grin agymenései
Archívum Január 2017

Secure chat on mobile and desktop

2017-01-07 10:12 írta grin

Big Brother is Listening

We live in curious times.

While we have "civilisation" and "freedom" and "democracy", we also happen to have corrupted politicians, governmental secret services, industrial and business spying, and generally various violations of privacy and personal space.

When Phil Zimmermann have created PGP it wasn't because he was spied on -- it was because anyone of us could have been spied on and we wouldn't be able to protect ourselves; usually it doesn't quite matter but at the point when it started to matter it'd be already too late to start doing something about it. Prevention. Back then the Government have considered a person "suspicious" if s/he encrypted the communication; when everyone encrypts their communication it wouldn't be "suspicious" anymore, and wouldn't be possible to single out peope just because they're using secure means to communicate. And by "secure" I mean secure against even the skilled criminals, including governmental ones. Todays' encryption is usually "unbreakable" even for the three-letter U.S. and Russian agencies (and the similar ones with undescribable name in China).

Since then time have forwarded fast, and not just PGP became legal but there are plethoras of programs promising secure communication, protection of one's identity, untraceability or deniability of messages, self-destructing or timing out messages and alike. This have happened due to the governmental and industrial criminals becaming more and more aggressive in their invasion of our privacy, storing and analysing personal private communication, using and abusing it to their purpose and agenda.

They often say: the terrorists use the technology, so we have to make it illegal. Obviosuly, since if we make it illegal the terrorists will stop using it, unlike the citizens protecting their own private life from the government?

"When privacy is outlawed only outlaws have privacy."

But that's a theoretical problem; in reality we have to protect ourselves from political and business oriented criminals in high positions, attacking our communication infrastructure wherever they can. Google have learned the hard way that even their internal traffic could be unlawfully tapped by the agencies and they're hard working preventing that and hoping that they're protecting faster than the government infiltrates it. Everyone have to protect themselves as good as they can since we cannot put all the trust in the companies running the stuff in faraway places. I trust best what I protect for myself.

So let us see the practice. I try to summarise you some of the best and most secure, widely available communication programs for mobile phones (or at least Androids). We do not talk about the security of the devices here: that's a different and quite lengthy topic, but let's assume that at least the devices are not readily tapped. If the stakes are that high then don't use industrial devices; use self-built open-source computers with professionally crafted protection. It is not hard, but we don't need it right now - we don't want to kill JFK after all, just prevent agents to blackmail people for whatever random reason, to prevent our email and phone addresses from spamming and analysing, to prevent agents and businesses to build personality profiles of us and alike. We're not the criminals - they are.

The programs

The good

I'll expand these below.

  • WhatsApp - public protocol
  • Signal (formerly TextSecure) - public protocol
  • Wire - open source
  • Conversations (XMPP + OMEMO / OTR) - public protocol
    • ChatSecure (discontinued)
  • Telegram secret chat
  • SIP + encryption
  • ToX (and AnTox) - public protocol

The questionnable

These often encrypt the communication between you and the server of the provider, but without end-to-end encryption they can read everything you do.

  • Telegram normal / group chat
  • Hangouts / Google Talk - TLS

The bad

Apart from using insecure means of communication these programs often leak private data to their parent companies or agencies. Some of them gather completely unrelated private data on purpose.

  • Viber - insecure and known illegal transfer of private communication
  • Facebook chat - insecure
  • Facetime - pretty secure but no identity verification
  • Skype - insecure, known privacy problems
  • Snapchat - insecure and misleading

Never heard of

These show up in my searches but never have used them, listing them in case someone's wondering.

  • Threema - non-free
  • Gliph - looks like some kind of bitcoin based business, with non-published security architecture and high claims
  • Wickr (possibly pretty good, with end-to-end encryption and have been audited but the protocol isn't public and the code is not open; it have a stupid idea of destroying every message after at most a week or so; and I've been told that Wickr shuts down accounts not used for half a year without warning.)
  • G-Data Secure chat - not much info, uses signal protocol
  • Line - Japan... no much info on implementation
  • Ricochet - runs on TOR network, no group chat (yet) and its security isn't that great. Rather simplistic.
  • Streembit - "a network service for humans and machines"; p2p, dht, ecdsa sign, aes256 crypt

Crypto background

Let me briefly tell you about some crypo stuff to make it easier to feel what's that fuss about. For those who are professionals on the crypto field I offer my sincerest apologies for oversimplifications.

Attackers and assurances

An "attack" means that someone gets to know information they have no business to know. Attackers could be anyone: governments, businesses, spammers, rogue internet providers, spooks, and even the person you're talking to. Let's see first what could go bad, and what to do about it:

Attacker goalSecurity property
1. Compromise messagesConfidentality
2. Change messagesIntegrity
3. Inject false messagesAuthenticity
4. Identify as another personAuthentication of partners
5. Block communicationNo single point of blocking
6. Learn metadataPrivacy protection
7. Prove content of messagesDeniability of content
8. Prove that persons communicatedDeniability of conversation
9. Learn past communication after compromiseForward secrecy
10. One attack compromises all future communicationFuture secrecy

That's a lot indeed.

There is also one property which is very important to consider: being open source. OS means that the program code is published for anyone to read, and to be able to verify the (security and other) claims the program authors make. Closed source often means code nobody ever looked at and never verified, so the authors can claim whatever they please without doing anything about it. Some closed source code were, however, externally audited, and if you trust the professionality of the auditor these (claims) should be reasonably trusted.

From the security protocol viewpoint (eg. "how good is the encryption technology a program uses") number 5 and 6 are not part of the problem, while in reality these are very important.

Metadata (#6) means the attacker can reveal who communicated to whom, when, how many times, how long the messages were, as well as the possible identity of the parties; in a hostile communication environment (like that between ukrainian people vs. Russian government) these are very sensitive (and potentially life threatening) informations. Metadata protection usually means that anonimity of the parties are ensured while there's some methods to assure #3 and #4.

Protecting from #5 is not meaningless as well. While obviously there is no protection against switching off the whole internet for someone, there exist protection against shutting down one or some central servers by force. Distributed, serverless channels are just for that.

You have to see that from the programs above very few offers you protection against #5, because it means you have to be a member of a distributed network. Tox and the not very much used Bleep offers you that, in exchange for higher network traffic, since you have to be a member of a distributed network of nodes, basically you're one server of the many. To be honest it is important that these assurances are only true if there are plenty of users using the given method, since a distributed network is only good if there are at least a few hundred well distributed users around (preferably way more). Tox does seem to have such userbase, Bleep may not.

To protect against #6 is not convenient for you either, since to protect from #4 both parties have to verify each others' anonymous identity. It's compulsory to be sure that what you verify is true, so the verification has to happen on a channel (preferably in live conversations or phone conversation) which is strongly identifying the partner. It usually involves reading up lots of numbers. :-) Conversations, Wire, Tox, Bleep offers you such protection.

Another way of #6 (metadata protection) is that the provider is reasonably trusted not to collect metadata, usually by using open source to prove it or to have an external auditor to prove it (but in that case it only stands for the audited software version and not for any other versions). Signal is probably on of these: while they collect real-world metadata (phone numbers) and store it on a central server they don't collect converstional metadata, which is fairly safe while having a simplified partner identification and partner directory. The counterexample is WhatsApp which provides the same way of message security and confidentality as Signal but syphons your metadata to Facebook to sell for advertisers or else.

Most program I suggested protects you against all other problems, which means Conversations, Wire, Tox, Bleep, Signal, Telegram secret chats, and possibly others which cannot be verified due to their closed source nature.

I would draw the line here, and insert summary in the middle to screw up those who read only the beginning and the end of a long post:

To use full security use Tox (and bear with the higher network traffic due to peer-to-peer nature).

To use faily secure and anonymous channel use Wire (and register by random-generated free email).

The others (from "questionable" to "bad") often only protect the path between the device and the central server of the provider, and you have to fully trust the provider not to, well, act like an attacker. They can do whatever they want, including faking messages and reveal all content to third parties. If you do trust the provider, your messages may be safe from 3rd party adversaries listening to your network connection.

There are an interesting group of programs which claim to have a cryptographical technology to protect you (mostly only for #1 - #3), while their very technology is questionable. Such problems were identified in Telegram, and possibly others in the "bad" bunch which I didn't check thoroughly.

Real life? Anyone?

It is always interesting (or rather entertaining) to read articles about security and mobile chats. I tend to favour real encryption (end-to-end), so these articles are useful.

However I have been trying probably more of these than the average person, and not just “trying” but actually trying to get people to use it for normal things and not just testing. (As a sidenote: I did not try non-free programs, so Threema and alike are out of scope.)

The main result was that it is not enough to have strong security, or often it’s not even important to the average people you’re commincating with; what matters most is features and even more importantly usability. While security awareness is almost extinct people want nice and easy to use interfaces, cross-compatibility, multidevice access, and exactly that’s where the best programs are failing. Signal is probably reach the bar of usability, it works (barely, from the usability point of view), its [non-security] features are few and lacking [and they happily ignore feedback regarding that] but provide the bare minimum; others, like Tox, are well below usability requirements (but offer security assurances well beyond the usual bunch, like no central servers, anon participants and untraceable metadata, like Tor based chats). People simply don’t use it due to the ugly interface and lacks of features. Still, these are open-source code, which is best security-wise. So if you can: use Signal or (an)Tox or XMPP+OTR/OMEMO (like Conversations).

Open source ends around here. All following are closed, stating unverifiable claims about their security. (As a sidenote Signal protocol isn’t really “open” in the “open standards” sense as it’s been repeatedly mentioned that it’s unimplementable without reverse engineering signal code, and there have been legal wrangling between implementors and OWS.)

Security-wise Wire would be nice only if its interface wasn’t absolutely crappy, but it does have a potential. Update: Wire client, and later Wire server as well were both open sourced in 2017, so Wire is in the verifiably open and self-hostable arena from then on.

Wickr seems to be interesting but I don’t quite find compulsory message destruction useful to me.

As the list of “non-metadata invasive code” ends, we reach the “metadata risky” bunch. I have to partially disagree regarding Telegram, since its secure chat feature believed to be pretty secure, bar the not-quite-as-secure-as-they-wished crypto they are using (which is pretty much still good unless you’re against the NSA or the GRU). The usability is also pretty good. My current preferred application for secure chats would be WhatsApp due to it’s easy to use interface, good crypto and wide availability, and I don’t quite worry about traffic analysis in chats, apart from that they may not even do that.  Update: In 2018 WhatsApp privacy evangelist and owner have left the company and Facebook took over; anything may happen, including worsening security, spying or else. It haven't happened just yet (as of May 2018).

That’s the point where end-to-end ends (haha), from here your messages are visible to the server operators. Still, worths mentioning that this is still better than using dubious “security” of some chat where literally anyone can read the messages, including your local, possibly resource-bound national government.

Telegram (normal chat) is still pretty good, as well as most Google stuff (Hangouts), since they’re at least properly encrypted and their intentions are — despite what people would like to assume — not evil. (FaceTime has been mentioned in my list but I haven’t tried it honestly: it’s been said to be somewhat secure but lacking identity verification.)

Unlike the next bunch, which I only mention to show that I’m aware their existence but… Viber, Facebook Messenger, Skype, Snapchat, these are all “said to be” smoke-and-mirrors. I say that since I am no security auditor, they are all closed source and all I know is that the net is full of “capture ZZZ messages” programs, and the companies behind these are considered distrusted by me. 

As a summary: for the Snowden Business™ use Signal or Tox. For everyday chat use Wire, Conversations (xmpp+omemo, if you don’t need audio/video, but then you can use SIP+ZRTP+SRTP) or WhatsApp (if you do), or Telegram secure chats (if you fancy graphics). 

Don’t take me as a professional opinion, even if I sound like one.

Archívum Január 2017


grin agymenései