Comment by tptacek
6 years ago
It's fine, but you should know that pretty much everything Moxie and Signal talk about contrast sharply with Wire. For instance: last I checked, Wire stores your entire social graph on their servers in a database --- effectively forever, Wire stores a plaintext log of everyone you've communicated with.
To be fair, since there is no remote attestation possible for the Signal servers, and you realistically can't run one yourself, you only have their word that they don't store any of that information.
This is similar guarantees that a lot of other chat and VPN companies offer. Personally I would consider any information given out to a company non-secret, especially to those operating outside my jurisdiction.
> You only have their word that they don't store any of that information.
No, we have the fact that they don't collect it in the first place. The whole point of the Signal design, reflected in the published source code, is that the server doesn't need this type of information and so it isn't sent to their server at all.
As Thomas explained this takes a bunch of extra effort in the Signal design, hoop jumping that normal users will never appreciate. Moxie believes this is worth doing, although I think people's constant cynicism is gradually wearing him down or maybe that's just the jetlag.
If you tell me and Alice and Bob your real name, and then it's leaked to the press, I guess I sympathise if you distrust me as a result even though Alice is a famous gossip.
But if you only gave Alice your name, and then you distrust me because she sold it to the press that makes you a crazy person. "It could have been anyone". No, it couldn't, it was Alice. She's the only person you gave it to.
The difference is that Signal's competitors are designed in such a way that they have to keep this information, and Signal has delayed key features, like user profiles, until they've managed to create designs that don't have these restrictions.
So the logic you're using here is essentially: "since we have to take Signal's word for some part of this, we might as well use services that promise the exact opposite". I don't find that argument persuasive, but you do you.
Not all Signal alternatives store user information on servers. Threema for example has fully decentralized groups and even decentralized profiles (while Signal uses encrypted-but-centralized profiles, and their new Private Groups system moved from decentralized to encrypted-but-centralized as well).
There's no reason to caricature anyone's arguments here. Why the antagonism?
1 reply →
Maybe I'm misunderstanding what you're trying to say, but remote attestation is in fact exactly what they're doing with their contact discovery: https://signal.org/blog/private-contact-discovery/
SGX is crypto that is already exploited and broken, it offers no real use in this context.
Oh, and I forgot, you do need to essentially blindly trust Intel.
3 replies →
On the other hand, Wire lets you look at their server code, I assume there's nothing stopping you from hosting your own server.
What source code does Wire let you see that Signal doesn't?