E
Story
“Super secure” messaging app leaks everyone's phone number
This is why signal’s encrypted phone number lookup system is so cool. The server uses a bitwise xor when querying for numbers using hardware encrypted ram. The result is that even if you’re examining the machine at the most basic levels you can’t tell the difference between a negative or positive hit for the phone number unless you’re the phone requesting the api.

Obviously ratelimiting is a separate and important issue in api management.

The thing about building secure systems is that there are a lot of edges to cover.

I don't think it's cool at all, a secure messaging app should not require personal/tracking identifiers like phone numbers in the first place.
  • maqp
  • ·
  • 16 hours ago
  • ·
  • [ - ]
The sad part is, that's what's keeping Signal safe from spam.

Also, average Joe is not using proxy to hide the IP-address of their device so they leak their identity to the server anyway. Signal is not keeping those logs so that helps.

Messaging apps cater to different needs, sometimes you need only content-privacy. It's not a secret you're married to your partner and you talk daily, but the topics of the conversation aren't public information.

When you need to hide who you are and who you talk to (say Russian dissident group, or sexual minorities in fundamentalist countries), you might want to use Tor-exclusive messaging tools like Cwtch. But that comes at a near-unavoidable issue of no offline-messaging, meaning you'll have to have a schedule when to meet online.

Signal's centralized architecture has upsides and downsides, but what matters ultimately is, (a) are you doing what you can in the architectural limitations of the platform (strong privacy-by-design provides more features at same security level), and (b), are you communicating the threat model to the users so they can make informed decision whether the applications fits their threat model.

If you intend to use SMS (phone numbers) as a resource constraint (sign up requires 'locking up' a resource that is worth at least a few cents) then at least you can offer a ZKP system where the 'consumed' phone number is not tied to an account. You could also offer to accept cryptocurrency for this function - call it a donation.

That Signal did none of those things implies that privacy was not their objective. Only secure communications was.

It's possible that the reason behind their anti-privacy stand is strategic, to discourage criminal use which could be used as a vector of attack against them. Doesn't change the fact that Signal is demonstrably anti-privacy by design.

Your first formulation I agree with:

> privacy was not their objective. Only secure communications was.

> Signal is demonstrably anti-privacy by design.

But your second is uncharitable and misses Signal's historical context.

The value of a phone number for spam prevention has been mentioned, but that's not the original reason why phone numbers were central to Signal. People forget that Signal was initially designed around using SMS as transport, as with Twitter.

Signal began as an SMS client for Android that transparently applied encryption on top of SMS messages when communicating with other Signal users. They added servers and IP backhaul as it grew. Then it got an iOS app, where 3rd party SMS clients aren't allowed. The two clients coexisted awkwardly for years, with Signal iOS as a pure modern messenger and Signal Android as a hybrid SMS client. Finally they ripped out SMS support. Still later they added usernames and communicating without exposing phone numbers to the other party.

You can reasonably disdain still having to expose a phone number to Signal, but calling it "anti-privacy by design" elides the origins of that design. It took a lot of refactoring to get out from under the initial design, just like Twitter in transcending the 140-character limit.

> Signal is demonstrably anti-privacy by design.

> You can reasonably disdain still having to expose a phone number to Signal, but calling it "anti-privacy by design" elides the origins of that design.

They introduced usernames without removing the requirement for phone numbers.

I rest my case.

  • hnarn
  • ·
  • 7 hours ago
  • ·
  • [ - ]
Not a very good case made since you obviously didn’t read the parent discussion.
The parent attempted to excuse them by pointing out that the initial design was based on phone numbers. Putting aside the fact that initial design is irrelevant to present design criticism, they went out of their way to design usernames yet deliberately disallow signup without phone numbers.

> Not a very good case made since you obviously didn’t read the parent discussion.

This isn't an argument, do you have anything to back up your assertion?

If privacy wasn't their objective they would just have a database of all the phone numbers.

Perfect privacy would mean not sending any messages at all, because you can never prove the message is going to the intended recipient. Any actual system is going to have tradeoffs, calling Signal anti-privacy is not serious, especially when you're suggesting cryptocurrency as a solution.

A ZKP system where you make a public record of your zero-knowledge proof sounds anti-privacy to me. Even if you're using something obfuscated like Monero, it's still public. I see where you're coming from, but I think I would prefer Signal just keep a database of all their users and promise to try and keep it safe rather than rely on something like Monero.

> have a database of all the phone numbers

They have exactly that. They rely on TPMs for "privacy" which is not serious.

> Perfect privacy would mean not sending any messages at all

Not sending messages is incompatible with secure messaging which is the subject of the discussion...

> ZKP system where you make a public record of your zero-knowledge proof sounds anti-privacy to me.

A zero-knowledge proof provably contains zero information. Even if you use a type of ZKP vulnerable to a potential CRQC it's still zero information and can never be cracked to reveal information (a CRQC could forge proofs however).

> especially when you're suggesting cryptocurrency as a solution

Would you elaborate on why cryptocurrencies are not a solution? Especially if combined with ZKPs to sever the connection between the payment and the account. When combined with ZKPs, they could even accept Paypal for donations in exchange for private accounts.

signal was intended for the general public. crypto defeats the purpose.
It's also possible that a lot of the criticism for Signal setting a practical/realistic level of what security they will try to provide, is from people who would rather that people either

1. were unable to communicate effectively, or

2. used no security at all.

Do you really use a communication system where you have all exchanged private keys in person and where even the fact that you use it is hidden from your government and phone operator?

I get zero spam on Line... I don't allow people to add me by phone number. Line isn't known for their cryptography/security skills.
I get lots of spam on WhatsApp which also requires a number. And some on signal too for that matter.

Signal is just much smaller in terms of users so the potential value is lower.

If you wanted to keep it safe from spam, you'd use a proof-of-work scheme using a memory-hard hash function like scrypt, or a Captcha, or an invite-code system like lobste.rs or early Gmail. Signal's architects already knew that when they started designng it.
  • maqp
  • ·
  • 15 hours ago
  • ·
  • [ - ]
>proof-of-work scheme using a memory-hard hash function like scrypt

So who's doing the computation? The spammer can't afford to run 3 second key derivation time per spam device? Or how long do you think normal user will wait while you burn their battery power before saying "Screw it, I'll just use WA"? Or is this something the server should be doing?

>Captcha

LLMs are getting quite good at getting around captchas.

>invite-code system

That works in lobste.rs when everyone can talk together, and recruit interesting people to join the public conversation. Try doing that with limited invites to recruit your peers to build a useful local network of peers and relatives. "I'm sorry Adam, I'm out of invites can you invite my mom's step-cousin, my mom needs to talk to them?"

>Signal's architects already knew that when they started designng it.

I think they really did, and they did what the industry had already established as the best practice for a hard problem.

The only reasonable alternative would've been email with heavy temp-mail hardening, or looking into the opposite end of Zooko's triangle and having long, random, hard-to-enumerate usernames like Cwtch and other Tor-based messengers do. But even that's not removing the spam-list problem of any publicly listed address ending up in a list that gets spammed with contact requests or opening messages with spam.

Those are reasonable questions, but they suggest that you don't understand the landscape very well.

The user's device has to do the computation for it to be effective. How long does it normally take to sign up for a new messaging service like WhatsApp? Five minutes? You should burn the user's cellphone battery for about half that long, 150 seconds, 50 times more than you were thinking. Plus another half-minute every time you add a new contact. Times two for every time someone blocks you, up to a limit of 150 seconds. Minus one second for each day you've been signed up. Or something like that.

The value of signing up for Signal is much higher to a real user than it is to a spammer, so you just have to put the signup cost somewhere in the wide range in between.

LLMs didn't exist when Signal was designed, and Captchas still seem to be getting a lot of use today.

Invite codes worked fine for Gmail, and would work even better for any kind of closed messaging system like Signal; people who don't know any users of a particular messaging system almost never try to use it. The diameter of the world's social graph is maybe ten or twelve, so invite codes can cover the world's social graph with only small, transitory "out of invites" problems.

The "industry" had "established" that they "should" gather as much PII as possible in order to sell ads and get investments from In-Q-Tel.

> How long does it normally take to sign up for a new messaging service like WhatsApp? Five minutes? You should burn the user's cellphone battery for about half that long, 150 seconds

If you actually do that you're going to crash a lot of cellphones and people will rightly blame your app for being badly coded.

What, their CPUs will overheat? I've run infinite loops on cellphones lots of times without that happening. In fact, I'm running four of them right now, and have been for the last five minutes as I write this comment. The battery drain is annoying but I haven't seen instability. I've run plenty of compiles on cellphones (things like BLAS and Numpy) that take longer than that, and I've never seen one crash a phone.
> Invite codes worked fine for Gmail

Back in 2004, sure. Today, Gmail asks you for a phone number when signing up because of the spam problem.

To be fair, Gmail asks for a phone number, but you dont have to add one.
This might depend on the country you're in, but I'm quite certain I've gotten locked out of the signup flow in the past when I refused to provide a phone number.
It depends what you do it from. If you do it from an android device you don't have to. If you do it from the web you do.
I don't think that's why they ask for it, no.
Exactly, just like all those site that added SMS 2FA didn't do it for the extra security.
  • maqp
  • ·
  • 14 hours ago
  • ·
  • [ - ]
>but they suggest that you don't understand the landscape very well.

Yeah, what could I possibly know about secure messaging.

>Plus another half-minute every time you add a new contact.

Can you point to some instant messaging app that has you wait 30 seconds before talking to them? Now niché is it?

You want proper uptake and accessibility to everyone, you need something like Samsung A16 to run the work in 150 seconds. Some non-amateur spammer throws ten RTX 5090s to unlock access to random accounts at 80x parallelism (capped by memory cost), with the reasonable time cost of whatever iterations that is, with quite a bit shorter time than 150 seconds. 121.5GFLOPs vs 10x104.8 TFLOPs leads to overall performance difference of 8,800x. And that account is then free to spam at decent pace for a long time before it gets flagged and removed.

The accounts are not generated in five minutes per random sweat shop worker: https://www.youtube.com/watch?v=CHU4kWQY3E8 has tap actions synced across sixty devices. And that's just to deal with human-like captchas that need to show human-like randomness. Proof-of-work is not a captcha, so you can automate it. Signal's client is open source for myriad of reasons, the most pressing of which is verifiable cryptographic implementations. So you can just patch your copy of the source to dump the challenge and forward it to the brute force rig.

Either the enumeration itself has to be computationally infeasible, or it has to be seriously cost limited (one registration per 5 dollar prepaid SIM or whatever).

>Invite codes worked fine for Gmail

Yeah and back in ~2004 when Hotmail had 2MB of free storage, GMail's 1,000MB of free storage may have also "helped".

All I know about your level of knowledge is what you post.

Scrypt is memory-hard precisely to defeat attacks like that, which reinforces my belief that you don't know what you're talking about. It doesn't matter how many FLOPS or integer MIPS you have.

  • maqp
  • ·
  • 12 hours ago
  • ·
  • [ - ]
So why don't you present your claim with more nuance than nu-uh, then?
Invite codes worked fine for Gmail, but you weren't limited to only the people on Gmail to talk to. It was a full, regular email service. You could email anyone and receive mail from anyone. I doubt it would have been very successful if it was invite only and you could only email other Gmail users for the first few years.

Waze was also invite-only, G+ was initially invite only. Did that model help or hurt them?

I think it helped them. Gmail had more trouble with invite codes because some people wanted a Gmail account, but didn't know any existing Gmail users, because Gmail was useful for communication with non-Gmail users.

G+ didn't have that problem so much, but I don't remember it using invite codes.

Sorry, not Waze, Wave.
If the PoW cost is a low-end cellphone CPU for 2.5 minutes, then it's nothing to the spammer with the 200-core hourly AWS server. If each spammer can create 10000 identities (not connections, identities) per hour, then you might as well not have a limit at all. If they could even create only 2 identities per day that would be enough to spam with (yet still unacceptable to actual users). 250000 identities per day is way too many.
The speed ratio is much smaller than you say with memory-hard PoW problems, which depend on the amount of RAM you have (and its response time). But it's surely true that a spammer could create many accounts per day, perhaps 1000 per hour on a big server, which could then go on to spam a few accounts each before becoming uneconomical to keep using.

But that would still put the CPM of the spam around US$2, which very few spammers can afford. Maybe mesothelioma lawyers and spearphishers.

You don't have to make spamming physically impossible, just unprofitable.

A single identity can send messages to hundreds or thousands of users.
Or a small payment in cryptocurrency.
Yes, that would also work, but you should probably offer alternatives.
  • ·
  • 14 hours ago
  • ·
  • [ - ]
> you'd use a proof-of-work scheme

I thought the general belief (e.g., '“Proof-of-Work” Proves Not to Work') was that proof-of-work isn't very good anti-spam.

> or a Captcha

Aren't bots better at those than humans by now?

And making people do captchas in an instant messenger is a great way to make people not use that instant messenger.

> or an invite-code system like lobste.rs or early Gmail.

That's not a long-term option if you want to make something mainstream.

There are people who believe that proof-of-work isn't very effective, but none of them have succeeded in spamming the Bitcoin network with blocks they've mined, driving the other miners out of business, nor (for the last several years) with spamming the Bitcoin network with dust transactions they've signed, so I don't think we should take their opinions very seriously.

Bots may be better than humans at Captchas now, although I'm not certain of that, but they certainly weren't when Signal was designed.

I don't see why invite codes would be a problem for mainstream use.

> There are people who believe that proof-of-work isn't very effective, but none of them have succeeded in spamming the Bitcoin network with blocks they've mined, driving the other miners out of business, nor (for the last several years) with spamming the Bitcoin network with dust transactions they've signed, so I don't think we should take their opinions very seriously.

Different system. The parent and GP are talking about proof-of-work being used directly for account creation. If a chat service required mining-levels of PoW (and hence any prospective new users to have an ASIC), it would not be very popular. Nor would it be very popular if it used a relative difficulty system and the spammers used dedicated servers while the legitimate users had to compete using only their phones.

  • ·
  • 14 hours ago
  • ·
  • [ - ]
  • ·
  • 14 hours ago
  • ·
  • [ - ]
> none of them have succeeded in spamming the Bitcoin network with blocks they've mined

I'm not saying you're wrong, but I have no idea what you're getting at, because the sentence sounds kind of absurd. As a result, I'm not sure if it addresses your point, but just to throw it out there: Bitcoin and anti-spam are different applications of proof of work. Anti-spam has to strike a compromise between being cheap for the user (who is often on relatively low-powered mobile hardware), and yet annoying enough to deter the spammer. It's not unreasonable to believe that such a compromise does not exist.

> Bots may be better than humans at Captchas now, although I'm not certain of that, but they certainly weren't when Signal was designed.

Fair point, but again, even in 2014, an instant messenger with captchas would have much more friction than every other messenger. And captchas aren't just bad because they introduce enough friction to drive away pretty much everybody: they also make users feel like they're being treated as potential criminals.

> I don't see why invite codes would be a problem for mainstream use.

Can you elaborate? Invite codes blocking access to the service itself "like lobste.rs" mean that no one can use your service unless they've been transitively blessed by you. That's obviously going to limit its reach...

Bitcoin had a spam transaction problem ("dust transactions") which was a bigger problem than email spam, because every transaction is received by every node. It was easy to solve because Bitcoins are minted by proof of work.

I don't think a Captcha for signup would have been much friction. Certainly less than providing a phone number.

Why would someone want to use a closed messaging service like Signal unless they knew an existing user? I don't think that the requirement for that existing user to invite them would be a significant barrier. So I think it's not going to limit its reach.

> That's not a long-term option if you want to make something mainstream.

Groups in messaging apps rarely contain more than 100 users. So invite codes can work well for messaging apps.

Signal blasted my whole contacts list the day I signed up so that I was surprised to see lots of people saying "finally you got signal". That was also the moment I uninstalled the app. Leaking contact info appears to be part of the design.

Should have deleted my account instead of just removing the app, because it turns out the difference between using signal and using SMS is obscured for most phones, and when people thought they were texting me they weren't. I was just out of contact for a long time as people kept sending me the wrong kind of messages. I suppose one could argue protecting contact/identity is not a real goal for e2e encryption, but what I see is a "privacy oriented" service that's clearly way too interested in bootstrapping a user base with network effects and shouldn't be trusted.

> Leaking contact info appears to be part of the design.

Those people already had your contact info, probably.

Also, I think there is a setting in Signal to prevent that - and via the OS you can block Signal's access to your contacts, of course.

> Those people already had your contact info, probably.

What leaked was that I was a signal user, and that the person on the other side was a signal user. The security implications are obvious, and by itself, that's already enough to get someone who really needs to care about privacy killed.

> Also, I think there is a setting in Signal to prevent that

False. It happened without my permission as soon as the app was installed, and there was no way to opt out. Maybe they changed it since then, but the fact remains they obviously cared more about network-effects and user-counts than user privacy.

Sigh, there's just no need for this kind of apologism. You could just admit that a) it's bad behavior, b) they did it on purpose, and c) it's not possible to trust someone who does something like this. I'm aware they are nonprofit, so I don't know why it's like this, but the answer is probably somewhere in the list of donors.

How would you suggest Signal allow you to communicate with your contacts without leaking the fact that both of you are Signal users? Should it just blackhole the message if the other number doesn't have an account?

I understand the unease about the notifications, but there are some hard tradeoffs between how you can store as little information as possible, remain as decentralized as possible, while getting the same benefits as centralized systems like Facebook.

I'm really of the opinion that a messenger similar to Signal but more centralized in the fashion of WhatsApp or even Facebook Messenger should exist, but I also understand why Signal works the way it does.

That's a lot to pile on people who disagree with you. Maybe other people have perspectives that are both 1) different from yours and, 2) valid?
> Maybe other people have perspectives

Yeah, no. The whole "every perspective has some validity" thing won't really apply to most safety/security issues. The most charitable thing to say here is that the workflow is completely broken. Less charitable but also valid is pointing out that it's actively harmful, and deliberate. I would be really surprised if this hadn't ever caused serious consequences whether a whistle blower was fired, an abused spouse got extra abused, or an informant was killed. If you think you've got a "valid perspective" that prioritizes mere user-discovery over user-safety, then you should not be attempting work that's close to safety and security, full stop.

The people that already had your contact info in their devices were notified that you joined Signal via that contact info?

Seems like it was working as designed, if you don't want any app to get your contact info don't share your contact info to anyone ever. Eventually they will share that info with any app.

When someone on your contacts list gets Signal, Signal displays this in its UI. I don't think this is a privacy violation. Signal aims to hide your messages, but it does not have its own contacts system, and piggybacks on your existing phone number and phone number contacts. Nor does it attempt to hide the fact you have Signal.
Security and usability are frequently at odds. The ease with which users can discover and exchange messages with their contacts is a major usability issue. Phone number as a proxy for identity mostly works, at the cost of some privacy risks.
This made sense when Signal/TextSecure allowed users to send regular SMS, making it easy to convince others to set it as their default messenger.

Now that this crucial adoption feature has been removed, it makes zero sense for Signal to continue to rely on phone numbers. Since that feature has been removed, the utility of Signal has been lost anyway and many in my groups returned to regular SMS. So the system is already compromised from that perspective. At least forks such as Session tried to solve this (too bad Session removed forward secrecy and became useless)

What's more secure? A moderately secure messaging app all your friends have installed, or a very secure messaging app nobody else has?
Signal requires a phone number for signup but you only have to share a username.

We know from subpoenas that signal only holds the user phone number, creation timestamp, and last login timestamp. That’s it.

I agree, but since a messaging apps utility is some fraction of the square of the # of users on the platform, a facile way to propagate virally is a de facto requirement for an app targeting wide spread adoption / discovery rather than targeted cells of individuals focused around a pre shared idea.

It’s a compromise meant to propagate the network, and it has a high degree of utility to most users. There are also plenty of apps that are de-facto anonymous and private. Signal is de facto non-anonymous but private, though using a personally identifiable token is not a hard requirement and is trivial to avoid. (A phone number of some kind is needed once for registration only)

Signal's security model does not include metadata, and this is a valid design.
  • 0x1ch
  • ·
  • 16 hours ago
  • ·
  • [ - ]
There's no alternative to reduce spam and fake accounts, unless we collectively are fine with blocking Russia, India, China, and friends from the internet.
Does Signal protect from the scheme when the government sends discovery requests for all existing phone numbers (< 1B) and gets a full mapping between user id and phone number?

While slightly unrelated, I thought, how we can fix this for truly secure and privacy-aware, non-commercial communication platforms like Matrix? Make it impossible to build such mapping. The core idea is that you should be able to find the user by number only if you are in their contact list - strangers not welcome. So every user, who wishes to be discovered, uploads hash(A, B) for every contact - a hash of user's phone number (A) and contact's phone number (B), swapped if B < A. Let's say user A uploaded hashes h(A,B) and h(A,C). Now, user B wishes to discover contacts and uploads hashes h(A, B) and h(B, D). The server sees matching hashes between A and B and lets them discover each other without knowing their numbers.

The advantages:

- as we hash a pair of 9-digit numbers, the hash function domain space is larger and it is more difficult to reverse the hashes (hash of a single phone number is reversed easily)

- each user can decide who may discover them

Disadvantages:

- a patient attacker can create hashes of A with all existing numbers and discover who are the contacts of A. Basically, extract anyone's phone book via discovery API. One way to protect against this would be to verify A's phone number before using discovery, but the government, probably, can intercept SMS codes and pass the verification anyway. However, the government can also see all the phone calls, so they know who is in whose phone book anyway.

- if the hash is reversed, you get pairs of phone numbers instead of just one number

There's some really interesting stuff we've been looking into on the Matrix side to solve this - e.g. https://github.com/asonnino/arke aka https://eprint.iacr.org/2023/1218 or https://martin.kleppmann.com/2024/07/05/pudding-user-discove....

Meanwhile, Matrix for now does support hashed contact lookup, although few clients implement it given the privacy considerations at https://spec.matrix.org/unstable/identity-service-api/#secur...

Yeah you're doing a lot better job on the privacy side than signal is IMO.

Especially just being able to run my own service will be priceless when something like chatcontrol eventually makes it through. Signal can only comply or leave, but they'll never manage to kill all the matrix servers around.

Signal publicly shares government requests AND the data that they send them

The data Signal has is: 1) registration time for a given phone number, 2) knowledge of daily login (24hr resolution). That's it. That's the metadata.

They do not have information on who is communicating with who, when messages are sent, if messages are sent, how many, the size, or any of that. Importantly, they do not have an identity (your name) associated with the account nor does that show for contacts (not even the phone number needs be shared).

Signal is designed to be safe from Signal itself.

Yes, it sucks that there is the phone number connected to the account, but you can probably understand that there's a reason authorities don't frequently send Signal data requests; because the information isn't very useful. So even if you have a phone number associated with a government ID (not required in America) they really can only show that you have an account and potentially that the account is active.

Like the sibling comment says, there's always a trade-off. You can't have a system that has no metadata, but you can have one that minimizes it. Signal needs to balance usability and minimize bots while maximizing privacy and security. Phone numbers are a barrier to entry for bots, preventing unlimited or trivial account generation. It has downsides but upsides too. One big upside is that if Signal gets compromised then there's can be no reconstruction of the chat history or metadata. IMO, it's a good enough solution for 99.9% of people. If you need privacy and security from nation state actors who are directly targeting you then it's maybe not the best solution (at least not out of the box) but otherwise I can't see a situation where it is a problem.

FWIW, Signal does look to be moving away from phone numbers. They have usernames now. I'd expect it to take time to completely get away though considering they're a small team and need to move from the existing infrastructure to that new one. It's definitely not an easy task (and I think people frequently underestimate the difficulty of security, as quoted in the article lol. And as suggested by the op: it's all edge cases)

https://signal.org/bigbrother/

> Phone numbers are a barrier to entry for bots, preventing unlimited or trivial account generation.

What's wrong with account generation? Nothing. The problem is if they start sending spam to random people. So we can make registration or adding contacts paid (in cryptocurrency) and the problem is gone.

>So we can make registration or adding contacts paid (in cryptocurrency) and the problem is gone.

The majority of the user base would be gone, too.

I had a hard enough time convincing my friend group to use Signal as is. If they had to pay (especially if it had to be via cryptocurrency) none of them would have ever even considered it.

I would rather pay $1 than with my phone number which is much much much more valuable. Telegram did an experiment with paid anonymous registration, but the prices were ridiculous and targeted for the riches.
>I would rather pay $1 than with my phone number which is much much much more valuable.

Most people would not, though, and that's the issue.

So let everyone pay with their preferred method and let evil governments go mind their own business.

  > What's wrong with account generation?
Your comment *literally* explains one issue...
>What's wrong with account generation?

What's right with it? Accounts being generated (i.e. many inauthentic accounts controlled by few people) are always used to send spam, there are no exceptions. The perpetrators should be in prison.

  • 0xCMP
  • ·
  • 15 hours ago
  • ·
  • [ - ]
Ah yes, and convincing friends/family/partners to use Signal instead of Whatsapp clearly what will convince them is that they need to setup, acquire, and use cryptocurrency to register or connect with me on the encrypted messaging service. "No thanks, I just use Whatsapp/iMessage. I heard they're actually e2e encrypted too, so what's the problem?"
That doesn't answer the GP question:

> Does Signal protect from the scheme when the government sends discovery requests for all existing phone numbers (< 1B) and gets a full mapping between user id and phone number?

Signal does have the phone numbers, as you say. Can they connect a number to a username?

  > That doesn't answer the GP question:
It does.

They asked

   >>> Does Signal protect from the scheme when the government sends discovery requests for all existing phone numbers (< 1B) and gets a full mapping between user id and phone number?
Which yes, this does protect that. There is no mapping between a user id and phone number. Go look at the reports. They only show that the phone number has a registered account but they do not show what the user id is. Signal doesn't have that information to give.

  > Can they connect a number to a username?
From Signal

  Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account.
This is in the details on[0] right above the section "Set it, share it, change it"

So Signal cannot use phone numbers to identify usernames BUT Signal can use usernames to identify phone numbers IF AND ONLY IF that username is in active use. (Note that the usernames is not the Signal ID)

If you are worried about this issue I'd either disable usernames or continually rotate them. If the username is not connected with your account at the time the request is being made then no connection can be made by Signal. So this is pretty easy to thwart, though I wish Signal included a way to automate this (perhaps Molly has a way or someone can add it?) Either rotating after every use or on a timer would almost guarantee that this happens given that it takes time to get a search warrant and time for Signal to process them. You can see from the BigBrother link that Signal is not very quick to respond...

[0] https://signal.org/blog/phone-number-privacy-usernames/

The hash space for phone numbers is so small that you can enumerate them all.
yes. users can disable phone number discovery
  • Groxx
  • ·
  • 15 hours ago
  • ·
  • [ - ]
can they disable it before or after it tells other people that they joined, if those other people had their number in their synced contacts list?

(I would be thrilled to learn that this changed, but it has been in place for many years and it's kinda hard to personally test)

yes before.

discoverability does default to "on", but there is an opportunity to disable it during registration, which prevents those notifications.

And it's trivial to reverse a hash in such a scenario. This scheme is completely broken.
Still lame that they require phone number at all, it took them a long time to add usernames so you don't have to expose your phone number to a new contact. Still skeeves me out that the account is associated with a SIM at all.
We need an established secure anonymous/subpoena-resistant chat app at this point. Signal is great for a minimal threat model but we're kinda past that now given everything going on.

Simplex was a decent option but they're going down the crypto rabbit hole and their project lead is...not someone who should be trusted by anyone in the crosshairs right now.

Can you explain more about simplex? I remember reading about it a while ago and being really impressed. Sad to hear the project is going downhill.
Check out the developer/owner's social media, the chats they're in, and their responses to others and you'll see. They're much more interesting in crypto and politics than they are acting professional in public and towards others while representing their project and company.

It's not hard to do so, so if they're having difficulty doing that, what other simple things are they having difficulty with? Why would anyone hinge their safety and well being on the whims of such a person?

I say this as a person who bought into the initial concept, and who has used it myself.

>They're much more interesting in crypto and politics

I have yet to see any of that while just using the app. Do you think people owning a project should not be allowed to have and share there options about anything but the project?

  • maqp
  • ·
  • 16 hours ago
  • ·
  • [ - ]
SimpleX front page lied by omission about it having no identifiers. The fine print threat model did not mention the server has access to your IP addresses, and the mitigation to create "decentralized" system of users talking via separate servers ran into the problem of there being two VPS companies hosting the entire public server infrastructure. These issues were major as SimpleX advertised itself as an improvement over Cwtch, which should've meant superset of metadata had been protected. But that obviously wasn't the case.

The CEO vanished from the discussion (again) so my proposals to improve ease of use of Tor never reached them. You can catch up on the discussion at https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-...

>so my proposals to improve ease of use of Tor never reached

Probably because it has always been trivial to proxy Tor with build in and supported socks5

What do you use now? Catch? Briar? Tox?

I liked the SimpleX concept, but would prefer its relay server were replaced by Tor or i2p network.

And if they used Signal instead of NIH protocol.

Actually, the only unique SimpleX feature I really like is that it uses separate ids for every connection and group.

  • maqp
  • ·
  • 14 hours ago
  • ·
  • [ - ]
>What do you use now?

Signal mostly.

>separate ids for every connection and group

The thing is, there's Akamai and Runonflux, two companies hosting the entire public SimpleX infrastructure. If you're not using Tor and SimpleX Onion Services with your buddies, these two companies can perform end-to-end correlation attacks to spy on which IPs are conversing, and TelCos know which IPs belong to which customers at any given time. Mandatory data retention laws about the assigned IPs aren't rare.

Yes, that's why I said I don't like their relays. It doesn't even have to be Akamai, you need to trust SimpleX first that not to track your IP. I'd rather use a messenger where something is not possible (or even hard) than trust.

As long as IP leaks are possible, I'd rather also use Signal, where at least the rest is battle tested and state of the art.

My concern with Signal is they'll either comply or move out of the EU with the incoming Chat Control, and I'd rather have a fully decentralized messenger with as few leaks as possible.

Maybe DeltaChat?
  • maqp
  • ·
  • 16 hours ago
  • ·
  • [ - ]
No. https://delta.chat/en/help#pfs
I agree, but you can mitigate that to some extent by using a phone number that is not linked to your identity.

Phreeli [https://www.phreeli.com/] allows you to get a cell number with just a zip code. They use ZKP (Zero Knowledge Proofs) for payment tracking.

In my country, you cannot legally get a phone number not linked to the identity, and the prices are relatively high on the black market. Also, the phone discloses your location with pretty good precision, especially in US where everyone is living in their own house.
  • sneak
  • ·
  • 17 hours ago
  • ·
  • [ - ]
Signal accounts do not require a SIM. There is no requirement that the phone you use for running the app Signal has the phone number you use for Signal login.

My Signal number is a Google Voice number that has nothing to do with any mobile phone. The Google account has advanced protection turned on so you can’t port it or get the SMSes without a hardware login token.

In my country I cannot buy a SIM card / phone number without giving my full identification.
Can you buy a phone number from a different country? (genuinely curious, I live somewhere I can buy a sim card with cash, and saw some in the impulse-purchase section of a store earlier today)
  • sneak
  • ·
  • 6 hours ago
  • ·
  • [ - ]
So buy a number from a different country.
It's still associated with a credit card and your google account requires another phone number to create.
But has something to do with a bank card you used to pay for it?
That's cool that there are phonenumbers without SIMs, my concern was more about SIM swap takeover. (Signal only guards this with a 4 digit PIN iirc)
  • Zak
  • ·
  • 15 hours ago
  • ·
  • [ - ]
The PIN can be longer than four digits. Signal also guards against this with safety numbers; if someone takes over an account, every contact will see that the safety number has changed and should consider that the account may be compromised until verifying out of band.
Google Voice doesn't look like a safe option, your number can be taken away if you forget to pay or you can be banned for arbitrary reason without a way to appeal.
> The server uses a bitwise xor when querying for numbers using hardware encrypted ram. The result is that even if you’re examining the machine at the most basic levels you can’t tell the difference between a negative or positive hit for the phone number unless you’re the phone requesting the api.

Do you have further reading on this?

This article https://signal.org/blog/building-faster-oram/ has some details but is more focused on improving their solution other blogs from the are "we want to build this soon" kind of blogs. It seems that most articles about this topic either have too little content to be of interest or are technology previews/"we maybe will do that" articles about things Signal wants to implement, where it's unclear if they did do that or something similar.

To cut it short they use Intel SGX to create a "trusted environment" (trusted by the app/user) in which the run the contact discovery.

In that trusted environment you then run algorithms similar to other messengers (i.e. you still need to rate limit them as it's possible to iterate _all_ phone numbers which exist).

If working as intended, this is better then what alternatives provide as it doesn't just protect phone numbers from 3rd parties but also from the data center operator and to some degree even signal itself.

But it's not perfect. You can use side channel attacks against Intel SGX and Signal most likely can sneak in ways for them to access things by changing the code, sure people might find this but it's still viable.

In the end what matters is driving up the cost of attacks to a point where they aren't worth in all cases (as in either not worth in general or in there being easier attack vectors e.g. against your phone which also gives them what they want, either way it should be suited for systematic mass surveillance of everyone or even just sub groups like politicians, journalists and similar).

https://signal.org/blog/private-contact-discovery/
I believe that the search term you can look for is constant time equality.
Do we relly know the server actually does this when you can't run your own Signal server instances you have compiled yourself from source code ?
  • maqp
  • ·
  • 16 hours ago
  • ·
  • [ - ]
Short answer is no.

Signal provides content-privacy by design with E2EE. Signal provide metadata-privacy by policy, i.e. they choose to not collect data or mine information from it. If you need metadata-privacy by design, you're better off with purpose-built tools like Cwtch, Ricochet Refresh, OnionShare, or perhaps Briar.

I thought you could compile from source and run Signal server instances, but there is no federation, so you would need a client that points to your server and you could only talk to other people using that client.

https://github.com/signalapp/Signal-Server

They use remote attestation based on SGX. So, assuming SGX can be trusted, yes. See https://signal.org/blog/private-contact-discovery/
and assuming you have a practical way to

- verify the attestation

- make sure it means the code they have published is the attested code

- make sure the published code does what it should

- and catch any divergence to this *fast enough* to not cause much damage

....

it's without question better then doing nothing

but it's fundamentally not a perfect solution

but it's very unclear if there even is a perfect solution, I would guess due to the characteristics of phone numbers there isn't a perfect solution

  • mjg59
  • ·
  • 9 hours ago
  • ·
  • [ - ]
Well, no - as long as someone you trust is able to do that verification, that's good enough.
> What’s going on in that user object? The pin field seems suspiciously related to the PIN we were asked to input after creating our account

This might be the fault of opt-out serialization library (by default it serializes the whole object and you need to manually opt-out fields from it). So a programmer adds a field, forgets to add opt-out annotation and voilà.

Or they are just using plain JS dicts on the server and forgot to remove the key before using it in a response.

> The vulnerability they’re talking about was presented in a paper by researchers at the University of Vienna.

This vulnerability (mapping phone numbers to user id via rendevouz API) is old and was exploited in 2016 in Telegram [1] and allowed Iranian govt to build a phone book of 15M Telegram users. The paper also mentions that the vulnerability was known in 2012, still not fixed.

[1] https://telegram.org/blog/15million-reuters

  • Yoric
  • ·
  • 14 hours ago
  • ·
  • [ - ]
> This might be the fault of opt-out serialization library (by default it serializes the hole object and you need to manually opt-out fields from it). So a programmer adds a field, forgets to add opt-out annotation and voilà.

In a previous job, on my first audit of the code, I spotted such vulnerabilities pretty much everywhere.

Developers simply need to stop using these libraries.

This is such a common issue I've seen in so many API backends, where sensitive fields on a record are getting sent to the client and no one notices because it's invisible in the UI.
The fact that the PIN is leaked is bad enough, but it also happens to be plaintext. This is a password. It should not be stored unhashed, and it should be hashed with strong algorithms.
  • cbsks
  • ·
  • 12 hours ago
  • ·
  • [ - ]
It’s a 6 digit pin. Doesn’t seem worthwhile to hash. What are the best practices here? I’m not sure
There is never a need to store a pin in the database, store it in temporary storage like redis. Set the TTL to the expiration date. You can hash if needed, but I’m less concerned that someone hacks into your reds instance and steals your pins from the last 10 minutes, bc everything else is gone.

There should never be a need to return a pin to the client. You’ve already texted/emailed it to them. They are going to send it back to you. You will check against your temporary storage, verify/reject, and delete it immediately after.

Yeah, you can only delay attacks by a tiny little bit, but the search space of 10^6 is just too small. Salting it doesn't give you much more security.
  • ·
  • 15 hours ago
  • ·
  • [ - ]
Sure. But why are we blaming libraries. This is the development process. Are BE developers not looking at their output anymore? Are we just vibe coding everything? If the UI does not complain then go to prod? This can’t be the expectation. And then you claim that your app is secure. Based on what review. Does not look like you even did an internal review? If you’re going to design a PIN feature, and don’t consider securing it, what part of design did you do?

I keep seeing people try to explain away incompetence by blaming unaccountable things aka the tool or system. Exposed password? Must be the library. People really should stop using it. No, the library is not wrong, ppl should be better developers.

Peer reviewed paper is full of AI slop, must not be the reviewer’s fault, the citations were there, they were just fake. What is going on?

It's crazy how many security vulnerabilities are just people pinging http endpoints in ways they didn't expect. You would think in order to "hack" a system in 2025 you would need to be doing some crazy computer science wizardry but it really is just lazy engineers. Like how do you ship an API and have no rate-limiting. It literally takes a line to implement in Nginx.
> It literally takes a line to implement in Nginx.

"Yeah but it wasn't in the docker tutorial I skimmed so I have no idea what it means."

Soon to be... "Yeah, it was the Ai, I have no idea how any of this works"
Though once s hits the fan, you can just tell AI “I have no idea how any of this works andI don’t really even care but I need rate limiting, so do what you must, I trust you”.
Except the vibe coders aren't going to know to even ask about rate limiting.
At least on the flipside. Code scanning tools are getting increasingly good. We finally moved to github at work and it's scanned the whole repo and pointed out tons of concerning security issues in the code. Not sure if it's powered by AI in any way (I assume not since they would scream from the rooftops if it was) but it's pretty useful.
for sure, coding scanning tools are indispensable, just like linting and testing.

They are likely a bit of both, increasingly more so going forward.

- some checks are straightforward and it would be dumb to use AI for them

- some checks require AI

Obviously software development in general has become more ingenious (by some metrics) over the past few decades but very little of its growth has involved secure development principles. Often the primary goal is efficiency and scalability with as little friction for the customer. The priority is enabling commerce, not protecting user data (slightly more so company data, but not by much). I speak to devs every week who are unfamiliar with things like JavaScript injection and SSRF, things that can be exploited by virtually complete beginners. From their perspective they were just building a neat feature, that it could be used to render external scripts or internal file paths literally did not occur to them. This isn’t a judgement of them, I appreciate the chance to help them, but just to say development has unfortunately always had other priorities.
> It literally takes a line to implement in Nginx.

Lots of things are really simple. But you have to know about them first.

I would hardly consider someone that doesn't even know what rate limiting is to be a "developer."
I once went to a B-Sides talk of a person that paid off their mortgage via API related bounties - you wouldve confused their presentation with a Postman 101 video if you were only half listening.
for quite a while I through many of those dump "internal network scanning automatized pentests" where pretty pointless

but after having seen IRL people accidentally overlooking very basic things I now (since a few years) think using them is essential, even through they often suck(1).

(1): Like due to false positives, wrong severity classifications, wrong reasoning for why something is a problem and in generally not doing anything application specific, etc.

I mean who would be so dump to accidentally expose some RCE prone internal testing helper only used for local integration tests on their local network (turns out anyone who uses docker/docker-compose with a port mapping which doesn't explicitly define the interface, i.e. anyone following 99% of docker tutorials...). Or there is no way you forget to set content security policies I mean it's a ticket on the initial project setup or already done in the project template (but then a careless git conflict resolution removed them). etc.

> You would think in order to "hack" a system in 2025 you would need to be doing some crazy computer science wizardry

Never heard of the wrench technique? It's always gonna work out great. Way cheaper and easier than "wizardy" too.

Ratelimiting doesn't solve anything, you can just parallelize your queries across IP addresses.
The whole "defense in depth" principle disagrees. Having a layered defense can not only buy defenders time, but downgrades attacks from 100% data exfiltration to <10%
Increasing the barrier to entry from "trivial" to "less trivial" is always a good start.
Yup. This is some of the stuff that gets missed when understanding Security.

Ultimately, you're just buying time, generating tamper evidence in the moment, and putting a price-tag on what it takes to break in. There's no "perfectly secure", only "good enough" to the tune of "too much trouble to bother for X payout."

https://en.wikipedia.org/wiki/Nirvana_fallacy
  • ben_w
  • ·
  • 18 hours ago
  • ·
  • [ - ]
> but I like to provide only the best blog posts to my tens of readers

It may not be pertinent to the subject, but clearly I have found a kindred spirit in this author.

Does Freedom Chat® have a feature to prevent journalists from joining your group chat? Asking for a friend that works at the DoD (sorry, DoW)
If I had a nickel for every "secure" app that handled sensitive user data and then subsequently leaked that data this year...

I'd only have 20 cents, which I guess is good. But I'm sure there's more I'm forgetting.

Related:

[1] https://news.ycombinator.com/item?id=44684373

[2] https://news.ycombinator.com/item?id=43964937

[3] https://news.ycombinator.com/item?id=45985036

For this specific movement, venturing outside Facebook Messenger is an important cue.
  • ·
  • 17 hours ago
  • ·
  • [ - ]
and these are just the ones we know about
I stumbled upon a GOP jobs board a year ago that stored submitted job applications in the same search index as the job listings themselves, so all you had to do was search "bob" and find a bunch of resumes and application answers for people who had applied, I couldn't believe it.
Which one ?
gopjobs.com, looks like it’s been fixed though
i tried to see if it has any ties to the actual GOP national or any state parties and it's unclear. I'm guessing it's not affiliated and GOP is not trademarked.

I asked because both political parties have chapters at national, regional, state & local levels so "GOP job board" on the face wasn't clear which organization was running it. Some parties cover rural counties of just a few thousand people.

Since Anom, we need a new word than “honeypot”. The next secure messenger will not be created by these types. But many will be incrementally marketed, and each campaign will succeed in reaching a new batch of near-hit recruits.
we have so many failure-as-a-feature ops these days im surprised we aren't discussing it more. something that consistently happens with enough frequency without any repercussions ultimately just becomes a feature of its own.

we consistently have data breaches in institutions we trust is converging to a point where its literally just a data harvesting ops and everybody stops caring. They won't even bother to join class action lawsuits anymore because the rewards enrich the lawyers while everybody gets their twenty bucks in the mail after providing more personal data to the law firm its like a loophole.

we now have legalized insider trading in the form of "prediction markets", legalized money laundering and pump and dump through crypto, all of these always lead to failures for the participant disguised as wins.

"Petepot"
> 2025-12-09: Freedom Chat notifies us issues have been patched

Have they?

This is why I'm skeptical of any app claiming "super secure" without open-source verification.

The real lesson: assume every service will eventually leak something. Use unique passwords everywhere, enable 2FA, and rotate credentials after breaches.

The tedious part is the rotation. I've seen people skip it because manually changing 50+ passwords is brutal. Automation helps but needs to be done securely (local-only, zero-knowledge).

When you go the website the first line is literally “Say hello to Freedom Chat—a next-generation messaging app that keeps your conversations actually private
... and then you encounter things like "Privacy’s been lost. We’re here to take it back." or "World-class security".

It looks like "Freedom" is a sure thing.

  • Havoc
  • ·
  • 18 hours ago
  • ·
  • [ - ]
When something is "super secure" you know it's full of holes. It's right up there with "impossible to hack" and "military grade" aka lowest cost bidder.
And "complies with all applicable laws"; as-in we're operating at the lowest possible standard we can.
  • maqp
  • ·
  • 16 hours ago
  • ·
  • [ - ]
Yup. As the guy who put together the most secure FOSS messaging system*, it's not "impossible to hack". It's a caveat ridden, inconvenient to use, tedious to setup, hardware-isolated, multinode application, with long must-read documentation, and that requires experience with electronics and soldering.

* github.com/maqp/tfc

Unsinkable
At least the Hindenburg was iceberg proof

https://xkcd.com/2350/

“We’re clear on OpSec.”
Obligatory Colin Jost Pete Hegseth warrior ethos post: https://www.youtube.com/watch?v=vZb1WO1_lGI
> Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart. This shouldn’t be too difficult.”

Is this an actual quote? Because it sounds like a standup joke.

> Screenshots aren’t really crucial to anything being discussed here, but I like to provide only the best blog posts to my tens of readers ....

A sentence clipped from a point a little past the introduction, but catchy nevertheless.

I suspect there will be more than "tens of readers" shortly.

Why in the world would any sane person utilize such an app, knowing what kind of people will be "at the other end" of communication, and what topics would be discussed, even if the most secure piece of software ever developed?
The president of the USA is on the equivalent alternative to Twitter.
I’m glad “super secure” is in scare quotes.

I’m glad I have never heard of this app.

Security and trust go hand in hand.

  • ·
  • 12 hours ago
  • ·
  • [ - ]
Why would you use a messaging platform that requires you to sign up with a very difficult to change piece of information that in many countries is tied to your ID and pretend it is secure?

looks at Signal

Oh.

You can register on telegram without using your phone number as an account identifier.
  • maqp
  • ·
  • 15 hours ago
  • ·
  • [ - ]
Yeah if you buy a number with Durov's TON shitcoin. The original sales are over and number auctions start from opening bid of 37 dollars, and run all the way to 14,000 USD https://fragment.com/numbers, and they take very long, even up to one year to close.

Also, Telegram is not private.

1. It's not E2EE by default

2. It's not E2EE for groups on any platfrom

3. It's not E2EE 1:1 on desktop clients forcing you to downgrade from secret chats to insecure chats

4. It's collecting 100% of your metadata, including

* who you talk to, when, how much, what type of data you exchange,

* your IP-address which sort of defeats the purpose of having no phone number, and

* when you enable secret chats

Telegram is also not transparent about its funding, about who develops it, and who has access to the plaintexts stored on their server (meaning, anyone with a zero day or two).

Journalists who went to look for Telegram's office in Dubay found out no-one in the neighboring office had ever seen Telegram staff enter the space https://www.youtube.com/watch?v=Pg8mWJUM7x4

Telegram was built with blood-money from VKontakte, and Durov has been marketed as living in exile, when in reality he has visited Russia on average once every 2.4 months since the exile began, and strangely Durov has not had his underwear poisoned and windows have been kind to him despite supposedly betraying Putin's interests.

tl;dr Telegram reeks of FSB/SVR honeypot.

> Yeah if you buy a number with Durov's TON shitcoin

Not even. If you actually try you will discover at the last step (after full KYC, signing some dubious agreements, and linking an existing TG account) that the Fragment "market" is actually fully centralized and has not been open for new buyers-users for a good while. No secondary markets out there (maybe not even possible on their network) afaik.

  • maqp
  • ·
  • 12 hours ago
  • ·
  • [ - ]
That's... all sorts of funny and sad to hear.
  • eviks
  • ·
  • 8 hours ago
  • ·
  • [ - ]
And the authorities are blocking it to protect people from falling into the honeypot, right?
Anyone using Telegram and expecting it to be a secure messenger is delusional.
I mean as in the number is not tied to the identity, maybe you are asked your number to verify the account, but after that you can have a non number linked account. The account is tied to a username @blablabla.

I think Telegram is filth as much as the next guy, but I'm just making that technical point.

  • nunez
  • ·
  • 15 hours ago
  • ·
  • [ - ]
Wow; that's a 101-level exploit.
For every conscientious hacker that tries to do everything right and have a secure and reliable app. There's ten naïve hackers that just publish whatever.
  • sneak
  • ·
  • 17 hours ago
  • ·
  • [ - ]
This is the same thing that sent weev to jail when he and JB did it against AT&T to determine the email addresses (instead of PINs) of every iPad 3G user.
I love the quote the article starts with:

> Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart. This shouldn’t be too difficult.”

I think, 40 years from now when we're writing about this last decade or so of software development, this quote is going to sum it all up.

> To help bring this idea to life, I enlisted one of my employees from Zeke SEO—a very talented developer with an MBA in computer science from Stanford.

That… is not a real degree.

Graduated with the highest temperature in his class.
Pretty sure they just mean a Master degree and they _think_ that’s what MBA means. I might be too charitable, but if someone doesn’t have experience with higher education it’s not an unlikely mistake.
You can charitably read it as "MBA from Stanford, with a focus on computer science-related stuff," or maybe "MBA and a bachelor's in CS from Stanford." Or you could assume that it's an MS in CS that was 'autocorrected' to MBA.

But the way it's phrased and worded... at best, it's the kind of really bad typo that shows rank incompetence; at worst, it's outright fabrication that is actively lying about the credentials; and what I think most likely, it's obfuscation that's relying on credentialism to impart an imprimatur of credibility that is wholly undeserved (i.e. "I got an unrelated degree at Stanford, but it's Stanford and how could anyone who goes there be bad at CS?").

No degree, just a kid with a Macbook Air.
i mean looking at the app's security its indeed an MBA in CS from Stanford
Stanford, Kentucky perhaps.
  • elif
  • ·
  • 17 hours ago
  • ·
  • [ - ]
I think it was a typo. The computer scientist in question likely received his UGA degree in Sanford stadium, and in fairness no one else at the school was able to discern the difference between a business degree and computer science.
It really says a lot about our society in general. I believe there's a small portion of bad actors pushing stupid policies for their own agenda, but then I also believe there's a huge number of actual people who have lost any ability to reason critically and learn. What we're seeing is those people learning via trial and error while subjecting us to their live trials because they couldn't be bothered to pick up a book or trust the existing experts.
>because they couldn't be bothered to pick up a book or trust the existing experts.

It's not laziness. It's populism rejecting what they consider elitism, which includes expertise and experience.

I don't know how to square "populism" with the metric asston of propaganda coming from people whose job is literally to know better but instead chose to feed people bad information and amplify stupidity. This ain't grass roots populism...at all.
  • nyeah
  • ·
  • 17 hours ago
  • ·
  • [ - ]
Obviously getting people hooked on harmful lies was not originally populism. But now it sort of functions like populism. Now it hurts when the lies stop.

I think we've all been the one who got fooled in some relationship. Maybe for you it wasn't a political party. But I bet it still hurt.

Are you talking about Fauci or who?
How could they not have realized that leopards eat people’s faces.
Social media is the greatest force multiplier ever invented for narcissists.
  • V__
  • ·
  • 18 hours ago
  • ·
  • [ - ]
I think this also sums up most of the administration: "Nobody knew health care would be that hard"
Your quote would seemingly apply to a number of recent administrations, given the state of federal healthcare programs and legislation.
The difference is that they didn't brag about how easy it would be before failing
Always the asymmetric standards... R may fuck everything up if D made a mistake.
I'm not sure I understand what you're saying.
But Rs fuck things up on purpose, even things that hurt themselves, just own own the libs, and then complain about how things are so fucked up.
  • lobf
  • ·
  • 17 hours ago
  • ·
  • [ - ]
What other administrations have said healthcare wouldn't be hard?
No, in this case you can attribute to malice instead of stupidity. Thankfully the stupidity is limiting the amount of malice in some cases.
  • ·
  • 17 hours ago
  • ·
  • [ - ]
Single payer is easy!

If you reject the best and only easy option from the outset because you don’t want actual healthcare, then yeah… whatever remains is going to be “hard”.

What the US has right now is a complex entrenched system of financial middlemen that refuse to abandon their rent seeking. They provide only(!) financial “services” and will fight actual healthcare tooth and nail.

Trump wasn’t strong enough — or simply didn’t care enough — to fight these people.

  • ·
  • 17 hours ago
  • ·
  • [ - ]
[flagged]
what exactly does this contribute to the discussion?
> 40 years from now when we're writing

"ChatGPT, write an essay about software development during the smartphone social networking boom. Find a good quote to sum it all up."

God i hope not.
For me, it was in the linked blog post

>"Now, anyone who has read Mindset by Carol Dweck, Grit by Angela Duckworth, or The Brain That Changes Itself by Norman Doidge, M.D., knows that you can be, do, and have whatever you want."

The gap between "read" and "understood" swallows so many. Also, did he use TR's "Man in the Arena" quotation? Reader, of course he did.

Understanding these might not be enough, even. IDK about the last entry but IIRC the first two works are basically in the “pop-science/self-help woo” category that hustle-culture people reliably fall for.
I love it. This needs to be on the front page of every newspaper, hehe. I don't care if you're a republican or a democrat, anyone going that way deserves everything they get.
> Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart.

Great example of how perception and reality can differ vastly

that pretty much sums up the American conservative mindset, without the part about being smart
I downloaded a save game editor for a videogame last night and the developer was honest about using AI.

But for a commercial messaging app you expect better...

Software development and governance for this era, more or less yes.

There's a general zeitgeist of "Experts don't know what they're talking about" that has fed both pieces of this space. It's an Age of Doubt, as it were, but the hubristic kind of doubt, not the questing kind.

  • j45
  • ·
  • 18 hours ago
  • ·
  • [ - ]
Hubris as a feature.
Great and terrible things have been done from:

> We did it not because it was easy, but because we thought it was easy.

[flagged]
Eternal demo day
Why does the title not match the article? It's under the character limit.

Original title is: “Super secure” MAGA-themed messaging app leaks everyone’s phone number

I think that's incredibly important context. Instead of conferring with actual experts in the field, the populist, fascist segment of our society just decided to wing it with technology.

They BELIEVED they were more secure, with no evidence to back it up.

> Why does the title not match the article? It's under the character limit.

Well obviously we can't be seen as non-neutral (I wish I would be joking, but I have a feeling that is the thought process on a good day)

  • maqp
  • ·
  • 16 hours ago
  • ·
  • [ - ]
Yup, it's almost like they're feelings/emotions over evidence/science. It's not that hard to understand considering how that weird lot consists of all sorts of cranks, pooled by the alt right radicalization pipelines of wellness/conspirituality/flat earth/alt-med/anti-vaccine/UFOs...
  • aanet
  • ·
  • 18 hours ago
  • ·
  • [ - ]
The emoji :facepalm: was invented for exactly this...
  • kgwxd
  • ·
  • 17 hours ago
  • ·
  • [ - ]
Not really, the grift is going exactly as planned. I indirectly, and accidentally, made some money off a similar grift about a year ago. I'm starting to think I should just lower my standards for a few years, then retire. It's so easy to extract millions from idiots, with very little investment.
Feels a little like clickbait "MAGA-themed", never heard of Converso.

That said, the analysis itself is interesting and worth a look, if nothing else it's a general pattern you can follow for many chat applications to see how secure it is.

This, I have extremely varied media sources and Converso isn’t a real thing.
Converso renamed itself to Freedom Chat after my blog post:

https://crnkovic.dev/testing-converso/

Still not a real thing. Highly suspect here.
This article is the first time I am hearing about it
Are you and OP being sarcastic? Or are your media sources just not as "varied" as you might think?

https://www.theregister.com/2023/05/17/converso_e2ee_app/

All 1000 downloads...

https://play.google.com/store/apps/details?id=com.freedomcha...

1000 downloads lol

https://play.google.com/store/apps/details?id=com.freedomcha...

Exactly! The premise here is BS. Just a thinly veiled “lul look how dumb maga is” when it’s a no name app no one has ever used and has nothing to do with “maga”.
  • ·
  • 13 hours ago
  • ·
  • [ - ]
It appears that one of the most central aspects of MAGA is a postmodernist rejection of the very existence of expertise- except, ironically, in the art of grifting itself because they see “recognized experts” in any field as just very successful grifters. Hence replacing competent government employees at every level with incompetent employees. It would track that technology developed for and by the MAGA community is developed with the same philosophy. Anyone planning to buy the Trump phone?
Freedom Chat just looks (and sounds) like a grift tbh.

The website doesn't really spark any confidence.

Never heard of it and I'd be surprised if they have more than 100 users.

And it will invariably become a SIGINT and HUMINT pipeline leading straight to Moscow.
  • ·
  • 18 hours ago
  • ·
  • [ - ]
Accusing someone else of a crime/problem/whatever that you're also currently doing? Well that's just the MAGA way.
Can those of you writing off half of America as “ignorant “ or “anti -science “ please move those comments back to Reddit. And what conclusions did you draw when obvious left leaning apps were breached ? FB, LI , Washington Post , twitter (pre Elon) all had breaches . Does that mean left and right leaning Americans are all ignorant ?

I don’t take any offense , but I do have high standards for this forum and cringe comments make me less likely to hang out here

On a site called Hacker News, we need more analysis of one of the classic hacker skills, social engineering. Our first luminary hackers, and their first books, and our first movies, are about manipulating your average office worker or security guard. It doesn't work every time, but those people vote and hackers illuminated some early tools at automating the manipulation.

The turning point was smartphones. No, they don't clandestinely listen to the audio, or smuggle tower locations of unimportant people. But (all of our) behavior changes when we rely on an app and give up those other liberties because app. Some social engineering was required for mass adoption thereof, and most of us here are acquainted with the analytical means to concentrate delivering that. Half of our society has weaknesses that we euphemize as "gaming habits" or "addictive personalities". Maybe they know it; I'm not down here haughtily scoffing that they cannot know it.

China and Russia and North Korea don't show those weaknesses because those people are down in the mines. The powers learned social engineering within their closed societies, not in our open societies. They promote a nation and a people unified with one personality. The United States and similar freedom exponents have to contend with attracting the world's talent by explicitly tolerating any personality. At least for now

  • acdha
  • ·
  • 17 hours ago
  • ·
  • [ - ]
None of the sites you mentioned are (or were) left-leaning unless you are saying anyone less politically correct than Fox News is leftie, but that’s missing the bigger reason why the MAGA connection matters: MAGA is at its heart conspiratorial, obsessed with the idea that the “elites” are against the common man. That war on expertise has been there from the beginning and it makes followers unusually vulnerable to scams because it normalizes this way of thinking that everyone’s opinion deserves equal weight. Sure, security experts say to use Signal but why should you trust them any more than the scientists who say the earth is warming or the economists who say that gold has drawbacks as the basis for an economic system?
The Sturmabteilung were lefties compared to the Schutzstaffel I guess.
Reddit comment++
Too kind
It would waste my breath to try to convince you that MAGA Americans actually are intelligent. My point is that all apps have breaches , and a great many of them are run by liberals (who love climate change and inflation, as you do ) , so what does any of this have to do with a tech forum
  • acdha
  • ·
  • 14 hours ago
  • ·
  • [ - ]
> It would waste my breath to try to convince you that MAGA Americans actually are intelligent

Definitely, because I never said they weren’t and certainly don’t believe that — I know too many smart conservatives for that. That’s a big part of the problem: smart people can put a lot of effort into constructing rationalizations so when they’re immersed in a culture where political correctness trumps objectivity they’ll construct elaborate narratives to support the ideologically useful outcome.

The relevance to security is that these people are more vulnerable because they can’t tell charlatans who appear to be on their side apart from people who actually know what they’re talking about. There are tons of right-leaning people in tech but as we saw with election fraud claims, the competent ones know it’s risky to contradict the narrative and stay quiet rather than being accused of being RINOs. It’s similar to how things like MLM scams spread in religious communities if you have experience with that, where things usually have to get pretty bad before someone is willing to criticize a friendly member of their congregation.

They are left leaning and run predominantly by left leaning staff and boards . FB and X have pivoted opportunistically to Trump , and still only slightly
[flagged]
I feel like you are overthinking it. There's a segment of the population that share a set of values, they are collectively more active than average in imposing their worldview on the rest, and they've had a strong momentum towards their goals for a while.

They are labeled MAGA, and they are as real as any widespread social movement could be. If your point is that social movements don't really exist as a "material" entity, then we are just arguing semantics.

Probably because a non-insignificant portion of them are literally trolls, Africans and Indians masquerading as True Americans for the grift.
These might be the low-level trolls but there are also thousands of career beaurocrats in our non-democratic eastern neighbor countries who do exactly this as their full time job.
I hate to get into this, but I'm impressed by the ideological juggling. A conspiracy theory about minorities being anti-minority to weaken the majority by provoking them to anger against minorities?

I suppose I'm falling for the trolling right now.

EDIT: I assumed, perhaps wrongly, that OP was referring to individual "Africans and Indians" from the US. I suppose it does make some sense if we are talking about organised action from foreign powers.

> I suppose it does make some sense if we are talking about organised action from foreign powers.

It doesn't even have to be organized.

Ragebait gets clicks. X pays out for engagement. (https://help.x.com/en/using-x/creator-revenue-sharing) The amounts are low by US standards, but nice pay by developing world standards. Thus, a cottage industry of fake accounts arises, without needing nation-scale organization behind it.

That's a fair point, I appreciate being taught something new.
Africans and Indians are not minorities. Sure, if they live in the US, but I'm pretty sure OP referring to people in other countries.
You’ll have to decide under “About this account” whether this True American might have intelligently chosen a VPN endpoint in those regions.
What part of wanting destabilisation for the most powerful country in the world is hard to understand for those that aren't from there?
It’s not trolling. When twitter turned on locations a few weeks ago many of the top maga accounts were revealed to be operating out of Russia or India.

https://www.bbc.com/news/articles/cj38m11218xo.amp

elon is literally paying indians to cosplay as "patriotic americans" on Xitter
That doesn't make any sense. Why release a feature to show account locations then?
  • kgwxd
  • ·
  • 17 hours ago
  • ·
  • [ - ]
Because people that don't think will believe the shown location is accurate, instead of whatever the corrupt jack-ass running the site wants it to show. Any account that praises him will be a "verified human US citizen"
Yes that feature was long overdue
Yeah should have been done by Dorsey a long time ago.

Afaik X is the only social media service that does this so far.

Such a simple feature that has a major quality of life improvement.

> Afaik X is the only social media service that does this so far.

Facebook has had it for years.

https://www.facebook.com/help/320055788882014

Per your link, this isn't for every account. Just for pages that reach a large number of people. Good step though.

There really is no privacy concern to list the country of a user. I don't know why FB has to qualify it just for large pages only.

It's not really a useful feature because it's super easy to spoof once you know you have to.
I think the comment you're responding to just means monetizing high-visibility creators in general as a systemic practice, not deliberately facilitating deception.
Possibly when it comes to the "paying" part.

But my response was directed towards "indians cosplaying as patriotic americans".

I'm on the fence when it comes to paying people for posts, but that wasn't really the heart of the statement.

  • frio
  • ·
  • 15 hours ago
  • ·
  • [ - ]
It's intent of action vs. actual action.

Elon may not be _intending_ to pay foreigners to cosplay as patriotic Americans.

However, X pays people based on engagement. A number of people outside the USA have figured out that if they post outrageous shit to Americans, they get engagement -- and therefore earn money. So in fact, Elon _is_ paying foreigners to cosplay as Americans, but it might not have been what he meant to do.

There were a ton of "I'm a red blooded god fearing patriot"-type accounts being operated out of Russia, India, Pakistan, etc - the BBC link in another chain of this thread covers it. I think this is more about the global economy and the economics of western political engagement on digital platforms rather than some grand conspiracy, personally, but in a very literal sense, the post could be described as not technically inaccurate, even if missing the point and assigning personalized blame where it probably isn't warranted.
> WHO exactly is MAGA really? I am no longer convinced that MAGA is "real". Or really significant.

Many are easy to spot. All the people with giant "Make America Great Again" flags in their front yard or attached to their lifted pickup trucks. The people in my neighborhood who have their Christmas light decor as a giant sign of "TRUMP WAS RIGHT ABOUT EVERYTHING". Funny how they complain about the leftists killing Christmas by removing Christ but they went from having a nativity scene to having TRUMP take up their holiday decorations.

This org? Over the top patriotic branding (FREEDOM chat, logo is an eagle, etc). They make a point to be on Truth Social. On their Truth Social profile they have interviews on Breitbart and similar right-leaning people, including Laura Trump. Their brand Truth Social page constantly complaining about SOCIALISM.

If you're not seeing the MAGA alignment of this chat platform you're just not looking very hard.

[flagged]
Or simply… lying.

There is no need to be honest to a Trump voter. Honesty is work and they will believe nonsense anyway.

[flagged]
> Now let's look at left-leaning apps and how insecure they are and how quickly they patch vulnerabilities.

Your point stood fine without this. It might make sense for a different audience but this audience understands all of that.

> Your point stood fine without this.

Did it? Mentioning MAGA is smear? The app's intended audience is pretty clear.

But where I really disagree is promoting whataboutism. Anyone is free to submit stories about the foibles of the left or right, but what we don't need dualing whatabouts for every issue raised.

[flagged]
Take a look at this comment section. None of the other comments are making this political. The rest of us understand it’s not a “MAGA thing”.
>[...] it was patched within a month. I'm in the security industry, and this is amazingly fast.

Lying is bad.

Their API leaked all users' login PINs to other users, and they only took a month to patch it! So fast, so secure.
It might not be lying... he might me a complete idiot!

If it took me a month to patch a data leak vulnerability on a web app, I'd resign, and probably retire... That's an embarrassing timeline, and the people involved should feel bad.

"2025-12-09: Freedom Chat notifies us issues have been patched"

It's on the site. and If you don't think I'm in the security industry, LOL

>If you don't think I'm in the security industry, LOL

Please let us know who you are affiliated with!

I think the one thing you conveniently didn't bother to back up is the thing that people doubt.

You know the claims that a P0 vuln being patched after a month as "fast".

pretty sure they were calling out the "amazingly fast" portion of your quote as the lie, but feel free to ignore whatever doesn't help your narrative. I'm a poster on a forum, not a cop
[flagged]
[flagged]
I'm curious why a Canadian is so hell bent on causing more division in America by embedding his political views in an otherwise decent vulnerability analysis.

He makes it sound he's on some sort of a mission...like the users of the messaging app ( which I have never heard of before until today ) should face some sort of backlash for their own political views opposite of him....which is amusing to say the least as Canadians seem to have permanently marked conservatives, not just in their own country but all over the world as "MAGA".

also I'd appreciate if we can keep politics out which just detracts focus on technical end of things

> I'd appreciate if we can keep politics out

This is an app specifically built for a specific political group, a group that is wreaking havoc on our science and technology. "MAGA" has become the go-to term for a global movement, because there is a global alt-right movement to undo progress and dominate others into their world view.

It's going to be a part of HN like it was the first go around. Being apolitical is how political groups like this come to power.

same argument can be made for bluesky or reddit pretty much any platform you slap political labels on and this only increases division and radicalizes people on the fringes and desperate for a sense of belonging to as surrogacy for loneliness
Do you want the alt-right to take over? If your answer is no, then understand we need to talk about it all the time to fight back.

They want us to _not talk_ about what they are doing so we _remain ignorant of each other_ think about what they are doing, so they can get away with more

No but do you want the alt-left to take over? I'm for neither side and im tired of the constant ideological battles
We need to talk about both of them, not neither

You want constant ideological battles to end, and the answer is... do nothing?

They have the megaphone. If you want to take it away, we have to talk to each other about it so they start marginalizing their posts and opinions. MAGA is the poster child for the Overton shift, it's not going back any amount without effort

You'll need to understand that <blatantly political actor does stupid thing> is a criticism of the actor's stupidity, not the political faction.

If it consistently happens more often for any given political faction, then it's still not an ideological statement, just a realization that not every political direction has an equal commitment to facts and reality.

So, mostly, I'd like the alt-stupids to not take over.

The comments here are a disaster. Who could have predicted this???