First of all, thank you moxie and signal team for this proxy.
Until 2018, many Iranians used telegram but Iran's regime after Russia blocked this messenger. telegram released mtproxy and this proxy was helpful. Russia lifted the ban on telegram but this app is still blocked on my country. but with VPNs, many iranians still use this app. after 2018, second most popular messaging app in iran was whatsapp, until facebook's new privacy policy, like all of you, many iranians switch from whatsapp to signal. mullah's regime removed signal app from the iranian app stores and started blocking all signal traffic in the country, but they don't block whatsapp. I'm not a paranoid but it is difficult to understand for me why they didn't block whatsapp after 2018? can they break whatsapp encryption?
I have a suggestion for signal team: please put tor in the signal, tor is better than any proxys or vpns.
I just set up one of these Signal proxies. Hope it helps you and others in your country communicate freely and safely. [1]
Regarding Tor: if you want a Signal-like app that uses an onion router look at Session. [2]
It uses the same encryption protocol and very similar UI to Signal but routes all traffic through the Loki network so your traffic passes through three nodes. It is an onion network like Tor.
One other benefit of Session is the lack of metadata inherent to its design. No phone numbers or even usernames are attached to your account. You get a set of characters that looks similar to a bitcoin address and a QR code to make sharing it easier.
Of course this lacks the convenience of Signal but it’s as hard to block as Tor.
I mentioned it because it has a seamlessly built in onion routing protocol. I read further down the thread that Tor is blocked in Iran, but I’m guessing the same is unlikely to be true of Loki/Oxen simply because it isn’t nearly as well known.
The lack of metadata is also quite a unique selling point in my eyes. There’s a million encrypted messengers now sure. How many automatically connect through an onion router with zero config required and don’t require you to create an account at all, but instead assign you a random ID disconnected entirely from your phone number, email, and other personal identifiers?
It’s certainly an option to consider is the only thing I’m saying. Tor was mentioned so Session popped into my head for the reasons mentioned above.
Regarding PFS. They currently implement the Signal Protocol. Session is of course FOSS so anyone can check this. Your source does say they’re planning to fork it as the Session Protocol later this year so it integrates with their network more easily. But that’s an upcoming, unfinished project. To be honest I don’t know much about it as it’s still in development. I do know that currently Session uses the Signal Protocol through an onion router without the need to so much as create an account.
And yes the network itself is a bit of a convoluted idea that tries to do many things at once, but the fact they run on a blockchain means they already have a lot of nodes set up in different countries around the world through which to route traffic, and the reason they could build a decentralised network quite quickly despite being a relatively young project is they incentivise those node operators with cryptocurrency.
Because it is a young project they are still undergoing audit yes. This is absolutely something worth noting. It’s a relatively new project. It’s no longer in beta, but nowhere near as well established as Signal. However it’s precisely because of this it’s unlikely governments are bothering to target it yet.
Jami and Tox are completely decentralized messaging systems.
They are not directly associated with "blockchain" buzzword as well so they have that going for them, too.
Jami uses git and TLS to implement E2E encrypted chats.[1] That doesn't sound all that secure to me. I'd feel much more comfortable using a fork of Signal with an onion router.
I don't get the prejudice some have against blockchains either. It's not even like this is Keybase where they shoehorned a crypto wallet into the app. They do have a wallet but it's a totally separate application. Session is purely a messenger and nothing else, you'd have no idea a blockchain was involved at any part of the backend if you weren't told about it.
I have played around with Tox and it's a cool project, but it's been in beta since 2014 and is not well optimised for mobile at all. I don't think it'll go very far personally.
Looking at the technical writeup [1] it sounds like they're currently running a hybrid of the two as they do a staged rollout of the various changes they've made to the Signal Protocol.
But yes you are correct it looks like they're justifying ditching PFS by saying "if someone has your keys you're screwed anyway."
However they're not just stripping away security outright, it's more that they're betting on onion routing to cover the user instead - no one who is sniffing traffic on your WiFi network will be able to get your keys because the traffic is routed through the onion network, therefore the only way anyone would get those keys is by pwning your entire device or having physical access to it while it's decrypted which, as they note, is endgame no matter what messenger you use.
I don't necessarily think this is smart as it's best to not put all your eggs in one basket especially where security is concerned. But given all traffic goes between 5-7 nodes [1] the scope for someone without remote or physical access to your device to get your keys is extremely limited assuming their onion network is as secure as they claim.
As for deniability, they sign the message with the long-term keypair, but once the message is validated this signature is wiped. So again it pretty much comes down to relying on their onion routing to ensure this signature isn't intercepted in transit.
Finally I think it's relevant Session is really designed for a different use case than Signal - since your ID is not connected to any personal identifiers, you can wipe it whenever you want and get a new ID that has zero cryptographic connection to the old one. So while there's no ratcheting of keys, the intention isn't really for someone to stick with the same account for years like it is for Signal where your account uses your phone number as an identifier.
I'll wait for the results of the audit, if they come out and say Session is fundamentally flawed I'll happily concede. I have zero ties to this project aside from finding it useful for particular use cases. My prediction is the initial audit will find some potential vulns as they roll out more of the Session Protocol simply because it's a new fork. Probably why they're getting the audit done now. That's the responsible move when forking a crypto protocol it seems to me.
I maintain that for people who want a messenger that knows as little about them as possible, doesn't rely on a personal identifier, and connects to an onion router reliably (by comparison, using Tor on mobile is... not a good experience) it's at very least an interesting project to watch even if it still needs time to mature.
My only annoyance with the crypto currency is that it doesn’t have a good UX yet. They have stated before though that Session will always remain free for everyone. I think compensating node operators in some capacity makes sense but if it’s not implemented well, node operators feel a bit screwed over.
Regarding your footnote #2 about PFS, it said this (among other things).
> In some theoretical scenarios, these properties do protect users; however the utility of these protections in real-world scenarios is often more limited in scope than might be expected. We must also consider that these safeguards are offered at the expense of additional complexity, decreased account portability, and multi-device limitations. These protocols were simply not designed to be run over a decentralised network.
I have to say, I’ve considered the utility of it myself. It seems to me that I’m far, far more likely to have my chats compromised through my chats being stored in plain text on my devices than in a technical scenario that PFS could have prevented. What do you think?
> My only annoyance with the crypto currency is that it doesn’t have a good UX yet. They have stated before though that Session will always remain free for everyone. I think compensating node operators in some capacity makes sense but if it’s not implemented well, node operators feel a bit screwed over.
Preface: i've been in it since 2011, but I entirely agree. It's still too complicated for most users, but we as community have gone a long way from where we were 10 years ago, so we certainly have blinders as to where to improve upon.
Could you specify what it is specifically that makes the overall UX so disappointing? I ask because I think we are now entering a phase of on-boarding a lot of non-tech people onto BTC network as payment settlement networks and other misc financial services, something I already have personal experience with, but having a tech person lime these out would be a tremendous help.
I haven't played with their crypto wallet honestly so I can't provide any kind of informed opinion on it. It's a fork of Monero, but Monero is more widely accepted. Although Monero's wallet has a terrible UX too so if they've forked their wallet too, that'll be why.
Session has a pretty nice UX though, better than Wickr which has been around longer, although not as refined as Wire. It's pretty much a more barebones Signal without phone numbers as far as pure UX goes. It should follow the system setting for dark mode though. No idea why it doesn't.
> I have to say, I’ve considered the utility of it myself. It seems to me that I’m far, far more likely to have my chats compromised through my chats being stored in plain text on my devices than in a technical scenario that PFS could have prevented. What do you think?
To be honest I agree. It's always good to have layers of security in case there's an exploited vulnerability in one. However, it seems pretty far fetched that someone with the ability to pull off a successful attack to grab your keys in the first place is going to be stopped from grabbing past messages by PFS.
If they've got your keys they've either cracked the layers of encryption that protect them in transit (highly unlikely) or they've pwned your device (much more likely). If they've got remote code execution on your device PFS isn't going to make any difference to anything. As you say, messages stored in plaintext is a far bigger real world risk.
This is why I always have disappearing messages on. That makes me feel safer than PFS. At least then in the worst case scenario past messages simply aren't there in storage.
To put it another way, if I had to choose between disappearing messages and PFS, and I could only have one, I'd choose disappearing messages.
And it does also seem to me less like they're removing security, more like they're relying on a different form of it. They're having to strip PFS to make the protocol work reliably on their onion network. The fact all my traffic goes E2EE through 5-7 nodes, as per the technical description, should provide a strong level of protection against any traffic sniffing threat model assuming their fancy new way of doing onion routing is as secure as they say.
It seems to me that's what it really hinges on. As long as their onion router is actually secure, the E2EE messages are going to be secure in transit.
The biggest risk then would come back to unpatched exploits or 0days in the OS or side channel attacks in Session itself. That's how most attacks on messengers succeed after all, not by complex attacks on the crypto protocol but through side channel attacks in the application or exploits in the underlying OS.
Interesting tidbits I'm reading about different chat apps targeted for privacy and security. On a related question, how do you rank the various prominent apps like Signal, Telegram and Whatsapp on their cryptographic security measures?
>Abandoned perfect forward secrecy and deniability...
I suspect that is the future for encrypted messaging. Pretty much everyone ends up keeping their old messages around thus negating the value of forward secrecy[1]. Deniability ends up being just some forgability scheme in most cases[2].
So the benefit of those features turned out to not be worth the extra risk of the added complexity.
I don't understand the point of reinventing many wheels. Why not build a friendly chat app on top of established onion routing protocols (Tor/I2P), or add your own onion routing backend (proxy) to established federated chat apps like Conversations, which already has perfect Tor integration for Jabber/XMPP over .onion servers?
Also, Session is promoted as a non-profit project, but following links around about LokiNet and Oxen you find out about a blockchain-based cryptocurrency, which is known to be an anti-pattern on many levels (though they use Proof-of-Service not Proof-of-Work which is slightly less worse).
Finally, Session appears to be free-software (good), but is not distributed on F-Droid, the only privacy/security-friendly app store for Android. They encourage you to download random APKs from Google Play (which requires Google Play Services malware and a google account) or Github (owned by Microsoft, though i note they sign checksums with PGP on Github so it's safer to download from there than Google Play, even though they don't provide instructions on how to verify signatures). On F-Droid, they could either have F-Droid build/distribute the package with Fdroid's PGP key, or open their own F-Droid repo with their own PGP key (like Newpipe did), or both.
I really appreciate their communication around dissent and the need to protect communications to help the people against their governments. However these three points i just noted are really shady to say the least. I understand they need to please investors to put money in their fridges, however trying to mix for-profit incentives with non-profit services to the communities is always a dead-end.
I think you mean the phone vendors, as they are the ones holding the unencrypted chat history in the users cloud storage. Facebook themselves do not have access to the chat logs (unless they are compelled to inject keys).
They could literally have a hidden function in WhatsApp that scoops up all your chat history and sends it to Facebook if the government ask them to. It’s closed source. No one has a clue what it’s doing.
To be clear I’m not suggesting this is absolutely happening. I’m merely pointing out it’s entirely possible from a technological perspective given it’s closed source software owned by Facebook. That’s not a recipe for privacy.
To be clear about the threat vector, there's also nothing stopping signal from doing the same if they wanted to. Its impossible to tell if the version of signal you download from the app store is unmodified from the code you can find on github. I trust signal more than I trust facebook, but if you use signal, even though its opensource you still have to trust them not to put anything funky in the binary they upload to apple/google.
I'd love for iOS and android to add some sort of OS-level application hash or something. "This app was compiled with xcode version X / llvm version Y with this set of options. The resulting binary hashes to ZZZ". That way with the source code you could verify that the binary on your phone is unchanged.
(Another approach would be to get apple / google to do the compilation themselves from the project on github. If apple builds my project, they could put some signed metadata in the bundle saying "We (apple) compiled this from git SHA XXX")
Reproducible builds do not help to determine if the version you download via the Play Store (or, for those on enterprise devices, any pre-installed corporate stores) is the same as you build - Play Store presents no real means to verify that. This includes any auto-updates if they are enabled.
It's an issue with Play Store as a delivery channel, the individual app in question can't do much about that.
Reproducible builds help if you:
- download the APK separately (includng from the Signal website, or some of the other sources)
- install the file locally via sideload
- disable updates (!)
This is very true. Reproducible builds for mobile apps would be far superior. You can build Signal from source for Android if you wish, although obviously this is a massive pain to do for each update, there’s absolutely nothing stopping you from doing it.
On iOS it's a lot more difficult to get the required certificates from Apple but you can run your own build in Xcode and deploy it to your personal device if you are a registered Apple developer.
While reproducible builds are obviously the gold standard, for apps you install from the Play Store or the App Store, developers sign the apps that get distributed with their own private keys. As Google and Apple don’t have access to these it should be verifiable that the apps are not tampered with.
There is an exception here with the Play Store, where there is an opt-in option for Google to sign the app on your behalf [1], but I think we can safely assume Signal are manually signing with their own private keys.
In any case it's easy to just grab an APK from an Android device and check signatures for yourself.
For iOS though, no surprises here it’s locked down. Although from what I gather reading Apple’s security documentation, it confirms that apps must be signed by developers with their private keys. [2] But unlike Android there’s sadly no way I can tell for the user to independently verify this without jailbreaking.
But ultimately, short of building each version yourself, all this is moot if you distrust the developers.
I spent a few hours trying to get a local build of signal-ios working a few weeks ago, in order to write a PR fix a bug with lost voice messages. The xcode project uses a plethora of device entitlements I'm not allowed to have (since I don't have the proper signal signing key). Even after a couple hours of tweaking to get it building and deployed to my device, its currently crashing on startup because it can't access some special signal local device store.
You can certainly get your own build working (without notifications and other features). But personally I found it prohibitively difficult to do so.
I think you will have a problem when it comes to push notifications. I doubt a local build would be able to receive push notifications addressed to App Store builds.
Reverse engeneering is a thing, though. I would think, there is fame to be gained to show such a behavior from whatsapp, so some hackers could feel motivated to do this from time to time.
Absolutely. Of course hackers are reverse engineering WhatsApp, that's how all those nasty exploits it has keep getting sold to governments by the NSO Group.
But reverse engineering is a skill in itself and modern day smartphone OS's use a lot of code obfuscation when apps are compiled. This effectively means even those talented hackers are going through the reverse engineering process pulling at threads until they get lucky.
Reverse engineering (in this context, at least) doesn't just show you the code as the developer wrote it. And FB hires a lot of very clever people including cybersecurity experts who could sneak these things in using innocent looking code scrambled around the app. Even open source projects are at risk of having backdoors put in that pass review and simply look like innocent bugs if they get discovered, let alone closed source apps that have to be reverse engineered.
Again not going conspiracy nut and saying that's what FB is doing. Just saying it'd be very easy for FB to hide it if they were doing it.
To me the biggest confirmed weakness of WhatsApp is the cloud backups. E2EE is pointless when the message database is synced up to iCloud or Google Drive. WhatsApp even tells you this itself. When you enable cloud backups (and they keep bugging you until you do it) it literally tells you the backups aren't secured by E2EE. [1] Because, well, of course they aren't.
The same is true of Signal in most practical ways. You can only run it on platforms that are fundamentally closed-source (either iOS or Google Play Services), so there's no reason to believe the RNGs it uses (and therefore all your session keys) are not backdoored. And you can only install it through official app stores where it's difficult or impossible to inspect what binary you have or "pin" a given version. So I don't see that it's meaningfully more secure than WhatsApp.
The mere fact it hoovers up less metadata alone makes it more private. I also trust the developers more way way more than I trust Facebook. That's a personal preference though and if you trust WhatsApp and don't mind that it leaks contacts and other metadata to Facebook to profile you then use WhatsApp.
If I wanted to I could install a fork of Signal that doesn't require Google Play [1] and run it on any non-Google Android build. I would do if it wasn't for the fact I'm currently using an iPhone.
I see that Signal no longer depends on Google Play Services specifically. However it's still the case that it depends on proprietary Google code (it just includes that code in its own APK now) and still can't practically be installed without auto-update (again, it just includes that in its APK).
The "proprietary Google code" is a library with a well defined API, you can see what it has access to. I agree that Signal should take it out, but it's not an especially big deal from a security perspective.
The auto update functionality just tells you that an update is available, you can choose not to install it. You can also independently verify that the sha256 sum matches the one given on the website, and that the binary that sha256 sum corresponds to is produced via the reproducible build instructions. There are occasional bugs (I'd estimate a couple times a year, though it's less and less frequent) that causes the reproducible build to not match the provided build, and it's quickly noticed by someone and an issue opened in the issue tracker. If there were no explanation or no quick resolution, people would publicly raise a stink about it.
Sure, but that's an unrelated phenomenon to the security implications being discussed. The argument against auto-updates is "it's running code without my permission or ability to audit first"; putting a recency requirement for client-server communication doesn't impact that concern, and I don't see any reason why it would be considered a bad thing.
> The argument against auto-updates is "it's running code without my permission or ability to audit first"; putting a recency requirement for client-server communication doesn't impact that concern
It makes it impractical to actually audit the code you're running, because you're forced to re-audit on Signal's schedule. And it makes those audits mostly meaningless: what are you going to do if you decide a given code change is suspicious? You can't keep using the version of the code you were happy with, so you'd better have a plan in place for moving off Signal quickly - but in that case how much can you gain from using it at all?
Well, WhatsApp client does have access to the unencrypted chats.
Not saying this happens, one possibility can always be to send encrypted traffic to WhatsApp servers while opening a second unencrypted channel to govt servers if a govt asks for it.
These blocks tend to be reactive, so if a blocked app starts using Tor, Iran will block Tor fairly quickly. So in return for a short-lived regain of the use of Signal, all of Tor gets blocked.
This proxy arrangement is better because folks who start them tell their friends in Iran, who tell their friends, but it isn't listed publicly, like most Tor entry nodes are. When the authorities find a proxy and block it, they only disconnect a subset of Signal users, who hopefully have other proxies they've learned from other friends or friends-of-friends. So now the blocking is trying to put out a thousand small fires that they have to find one-by-one.
<I have consulted for the Signal Foundation in the past, but not recently and haven't talked with anyone there about this>
No, it's the opposite—if Signal wants exit nodes, they obviously won't block them. It's the entry nodes that need to be blocked. Some are easy to find, but others require you to send an email from a unique email address from a trusted provider to get lists of IPs.
I'm surprised Tor isn't blocked, since it's pretty easy to block it, but if it's not, you can always tunnel your entire phone through Tor, which would include Signal. Do keep in mind, that depending on your threat model, you might want to separate your apps across multiple devices or at least accounts (I mean like Android user accounts), so only some go through Tor (see the Silk Road case for why), but that also equally applies to VPNs.
I don't remember what it's called, but I think the app is official by the Tor devs and basically makes a local VPN that your phone connects to and then forwards all traffic through Tor. It was on F-Droid last time I checked.
I looked into the Silk Road story again and it looks like I was misremembering how they caught DPR, but splitting your "personally identifiable" and other browsing is still a good idea.
Let's say you use the Tor browser to browse some regular (non-Tor) site that is illegal in your country for whatever reason. But let's say you then remember you still haven't paid your taxes so you open a new tab and quickly go do that. But you're still in the Tor browser, so your e-banking traffic is going out the same exit node as your "illegal" traffic. Now, anyone that saw both of those things come out of the same node can conclude that it's somewhat likely both were done by the same person. If that someone is the government, they can get access logs from your bank and see which account was accessed by the exit node's IP. The more times you do this, the stronger the link between you personally and the illegal site is.
Of course, doing your taxes through the same Tor session is something most people would know to not do, but if your entire device is tunneled through Tor, you no longer have a say in what data it leaks. Your banking app probably sends requests periodically in the background to check for updates or whatever, your email client syncs your emails, etc. If any one of those services can be coerced by your government (and chances are they can) then whatever illegal things you do in that session can be loosely linked to you. I say loosely, because there are many people on one exit node, but the data points start adding up after a while (and depending on the insanity of your leaders, just being on the list of candidates might be enough to disappear you).
As for how they would get that metadata in the first place, there are a few ways. The exit node might be under their jurisdiction, but since we're talking about bypassing censorship, it certainly isn't. They could also have compromised the "illegal" server (hacked/coerced/honeypot...), in which case it's just a matter of cross-referencing the site's logs with anything they can get their hands on (and if the government is authoritarian enough, they probably already have access to a lot). The last option is compromising the exit node, which is also not impossible. There's nothing stopping your government from setting up a thousand Tor exit nodes and logging all the metadata. If you're constantly running Tor, chances are you land on one of their exit nodes eventually.
DISCLAIMER: the above was probably a bit too paranoid, but as I have zero experience hiding from an authoritarian government, I'm not in a position to judge how much paranoia is justified. It's entirely possible that none of this applies because your specific adversary doesn't employ these specific de-anonymization tactics, but that is something you need to know for your specific situation. I assumed an "everything is fucked" threat model here, but yours might not be as severe and other types of mitigations might be more appropriate.
> Let's say you use the Tor browser to browse some regular (non-Tor) site that is illegal in your country for whatever reason. But let's say you then remember you still haven't paid your taxes so you open a new tab and quickly go do that. But you're still in the Tor browser, so your e-banking traffic is going out the same exit node as your "illegal" traffic.
That isn't how Tor works. Tor creates a new circuit for each new host you connect to, and they also create new circuits for the same host fairly regularly (every 15 minutes I think) -- both of which are done specifically to avoid this precise attack.
I also don't have experience dealing with an authoritarian regime, and there are many more aspects to OPSEC than just using Tor (after all, Tor doesn't look like normal internet traffic unless you use obfuscators -- so an authoritarian regime can just target all Tor users, which is why having Tor be used by more people is important for improving anonymity). But Tor has already dealt with obvious attacks like the one you outlined.
Honest question: Is using Tor not a risk by itself in Iran? I wonder if this doesn't pop up under surveillance mechanisms as conspirative behavior and may trigger focussed surveillance, which is hard to get out of.
But maybe so many people in Iran use Tor that it's not very outstanding to use it? I remember there were stats on that published on the Tor Project Website...
Edit: To answer myself after 5 minutes of thinking: Of course there are bridges, too. I guess they don't appear as suspicous as regular entry nodes?
Not the OP but, I can confirm that iMessage works perfectly in Iran; However, because of both economical situation (inflation and the higher price of iPhone comparing to average Android phones) and the fact that local companies cannot release their apps on the AppStore, only a small portion of people use iPhone or in this case iMessage.
I’m not Iranian, but I spent a lot of time over this for a friend.
iMessage works ok once you are able to activate it.
But Apple insists on contacting “init-p01md.apple.com” with plaintext HTTP, this sometimes connects successfully, but often it doesn't.
I'm a big fan of the idea of independently-run proxy servers.
Caddy has a secure forward proxy plugin born out of a research project at Google that does something similar, but works with any clients that let you configure HTTP proxies, and doesn't terminate TLS: instead it tunnels it over TLS. The proxy server itself can also be probe-resistant, i.e. difficult to detect that a website is acting as a proxy.
(Edit: Disclaimer - Don't use this in situations where your personal safety or freedom could be at risk... not yet. Not until more people with more experience can vet its implementation for bugs, and a very clear threat profile can drawn up. If you have experience with this, we'd love your help.)
reason why i have a general disregard for technologies that are based on some sort of "link" AFK, phone number or the stupid facebook real name policy. this is as of today being used to crack down on dissent. what you are saying is true but https://thenextweb.com/in/2020/01/08/kashmirs-police-want-pe...
when you have your govt do this, how can you keep your signal account private? your phone is already listed. isnt it? cant the police see if you are on signal and if online means you are bypassing them somehow regardless of what you might be saying?
> how does something like this work against DPI? i guess not great?
No, it's pretty good. Think about it: all DPIs can see is an ordinary https connection. Since the traffic itself is encrypted, to discriminate this from normal web browsing the DPI device can only depend on metadata. Classic moves are:
1. Packet length pattern for TLS-in-TLS.
2. TLS fingerprinting.
The first could be defeated by adding padding to the first few packets of each of your connections. [1]
The second.. someone built a socks5 <-> https CONNECT proxy client [2] out of Chrome's codebase, which means it shares all the fingerprint with Chrome and you really can't tell.
Does this use TCP over TCP (painful in the face of packet loss[1]) or can you do something like using QUIC for the forward proxy to try to avoid breaking the tunneled TLS connection's retry timers?
It looks like a normal HTTP proxy supporting CONNECT (i.e. TLS over TLS), which wouldn't suffer from the problem you mention.
Note that TLS over TLS is _not_ the same thing as TCP over TCP. TCP over TCP is usually only a problem for VPNs or something similar (i.e. anything that sends raw IP packets over TCP).
Http3 support is being talked about in an issue (am mobile so no link for you right now) but the first priority -- pending dev resources -- is to merge the v2 PR and vet for bugs.
It's an irony how American companies try circumvents another country's law (regardless of whether you call it censorship or not, it is still a law) and boast about it.
Yet, in the US these companies help the mainstream narrative to enforce censorship by banning (Google and Apple App market) or simply not offering other point of views basic hosting services (AWS).
I am an Iranian and don't agree with all of our government actions but I can clearly see a tech neo-colonialism/neo-imperialism here. I am sure Signal's intention and people wanting to help is genuinely good but this does not change this double-standard.
I would like to see your supportive reaction if an Iranian company offers hosting to Parler. I imagine you would call it foreign intervention!
"I would like to see your supportive reaction if an Iranian company offers hosting to Parler. "
This is a hacker forum and not a US foreign ministry praise board, even though it is mainly US based. In other words, I doubt the reaction here would be rage, if a iranian company would do that. Hackers usually are not in favor of censorship or information restriction.
There are certainly peoole here defending censorship, but the parent poster spoke like "we" would follow US geopolicy in general. And in general I don't see the majority here in favor of kicking out parler etc.
Rather the contrary. Anyway, by my tautological definition of hacker, no hacker would be in favor of banning a communication app, anyway, so ...
Censorship is the suppression of speech, public communication, or other information, on the basis that such material is considered objectionable, harmful, sensitive, or "inconvenient." Censorship can be conducted by governments, private institutions, and other controlling bodies.
Amazon, Apple, Google, Twitter, Facebook, etc. are multibillion-dollar corporations that control a colossal share of online communications.
Stong disagree. When a handful of tech companies that form an Oligarchy on modern communication decide to systemically oppress members of one political party, that's the antithesis of free speech.
Lets not pretend that this has anything to do with their political party.
Would you also say that tech companies banning ISIS is systematically oppressing members of one religion?
> that's the antithesis of free speech
It’s not. Companies enjoy freedom of speech too, but you’d force them to publish content they don’t want to publish. That’s the antithesis of free speech.
Fair enough, you have a good point. By, "you" I mean a tech person who is supportive of Signal action and is willing to setup a proxy without realizing that this is circumventing another country's law.
I agree I could have said it more clearly and less emotionally.
I describe my sentiment more precisely. By "these companies" I refer to entities or even individuals who take a very simplistic view toward this issue (Blocking of Signal by Iranian government).
In this simplistic viewpoint, issues in 3rd world countries (even this naming is condescending) are assumed to be evident. In this case an evil government versus oppressed people who can not even communicate with each other freely. So 'we' good people must help these poor people against their oppressive government.
This is in contrast to a much more nuanced view of the issues in the west. End-to-end encryption is a debated issue in the US and EU and legislators have proposed laws to ban it or enforcing other mechanisms to circumvent by law enforcement such as backdoors.
I mentioned the US as an example, because of Signal is operating under US jurisdiction. Moreover, the recent events in the US demonstrated that how a supposedly stable democracy is vulnerable to chaos. In this situation the tech companies decided to limit the communication of people or access to their platform for the greater good (according to them). I am not stating whether this is good or bad. I just want to point out that the issue is complex, nuanced and needs debate in the society. Keep in mind that the US is a superpower surrounded by two oceans and two friendly countries and has no serious external threat.
This is in contrast to Iran which is in a chaotic region and surrounded by the US military bases. It has suffered wars and coup in its recent history. It is currently under harsh economic sanctions with a possible goal of people revolting. The Iranian government has reasons to be paranoid and fearful that Signal can be used to organize violent demonstration. They cannot even demand information regarding criminal cases such as drug trafficking from these tech companies.
In the US the decision of giving access to tools and platforms is out-sourced to companies but in most part of the world governments make these kind of policies (again not necessarily good or bad).
I don't have a solution to these problems and I am not trying to say that we have an equivalence here. What I am expecting is a more nuanced and sophisticated perspective toward the issue.
> This is in contrast to a much more nuanced view of the issues in the west. End-to-end encryption is a debated issue in the US and EU and legislators have proposed laws to ban it or enforcing other mechanisms to circumvent by law enforcement such as backdoors.
It looks to me like you try to cloud your false argument in whataboutisms based upon a profound lack of knowledge:
> I mentioned the US as an example, because of Signal is operating under US jurisdiction.
The reason Signal is a good way to go is because this doesn't matter. Signal doesn't save any conversations they can hand over to the US (or other) government.
> This is in contrast to Iran which is in a chaotic region and surrounded by the US military bases.
Yeah, yeah I get it. We all do. US = bad but how does it change anything for the oppressed people in Iran we can help here? If those would have been people in the US, we'd be doing the same thing for them here in the EU.
> What I am expecting is a more nuanced and sophisticated perspective toward the issue.
A whataboutism and derailment of the issue is neither nuanced nor sophisticated. It's quite shady and ignorant.
Here is something you can do to help people out but instead of doing that, you try to build some weird case which actually helps the Iranian government.
Why are you in favor of sanctions on Iran? I've never really heard a good argument. It mostly tends to be "Well they say things I don't like that scare me, like Death to America" so very anti free speech type arguments.
Am honestly not trolling here although it will sound like it:
Can someone please explain to me why it's a OK to reconnect Iranians to Signal, but not Trump supporters to Twitter (the ones censored and banned by Twitter)?
Hi, glad to help. The answer is that it depends on what your values are.
If you want to reconnect people to twitter (a publishing platform) who have been banned for racist hate speech or inciting violence, and the laws in your jurisdiction permit you to do that. Then you can do that without going to jail.
If you want to reconnect people to signal (a personal communications tool) who have been disconnected from it due to reasons best understood by the Iranian government, an the laws in your jurisdiction permit you to do that. Then you can do that without going to jail.
It's really just a value judgement whether you consider giving a publishing platform to racists against the will of said publishing platform is a worthwhile activity.
And, again, it's just a value judgement whether you consider giving the right to privately communicate back to Iranians who have been, effectively, deprived of it by connecting them to a service which will willingly have them is a worthwhile activity.
Your values may differ from mine. And both my and your values could differ from the majority of HN users. My experience is that perfect alignments of values rarely, if ever, occur between any two individuals.
It goes way way beyond inciting violence. For example, Facebook recently shut down the page of Socialist Workers Party in Britain. Facebook suspended well known libertarian Ron Paul. Timer blocked links to the New York Post Joe and Hunter Biden exposé and locked accounts that shared it.
Thanks for pointing that out. Yes, sadly, it would appear that those are the values of Facebook and Twitter. Insofar as an institution like a corporation can be said to possess "values" anyway...
But let's just assume we both dislike the editorial policies of Twitter. A pretty safe assumption, I think :)
Will spamming Twitter via a network of TLS proxies do anything to change their editorial policy to something more preferable to you or I?
Will setting up a network of TLS proxies to Signal give Iranians access to Signal?
Perhaps the answer to those two questions will give some indication as to what the practical (and moral) differences are.
For my two pence. I think anyone should be allowed to use a phone for any purpose, and I accept that a tap-proof phone can be used to commit crimes. I don't think Osama Bin Laden should be able to take out a page in the new york times to give his hot take on his "hugely successful" WTC attacks. Don't get me wrong, I'm not saying that these examples map directly to the point in hand, but I am just pointing out that they are different media and the balance between freedom of speech and public decency are struck differently and that tactics for finding political solutions to censorship in each case might look different, too.
They're completely unrelated examples. I'll try to explain why.
Iran's (authoritarian, human-rights-abusing) government wants to prevent citizens from communicating with each other using tools that are resistant to interception by their secret police. HN supports the basic human right to privacy, and thus wants to help Iranians circumvent unjust laws or government actions.
White supremacists (who happen to support Trump, because duh) are being banned by Twitter -- a company, notably distinct from a government, and thus incapable of "censoring" anything. This prevents them from using Twitter's platform to publish hate speech and (arguably illegal, definitely unjust) calls to violence. HN supports the right of a company to decide who can publish content on their platform and agrees that it's cool to tell racists that they aren't welcome there.
So their government is blocking Facebook, Twitter, Youtube, Telegram, Signal, BBC, CNN, Netflix, and probably many other social and media platforms.
Meanwhile we are blocking Iranians to access Docker, Slack, Gitlab, Google Code, Github(Github until recently), Paypal, Apple Store, Play Store, AWS, Coursera, Adobe, Nvidia, AVG, Avast, Symantec, McAfee, Matlab!!, Oracle and many more.
It is not fun. Trust me. I am an Iranian and I used to sell VPN back in Iran when I was in high school. I had hundreds of users and I was threatened with prosecution and I left the country. Literally everything is blocked except government or university websites. On the positive side, you can Torrent as much as you want or download any music or hack websites and it is completely fine :)
I am not sure. I never had any problem downloading Torrent back then without VPN. I have been living in the U.S. for 12+ years. Things may have changed.
Spot on! This is the 21st century's version of being born into a poor African American family.
Jokes aside it's truely painful. I was lucky to have a job that got me out easily. Though it felt embarrassing when I was seeing everyone uses Docker and AWS extensively at my new job while I had never used them properly not because I wasn't smart enough but just because of where I born :(
No because mobile devices suck for P2P. Even on wifi and plugged in you likely couldn't force your app to stay open and the phone on. Easier to tell a bunch of people to run a docker container on a raspberry pi.
Why can't they just ship signal with a Tor client? This is precisely what Tor was built for.
They can donate some money to charities running Tor nodes while they're at it, or run some themselves.
Iran tried to censor Tor too, but it's pretty much impossible to do so fully. At least the Tor devs are usually on top of it, while Signal is inexperienced dealing with things like this.
What makes you think that it’s hard to block Tor? Even Kazakhstan blocked Tor many years ago. They’re using DPI: connection opens, client can write data, but can’t read anything which is frustrating from user PoV.
The bridges don't remain secret forever. All it takes is a government agency to ask the mailing list for one and then it's compromised. Once they're discovered, you can get into deep shit for trying to connect to that address.
My ex moved to China, and she told me that the only people who say Tor can't be blocked are people who have never lived in a country where the government is actively trying to block it. Just because you can connect to it doesn't mean you won't get a knock on the door in a month asking why.
if they block can block tor what makes you think they can't block these proxies? furthermore if you use tor you can use the existing network of bridges/relays as well as their pluggable transports protocol to avoid DPI/traffic analysis.
Iran is already blocking Tor. In general, if Signal provides some central way to use Tor together with Signal, the Iranian government can just run it on their machine, and block every IP address that it tries to connect to.
Iran can block these proxies, too, but this way there isn't any centralized listing of proxies. This proxy setup is simple enough that a single person could run a proxy for a few dozen of their friends, and the Iranian government might just never find out about it.
exactly, this article is exceptionally egregious at estimating state actor's tools agumented by HUMINT capabilities to hunt down anybody trying to subvert their iron curtain.
I fear that some naive Western expat will participate and find themselves in a hostage. Many countries in this don't have any treaties with Western nations, they dont have high regard for human rights either.
Signal is taking a leaf out of Telegram's book here in crowd-sourcing censorship circumvention which has worked so well for Telegram in Russia, especially.
One could use censorship evading VPNs like Tor, Lantern, Shadowsocks, Psiphon in addition to using these proxies. They all have different evasion mechanisms.
The thing that works for user-run proxies is, it is like a hydra, you censor one proxy another crops up.
I'm worried that Iran is less concerned about collateral damage. Russia gave up because successfully banning Telegram would also ban significant parts of the internet that Russian businesses (etc.) depend on, so that was unworkable. I expect that Iran won't care quite as much.
Regardless, I hope this does actually end up working, and allows Iranians to use Signal without a prolonged cat-and-mouse game.
Yup. I just tested ~~the fdroid~~ signal (the non-google-play apk from signal's web site) with orbot (a tor VPN for android) and verified it works correctly for text messaging. As you say, using a bridge should make it difficult for iran to block. I wouldn't be surprised though if voice/video was too high latency or doesn't work at all. https://mobile.twitter.com/sporksmith/status/135738175783478...
Which to me is bad. They should run a service like Tor does to get private bridges. I don't know anyone in Iran but I have a server I could use for this. However I know zero people in Iran.
You probably haven't followed Tor development in the past years. obfs4 and snowflake a really cool circumvention methods that are orders of magnitude harder to detect and block than these "signal" TLS proxies.
The TLS proxy signal just advertised uses plaintext TLS SNI header to determine where to route the packets, which makes it really trivial to detect and/or block. The same cannot be said about tor.
Of course it's hard to censor Tor, but is it really hard to outright block it? Last time I looked into it, you could just fetch the list of edge nodes that have to be public by design and block all of those.
Damn, I've read the code. This won't work against an active probe. Censors just use signal domains and non-signal domains to test your proxy. If signal domains get passed and non-signal domains got denied, you are fucked. Besides, TLS in TLS is highly identifiable by simple packet length dpi. I'd hope there's better plan.
And based the log on my hand, probing is really "mainstream" now days. I have a Shadowsocks proxy instance started since Oct 20 last year, and it's been attacked
times total. The last 6 happened less than 10 minutes ago. My expectation is, TLS will be probed even more, because the handshake parameters (the order of CipherSuite for example) itself could leak a lots of info about the client&server.
It's not easy to build a protocol that is cryptographically safe all while keep the traffic characterless/innocent. Could be a "World Changing Event" if somebody discovered a way through.
TLS 1.3 supports (encrypted) padding bytes for Application Data; which could be used to normalize the packet lengths. Probably not accessibly via normal system TLS libraries though.
Although, if only Signal is making nice sized packets, that could be suspicous.
> Censors just use signal domains and non-signal domains to test your proxy.
If the censor already knows about your proxy they would have no reason to test it... The whole point is that there isn't a central list of proxies for them to easily block.
No but look, they're blocking connections country-wide. Apparently they have government boxes installed on the outside lines. If you're looking at IP headers and deciding to drop or pass based on that, it's trivial to collect the IPs you don't yet know, check if they're running a proxy (Signal, Tor, I2P, whatever), then add them to the block list if they are.
If it's trivial to figure out (by doing a nice handshake) whether something is a certain kind of proxy, then the cat-and-mouse game is reduced from finding lots of mice to updating the cat system to test whether passing animals are mice and instantly wiping out the mice population.
This is the very same problem that Tor faced when Tor bridge use started to pick up in China around the late 2000s / early 2010s. You only needed a single Chinese user to connect to your server for it to be probed by the Chinese censors. Older versions of the obfs Tor bridge protocol could be detected by active probes and thus blocked very much like these Signal proxies. This is a cat and mouse game that Signal could very easily lose should Iran start to care about probing all new active connections that leave Iran.
I doubt it.
By the same reasoning they would also have access to iMessage and other apps that aren't banned. Not sure what WhatsApp or fb has to do with this.
Considering Apple put all data of Chinese users on Chinese servers to keep the CCP happy I have no doubt they’re perfectly happy and willing to comply with government requests elsewhere too.
Iran blocks every major foreign messaging app, except WhatsApp. Signal escaped it until now only because they had so few users. Also keep in mind that while WhatsApp claims to use the Signal protocol, they installed a backdoor that allows them to MITM conversations. So yes, I’d say it’s virtually guaranteed that WhatsApp is sending unencrypted message data to Iran, and of course to the US too.
I guess I'm coming down hard on one side of a controversial question, but in my mind, if it allows the server to intercept messages without users knowing about it under the default configuration, it's a backdoor.
I could not test it with the Signal client yet, because the Beta is not yet available for me. However I verified that the nested TLS works using openssl and netcat.
Their proxy seems to just be nginx, I'm surprised they didn't just share nginx or apache configurations. Most people with a box suitable for running this are probably already running a web server, so there's no reason they should be proxying from their existing web server to this dockerized server which just proxies to Signal.
Looking into their repo, they also appear to be building an nginx image from docker.io/ubuntu:20.04 instead of using docker.io/nginx. They are also running two separate nginx processes. I wonder how they ended up with this weird intricate setup.
I would be glad to help if they offered straightforward instructions.
This is correct, just set one of these up and it uses extra Nginx plugins.
Also the way they’ve done it makes it incredibly easy for anyone who isn’t a tech expert with a web server to still help out with a $5 domain and a $5 VPS. You literally run three commands and it’s done.
They want as many people as possible running these so blocking them all is as difficult as possible. It’s the smartest approach to have a low barrier to entry for something like this.
Signal should be federated. This censorship problem would not exist, or would be organically routed around, were the service federated.
Without federation, Signal is just another stepping stone in the long path of eventually abandoned instant messengers, all the way back from ICQ. We will get to an SMTP-like protocol, and email-like service, at some point. If not Signal, some other one.
I’m not so sure. Moxies reasons about how federation leads to protocol development slowing and then freezing are solid.
It’s why we re not using smtp for chat. SMTP can’t be extended enough so replacements are built instead.
Similarly if signal federated, eventually it would freeze and a few years later users would move to wherever they could get new features.
Federation is a good thing but only when the protocol is finished or if there is a forcing mechanism to allow updates to the protocol. ethereum/Bitcoin are good examples as they have flag days that force the value of currency to be in the balance to keep the protocol moving forward.
Honestly deltachat works great and its chat over smtp and imap.
Im not sure "chat" needs this much constant "innovation" at the protocol level. Most of the issues with email are client UX more so than actual protocol limitations.
I don't see what prevents updating as long as you don't care about fragmentation. You probably can't compile all brand new software on a very old Linux kernel, but who cares. I mean yeah, you'll have to care more about fragmentation, but it's not all or nothing. You'll still be able to update the protocol, you just have to make breaking changes less often.
I think XMPP is a better comparison than SMTP. In its heyday, XMPP had several clients, some with different proprietary extensions, and all the core functionality basically worked across all the clients. Though it turns out some of the messengers I thought were XMPP were actually different protocols that XMPP could work with. Imagine that. People still use it too, though it's not as popular as it was in the 2000s.
Moxie, one of the original authors of the Signal protocol, said federation severely restricted flexibility and so they had to move on: https://news.ycombinator.com/item?id=11668912
Do any SMTP servers still allow organic routing? I was under the impression that all modern servers have extremely cumbersome auth/dkim and its hard to not be GMail and still send a real msg and have it arrive
DKIM/SPF really aren't that bad. And you can not be Gmail and still get emails sent. Except Outlook/Hotmail/etc will randomly start blocking your emails, and only unblock your emails after you pester them enough.
FWIW right now to any Iranian friends on here. We have Umbrella in Persian/Fa now available. It's a massive open source guide to digital and physical security. Everything from how to use Signal to how to deal with arrest.
How would you let users know about this proxy without letting their government know about it? Instead of platforms like twitter, how about randomly giving out random proxies in some header that the app could query on cloudflare or google or akamai? Does Signal already make use of any CDN's for out-of-band signalling and fail-over? If the Signal proxy could expose an obfuscated load metric, then the CDN could pick another proxy via health checks. The proxy could advertise itself via CDN's as well.
That's the trick isn't it: having an entire population know something an oppressive government doesn't.
Even if you teach everyone how to deploy their own servers, then that's the knowledge the government will start targeting. You can make blocks expensive, i.e. blocking other major, useful services that would disrupt society too much for them to want to deal with, but this of course has its own costs.
It's censorship and surveillance all the way down.
Yes, which is why Signal is doing a disservice by telling people to announce their proxies on Twitter. The expats should just tell their friends and family, and tell them to pass the word on only to people they trust.
But this doesn't stop them from doing that. If you have an expat friend or family member with a proxy, use theirs, if not, check the latest tweet with the hashtag and use that.
That is precisely why I am suggesting using a CDN. Old school CDN that is. Back in the day, if you had Akamai, your site would just use one (or many) of their generic names. Nowadays you can use your own domain to front their network, but you don't have to. If Signal was using a few CDN's and cycled through many generic end-point names, then Iran would have to block all the CDN's which would be nearly the same as shutting off the internet. This would not have to be the default mode of Signal. It could be an option that the client suggests. "Hey, it appears we are blocked. Use alternate proxies?" Then cycle through many different CDN's using many generic end-point names. Some of the CDN's can also do layer 4 vips and not have to decrypt anything. They can just act as a TCP tunnel if need be, just costs more.
I think Signal is clearly recognising that nearly sny server or system they create will be blocked, which is why they recommended this being done on an individual layer.
From the article:
> A more discrete approach would be to only send the link via a DM or a non-public message. You can post something like this on your favorite social network:
> * #IRanASignalProxy Reply to this thread if you want the connection details, and follow me so I can DM you the link.*
No good; people working for the Iranian state will DM. Signal didn't think this through. No one should announce proxies via social media. Tell people how to set one up for friends and family.
> No good; people working for the Iranian state will DM.
They'll probably try, but it's not very scalable. It's tough to build and maintain a Twitter account with a history that looks like a real regular person, much less create a bunch of them fast with history that dates back before the day you started. If most of them make a modest effort to verify users, most of them should remain unblocked. It's all pretty decentralized, so it's not that big as deal if a few of them do get discovered and blocked.
People working for the Iranian state generally would be discernible from their Twitter account, and by controlling the information you hand out you can also flag the hidden accounts that aren't easily recognized.
You also overestimate how committed Iran is to stopping this. Doing this in public risks the state finding out, but outside of times of crisis the state is usually pretty slow to respond. Keeping it private tanks participation rates.
There are about 700,000 people of Iranian descent in the Los Angeles area alone (the largest such community in the US). Most of them are in the US to escape the regime, and most of friends and family in Iran who they keep in touch with. The people in Iran also have their own networks.
So a down-low friends and family approach could reach a lot of people.
If you just filter the amount of those 700,000 down to how many are aware Signal exists, I bet we'd already be at a low enough number to see the problem with your plan.
Generally speaking censorship by a government needs to be pretty poorly done at best. Taking out the bulk of the usage of Signal is easy, removing it completely is hard. Much better to apply minimum cost and effort where it counts most.
The high level takeaway then seemed to be that researchers were not focusing efforts on measures that can actually help more people resist censors. Have we made progress since then?
Telegram got around Russian censors by constantly pushing new IPs for their servers with Google Cloud. Of course this is a cat and mouse game as well, but it worked out well for them, since Russia didn't want to block all of Google/AWS.
I do not know anyone in Iran but have spare cash to host a VPS or two. How can I help anyone without broadcasting my proxy for the censors to eventually get ahold of?
That's the sort of PoC that should be PGP encrypted to the Signal authors instead of publicly posted. Iran will have a field day with it being posted like this.
Except, of course, that posting public keys is too 1990s for him https://moxie.org/2015/02/24/gpg-and-me.html (which contains some good arguments but offers no solutions, so whatcha gonna do, post a phone number and trust the signal servers to give you the right public key? That's better than self-published public keys? For an anarchist? Is it smart to post phone numbers publicly anyway, see e.g. SS7?) Perhaps just ignore this paragraph, I'm just a confused person seeing mixed signals.
it is pretty trivial though and an obvious deficit easily visible by just looking at the "code" or nginx config in this case... it is even trivial to come up with this without knowing any of the setups details...
They're fairly rare compared to Android in most countries, actually, also rich countries. That it doesn't work on Apple devices being seen as a blocker was the last thing I expected when clicking that link.
Signal could learn a lot from Telegram in this regard.
Russian govt had tried to block Telegram but telegram servers just keep jumping over various cidrs and users got the ip addresses for connecting over push updates and the only thing the govt succeeded in was blocking a wide range of subnets including AWS ranges and GCP ranges thus disrupting a whole lot of businesses and even some government services.
That article notes that Signal has been domain fronting since 2016. I think google has cracked down on it more recently though, and hence Signal has had to circumvent censors in a new way
Gross! I wonder what motivated these decisions inside Amazon & Google. This likely affects the Tor project domain fronting as well.
We really should not have let the majority of internet traffic be served by a small handful of giant companies without some legal protections as to what they're allowed to do.
But I would be 100% against any law that required them to allow domain fronting. It's fine if they want to, but requiring them to basically open up/leave open a hole in their systems is not right.
In general there are many things that are beneficial when used by good actors and harmful when used by bad actors. That's just the nature of power.
I'm really bothered by blanket policies that prevent beneficial uses of a tool because it can also be used to cause harm. Google and Amazon need to figure out how to disambiguate the two.
What I recall from the discussion back then is, that domain fronting basically means, that Signal would disguise itself as google or amazon traffic. So I would say, it is understandable, that they decided this is not good for their buisness.
So it was not an act by google and amazon to activly harm Signal, but rather canceling ongoing support of Signal, that could put their buisness to harm, which is something different.
In the grand scheme of things, I don't like how much infrastructure technology giants control.
In this specific case, however, domain fronting is basically saying "if you want to ban me, you have to ban all of us", without asking if the rest of "us" consent to be put on the same boat.
It would be cool if they are, but it's perfectly understandable for them to disagree.
There has to be a cleverer way to solve the problem of having several domain names on the same IP than just sending the desired domain name in plaintext.
And this new way, while less convenient, is arguably superior due to its decentralisation. They’re not just going after one service they’re now going after people all around the world running these proxies.
Just set one up myself took 15 minutes and that includes setting up a fresh VPS.
I've been mulling this over today, as your ability to get the name/IP of the proxy has to be censorship resistant as well.
The best idea I've had so far is using a CNAME response to a very common DNS query which would pass a basic filter, like I'd ask for "mail.mydomain.com" and it would respond with a CNAME pointing to the actual proxy. I have dead domains which I have configured with null records for MX and stuff (so spammers can't abuse them), I could hide the name of my proxies in the MX records a CNAMEs and nobody would be the wiser...
The trick is getting the word out on how to do it - like "hey everyone, just ask random domains for "mx.domain.com" and use the 30 level MX" or something which would pass as legit traffic. Maybe...
Using innocent sounding CNAMEs on abandoned domains is definitely a smart idea.
I’ve definitely got some old domains kicking about, I’ll see how far off they are from expiration and do something similar if they have at least a few months left in them.
The proxies themselves can also be hosted at normal sounding domains and subdomains like cdn.technology.memes or whatever.
And when you point other domains to them as CNAMEs use equally regular looking subdomains no algorithm would pick up as a proxy like webmail.abandoned.tld.
To my thinking, it creates a chain of "it's really hard to block them all" - as soon as I saw (via the link) that you submit your new proxy to https://signal.tube I thought "...so the Iranian gov't just has to block any and all access - DNS, HTTP - to that domain" and people can't even see what proxies are out there. So if my friendly domain name is "learned as a Signal proxy" they just block my domain (personally, I'd use two domains to double-blind it).
My conceptual idea is that how you get the person the name of the proxy to use has to hide as signal amongst the noise and not get trapped in DNS/domain blocking filters - and if it's keyword blocked by the Great Firewall, you just start asking other random domains for their MX records etc. I believe it's generally referred to as steganography: https://en.wikipedia.org/wiki/Steganography
Re-read the OP. No connection is actually made to `signal.tube`, it's only a placeholder domain for triggering an Android registered link handler so that it will open in their app.
Thought following yours, I like the CDN idea - if you add in some dynamic DNS updates with random CNAME results it could also help - ask for cdn.example.com, get node182.example.com and 5 minutes later get a different CNAME result injected from some cron job...
It is indeed. Iran does not shy away from blocking large swaths of the internet in order to make sure the parts they want blocked will remain blocked. For example, before 2009, there were specific blogs on wordpress.com which were blocked and making sure the content the government wanted inaccessible would remain inaccessible had turned into a whack-a-mole game. In 2009, they simply blocked the entirety of Wordpress, Facebook, YouTube, etc. and made their jobs much easier.
Iran would not hesitate to block all AWS IP addresses as a solution (I don't know if that is how they block Telegram now). GCP resources would not load in Iran anyway because Google has a very strict (much more strict than AWS and Azure) interpretation of the sanctions, so they don't have to worry about them.
Telegram blocking in Iran is theoretical. There are still a great many Iranians successfully using Telegram (via proxies or modified versions of the app).
Thanks. That got me the ip but browser won’t connect to it. So it’s blocked at the ip level. (Why would an ISP do this? Mine is one of the majors. Curious.)
Feels like there could be a good business in providing this CIDR-hopping push-updating proxy as a service other apps could embed. Like what CloudFlare does for DDoS protection, but as a forward-proxy + client middleware, instead of a reverse-proxy.
> §560.204 Prohibited exportation, reexportation, sale, or supply of goods, technology, or services to Iran.
> Except as otherwise authorized pursuant to this part, and notwithstanding any contract entered into or any license or permit granted prior to May 7, 1995, the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of any goods, technology, or services to Iran or the Government of Iran is prohibited, including the exportation, reexportation, sale, or supply of any goods, technology, or services to a person in a third country undertaken with knowledge or reason to know that:
> (a) Such goods, technology, or services are intended specifically for supply, transshipment, or reexportation, directly or indirectly, to Iran or the Government of Iran; or
> (b) Such goods, technology, or services are intended specifically for use in the production of, for commingling with, or for incorporation into goods, technology, or services to be directly or indirectly supplied, transshipped, or reexported exclusively or predominantly to Iran or the Government of Iran.
For US citizens, does helping folks in Iran in this way with a Signal proxy fall under these terms?
I would keep in mind that the US has weird antiterror laws about assisting enemies and also laws which construe bypassing system designs as hacking.
For instance, Virgil Griffith is being held and charged for giving a high level description of bitcoin transactions at an academic conference in North Korea.
This is incredibly more specific and more technical of an act.
Virgil Griffith was told not to enter North Korea by the US government, and snuck in through China anyway. He admitted to specifically talking about how to use cryptocurrencies to avoid sanctions, and admitted he knew at the time that that was illegal.
Can someone who is a lawyer comment on this, please?
edit: further.. how is Signal shielded (if at all) from providing services to anyone in Iran? Wouldn't they be a target in such a case? The blog post is an explicit call for assistance specifically to do so.
Not a lawyer, but details of the sanctions are public[1], including Iran General License D-1 which covers services, software, and hardware incident to personal communications. The license has details for fee based and generally public free-of-charge services. We want Iranians to be free to communicate.[2]
This law is trivially easy to get on the wrong side of. Something like this would be definitely in scope of the anti-terror law you're talking about. American HN users beware.
I wonder how many First Amendment lawyers would be champing at the bit to take a case where a prosecutor was dumb enough to charge someone with a crime for assisting dissidents to communicate.
I noticed the same thing, and filed an issue [1]. The first reply does not fill me with a lot of confidence (but it's unclear to me whether the person is affiliated with the project or not).
I (partially) fixed this issue, and I'm not affiliated in any way with Signal. It's public (https://github.com/signalapp/Signal-TLS-Proxy/pull/2), and it looks like they welcome contributions, because they merged mine.
You'd be building and running these outside of Iran for them to work, which would limit the Iranian government's ability to perform the attack you describe.
But the fact that you are in Iran and using Signal may get you added to a watchlist. They can trace the IP addresses connecting to the proxy server back to a household or phone, no?
I don't think Iran is as oppressive a regime as you make it out to be. AFIAK the act of using (or attempting to use) Signal is not illegal. The resources required to trace an IP and track down the user simply because they used a messaging app seems unfeasable. Not to mention IP addresses on mobile devices are highly dynamic especially if you're jumping between wifi and cellular. Correct me if I'm wrong but I think in practice it's pretty hard to link IP addresses to actual individuals.
Not much. It's 99% certain that Iran already has the IPs of all Signal users, and they haven't penalized people for using encrypted messaging as of now.
This is one of the best arguments for federation/decentralization, is it not? It's not impossible to block a protocol, but it's harder than blocking an IP.
Yeah I was thinking this is awfully close to some kind of federated system. It's not the same but it's pretty close to Signal asking for people to decentralize their service a bit to overcome censorship, which is one of the main arguments for decentralized systems.
If everyone announces their proxies the Iranian government will be monitoring those announcements and will be able to block traffic to them. It may be better for those with friends and family in Iran to run proxies and quietly inform only people they trust.
This is the kind of privacy initiatives we need. While we argue in America about deplatforming, Iran, China, and other authoritarian countries around the world are actually suppressing and punishing free communication. Kudos to Signal for this initiative.
WTF Signal?! You claim to help users from Iran, however you encourage them to circumvent a government ban by using proxy which redirect trafic based on TLS SNI header, in plaintext?! Maybe you think the Iranian government doesn't have the resources (yet) to log/drop packets based on SNI, however it may well be the case already or soon because that's really not hard to do.
You are actively encouraging people to use technology that will reveal to their ISP/government they use Signal despite a government ban. You also force them to use phone numbers, which are uniquely-identifiable and are also advertised publicly in multi-user chats. ARE YOU TRYING TO GET PEOPLE JAILED OR KILLED?
If you were really fighting for freedom and the right to legitimate dissent against unfair governments, then you would federate your services so you don't become a central authority who can ban users (SPOF), abandon phone numbers entirely (because they're a security nightmare and publishing them facilitates harassment, a known problem on your platform you have refused to address so far), and use established proxying mechanisms which are less detectable than a plaintext header containing "signal.org" (like Tor).
The header will appear in plaintext between the user and the proxy (easy to detect/log/drop for their ISP/government), and still appear in plaintext between the proxy and Signal (which is less of a problem).
The SNI header is not dropped to upstream because it's used whether the reverse proxy is operated by the intended recipient (Signal) or not (the proxy). That's precisely the reason why people have been promoting Encrypted SNI for some time now.
It is not true that Signal domains are visible in plaintext on the wire between the user and the proxy.
You can spin up the proxy and check yourself.
Alternatively, you can ask yourself "why go through the trouble of setting up a legitimate ca-signed certificate if Signal domains are already leaking in plaintext"? The whole point of the ca-signed cert is to make the traffic blend in. Why go through that trouble when a simple regular expression could identify it?
I just did, and you are right. I stand corrected, sorry for spreading FUD. Other criticism of Signal still applies. I would edit my original message to reflect that, however i can't because it's been posted a while ago.
An attacker (such as the government) may not drop connections in real-time to Signal proxies without considerable efforts (i.e. for every HTTPS stream, verifying whether the remote server is a Signal proxy). However, after passively recording SNI headers, the attacker check those remote servers to figure out whether they are Signal proxies. As a conclusion, this Signal proxy is an effective censorship-circumvention tool, but does not protect users from the consequences of circumventing government censorship (which may be harsh).
A possible mitigation would be to have the virtualhost terminating the outer TLS connection serve the reverse proxy only from a specific folder/location, which cannot be well-known. So the attacker would see you are connecting to https://proxy.example, but as long as https://proxy.example serves legit-looking pages on /, and the Signal proxy is served from https://proxy.example/foobar, the attacker may not passively discover the actual reverse proxy. Of course, every Signal proxy would need to use a different subfolder.
Hey Signal, your next contender will be Narendra Modi's Hindu nationalist Indian govt. But Modi is one step ahead, blocked the whole internet in Delhi.
Hey, did anyone actually try to run this? I'm getting a bunch of errors when trying to run the sudo docker-compose up --detach. How would I know if it's running or not? Sorry, quite new to this apart from hosting a couple of personal pages on a vps.
> You can share your proxy with friends and family using this URL format: https://signal.tube/#<your_domain_name> […] The latest beta release of the Android app is registered to handle links from signal.tube.
This scheme is convenient for those with correctly configured devices, but comes at the cost to everyone else of increased risk of inadvertent leaks of the fact that they're attempting to circumvent the block. I'd be interested to hear more about what factored into the decision to make this trade-off.
AFAIK you can register URL handlers for a specific domain (signal.tube), but not for a specific hash. And you don't want Signal to appear as an alternative browser on every link.
Edit: On a second thought, I wonder if a custom scheme would have worked, e.g. signal-proxy://example.com?
Well, well. Just a week ago [0] I was lamenting the fact that Signal was too centralised. This comment was made in the context of P2P not being the best solution (due to other privacy issues), but that something in between was needed. When will Signal realise that the centralised approach to hosting is not going to last forever? The code is open source. The server code is supposedly open source, but on closer inspection it is missing some features and is very out of date. The actual server code is clearly still kept close to their chests.
There needs to be a way for the same Signal application to, in an emergency, connect to a different server. Perhaps even some form of federation so that once somebody switches server, they can still reach people on a different server if need be. I would absolutely love to see some work done on making a Matrix/Signal hybrid.
one question to people here. would you have acted in the same way you are doing now if US govt had banned parler and they wanted people to contribute to keep the service up? for all i know everyone colluded against them and killed them. now, if anyone wanted to help them stay afloat, why did you go after their hosting provider, CDN and payment processors?
if helping signal is meaning defying iran, then helping parler would mean defying the US.
Yes. Exactly. How do we as outsiders know the us govt isnt doing backchannel deals with faang, even with one is enough to get the ball rolling.
Even if thats not the case, my question still stands. If American companies banned parler, why dodgy govt intervene like how it tries to potray a sense of high handedness when it comes to Iran.
If the can sanction companies to not serve Iran, cant they force them to serve parler in the first place?
If not then they are silently agreeing with faang decision, against free speech
As much as I admire the cause, I can't ignore the irony:
First Signal doesn't want to build a federated service because it is too complicated to build (for the guys who brought us a new class of encryption) and now they are asking us for proxy servers because their centralized network can be censored...
But since Signal is probably the best option for private communication right now, I don't want anybody to discourage to run a proxy right now.
This is why the mindset that no body will leave whatsapp or social media is very detrimental and erroneous. Even if a few 1000 tech savy users use distributed communication that looks like regular traffic all the time, then when an event like this where governement shuts down all main stream social media happens, people will be forced to learn about distributed communication and mass transformation will happen.
And if you're the mouse, you really don't want to be hobbled by not having an auto-update mechanism in your proxy servers...
At the very least they could have made it load the config from https://signal.org on startup, or made an apt package that sysadmins can easily update with everything else.
Wow! This is what I call decentralized internet. Where unless Apple can take down the app from the AppStore (we should fight against the monopoly) Signal is hard to censor.
Unless Iran totally kills its internet to all.
Sure there is the dark side that it could be used to organize crimes and terror, but I think we have to recognize the right to meaningful communication and privacy.
Signal gives me hope on the internet of the future.
In light of all the government Internet shut downs in the past years, I’m very curious to see the impact of star link and other Connection methods that might bypass geographic restrictions. Will SpaceX and other service providers shut down access when local governments request it? If not,Will the governments ask on a perceived threat to stability
Hmm, looks like these are just a few nginx rules, they might as well publish those.
Internet is a bad fit for this. I wish everyone was using yggdrasil, I2P, tor or something similar.
I mean: I could provide as many yggdrasil addresses as I wanted to. It would be possible to setup a few VPNs to connect separate networks (though potentially traceable).
I'd be happy to run this, but I don't really feel like spreading this (for everyone I know) useless info into my social network (which would be via email for me?)
I would gladly sent a link to Signal for my proxy though so they can forward it to people that need it? Hmm, I'm beginning to see the problem now..
Agreed, I'd happily run a server but I would need some kind of aggregator service to post my proxy on. Surprisingly enough I don't have many contacts in Iran lol
But, I do understand that it is otherwise difficult to reach Iranians and not hand their government a list of urls to block. But I think my reach is useless. If your reach is not, then maybe you'll also reach the Iranian government easily.
Moreover, should I run this from my personal server? Could it become a target for nefarious stuff? I feel the same as I do when I think about running a TOR exit node. I want to be like my hero Edward Snowden but... I'm afraid of the stuff that gets associated with my IP address.
I know it's too late to engineer this at this point, but maybe Signal should consider adding a built-in Tor client. That way they can take advantage of the many thousands of existing Tor bridges, and Tor has been proven to be pretty effective at censorship resistance over the years...
I doubt very much it's too late. Tor can be statically compiled into the apps, and assuming Signal is centralized, they can just run their own onion service and otherwise communicate as though they were using TCP.
I meant that it's too late to solve it for this particular censorship event. You'd need to add a UI for selecting bridges and configuring Tor, all of which is substantially more complicated than just adding support for custom single-hop HTTPS proxies.
The future is in initiatives like these... examples here and there show that the internet is way to vulnerable to censorhip (China, Twitter and AWS in the US, Iran, etc...). I hope the push for de-centralized platforms will expand. Well done Signal.
I just set up a Signal proxy - I don't have any social media, any suggestions as to the best place to post the signal.tube link so that it can get to those who need it the most? Thanks!
I love how everyone here jumps on this, spread the love and joy for Iran, meanwhile much of the same group of people is perfectly OK with an entire cohort of our population being utterly censored and shunned. Best of all, the same cult will down vote this comment into oblivion, and while doing it they will convince themselves that they are doing it to make this prediction a self-fulfilling prophecy, and then when they read this last part they will then again feel doubly justified. In the end, we all lose because of politics and ignorance. A couple will add a snide and "clever" reply, in order to justify their down vote to themselves and to others. Inside, everyone is lying to themselves, because they know the truth.
hey. i just thought of something. is it not possible for india or iran in this case to check your phone number and see if it is active on signal? if you are online means you are somehow bypassing their blocks. isnt then just a matter of tracking your cellphone and relevant xkcd applies ?https://xkcd.com/538/
this is looking like a zero sum game unless signal account is delinked from phone numbers because the govt can play cat and mouse game indefinitely
all they need to do is be in the approximate region of the cell signal through triangulation to figure out the phone numbers / unique identifiers attached to the phone.
then its a matter of time before they link real identity to the phone. With the wide availability of femtocells, all they need to do is get lucky once.
This puts operators of Signal proxies at potential harms way! Absolutely irresponsible for people on HN to downvote and downplay genuine security concerns.
How is a proxy operator in harm’s way? They aren’t in Iran, and the Iranian government understands the consequences of trying to do anything about it. Users are in no more danger than they’ve always been, and substantially less than if they didn’t have communications ability.
oh. you are not joining all the dots here. an offensive govt already has KYC on cellphones. they can pull your details in a second.
My reasoning. they have a list of say 100 users. every govt has lists. they check that list against signal users as "social graph" and voila, they know you are online or not. second, kyc documents show who you are so you are good as toast
Not really. There's not much Signal-protocol-specific technology involved on the proxy, other than dropping traffic that doesn't go towards the Signal server itself.
In the long run, starlink will make it even harder for autocrat regimes to censor the internet. Russian authorities already try to ban connections to Starlink.
Unfortunately, it's easy for governments to criminalise owning Starlink terminal equipment. Also, Starlink may be legally forced to deny service to users in certain geographical regions.
Iran's been having a tough time shutting down illicit satellite receivers.
> One woman in the Iranian capital, whose satellite dish was demolished by the police several months ago, told "Persian Letters" that the first thing she did the day after her apartment complex was raided was order a new dish and receiver.
> "That's the only fun we have here. There's nothing worth watching on [state television]," she said. "They can come and take my dish away. I will get a new one."
Unless the government can seize Starlink's assets, or shut down/harm their operations, they can't really tell Starlink to do anything. E.g. if they can shoot down satellites, they'd have influence.
This is especially true for economies that are as disconnected from the US as the Iranian one is.
The only thing a state has control over is payments from users. But if smuggling in transceiver equipment with pre paid traffic isn't that hard.
Dishes don't have to transmit, only if you want an upload channel. It's entirely thinkable that important content like websites or feeds by important influencers is pushed to all users.
Yes I'm sure Starlink would never do something like censor traffic at some regime's behest. Elon Musk is famously independent and not at all beholden to funding from the U.S. and China.
This is the only benefit that comes to mind when weighing against obscuring the night sky. Heck even freeing Australians from Telestra's Iron grip would be an accomplishment.
You're welcome to either use such a decentralised service or fork signal and add decentralisation / federation. Centralised services get more users by having a lower threshold of adoption.
What's the purpose of signal? Is it taking over the world or providing a service to people that care about their privacy and free (as in freedom) communication?
And the clients for XMPP still suck, 15 years later. You might find a good one on one OS after trying out several (install, test for a few days, repeat), but then when you want a client on your phone or another OS, you have to try the install/test cycle all over again.
In my experience, most of the clients just don’t do WEll everything a modern IM client needs.... group chat without needing to know a FQDN address, alerting on new messages/mentions, image and attachment support, encryption without wonky key management, multisession support (connecting simultaneously from multiple devices not leading to problems), on and on...
I used XMPP for years on iOS, android, Mac, windows, and linux. Hated it every day.
Conversations and it's forks are all very good clients, and their voice/video chat works perfectly once the XMPP server configures the turn server. Gajim got a lot better recently. I even managed to get Pidgin to a decent, albeit not perfect level.
It did, then the google reader effect kicked in. Google talk, whatsapp, facebook were all xmpp at one point, deliberately crippled, then nearly killed. See RSS.
I feel like this answer to "how to make government censorship of private communications over the internet impossible" is more complex though than just "use element/matrix"
Matrix is federated which I'd argue is pretty different than "distributed". Certainly the fact that federation is built-in makes matrix more resistant to lazy censors who are slow to block popular homeservers, but a concerted check-any-IP-and-if-it-seems-like-it-might-be-a-homeserver-then-block-it action by a censor would be harder to deal with.
Wouldn't a truly distributed/secure/really-super-hard-to-block protocol rely on non-meaningful addresses (i.e. public-key-derived like a tor hidden service) and some kind of interesting mesh setup (i.e. like tor) to route and deliver messages?
> Wouldn't a truly distributed/secure/really-super-hard-to-block protocol rely on non-meaningful addresses (i.e. public-key-derived like a tor hidden service) and some kind of interesting mesh setup (i.e. like tor) to route and deliver messages?
As if it was that simple; no it's not as simple as decentralization > centralisation. You might not agree with everything (I don't) but this video provides some good points https://www.youtube.com/watch?v=Nj3YFprqAr8
I trust Signal to try their hardest to solve communication, spitting on them is not the solution.
XMPP is by far more fluid, and "productive" when it comes adding new protocol features, or at least if you compare it with Signal.
Marlinspike is making up the problem.
A messaging client is as agile as its developers are, and in case of Signal, not that much.
Evolving a protocol, and developing new features is done by doing programming, and not by some philosophical discourses, and pooing over the competition on tech events.
I didn't watch the video but his article with the same title is almost entirely bad points.[1]
Email is end to end encrypted for people who make it a priority. It would be end to end encrypted for everyone if Google or Microsoft made it a priority.
The difference between XMPP and Signal is funding. Signal supports video on all platforms because Open Whisper Systems hired people to work on it. XMPP didn't because the popular clients are developed by volunteers.
People don't like using lots of messaging apps. So switching apps is much harder than changing your email address because you have to convince other people to switch.
Even Signal is moving away from using phone numbers.
Signal's been "moving away from using phone numbers" for almost as long as it's been developed. They've burned tens of millions of dollars and have nothing to show for it on that front.
Also they insist of making piece of shit bloatware clients and actively kill every attempt for someone to fix it. Because Moxie is always right apparently.
I really hope the situation is just due to incompetence and hubris.
The problem with this is that Signal is a huge success right now where other federated chat platforms have fallen. Sure, something like Matrix might win the war eventually but by being centralized Signal shipped and is providing a useful service to millions of people today.
They could certainly do this, but they would only see which local IP is trying to communicate with Signal (and thus trace the user). The traffic itself is end to end encrypted so they cant read it.
Whoa whoa whoa… there can be legal consequences for spinning-up a proxy in countries sanctioning Iran. This is a case where action can in fact be way worse for someone than inaction. I still can't find any discussion about that and it's worth investigating.
During the EFF "run a tor node" challenge a few years back, I learned that many cloud providers (a) hold you responsible for any traffic transgressing your proxy, and (b) generally were OK with running a relay node but not an exit node. Responses varied provider by provider, some have written rules some do not.
Point being there are already discussions about the relay topic with cloud providers and it's not a weird edge case to me (and the law in your jurisdiction may have a strong opinion on this), I imagine there are legal things about where you live vs. where the server lives which also matter.
But then one day they come and "ask" you to backdoor your employers platform. And when you say "WTF???" they start talking about terrorism charges for the VPS/proxy you ran back in 2021 in violation of Iranian sanctions.
Chilling effects are real. Laws they can "choose to prosecute" or not, just means they have more ways to coerce you if they want...
You can literally spin this up on a $5 a month VPS as well, not like you need to break the bank. And with so many TLDs there’s plenty of dirt cheap domains too. I just spun one up in 15 mins and if it gets blocked I’ll happily spin up more.
“Almost everyone in these comments is asking questions of various degrees of pedantry or outright dissing hospitals/insurance/medical bankruptcy/whatever...
Just donate to a charity if you can spare the expense and help some people out.
Action > inaction.”
Healthcare and communication aren’t comparable. But my point is that you can criticise institutions for their (contested) faults.
If you place yourself on the mantle of non-federation, then availability and censorship resistance are your cross to bear, frankly.
The notion that I should help them workaround their architectural failure when it’s been widely criticised (and criticism openly dismissed) multiple times is a little wild.
Your neighbor asks you to drive them to the hospital. Do you lecture them on the failures of privatized healthcare? No, you defer your opinion to the relevant place and time.
This right now is about people having their access to uncensored communication cut off, and moxie asking people to help out. If you think their architecture is doomed, you're free to codify your opinion somewhere in a pull request or comment under an article about signal's protocol philosophy.
The analogy falls a bit flat because this forum contains, mostly, the arbiter of the root problem- namely that signal is not censorship resistant by itself. And we should criticise them for that because it was a warning delivered in a timely manner and never heeded.
Helping my neighbour in this case means allowing them to use my social insurance. Namely by using xmpp/matrix. It is low/no cost to them (unlike moving countries for socialised medicine.)
> signal is not censorship resistant by itself. And we should criticise them for that because it was a warning delivered in a timely manner and never heeded.
I don’t believe Signal ever claimed to be censorship resistant to begin with. I just looked at their description on the App Store and nothing there mentions bypassing censorship.
Signal in fact did used to be censorship resistant before they were prevented from using domain fronting by third parties outside of their control.
Now the Iranian people need help and Signal has made it extremely easy for anyone who visits sites like this to kick in and provide that help. It’s likely proxies are a stopgap solution but that’s okay. Iranians are having their messages blocked now and Signal has managed to release a working fix rapidly.
You write this as if I contested anything you said. Maybe signal didn't _claim_ to be censorship resistant but it's _essentially_ marketed as such by well meaning people. It's "the secure messenger", what is it secure against if not governments? Your ISP?
Or does security of access not get covered by this definition?
If people had chosen a federated system instead, then instead of _needing_ this very quick solution to be hacked together, the system would have dynamically moved around it.
But, it's a future we'll never know now. Signal has the mindshare (and certainly the favour!) of the people, so the ship has sailed and I'm tilting at windmills.
I think it's ridiculous that we have to patchwork _their_ broken system that _we_ warned them of, but that's the reality and I am not one to put principles before people.
> > signal is not censorship resistant by itself. And we should criticise them for that because it was a warning delivered in a timely manner and never heeded.
> I don’t believe Signal ever claimed to be censorship resistant to begin with. I just looked at their description on the App Store and nothing there mentions bypassing censorship.
Moxie's talk on Signal's centralisation and how (in his view) that makes it better than decentised systems explicitly claims that Signal is better at censorship resistance than "decentralised systems" (his comparison was basically limited to email and the argument was primarily that you cannot move email accounts easily -- in my view that's a pretty colossal strawman of distributed systems, but you can be the judge)[1].
This argument was based on the fact they do domain fronting (whoops) and that they can move their servers and update all clients simultaneously. I think it's more than fair to bring up that this argument is not true in practice and that other decentralised systems (such as Tor) are clearly far more censorship resistant than Signal. That doesn't mean you shouldn't help them solve the immediate problem though.
It is not. Healthcare and communications are very much comparable if your life and livelihood are on the line. If the downside risk for both is a dead person then they are very much morally equivalent.
Ironic how people want to help de-censor what's considered to be an enemy nation (by the media), but are ok with censoring half their next-door neighbors based on politics.
...Until it gets branded as a white supremacist tool for encrypted communications.
Call me extremely pessimistic but events like Jan 6. will be used as justification to start attacking applications that offer end-to-end encryption, and encryption in general. Just like 9/11 was used to justify eroding certain civil liberties.
> One employee pointed out that fascists are often quite public about their activities, as the recent insurrection in broad daylight at the Capitol showed
They’re already discussing what to do when “fascists” (read: Christian rednecks) start posting signal group links.
> One employee pointed out that fascists are often quite public about their activities, as the recent insurrection in broad daylight at the Capitol showed
This is only popular and presented as altruistic because toppling the Iranian regime aligns with the foreign policy of Western states.
Now that's fine if you support the expansion of global liberal democracy (which happens to be neither liberal or democratic) but just don't be deluded into believing this is some good guy vs bad guy scenario. As we speak, U.S media is advocating for the removal of Signal because Americans may also have access to encrypted private speech!
That nation states do things to advance their interests globally is not a conspiracy. Foreign policy 101.
Who is to say that the Western technocratic system of government replacing the current Iranian regime would not also be oppressive? I personally believe it would be vastly more oppressive.
> That nation states do things to advance their interests globally is not a conspiracy. Foreign policy 101.
This level of argumentation is so beyond sense and reason that I'm not even sure which nation you're talking about. Iran is not advancing anything and Signal is not part of the US government.
> Who is to say that the Western technocratic system of government replacing the current Iranian regime would not also be oppressive? I personally believe it would be vastly more oppressive.
Nobody is saying that because you can't but you don't have to if you want to help people out who are opressed under a dictatorship.
Signal is an American company with it's headquarters in California. My point is that the global interests of nation states and their alliances are not only pursued through government channels but also through their influence on domestic private companies.
I agree that my second point was too personal and unproductive.
> Signal is an American company with it's headquarters in California. My point is that the global interests of nation states and their alliances are not only pursued through government channels but also through their influence on domestic private companies.
Please outline those channels which connect Signal to the US government. Otherwise please stop insulting me with this story. Selling basic human rights as some evil US government agenda is ridiculous.
What if political dissidents don't want to give their phone numbers to the former head of Twitter security on the eve of President Biden's re-engagement with the Islamic theocracy of Iran?
You say it as a joke but I get sad at seeing all these efforts to circumvent a government policy while another government is allowed to obliterate a same type of service (parcel).
As I have said before. I'm not in the US and I don't care about its politics. But I'm scared and hiw easily they can define Good and Bad and then manipulate the internet
We see again and again that Americans hate freedom of speech. So what is this but a power play? They want people to use controlled platforms where only American-approved activism is allowed. Actions that destabilize an enemy regime.
Iranians who use Signal are American proxy forces. By definition it is treason.
Iranians who use Signal are Iranians. Your statement is premised on the Iranian government having absolute authority to surveil the communications of Iranian citizens. By that logic, any from of end-to-end encrypted communication is treason. You might as well say that Iranian citizens have no general right to privacy and any expectation of such is also treason.
this is fine and dandy but when you have a state actor operating with such offensive tactics like india is currently engaged in kashmir, there isnt much these "proxies" can do. sorry.
the idea of these proxies is all fun and nice but when a government can just whitelist the entire fucking internet and none of these nonsense works
its weird that all the criticisms of the technique in this article is being downvoted without any rebuttal
people underestimate the security intelligence service of countries in this region. They have far more capacity than people in the West estimate.
It's irresponsible of HN to put people in potential harms way, Iran is at a breaking point, they have nothing to lose and will stop at nothing to stop exfiltration and access to internet.
yes. back after 5 august, i think i got my first crack at internet in february 2020 with 2G internet and a whitelist of "allowed websites". i found out in my own tests that ssh tunneling over random ports used to work. i had managed to set up a server on amazon aws, and i did a dirty ssh tunnel to that to get access to blocked websites. even that failed after some tries and changing networks.
>It's irresponsible of HN to put people in potential harms way, Iran is at a breaking point, they have nothing to lose and will stop at nothing to stop exfiltration and access to internet.
yes. shocked pikachu face gets a random HN reader nothing but people can die as a result of this. heck i have records of people who are locked up since last year because of "social media misuse" aka dissent
I think people on HN are mostly North Americans, they are generally very ignorant of the workings outside their own suburbs/city (we live in the best part of the world they say!)
So there is this bias towards other 3rd world countries. To many they are still a backwards, technologically illiterate countries yet somehow North Korea routinely dominates other wealthier nations in cyber security.
India's intelligence agency has always been competing with Pakistani, very much like the Iranian security forces & Israeli intelligence, these guys have been fighting battles the rest of the world will never hear about, so its foolish to underestimate their capabilities like we do on HN.
First of all, thank you moxie and signal team for this proxy.
Until 2018, many Iranians used telegram but Iran's regime after Russia blocked this messenger. telegram released mtproxy and this proxy was helpful. Russia lifted the ban on telegram but this app is still blocked on my country. but with VPNs, many iranians still use this app. after 2018, second most popular messaging app in iran was whatsapp, until facebook's new privacy policy, like all of you, many iranians switch from whatsapp to signal. mullah's regime removed signal app from the iranian app stores and started blocking all signal traffic in the country, but they don't block whatsapp. I'm not a paranoid but it is difficult to understand for me why they didn't block whatsapp after 2018? can they break whatsapp encryption?
I have a suggestion for signal team: please put tor in the signal, tor is better than any proxys or vpns.