…I’m more of a “blog half full of COMSEC” kinda guy…
Secure instant messengers are a miracle of the modern age. They enable literally anyone to communication with security and privacy guarantees that were the exclusive capability of nation states just a few decades ago. In real-time, regardless of geographic location.
Telephones connect places, mobile phones connect people.
— Charles Stross
Modern mobile phones are the safest and most secure computers available, anyone can get one. And secure instant messengers allow grandma video chat with her grandkids.
There are still problems of course, but some of them are COMSEC problems that detract from the security
1 – Ephemeral messaging,
Ephemeral messaging — it is a critical feature for ensuring the security of your own device, not the security of the message. Firstly, once a message has left your control you no control over that menage anymore. That is very literally the first principle of communications.
Without automated cleaning as a core first class citizen then people will walk around with logs stretching back years. Logs of secure messages that should have been deleted long ago, but no on ever gets around to basic housekeeping chores. Put a burn bag in your secure messenger and make it automatic so that my device never has more than a few days of logs.
Similarly, when creating messages in the database do not give them sequential IDs. Use primes, or uuids
2 – Screenshots — a social problem easily addressed
Screenshots. This has remained an extremely controversial topic despite having a simple solution. As with ephemeral messaging the security community is approaching the ideas completely backwards. Taking a screen shot of a private trusted conversation is not a technology problem that can be solved without involving people. The security of a message is moot after it leaves your control.
The solution is simple. Taking a screen shot of a secure trusted communication is a violation of social norms and expectations. Rather than attempting to prevent screenshots or do any thing else doomed to failure simply make the screen feature automatically send the screen capture to everyone in the chat. Do not attempt to enforce a technology solution for a social problem,
3 – Exporting text
This is the safest way to talk, but I can’t get access to anything I said. I have to use a file to transfer.
Sending text over Signal is infinitely safer than sending text over PGP. Once I enter text into Signal it is trapped forever, except that I can “eat soup with a fork” and copy and paste each sentence one by one.
What is the point of having a one of the safest text exchange systems ever if it is hermitically sealed? WhatsApp has a different problem of encouraging “cloud backups” of exported chats. This feature is one o the rasons I and very against that ho Threema.
4 – Phone Numbers as identifiers instead email
Phone numbers are names. Every major tech company has a database which matches phone numbers to the contacts they have scraped from everyone else.
There are cumbersome work arounds to obtain a VoIP phone number and then register a Signal account. There are a number of reasons that this is a bad