The Practical Limitations of End-to-End Encryption
42 comments
·March 25, 2025SAI_Peregrinus
Signal's cryptography is quite secure. Signal's user management (restricting users you can chat with only to members of your organization) is nonexistent since it's not a goal. There's no requirement to have your common access card to get into a Signal group, there's no check for appropriate clearance enforced by Signal, so it's fundamentally unsuited to handling military information.
JumpCrisscross
> no requirement to have your common access card to get into a Signal group, there's no check for appropriate clearance enforced by Signal, so it's fundamentally unsuited to handling military information
It's also running on a device that's had who knows what websites visited on it today.
profmonocle
In the early days of the iPhone, there was a vulnerability that allowed you to jailbreak your phone by visiting a specific web site. IIRC it was some vulnerability in the TIFF handling code. The same vulnerability could have been used to silently install spyware with root level access. No need to break signal's crypto if you can just silently capture screenshots.
It's not hard to imagine some foreign intelligence agency is sitting on some severe zero-day vulnerability, waiting to use it on very high value targets, such as senior administration staff.
proxynoproxy
You don’t have to imagine. This is a billion dollar intel industry that pays out millions of dollars for vulns, and charges corrupt governments more for access to hack their citizens most private data.
Those unscrupulous enough to sell the vulnerability to the exploiters, there is gold. Of course we would rather they did the right thing and got the bugs fixed.
profmonocle
Endpoint integrity is also critical. If Apple or Google were compromised, they could silently push an update that replaces the real Signal app with a modified version that forwards everything to an adversary.
Any system where the government doesn't have total control over software deployment will never be viable for handling claasified information.
inahga
Signal on Android is reproducible https://github.com/signalapp/Signal-Android/tree/main/reprod..., so _theoretically_ the play store version could be monitored to detect tampering by Google (or whoever).
That is, if the reproducible build didn't constantly break https://github.com/signalapp/Signal-Android/issues/13565.
It also ignores the fact that the vendor could send updates targeted to specific devices.
null
krupan
If you aren't listening to the Darknet Diaries podcast yet, you really should be. Episode 146 talks about a signal-like "secure messaging" app that the FBI enticed people to use that secretly had the FBI as a member of every chat, so they would get a copy of every message sent. This story strongly reminds me of that.
pyuser583
That was a lot more than a secure messaging app. It was an entire Android-based operating system, preinstalled on physical devices.
It was originally created by a private company, that went a bit too far in marketing it to criminals. Undercover agents asked the CEO "How do I use this to prevent the police from monitoring my drug smuggling", and he answered the question.
In order to keep the feds from throwing them in prison, the remaining execs needed to provide names, and what better way than to compromise the phone and market it to criminals?
Around the same time, law enforcement cracked a more popular custom phone used by criminals, so gangs started looking elsewhere. And the FBI was waiting for them.
It was an insane operation. It was being run from a local FBI office (San Diego), not headquarters. A bunch of low level agents.
But it provided massive police intelligence around the world.
It also screwed over a lot of the contractors who worked on it. The Android developers who designed the phone are now on organized crime's radar, even though they thought they were just making a secure phone.
0cf8612b2e1e
I heard this story elsewhere, and the attitude of law enforcement infuriated me. It was basically, “Only criminals would care about their privacy to purchase this premium phone, so of course we needed to crack it”. Screw everyone else who did not want more ad tracking or whatever.
pyuser583
Law enforcement was paranoid about making sure it only went to criminals. It was producing so much intelligence, any non-criminal usage wasted lots of time.
The fact that it was really only criminals using it was the big selling point.
proxynoproxy
I agree in part, but nobody legit is paying $200/month to use signal or other free secure private messengers. If it was a free platform I can see innocents getting caught, but considering it was sold by criminals, to criminals for a criminal fee — I think they were mostly correct.
Cthulhu_
Which app was that? There's been a few instances like that, Encrochat, ANOM and Sky ECC were all intercepted in one way or another by law enforcement.
Of course, the real question is whether these led to any convictions. They did lead to a few prevented murders and the like, but given they're all sweeping / non targeted sting operations, they're not admissible in court in a lot of cases.
goblin89
Darknet Diaries is not a good podcast.
Each episode is chewed up slowly to the lowest common denominator, meaning half of an episode is condescending explanation of trivial matter. The misplaced air of faux mystery, true crime podcast style, does not help. The narrator being occasionally a free speech absolutist and explicitly in favour of money laundering services does not help.
Risky Biz covered Anom in https://risky.biz/RB751/ via a dense if a bit short interview with Joseph Cox, who wrote a book about it, starting around minute 35. Listen to that and respective Darknet Diaries episode to compare. In general Risky Biz offers more balanced, less boring, and up-to-date takes on cybercrime (sans interviews with actual criminals).
sokka_h2otribe
Could you reference some of this free speech absolutist background?
I'm willing to reexamine my appreciation for the darknet diaries,but I have never gotten this political take from the content itself. Rather he seems to simply be willing to engage with folks he disagrees with morally, as a matter similar to any journalist might. He does not engage with active crime or anything like that either.
I really like darknet diaries. I don't think it is just about cyber crime though. More like a human social journalism with a heavy cyber crime angle. So that's how you have such a range of content in my opinion.
Also, maybe listen at 1.3X? That makes the explanations and pacing imo easier
goblin89
Yes. Sorry, I edited my comment for brevity. The episode about Tornado Cash was the one I pulled the plug on Darknet Diaries. His suddenly very opinionated take just did not jive with reality, and considering it is targeted at laypeople I wasn’t a fan of that.
some_furry
Author of TFA here: I like Risky Biz a lot.
ikmckenz
An actual strongly encrypted messenger app like Signal is not really like a FBI fake-encrypted honeypot app like Anom
snickerbockers
I've often wondered if automatic updates and nag-screens are being used by bad-faith actors as vectors to sneak trojan horses into nominally-open-source apps. I tend to assume that any sufficiently-large open-source project will be well-enough scrutinized enough that they can't be used in this way but when you're obtaining binary builds somebody else made, and especially when those builds are being pushed out on an almost-daily basis for extremely mundane reasons the chain-of-trust is has several weak links. Only accepting signed binaries is not a good answer to this problem because if you aren't involved in a project then you have very little insight into how those binaries were signed or whether the private key is even private.
But even so, when stakes are high enough victim-blaming becomes both warranted and healthy. Even if there really was a deep-state conspiracy to embarrass the presidential cabinet (not that i think there was), the ultimate responsibility should still fall on their heads for not taking obvious precautions while planning an airstrike. If you can't verify that everybody in your signal conversation is actually supposed to be in the conversation, let alone that they are even who they appear to be, then it's obviously not an appropriate platform for this discussion.
patwolf
> Point being: SCIFs are the right tool for the job. Smartphone apps like Signal are not.
The job in this case seems to be secure, ad-hoc communication between multiple parties while on the road (the VP at least was doing an event in Michigan). Clearly a public smartphone app isn't the right tool for the job. Is a SCIF the right tool though? I always thought of SCIFs as purpose-built rooms. It seems impractical that every time a message needs to be communicated, the parties have to be whisked away to a SCIF.
johnisgood
> Smartphone ...
It should have ended there. Smartphones are not secure and you must not trust them.
profmonocle
There are portable SCIFs, basically specially designed trailers, to allow senior staff to communicate securely on the road. It's very likely Vance had one of these nearby.
Sanzig
Not to mention plenty of DoD facilities from coast-to-coast with SCIFs - even without a portable SCIF, he likely wasn't far from one.
Failing that, these people almost certainly have laptops connected to DoD networks at a lower COMSEC level than a true SCIF (indeed, "high-side laptops" were mentioned in the Signal thread). They could have communicated with those. I don't know about DoD policy if those would be acceptable or not for discussions about planned strikes, but it'd be a hell of a lot more secure than unsecured public smartphones.
gadilif
The author writes "I do not foresee any smartphone app ever being approved for this purpose." (the purpose is 'passing classified information for military operations'), while in fact, I'm not sure I see the issue - all the app (any one of them, including WhatsApp, Signal, etc.) needs to add is what is referred to as 'conditional access' to some chats. Meaning, you can define chats as only authorized for users whose identity is provided by a trusted Identity Provider, or are running on certified devices. This type of security is already implemented in many enterprises, supported by browsers (to some extent, at least), and can be relatively easily be supported by applications. Custom made chat apps already use this (e.g. Workplace Chat, which is used by Meta), and so I'm not sure it's something we won't see supported by other commercial apps messaging apps.
kayfox
What he means by "I do not foresee any smartphone app ever being approved for this purpose." is that a commodity smart phone is an insecure platform, so the military will not be approving any app designed for a commodity smart phone.
And by insecure here, he and I mean that its not a platform designed and manufactured to meet the large number of requirements for handing classified information. It may be secure in the sense of industry standards or conventions, but its not secure in the sense of military information security.
perching_aix
If I read it correctly it's because they think phones are a no-go from the outset, so clearly apps for those phones are out, too:
> When government and military officials want to discuss operations, they’re typically required to go into a SCIF (Sensitive Compartmented Information Facility), which ensures:
>
> - That they are not being wiretapped. (To this end, mobile phones are not permitted in a SCIF.)
Whether this is actually true or not I wouldn't know and can't be arsed to research, but it makes sense to me. Whether it's reasonable to assume based on this that phones are completely out I also don't know.
perching_aix
> Switching to Matrix would have only helped if you consider “unable to decrypt message” helping.
Why would I not?
chc4
They're making a joke about how Matrix e2e is so high friction and unreliable that even if you should have access to a channel you'll get "unable to decrypt message" errors from key or identity issues - not that they would be rightfully unable to be decrypted by third parties (all the e2e programs they mention have that property).
johnisgood
Oh yes, I remember having this issue many times before. :D
perching_aix
Oh I see, thanks.
some_furry
Sorry, I wish sarcasm had a font face so I could make it more obvious.
hypeatei
Related: https://news.ycombinator.com/item?id=43462783 "The Trump Administration Accidentally Texted Me Its War Plans" (1043 points, 325 comments)
throw9494jri
[flagged]
Braxton1980
No he didn't, this is a complete lie.
He did have a Blackberry that was approved through proper channels and modified https://www.nytimes.com/2009/01/23/us/politics/23berry.html
throw8394948999
> allows him to stay in touch with senior staff
> First, only a select circle of people will have his address, creating a true hierarchy for who makes the cut and who does not.
> receive his e-mail address must first receive a briefing
So he still has a blackberry, regular email address that is kept secret, but everyone who gets his address must have a briefing!
Where exactly is there a complete lie in this?! Senior staff is responsible for toilet cleaning or making lunches?!
You can't underestimate how much people will screw up operational security (opsec.)
Arch-revolutionary Che Guevara was tracked down and assassinated because the NSA cracked his "unbreakable" one time pads which would have been unbreakable if he'd only used them once.
https://www.kopaldev.de/2022/04/27/cryptography-for-everybod...