Or that you can use that money for a Matrix server instead of supporting centralization.
Element is less polished than Signal app but they've been catching up quite fast. If you and your friends aren't locked into the Signal ecosystem yet, might be worth considering, especially if you're techies.
Matrix comes up a lot but even Signal is often called not polished enough. And for matrix onboarding is hard for techies and I've had zero chance for the general public. Fine to push it towards techies, but my grandma can't figure it out but she can Signal. Push matrix when it's more polished but right now it just feels silly to push it.
Exactly. I'm for decentralization, but the reality is that if "we" (we techies) tried to push Element on everyone today they would just fall back to WhatsApp. So better to go for Signal today and then switch everyone over to a Matrix (or similar) client in a couple of years. As the past week demonstrated, it's possible to switch masses out of a closed, network-effect-dominated system.
I wish the person that downvoted you would give an explanation. I'd love to know how to avoid the middle step of switching family to Signal before, once it's more usable, switching to Element. (Or perhaps they meant that decentralization isn't better and Signal is the final destination. Guess we'll never know.)
Element clients are very close to finishing their SSO implementations which will help immensely with the on boarding process.
Here’s the iOS pull request for example: https://github.com/vector-im/element-ios/pull/3890
One thing that would really help is basically making the server installs a few clicks. Granted it has been about 6 months since I tried but I remember the instructions not being great and I know that'd be zero hope for less technical people.
Unfortunately very true, so although I'm not a big fan of Signal's centralization and USA-based metadata processing (I'm not from the USA), I'll probably end up moving my family from (now) Telegram to Signal.
Alternatives would be Threema and Wire, but Wire has the same main issues as Signal and Threema doesn't have video calls nor a desktop client and an unusable web client (deal breaker for me: you need to navigate two menus on your phone to reconnect every time your phone connects to another wifi or you suspend your laptop or anything).
Do you mean that they have servers in the US? US based company? They don't leak metadata, that's the difference between Signal and Telegram/WhatsApp. If the encryption is good it shouldn't matter what country the company or servers is in. That's kinda the point of encryption...
You connect to AWS when you connect to Signal. That means the USA is the government with the most influence on Amazon to have taps placed or connection logs handed over.
They can do sealed sender stuff all they like, but when 10.0.1.1 sends a 17-byte message and the server then sends a 17-byte message to 10.0.2.1, and a minute later 10.0.2.1 submits something to the server of 48 bytes and then 48 bytes are forwarded to 10.0.1.1... traffic analysis based on a tap of a Signal server isn't rocket science.
Still, it's the best we've got for non-techies. Better than handing over more metadata to Facebook. Even if the jurisdiction is the same, the company (Signal Foundation) is better and is known to collect almost nothing historical by themselves. Other than, say, your real-life-identity-tied user ID of course. (In many countries, phone numbers are given out only after passport/ID verification.)
What makes you think that Signal doesn't have AWS instances in other regions? (I haven't checked but given their popularity, I'm sure their servers are not just in the US anymore.)
> They can do sealed sender stuff all they like, but when 10.0.1.1 sends a 17-byte message and the server then sends a 17-byte message to 10.0.2.1, and a minute later 10.0.2.1 submits something to the server of 48 bytes and then 48 bytes are forwarded to 10.0.1.1... traffic analysis based on a tap of a Signal server isn't rocket science.
True, though with a bazillion connections going in and out of Signal's AWS instances every minute and additional domain fronting by AWS, the NSA would probably have to be inside the AWS datacenter to carry out their traffic analysis and even then it doesn't seem like a triviality to me.
Compare this to someone hosting their own Matrix node (which you're mentioning further down): In this case, it is clear that every message sent to that node has something to do with the node's owner. More generally, reconstructing a social network in a p2p network (without onion routing or anything like that) is much easier than doing this in a centralized network where all messages get routed through a central location. There's a reason why the guys from GNUnet have so far spent two decades on getting p2p right. (Though, of course, anonymity is just one of their concerns and not their only one.)
Is still Amazon operating those locations, so I assume it's still the USA who's calling the shots. Please do prove me wrong if I am, this is somewhat of an assumption (even if I am fairly confident it works this way in practice).
Though perhaps I'm putting too much weight on this aspect, it's just that everything we do in Europe can be monitored through one USA organisation or another. It feels really weird when you think about the number of actually European services you use (very few) and how much money the ad machines are making with your data in the USA, how much that data is apparently worth. We're wholly dependent.
Domain fronting: didn't Amazon and Google say they were not going to do that anymore, because they didn't want to stand up for the organisations using it at the time? Some countries wanted to block certain services (was it sci-hub? TPB? Tor? I don't remember) and instead of standing up for them, they just banned domain fronting.
Therefore I'm assuming that one can see when a packet is actually intended for Signal and filter those out. From there, it should only be a very manageable number of packets, since we're only interested in the routing header and packet size.
One does need proper equipment to capture and filter multiple gigabits per second, but the attack scenario was more about legal interception (which you put in front of the server rather than in front of the datacenter) than about dragnet surveillance. The latter is indeed less applicable on non-USA soil, hence my saying Wire and Signal have the same issue but e.g. Threema does not, though centralization still makes it way easier (thus Matrix is king in this regard).
> reconstructing a social network in a p2p network (without onion routing or anything like that) is much easier than doing this in a centralized network
Hmm, you mention gnunet and I'm not up to date there, perhaps you know something I don't, but this doesn't seem quite right to me.
Sure, once you know who is running a server, you can install a tap and learn whom they are talking to. Way less traffic than doing surveillance on a Signal server, I'm with you there. But you do need to figure out who you're interested in first. The way that I understood these metadata targets work, is that you take a popular network (say, WhatsApp) and check who talks to whom. Anyone within 3 degrees of a suspect is now also a suspect if I remember and understood USA law correctly. But if there is no single central service, you need to install a lot of taps or capture the right internet backbones to get close to the same information.
And if you're serious about anonymity, if you're hiding from the police or an intelligence agency, then surely you'd host that server somewhere paid for without traces to your real name. Or use some public home server -- they still need to tap that specific home server rather than a centralized server.
> Is still Amazon operating those locations, so I assume it's still the USA who's calling the shots. Please do prove me wrong if I am, this is somewhat of an assumption (even if I am fairly confident it works this way in practice).
The whole point of Amazon operating datacenters in multiple regions is that, apart from improving availability of the stuff they host, datacenters outside the US get to be legally independent from US law. (At least at the consulting firm I work for we strongly advise clients to follow GDPR and use the European region only.) My guess would therefore be that European datacenters, for instance, are operated by Amazon EU S.à r.l.
> Domain fronting: didn't Amazon and Google say they were not going to do that anymore, because they didn't want to stand up for the organisations using it at the time? Some countries wanted to block certain services (was it sci-hub? TPB? Tor? I don't remember) and instead of standing up for them, they just banned domain fronting.
You might be right, I'm not sure what the state of domain fronting is, either. In any case, the fact alone that inside an AWS datacenter Signal can operate an almost arbitrary number of servers (as opposed to a single one) without anyone outside the datacenter being able to tell which machine a packet gets routed to or originates from, means that the Signal servers inside the datacenter can potentially handle millions of messages per second which would make correlating them with one another anything but easy. Remember that messages get padded anyway and that there might be additional random delays, depending on which server in a datacenter your message gets routed to. On top of that, judging from the Distributed Systems Developer position Signal advertizes on their website[0] I would assume that Signal's servers need to communicate with one another, too, i.e. your message might go to a European datacenter first and then, from there, go to one on the other side of the world – which would further complicate tracing it. Finally, message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent) which adds yet another layer of indirection, delays and mixing[1] and, thus, obfuscation.
All in all, I am not sure, therefore, if I agree with your assessment that
> it should only be a very manageable number of packets, since we're only interested in the routing header and packet size.
as the number and overall scenario don't seem that trivial to me.
> the attack scenario was more about legal interception (which you put in front of the server rather than in front of the datacenter)
Fair enough, if you tap every single server's network cable, it certainly seems more doable. But how do you, as the NSA, carry that out in practice? Knock at the door of that European datacenter and hope employees won't say anything to the press? I'm not saying it's impossible (it's certainly not) but Amazon EU S.à r.l. being a separate legal entity and employees not being bound to US law would certainly be big operational challenges. I'd say it's much more likely that the NSA's European intelligence agencies carry out such a task for them (or provide support) and even then it's not as easy as in the U.S. (no Patriot Act or anything similar).
Finally, don't forget that AWS instances can be deployed within a minute, meaning that "putting something in front of a specific server" becomes a lot less trivial if you don't really know which server it is or new servers get deployed every other day. (For once, an advantage of The Cloud™ haha.) You basically have no other choice than to put your wiretapping device in front of the entire datacenter.
> thus Matrix is king in this regard [legal interception]
I'm not sure it is. There are pros and cons to both centralized and federated networks here: A central big provider might have the legal power and sufficiently deep pockets to successfully fend off a "request" by an intelligence agency. Small ones like in the federated case do not. Sure, it takes longer to subvert a federated network. But once done, the traffic analysis is a lot easier compared to the centralized scenario (as we already agreed).
> Sure, once you know who is running a server
I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address. Almost everyone who operates a server for private purposes ties the server to a domain or at least a bank account. (Remember that the EU forwards financial data to US agencies.)
> But if there is no single central service, you need to install a lot of taps or capture the right internet backbones to get close to the same information.
The NSA already does that! (Compare what's been reported e.g. about NSA's Tailored Access Operations (TAO) team.) My general assumption, therefore, is always that the NSA and its partner agencies are sitting at every major internet backbone.
> And if you're serious about anonymity, if you're hiding from the police or an intelligence agency, then surely you'd host that server somewhere paid for without traces to your real name. Or use some public home server -- they still need to tap that specific home server rather than a centralized server.
I agree with the first sentence but I don't understand the second. Practically all traffic to and from a public server you're running at home gets routed through an internet backbone anyway. (Unless, maybe, your Matrix contacts are all in your neighborhood and are all with the same ISP.)
Regarding legal independence of USA law, you're legally right I'm sure because that's indeed how GDPR works. I just can't imagine Amazon Europe telling a USA judge "sorry your honor, we really can't tell our subsidiary to give you this data relevant to national security, it's protected by European laws." It's one company, not a separate entity.
Perhaps it would go this way and perhaps they would rather incur sanctions or take to the media when ordered to hand over data stored in Europe. But so we're trusting Amazon with our data.
I guess, if I'm being fair, I just don't really know enough about this. Perhaps a legal entity in the USA cannot be held liable for not complying with a judge's orders to tell its wholly owned subsidiary to do something, or either of them for the subsidiary not complying. It might work that way. I just expect that in practice, they might very well simply comply. Or, like you say, that a "European intelligence agencies carr[ies] out such a task for them".
> message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent)
When questioned about the privacy of using Google/Apple messaging stuff, what I've always heard as reply is that it only nudges the phone to fetch new messages. It still connects directly as well, as I have heard it (though it seems silly to me, why not just put the encrypted message right in there? Or is that a metadata thing then, revealing the message length to Google/Apple? Idk).
> Knock at the door of that European datacenter and hope employees won't say anything to the press?
That is very much how legal intercept works. And the NSA doesn't do those, it's a judge that gives the tap warrant and something like police (or a person of similar status) that executes it. I have never heard of it being leaked that some company is being tapped or in relation to which case (for all we'd know, it would be on European orders). That taps are happening is a well-known fact, just not on whom and especially not for what purpose. In a tour of an ISP data center, they pointed out now-decommissioned tap boxes to us that the police had put there. Distinctively blue in color if I remember correctly, and a hacker space later made a, um, tap out of one of them (beer tap).
> For once, an advantage of The Cloud™ haha
:D
> I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address.
Indeed; that's not what I meant, but I that sentence can indeed be read both ways (sorry). I meant to say that you don't know who's running servers, like, do you run one? Do I? Or the other way around: do I connect to a Matrix server? You have to actively check the server since the traffic is just TLS on tcp/443 (so much for passive tapping). More concretely, if a government (judge, secret service, ...) wants to find whom I talk to, instead of knocking on the door of a (few) central service(s) like Amazon or even Signal itself and telling them to send copies of TCP flow logs, you have to first tap my home IP, mobile data, see where I connect, then check those servers if any of them might be chat servers, then request a tap on those IPs in their respective countries, use that to check who else connects to those, if it's more than a handful of people you need to do traffic correlation there as well...
I see what you mean, though, with the centralized system requiring one to overcome scaling issues before any intercept can start, and potentially requiring cooperation of a party like Signal who will certainly make a ruckus. Which one will turn out to be easier might depend a lot on the situation.
> the NSA and its partner agencies are sitting at every major internet backbone.
They definitely have taps in many places, but all of them, in each country? And what about private peerings, can I not talk to anyone within one country without it being caught? Surely when ISPs A and B have a private peering in Germany, the BND doesn't automatically have a permanent tap installed there. It seems to me like there would be too many interconnects to really monitor all of them. But this is rather speculative, I don't really know. Also about the tier 1 backbones: sure it's a fair assumption that a random one of them is being tapped and so we need proper encryption, and also multiple strategic ones, but all of them all the time all across the world? I don't know.
> (Unless, maybe, your Matrix contacts are all in your neighborhood and are all with the same ISP.)
We here are Internet people, we talk to faraway people all the time. A good friend of mine lives on the second-furthest continent, latency-wise (Australia/NZ would be further), our traffic typically runs through the USA when we do a traceroute. Some of my friends moved to work in other countries. But an average mom, who does she talk to on WhatsApp? I think the furthest person my mom regularly talks to is me (~50km), and for faraway old friends maybe 150km across the country. The Matrix home server I use traceroutes through the nearest internet junction point (Frankfurt, 200km), I guess depending on how the physical interconnects go this might be on an easily tappable line, but it's not a given that it passes through a big backbone to make it onto another ISP's network within the country. In case you have some way to tell (I'm curious now), these seem like the most likely points in the trace:
6 bundle-ether2.0003.dbrx.02.fra.de.net.telefonica.de (62.53.28.149) 25.9 ms bundle-ether1.0003.dbrx.02.fra.de.net.telefonica.de (62.53.14.163) 21.5 ms
7 bundle-ether1.0005.prrx.02.fra.de.net.telefonica.de (62.53.10.51) 20.1 ms
8 ae3-1337.bbr02.anx25.fra.de.anexia-it.net (80.81.195.166) 24.3 ms
Anyway, what I was saying is that if you're hiding from the police or an intelligence agency, you'd probably avoid centralized servers, and that a random public home server is not as centralized as Signal. Not so much that this would definitely prevent a backbone capture, but that it would not make the traffic be caught in the same filter where they capture traffic going to/from a central chat service.
By the way, in general, I like your reasoning. I think the places we differ in opinion are mainly about how we weigh different risks or how prevalent we assume things are that neither of us can truly know. It's interesting to exchange thoughts and speculate about, though. There is no contact info in your profile but it might be fun to talk more about various topics - I see that you were asking in another thread about getting into cyber security. There are already good answers on that particular question, but as someone already in that field, perhaps I can be of help :). Since I keep this username loosely decoupled from chat accounts, you could shoot me an email at https://lucb1e.com/email-address/ with your matrix/signal/wire/... if you like!
> You connect to AWS when you connect to Signal. That means the USA is the government with the most influence on Amazon to have taps placed or connection logs handed over.
I'm not an networking guy but can you explain this more? I'm actually curious and what better place to get actual info than HN? If you have a sealed sender then shouldn't this be impossible? Shouldn't the size of the message be sealed as well and when the message is received you'd see that 1) it is signed by a different key and 2) the message size doesn't match? Shouldn't this be rejected? 3) Shouldn't this also apply to any app because traffic is going to bounce through some US based (or US company owned) server? My understanding is that sending data from San Francisco to Berkeley can route through Seattle or Tokyo depending on optimal routing, server configurations, and loads.
> Other than, say, your real-life-identity-tied user ID of course.
This is why I'm excited for the usernames. They are promising them this year.
Agreed about being optimistic about usernames. I'm hoping it'll be what we expect, I hear different things from different people but frankly I also have been too lazy to actually look into it (I feel like I'm always the one doing the digging).
> Shouldn't the size of the message be sealed as well
To hide the volume of data being sent, you need to limit how much data you can send. How would you hide from the relaying server how much data you're sending without adding dummy data? And if you add 0-500 bytes of dummy data every 5 minutes, then whenever you send >500 bytes or send a message more often than once per 5 minutes, the server still knows that it was an actual message and its size, and you can start to do traffic analysis.
> Shouldn't this also apply to any app because traffic is going to bounce through some US based (or US company owned) server?
Um, when I message my friend whose Matrix homeserver I'm using, the traffic involved is:
1. DNS lookup of a .de domain (does not reveal message size or anything else, even if I were to use Google DNS and reveal my home server to a USA company)
2. TCP connection to a German server
3. More traffic to his German server
And same on the receiving side. Unless one of us travels to the Americas, it's not likely to ever pass through the USA. That isn't to say that American agencies might not collaborate with European agencies or even tap European land-based connections, but it's harder and would not be an option available to criminal (or civil, for that matter) investigations due to the disproportionality of the method.
> can you explain this more?
I'm not quite sure what's unclear about it, but I'll give it another general shot. Imagine you see this traffic log, where A/B/C/D are different IP addresses. You see various people sending data of various sizes (you don't know who's who, but everyone connects from their own IP address, or in networking terms, a TCP tuple). Since the server is just pushing messages from one contact to another, like if Alice messages Bob, it will always forward a message as soon as possible.
00:00 A -> server: [17 encrypted bytes]
00:00 C -> server: [29 encrypted bytes]
00:00 server -> D: [17 encrypted bytes]
00:00 server -> B: [29 encrypted bytes]
00:01 D -> server: [48 encrypted bytes]
00:01 server -> A: [48 encrypted bytes]
From this, I would assume (without knowing any contents or anything else) that the subscriber behind IP address "A" is talking to the subscriber behind IP address "D", and that "C" is talking to "B". Now you can start building a social graph, which according to a paper I recently read (I could maybe dig it up again) needs only a few nodes before they can tell who you are, or they just ask the ISP (or in the case of the Netherlands, query the CIOT database[1]).
If you think that a "sealed sender" might hide your IP address, the answer is no because the packets somehow need to make it across the network to the right devices (or to the server for that matter) and then the receiver decrypts it.
[1] https://nl.wikipedia.org/wiki/CIOT only available in Dutch. TL;DR central mapping system of IP addr -> subscriber info, available at the police's discretion, updated daily.
There are opportunities that are rare or unique, and it doesn't matter that you're "catching up" - either you're good enough when the opportunity arises, or you've missed that window.
You might get a second chance later, but this opportunity is lost, and the options aren't "Signal or Matrix", the options are "Signal or frustrate people, get them to go back to Whatsapp, and be even more reluctant to switch later".
And even if through some magic Element was polished right now: Signal has been polished for years now, and as a result, has built up a brand and user base.
I'm not going to be able to switch all my already switch-reluctant friends to something they haven't heard about and that nobody uses; I am going to be able to switch them to Signal, because they've already been pestered about it by several people, have heard about it in the news, and (except for today, which is a huge problem for adoption/switching people over), it works.
At least on Android, Element is simply not suitable for end users. I'm not talking about some poorly formatted UI, I'm talking about confusing/broken UX and features that don't properly work.
So I put my tech elitism away and do what works, because otherwise we'll be stuck with Facebook.
Edit: Forgot the biggest problem: Matrix has no chance because it doesn't use phone numbers as a forced default. With Signal, if your friends have already installed it, you can just start using it with them. With Matrix, you can't. This is one of the hard choices that Moxie made that is a bit of a dick move but was absolutely necessary.
To be fair: I've been pleasantly impressed with Element actually from what I've seen of Mozilla's set-up. I can format my text, I can run it in my browser and it starts up very quickly.
You'll get disappointed once you actually start using it. Unfortunately. There are so many quirks, inconsistencies, poor UI/UX.
I've been using Matrix for maybe a year now with a group of techie friends and I would definitely not recommend it for my family members (who I just onboarded from Whatsapp to Signal the other day).
While I agree with the main point of your post ("so many quirks, inconsistencies, poor UI/UX ... not recommend it for my family members"), the availability of documentation doesn't mean it can't be intuitive. Aside from entering a custom home server on login (if applicable, that's something your family will not intuitively get with all the centralized services they're used to), after that one-time login I think most people should be able to find their way around if they try. And we definitely don't need phone numbers and SMS verification for usability: a username will do just fine, we don't have to spend 1.5 million USD from donations just on SMS codes in 2018 alone (source: tax filing).
> the availability of documentation doesn't mean it can't be intuitive
Sure, I'm not saying that either, and Matrix has been improving a lot since I first tried it maybe 2 years ago. But there's still a long way to go. I wasn't as focused on onboarding as I was on criticizing Element's UI/UX in general.
> And we definitely don't need phone numbers and SMS verification for usability: a username will do just fine
Phone number is just the easiest thing to do. No one is confused by the process and you immediately have access to all of your contacts, while with a username you somehow need to get all the usernames of all of your friends. Inviting new users to various channels kind of works, but it's not as personal as your own contact list.
Mind you I'm not saying it's the best option. Personally I'd rather register with a username, not only because I currently have three different phone numbers in use.
> we don't have to spend 1.5 million USD from donations just on SMS codes in 2018 alone (source: tax filing)
Yeah unfortunately they were. Income for that year (only year they filed so far) is 600k versus about 5M expenses, the largest single expense being sms verifications. Zero income from donations, perhaps they still ran that through the freedom of press foundation or what was it again that accepted donations on their behalf until they had the Foundation status? Either way, I wouldn't want to see the january 2021 bill.
> Either way, I wouldn't want to see the january 2021 bill.
Haha definitely not.
I would assume/hope that if Signal now starts going mainstream the donations will increase. I had donated sporadically in the past (have been using Signal since 2015) and now (since a couple of days ago) I'm doing monthly recurring donations. I'll recommend my friends to do the same, as I have been with Wikipedia and Archive.org.
I'm already having mild trouble to convince everyone to use signal, there is no chance I could get them to use and keep using Element. Element is terrible.
Well now, I wouldn't call it terrible, especially considering it's free and how much better it has gotten in the past years and how many volunteers have worked on it. It's quite decent really, even if not super smooth and polished.
It opens three messages - 2 of them modal and one annoyingly large - whenever I login, and I have to login every time I open it. I'd call that a quite terrible experience. Using the web app.
You pose this as centralization vs decentralization. This is actually Facebook vs Open Source, and for every feature that isn’t at parity with the existing solution, you lose users.
Is now the time to be dogmatic about decentralization?
E.g. OVH, Hetzner, TransIP... idk whatever kinda server you like. Or repurpose an old laptop at home, for a few Watts you get something that's usually more powerful per ¤ than a VPSes (or "cloud instances" in newspeak). Then install a Matrix server, add your domain, and you've got your own Signal alternative.
Or just use the standard matrix.org home server if you're just trying it out / don't mind a not-super-fast home server. Or one of a dozen public Matrix servers: https://www.hello-matrix.net/public_servers.php
Element is less polished than Signal app but they've been catching up quite fast. If you and your friends aren't locked into the Signal ecosystem yet, might be worth considering, especially if you're techies.