Telegram.
Not sure why you're gettimg downvoted. This is exactly what he did to instant messaging; extremely damaging to everyone and without solid arguments for such design.
Or, he took a barely niché messaging app plugin (OTR), improved it to provide forward secrecy for non-round trips, and deployed the current state-of-the art end-to-end encryption to over 3,000,000,000 users, as Signal isn't the only tool to use double-ratchet E2EE.
>broken SGX metadata protections
Citation needed. Also, SGX is just there to try to verify what the server is doing, including that the server isn't collecting metadata. The real talking is done by the responses to warrants https://signal.org/bigbrother/ where they've been able to hand over only two timestamps of when the user created their account and when they were last seen. If that's not good enough for you, you're better off using Tor-p2p messengers that don't have servers collecting your metadata at all, such as Cwtch or Quiet.
>weak supply chain integrity
You can download the app as an .apk from their website if you don't trust Google Play Store.
>a mandate everyone supply their phone numbers
That's how you combat spam. It sucks but there are very few options outside the corner of Zooko's triangle that has your username look like "4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad".
>and agree to Apple or Google terms of service to use it?
Yeah that's what happens when you create a phone app for the masses.
> You can download the app as an .apk from their website if you don't trust Google Play Store.
I wish apple & google provided a way to verify that an app was actually compiled from some specific git SHA. Right now applications can claim they're opensource, and claim that you can read the source code yourself. But there's no way to check that the authors haven't added any extra nasties into the code before building and submitting the APK / ios application bundle.
It would be pretty easy to do. Just have a build process at apple / google which you can point to a git repo, and let them build the application. Or - even easier - just have a way to see the application's signature in the app store. Then opensource app developers could compile their APK / ios app using github actions. And 3rd parties could check the SHA matches the app binaries in the store.
This is what F-droid does (well, I suspect most apps don't have reproducable builds that would allow 3rd-party verification), but Signal does not want 3rd-party builds of their client anyhow.
My issue is it claims to be end-to-end encrypted, which is really weird. Sure, TLS between you and your bank's server is end-to-end encrypted. But that puts your trust on the service provider.
Usually in a context where a cypherpunk deploys E2EE it means only the intended parties have access to plaintexts. And when it's you having chat with a server it's like cloud backups, the data must be encrypted by the time it leaves your device, and decrypted only once it has reached your device again. For remote computing, that would require LLM handles ciphertexts only, basically, fully homomorphic encryption (FHE). If it's that, then sure, shut up and take my money, but AFAIK the science of FHE isn't nearly there yet.
So the only alternative I can see here is SGX where client verifies what the server is doing with the data. That probably works against surveillance capitalism, hostile takeover etc., but it is also US NOBUS backdoor. Intel is a PRISM partner after all, and who knows if national security requests allow compelling SGX keys. USG did go after Lavabit RSA keys after all.
So I'd really want to see this either explained, or conveyed in the product's threat model documentation, and see that threat model offered on the front page of the project. Security is about knowing the limits of the privacy design so that the user can make an informed decision.
You don’t have to use Google login though?
People building solutions like this that aim for broad adoption have to make certain compromises and this seems OK to me (just talking about offering a social login option, haven’t checked the whole project in detail)
If this is how little you think of an app with ~50 million monthly active users, I take it making apps with a billion MAU is something you routinely do during your toilet breaks, or...?
what did he do for messaging? Signal is hardly more private than goddamn Whatsapp. in fact, given that Whatsapp had not been heavily shilled as the "totally private messenger for journalists and whistleblowers :^)" by the establishment media, I distrust it less.
Yeah, it seems kind of funny how Signal is marketed as a somewhat paranoid solution, but most people run it on an iPhone out of the app store with no way to verify the source. All it takes is one villain to infiltrate one of a few offices and Signal falls apart.
Same goes for Whatsapp, but the marketing is different there.
Ok so which iPhone app can be verified from source?
Or is your problem that your peer might run the app on an insecure device? How would you exclude decade old Android devices with unpatched holes? I don't want to argue nirvana fallacy here but what is the solution you'd like to propose?
> Signal is hardly more private than goddamn Whatsapp.
To be fair, that is largely because WhatsApp partnered with Open Whisper to bring the Signal protocol into Whatsapp. So effectively, you're saying "Signal-the-app is hardly more private than another app that shares Signal-the-protocol".
In practical terms, the only way for Signal to be significantly more private than WhatsApp is if WhatsApp were deliberately breaking privacy through some alternative channel (e.g. exfiltrating messages through a separate connection to Meta).
Also while we would expect heavy promotion for a trapped app from some agency it's also a very reasonable situation for a protocol/app that actually was secure.
You can of course never be sure but the fact that it's heavily promoted/used by people on both the whistleblowers, large corporations and multiple different National Officials at the same time is probably the best trustworthyness signal we can ever get for something like this.
(if all of these can trust it somewhaat it has to be a ridiculously deep conspiracy to not have leaked at least to some national security agency and forbidden to use(
previous discussion: https://news.ycombinator.com/item?id=46600839
It’s exciting to hear that Moxie and colleagues are working on something like this. They definitely have the skills to pull it off.
Few in this world have done as much for privacy as the people who built Signal. Yes, it’s not perfect, but building security systems with good UX is hard. There are all sorts of tradeoffs and sacrifices one needs to make.
For those interested in the underlying technology, they’re basically combining reproducible builds, remote attestation, and transparency logs. They’re doing the same thing that Apple Private Cloud Compute is doing, and a few others. I call it system transparency, or runtime transparency. Here’s a lighting talk I did last year: https://youtu.be/Lo0gxBWwwQE
I don't know, I'd say Signal is perfect, as it maximizes "privacy times spread". A solution that's more private wouldn't be as widespread, and thus wouldn't benefit as many people.
Signal's achievement is that it's very private while being extremely usable (it just works). Under that lens, I don't think it could be improved much.
https://news.ycombinator.com/item?id=46619643
I do wonder what models it uses under the hood.
ChatGPT already knows more about me than Google did before LLMs, but would I switch to inferior models to preserve privacy? Hard tradeoff.
What he did with messaging... So he will centralize all of it with known broken SGX metadata protections, weak supply chain integrity, and a mandate everyone supply their phone numbers and agree to Apple or Google terms of service to use it?
The issue being there's not really a credible better option. Matrix is the next best, because they do avoid the tie-in to phone numbers and such, but their cryptographic design is not so great (or rather, makes more tradeoffs for usability and decentralisation), and it's a lot buggier and harder to use.
Do you know a better alternative that I can get my elderly parents and non-technical friends to use? I haven’t come across one and from my amateur POV it seems much better than WhatsApp or Telegram.
Not sure why you're gettimg downvoted. This is exactly what he did to instant messaging; extremely damaging to everyone and without solid arguments for such design.
Or, he took a barely niché messaging app plugin (OTR), improved it to provide forward secrecy for non-round trips, and deployed the current state-of-the art end-to-end encryption to over 3,000,000,000 users, as Signal isn't the only tool to use double-ratchet E2EE.
>broken SGX metadata protections
Citation needed. Also, SGX is just there to try to verify what the server is doing, including that the server isn't collecting metadata. The real talking is done by the responses to warrants https://signal.org/bigbrother/ where they've been able to hand over only two timestamps of when the user created their account and when they were last seen. If that's not good enough for you, you're better off using Tor-p2p messengers that don't have servers collecting your metadata at all, such as Cwtch or Quiet.
>weak supply chain integrity
You can download the app as an .apk from their website if you don't trust Google Play Store.
>a mandate everyone supply their phone numbers
That's how you combat spam. It sucks but there are very few options outside the corner of Zooko's triangle that has your username look like "4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad".
>and agree to Apple or Google terms of service to use it?
Yeah that's what happens when you create a phone app for the masses.
> You can download the app as an .apk from their website if you don't trust Google Play Store.
I wish apple & google provided a way to verify that an app was actually compiled from some specific git SHA. Right now applications can claim they're opensource, and claim that you can read the source code yourself. But there's no way to check that the authors haven't added any extra nasties into the code before building and submitting the APK / ios application bundle.
It would be pretty easy to do. Just have a build process at apple / google which you can point to a git repo, and let them build the application. Or - even easier - just have a way to see the application's signature in the app store. Then opensource app developers could compile their APK / ios app using github actions. And 3rd parties could check the SHA matches the app binaries in the store.
This is what F-droid does (well, I suspect most apps don't have reproducable builds that would allow 3rd-party verification), but Signal does not want 3rd-party builds of their client anyhow.
They could still figure out a way to attest their builds against source.
>over 3,000,000,000 users
Is that a typo or are you really implying half the human population use Signal?
Edit: I misread, you are counting almost every messaging app user.
Just WhatsApp. Moxie's ideas are used in plenty of other messengers. The context was "what Moxie did for the field of instant messaging".
Yeah, whatsapp uses the same protocol.
The website is: https://confer.to/
"Confer - Truly private AI. Your space to think."
"Your Data Remains Yours, Never trained on. Never sold. Never shared. Nobody can access it but you."
"Continue With Google"
Make of that what you will.
My issue is it claims to be end-to-end encrypted, which is really weird. Sure, TLS between you and your bank's server is end-to-end encrypted. But that puts your trust on the service provider.
Usually in a context where a cypherpunk deploys E2EE it means only the intended parties have access to plaintexts. And when it's you having chat with a server it's like cloud backups, the data must be encrypted by the time it leaves your device, and decrypted only once it has reached your device again. For remote computing, that would require LLM handles ciphertexts only, basically, fully homomorphic encryption (FHE). If it's that, then sure, shut up and take my money, but AFAIK the science of FHE isn't nearly there yet.
So the only alternative I can see here is SGX where client verifies what the server is doing with the data. That probably works against surveillance capitalism, hostile takeover etc., but it is also US NOBUS backdoor. Intel is a PRISM partner after all, and who knows if national security requests allow compelling SGX keys. USG did go after Lavabit RSA keys after all.
So I'd really want to see this either explained, or conveyed in the product's threat model documentation, and see that threat model offered on the front page of the project. Security is about knowing the limits of the privacy design so that the user can make an informed decision.
Looks like using Google for login. You can also "Continue with Email." Logging in with Google is pretty standard.
It is not privacy oriented if you are sharing login, profile information with Google and Confer.
It wouldn't be long until Google and Gemini can read this information and Google knows you are using Confer.
Wouldn't trust it regardless if Email is available.
The fact that confer allows Google login shows that Confer doesn't care about users privacy.
You don’t have to use Google login though? People building solutions like this that aim for broad adoption have to make certain compromises and this seems OK to me (just talking about offering a social login option, haven’t checked the whole project in detail)
Add a defunct cryptotoken?
Hey, Telegram had one. He had to get to feature parity.
Backdoor it?
Do what he did for messaging? Make a thing almost nobody uses?
If this is how little you think of an app with ~50 million monthly active users, I take it making apps with a billion MAU is something you routinely do during your toilet breaks, or...?
3 billion WhatsApp users use protocol built on his labor, every day.
what did he do for messaging? Signal is hardly more private than goddamn Whatsapp. in fact, given that Whatsapp had not been heavily shilled as the "totally private messenger for journalists and whistleblowers :^)" by the establishment media, I distrust it less.
Yeah, it seems kind of funny how Signal is marketed as a somewhat paranoid solution, but most people run it on an iPhone out of the app store with no way to verify the source. All it takes is one villain to infiltrate one of a few offices and Signal falls apart.
Same goes for Whatsapp, but the marketing is different there.
Ok so which iPhone app can be verified from source?
Or is your problem that your peer might run the app on an insecure device? How would you exclude decade old Android devices with unpatched holes? I don't want to argue nirvana fallacy here but what is the solution you'd like to propose?
> Signal is hardly more private than goddamn Whatsapp
Kind of because Whatsapp adopted Signal's E2EE... And not even that long ago!
He implemented E2EE in Whatsapp as well.
> Signal is hardly more private than goddamn Whatsapp.
To be fair, that is largely because WhatsApp partnered with Open Whisper to bring the Signal protocol into Whatsapp. So effectively, you're saying "Signal-the-app is hardly more private than another app that shares Signal-the-protocol".
In practical terms, the only way for Signal to be significantly more private than WhatsApp is if WhatsApp were deliberately breaking privacy through some alternative channel (e.g. exfiltrating messages through a separate connection to Meta).
Even if you discount Signal he did more or less design the protocol that WhatsApp is using https://techcrunch.com/2014/11/18/end-to-end-for-everyone/
Also while we would expect heavy promotion for a trapped app from some agency it's also a very reasonable situation for a protocol/app that actually was secure.
You can of course never be sure but the fact that it's heavily promoted/used by people on both the whistleblowers, large corporations and multiple different National Officials at the same time is probably the best trustworthyness signal we can ever get for something like this.
(if all of these can trust it somewhaat it has to be a ridiculously deep conspiracy to not have leaked at least to some national security agency and forbidden to use(