Comment on Head of the Signal app threatens to withdraw from Europe

• 3abas@lemmy.world ⁨1⁩ ⁨day⁩ ago

  That is how the signal protocol works, it’s end to end encrypted with the keys only known between the two ends.

  The issue is that servers are needed to relay the connections (they only hold public keys) because your phone doesn’t have a static public IP that can reliably be communicated to. The servers are needed to communicate with people as they switch networks constantly throughout the day. And they can block traffic to the relay servers.

  source

  • conorab@lemmy.conorab.com ⁨8⁩ ⁨hours⁩ ago

    Signal does have a censorship circumvention feature in the advanced settings on iOS which may work when this hits provided you already have the app installed. Never had to use it though.

    Image

    source
  • white_nrdy@programming.dev ⁨1⁩ ⁨day⁩ ago

    I think they’re suggesting doing it on top of SMS/MMS instead of a different transport protocol, like Signal does, which is IP based

    source

    • wewbull@feddit.uk ⁨1⁩ ⁨day⁩ ago

      Which is what Textsecure was. The precursor to Signal. Signal did it too, but removed it because it confused stupid people.

      source
• visnae@lemmy.world ⁨1⁩ ⁨day⁩ ago

  It is potentially doable:

  A short message is 140 bytes of gsm7-bit packed characters (I.e. each character is translated to “ascii” format which only take up 7-bit space, which also is packed together forming unharmonic bytes), so we can probably get away with 160 characters per SMS.

  According to crypto.stackexchange, a 2048-bit private key generates a base64 encoded public key of 392 characters.

  That would mean 3 SMSs per person you send your public key to. For a 4096-bit private key, this accounts to 5 SMSs.

  As key exchange only has to be sent once per contact it sounds totally doable.

  After you sent your public key around, you should now be able to receive encrypted short messages from your contacts.

  The output length of a ciphertext depends on the key size according to crypto.stackexchange and rfc8017. This means we have 256 bytes of ciphertext for each 2048-bit key encrypted plaintext message, and 512 bytes for 4096-bit keys. Translated into short messages, it would mean 2 or 4 SMSs for each text message respectively, a 1:2, or 1:4 ratio.

  • NIST recommends abandoning 2048-bit keys by 2030 and use 3072-bit keys (probably a 1:3 ratio)
  • average number of text messages sent per day and subscriber seems to be around 5-6 SMS globally, this excludes WhatsApp and Signal messages which seems to be more popular than SMS in many parts of the world [quotation needed, I just quickly googled it]

  Hope you have a good SMS plan 😉

  source
• plz1@lemmy.world ⁨1⁩ ⁨day⁩ ago

  That makes the assumption you want to use your phone number at all. And I’m sure the overhead of encryption would break SMS due to the limits on character counts.

  source

  • Alaknar@sopuli.xyz ⁨1⁩ ⁨day⁩ ago

    That makes the assumption you want to use your phone number at all

    Can’t use Signal without a phone number.

    source

    • plz1@lemmy.world ⁨20⁩ ⁨hours⁩ ago

      You CAN use it to interact with people without them knowing your number. The only current requirement is specific to registration.

      source
• 0x0@lemmy.zip ⁨1⁩ ⁨day⁩ ago

  I think SimpleX removes the need for static relays.

  source

  • manuallybreathing@lemmy.ml ⁨18⁩ ⁨hours⁩ ago

    It was so hard getting people to use signal im imagining thisll never catch on

    source
• Jason2357@lemmy.ca ⁨1⁩ ⁨day⁩ ago

  That’s how signal started way back. Doesn’t work well - sms is terrible.

  source