[Cryptography] Signal chat fallout.
iang
iang at iang.org
Sat Mar 29 06:33:29 EDT 2025
On 29/03/2025 02:35, Henry Baker wrote:
> ...has an app -- at least for iPhones (I couldn't find it in the
> Android Play Store) -- that claims to eliminate the embarrassing
> problem with Signal group chats -- what Kent is referring to above as
> problems #2 and #3.
I had a read of their FAQ.
The design of that app is good, as far as it goes. Its meta is to force
everyone into a group, and have the group strongly govern the new
members. in the simple sense, it would have blocked JG from joining the
group.
But look a little deeper and it won't meet all the requirements.
Firstly, the group is high cost construct (as constructed by that app)
and is unsuited to constructing groups on the fly - which is what
exactly happened in the SignalGate case, and is a feature that p2p apps
excel at. Secondly, the weakness is in adding new members. This also can
be spoofed, and will be by Lazarus, simply by knocking a member out of
the group when he's remote, and then spoofing the photo mechanism with
live AI. Thirdly, because it has a corporate/business model, it's
vulnerable for anyone who counts USG amongst their adversaries.
Now, for the most part, the design is good - and it is the same design
as I have for groups. The difficulties mentioned above are more the
product of the environment - what are the groups and how do they
perform/not perform. Tech is only limited in its ability to mitigate
those weaknesses.
iang
More information about the cryptography
mailing list