Political World Embraces Encrypted-Messaging App Signal Amid Fears of Hacking

>Signal, a smartphone app that allows users to send encrypted messages, is gaining popularity in the political world amid rising fears about hacking and surveillance in the wake of a tumultuous election year.

>Political aides close to President Donald Trump, former President Barack Obama and former Secretary of State Hillary Clinton are users. So are some close to New York Gov. Andrew Cuomo and New York City Mayor Bill de Blasio.

>Some say the legion of political types has a singular goal to avoid a repeat of the WikiLeaks scandal, in which the emails of Mrs. Clinton and her closest allies were dumped onto the internet.

>“Everybody learned the lessons of the Clinton campaign when it came to communicating about sensitive issues over email,” one former senior aide to Mr. Obama said. “No one wants to see that happen again.”

>Roger Stone, a longtime adviser to Mr. Trump, is on the app.

>“I learned my lesson when my email got hacked in September. It was hell,” Mr. Stone said in an email. He said 30 years of contacts were destroyed and his personal and business bank accounts were compromised.

>“I realized I needed a safer encrypted way to communicate—and NO I have never communicated with any Russians on Signal.”

>Built by the San Francisco-based Open Whisper Systems, Signal is based on end-to-end encryption in which only those in direct communication can read the messages.

>Signal has seen a roughly 400% increase in downloads since Election Day last November, said founder Moxie Marlinspike. He declined to say how many people use the app.

>“It’s funny,” Mr. Marlinspike said. “In the past, people asked, ‘Are you worried terrorists are using it?’ Now they’re asking about politicians.”

>Former Mayor Rudy Giuliani said he has had the app for a few weeks. “One of my cybersecurity experts downloaded it for me,” Mr. Giuliani said.

wsj.com/articles/political-world-embraces-encrypted-messaging-app-amid-fears-of-hacking-1485492485

Other urls found in this thread:

matrix.org
github.com/copperhead/Noise
blogs.fsfe.org/larma/2017/signal-backdoors/
twitter.com/SFWRedditGifs

>Current and former senior aides to Mr. Cuomo also have the app. So do City Council members Daniel Garodnick, David Greenfield and Corey Johnson. Other users are Howard Wolfson and Marc La Vorgna, aides to former Mayor Michael Bloomberg.

>Nearly a dozen officials or aides close to Mr. de Blasio are on the app, including press secretary Eric Phillips; Nisha Agarwal, who serves as commissioner for the mayor’s Office of Immigrant Affairs; and Dan Levitan, a political adviser.

>Dick Dadey, executive director of the Citizens Union, an ethics group, said he understood why politicians and their aides would seek to avoid a repeat of the WikiLeaks scandal. But he said that by using apps like Signal, they also could be keeping conversations private that should be made public under freedom of information laws.

>“There are consequences to our democracy when public officials or their aides are resorting to keeping their conversations private in this way,” Mr. Dadey said.

I bet the DNC doesn't use Signal.

mfw GPLv3

>I realized I needed a safer encrypted way to communicate—and NO I have never communicated with any Russians on Signal

"What are you pulling me over for Officer, and by the way there are no girls chained up in my basement"

>wsj.com

More like sjw.com

>Daniel Garodnick
>David Greenfield
>Howard Wolfson
>Dan Levitan
>former Mayor Michael Bloomberg.

The chosen trust their fellow chosen (((Moxie Marlinspike))) to keep them safe.

Bitches don't know about my qtox

>qtox

enjoy your security holes

1. It requires google apps
2. Running your own server is not supported and they want to make it as difficult as possible.
3. the server gets metadata about which phone number talks to which phone number.

Enjoy, goy

>fears about hacking
hey trump its me, ur brother

Oh, I use that app. I enjoyed it.

I am still skeptical about the safety in the long run though.

1. How are they paying for the bill to host these servers?
2. Aren't they still a single point of failure? Why can't I use my own servers instead?

Is wire better ?

(desktop version available, Signals does not have one)

Wire uses the Signal protocol and is open source now so if you need the desktop client, go for it.

>encription enables terrorism
>but it's OK if we use it

To be fair, why would you want your enemies to plot against you in secret?

You always want the best for you and the worst for your enemies.

You think liberals are happy that Trump aides use Signal?

thanks.

Still nobody to talk to.
Converting others (family/friends/normies) to do so would be so tiresome för mig.

1 is not legit as you can use microg and google push is only used for device wakeup
2 and 3 are sadly legit

>encription

lol

Point 1 ID moot as there is a Google free version on f-droid. But the other two points are very real and concerning, resistance like especially the meta data part.

Tyпoй тpeд.

>>To be fair, why would you want your enemies to plot against you in secret?
Well we don't have a choice of "privacy for the Good Guys, but not for the Bad Guys" - however you define which groups are good and which are bad. The choice is "privacy for anyone who wants it" and "privacy for nobody". Well, privacy for nobody, unless they refuse to use the special backdoored crypto, which is a great way to hurt law-abiding people while not impeding criminals or terrorists.

He's just saying that he hasn't used Signal to communicate with Russians.

He isn't discounting any other method.

>1. It requires google apps
Strictly for GCM/FBM which, if encrypted before being passed to the methods, is just a carrier for the encrypted data and a robust push server network for delivery.

You're totally right. I'm just saying that it's ok to not want your enemies to have an advantage.

Wire is much better. Looks better, has more features, just as secure, and has a desktop client. Signal is trash.

Wire's desktop client isn't exactly what you want though...

>not using Conversations
Why?

>use cell phone
>bitch about security holes

k

I find it strange how they describe the key derivation process, but there's absolutely no mention of entropy sources.
Shit that's not based on passwords has to use a true random number generator to make keys, and most consumer devices don't have those.

How about shaking your phone for 30 seconds?

Did signal developers mention that?

No.. i meant how god a sourve of entropy would it be?

Probably pretty good but it would be faster to take a picture with camera and hash it.

What do you guys think about DIME from the lavabit guy?

What about matrix? matrix.org

100% Open source
Decentralized
Federated
Easy to run your own server
End-to-end crypto based on the double ratchet that has seen a formal audit
Main client (riot.im) has builds for windows, mac, Linux, web, android and iOS
Active, open development community on matrix itself

Oh yeah it also has bridges into other communication silos like slack, irc and telegram

>webRTC
dropped
>cloning discord UI
dropped x100000000

It's ok but doesn't have a real desktop client. Just a web one.

Huh?

>not federalised
>uses google services
>requires phone number for registration

*federated

>github.com/copperhead/Noise
Signal fork called Noise that supports running without GCM so that makes point one null

trump doesnt even use email, he has carriers

Why doesn't standard point to point texting use encryption?

Just use Threema.

>Point 1 ID moot as there is a Google free version on f-droid.
Are you sure about that? Moxie said that they wouldn't put it in F droid because they felt it wasn't secure enough and it lacks features necessary for making durable software

>Phone verification
>A shitton of permissions including location, camera and microphone for an SMS app

This thing's bullshit

>microphone
You can send voice messages.
>camera
You can take photos in the app itself to send.
>location
I don't know what it is using this for.

because standard texting was invented 40 years ago and even if it used encryption it would be obsolete/ineffective nowadays

you can send a google maps link with your location

Ah, I see, I didn't check the giant attachment button.

I'll leave it here: blogs.fsfe.org/larma/2017/signal-backdoors/
tldr; Signal is just your average botnet messaging app.

>You think liberals are happy that Trump aides use Signal?

I'm liberal

Why wouldn't I be? Why would I be happier if their messages were unsecure and exploitable?

>COPPERHEAD
Truly the GOAT android devs. I run CopperhadOS on my Nexus 6P and it feels so good to be finally free from the botnet. I don't use Noise though, I'm more of a Jabber+OMEMO guy.

Designed by a hair growing hippie faggot error a queer self-given name, and it need your phone number. Oh Edward cuck Snowden uses it, wow must be great.

That's enough for me to delete signal. I also recently deleted WhatsApp and have not looked back - now I see who my true friends are. I informed everyone of my move to Wire app

Yet only 2 friends have joined me with it. The rest can fuck off. Mostly bitches I've fucked in the past few years anyway

Wired ticks all the boxes security wise, and also has a great UI. Perfect

it's a fork
and moxie is overrated

>Designed by a hair growing hippie faggot error a queer self-given name

Just say Jew

So you can more easily exploit them.

The problem with Moxie is not that he is a kike, it is that he is an obnoxious know-it-all faggot that for some fucking obscure reason got elevated to semi-god oracle status by certain people in the security community.

Signal leaks metadata though.
That's pretty much enough to incriminate everyone if you actually need privacy.

Does anybody know of an IM solution that doesn't leak metadata?

XMPP + OTR/OMEMO + TOR

How does signal/wire make their time worthwhile? They make no profit...

They are open source and funded by grants and venture capital.

Why do you care if they profit when their software is FOSS? Do you see all other FOSS software making a sustainable profit?

Try Conversations on android or ChatSecure on ios. Conversations is far superior though!

What if I want synchronised chat history on my computer as well? (On all of Windows, OSX, and Linux preferably.)

I ask because this isn't just me using but a whole, um, political party. We're using Telegram currently and yes, I know it's not secure enough, but for my government it should be enough (for now). But I am looking to move my whole team's communication to something more secure in the long run.

Then I can't really talk to iOS users.

You want Matrix/Riot for that. It's a more team-based software anyway and is more secure than Telegram.

I am following Riot/Matrix, but it seems it's still a bit immature currently (the group chat E2E encryption is still iffy, and the whole E2E encryption itself is still unaudited, isn't it?)

true patrician's choice

If a company isn't making profit by advertising they are doing it by selling customer information.

True. I'd wait as well.

>If a company isn't making profit by advertising they are doing it by selling customer information.

So is Firefox selling your browsing data?

Is Signal selling your message history?

you can retard
they both work on XMPP

the creator is a massive faggot

it demands real world identification to use

The android version demands nonfree software for NO reason, and aforementioned Flamboyant McFakeName C&Ds anybody who tries to work around it

>open source

>but not open anything else

iOS doesn't have as good an XMPP client as Conversations on Android.

You need a server which supports message carbons (XEP-0280) and message archiving (XEP-0136).
I never used the latter tho, so I can't be really sure about that, maybe that's not the right XEP.
Be advised that to use end-to-end encryption right technology illiterate people need some training, the shit we are talking here (Conversations, OMEMO, etc) will look like rocket science to the average political science graduate.

Phone numbers aren't metadata. Anybody who compromises Signal's servers has complete knowledge of the real world identities of users, who is talking to who, etc- everything but the messages. Why? Because the kike who is hailed as a scion of security THOUGHT PHONE NUMBERS WERE ANONYMOUS.

says literally in the post you replied to

You forgot the third option: they are making money by being paid by the government to monitor high-priority targets

Did you use your real, actual phone number for Signal? Congratulations, the government has a list of everyone you've been talking to and how much.

yea sure point out a few edge cases to try and invalidate my argument. A few non profits doesn't mean most companies are for profit.

faggie mcfakename shut that down ages ago

>Congratulations, the government has a list of everyone you've been talking to and how much.

Even a terrorist wouldn't give a fuck.

haha epic....

Considering DNC was compromised through internal leaks and social engineering, I don't think this is going to help at all.

>mfw i use silence

Silence is fucking great software, they are even working on adding XMPP support.
I have mixed feelings about having a single app managing both SMS and XMPP chats tho.
SMS is the definition of insecure shit while XMPP, if used the right way, is by far the best instant messaging protocol.

>politician's are ignoring that a lot of the Clinton mails were encrypted with PGP
It's not about tech, it's about having trusted people around you and not pissing the shit out of them

Aren't politicians supposed to use one time pads for serious shit?
People are so spoiled these days.
I bet most of them prefer voice to text systems like a bunch of morons.

I'd rather keep all my apps separate

Anything that runs on a proprietary operating system, especially on a mobile one, is not safe from spying. Nothing stops Google or Apple from keylogging your inputs or taking screenshots of your activities without your knowledge or consent. Even if you have access to the source code of the application itself, it doesn't change the fact that you're using a botnetted operating system to run it.

Your Linux isn't safe either, goy.

Hack me faggot, my ip address is: 127.0.0.1
Kill yourself.

>microg
You have to recompile the kernel to use it iirc

Libresignal is no more. It was deleted from fdroid because this Moxie faggot wants to have full control and doesnt want forks with "signal" in their name. More importanyly the said faggot doesnt want forks to use his servers, and atm the old libresignal build doesnt work anymore.

That fork is no more

Couldnt translate it, huh?

If anything don't use Telegram, thats abhorrent. You will need an xmpp server set configured to support 'modern' XEPs such as MAM and Carbons for the functionality you seek. You can then Conversations on android and Gajim on Lin/Win. This is for a fully self hosted, secure infrastructure with the ability to sync and do e2e encryption. Add raz0r @ conversations.im if you need more halp