[liberationtech] Signal ignores proxy censorship vulnerability, bans researchers

Wed Feb 24 18:40:10 CET 2021

I am not a cryptographer myself, but I have a bit of experience with
anti-censorship tools.

I know that my team, led by Roger Dingledine and Nick Mathewson, had great
respect for Moxie back in 2007ish for the work he was doing then, including
attacking Tor and helping us refine our tools -- and our messaging to end
users.

Moxie's been in this space for a good 15 years or so.  Why are you talking
about him as a newcomer?

Respectfully,

Shava Nerad
shava23 at gmail.com
https://patreon.com/shava23

On Wed, Feb 24, 2021 at 9:30 AM Adam Fisk <afisk at getlantern.org> wrote:

> Irrespective of the article, the claims are just obvious to anyone with a
> reasonable enough knowledge of how censors detect proxies to have an
> opinion.
>
> The article is largely irrelevant, and its removal doesn't obviate the
> fact that the claims of the investigators, such as Sergey, that the Signal
> proxies are vulnerable to active probes is, again, just there in plain
> sight.
>
> This is, of course, not surprising, as the Signal team has almost no
> experience with building effective anti-censorship tech. The idea that they
> could realistically deploy a new proxy in a matter of days that would be
> effective in those environments is frankly naive. That's all fine and good.
> I don't have the experience they do with designing secure messaging
> algorithms. It's cool, but we should have illusions about the reality of
> the situation.
>
> -Adam
>
>
> On Wed, Feb 24, 2021 at 4:57 AM Charles M. Ess <charles.ess at media.uio.no>
> wrote:
>
>> the most recent version of the article indicates that the original
>> claims have been disputed and removed by BleepingComputer.
>>
>> Truth is difficult ...
>> best,
>> -charles
>>
>> On 24/02/2021 06:59, Myles Horton wrote:
>> > Just for the record, the people who posted the vulnerability are hardly
>> > trollers. First, the vulnerability is obvious and doesn't really need
>> > any formal proof. Second, one of the researchers is Sergey Frolov, one
>> > of the top people in the field.
>> >
>> > -Adam
>> >
>> > On Mon, Feb 8, 2021 at 6:02 PM bo0od <bo0od at riseup.net
>> > <mailto:bo0od at riseup.net>> wrote:
>> >
>> >     Nothing is concerned just trollers want to damage the image of
>> signal
>> >
>> >     Yosem Companys:
>> >      > The claims in this article are concerning if true. That said, I
>> >     will note
>> >      > that I remain supportive of Signal's efforts, both because its
>> >     founders and
>> >      > key developers have not only been longtime members of our
>> >     community but
>> >      > also proven themselves time and again indispensable at helping
>> >     high-risk
>> >      > activists in need, most notably during the Arab Spring.
>> >      >
>> >      > ****
>> >      >
>> >      > Signal, an end-to-end encrypted messaging platform was recently
>> >     blocked by
>> >      > the Iranian government.
>> >      >
>> >      > To help its users bypass censorship in Iran, the company
>> >     suggested a TLS
>> >      > proxy workaround.
>> >      >
>> >      > However, multiple researchers have now discovered flaws in the
>> >     workaround
>> >      > that can let a censor or government authority probe into Signal
>> TLS
>> >      > proxies, rendering these protections moot and potentially
>> bringing
>> >      > repercussions for Signal users located in repressive regimes.
>> >      >
>> >      > The researchers who reported these flaws via Signal's GitHub
>> >     repository
>> >      > have been banned by the company with their reported issues
>> removed.
>> >      >
>> >      >
>> >
>> https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/
>> >     <
>> https://www.bleepingcomputer.com/news/security/signal-ignores-proxy-censorship-vulnerability-bans-researchers/
>> >
>> >      >
>> >      >
>> >
>> >     --
>> >     Liberationtech is public & archives are searchable from any major
>> >     commercial search engine. Violations of list guidelines will get you
>> >     moderated: https://lists.ghserv.net/mailman/listinfo/lt
>> >     <https://lists.ghserv.net/mailman/listinfo/lt>. Unsubscribe, change
>> >     to digest mode, or change password by emailing
>> >     lt-owner at lists.liberationtech.org
>> >     <mailto:lt-owner at lists.liberationtech.org>.
>> >
>> >
>>
>> --
>> Professor Emeritus
>> University of Oslo
>> <http://www.hf.uio.no/imk/english/people/aca/charlees/index.html>
>>
>> Secretary, IFIP Working Group 9.8, Gender, Diversity, and ICT
>> <http://ifiptc9.org/9-8/>
>>
>> Fellow, Siebold-Collegiums Institute for Advanced Studies,
>> Julius-Maximilians-Universität Würzburg, Germany
>>
>> 3rd edition of Digital Media Ethics now out:
>> <http://politybooks.com/bookdetail/?isbn=9781509533428>
>>
>> --
>> Liberationtech is public & archives are searchable from any major
>> commercial search engine. Violations of list guidelines will get you
>> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
>> change to digest mode, or change password by emailing
>> lt-owner at lists.liberationtech.org.
>>
>
>
> --
> --
> President
> Brave New Software Project, Inc.
> https://lantern.io <https://www.getlantern.org>
> A998 2B6E EF1C 373E 723F A813 045D A255 901A FD89
> --
> Liberationtech is public & archives are searchable from any major
> commercial search engine. Violations of list guidelines will get you
> moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe,
> change to digest mode, or change password by emailing
> lt-owner at lists.liberationtech.org.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20210224/ca66f660/attachment.htm>