Difference between revisions of "Sweet Lies"

From Dan Shearer CV
 
(32 intermediate revisions by the same user not shown)
Line 1: Line 1:
  +
The Sweet Lies project aims to make the ''server'' for [[:wikipedia:Signal (software)|Signal secure and private chat]] available to everyone. Only the phone and desktop client is available today.
Sweet Lies is a small but vital modification of the Signal secure communications app. Signal is similar in function to WhatsApp and Telegram end-to-end communication systems, but unlike them is completely open source. NLnet has awarded funding to Sweet Lies. Signal is the best existing solution for private communication we have, and the team are quite rightly respected around the world.
 
   
  +
Privacy is closely related to fundamental human rights because private communications protect the rights of individuals, often including their personal safety. Private chat gives protection to people and groups who may be vulnerable or afraid, or just want to avoid the risk of embarrassment. Free speech and transparency are also very important, and they can only exist if there is first privacy.
The good news: Signal is the only personal messaging codebase which is all of:
 
   
  +
In the 21st century we have learned a lot about how to keep communications private. Mathematics is used to encrypt messages sent by software apps, and the big question is whether or not those apps have had the mathematics weakened to allow people listen in on all messages sent. Signal has chosen '''''not''''' to weaken its mathematics to the disappointment of many criminals and governments.
* Validated by independent, academic, cybersecurity peer review
 
* Open Source
 
* Widely used, ported, accessible and accepted
 
* Mainstream - even the EU parliament insists on its use for internal communications
 
* Seemingly, so far, successfully resisting efforts of many authorities to break its security
 
   
  +
This makes the Signal chat app the best existing solution for private communication. Signal consists of an app available in appstores, and also a Signal Server app run on a cluster of computers in one particular datacentre.
The bad news: Signal also has some critically urgent problems:
 
  +
  +
If you are using Signal, you are likely secure against some of the most common ways that someone would use to listen to what you say. But due to some transparency issues, there is a lot more that could be done. <blockquote><big>'''The Sweet Lies project changes the Signal Server open source code to make it possible to run your own Signal server anywhere you want.'''</big> </blockquote>[https://nlnet.nl NLnet] has awarded some funding to Sweet Lies and we thank them very much.
  +
  +
  +
''Update: On 24 Oct 2022 the first Sweet Lies source tree was published!''
   
* Signal is not reproducible. Reproducibility is a first basic requirement for security and therefore trust. This is a not a deliberate ploy on the part of the Signal team, they are simply very busy making a good app.
 
* Nobody can deploy a Signal server themselves (calling it something other than "Signal", of course).
 
* Signal is end-to-end and does not store user data except to forward when necessary. Nevertheless, inspection of the Signal server code shows that it uses six US-based closed source cloud services. Even though the data is safe, and even though many attacking organisations (eg the US FBI) have been frustrated that Signal does not keep data, this is still not ideal. These US services remain a significant opportunity for sidechannel attacks and traffic analysis.
 
* Signal no longer enables federation of user data, meaning interoperability is not testable and that the Signal servers are a single point of failure.
 
* Signal is not legal or suitable for use for sensitive purposes in Europe, because of the US cloud dependencies and because of the lack of reproducibility. Something as vital as this (eg recommended for use by the EU parliament) needs to fully comply with EU privacy regulations, for the benefit of all.
 
   
= Introducing Sweet Lies =
 
   
 
[[File:Fluister.png|150px|center]]
 
[[File:Fluister.png|150px|center]]
   
  +
== Why Signal is Good ==
The Sweet Lies scope is to create a reproducible build of Signal client and server code, and then uses this to set up a Signal network that has federation enabled for connecting to other, independent Signal server instances. The outcomes will be a recipe for creating a Signal-identical network, and a working proof that this recipe works for some
 
  +
 
Signal is the only personal messaging codebase which has good privacy and is all of:
  +
 
Validated by independent, academic, [https://eprint.iacr.org/2019/1416 cybersecurity peer review] <p>
  +
✅ Open Source, see https://github.com/signalapp <p>
  +
✅ Multi-platform apps (Android, Apple, Desktop), and the apps are reasonably [[:wikipedia:Computer accessible|accessible]] <p>
 
Mainstream - many tens of millions of users. Even the EU parliament recommends Signal for internal communications <p>
 
Seemingly, so far, resistant to efforts of criminals and also government authorities to break into its most detailed security <p>
  +
✅ Full of features. Signal can be compared to mainstream commercial apps like WhatsApp and Telegram, and yet still provides extra-good security. No geeky knowledge required
  +
  +
== Technical Problems with Signal Server ==
  +
 
Signal Server also has some urgent problems:
  +
 
Nobody can deploy a Signal server themselves (calling it something other than "Signal", of course).<p>
  +
❌ Inspection of the Signal server code shows that it uses at least six US-based closed source cloud services. These US services are an opportunity for sidechannel attacks and traffic analysis. '''Signal is still the most secure messaging system: Signal is end-to-end and does not store user data except to forward when necessary.'''<p>
 
Signal is not legal or even suitable to use for communications in Europe, because of the US cloud dependencies and also because of the lack of reproducibility. Something as vital as Signal (recommended for use by the EU parliament!) needs to fully comply with EU privacy regulations, for the benefit of all users everywhere.<p>
  +
❌ Signal is currently entirely hosted in the US, in an Amazon datacentre. [[Analysis of EU-US Privacy Shield|This is legally and technically unacceptable for EU organisations]] given the above potential vulnerabilities.<p>
  +
❌ Signal Server is configured to give some security information about individual end users to [https://en.wikipedia.org/wiki/Content_delivery_network Content Delivery Networks] without disclosure or consent. This point alone is sufficient to show that Signal does not preserve privacy as it should.<p>
 
Signal no longer enables federation of user data, meaning interoperability is not testable and that the servers run by Signal Messaging LLC are a single point of failure. Denying access to secure messaging is one way of attacking vulnerable people.<p>
 
Signal is not reproducible. Reproducibility is a first basic requirement for security and therefore trust. Many applications are not reproducible and reproducibility can be difficult, but a critical security app must be.<p><p><p>
  +
 
== Introducing Sweet Lies ==
  +
  +
The Sweet Lies goal is to create a reproducible build of Signal client and server code, and then uses this to set up a Signal network. <blockquote><big>The outcomes will be a recipe for creating a Signal-identical network, with evidence that this recipe gives correct results.</big></blockquote>The next stage is hopefully to enable federation for connecting to other, independent Signal server instances, but since federation in Signal has been [https://signal.org/blog/the-ecosystem-is-moving/ deprecated since 2016] there are many unknowns.
   
 
Sweet Lies relies on the production [[Not Forking]] tool developed for [[LumoSQL]].
 
Sweet Lies relies on the production [[Not Forking]] tool developed for [[LumoSQL]].
   
It seems very likely that when we can turn on a clone Signal network, that organisations of all kinds would very much like to have that same system themselves so they can be assured they have their own private Signal. This is a commercial opportunity.
+
It seems very likely that when we can turn on a clone Signal network, that organisations of all kinds would very much like to have that same system themselves so they can be assured they have their own private Signal.
   
 
''(Why the name "Sweet Lies"? Several other names proved unusable, and the Fleetwood Mac song is about keeping secrets safe!)''
 
''(Why the name "Sweet Lies"? Several other names proved unusable, and the Fleetwood Mac song is about keeping secrets safe!)''
   
= Sweet Lies FAQ =
+
== Sweet Lies FAQ ==
  +
 
'''Signal is an old design. Why not just write a modern distributed chat system?''' Because that will take years to build and have verified, and people need secure chat now, sometimes for life-and-death reasons. In 5-10 years probably nobody will be using Signal, but today there really isn't a choice.
   
  +
'''How long will this take?''' It is now September 2022, and I estimate the first test builds will be available by around the beginning of 2023, with publicly visible progress well before that. There are a lot of details to figure out.
'''Signal is an old design. Why not just write a modern distributed chat system?''': Because that will take years to build and have verified, and people need secure chat now, sometimes for life-and-death reasons. In 5-10 years probably nobody will be using Signal, but today there really isn't a choice.
 
   
'''If Signal has all these problems, why not do a hard fork and fix them?''': Because the Signal team are doing a ''really good job'', and I would not want to try to duplicate what they do without having a large team with plenty of funding. Especially if it was just to try to replicate all the best parts of Signal which we could have for free already!
+
'''If Signal has all these problems, why not do a hard fork and fix them?''' Because the Signal team are doing a ''really good job'', and I would not want to try to duplicate what they do without having a large team with plenty of funding. Especially if it was just to try to replicate all the best parts of Signal which we could have for free already!
   
'''What about Matrix? They are open source and they just got lots of funding!''': The Matrix team are lovely and I wish them every success. I have found their solutions to be unstable at even modest scale and a very large codebase for the functionality it delivers. A lot of projects would love to use Matrix instead of, say, libera.chat irc - but they can't because Matrix still has implementation issues. And as for independent security review, well there's a lot of attack surface on Matrix.
+
'''What about Matrix? They are open source and they just got lots of funding!''' The Matrix team are lovely and I wish them every success, and they do produce quite a functional federated chat solution. I have personally found Matrix to be unstable at even quite modest scale. In my view Matrix has a very large codebase for the functionality it delivers, and it would probably be very difficult to conduct an independent security audit of the Matrix code. A lot of projects would love to use Matrix instead of, say, [https://libera.chat/ libera.chat] - but they can't because Matrix still has these limitations. I'm very open to hear updates and corrections on this. Is someone independent studying the attack surface of Matrix? Are there new developments that make Matrix more stable at scale?
   
   

Latest revision as of 15:47, 12 December 2022

The Sweet Lies project aims to make the server for Signal secure and private chat available to everyone. Only the phone and desktop client is available today.

Privacy is closely related to fundamental human rights because private communications protect the rights of individuals, often including their personal safety. Private chat gives protection to people and groups who may be vulnerable or afraid, or just want to avoid the risk of embarrassment. Free speech and transparency are also very important, and they can only exist if there is first privacy.

In the 21st century we have learned a lot about how to keep communications private. Mathematics is used to encrypt messages sent by software apps, and the big question is whether or not those apps have had the mathematics weakened to allow people listen in on all messages sent. Signal has chosen not to weaken its mathematics to the disappointment of many criminals and governments.

This makes the Signal chat app the best existing solution for private communication. Signal consists of an app available in appstores, and also a Signal Server app run on a cluster of computers in one particular datacentre.

If you are using Signal, you are likely secure against some of the most common ways that someone would use to listen to what you say. But due to some transparency issues, there is a lot more that could be done.

The Sweet Lies project changes the Signal Server open source code to make it possible to run your own Signal server anywhere you want.

NLnet has awarded some funding to Sweet Lies and we thank them very much.


Update: On 24 Oct 2022 the first Sweet Lies source tree was published!


Fluister.png

Why Signal is Good

Signal is the only personal messaging codebase which has good privacy and is all of:

✅ Validated by independent, academic, cybersecurity peer review

✅ Open Source, see https://github.com/signalapp

✅ Multi-platform apps (Android, Apple, Desktop), and the apps are reasonably accessible

✅ Mainstream - many tens of millions of users. Even the EU parliament recommends Signal for internal communications

✅ Seemingly, so far, resistant to efforts of criminals and also government authorities to break into its most detailed security

✅ Full of features. Signal can be compared to mainstream commercial apps like WhatsApp and Telegram, and yet still provides extra-good security. No geeky knowledge required

Technical Problems with Signal Server

Signal Server also has some urgent problems:

❌ Nobody can deploy a Signal server themselves (calling it something other than "Signal", of course).

❌ Inspection of the Signal server code shows that it uses at least six US-based closed source cloud services. These US services are an opportunity for sidechannel attacks and traffic analysis. Signal is still the most secure messaging system: Signal is end-to-end and does not store user data except to forward when necessary.

❌ Signal is not legal or even suitable to use for communications in Europe, because of the US cloud dependencies and also because of the lack of reproducibility. Something as vital as Signal (recommended for use by the EU parliament!) needs to fully comply with EU privacy regulations, for the benefit of all users everywhere.

❌ Signal is currently entirely hosted in the US, in an Amazon datacentre. This is legally and technically unacceptable for EU organisations given the above potential vulnerabilities.

❌ Signal Server is configured to give some security information about individual end users to Content Delivery Networks without disclosure or consent. This point alone is sufficient to show that Signal does not preserve privacy as it should.

❌ Signal no longer enables federation of user data, meaning interoperability is not testable and that the servers run by Signal Messaging LLC are a single point of failure. Denying access to secure messaging is one way of attacking vulnerable people.

❌ Signal is not reproducible. Reproducibility is a first basic requirement for security and therefore trust. Many applications are not reproducible and reproducibility can be difficult, but a critical security app must be.

Introducing Sweet Lies

The Sweet Lies goal is to create a reproducible build of Signal client and server code, and then uses this to set up a Signal network.

The outcomes will be a recipe for creating a Signal-identical network, with evidence that this recipe gives correct results.

The next stage is hopefully to enable federation for connecting to other, independent Signal server instances, but since federation in Signal has been deprecated since 2016 there are many unknowns.

Sweet Lies relies on the production Not Forking tool developed for LumoSQL.

It seems very likely that when we can turn on a clone Signal network, that organisations of all kinds would very much like to have that same system themselves so they can be assured they have their own private Signal.

(Why the name "Sweet Lies"? Several other names proved unusable, and the Fleetwood Mac song is about keeping secrets safe!)

Sweet Lies FAQ

Signal is an old design. Why not just write a modern distributed chat system? Because that will take years to build and have verified, and people need secure chat now, sometimes for life-and-death reasons. In 5-10 years probably nobody will be using Signal, but today there really isn't a choice.

How long will this take? It is now September 2022, and I estimate the first test builds will be available by around the beginning of 2023, with publicly visible progress well before that. There are a lot of details to figure out.

If Signal has all these problems, why not do a hard fork and fix them? Because the Signal team are doing a really good job, and I would not want to try to duplicate what they do without having a large team with plenty of funding. Especially if it was just to try to replicate all the best parts of Signal which we could have for free already!

What about Matrix? They are open source and they just got lots of funding! The Matrix team are lovely and I wish them every success, and they do produce quite a functional federated chat solution. I have personally found Matrix to be unstable at even quite modest scale. In my view Matrix has a very large codebase for the functionality it delivers, and it would probably be very difficult to conduct an independent security audit of the Matrix code. A lot of projects would love to use Matrix instead of, say, libera.chat - but they can't because Matrix still has these limitations. I'm very open to hear updates and corrections on this. Is someone independent studying the attack surface of Matrix? Are there new developments that make Matrix more stable at scale?