grin agymenései
Archívum Január 2017

Secure chat on mobile and desktop

2017-01-07 10:12 írta grin

Big Brother is Listening

We live in curious times.

While we have "civilisation" and "freedom" and "democracy", we also happen to have corrupted politicians, governmental secret services, industrial and business spying, and generally various violations of privacy and personal space.

When Phil Zimmermann have created PGP it wasn't because he was spied on -- it was because anyone of us could have been spied on and we wouldn't be able to protect ourselves; usually it doesn't quite matter but at the point when it started to matter it'd be already too late to start doing something about it. Prevention. Back then the Government have considered a person "suspicious" if s/he encrypted the communication; when everyone encrypts their communication it wouldn't be "suspicious" anymore, and wouldn't be possible to single out peope just because they're using secure means to communicate. And by "secure" I mean secure against even the skilled criminals, including governmental ones. Todays' encryption is usually "unbreakable" even for the three-letter U.S. and Russian agencies (and the similar ones with undescribable name in China).

Since then time have forwarded fast, and not just PGP became legal but there are plethoras of programs promising secure communication, protection of one's identity, untraceability or deniability of messages, self-destructing or timing out messages and alike. This have happened due to the governmental and industrial criminals becaming more and more aggressive in their invasion of our privacy, storing and analysing personal private communication, using and abusing it to their purpose and agenda.

They often say: the terrorists use the technology, so we have to make it illegal. Obviosuly, since if we make it illegal the terrorists will stop using it, unlike the citizens protecting their own private life from the government?

"When privacy is outlawed only outlaws have privacy."

But that's a theoretical problem; in reality we have to protect ourselves from political and business oriented criminals in high positions, attacking our communication infrastructure wherever they can. Google have learned the hard way that even their internal traffic could be unlawfully tapped by the agencies and they're hard working preventing that and hoping that they're protecting faster than the government infiltrates it. Everyone have to protect themselves as good as they can since we cannot put all the trust in the companies running the stuff in faraway places. I trust best what I protect for myself.

So let us see the practice. I try to summarise you some of the best and most secure, widely available communication programs for mobile phones (or at least Androids). We do not talk about the security of the devices here: that's a different and quite lengthy topic, but let's assume that at least the devices are not readily tapped. If the stakes are that high then don't use industrial devices; use self-built open-source computers with professionally crafted protection. It is not hard, but we don't need it right now - we don't want to kill JFK after all, just prevent agents to blackmail people for whatever random reason, to prevent our email and phone addresses from spamming and analysing, to prevent agents and businesses to build personality profiles of us and alike. We're not the criminals - they are.

The programs

The good

I'll expand these below.

  • WhatsApp - public protocol
  • Signal (formerly TextSecure) - public protocol
  • Wire - open source
  • Conversations (XMPP + OMEMO / OTR) - public protocol
    • ChatSecure (discontinued)
  • Telegram secret chat
  • SIP + encryption
  • ToX (and AnTox) - public protocol

The questionnable

These often encrypt the communication between you and the server of the provider, but without end-to-end encryption they can read everything you do.

  • Telegram normal / group chat
  • Hangouts / Google Talk - TLS

The bad

Apart from using insecure means of communication these programs often leak private data to their parent companies or agencies. Some of them gather completely unrelated private data on purpose.

  • Viber - insecure and known illegal transfer of private communication
  • Facebook chat - insecure
  • Facetime - pretty secure but no identity verification
  • Skype - insecure, known privacy problems
  • Snapchat - insecure and misleading

Never heard of

These show up in my searches but never have used them, listing them in case someone's wondering.

  • Threema - non-free
  • Gliph - looks like some kind of bitcoin based business, with non-published security architecture and high claims
  • Wickr (possibly pretty good, with end-to-end encryption and have been audited but the protocol isn't public and the code is not open; it have a stupid idea of destroying every message after at most a week or so; and I've been told that Wickr shuts down accounts not used for half a year without warning.)
  • G-Data Secure chat - not much info, uses signal protocol
  • Line - Japan... no much info on implementation
  • Ricochet - runs on TOR network, no group chat (yet) and its security isn't that great. Rather simplistic.
  • Streembit - "a network service for humans and machines"; p2p, dht, ecdsa sign, aes256 crypt

Crypto background

Let me briefly tell you about some crypo stuff to make it easier to feel what's that fuss about. For those who are professionals on the crypto field I offer my sincerest apologies for oversimplifications.

Attackers and assurances

An "attack" means that someone gets to know information they have no business to know. Attackers could be anyone: governments, businesses, spammers, rogue internet providers, spooks, and even the person you're talking to. Let's see first what could go bad, and what to do about it:

Attacker goalSecurity property
1. Compromise messagesConfidentality
2. Change messagesIntegrity
3. Inject false messagesAuthenticity
4. Identify as another personAuthentication of partners
5. Block communicationNo single point of blocking
6. Learn metadataPrivacy protection
7. Prove content of messagesDeniability of content
8. Prove that persons communicatedDeniability of conversation
9. Learn past communication after compromiseForward secrecy
10. One attack compromises all future communicationFuture secrecy

That's a lot indeed.

There is also one property which is very important to consider: being open source. OS means that the program code is published for anyone to read, and to be able to verify the (security and other) claims the program authors make. Closed source often means code nobody ever looked at and never verified, so the authors can claim whatever they please without doing anything about it. Some closed source code were, however, externally audited, and if you trust the professionality of the auditor these (claims) should be reasonably trusted.

From the security protocol viewpoint (eg. "how good is the encryption technology a program uses") number 5 and 6 are not part of the problem, while in reality these are very important.

Metadata (#6) means the attacker can reveal who communicated to whom, when, how many times, how long the messages were, as well as the possible identity of the parties; in a hostile communication environment (like that between ukrainian people vs. Russian government) these are very sensitive (and potentially life threatening) informations. Metadata protection usually means that anonimity of the parties are ensured while there's some methods to assure #3 and #4.

Protecting from #5 is not meaningless as well. While obviously there is no protection against switching off the whole internet for someone, there exist protection against shutting down one or some central servers by force. Distributed, serverless channels are just for that.

You have to see that from the programs above very few offers you protection against #5, because it means you have to be a member of a distributed network. Tox and the not very much used Bleep offers you that, in exchange for higher network traffic, since you have to be a member of a distributed network of nodes, basically you're one server of the many. To be honest it is important that these assurances are only true if there are plenty of users using the given method, since a distributed network is only good if there are at least a few hundred well distributed users around (preferably way more). Tox does seem to have such userbase, Bleep may not.

To protect against #6 is not convenient for you either, since to protect from #4 both parties have to verify each others' anonymous identity. It's compulsory to be sure that what you verify is true, so the verification has to happen on a channel (preferably in live conversations or phone conversation) which is strongly identifying the partner. It usually involves reading up lots of numbers. :-) Conversations, Wire, Tox, Bleep offers you such protection.

Another way of #6 (metadata protection) is that the provider is reasonably trusted not to collect metadata, usually by using open source to prove it or to have an external auditor to prove it (but in that case it only stands for the audited software version and not for any other versions). Signal is probably on of these: while they collect real-world metadata (phone numbers) and store it on a central server they don't collect converstional metadata, which is fairly safe while having a simplified partner identification and partner directory. The counterexample is WhatsApp which provides the same way of message security and confidentality as Signal but syphons your metadata to Facebook to sell for advertisers or else.

Most program I suggested protects you against all other problems, which means Conversations, Wire, Tox, Bleep, Signal, Telegram secret chats, and possibly others which cannot be verified due to their closed source nature.

I would draw the line here, and insert summary in the middle to screw up those who read only the beginning and the end of a long post:

To use full security use Tox

The others (from "questionable" to "bad") often only protect the path between the device and the central server of the provider, and you have to fully trust the provider not to, well, act like an attacker. They can do whatever they want, including faking messages and reveal all content to third parties. If you do trust the provider, your messages may be safe from 3rd party adversaries listening to your network connection.

There are an interesting group of programs which claim to have a cryptographical technology to protect you (mostly only for #1 - #3), while their very technology is questionable. Such problems were identified in Telegram, and possibly others in the "bad" bunch which I didn't check thoroughly.

(Unfinished enty)

Archívum Január 2017


grin agymenései