Signal president Meredith Whittaker is prepared to withdraw the privacy-focused messaging app from Australia — saying she hopes it doesn’t become a “gangrenous foot” by poisoning its entire platform by forcing it to hand over its users’ encrypted data to authorities.
Ms Whittaker says Signal would take the “drastic step” of leaving any market where a government compelled it to create a “backdoor” to access its data, saying it would create a vulnerability that hackers and authoritative regimes could exploit, undermining Signals’ “reason for existing”.
Pressure has been mounting on Signal and other secure messaging platforms. ASIO director general Mike Burgess has urged tech companies to unlock encrypted messages to assist terrorism and national security investigations, saying offshore extremists use such platforms to communicate.
Well that would be incredibly fucked.
Yes it would be, let’s hope more companies follow that example. The more companies that make it clear that Australian politics are never an excuse for compromising the privacy and safety of their users the more hope there is that the message will start to get through. Plus we could serve as a salutory warning for the rest of the world… “Wow go down the path of driving whole market segments out of your economy has bad effects on that same economy.”
I can totally see Australian politics being OK with signal leaving, since that would push users on to other less secure/more compliant apps
You might be right, but its going to get harder for them to crow about the wins ASIO is making when competent people are spinning up more bespoke solutions they have even less hope of compromising. Plus when people go down the current path that the UK populace is what are ASIO going to claim next, VPNs have to be banned. You know Australia lacks the technical competence to implement that correctly, suddenly every business is having their workflow broken to appease a bunch of “intelligence” wonks. The further they over reach the more likely they will trip themselves up.
A messaging app is extremely hard to “spin up bespoke solutions” for, because a solution’s success is 99% dependent on the network effect.
Perhaps when a protocol like signal but decentralised is available, then we might be able to say that.
There are already a bunch of them, including XMPP and Matrix which both implement Signal’s double ratchet encryption (via OMEMO, in XMPPs case)
Veilid comes to mind as well, still a work in progress
I’ve certainly played with Matrix, got voice working but video was a struggle (I may have just stuffed up my STUN server install). Yet again this is an area that organised crime, terrorist groups etc have it easier, they can dictate what their members use rather than relying upon persuasion to get them onboard. I am pretty certain that the NSA have people dedicated to infiltrating these sorts of small scale chat apps, but like everything else who knows how many are actually in the wild and just have good enough opsec to avoid that infiltration (and yes how many they let stay open for intelligence purposes).
I think that the number of folks who will run bespoke solutions will be so small that it’ll be insignificant. Signals benefit is its ease of onboarding. If Signal leaves ASIO knows there’s nothing else out there for 99% of it’s users.
With the irony being I am sure I read an article a few months back about the rise in small scale private encrypted chat applications that some groups are spinning up because they don’t trust things like signal.
I concede the point, maybe I am a bit blindsided by the level of knowledge I can bring to bear on this as I wouldn’t find it at all difficult to spin something up.
I mean how trivial would it be to insert encrypted packets using a one time pad into meme images, half the conversations between my wife and I would look suspicious under those circumstances, a straightforward sequence of pre shared DSA pairs and the odds of ASIO being able to break it are miniscule.
If you remember the article please share.
I can 100% commit to that, but I would suggest that its likely quite unlikely. I have a feeling it was offline on actual dead tree somewhere.
For the vast majority of people, you are right. But for the very few malignant actors, that is the thing they’ll do. It will make ASIO’s job harder as they’re now trying to trace foreign VPN’s, custom-made encryption programs and other stuff that I personally don’t know about (I’m not overly knowledgeable about such computer things).
The >99% of Signal users forced into the sunlight aren’t the threat. It’s the <1% of Signal users who ‘go underground’ that are the threat.
Personally, I’ll spin up a Mastodon (or similar) instance for my kid and his mates.
“Sir, we have identified a potential terrorist cell. Or a paedophile ring. Which week is it again?”
You mean apps that they’d really like you pass age verification by having MyGovDigitalSurveillanceDefinitelyNotTrackingYou app?