Most active commenters
  • Mediterraneo10(3)

←back to thread

Signal adds a payments feature with a privacy-focused cryptocurrency

(www.wired.com)
544 points josh2600 | 24 comments | 06 Apr 21 16:23 UTC | HN request time: 1.578s | source | bottom
1. lrvick ◴[06 Apr 21 18:15 UTC] No.26715358[source]
Signal is still centrally controlled and compiled by a single entity and distributed only in an unsigned insecure form or in a signed/verified manner only if you give up your privacy to install with Google Play or the Apple store.

Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical. Moxie has stated he will not support anyone but his team compiling or distributing Signal binaries so third party signed builds via privacy focused app stores like F-Droid are out. All builds must also use Signal centralized servers even though that centralizes TCP/IP metadata, etc.

Not to mention you need to show government ID to get a SIM to use the Signal wallet for said private currency/messenger in 200 countries.

Secondly having a decentralized currency whose servers can only run on Intel machines with Intel SGX is a very centralized supply chain as well.

A single supply chain attack on Intel microcode or related SGX updates could run malicious code and game over for the currency globally? A government that sees MobileCoin as a threat could make Intel do this.

With a SPOF on the supply chain of the only client people are expected to use and another SPOF on the only hardware enclave people are supposed to use for servers... decentralized is technically true but not used in the same way as most other projects that use that word.

I will keep an eye on this experiment though, because there are some unique ideas here which could have value should your trust anchors expand beyond Intel and Signal.

replies(5): >>26717225 #>>26717227 #>>26717623 #>>26718384 #>>26719148 #
2. hiq ◴[06 Apr 21 20:50 UTC] No.26717225[source]
> distributed only in an unsigned insecure form or in a signed/verified manner only if you give up your privacy to install with Google Play or the Apple store.

> Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical.

Nope: https://signal.org/android/apk/

replies(1): >>26717545 #
3. AfouToPatisa ◴[06 Apr 21 20:50 UTC] No.26717227[source]
Even if an SGX attack does take place, tx's aren't recognized as the system is secured with Cryptonote's ring signatures (1st reply in FAQ https://github.com/mobilecoinfoundation/mobilecoin)

here too about 11mins in - https://www.youtube.com/watch?v=e9afDQ_M5CU

replies(1): >>26717516 #
4. codethief ◴[06 Apr 21 21:18 UTC] No.26717516[source]
The problem is: Signal already relies on SGX for lots of other features (Signal PINs & Secure Value Recovery, contact discovery etc. etc.) and these depend on SGX working as advertized.
replies(1): >>26720777 #
5. stonesweep ◴[06 Apr 21 21:22 UTC] No.26717545[source]
You may be missing the subtle point - the APK provided is the same one from Google Play, which includes the Google SDK encumbered libraries (links? hooks? features?). If you run a libre device without the Google Play store (non-Google android build) then the software cannot function. The code for the client is open source, but the act of compiling it against the required Play store libraries encumbers the final binary. F-Droid requires that all code compile without the Google SDKs in order to be hosted (IIRC).
replies(4): >>26717633 #>>26717672 #>>26721676 #>>26724563 #
6. ac29 ◴[06 Apr 21 21:29 UTC] No.26717623[source]
> Not to mention you need to show government ID to get a SIM to use the Signal wallet for said private currency/messenger in 200 countries.

There are less than 200 countries in total, unless you get very creative with states that are arent recognized more more than a handful of other countries, like Abkhazia or Transnistria.

You also dont need ID to buy SIM cards in the US, so I'm curious on how valid this assertion is.

replies(5): >>26718251 #>>26718576 #>>26720071 #>>26723424 #>>26735340 #
7. Mediterraneo10 ◴[06 Apr 21 21:30 UTC] No.26717633{3}[source]
You are being a bit too subtle for many people. I think most reading your post above are going to understand it as claiming that the Signal APK downloadable from Signal's website requires Google Play Services or the Play store in order to run. That is not the case, as any LineageOS user can tell you.
8. hiq ◴[06 Apr 21 21:35 UTC] No.26717672{3}[source]
> If you run a libre device without the Google Play store (non-Google android build) then the software cannot function

I think you mean either of two things:

1. running the APK they build on a device without Google Service does not work

2. running the APK they build on a device means it's no longer running only libre software

1. is not true, so I assume you mean 2. I guess that's true, but in practice I think that the compiled dependency doesn't do anything if you don't have the services on your phone (don't quote me on that). It's not free software, but it's still better than the competition.

replies(1): >>26717849 #
9. stonesweep ◴[06 Apr 21 21:53 UTC] No.26717849{4}[source]
I think it sort of floats in 2 territory and sort of resembles the LGPL based kernel modules which require a binary firmware blob to run (kind of, not exactly). In order to create the APK, the code must compile against the SDK and encumber it by binding to an API, however if I understand this correctly in Android terms it means a stub of non-free code is now inside your APK, instead of say an external firmware blob. (I am not an Android coder to know the subtle details here)

(I'm aware that the code will try and use Google services, then if it fails it falls back to websocket(?) - so the actual Services don't have to be present, but the compiled APK contains the non-free hooks to use it if present? I tried to use the word encumbered to reflect that)

10. Mediterraneo10 ◴[06 Apr 21 22:36 UTC] No.26718251[source]
The OP is broadly right. You now need to show ID to buy a SIM in many EU countries and beyond (e.g. Chile, Russia or Senegal). A copy of the ID is given to the state in order to link your identity to the SIM card. Even if you bought a prepaid SIM before this policy or law came in, when you top up the mobile provider may pressure you into paying online or by card instead of cash, so that your identity can be linked to the SIM through your payment.

I do wonder how long the US (or, for example, Finland) will remain a holdout in this regard.

11. 2OEH8eoCRo0 ◴[06 Apr 21 22:52 UTC] No.26718384[source]
>compiling every release by hand

Clicking build in Android Studio?

12. Klonoar ◴[06 Apr 21 23:21 UTC] No.26718576[source]
None of this particularly matters given that Signal is actively working on not requiring phone numbers.
replies(1): >>26718647 #
13. Mediterraneo10 ◴[06 Apr 21 23:29 UTC] No.26718647{3}[source]
Signal is actively working on other identifiers than a phone number, but can you cite proof that no phone will be required at all? I got the impression that Signal will still require a phone number at signup to do SMS verification, and only then give you a way to provide non-phone-number identifiers to contacts.
replies(1): >>26718750 #
14. Klonoar ◴[06 Apr 21 23:41 UTC] No.26718750{4}[source]
Eh, fair. I cannot cite proof, only note that every instance I've seen Signal promise this feature has been worded in a way that indicates no phone number would be required.

It is unfortunate that I don't see many from Signal on this forum, as it'd be nice if someone would just clarify this already considering the popularity of it as a feature request.

replies(1): >>26721710 #
15. nullc ◴[07 Apr 21 00:36 UTC] No.26719148[source]
> Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical.

Particularly because the software is timebombed and stops working after a while (and also blocked on the server side if you bypass the client side timebomb).

16. 3np ◴[07 Apr 21 02:51 UTC] No.26720071[source]
In the past two countries I lived, it’s currently impossible for an individual to get a SIM card that can do voice or SMS without government ID and being a resident. Data-only SIMs can be bought for cash easily, but that doesn’t help you with Signal.

The same goes for virtual/VoIP numbers. No skypein etc.

17. AlexCoventry ◴[07 Apr 21 05:02 UTC] No.26720777{3}[source]
I wasn't aware that Signal relies on SGX. If I want to use Signal without being exposed to risk of SGX compromise, is it still possible?
replies(1): >>26721810 #
18. Vinnl ◴[07 Apr 21 07:59 UTC] No.26721676{3}[source]
Others seem to interpret this as your saying that downloading the APK results in non-free code being present on your system, but

> If you run a libre device without the Google Play store (non-Google android build) then the software cannot function.

is just not true. I don't have the Google Play Store (I'm on a non-Google Android build) and Signal functions just fine.

(Well, mostly fine - it has to maintain its own connection because of course it can't use Google's tooling for that, so it supposedly has more battery impact.)

19. pixxel ◴[07 Apr 21 08:05 UTC] No.26721710{5}[source]
Not from Signal but the MobileCoin CEO posted this answer yesterday.

.....

>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?

A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.

.....

Reads to me like phone numbers are not going away.

20. codethief ◴[07 Apr 21 08:21 UTC] No.26721810{4}[source]
For contact discovery, AFAIK no[0].

For everything else: Yes, by setting a randomized long Signal PIN since SGX is effectively used to add entropy to Signal PINs[1]. You can also disable Signal PINs – in this case Signal will simply set a randomized long PIN for you.

[0]: https://signal.org/blog/private-contact-discovery/

[1]: https://signal.org/blog/secure-value-recovery/

replies(1): >>26725713 #
21. xorcist ◴[07 Apr 21 11:45 UTC] No.26723424[source]
Even in the US, the identity of most subscribers are known to the mobile operator.

It's a regulated market, so should the need arise to keep the identity of all subscribers in the future, it is likely not much more than a counter-terrorism-related law away.

22. fX0rObfoMN4 ◴[07 Apr 21 13:26 UTC] No.26724563{3}[source]
I don't think that is true. The build that is distributed through the site has the Play Store "features" disables and has other things like an auto-update mechanic. When built for the website the build config `PLAY_STORE_DISABLED` set to true.

https://github.com/signalapp/Signal-Android/blob/1f578ebd2c1...

23. AlexCoventry ◴[07 Apr 21 14:47 UTC] No.26725713{5}[source]
Thanks!
24. lnl ◴[08 Apr 21 05:22 UTC] No.26735340[source]
See the map on page 7 (PDF page 9) of the GSMA report "Access to Mobile Services and Proof of Identity 2020": https://www.gsma.com/mobilefordevelopment/wp-content/uploads...

To get counts, I also analyzed the table in the annex; it lists exactly 200 countries (checking each of them, that's because in addition to 193 UN members, it includes two non-member countries: Kosovo and Taiwan, and five other non-countries: French Guiana, Greenland, Hong Kong, Macao, Svalbard).

Of these, 34 are listed as "SIM registration not mandated" and further 7 are listed as "SIM registration under consideration", the rest are "SIM registration mandated", i.e. 159 countries.

Basically the whole world requires it except for North America/UK and a few smaller countries mostly in Europe. Also notable that countries without ID requirement mostly happen to be the ones with very low prepaid SIM penetration (see the map on page 6 [page 8 of the PDF]) so their unidentified SIM usage is presumably low anyway, though it remains a possibility in those countries.

Edit: Sorry, 6 are listed as "State of SIM registration inconclusive" which I have missed, so "SIM registration mandated" count should be 153.