Oddbean new post about | logout
 Ok, interesting. 
Serious Question: If Signal is so good: Why did the Tucker interview with Putin got leaked?
(Heard mention that fact in an interview he gave.) 
 There is a post on here where I went through that but I can't search my own posts on Amethyst.

Secure messengers depend on the device, if your device is not secure, your messages aren't either. Getting control of the device is getting control of the messaging app too. And doing the former is far easier and stealthier. 

Messaging apps like Signal getting in on this requires a convoluted plan of the state and the developers to collude. Intelligence ops require the least people to know about it, and preferably no one in the general public. Changing the functionality of the app and server infrastructure to push it to everyone is too loud and risky for a state to perform. Hitting a target with a zero-click exploit to get access to the device and all the data is far easier and is stealthy. Nation states are certain to have exploitation capabilities for tons of computing platforms and apps, but it wouldn't be collusion since not even these software developers would even know they have it, they are state secrets.

Tucker (if he is actually telling the truth and isn't grifting) is a high profile person. He has a gigantic professional network and likely so would this Russian client he communicates with. It would be more realistic that intelligence targeting the Russian client or one of his network got out and revealed his plans. High profile individuals also get hit with spyware campaigns a la Pegasus all the time too. Any one of them can be a target.

Tucker isn't a digital security expert, he is a presenter. He isn't expected to understand what or what did not happen to him. It is possible it's not even a digital factor, someone in his social circle could have told off too.

We do have criticisms of Signal and we recommend hardened variations like Molly instead to our users. Signal is mentioned here because Telegram attacked them repeatedly despite performing far worse in security and privacy. We also trust them not to collude. The Signal app itself could have vulnerabilities exploited remotely just like any other messaging app, particularly in the media handling libraries or WebRTC. That's not a breach of Signal's encryption or a collusion. A secure hardware and operating system can significantly help to defend apps from remote exploits of vulnerabilities. 
 Outside of Signal, nostr:nprofile1qqsvnx99ww0sfall7gpv2jtz4ftc9v6wevgdd7g4hh7awkpfvwlezugpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsg5cway is fantastic if you don't want a centralised messenger or a phone number requirement. 
 SimpleX and Session are the best. 
 Wow, thank you so much for this very nuanced answer!! 
 Follow up question:

Which resources would you reccommend to a normie (non-coder) to set up a secure mobile/messaging enviroment without investing more than 10h of learning time? 
 Follow good security practices, update software and use new and secure devices. Don't install apps or visit places you don't trust. Less is more, the more you add the more parties you have to trust.

Use a good messenger like SimpleX. Session has some cons like no perfect forward secrecy, but we give them extra props for being honest about that. Signal is the best mainstream choice by us but Molly is a hardened fork we suggest to users above it. You can get Molly via Accrescent app store which is in the GrapheneOS App Store, so there is a chain of trust between GrapheneOS and Molly. The phone number requirement is a con, but Molly allows running multiple devices on one account so you could even register the number on one device, move to a WiFi-only device and never use the number again.

Perfect Forward Secrecy means that even if an attacker gets the messages and later compromises your device to get the main decryption keys, they can't get the messages which no longer have the session keys on your device. Having messages stored on a server inherently is not a major issue providing it is encrypted, though usually most messengers don't anyway which is favorable. Session not having PFS is a flaw in this front.

The messenger needs an OS that is secure and up to date. The hardware also needs to be secure and receive patches. Desktop OSes like Windows and many Linux distributions are worse overall since they don't forcibly sandbox apps. Any other app can just access the data of your messaging app quite easily on these platforms. Assess if needing to share your messages to other devices like desktops are necessary before you choose to do it.

When using something like a messenger there is always the potential of a sophisticated threat having an exploit for it, the same way people do via Telegram, WhatsApp or others because the app is popular. A secure OS can prevent an exploitation of an app that may work on another OS. GrapheneOS using hardened_malloc, MTE, and other exploit mitigations is a huge help with this because some exploits or exploited apps will crash or not work. We have discovered vulnerabilities in OS components like Bluetooth because of our exploit mitigations crashing when there is bugs on certain Bluetooth devices.

Assure the person you speak to on the other end is also following good security practices. You are only as secure as the least secure person in a group. Don't contact people you don't know that well. Don't click links or open attachments to people you don't know or trust enough. You rely on trusting each person you message to be as honest as you are. If you are very high risk, people may choose to just have a separate device for that purpose too. If you're using something like Telegram or Discord, assume everything you said will be kept and seen by anyone. They are more like public forums than private one-to-one messaging.

High risk GrapheneOS users or those with physical device access as a risk can specifically look at this:

nostr:nevent1qqsfdvew2fde7lm6tkfqz5m43xxugr998sxe7tfqchfv59uf2yehh3cpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygxptfdxtxrw026pxn0w82u9y4x6t3w5kp883d83djpgxuvj6d23s5psgqqqqqqs8x6ltz 
 Thank you, will study this in detail in calm. Just a quick question before that: what to prefer, in case one wants to follow your advice 1:1: 

-iPhone or Android?
-And if android: Pixel or does it even matter? 
 An iPhone and stock Pixel are around the same, but Pixels obviously gives you more freedom of apps, while Apple's online services are arguably better. There are pros and cons. You're at the bane of either Google or Apple if you use their services. For iPhone, Lockdown Mode exists for added security too but it messes with some browser and messenger functionality. Pixels let you install other OSes safely and easily which is where more private and secure options like ours can be installed onto.

https://grapheneos.org/

GrapheneOS runs on Pixels because they are the highest security platform commercially available to us. For other Android platforms, Samsung comes close but destroys hardware and security functionality on other OSes by an eFuse so we can't use them. Most other Android devices are insecure by being slow on updates and patches or with their hardware choices. Google quickly responds to our vulnerability reports while some haven't even tried to deal with issues we believe affect several other devices that we reported several months ago.

Pixel 8 and later are the best of them as they have hardware security features like MTE which previous generations don't have. They also get security updates for 7 years since launch. We are always open to working with other device manufacturers to hopefully go above what Pixel offers, or to provide an alternative. Most times they fall through because they want to do something different. We have strict demands.

Cellebrite Premium (phone extraction tool exclusive to police) documents say they can do iPhone access on every iPhone on latest iOS while for Pixels they can only hit the stock OS (not GrapheneOS who they DIRECTLY mention) and they cannot brute force the secure element. The stock OS on Pixels does not take full advantage of the security features available to them, like MTE, which is a game changer.

The Cellebrite docs provide a good insight on what device companies with massive budget have a harder time in exploiting:

nostr:nevent1qqs0nywe3nndmy58zfuezntqpqujr6luz5e6cxg26yfvy9e678ea2kcpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygxptfdxtxrw026pxn0w82u9y4x6t3w5kp883d83djpgxuvj6d23s5psgqqqqqqs0femts

Obviously it doesn't completely deny possibility of attacks. Technology is not impenetrable and people who think very powerful organisations is after them need to behave differently too. 
 Thank you! 
 All traffic of Signal goes through the clouds of

Googe, Amazon, Microsoft & Cloudflare

they collect metadata on IP-Basis and know exactly "who is talking with who".

Better switch to Threema from Switzerland. As they dont collect metadata nor IP-Adresses + anonymous usage possible = more protection of your privacy isn´t possible!

Check it for yourself:

Visit

https://www.securemessagingapps.com

Rate:
🟩=3 🟨=1 🟥=0

Results (and where the money comes from)

1. Threema = 86 = most secure Messenger (User pays one-time)

2. Signal (OTF / Brian Acton / Ex-WhatsApp) = 80
3. Session (Loki Coin & suspicious Chinese) = 77
4. Wire (Janus Fries / Ex-Skype) = 68
5. SimpleX Chat *= 67
6. Wickr (Amazon) = 61
7. Element / Matrix (Amdocs / Morris Kahn) = 56
8. Apple iMessage (Hardware sales) = 37
9. WhatsApp (Meta) = 32
10. Google Messages (Ads) = 28
11. Telegram (Putin) = 27
12. Facebook Messenger (Meta) = 26
13. Microsoft Skype =10

* SimpleX Chat got 380.000 $ from VillageGlobal.vc = Jez Bezos, Mark Zuckerberg, Bill Gates, ect.

OFT = OpenTechnologyFund = US-Goverment