Difference between revisions of "Sweet Lies"
| Line 25: | Line 25: | ||
❌ Nobody can deploy a Signal server themselves (calling it something other than "Signal", of course).<p> |
❌ Nobody can deploy a Signal server themselves (calling it something other than "Signal", of course).<p> |
||
❌ Inspection of the Signal server code shows that it uses six US-based closed source cloud services. This is not ideal. These US services are an opportunity for sidechannel attacks and traffic analysis. '''Signal is still the most secure messaging system: it is end-to-end and does not store user data except to forward when necessary.'''<p> |
❌ Inspection of the Signal server code shows that it uses six US-based closed source cloud services. This is not ideal. These US services are an opportunity for sidechannel attacks and traffic analysis. '''Signal is still the most secure messaging system: it is end-to-end and does not store user data except to forward when necessary.'''<p> |
||
| − | ❌ Signal no longer enables federation of user data, meaning interoperability is not testable and that the Signal |
+ | ❌ Signal no longer enables federation of user data, meaning interoperability is not testable and that the servers run by Signal Messaging LLC are a single point of failure.<p> |
❌ Signal is not legal or suitable for use for sensitive purposes in Europe, because of the US cloud dependencies and because of the lack of reproducibility. Something as vital as this (eg recommended for use by the EU parliament) needs to fully comply with EU privacy regulations, for the benefit of all.<p> |
❌ Signal is not legal or suitable for use for sensitive purposes in Europe, because of the US cloud dependencies and because of the lack of reproducibility. Something as vital as this (eg recommended for use by the EU parliament) needs to fully comply with EU privacy regulations, for the benefit of all.<p> |
||
❌ Signal is currently entirely hosted in the US. [[Analysis of EU-US Privacy Shield|This is legally and technically unacceptable for EU organisations]] given the above potential vulnerabilities.<p> |
❌ Signal is currently entirely hosted in the US. [[Analysis of EU-US Privacy Shield|This is legally and technically unacceptable for EU organisations]] given the above potential vulnerabilities.<p> |
||
Revision as of 16:05, 16 March 2022
The Signal secure communications app is the best existing solution for private communication we have, and the team are quite rightly respected around the world. Signal is open source, and Sweet Lies changes server code to make it possible to run your own Signal server anywhere you want.
NLnet has awarded funding to Sweet Lies.
Signal is Great
Signal is the only personal messaging codebase which has good privacy and is all of:
✅ Validated by independent, academic, cybersecurity peer review
✅ Open Source
✅ Widely used, clients on multiple platforms, reasonably accessible clients
✅ Mainstream - many tens of millions of users. Even the EU parliament insists on Signal for internal communications
✅ Seemingly, so far, Signal has successfully resisted efforts of authorities and also criminals to break its security
What Is Not So Good About Signal
Signal also has some urgent problems:
❌ Signal is not reproducible. Reproducibility is a first basic requirement for security and therefore trust. This is a not a deliberate ploy on the part of the Signal team, they are simply very busy making a good app.
❌ Nobody can deploy a Signal server themselves (calling it something other than "Signal", of course).
❌ Inspection of the Signal server code shows that it uses six US-based closed source cloud services. This is not ideal. These US services are an opportunity for sidechannel attacks and traffic analysis. Signal is still the most secure messaging system: it is end-to-end and does not store user data except to forward when necessary.
❌ Signal no longer enables federation of user data, meaning interoperability is not testable and that the servers run by Signal Messaging LLC are a single point of failure.
❌ Signal is not legal or suitable for use for sensitive purposes in Europe, because of the US cloud dependencies and because of the lack of reproducibility. Something as vital as this (eg recommended for use by the EU parliament) needs to fully comply with EU privacy regulations, for the benefit of all.
❌ Signal is currently entirely hosted in the US. This is legally and technically unacceptable for EU organisations given the above potential vulnerabilities.
Introducing Sweet Lies
The Sweet Lies goal is to create a reproducible build of Signal client and server code, and then uses this to set up a Signal network. The outcomes will be a recipe for creating a Signal-identical network, with evidence that this recipe gives correct results. The next stage is to enable federation for connecting to other, independent Signal server instances, but since federation in Signal has been deprecated since 2016 there are many unknowns.
Sweet Lies relies on the production Not Forking tool developed for LumoSQL.
It seems very likely that when we can turn on a clone Signal network, that organisations of all kinds would very much like to have that same system themselves so they can be assured they have their own private Signal. This is a commercial opportunity.
(Why the name "Sweet Lies"? Several other names proved unusable, and the Fleetwood Mac song is about keeping secrets safe!)
Sweet Lies FAQ
Signal is an old design. Why not just write a modern distributed chat system? Because that will take years to build and have verified, and people need secure chat now, sometimes for life-and-death reasons. In 5-10 years probably nobody will be using Signal, but today there really isn't a choice.
How long will this take? It is now the end of February 2022, and I estimate the first test builds will be available by around the beginning of July 2022, with publicly visible progress well before that. There are a lot of details to figure out.
If Signal has all these problems, why not do a hard fork and fix them? Because the Signal team are doing a really good job, and I would not want to try to duplicate what they do without having a large team with plenty of funding. Especially if it was just to try to replicate all the best parts of Signal which we could have for free already!
What about Matrix? They are open source and they just got lots of funding! The Matrix team are lovely and I wish them every success. I have found their solutions to be unstable at even quite modest scale and a very large codebase for the functionality it delivers. A lot of projects would love to use Matrix instead of, say, libera.chat irc - but they can't because Matrix still has implementation issues. And as for independent security review, well there's a lot of attack surface on Matrix. I'm very open to hear updates and corrections on this.