On 1/29/21, David Barrett <dbarrett@expensify.com> wrote:
Wow, these are (mostly) great responses, and exactly what I was looking for. Thank you! To call out a couple responses:
6, the ratchet protocol produces a hash of previous messages that provides
for detection of dropped data, among many other things. pgp does not do this.
It feels like there are easier ways to detect dropped/tampered message, such as with an a simple accumulated hash of all past messages (or even a CBC mode). We do this with https://bedrockdb.com/blockchain.html and it works great. However, I get your point that the double ratchet provides other benefits beyond just forward secrecy.
There's a lot of value to using a protocol that is normalised and standardised and widely used in some way. It has many eyes looking at it and thinking about bugs and such. But yeah. And yeah, the ratchet protocol accomplishes more than just that.
Decryption of destroyed messages is a big thing that signal deters.
Journalists can get seriously physically injured when that happens.
Yes, I agree, it seems that forward secrecy is both 1) very valuable, 2) very hard to do, and 3) Signal's primary design goal.
I see Signal's primary design goal as being easy to use, public, audited private communications, for everybody. It would make sense to contribute or work with a project like Signal rather than making a new messenger, to continue to try to get communications more secure, with more eyes looking at problems, making things easy to use, and getting people to use them, etc. A messenger only works if the people you want to talk to use it.
Re Signal and Javascript, Signal offers its code in a signed binary, and
offers the source to that binary for anybody to build and check.
Signal offers source, but given that it's distributing binaries via app stores, there's really no way to guarantee that the binary matches that source code. Open source is great (Expensify.cash is as well), but still requires that you trust the party giving you the binaries.
I don't see your argument here. The only reasonable way to sell something on an app store is to distribute a binary. Meanwhile with the source available, people can build their own clients, and share them via other channels. I visited expensify.cash but didn't notice an obvious link to the source code. It can be hard for me to see things, though.
They [Signal] have an automated system that gives their donated money to
people who contribute improvements.
Wait really? I'm not really finding that mentioned anywhere; can you link me to this? The FAQ doesn't really mention it, but it seems like this would be front and center: https://support.signal.org/hc/en-us/articles/360007319831-How-can-I-contribu...
It looks like the autopayment system broke in 2017 and nobody fixed it: https://github.com/signalapp/Signal-Android/commit/258910504cc2fcc57b8868cb0... . Sorry for the outdated information. I post during psychotic breaks, so some of what I say may not be quite right. Thank you so much for your open source work. Please work with existing open source projects when you can both benefit from the work, so the community can grow.