this post was submitted on 04 Dec 2023
-34 points (39.6% liked)

Technology

59597 readers
3259 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 40 comments
sorted by: hot top controversial new old
[–] Pfosten@feddit.de 87 points 11 months ago (2 children)

This article is ahistoric and unnecessarily conspirational.

Signal and its predecessors like TextSecure have been run by different companies/organizations:

  • Whisper Systems
  • Open Whisper Systems
  • Signal Technology Foundation (and its subsidiary Signal Messenger LLC)

Open Whisper Systems received about 3M USD total from the US government via the Open Technology Fund for the purpose of technology development … during 2013 to 2016. Source: archive of the OTF website: https://web.archive.org/web/20221015073552/https://www.opentech.fund/results/supported-projects/open-whisper-systems/

The Signal Foundation (founded 2018) was started by an 105M USD interest free loan from Brian Acton, known for co-founding WhatsApp and selling it to Facebook (now Meta).

So important key insights:

  • It doesn't seem like the Signal Foundation received US government funding. (Though I haven't checked financial statements.)
  • The US government funding seems to be a thing of the fairly distant past (2016). The article makes it sound like the funding was just pulled this year.
  • The US government funding was small compared to Signal's current annual budget. It was not small at the time, but now Signal regularly makes more from licensing its technology than it regularly received from the US government. According to ProPublica, Signals financial statements for 2022 indicate revenue of about 26M USD
[–] effward@lemmy.world 5 points 11 months ago (1 children)

Thank you for sharing this!

One question: how can the loan from Brian Acton be interest free? I thought the federal government imposed minimum interest rates to prevent people from bypassing tax-free gifting limits.

[–] LWD@lemm.ee 2 points 11 months ago* (last edited 11 months ago)
[–] cypherpunks@lemmy.ml 1 points 11 months ago* (last edited 11 months ago)

It doesn’t seem like the Signal Foundation received US government funding

The article doesn't say that Signal Foundation did, it says Signal did... which is well-documented in OTF's annual reports among other places.

I agree that this article has lots of other problems, though; I describe more in my comment about it in another thread.

[–] otter@lemmy.ca 41 points 11 months ago* (last edited 11 months ago)

The other comment by @Pfosten@feddit.de focuses on the contents of the article, which are more important. I took a peek at the author, Kit Klarenberg.

The author also writes for The Grayzone (thegrayzone.com/author/kit-klarenberg/), which gets posted on Lemmy occasionally. Among other questionable and misleading pieces, The Grayzone and Kit put out articles 'calling out' Bellingcat and TOR...

For the stuff below, if you have doubts in the source, please follow up on the linked sources each one contains. To be clear, we do need to hold these tools and services accountable. Spreading misleading content does not help with that. Even worse if it's intentional disinformation


https://en.wikipedia.org/wiki/The_Grayzone

an American fringe,[7] far-left[19] news website and blog,[23] founded and edited by American journalist Max Blumenthal

The website, initially founded as The Grayzone Project,[24] was affiliated with AlterNet before becoming independent in early 2018.[4] It is known for its critical coverage of the US and its foreign policy,[1] misleading reporting,[25][26] and sympathetic coverage of authoritarian regimes.[4][21][27][28] The Grayzone has downplayed or denied the Chinese government's human rights abuses against Uyghurs,[32] published conspiracy theories about Venezuela, Xinjiang, Syria, and other regions,[33][34] and published pro-Russian propaganda during the Russian invasion of Ukraine.


https://mediabiasfactcheck.com/the-grayzone/

Overall, we rate The Grayzone Far-Left Biased and Questionable based on the promotion of propaganda, conspiracy theories, and consistent one-sided reporting.

[–] Gutless2615@ttrpg.network 25 points 11 months ago* (last edited 11 months ago)

Literally the definition of FUD. Shit tier article.

[–] ahriboy@kbin.social 19 points 11 months ago

Misleading. No sane person will trust that article

[–] cjf@feddit.uk 14 points 11 months ago (1 children)

This is certainly one way to spin this.

It doesn’t touch on all the other donations signal receives, including the major loan from Brian Acton. The OTF isn’t the only source of funding that signal has.

Signal will be fine. In fact now that the OTF have withdrawn funding it’ll probably shake off the weird take that Signal is CIA tech.

[–] bobgusford@lemmy.world 7 points 11 months ago (1 children)

OTF funding is also not a direct indication of funding from US intelligence or backdoors in the code. OTF could just be promoting development of software that breaks free of repressive regimes, which indirectly benefits US foreign policy.

[–] cypherpunks@lemmy.ml 1 points 11 months ago

which indirectly benefits US foreign policy

See the last part of my response to this article for one of the other ways it benefits the US.

[–] AllNewTypeFace@leminal.space 11 points 11 months ago
[–] davidgro@lemmy.world 11 points 11 months ago* (last edited 11 months ago) (1 children)

~~Wow. I really had no idea. I'm unsure if this implies anything about its security or not, the article kinda glosses over it I think.~~

The other comments have clarified that the article was (at best) very misleading.

[–] Unaware7013@kbin.social 5 points 11 months ago

Considering another user mentioned that the funding was before Trump was in office, I'm sure there wasn't an intentional reason to gloss over both of those points.... /s

[–] jet@hackertalks.com 9 points 11 months ago* (last edited 11 months ago) (1 children)

If signal can collapse because of a single contributor withdrawing support, then it kind of deserves to die. If It's not robust enough to withstand the lack of money, it would never stand up to government intervention.

Though I suspect signal is perfectly fine, this is just an outrage seeking article for clicks. Or unnecessary conspiracy. If you don't trust signal, you have other options like simple x, briar.....

[–] otter@lemmy.ca 15 points 11 months ago (1 children)

Intentional conspiracy, judging by who the author writes for

[–] jet@hackertalks.com 2 points 11 months ago (1 children)

It's a good thought experiment. Let's assume signal is a conspiracy.

What do we do now?

The article doesn't seem to have any thesis here. If signal becomes untenable:

Briar and simple x are the most promising in my mind, but I know there's a lot of proponents of matrix.

I personally don't think session is sustainable, simply because they don't have any development going on, no perfect forward secrecy added.

If we're talking about the signal replacement, we need a way for people to find their contacts. A phone contact list as a social graph is pretty good. I could see that being added as a discovery, optional, service for simplex, or even briar. But that would probably take quite a bit of development of work to do it in a non-Spammy fashion

[–] LWD@lemm.ee 2 points 11 months ago* (last edited 11 months ago) (1 children)
[–] jet@hackertalks.com 1 points 11 months ago

Yeah they had perfect forward secrecy when they forked from signal, and then they tore it out because it was too complex to fit in there model. That's an admission their bad programmers, and we shouldn't trust them with crypto, or nefarious and we shouldn't trust them with crypto.

Going back to what's next:

Contact Discovery is the major hurdle to adoption of any really secure platform. I do appreciate signals SGX enclaves, they solve the problem in a nice way... If you trust SGX enclaves. That being said, that's not the only way to do it. Though I can't think of many contact discovery mechanisms that don't rely on a central source of truth. Maybe that's the necessary evil for onboarding, but it doesn't have to be part of the day-to-day operations.

[–] BearOfaTime@lemm.ee 6 points 11 months ago* (last edited 11 months ago)

If this were true, then it'd be a good signal it frustrates feds, no?

[–] kpw@kbin.social 3 points 11 months ago* (last edited 11 months ago) (3 children)

This article may be bullshit, but people are still wasting their time on walled gardens like Signal. Organizations like Signal can easily disappear because they run out of money or, arguably worse, sellout because there is no other way to stay afloat. I wouldn't use any messenger not compatible with the XMPP internet standard at this point.

[–] LWD@lemm.ee 5 points 11 months ago* (last edited 11 months ago)
[–] ExpensiveConstant@kbin.social 5 points 11 months ago (2 children)

Isn't signal open source though? I know being open source doesn't magically make it interoperable with other services but even if Signal or Whisper systems sell out, someone could just fork the projects

[–] ZickZack@fedia.io 5 points 11 months ago (2 children)

You cannot run Signal without "Signal - the company" existing. All of their systems are designed to be attached to one specific backend, namely the signal-run backend, meaning without re-engineering the existing infrastructure you cannot simply swap over.

As @kpw already mentioned, "Signal - the company" dying would involve a functional reset of everything: No contacts, no servers, no infrastructure. COULD you fork the thing and build you own system? Sure, but it would be functionally unusable since no one else would be using it, since everything relies on specifically the signal servers to function. A post-signal system could re-use some of their code (if it runs outside signal corp - "works on my machine" could be present in this project as well), but would need to rebuild the actual network.

This is in contrast to something like the matrix protocol: If a specific matrix instance goes kaput, you still have the overall network working. This means that even if an instance implodes, you would have an easy migration path since the matrix network itself persists.

[–] LWD@lemm.ee 3 points 11 months ago* (last edited 11 months ago)
[–] jet@hackertalks.com 2 points 11 months ago

Signal has been forked already, including the back ends. Session is demonstration of this. They changed the architecture. But there's no reason you yourself could not stand up your own independent signal compatible back ends

Signal the protocol is not going to die. It's very open source and resilient. Anyone can stand up their own signal compatible servers today and reproduce the network. It's a critical mass problem, so you would need some reason for a bunch of people to switch signal networks.

Signal the foundation, and the signal foundation servers may die at any time it's unlikely but it's possible.

Could some project like Molly.im stand up their own signal servers, and federate with normal signal for people who aren't on the Molly servers? Absolutely. They could make the signal clients network agnostic, talking to different contacts on different networks. They could do this today. But, running those servers is going to cost money.

[–] kpw@kbin.social 1 points 11 months ago (2 children)

All your contacts will still be gone when their servers shut down.

[–] theherk@lemmy.world 10 points 11 months ago (1 children)

So? Data permanence isn’t the main idea of Signal.

[–] kpw@kbin.social 0 points 11 months ago (1 children)

Now everyone is using WhatsApp again and all energy that went towards convincing everyone to use Signal is lost. A better use of that energy would have been be to promote provider independent internet standards.

[–] jet@hackertalks.com 2 points 11 months ago

Not in my social circles.

[–] LWD@lemm.ee 3 points 11 months ago* (last edited 11 months ago) (1 children)
[–] kpw@kbin.social 1 points 11 months ago

Using the current server distribution of my contacts, I would never loose more than 13% of my contacts if a single server shuts down. Federated systems are much more resilient against providers shutting down as well as takeovers. Think Reddit vs Lemmy, Twitter vs Mastodon, Signal vs XMPP.

[–] vext01@lemmy.sdf.org 2 points 11 months ago (1 children)

I tried XMPP. It was a nightmare.

Finding clients for all the platforms that support all of the extensions that make it a viable alternative to something like WhatsApp or Signal...

[–] kpw@kbin.social 2 points 11 months ago

Here is what I found works pretty good

Android: Conversations
Linux: Dino
Apple: Monal
Windows: Gajim

[–] YtA4QCam2A9j7EfTgHrH@infosec.pub 0 points 11 months ago

Lots of Greyzone tankie bullshit on lemmy lately.