Hacker News new | past | comments | ask | show | jobs | submit login

Sorry but anonymity is security. Once you know who to beat, you will get the keys. Wanna bet? We can do an experiment... ;) /s

(anyone down-voting this post - you don't agree? You are welcome to join the experiment too. Why don't you put your livers where your mouth(fingers) are? I know for myself that immediately when you would show me rubber hose (not even coming to wrench!!!) I would tell you whatever you want to know. But you can obviously do it better, so lets test it. I have a nice, 1kg french wrench waiting for your beliefs (and knees). Yeah, I know I am not politically correct, but facts are facts and you deny them for unknown reason. /s)




> Sorry but anonymity is security.

I'm actually with you here. But anonymity is HARD. Way harder than people give credit. We're not anonymous here on HN. But Signal is doing this step by step and I think that is the right way. Yes, the wrench attack works, but it doesn't always work. It would be better if it was hard to use the wrench attack, but protecting against it is surprisingly difficult. Signal seems to be taking this into account and also working on this in steps.


Not really. Anonymity is simple. You don't require PII for registration. As simple as that.

What is hard are their other use cases. Preventing rotten eggs entering the system. And they cut shortcut here, sacrificing security of their users to keep the bills down. The phone number requirement is not there to protect you but to protect their ecosystem and even more their resources (if I take it as lightly as possible, check the last line).

Again I will use IRC as an example, it was able to connect so many people without requiring PII, yes there was spam (same as with emails, I host my own mail server and I dont see spam, it is 100% filtered out by rspamd), for what, 30 years(?), they can do it too. I don't see any excuse for their requirement.

But ok, lets be fair - easy to connect. I have around 400 phone numbers in my phone of people I asked for their phone number - they were relevant to me at some point, for instance primary school schoolmates. How many, do you think I communicate with? I went to count history for last year - 35 numbers. 35! Out of those, I would communicate over secure channel with 6 (current company). And now this is an issue?

Let me say it again, with all the facts, I can only take them as a honeypot.


Honestly you seem to just want to hate Signal. That's okay to dislike something but calling Signal a honeypot is a strong statement. That requires strong evidence, not weak conjecture.

It is hard to respond to you in good faith because it does not feel like you want to engage that way. Maybe I am misunderstanding your statement. So I will engage in good faith once more (reminding you that this is a HN rule).

Anonymity is nowhere near as simple as not requiring PII during registration. Even from the provider side. We can agree that it is difficult to maintain anonymity from the user side. But choices made by the provider can make these things impossible. Let's suppose Signal gives me one username that I can use and I must use that continuously. What do I choose? If I use "godelski" then I've made a permanent connection between that identity and my real life identity. After all, I do talk to friends, family, and coworkers on Siganl. If I choose another name and share that name through this name, then those two are linked together. All of this is information leakage and highly valuable to OSINT people. I'm sure someone here has significantly more experience than me and would be happy to expand upon this too. But it is extremely naive to believe/claim that anonymity is provided simply by removing the phone number. It is far more complicated than that. Hopefully you now know that.


There's quite a few other hints in the marketing and decisions at Signal that reek a little bit of honeypot (by the NSA).

Super hard to prove though...

For me personally the strongest hints are the fact that it's centralized, there's no getting around connecting to their server(s) for the app/clients to be useful and that it's impossible to know what exactly their server is running (by design?).

Oh, and Signal is based in the US. That fact by itself pretty much means all bets are off when it comes to security or anonimity.

I don't see how the NSA would not be pwning that server or owning/creating that server and/or organization (indirectly or directly).

Or to put it differently: why would it be hard or illogical for the NSA to setup an innocent seeming "good guys" radiating non-profit chat service that is supposedly secure (yet centralized and non-anonymous by design and also a honeypot)?


The whole point of e2ee is that you don't need to know what the server is running, just check the (open source) client.

The point of their private contact discovery is to leverage SGX enclaves so that you can verify what code is running on their server.

Sealed senders allow you to send a message without revealing to the server who you are.

The whole point of Signal is to build something that you don't have to trust. But of course you need to put some effort to understand it (and what it means, e.g. if you don't trust your OS running the client or if you don't trust the SGX enclave).


>Oh, and Signal is based in the US. That fact by itself pretty much means all bets are off when it comes to security or anonimity.

It has to be based somewhere right? Would you trust it if it was based in China or Russia? Or even mid tier countries like UAE or Singapore? Even "neutral" countries like Switzerland isn't safe, as we've seen with Crypto AG.


The patriot act clearly compromises every 5-eyes nation. China and Russia have their own equivalents of a Patriot act, so hosting there is no good either. Mid tier and neutral countries can be compromised as in your example above. This is all truly depressing, but why does it have to be hosted on a central server.

I hate web3 hype as much as the rest of HN, but this seems like a genuinely useful application for it.


Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.

https://news.ycombinator.com/newsguidelines.html

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...


I always took that rule as "don't post insinuations (accusing other HN users of being) astroturfing, shilling, bots, foreign agents...".

Can we not point out when corporate entities are comprised of these things?


See the second link. (And, of course, the insinuation made above applies directly to several members of the HN community).


> why would it be hard or illogical for the NSA to setup an innocent seeming "good guys" radiating non-profit chat service that is supposedly secure

Let's also investigate the inverse side of this. Supposing Signal works, would the NSA not instead want to launch a disinformation campaign against them and exaggerate downsides? I think such action would also be easy and logical.

But I don't think that's happening, to be clear. I think people are just passionate about the subjects and with passion people are often excessively head strong (this is something disinformation campaigns prey on btw. They often play both sides because chaos is often more effective pushing a singular narrative. See "malinformation").

> Oh, and Signal is based in the US. That fact by itself pretty much means all bets are off when it comes to security or anonymity.

(anonymity. FTFY) I do agree that being US based comes with certain risks, but the US is not authoritarian and is unable to force companies to collect data. This is enough to raise suspicion but not enough to be damning. The suspicion is also reduced given that Signal publicly discloses subpoenas that they receive. Insiders like Snowden also advocate for its usage as well as many major players in the security community, globally. One can come back and suggest that this is disinformation but that increases the complexity of the honeypot campaign and as history has shown, complex conspiracies unravel quickly. Especially in high profile cases, and since Signal is universally suggested as the gold standard by the security community, I'd argue it is pretty high profile.

The problem with conspiracy theories is that it is easy to turn evidence against a conspiracy into part of the plot and coverup. But this just exponentially increases complexity. And anyone that has worked for or with the government will gladly tell you how ineffective they are (often in the form of complaints). After all, two can keep a secret only if one of them is dead. The fact that it is difficult to prove (and people have been trying for over a decade without yielding any more evidence than you have put here, +RadioFreeAsia) is actually evidence to the contrary. More should have been uncovered if there was a real plot (especially considering how complex it would need to be).


I'm pretty sure I've had to register my email with nickserv to join an IRC channel before.


Anonymity is a kind of security. There are other kinds that are trivially not anonymous but should be secured (and private between members), like talking to my family members about our private business.

To the best of my knowledge, Signal's use of phone numbers does not meaningfully compromise the security or privacy of my conversations with my friends or family.


>Sorry but anonymity is security.

Tell me your threat model, and then I'll tell you whether "anonymity is security" or not. Anything else is just you talking past other people.


I would say anonymity is necessary but not sufficient for security. So while you might be able to devise an example that _only_ uses anonymity that can be defeated, that would be meaningless because in real life there would be other measures at work, too.

This is why Omertà–basically a vow of secrecy achieving anonymity as far as the police are concerned–is taken so seriously and why it has been such a big deal the few times it’s been broken. But Omertà isn’t the only tool employed–they use guns, safe houses, all kinds of other tools and methods to ensure their security.


Let me just go ahead and send my mom an anonymous message asking what time she wants to see me this week. Should work great.


If your threat model assumes that you will be tortured, and you will immediately give up any desired information upon being tortured, then you better include some magic amnesia pills with your secure messaging protocol.


> Sorry but anonymity is security.

Anonymity is security through obscurity, by definition.


Obscurity is still security. But it is a speed bump, not a locked door. Security is probabilistic in nature and it is quite confusing that people portray it as a static concept. For example, remote wiping your phone when lost is a common practice. You ACT as if the information has been extracted but you still wipe. Why? Because not doing so gives a potential adversary infinite time to retreive the data. Similarly speed bumps make it harder. Every security researcher will tell you that there are no foolproof methods. If there were we wouldn't have this cat and mouse game with hackers. It is all probabilistic and anything you do to increase your odds against hackers is, by definition, security.


obligatory xkcd: https://xkcd.com/538/




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: