2

Problem

When I browse this forum, I constantly read about the weaknesses of popular "secure" messaging applications such as Signal, Telegram, and WhatsApp.

Some of the most notable critiques regarding their design and operation are:

  1. Phone number requirement. Privacy is fundamentally compromised by necessitating users provide a phone number as it links their virtual profiles to an easily traceable mechanism (via phone billing) should the servers be compromised.

  2. Loss of control over keys. It is possible for malicious third parties, or powerful arms of governments, to obtain access over their servers private keys - thereby compromising the entire network.

  3. Loss of control over servers. Should the founders or operators of such systems remain stubborn against the threat of subpoena, the servers themselves can be reprogrammed to send doctored versions of Javascript/APKs to certain users that downgrade their secure transmission into plain transmission.

Question

Is this all fear mongering from a forum over unrealistic attack vectors? Or are these genuine plausible ways to compromise the aforementioned messaging applications.

Are there any realistic and accessible ways for the average person to communicate with one and another over the internet that ensures close-to-perfect security? A medium that provides anonymity on top of the usual privacy, authenticity and integrity?

*Anonymity as defined as being implausible to map the identities of a sender & receiver to their respective real-world identities. In other words, the only way for a participant's identity to be leaked is if their counterpart already knew their identity beforehand and is compromised.

Improve this question
2
  • and In end-to-end encryption, doesn't the server need to be trusted?
    – kelalaka
    Commented Jul 5, 2020 at 18:40
  • There is no such definition as "close-to-perfect security". For millions of users the points you named are not issues at all and the do consider it as "realistic and accessible ways ... to communicate" with "close-to-perfect security". Define exactly what you mean, what are looking for, what functionality you expect.
    – mentallurg
    Commented Jul 5, 2020 at 21:46

2 Answers 2

Reset to default
3

I constantly read about the weaknesses of popular "secure" messaging applications such as Signal, Telegram, and WhatsApp.

These are all commercial products. They exist to generate income for the people who develop and maintain these services. An element of privacy/secrecy exists to facilitate this. But the financial requirement undermines the security objective. They operate as legitimate organizations within jurisdictions which are under pressure to support some levels of transparency. They must maintain their customers to operating within the boundaries they define (or lose them to competitors). They must make their products simple to use or lose business.

PGP encrypted email TOR comes close to your requirement.

Improve this answer
2
  • What are your thoughts regarding ProtonMail and TOR for my aforementioned requirements. Do you think they come pretty close? What are some drawbacks and weaknesses they present?
    – AlanSTACK
    Commented Jul 6, 2020 at 0:11
  • PGP encrypted email leaks message data (the subject, sender, and recipient) to everyone in the path of transmission. It's not forward secret. All email clients reply in plaintext by default, quoting the entire past history of the conversation. PGP is farther from "perfect secrecy" than just about anything except plaintext.
    – SAI Peregrinus
    Commented Jul 7, 2020 at 1:15
2

There is no and it is likely there will be no in any observable future. Services need and have to be self-sustainable. For even a decentralised messenger using user's devices instead of rented servers following still has to be paid:

  1. salary for good developers. Otherwise almost noone will develop the software, and the development will be very slow, tech debt will accumulate and absolutely necessary features won't be implemented for ages. See Tox as an example.
  2. salary for good auditors to do constant audits. And the auditors have to be different, you cannot trust the same auditors constantly, they may be just incompetent, or may be in conspiracy with a backdoorer. Otherwise there will be backdoors uncaught. For example there was a backdoor in pybitmessage for some time.
  3. dev infrastructure: dev's PCs, build servers, git hosting, website, CDN and anti-DDoS, x.509 certs. Should be paid enough so the parties maintaining the infrastructure have no incencitives to compromise the systems and earn more from it.
  4. Salary to lawers and guards. Really private service is undesireable to some actors, these actors will do actions to destroy or/and compromise it, including legal and physical attacks on the org and its employees.

In order to pay, a self-sustainable service has to earn. In order to be affordable, it has to be popular. The costs above scale as O(N) where N is count of staff. So a user has to pay O(N/M) where M is count of users. More users - less each one has to pay.

But in order to get any significant count of users an app has to be free-of-charge in terms of money. People don't like to pay money. A paid app cannot compete to free ones when it is intended to be used by ordinary users.

So you should ask yourself, how do apps like WhatsApp and Viber earn money. Their permission list may give you a clue and searcing with Google may have confirmed your suspicions.

Ordinary users strictly prefer "free of charge" over "secure" and "private", remember it. So there is no market for the apps you want.

And an also important thing, it seems that apps using encryption other than DRM will be just banned and their users and developers will be prosecuted. For example there at least 2 bills in the US about it.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .