This is why signal’s encrypted phone number lookup system is so cool. The server uses a bitwise xor when querying for numbers using hardware encrypted ram. The result is that even if you’re examining the machine at the most basic levels you can’t tell the difference between a negative or positive hit for the phone number unless you’re the phone requesting the api.
Obviously ratelimiting is a separate and important issue in api management.
The thing about building secure systems is that there are a lot of edges to cover.
I agree, but since a messaging apps utility is some fraction of the square of the # of users on the platform, a facile way to propagate virally is a de facto requirement for an app targeting wide spread adoption / discovery rather than targeted cells of individuals focused around a pre shared idea.
It’s a compromise meant to propagate the network, and it has a high degree of utility to most users. There are also plenty of apps that are de-facto anonymous and private. Signal is de facto non-anonymous but private, though using a personally identifiable token is not a hard requirement and is trivial to avoid by using free one time use number services.
Security and usability are frequently at odds. The ease with which users can discover and exchange messages with their contacts is a major usability issue. Phone number as a proxy for identity mostly works, at the cost of some privacy risks.
This made sense when Signal/TextSecure allowed users to send regular SMS, making it easy to convince others to set it as their default messenger.
Now that this crucial adoption feature has been removed, it makes zero sense for Signal to continue to rely on phone numbers. Since that feature has been removed, the utility of Signal has been lost anyway and many in my groups returned to regular SMS. So the system is already compromised from that perspective. At least forks such as Session tried to solve this (too bad Session removed forward secrecy and became useless)
Does Signal protect from the scheme when the government sends discovery requests for all existing phone numbers (< 1B) and gets a full mapping between user id and phone number?
While slightly unrelated, I thought, how we can fix this for truly secure and privacy-aware, non-commercial communication platforms like Matrix? Make it impossible to build such mapping. The core idea is that you should be able to find the user by number only if you are in their contact list - strangers not welcome. So every user, who wishes to be discovered, uploads hash(A, B) for every contact - a hash of user's phone number (A) and contact's phone number (B), swapped if B < A. Let's say user A uploaded hashes h(A,B) and h(A,C). Now, user B wishes to discover contacts and uploads hashes h(A, B) and h(B, D). The server sees matching hashes between A and B and lets them discover each other without knowing their numbers.
The advantages:
- as we hash a pair of 9-digit numbers, the hash function domain space is larger and it is more difficult to reverse the hashes (hash of a single phone number is reversed easily)
- each user can decide who may discover them
Disadvantages:
- a patient attacker can create hashes of A with all existing numbers and discover who are the contacts of A. Basically, extract anyone's phone book via discovery API. One way to protect against this would be to verify A's phone number before using discovery, but the government, probably, can intercept SMS codes and pass the verification anyway. However, the government can also see all the phone calls, so they know who is in whose phone book anyway.
- if the hash is reversed, you get pairs of phone numbers instead of just one number
> The server uses a bitwise xor when querying for numbers using hardware encrypted ram. The result is that even if you’re examining the machine at the most basic levels you can’t tell the difference between a negative or positive hit for the phone number unless you’re the phone requesting the api.
This article https://signal.org/blog/building-faster-oram/ has some details but is more focused on improving their solution other blogs from the are "we want to build this soon" kind of blogs. It seems that most articles about this topic either have too little content to be of interest or are technology previews/"we maybe will do that" articles about things Signal wants to implement, where it's unclear if they did do that or something similar.
To cut it short they use Intel SGX to create a "trusted environment" (trusted by the app/user) in which the run the contact discovery.
In that trusted environment you then run algorithms similar to other messengers (i.e. you still need to rate limit them as it's possible to iterate _all_ phone numbers which exist).
If working as intended, this is better then what alternatives provide as it doesn't just protect phone numbers from 3rd parties but also from the data center operator and to some degree even signal itself.
But it's not perfect. You can use side channel attacks against Intel SGX and Signal most likely can sneak in ways for them to access things by changing the code, sure people might find this but it's still viable.
In the end what matters is driving up the cost of attacks to a point where they aren't worth in all cases (as in either not worth in general or in there being easier attack vectors e.g. against your phone which also gives them what they want, either way it should be suited for systematic mass surveillance of everyone or even just sub groups like politicians, journalists and similar).
Still lame that they require phone number at all, it took them a long time to add usernames so you don't have to expose your phone number to a new contact. Still skeeves me out that the account is associated with a SIM at all.
We need an established secure anonymous/subpoena-resistant chat app at this point. Signal is great for a minimal threat model but we're kinda past that now given everything going on.
Simplex was a decent option but they're going down the crypto rabbit hole and their project lead is...not someone who should be trusted by anyone in the crosshairs right now.
Signal accounts do not require a SIM. There is no requirement that the phone you use for running the app Signal has the phone number you use for Signal login.
My Signal number is a Google Voice number that has nothing to do with any mobile phone. The Google account has advanced protection turned on so you can’t port it or get the SMSes without a hardware login token.
I thought you could compile from source and run Signal server instances, but there is no federation, so you would need a client that points to your server and you could only talk to other people using that client.
It's crazy how many security vulnerabilities are just people pinging http endpoints in ways they didn't expect. You would think in order to "hack" a system in 2025 you would need to be doing some crazy computer science wizardry but it really is just lazy engineers. Like how do you ship an API and have no rate-limiting. It literally takes a line to implement in Nginx.
Obviously software development in general has become more ingenious (by some metrics) over the past few decades but very little of its growth has involved secure development principles. Often the primary goal is efficiency and scalability with as little friction for the customer. The priority is enabling commerce, not protecting user data (slightly more so company data, but not by much). I speak to devs every week who are unfamiliar with things like JavaScript injection and SSRF, things that can be exploited by virtually complete beginners. From their perspective they were just building a neat feature, that it could be used to render external scripts or internal file paths literally did not occur to them. This isn’t a judgement of them, I appreciate the chance to help them, but just to say development has unfortunately always had other priorities.
Yup. This is some of the stuff that gets missed when understanding Security.
Ultimately, you're just buying time, generating tamper evidence in the moment, and putting a price-tag on what it takes to break in. There's no "perfectly secure", only "good enough" to the tune of "too much trouble to bother for X payout."
for quite a while I through many of those dump "internal network scanning automatized pentests" where pretty pointless
but after having seen IRL people accidentally overlooking very basic things I now (since a few years) think using them is essential, even through they often suck(1).
(1): Like due to false positives, wrong severity classifications, wrong reasoning for why something is a problem and in generally not doing anything application specific, etc.
I mean who would be so dump to accidentally expose some RCE prone internal testing helper only used for local integration tests on their local network (turns out anyone who uses docker/docker-compose with a port mapping which doesn't explicitly define the interface, i.e. anyone following 99% of docker tutorials...). Or there is no way you forget to set content security policies I mean it's a ticket on the initial project setup or already done in the project template (but then a careless git conflict resolution removed them). etc.
I stumbled upon a GOP jobs board a year ago that stored submitted job applications in the same search index as the job listings themselves, so all you had to do was search "bob" and find a bunch of resumes and application answers for people who had applied, I couldn't believe it.
When you go the website literally the first line is “ Say hello to Freedom Chat—a next-generation messaging app that keeps your conversations actually private
Since Anom, we need a new word than “honeypot”. The next secure messenger will not be created by these types. But many will be incrementally marketed, and each campaign will succeed in reaching a new batch of near-hit recruits.
we have so many failure-as-a-feature ops these days im surprised we aren't discussing it more. something that consistently happens with enough frequency without any repercussions ultimately just becomes a feature of its own.
we consistently have data breaches in institutions we trust is converging to a point where its literally just a data harvesting ops and everybody stops caring. They won't even bother to join class action lawsuits anymore because the rewards enrich the lawyers while everybody gets their twenty bucks in the mail after providing more personal data to the law firm its like a loophole.
we now have legalized insider trading in the form of "prediction markets", legalized money laundering and pump and dump through crypto, all of these always lead to failures for the participant disguised as wins.
When something is "super secure" you know it's full of holes. It's right up there with "impossible to hack" and "military grade" aka lowest cost bidder.
Why would you use a messaging platform that requires you to sign up with a very difficult to change piece of information that in many countries is tied to your ID and pretend it is secure?
Why in the world would any sane person utilize such an app, knowing what kind of people will be "at the other end" of communication, and what topics would be discussed, even if the most secure piece of software ever developed?
This is the same thing that sent weev to jail when he and JB did it against AT&T to determine the email addresses (instead of PINs) of every iPad 3G user.
For every conscientious hacker that tries to do everything right and have a secure and reliable app. There's ten naïve hackers that just publish whatever.
> To help bring this idea to life, I enlisted one of my employees from Zeke SEO—a very talented developer with an MBA in computer science from Stanford.
Pretty sure they just mean a Master degree and they _think_ that’s what MBA means. I might be too charitable, but if someone doesn’t have experience with higher education it’s not an unlikely mistake.
You can charitably read it as "MBA from Stanford, with a focus on computer science-related stuff," or maybe "MBA and a bachelor's in CS from Stanford." Or you could assume that it's an MS in CS that was 'autocorrected' to MBA.
But the way it's phrased and worded... at best, it's the kind of really bad typo that shows rank incompetence; at worst, it's outright fabrication that is actively lying about the credentials; and what I think most likely, it's obfuscation that's relying on credentialism to impart an imprimatur of credibility that is wholly undeserved (i.e. "I got an unrelated degree at Stanford, but it's Stanford and how could anyone who goes there be bad at CS?").
I think it was a typo. The computer scientist in question likely received his UGA degree in Sanford stadium, and in fairness no one else at the school was able to discern the difference between a business degree and computer science.
It really says a lot about our society in general. I believe there's a small portion of bad actors pushing stupid policies for their own agenda, but then I also believe there's a huge number of actual people who have lost any ability to reason critically and learn. What we're seeing is those people learning via trial and error while subjecting us to their live trials because they couldn't be bothered to pick up a book or trust the existing experts.
I don't know how to square "populism" with the metric asston of propaganda coming from people whose job is literally to know better but instead chose to feed people bad information and amplify stupidity. This ain't grass roots populism...at all.
Obviously getting people hooked on harmful lies was not originally populism. But now it sort of functions like populism. Now it hurts when the lies stop.
I think we've been the one who got fooled in some relationship. Maybe for you it wasn't a political party. I bet it still hurt.
Narcissists cannot be wrong. Ever. This quote is as close as he will allow himself to get. "8 Billion people didn't know health care would be this hard, me included."
If you reject the best and only easy option from the outset because you don’t want actual healthcare, then yeah… whatever remains is going to be “hard”.
What the US has right now is a complex entrenched system of financial middlemen that refuse to abandon their rent seeking. They provide only(!) financial “services” and will fight actual healthcare tooth and nail.
Trump wasn’t strong enough — or simply didn’t care enough — to fight these people.
>"Now, anyone who has read Mindset by Carol Dweck, Grit by Angela Duckworth, or The Brain That Changes Itself by Norman Doidge, M.D., knows that you can be, do, and have whatever you want."
The gap between "read" and "understood" swallows so many. Also, did he use TR's "Man in the Arena" quotation? Reader, of course he did.
Understanding these might not be enough, even. IDK about the last entry but IIRC the first two works are basically in the “pop-science/self-help woo” category that hustle-culture people reliably fall for.
I love it. This needs to be on the front page of every newspaper, hehe. I don't care if you're a republican or a democrat, anyone going that way deserves everything they get.
Software development and governance for this era, more or less yes.
There's a general zeitgeist of "Experts don't know what they're talking about" that has fed both pieces of this space. It's an Age of Doubt, as it were, but the hubristic kind of doubt, not the questing kind.
Not really, the grift is going exactly as planned. I indirectly, and accidentally, made some money off a similar grift about a year ago. I'm starting to think I should just lower my standards for a few years, then retire. It's so easy to extract millions from idiots, with very little investment.
Feels a little like clickbait "MAGA-themed", never heard of Converso.
That said, the analysis itself is interesting and worth a look, if nothing else it's a general pattern you can follow for many chat applications to see how secure it is.
I'm curious why a Canadian is so hell bent on causing more division in America by embedding his political views in an otherwise decent vulnerability analysis.
He makes it sound he's on some sort of a mission...like the users of the messaging app ( which I have never heard of before until today ) should face some sort of backlash for their own political views opposite of him....which is amusing to say the least as Canadians seem to have permanently marked conservatives, not just in their own country but all over the world as "MAGA".
also I'd appreciate if we can keep politics out which just detracts focus on technical end of things
This is an app specifically built for a specific political group, a group that is wreaking havoc on our science and technology. "MAGA" has become the go-to term for a global movement, because there is a global alt-right movement to undo progress and dominate others into their world view.
It's going to be a part of HN like it was the first go around. Being apolitical is how political groups like this come to power.
It appears that one of the most central aspects of MAGA is a postmodernist rejection of the very existence of expertise- except, ironically, in the art of grifting itself because they see “recognized experts” in any field as just very successful grifters. Hence replacing competent government employees at every level with incompetent employees. It would track that technology developed for and by the MAGA community is developed with the same philosophy. Anyone planning to buy the Trump phone?
Can those of you writing off half of America as “ignorant “ or “anti -science “ please move those comments back to Reddit. And what conclusions did you draw when obvious left leaning apps were breached ? FB, LI , Washington Post , twitter (pre Elon) all had breaches . Does that mean left and right leaning Americans are all ignorant ?
I don’t take any offense , but I do have high standards for this forum and cringe comments make me less likely to hang out here
None of the sites you mentioned are (or were) left-leaning unless you are saying anyone less politically correct than Fox News is leftie, but that’s missing the bigger reason why the MAGA connection matters: MAGA is at its heart conspiratorial, obsessed with the idea that the “elites” are against the common man. That war on expertise has been there from the beginning and it makes followers unusually vulnerable to scams because it normalizes this way of thinking that everyone’s opinion deserves equal weight. Sure, security experts say to use Signal but why should you trust them any more than the scientists who say the earth is warming or the economists who say that gold has drawbacks as the basis for an economic system?
It would waste my breath to try to convince you that MAGA Americans actually are intelligent. My point is that all apps have breaches , and a great many of them are run by liberals (who love climate change and inflation, as you do ) , so what does any of this have to do with a tech forum
They are left leaning and run predominantly by left leaning staff and boards . FB and X have pivoted opportunistically to Trump , and still only slightly
I feel like you are overthinking it. There's a segment of the population that share a set of values, they are collectively more active than average in imposing their worldview on the rest, and they've had a strong momentum towards their goals for a while.
They are labeled MAGA, and they are as real as any widespread social movement could be. If your point is that social movements don't really exist as a "material" entity, then we are just arguing semantics.
These might be the low-level trolls but there are also thousands of career beaurocrats in our non-democratic eastern neighbor countries who do exactly this as their full time job.
I hate to get into this, but I'm impressed by the ideological juggling. A conspiracy theory about minorities being anti-minority to weaken the majority by provoking them to anger against minorities?
I suppose I'm falling for the trolling right now.
EDIT: I assumed, perhaps wrongly, that OP was referring to individual "Africans and Indians" from the US. I suppose it does make some sense if we are talking about organised action from foreign powers.
> I suppose it does make some sense if we are talking about organised action from foreign powers.
It doesn't even have to be organized.
Ragebait gets clicks. X pays out for engagement. (https://help.x.com/en/using-x/creator-revenue-sharing) The amounts are low by US standards, but nice pay by developing world standards. Thus, a cottage industry of fake accounts arises, without needing nation-scale organization behind it.
It’s not trolling. When twitter turned on locations a few weeks ago many of the top maga accounts were revealed to be operating out of Russia or India.
Because people that don't think will believe the shown location is accurate, instead of whatever the corrupt jack-ass running the site wants it to show. Any account that praises him will be a "verified human US citizen"
I think the comment you're responding to just means monetizing high-visibility creators in general as a systemic practice, not deliberately facilitating deception.
There were a ton of "I'm a red blooded god fearing patriot"-type accounts being operated out of Russia, India, Pakistan, etc - the BBC link in another chain of this thread covers it. I think this is more about the global economy and the economics of western political engagement on digital platforms rather than some grand conspiracy, personally, but in a very literal sense, the post could be described as not technically inaccurate, even if missing the point and assigning personalized blame where it probably isn't warranted.
> WHO exactly is MAGA really? I am no longer convinced that MAGA is "real". Or really significant.
Many are easy to spot. All the people with giant "Make America Great Again" flags in their front yard or attached to their lifted pickup trucks. The people in my neighborhood who have their Christmas light decor as a giant sign of "TRUMP WAS RIGHT ABOUT EVERYTHING". Funny how they complain about the leftists killing Christmas by removing Christ but they went from having a nativity scene to having TRUMP take up their holiday decorations.
This org? Over the top patriotic branding (FREEDOM chat, logo is an eagle, etc). They make a point to be on Truth Social. On their Truth Social profile they have interviews on Breitbart and similar right-leaning people, including Laura Trump. Their brand Truth Social page constantly complaining about SOCIALISM.
If you're not seeing the MAGA alignment of this chat platform you're just not looking very hard.
Did it? Mentioning MAGA is smear? The app's intended audience is pretty clear.
But where I really disagree is promoting whataboutism. Anyone is free to submit stories about the foibles of the left or right, but what we don't need dualing whatabouts for every issue raised.
pretty sure they were calling out the "amazingly fast" portion of your quote as the lie, but feel free to ignore whatever doesn't help your narrative. I'm a poster on a forum, not a cop
Obviously ratelimiting is a separate and important issue in api management.
The thing about building secure systems is that there are a lot of edges to cover.
reply