That's probably because AFAIK Apple doesn't allow process forking, making any Tor-based messenger almost impossible to run as Tor would have to run as part of the main thread.
>iOS doesn’t allow apps to fork subprocesses. While on the desktop Tor is running as a separate process, on iOS Tor is hacked to run as a thread inside the app itself. Therefore, you can’t have a system-wide Tor process like desktop and Android. If Tor is running in one app, and you open a different one, it’s not automagically going to start using Tor.
Could someone please explain in what situation do you use a BlueTooth messaging app? Like, even BT5 range won't exceed 400 meters. What good is this? You're not going to send images to journalists from protests with it (you'd do wisely to keep it in airplane mode until you get home and then you'd upload them to their securedrop or whatever), and you don't need off-band security to let the kids know it's dinner time.
Bluetooth 5 introduced "coded PHY", which allows ranges of over 1 km in ideal conditions. As I understand it, adding support for this wouldn't even require new hardware for most recent phones.
The real obstacles here are political, not technical, as evidenced by the complete absence of any built-in solution that could be so useful in both everyday life (messaging a family member on the same plane when sitting separately, national park trips etc.) and emergencies.
We literally got smartphone-to-satellite comms now, but we're lacking the most barebones peer-to-peer functionality.
Huh I didn't know about that. Seems like it uses 8 symbols per bit to increase the range (but I would very seriously doubt you ever get close to 1km except in super ideal "both in a field in the middle of nowhere" scenarios that never actually happen.
Apparently it's an optional part of Bluetooth 5, so not necessarily supported. However I just checked my phone (Pixel 8) and it is supported. You can check in the nRF Connect app.
Regular Bluetooth already has 100 m of range, at least for class 1 devices like most Apple devices. (Many older/non-Apple devices are class 2, which only does roughly 10 m. Very noticeable difference in an office environment using headphones.)
One of these bluetooth messaging app was made by a developer who was on a cruise ship with family, and the Internet over satellite costs an arm and leg. So he wrote an app to communicate with his families over bluetooth.
Also why would one want to have the data go over some servers thousands miles away when the device is right next to you? Seems like bluetooth is the perfect way to communicate for devices that are close to each other.
Yeah I can imagine a jam-packed cruise ship might be useful provided the signal propagates from deck to another (unlikely), but it's quite a niché use case.
>Also why would one want to have the data go over some servers thousands miles away when the device is right next to you?
Why would that matter? Use Signal to protect the content, or use Cwtch to protect content and metadata. If you need to exchange secret communications that mustn't go through some server, why not discuss f2f with no phones around? You'd also eliminate attack vectors where your (chances are, Chinese Android) device spies on you, as well as anyone who has compromised it to read messages from screen.
If your message goes though my infrastructure I can shut it down when I feel like it but even if I really don't want to do that I still might be forced by other parties commercial, private and state owned.
You shouldn't need any kind of permission to send a picture to your mum sitting next to you on the sofa.
I remember a different app thats was used on e.g. festivals where the local broadcast cells where overwhelmed when a quite rural area suddenly had to server 50000 to 100000 additional people and 3g and 4G basically stopped working. I think it was called Firechat or something.
> For me the cell phone without internet is almost useless
Projects like this one are a step towards fixing that. Personally I choose to keep both street and topographical maps of the entire continent locally on my phone. There are plenty of uses for a computer without a WAN connection.
I once wrote an article detailing as many prepper uses for an offline phone as I could think of. Dozens of offline apps useful for a survival situation. My favorite might be ATAK, which is from the US military and allows a team to communicate encrypted over Wi-Fi or radios, completely offline. Share GPS coords, camera feeds, messages, map markers, all kinds of goodness.
And if nothing else, you can always rupture the battery and start a fire :-)
The fact the even simple encryption with walkie-talkies is basically illegal might be problem (though I have no idea how/if that applies to at-sea ships).
On the cruise I'd need to seek the written permission of the vessel's master's to operate :) (and ideally cruise company permission to even bring the transmitter on board)
Unlicenced passengers could probably plead ignorance and sneak UHF DMR radios.
Or get a business allocation and use P25 radios and once again plead ignorance :)
I imagine in a situation like Iran, carrying a backpack full of WiFi gear to stay connected to the meshnet is a red flag.
Establishing a bunch of base stations is likely to raise red flags too.
It's pretty trivial for a nation-state that is jamming GPS to go around and jam WiFi or analyze WiFi spectrum for a meshnet operating in and around a protest area.
> Just get off your ass and go and give them the message...
If I need to have all 4 members of the family meet me at the pool, first I need to go find each one of them. They could all be at different place. And then tell them individually to meet me at the pool? Is that the better solution you are proposing?
Any situation when mobile internet cannot be used. That is not only protests, but also legal gatherings, i.e. street concerts, or places where mobile coverage is poor in general.
That depends on where your live (and when), but: Protest is the cornerstone of democracy and in general you shouldn't need permission to organize a demonstration.
I prefer voting. I find protests annoying. They're a good way for people to let off steam, hang out with friends, get photos for the international press etc. but they're not the right mechanism for finding out what the people want.
They're definitely effective when most of the country wants the government out, but by that point a vote would certainly do just as well, and with fewer flying bricks.
Protests can serve as an implied threat if the government is gaming the election process. They're certainly preferable to a riot or a coup attempt in that scenario.
They also serve to draw attention to issues that aren't showing up on the ballot for whatever reason. The system doesn't always work in an ideal way. To that end protests are supposed to be annoying to those who don't care.
Everyone prefers voting.. But to be able to vote, a vote must be happening. Protests are sometimes the only way to make a vote happen in the first place.
They are also a good communication tool for the world to see what the people are struggling with.
Name three currently existing democracies. USA is out (protests illegal), Europe is out (protests require registration which is denied for anything that has a risk of effecting change), the Middle East and Asia are out for obvious reasons. Maybe there's a democracy somewhere in Africa?
but the internet is for talking to people across the globe. and the app presents itself as an alternative for internet based apps. the reality is however that in any place where i can't use the internet, this app does not really solve that problem. it is only useful in situations where in most cases the alternative is talking face to face. it's not any situation where the internet can't be used, but just some of them. there certainly are good use cases for local communication, cases where face to face is just out of reach and many of these use cases are currently served with internet based apps too. but it's not an alternative to internet based apps per se.
The Internet is _not_ for talking to people across the globe. The Internet allows that, but not only that - one can have a Whatsapp chat with someone in the same bus, this is both legal and technically possible.
The bitchat app serves the niche where talking face to face is not an option and talking across the globe is not needed. And the app explicitly states "infrastructure independence" as one of its design goals: "the network remains functional during internet outages", which cannot be served by internet-based apps by design.
The Internet is _not_ for talking to people across the globe. The Internet allows that, but not only that - one can have a Whatsapp chat with someone in the same bus, this is both legal and technically possible.
technically possible but rather redundant and in most cases pointless. (yes, there are exceptions)
so i rather strongly disagree. 99% of my use of the internet is to talk to people across the globe. it's its primary use case. the example you mention is a fringe application, useful to a tiny minority.
"the network remains functional during internet outages"
that strongly implies that i can use this app to replace other apps that use the internet. but i can't, because it does not allow long distance communication the way internet based apps do.
so for 99% of my needs this app is not helping me. it does not make me independent of the internet. i have been in places where the internet was cut off due to political turmoil. and i have friends who have that happen to them. in all cases the main challenge was the lack of long distance communication. local communication was barely affected.
sms and phone still worked, and in fact the app that would have helped is one that can route data connections via sms and phone calls. like old acoustic modems.
infrastructure independence at a local level is nice, but much less serious or critical than independence for long distance communication. and long distance already starts at a few km.
I believe bitchat can also use the wider internet to exchange messages. So it is an app that can use either the internet or various other more local options. That seems like a desirable improvement to me.
Hey if anyone wants know exactly what Iranian state TV spews every day on national TV, look no further. Very faithful to the source material. Totally trustworthy.
Ah yes, of course it's entirely America's fault Iran's citizens are revolting against the despotic theocratic regime currently in power. Because surely nobody would organically want regime change when the ayatollah is such a nice guy. Better cut off internet access to the entire country, can't have our citizens reading that terrorist propaganda. They can get all their information from reliable sources instead, like our state-sponsored TV stations.
For the audience: I had never heard of Brian Berletic previously. In an attempt to understand what this person's undisclosed conflicts of interest were, I found numerous reports of him painting the Myanmar Junta in a positive light:
There's a certain event-horizon where bitterness taints / skews perspective enough that even what would otherwise be helpful insights becomes so costly to disentangle from grudge-extrapolation that it's not obvious if any of it ends up being worth the cost of entry. At least to me, this person's work seems well beyond that point.
In theory if as many people use bitchat as used whatsapp somewhere like central london, everyone actually could communicate in a fully decentralised manner - you're frequently in bluetooth range of other people's phones just walking around or even sat in your house.
Would that actually happen? No, but it's an interesting thought experiment
So other users are broadcasting messages of third parties onwards? How many devices does it take to saturate the channel? What does this do for phone battery?
Yes, but messages can be encrypted so relaying parties can't read them. And yes, it would have an effect on battery and have very limited bandwidth compared to whatsapp (no sharing videos etc).
Like I said definitely not practical for messaging but I think something along these lines is how airtags work?
Text based messaging ala IRC? Just how quickly and how much do you type? A few hundred KiB exchanged between nodes only every 10 seconds or so ought to be able to accommodate thousands of simultaneous users in most scenarios. The impact on battery life should be far less than using a bluetooth headset.
Sorry I should be clearer: I think it actually might be feasible in a high population density area and if everyone uses it, but because of the limited range of bluetooth you really do need a high density of active nodes for it to work reliably.
A messaging system that often takes hours or days to get messages to the receiver is fairly useless and people will continue to prefer centralised systems, so there's a severe chicken-and-egg problem to solve there before anything like this can work
There's no reason a mesh network can't use an internet connection as a transport when it's available. Moreover a P2P capable mesh can even make use of a centralized server in such scenarios. At the end of the day it's "just" a message routing and delivery problem.
When I enable WiFi calling on my phone that doesn't preclude it connecting to a cell tower.
The use cases stem from groups needing coordination in roughly the same area, with no internet. Disaster recovery efforts fit this exactly:
Doctors Without Borders feeding centers in a famine far from anywhere, searching for people in the rubble of a building following an earthquake, searching for people in a refugee camp, etc.
Verizon went down in the US this past week - perfect use case for Bitchat (or Meshtastic with a repeater or some other LoRa BT network). Verizon goes down while you're at the mall or store or Disneyland or whatever and you can still text to find each other.
300m max range with line of sight would cover something like when I go to visit my parents who live in a desert canyon with lousy mobile phone coverage, I can send a message that I'm at the gate and put the dogs in the garage.
There are yes for Meshtastic. This map seems to have the highest coverage of people sharing their nodes, but in reality in my area there are significantly more which are not shown on the map.
Absolutely, from Amsterdam I can sometimes hop all the way into Germany, The Hague, Haarlem. That doesn't mean my messages will always travel that far. Far from it, but it does mean that an identification message _has_ made it from there. On average there's around 80-100 nodes that I can connect to.
I remember reading that men and women in Saudi Arabia are forbidden from interacting directly in a bar setting. So instead they were using Bluetooth to covertly connect and communicate.
Consider if you live in Gaza. Israel has destroyed all the telecoms equipment across the Gaza strip (and everything else). You were ordered to leave your home by Israeli soldiers, but now the school you're sheltering in is being bombed. You may need to leave, but you believe there may be sniper drones outside.
- You want to check in with people around you about what to do
- You want to check on the health of your family, from whom you were separated
As per (AFAIK) this hacker's rant on some Tor-based image board, he gloated the login credentials to the Vastaamo's systems were admin:admin. So much for 'hacker god'. This is a Hackers (1995) tier vulnerability. Also, it's sickening that YOLOing security to this extent is even possible in 2020s.
>Signal's achievement is that it's very private while being extremely usable (it just works).
Exactly. Plus it basically pioneered the multi-device E2EE. E.g., Telegram claimed defaulting to E2EE would kill multi-client support:
"Unlike WhatsApp, we can allow our users to access their Telegram message history from several devices at once thanks to our built-in instant cloud sync"
Ok so which iPhone app can be verified from source?
Or is your problem that your peer might run the app on an insecure device? How would you exclude decade old Android devices with unpatched holes? I don't want to argue nirvana fallacy here but what is the solution you'd like to propose?
I don't think there is a solution -- Signal advertises itself as having a sort of security that isn't really possible with any commercially available device. You have to trust more people then just the person you're communicating with; if that's unacceptable then you need to give up a bunch of convenience and find another method of communicating.
Fortunately, the parties that you have to trust when you use signal haven't been malicious in any way, but that doesn't mean that they can't.
My issue is it claims to be end-to-end encrypted, which is really weird. Sure, TLS between you and your bank's server is end-to-end encrypted. But that puts your trust on the service provider.
Usually in a context where a cypherpunk deploys E2EE it means only the intended parties have access to plaintexts. And when it's you having chat with a server it's like cloud backups, the data must be encrypted by the time it leaves your device, and decrypted only once it has reached your device again. For remote computing, that would require LLM handles ciphertexts only, basically, fully homomorphic encryption (FHE). If it's that, then sure, shut up and take my money, but AFAIK the science of FHE isn't nearly there yet.
So the only alternative I can see here is SGX where client verifies what the server is doing with the data. That probably works against surveillance capitalism, hostile takeover etc., but it is also US NOBUS backdoor. Intel is a PRISM partner after all, and who knows if national security requests allow compelling SGX keys. USG did go after Lavabit RSA keys after all.
So I'd really want to see this either explained, or conveyed in the product's threat model documentation, and see that threat model offered on the front page of the project. Security is about knowing the limits of the privacy design so that the user can make an informed decision.
Or, he took a barely niché messaging app plugin (OTR), improved it to provide forward secrecy for non-round trips, and deployed the current state-of-the art end-to-end encryption to over 3,000,000,000 users, as Signal isn't the only tool to use double-ratchet E2EE.
>broken SGX metadata protections
Citation needed. Also, SGX is just there to try to verify what the server is doing, including that the server isn't collecting metadata. The real talking is done by the responses to warrants https://signal.org/bigbrother/ where they've been able to hand over only two timestamps of when the user created their account and when they were last seen. If that's not good enough for you, you're better off using Tor-p2p messengers that don't have servers collecting your metadata at all, such as Cwtch or Quiet.
>weak supply chain integrity
You can download the app as an .apk from their website if you don't trust Google Play Store.
>a mandate everyone supply their phone numbers
That's how you combat spam. It sucks but there are very few options outside the corner of Zooko's triangle that has your username look like "4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad".
>and agree to Apple or Google terms of service to use it?
Yeah that's what happens when you create a phone app for the masses.
Moxie Marlinspike sounds like some 90s intelligence guy’s understanding of what an appealing name to hacker groups would sound like. Put a guy like that as so-called creator of some encryption protocol for messaging and promote the app like it’s for secret conversations and you think people won’t be suspicious? It screams honeypot like nothing else.
He IS a hacker from the 90s. It’s an assumed name. Plenty of hackers from the 90s have pseudonyms.
> so-called creator of some encryption protocol
All evidence points to him being one of the protocol’s designers, along with Trevor Perrin.
I’ve met both of them. The first time I met Moxie and talked about axolotl (as it was called back then) was in 2014. Moxie and Trevor strike me as having more integrity and conviction than most. There is no doubt in my mind that they are real and genuine.
Interestingly enough, some of the work Trevor did related to Signal’s cryptography was later used by Jason Donenfeld in the design of WireGuard.
> It screams honeypot like nothing else.
As you can see there is plenty of evidence suggesting otherwise.
>Moxie Marlinspike sounds like some 90s intelligence guy’s understanding of what an appealing name to hacker groups would sound like. Put a guy like that as so-called creator of some encryption protocol for messaging and promote the app like it’s for secret conversations and you think people won’t be suspicious? It screams honeypot like nothing else.
This criticism has absolutely zero substance and honestly just reads like paranoid rambling. The Signal protocol has been independently formally analyzed [1] and has no known security issues.
The example you linked is about push notifications in general, nothing specific to the Signal app. If the concern is that your OS is compromised or spying on you, that's not something E2E encryption can protect against, whether it's Signal or any other app.
I don't think so, you could use the official Linux build as far as I know. I think it needs a phone number but not necessarily a mobile device. I might be wrong though.
So the argument against Signal is now "the creator's nickname sounds odd"? I mean, OK? Keep using WhatsApp, Telegram or Instagram if you think those are more private than Signal.
It's just people having zero product sense, or an idea of what it means to target more than 0.01% of the market. The last comment said that Signal's problem is that it's mobile-first, which, how does someone even think that a messaging app should be anything other than mobile-first?
There are no fully open/auditable android phones. All of them have privileged binary blobs. An end to end chat service where there are no options permitting full accountability of the client software and operating system is largely security theater.
Even if you do all that, it is not an official option, let alone a recommended one. The recommendation is to accept the google or apple terms of service.
Moxie even went as far as to say he would actively do anything in his power to discourage or stop the use of third party clients.
> You can download the app as an .apk from their website if you don't trust Google Play Store.
I wish apple & google provided a way to verify that an app was actually compiled from some specific git SHA. Right now applications can claim they're opensource, and claim that you can read the source code yourself. But there's no way to check that the authors haven't added any extra nasties into the code before building and submitting the APK / ios application bundle.
It would be pretty easy to do. Just have a build process at apple / google which you can point to a git repo, and let them build the application. Or - even easier - just have a way to see the application's signature in the app store. Then opensource app developers could compile their APK / ios app using github actions. And 3rd parties could check the SHA matches the app binaries in the store.
This is what F-droid does (well, I suspect most apps don't have reproducable builds that would allow 3rd-party verification), but Signal does not want 3rd-party builds of their client anyhow.
>> and agree to Apple or Google terms of service to use it?
> Yeah that's what happens when you create a phone app for the masses.
No, that's what happens when you actively forbid alternative clients and servers, prevent (secure) alternative methods of delivery for your app and force people to rely on the American megacorps known for helping governmental spying on users, https://news.ycombinator.com/item?id=38555810
>Snowden's aim was to damage the US and its allies, and he succeeded in this.
Dude, nobody's buying this nonsense. Snowden expressed his concerns multiple times. He talked about the surveillance enabling turn-key tyranny, if ever a fascist leader would rise into power in the US. And look what's happening now. He was right, and thank god he blew the whistle, as that gave privacy activists a decade long headstart to get end-to-end encryption deployed.
>It is of course very telling that Snowden ended up in Russia.
Yeah it's almost like you can revoke someone's passport during their layover in Russia and make the people with MAGA-levels of intelligence take the optics at face value through decade long repeated messaging.
If Snowden was a Russian spy, he would've taken the files, given them to Putin, received the largest Datša in the country and we would never have heard from him or the files. Instead, he gave it to journalists who made the call what to release.
Even if you are playing tic-tac-toe at a chess tournament, you still have to think a move ahead. Saying "Very naive to think that the Russian and Chinese governments didn't get a full copy" makes your initial point moot. If the adversaries you are supposedly worried about already have everything, what's the point of keeping it from the American people?
GP didn't claim that Snowden worked for both countries. Snowden certainly did offer details of compromised Chinese networks to SCMP, which is now a propaganda rag for the PRC, in a failed attempt to gain asylum in Hong Kong. https://www.scmp.com/news/china/article/1266821/us-hacks-chi...
Snowden gave the full set of documents to Greenwald, Poitras, and The Intercept. Greenwald's opsec in particular is highly questionable, and I would be shocked if Russia and China didn't get a full copy from him. China had no need to barter with Snowden.
Which exactly weapons are supplied by China? Even ever lying news sources like Bloomberg and CNN never made such unfounded accusations.
Also, how and why some "spy" would work both for China and Russia? Two very different countries from every point of view: culturally, economically, and in every other way also.
The only thing in common is that USA wants to destroy both Russia and China and that because of that reason US controlled media (like 90% of media in the world) publish scary fakes about both countries.
He left his cozy upper middle-class life, partner, and put his life on the line to expose illegal mass surveillance. That's gazillion times more risk and sacrifice to do the right thing, than you'll ever accomplish.
The problem is that much of it wasn't illegal. Some was, but some was just spy agencies doing spy agency things. The laws draw some pretty fine distinctions that are at odds with what you expect.
Perhaps it's worth it to have exposed the genuinely illegal things and have scrutiny on the legal but unpleasant ones. But I don't think that's obviously the case. Spy agencies are by definition going to do stuff you wouldn't approve of if you weren't paying close attention to what protections are in place.
reply