This is making the rounds re: Signal being run by activists of the US state dept for regime change


https://www.city-journal.org/article/signals-katherine-maher-problem

@feld

U.S.-supported Color Revolutions abroad.

This is 100% Russian propaganda language and the whole article is built on this narrative 🤮

@kravietz You cannot deny that Signal's funding came from the Open Technology Fund which came out of Radio Free Asia which was operated by the CIA. This is a fact.
@kravietz this is the response everyone has, and then 25 years later when all the documents go public revealing how deep and nefarious the relationship was everyone goes "how could we have not known?????"

@feld

The problem is that the article does not point to any specific surveillance or backdoor issues in Signal code which, as we all know, is open-source. It does not even point to any specific legal or organisational issues which could lead to tampering the software. And because the author does not have any such arguments, the whole premise of the article is built on top “look, she worked there” and the rest is left to the reader and their personal paranoias 🤷

And these references to “regime changes” and “color revolutions” only confirm author’s own political bias and highly insulting to everyone in these countries where people fought for their own freedom.

Adding Durov’s quote on top of that is rather ironic, as the messenger is known to cooperate with FSB requests and completely opaque as it comes to its operations and server-side code.

[Telegram] is known to cooperate with FSB requests

Source?

Follow

@Hyolobrika @kravietz @feld
Not what you ask for, but my reason not to trust it:
social.librem.one/@m0xee/11252
No hard proof, it's only indirect, but after that PR-stunt campaign of attempting to block it and failing to do so, Telegram is one IM that I, being Russian, trust the least.

@Hyolobrika @kravietz @feld
To be fair — I don't trust Signal either, anything that uses phone numbers is a hard pass in my book as I can never trust cell carrier in Russia.
But double-ratchet that was pioneered in Signal was adopted in Matrix, XMPP with OMEMO and plethora of other messengers, there is no reason to use Signal itself 🤷

@feld
Yes, I'm aware of presence leak in multi-user rooms, I think this existed for years — would be great if they fixed that, but I'm not really concerned as I'm not using them 🤷

Aren't private chats in Matrix basically encrypted multi-user rooms between two people?
I ask because you can easily "upgrade" a two-person room to a multi-person room.

@Hyolobrika @feld
They are, but whom would it leak the status to in this case? There is your server and the server the other party is on — both are already aware of your presence 😆
The way I understand it, it sends out your status to all participants of group chats even to the sessions that no one verified explicitly or implicitly — if one of the participants is compromised, it could be used to track when you go online.

@Hyolobrika @feld
The problem was already blown out of proportion as it is, but in case with 1 on 1 chats it's not even relevant.
Besides, I think they have already implemented a "sort of" fix for that: "Never send encrypted messages to unverified sessions in this room from this session" in room settings is just that, but it's not perfect as you have to enable it for each of your sessions individually.

I don't really see how it could be fixed in any case. How can you send a presence notification to a participant in a chat without also notifying the server they are on? Even if it's encrypted it will still indicate that you are online.
Or is the problem that notifications are being sent automatically without the user's knowledge?
Right. I was thinking about the bug mentioned in the gist that room joins are unauthenticated and therefore a server can maliciously add users to spy on the participants.
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml