Wasn’t the server an actual private server she had setup whereas this is a corporate app that is supposedly private if they are not lying and accessing the data. I mean this is way wore unless they put up a server to run the chat software.
It’s been proven that Signal doesn’t have chats or chat metadata in court but this is still a gross violation of OPSEC and all manner of federal law, which I’m not even qualified to talk about. In either case this is hundreds of times worse than the Clinton email server.
I don’t think anything can be proven unless you have admin rights to the server at all times. signals are encrypted every time they are sent encrypted. can it be turned off with a flag? does it run in dev without it for troubleshooting and if so is it impossible to enable in prod.
exactly. if they had self hosted then it would be closer to equivalent to hilaries email but if it was using signal as written but then there is the foia issue which was still possible with hilarys email server, but not under a self hosted signal if not altered.
The server can’t decrypt it if it doesn’t have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.
Of course, nobody as part of the linked article did any of that verification, but still, a server doesn’t need to be trusted to be functional.
Doesn’t matter. Signal desktop app can sync messages and be installed on compromised computers. One of the guys in the chat was in Russia visiting Putin. It would be trivial to sync the account to the app installed on compromised machines and basically become an invisible backdoor into every secure communication for that user. I have no doubt one of the users in the chat is setup like this.
Oh, I’m not defending these dumb-asses doing illegal things to avoid systems setup to safeguard American and its people. They absolutely could have synced things to compromised devices. Just that Signal, themselves, couldn’t do that.
In the case of signal, it is provable that it cannot. They do not hold the keys to decrypt. The closest risk is the server injecting a new public key into the conversation, which the Signal app will warn about.
Signal does hold the public keys for every user. But having the public key doesn’t let you decrypt anything. You need the private key to decrypt data encrypted with the public key. So in a chat example, if you and I exchange public keys, I can encrypt the message using your public key, but only you can decrypt it, using your private key.
Signal does run the key exchange, which means they could hand a user the wrong public key, a public key which they have the private key for, instead of the other person’s. That is a threat model for this type of communications, however, signal users can see the key thumbprints of their fellow chat participants and verify them manually. And once a chat has begun, any changes to that key alerts all parties in the chat so they know a change has happened. The new key wont have access to any previous or pending messages, only new ones after the change took place.
I mean I still don’t see how it can be encrypted for a private key with the deryption at some point running through the server unless the members devices at some point communicate with each other without the server as an intermediary. Is that what happens at some point?
It doesn’t matter what kind of server you’re using. Highly classified information has rules and regulations. Some stuff can only be talked about in certain buildings because the buildings were built to block listening devices.
This is a major fuck up that could have gotten American soldiers killed. Everyone involved should be in prison.
The first message may have been by mistake. Every single message after that was knowing and willful. This isn’t a message between friends. These were highly classified communications between top admin officials. They are aware of the law and policies regarding classified information and willfully engaged in communications on an unsecured platform. Any person could have stopped it after the first message.
Also, while using the app, there is zero accountability for who told who to do what within the government. FOIA is useless for any conversation happening within that app, self hosted or not.
Yep, OPSEC is definitely a major issue here. But the other problem is like you mention, zero accountability. Additionally, if they delete the chat, there is no way to reobtain the data for historical archive purposes, which is another law violation.
Wasn’t the server an actual private server she had setup whereas this is a corporate app that is supposedly private if they are not lying and accessing the data. I mean this is way wore unless they put up a server to run the chat software.
It’s been proven that Signal doesn’t have chats or chat metadata in court but this is still a gross violation of OPSEC and all manner of federal law, which I’m not even qualified to talk about. In either case this is hundreds of times worse than the Clinton email server.
I don’t think anything can be proven unless you have admin rights to the server at all times. signals are encrypted every time they are sent encrypted. can it be turned off with a flag? does it run in dev without it for troubleshooting and if so is it impossible to enable in prod.
okay, so self host it if that is part of your concern/threat model. the Signal server code is open to the public, you can see and download it here.
exactly. if they had self hosted then it would be closer to equivalent to hilaries email but if it was using signal as written but then there is the foia issue which was still possible with hilarys email server, but not under a self hosted signal if not altered.
The server can’t decrypt it if it doesn’t have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.
Of course, nobody as part of the linked article did any of that verification, but still, a server doesn’t need to be trusted to be functional.
Doesn’t matter. Signal desktop app can sync messages and be installed on compromised computers. One of the guys in the chat was in Russia visiting Putin. It would be trivial to sync the account to the app installed on compromised machines and basically become an invisible backdoor into every secure communication for that user. I have no doubt one of the users in the chat is setup like this.
Oh, I’m not defending these dumb-asses doing illegal things to avoid systems setup to safeguard American and its people. They absolutely could have synced things to compromised devices. Just that Signal, themselves, couldn’t do that.
I think we are more talking about can the server decrypt the data. Not that the data is encrypted.
In the case of signal, it is provable that it cannot. They do not hold the keys to decrypt. The closest risk is the server injecting a new public key into the conversation, which the Signal app will warn about.
Yeah I just don’t get this. How does a person added to a chat get keys then?
Signal does hold the public keys for every user. But having the public key doesn’t let you decrypt anything. You need the private key to decrypt data encrypted with the public key. So in a chat example, if you and I exchange public keys, I can encrypt the message using your public key, but only you can decrypt it, using your private key.
Signal does run the key exchange, which means they could hand a user the wrong public key, a public key which they have the private key for, instead of the other person’s. That is a threat model for this type of communications, however, signal users can see the key thumbprints of their fellow chat participants and verify them manually. And once a chat has begun, any changes to that key alerts all parties in the chat so they know a change has happened. The new key wont have access to any previous or pending messages, only new ones after the change took place.
I mean I still don’t see how it can be encrypted for a private key with the deryption at some point running through the server unless the members devices at some point communicate with each other without the server as an intermediary. Is that what happens at some point?
It doesn’t matter what kind of server you’re using. Highly classified information has rules and regulations. Some stuff can only be talked about in certain buildings because the buildings were built to block listening devices.
This is a major fuck up that could have gotten American soldiers killed. Everyone involved should be in prison.
I’m not sure we could prove this was knowing and willful. The Russian recipient of the messages is the most suspicious angle of attack.
Are you suggesting they didn’t know Signal wasn’t an approved platform for sensitive government communication and willfully used it anyway?
Is approval of a communications platform legally required, or just best practice? You can guess what the Republicans will argue.
Hillary got off for not knowingly leaking documents, so will these guys.
I hope you saw the transcripts of the messages today. Do you want to retract your statement?
I saw arrogant and stupid.
I didn’t see knowing and willful.
The first message may have been by mistake. Every single message after that was knowing and willful. This isn’t a message between friends. These were highly classified communications between top admin officials. They are aware of the law and policies regarding classified information and willfully engaged in communications on an unsecured platform. Any person could have stopped it after the first message.
The law requires people to knowingly and willfully release confidential information.
Just using unsecured platforms for communications is not illegal (otherwise Hillary would have been prosecuted).
Also, while using the app, there is zero accountability for who told who to do what within the government. FOIA is useless for any conversation happening within that app, self hosted or not.
Yep, OPSEC is definitely a major issue here. But the other problem is like you mention, zero accountability. Additionally, if they delete the chat, there is no way to reobtain the data for historical archive purposes, which is another law violation.