Signal adds a payments feature with a privacy-focused cryptocurrency

(www.wired.com)

544 points josh2600 | 5 comments | 06 Apr 21 16:23 UTC | HN request time: 1.028s | source

Show context

lrvick ◴[06 Apr 21 18:15 UTC] No.26715358[source]▶

Signal is still centrally controlled and compiled by a single entity and distributed only in an unsigned insecure form or in a signed/verified manner only if you give up your privacy to install with Google Play or the Apple store.

Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical. Moxie has stated he will not support anyone but his team compiling or distributing Signal binaries so third party signed builds via privacy focused app stores like F-Droid are out. All builds must also use Signal centralized servers even though that centralizes TCP/IP metadata, etc.

Not to mention you need to show government ID to get a SIM to use the Signal wallet for said private currency/messenger in 200 countries.

Secondly having a decentralized currency whose servers can only run on Intel machines with Intel SGX is a very centralized supply chain as well.

A single supply chain attack on Intel microcode or related SGX updates could run malicious code and game over for the currency globally? A government that sees MobileCoin as a threat could make Intel do this.

With a SPOF on the supply chain of the only client people are expected to use and another SPOF on the only hardware enclave people are supposed to use for servers... decentralized is technically true but not used in the same way as most other projects that use that word.

I will keep an eye on this experiment though, because there are some unique ideas here which could have value should your trust anchors expand beyond Intel and Signal.

replies(5): >>26717225 #>>26717227 #>>26717623 #>>26718384 #>>26719148 #

1. AfouToPatisa ◴[06 Apr 21 20:50 UTC] No.26717227[source]▶

>>26715358 #

Even if an SGX attack does take place, tx's aren't recognized as the system is secured with Cryptonote's ring signatures (1st reply in FAQ https://github.com/mobilecoinfoundation/mobilecoin)

here too about 11mins in - https://www.youtube.com/watch?v=e9afDQ_M5CU

replies(1): >>26717516 #

2. codethief ◴[06 Apr 21 21:18 UTC] No.26717516[source]▶

>>26717227 (TP) #

The problem is: Signal already relies on SGX for lots of other features (Signal PINs & Secure Value Recovery, contact discovery etc. etc.) and these depend on SGX working as advertized.

replies(1): >>26720777 #

3. AlexCoventry ◴[07 Apr 21 05:02 UTC] No.26720777[source]▶

>>26717516 #

I wasn't aware that Signal relies on SGX. If I want to use Signal without being exposed to risk of SGX compromise, is it still possible?

replies(1): >>26721810 #

4. codethief ◴[07 Apr 21 08:21 UTC] No.26721810{3}[source]▶

>>26720777 #

For contact discovery, AFAIK no[0].

For everything else: Yes, by setting a randomized long Signal PIN since SGX is effectively used to add entropy to Signal PINs[1]. You can also disable Signal PINs – in this case Signal will simply set a randomized long PIN for you.

[0]: https://signal.org/blog/private-contact-discovery/

[1]: https://signal.org/blog/secure-value-recovery/

replies(1): >>26725713 #

5. AlexCoventry ◴[07 Apr 21 14:47 UTC] No.26725713{4}[source]▶

>>26721810 #

Thanks!

↑