Signal president Meredith Whittaker is prepared to withdraw the privacy-focused messaging app from Australia — saying she hopes it doesn’t become a “gangrenous foot” by poisoning its entire platform by forcing it to hand over its users’ encrypted data to authorities.
Ms Whittaker says Signal would take the “drastic step” of leaving any market where a government compelled it to create a “backdoor” to access its data, saying it would create a vulnerability that hackers and authoritative regimes could exploit, undermining Signals’ “reason for existing”.
Pressure has been mounting on Signal and other secure messaging platforms. ASIO director general Mike Burgess has urged tech companies to unlock encrypted messages to assist terrorism and national security investigations, saying offshore extremists use such platforms to communicate.
You might be right, but its going to get harder for them to crow about the wins ASIO is making when competent people are spinning up more bespoke solutions they have even less hope of compromising. Plus when people go down the current path that the UK populace is what are ASIO going to claim next, VPNs have to be banned. You know Australia lacks the technical competence to implement that correctly, suddenly every business is having their workflow broken to appease a bunch of “intelligence” wonks. The further they over reach the more likely they will trip themselves up.
A messaging app is extremely hard to “spin up bespoke solutions” for, because a solution’s success is 99% dependent on the network effect.
Perhaps when a protocol like signal but decentralised is available, then we might be able to say that.
There are already a bunch of them, including XMPP and Matrix which both implement Signal’s double ratchet encryption (via OMEMO, in XMPPs case)
Veilid comes to mind as well, still a work in progress
I’ve certainly played with Matrix, got voice working but video was a struggle (I may have just stuffed up my STUN server install). Yet again this is an area that organised crime, terrorist groups etc have it easier, they can dictate what their members use rather than relying upon persuasion to get them onboard. I am pretty certain that the NSA have people dedicated to infiltrating these sorts of small scale chat apps, but like everything else who knows how many are actually in the wild and just have good enough opsec to avoid that infiltration (and yes how many they let stay open for intelligence purposes).
I think that the number of folks who will run bespoke solutions will be so small that it’ll be insignificant. Signals benefit is its ease of onboarding. If Signal leaves ASIO knows there’s nothing else out there for 99% of it’s users.
With the irony being I am sure I read an article a few months back about the rise in small scale private encrypted chat applications that some groups are spinning up because they don’t trust things like signal.
I concede the point, maybe I am a bit blindsided by the level of knowledge I can bring to bear on this as I wouldn’t find it at all difficult to spin something up.
I mean how trivial would it be to insert encrypted packets using a one time pad into meme images, half the conversations between my wife and I would look suspicious under those circumstances, a straightforward sequence of pre shared DSA pairs and the odds of ASIO being able to break it are miniscule.
If you remember the article please share.
I can 100% commit to that, but I would suggest that its likely quite unlikely. I have a feeling it was offline on actual dead tree somewhere.
For the vast majority of people, you are right. But for the very few malignant actors, that is the thing they’ll do. It will make ASIO’s job harder as they’re now trying to trace foreign VPN’s, custom-made encryption programs and other stuff that I personally don’t know about (I’m not overly knowledgeable about such computer things).
The >99% of Signal users forced into the sunlight aren’t the threat. It’s the <1% of Signal users who ‘go underground’ that are the threat.
Personally, I’ll spin up a Mastodon (or similar) instance for my kid and his mates.
“Sir, we have identified a potential terrorist cell. Or a paedophile ring. Which week is it again?”