Elementi taggati con: signal
Good read. The authors make clear, that end-to-end encryption, as important as it is, is not the most important tool to protect privacy. Federation or decentralization is much more important. They also see clearly, that centralized messengers have much better funding opportunities than federated ones.
While OWS provides thorough expertise in the field of cryptography, Marlinspike is currently advocating centralisation as the only answer towards user-friendly, fast and secure messaging apps. Decentralisation, according to him, has no place in the modern world and apparently hampers innovation. However, some of his arguments have not remained unchallenged. In particular, where Marlinspike accuses federation of stalling evolution, Daniel Gultsch provides a counter argument by using the Web as an example of successfully federated system. Furthermore, Gultsch states that the problem is not that federation doesn't adapt, but rather that there are problems with its implementation for a very significant reason: software developers working on federated systems mostly work for free in their spare time or with little means, given the difficulty to monetise a system which design can only succeed if it is open and can be appropriated easily beyond its original scope, and thus making its capitalisation particularly challenging. In that sense, the most interesting aspect of this debate is that while Marlinspike seems to defend his product from a technological perspective, Gultsch's counter argument moves back the discussion to the context of political economy.#whatsapp #facebook #signal #xmpp #conversations #gajim #chatsecure #selfhosting #federation #politics #freesoftware
Hosting your own infrastructure allows you to scale your communication in a way that is the most meaningful for the group or community you belong to. It is also a way to make sure your system matches your own threat model?, while simultaneously allowing you to deal with trust that is not mediated by an app. It also allows you to experiment with economic models other than those linked to large-scale infrastructure involving surveillance and capturing of your social graph for financial gain. Maybe you want to share the cost of the server or the responsibilities of administrating it, maybe you want to collectively learn how to run all this stuff, or maybe you want to start meetings to exchange tips, etc. However, this does not mean that you need to cut yourself off from the rest of the world and this form of localism should not be misunderstood for a hipsterist and reactionary form of escapism. Instead, such an approach is quite the opposite as it provides a possibility to actively engage with societal issues. It allows groups to collectively think, in the sense of defining questions and hypotheses themselves, acquire skills and knowledge and respond to issues that are both relevant to their own situation but that can also resonate globally, enabling others to start a similar process.
You broke the Internet
Now let's build a GNU one
Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.
Strongly recommend checking out the source website: http://youbroketheinternet.org/
Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat
Installing Signal on a Google free phone
I tried to install Singal on my Google free Android phone one year ago and I was shocked when I found out that I had to install Google Play services to use Signal and there was not much info out there how to do it without it.
So now I gave it another try and after almost a whole day I finally did it.
Here is what I did:
I have rooted CyanogenMod 13 on my phone, no Google apps.
- Go to https://microg.org/ (A free-as-in-freedom re-implementation of Google’s proprietary Android user space apps and libraries.)
- Download and install GmsCore.apk, GsfProxy.apk, FakeStore.apk in this order
- Open the microG Settings and tick both checkboxes for background services
- Reboot your device
- Disable Battery Optimization for microG Services Core in System Settings > Battery > Menu > Battery optimization.
- Go to https://www.apkmirror.com and get an old version of Signal - e.g. v3.20 (you won't be able to sign up with the newest version)
- Install Signal and sign up.
- Now if everything works just download the newest version of Signal and install it.
I hope this helps others.
#android #signal #messaging #encryption #privacy #security #floss #opensource
Very interesting article on how hard it is to get encryption and trust right. There is no silver bullet it seems, we can only strive hard.
WhatsApp - and pretty soon Signal as well - are the prime example of an industry turning End-to-End Encryption into a hollow marketing phrase that doesn’t mean anything.
#xmpp #omemo #conversations #signal #whatsapp
Talk by freelance journalist Hanno Böck (Golem, Süddeutsche, Zeit, taz) about the ongoing feature race between closed services, such as Signal, and federated ones, like XMPP.
While Signal technically is free software it doesn't feel like free software.
You can change it, but then you're no longer welcome in the Signal ecosystem and can't send messages to other Signal users.
#xmpp #jabber #signal #33c3 #freesoftware #federation
However building communication systems on the Internet, if we don't want to come back to telecom PSTN monopolies then we have to fight against technologies that build gated communities.
#signal, no matter how many good contributions they made (free software crypto messaging lib), they still build gated communities, and who know if OWS can be bought by FB or Google someday....
Using hybrid free software that rely on distributed and federated (self-hosting) systems will enforce much better data privacy, ownership, and interop.
As said several times here, it still relies on phone numbers and centralized non-free servers, so I will maintain that #signal is a popular step towards safer communications, but we (hackers, crypto anarchists, developers, infosec people) won't stop here. Smart balanced p2p/federated protocols must be the way to think about communications to let anyone self-host of become an active peer in the network.
(Título original del artículo "Wrong Signal" que creemos interesante para activistas y por lo que traducimos completo a continuación.)
The IT group of the CGT translated this into Spanish.
Die Informatikgruppe der CGT hat eine spanische Übersetzung des Signal-Artikels angefertigt.
#signal #xmpp #Español #omemo #activismo
#signal is a better solution from #whatsapp or #skype, but as has been said, still supports PRISM friendly companies, even indirectly, it supports them as they force you to use GCM. (I haven't tested microG though) but building solutions out of companies like Google is a real feature when it comes to freedom of communications.
Sure OWS is a small team and I thank them for their great contribution such as the free and open code that is packaged as a lib than anyone can use in their comm. project. This is significant contribution. But I also thank freedom to not rely solely on #signal because it would then be wrong.
Federation and other problems will be tackled afterwards
Yes and probably by other people. Fighting against gated communities is a real challenge but hey... we love challenges right ;)
But where to go?
There are different project ongoing and we need time, experiences, support to converge to a better solution, and yes it is hard. We know we need to protect metadata, we need p2p/federated integraton, self-hosting support, geolocation privacy protection : some form of anonymity.
This comes even from the fact that currently mobile phones communication-protocol-wise are not built for privacy, and we also have to work on that. Pressure to design mobile phone network which supports much better the privacy of users is quite important in a world where data collecting business is such ubiquitous. Sure this won't be solve just tomorrow, but must be solve in progress to find a solution that is better than what we have now. Again some mesh networks over ip help experience with that and help to go in that direction.
To answer you : there is no wonderful solution for now, and there are priorities users must select when using a communication system.
Sander Venema: Why I won’t recommend Signal anymore
One of the things I do is cryptography and infosec training for investigative journalists who have a need to keep either their sources and communications confidential so they can more safely do their work in the public interest. Often they work in places which are heavily surveilled, like Europe, or the United States. Ed Snowden’s documents explain a thing or two about how the US intelligence apparatus goes about its day-to-day business. They sometimes also work in places in the world where rubber hose cryptanalysis is more common than in say the U.S. or Europe. Which is why crypto tools alone are not the Alpha and the Omega of (personal) security. This requires careful consideration of what to use when, and in what situation. One of the things I have recommended in the past for various cases is the OpenWhisperSystems’ app called Signal, available for Android and iOS. In this article, I want to explain my reasons why I won’t be recommending Signal in the future.
To be clear: the reason for this is not security. To the best of my knowledge, the Signal protocol is cryptographically sound, and your communications should still be secure. The reason has much more to do with the way the project is run, the focus and certain dependencies of the official (Android) Signal app, as well as the future of the Internet, and what future we would like to build and live in. This post was mostly sparked by Signal’s Giphy experiment, which shows a direction for the project that I wouldn’t have taken. There are other, bigger issues which deserve our attention.
#signal #voip #privacy #security #cryptography #crypto #google #android #apple #ios
Earlier this year, the FBI served Open Whisper Systems, the creator of Signal, a popular end-to-end encrypted messaging application, with its first criminal grand jury subpoena. On Tuesday, Open Whisper Systems and its lawyers at the American Civil Liberties Union successfully challenged a gag order forbidding the company from speaking about that request.
That's one of the problems with a centralised system, all the metadata is collected in one place and may be retreivable by authorities or other with power to request it.
It this case, Open Whisper Systems barely had any subscriber data to give to the FBI. They responded with two pieces of information for one of the phone numbers: the time that the Signal account was created and the most recent date that the user connected to the Signal server. The other phone number did not have a Signal account associated with it.
Other messaging services routinely store more information about their users, including the IP addresses they use to connect to the service, their contact lists, who they sent messages to and when, and often the content of the messages themselves. When those services receive similar government requests, they could be legally compelled to turn over that information. Open Whisper Systems designed Signal to log only the bare minimum information necessary to operate their service, specifically to avoid being put in that position.
This also shows that it is possible to design your systems in ways that don't expose more data than what's needed. OpenWhisper Systems seems to have done their job properly here.
#signal #encryption #fbi #privacy #security
Resisting the centralization of network infrastructure
https://lwn.net/Articles/697398/ Keynote by Mr GnuPG Werner Koch at GUADEC 2016:
Today, the new attempt is Keybase.io, which many users like for its convenience (linking PGP keys to social media accounts). But it fundamentally violates the end-to-end privacy principle of PGP by binding keys to privacy-invading services. Periodically, he said, proposals pop up to implement "validating" PGP keyservers—but none of them work in a decentralized fashion. He urged users to stand up against all attempts to centralize PGP.
Finally, he looked at federation in general. Mail servers have more and more difficulty interoperating, he said, and XMPP has "lost its track" and is being replaced by centralized systems like WhatsApp and Signal. He encouraged developers to make federation a priority and to design for it from the beginning.
Note: If you are not subscribed to LWN, you cannot yet read the article, but it will be open in one week. Be patient, the article is worth it. Or subscribe to LWN, they deserve more subscribers!
#decentralization #federation #gnupg #openpgp #xmpp #signal #keybase #keybaseio
microG is a #freesw #replacement for #GooglePlayServices
Heard of it for the first time: https://lwn.net/Articles/681758/ (via https://hckrnews.com).
#microG #floss #FreeSoftware #libre #replicant #CyanogenMod #osm #openstreetmap #blackphone #signal #libresignal #nogapps #mls #mozillalocationservice #matrixconsole
(Seems also to be actively maintained.)
#secushare #psyc #gnunet #youbroketheinternet #p2p #peer2peer #peertopeer #distributed #decentralized #federated #federation #network #SocialMedia #RetroShare #twister #tribler #tox #cjdns #cryptocat #signal #bitmessage #briar #ricochet #pond #mumble #pgp #otr #xmpp #irc #tor #i2p #dht #prism #faceboogle