On November 16th, Meredith Whittaker, President of Signal, published a detailed breakdown of the popular encrypted messaging app’s running costs for the very first time. The unprecedented disclosure’s motivation was simple - the platform is rapidly running out of money, and in dire need of donations to stay afloat. Unmentioned by Whittaker, this budget shortfall results in large part due to the US intelligence community, which lavishly financed Signal’s creation and maintenance over several years, severing its support for the app.
There is a thesis, but it’s invisible, based on the axioms of the author and his employers: “America bad.”
Perfect forward secrecy was extracted, anyway. They forked the signal apps. When you say there’s no development going on, do you mean they’ve actually… Ceased development?! That’s news to me, but I kind of figured that it could only stay the Hot New Thing for so long.
In theory, couldn’t Signal’s contact discovery be ported over to basically any app? But… Signal’s contact discovery is regularly criticized, especially because it uses proprietary components made by Intel. In other words, we need more research into this area, probably to this very day.
Yeah they had perfect forward secrecy when they forked from signal, and then they tore it out because it was too complex to fit in there model. That’s an admission their bad programmers, and we shouldn’t trust them with crypto, or nefarious and we shouldn’t trust them with crypto.
Going back to what’s next:
Contact Discovery is the major hurdle to adoption of any really secure platform. I do appreciate signals SGX enclaves, they solve the problem in a nice way… If you trust SGX enclaves. That being said, that’s not the only way to do it. Though I can’t think of many contact discovery mechanisms that don’t rely on a central source of truth. Maybe that’s the necessary evil for onboarding, but it doesn’t have to be part of the day-to-day operations.