[liberationtech] Signal ignores proxy censorship vulnerability, bans researchers

Charles M. Ess charles.ess at media.uio.no
Wed Feb 24 10:07:19 CET 2021 

the most recent version of the article indicates that the original 
claims have been disputed and removed by BleepingComputer.

Truth is difficult ...
best,
-charles

On 24/02/2021 06:59, Myles Horton wrote:
> Just for the record, the people who posted the vulnerability are hardly 
> trollers. First, the vulnerability is obvious and doesn't really need 
> any formal proof. Second, one of the researchers is Sergey Frolov, one 
> of the top people in the field.
> 
> -Adam
> 
> On Mon, Feb 8, 2021 at 6:02 PM bo0od <bo0od at riseup.net 
> <mailto:bo0od at riseup.net>> wrote:
> 
>     Nothing is concerned just trollers want to damage the image of signal
> 
>     Yosem Companys:
>      > The claims in this article are concerning if true. That said, I
>     will note
>      > that I remain supportive of Signal's efforts, both because its
>     founders and
>      > key developers have not only been longtime members of our
>     community but
>      > also proven themselves time and again indispensable at helping
>     high-risk
>      > activists in need, most notably during the Arab Spring.
>      >
>      > ****
>      >
>      > Signal, an end-to-end encrypted messaging platform was recently
>     blocked by
>      > the Iranian government.
>      >
>      > To help its users bypass censorship in Iran, the company
>     suggested a TLS
>      > proxy workaround.
>      >
>      > However, multiple researchers have now discovered flaws in the
>     workaround
>      > that can let a censor or government authority probe into Signal TLS
>      > proxies, rendering these protections moot and potentially bringing
>      > repercussions for Signal users located in repressive regimes.
>      >
>      > The researchers who reported these flaws via Signal's GitHub
>     repository
>      > have been banned by the company with their reported issues removed.
>      >
>      >
>     https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/
>     <https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/>
>      >
>      >
> 
>     -- 
>     Liberationtech is public & archives are searchable from any major
>     commercial search engine. Violations of list guidelines will get you
>     moderated: https://lists.ghserv.net/mailman/listinfo/lt
>     <https://lists.ghserv.net/mailman/listinfo/lt>. Unsubscribe, change
>     to digest mode, or change password by emailing
>     lt-owner at lists.liberationtech.org
>     <mailto:lt-owner at lists.liberationtech.org>.
> 
> 

-- 
Professor Emeritus
University of Oslo
<http://www.hf.uio.no/imk/english/people/aca/charlees/index.html>

Secretary, IFIP Working Group 9.8, Gender, Diversity, and ICT
<http://ifiptc9.org/9-8/>

Fellow, Siebold-Collegiums Institute for Advanced Studies, 
Julius-Maximilians-Universität Würzburg, Germany

3rd edition of Digital Media Ethics now out:
<http://politybooks.com/bookdetail/?isbn=9781509533428>

More information about the LT mailing list