Tag: signal

With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’

[ad_1]

“We don’t want to be the outlier that proves the rule, we want to be a new set of rules leading the way to a much more open and diverse tech ecosystem,” Whittaker said, “that isn’t reliant on like five companies and 15 guys and a paradigm that is very, very stale and ultimately not healthy for the world and the future.”

It costs around $50 million per year to run Signal and Whittaker noted at the event that there are no easy answers to finding that type of funding—or more—for projects that need consistent, independent, and secure backing without being subject to the forces of data monetization and surveillance capitalism.

“None of this is simple, friend,” Whittaker said. “There’s a type of capital we need. How do we get it?”

The first Trump presidency in the United States was increasingly hostile to encryption and independent tech, so with a new Trump administration looming and anti-encryption advocates making inroads in governments around the world, what comes next for Signal?

“Signal knows who we are. Signal will continue being Signal,” Whittaker says. “Signal has one thing we do and we do it really well and we do it pretty obsessively, and that is: provide truly private communications infrastructure to everyone, everywhere globally. Full stop. We’re not changing.”

[ad_2]

Source link

December 3, 2024
Seriously, Use Encrypted Messaging | WIRED

[ad_1]

Encrypted messaging is a godsend for mobile communications, whether you’re just sending standard texts to your friends that you want kept private, or engaging in interactions that are better kept secret for safety reasons. Apps like Signal and Telegram offer users the ability to trade messages that can be read by only the sender and the receiver. Of course, people can also use that privacy as a way to conduct unsavory dealings without having to worry about their communications getting exposed.

Encrypted messaging has been in the news for the past couple weeks, largely because of the arrest of Telegram CEO Pavel Durov, who is being accused by the French government of failing to comply with law enforcements’ demands to help catch some people who are using the app for criminal activity. Durov’s arrest also casts a light on the rising profile of Signal, a fully encrypted messaging app that’s always taken a stance against the collection of its users’ data.

This week on Gadget Lab, WIRED security writer Andy Greenberg joins us to talk about how encrypted messaging works, what can go wrong, and how while Telegram and Signal may seem similar, the ways they operate are different—and might affect what makes them liable for what users share on its platforms.

Show Notes

Read Andy’s interview with Signal president Meredith Whittaker. Read Lily Hay Newman and Morgan Meeker’s reporting on the arrest of Telegram’s founder and its broader criminal investigations. Follow all of WIRED’s coverage of Signal and Telegram.

Recommendations

Andy recommends the memoir My Glorious Defeats: Hacktivist, Narcissist, Anonymous by Barrett Brown. Mike recommends taking a ride in a Waymo, just to get an idea of the future of driverless cars that is coming. Lauren recommends The Ringer’s story about the new baseball team, the Oakland Ballers.

Andy Greenberg can be found on social media @agreenberg.bsky.social. Lauren Goode is @LaurenGoode. Michael Calore is @[email protected]. Bling the main hotline at @GadgetLab. The show is produced by Boone Ashworth (@booneashworth). Our theme music is by Solar Keys.

How to Listen

You can always listen to this week’s podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here’s how:

If you’re on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts, and search for Gadget Lab. If you use Android, you can find us in the Google Podcasts app just by tapping here. We’re on Spotify too. And in case you really need it, here’s the RSS feed.

[ad_2]

Source link

September 5, 2024
Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong

[ad_1]

So we have to look like a tech company in some ways to be able to do what we do.

If I could get into the actual story of your career, you said in your initial blog post when you took the president role that you’ve always been a champion of Signal. I think you said you used RedPhone and TextSecure?

I did.

I tried those at the time, enough to write about them. But they were pretty janky! I’m impressed or maybe a little weirded out that you used them back then.

But I was in tech. Right? All the cool people in tech were already using them.

And you were at Google at that time?

Yeah. I was with Google then.

What was somebody like you even doing at Google, honestly?

Have you ever heard of needing money to live and pay rent, Andy? [Laughs.] Have you heard of a society where access to resources is gated by your ability to do productive labor for one or another enterprise that pays you money?

I get that! But you are now such a vocal anti-Silicon-Valley, anti-surveillance-capitalism person that it’s hard to imagine—

I’m not anti-tech.

Yeah, I didn’t say that. But how did you end up at Google?

Well, I have a degree in rhetoric and English literature from Berkeley. I went to art school my whole life. I was not looking for a job in tech. I didn’t really care about tech at that time, but I was looking for a job because I graduated from Berkeley and I didn’t have any money. And I put my résumé on Monster.com—which, for Gen Z, it’s like old-school LinkedIn.

I was interviewing with some publishing houses, and then Google contacted me for a job as something called a … what was it, consumer operations associate?

Consumer operations associate?

Yeah. What is that? None of those words made sense. I was just like, that sounds like a business job.

So I set up a Gmail account to respond to the recruiter. And then I went through, I think, eight interviews and two weird sort of IQ tests and one writing test. It was a wild gauntlet.

What year was this?

I started in July of 2006. Ultimately what a “consumer operations associate” meant was a temp in customer support. But no one had told me that. And I was like, what is this place? Why is the juice free? The expensive juice is free. I’d never been in an environment like that. At that point, Google had hit an inflection point. They had a couple of thousand employees. And there was a conviction in the culture that they had finally found the recipe to be the ethical capitalists, ethical tech. There was a real … self-satisfaction is maybe an ungenerous way to put it, but it was a weird exuberance. I was just really interested in it.

And there were a lot of blank checks lying around Google at that time. They had this 20 percent time policy: “If you have a creative idea, bring it to us, we’ll support it”—all of this rhetoric that I didn’t know you shouldn’t take seriously. And so I did a lot of maneuvering. I figured out how to meet the people who seemed interesting. I got into the engineering group. I started working on standards, and I was just, in a sense, signing my name on these checks and trying to cash them. And more often than not, people were like, “Well, OK, she got in the room, so let’s just let her cook.” And I ended up learning.

[ad_2]

Source link

August 28, 2024
Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

[ad_1]

The third new feature, which is not enabled by default and which Signal recommends mainly for high-risk users, allows you to turn off not just your number’s visibility but its discoverability. That means no one can find you in Signal unless they have your username, even if they already know your number or have it saved in their address book. That extra safeguard might be important if you don’t want anyone to be able to tie your Signal profile to your phone number, but it will also make it significantly harder for people who know you to find you on Signal.

The new phone number protections should now make it possible to use Signal to communicate with untrusted people in ways that would have previously presented serious privacy risks. A reporter can now post a Signal username on a social media profile to allow sources to send encrypted tips, for instance, without also sharing a number that allows strangers to call their cell phone in the middle of the night. An activist can discreetly join an organizing group without broadcasting their personal number to people in the group they don’t know.

In the past, using Signal without exposing a private number in either of those situations would have required setting up a new Signal number on a burner phone—a difficult privacy challenge for people in many countries that require identification to buy a SIM card—or with a service like Google Voice. Now you can simply set a username instead, which can be changed or deleted at any time. (Any conversations you’ve started with the old username will switch over to the new one.) To avoid storing even those usernames, Signal is also using a cryptographic function called a Ristretto hash, which allows it to instead store a list of unique strings of characters that encode those handles.

Amid these new features designed to calibrate exactly who can learn your phone number, however, one key role for that number hasn’t changed: There’s still no way to avoid sharing your phone number with Signal itself when you register. The fact that this requirement persists even after Signal’s upgrade will no doubt rankle some critics who have pushed Signal’s developers to better cater to users seeking more complete anonymity, such that even Signal’s own staff can’t see a phone number that might identify users or hand that number over to a surveillance agency wielding a court order.

Whittaker says that, for better or worse, a phone number remains a necessary requisite as the identifier Signal privately collects from its users. That’s partly because it prevents spammers from creating endless accounts since phone numbers are scarce. Phone numbers are also what allow anyone to install Signal and have it immediately populate with contacts from their address book, a key element of its usability.

In fact, designing a system that prevents spam accounts and imports the user’s address book without requiring a phone number is “a deceptively hard problem,” says Whittaker. “Spam prevention and actually being able to connect with your social graph on a communications app—those are existential concerns,” she says. “That’s the reason that you still need a phone number to register, because we still need a thing that does that work.”

[ad_2]

Source link

February 20, 2024
WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

[ad_1]

Meanwhile, Julia Weis, a spokesperson for the Swiss messaging app Threema, says that while WhatsApp did approach it to discuss its interoperability plans, the proposed system didn’t meet Threema’s security and privacy standards. “WhatsApp specifies all the protocols, and we’d have no way of knowing what actually happens with the user data that gets transferred to WhatsApp—after all, WhatsApp is closed source,” Weis says. (WhatsApp’s privacy policy states how it uses people’s data.)

When the EU first announced that messaging apps may have to work together in early 2022, many leading cryptographers opposed the idea, saying it adds complexity and potentially introduces more security and privacy risks. Carmela Troncoso, an associate professor at the Swiss university École Polytechnique Fédérale de Lausanne, who focuses on security and privacy engineering, says interoperability moves could potentially lead to different power relationships between companies, depending on how they are implemented.

“This move for interoperability will, on the one hand, open the market, but also maybe close the market in the sense that now the bigger players are going to have more decisional power,” Troncoso says. “Now, if the big player makes a move and you want to continue being interoperable with this big player, because your users are hooked up to this, you’re going to have to follow.”

While the interoperability of encrypted messaging apps may be possible, there are some fundamental challenges about how the systems will work in the real world. How much of a problem spam and scamming will be across apps is largely unknown until people start using interoperable setups. There are also questions about how people will find each other across different apps. For instance, WhatsApp uses your phone number to interact and message other people, while Threema randomly generates eight-digit IDs for people’s accounts. Linking up with WhatsApp “could de-anonymize Threema users,” Weis, the Threema spokesperson says.

Meta’s Brouwer says the company is still working on the interoperability features and the level of support it will make available for companies wanting to integrate with it. “Nobody quite knows how this works,” Brouwer says. “We have no idea what the demand is.” However, he says, the decision was made to use WhatsApp’s existing architecture to run interoperability, as it means that it can more easily scale up the system for group chats in the future. It also reduces the potential for people’s data to be exposed to multiple servers, Brouwer says.

Ultimately, interoperability will evolve over time, and from Meta’s perspective, Brouwer says, it will be more challenging to add new features to it quickly. “We don’t believe interop chats and WhatsApp chats can evolve at the same pace,” he says, claiming it is “harder to evolve an open network” compared to a closed one. “The second you do something different—than what we know works really well—you open up a wormhole of security, privacy issues, and complexity that is always going to be much bigger than you think it is.”

[ad_2]

Source link

February 6, 2024