Signal CEO Moxie Marlinspike resigns, leaves WhatsApp co-founder to run things until a successor is named Moxie Marlinspike, the creator of the Signal secure messaging app, on Monday announced his resignation as CEO of the company. Marlinspike said he had always intended to grow Signal to the point that it could go on without his direct involvement but that wasn't possible as recently as four years ago when he was writing most of …
Now that is a contradiction in terms.
That said, I am severely disappointed. When I learned that this guy was creating Signal I had the utmost respect for him. He was really championing our privacy, and I felt that that deserved all the recognition.
Now he thinks his work is done, and the last thing he does is foist a funny money ecology-destroying scheme on us ?
Shame on you, Marlinspike.
It's not clear from the article what the reasons for his exit are.
He could have discovered that when you lift your head out of the ecology burning technology you discover that you're busy supporting mostly scammers and criminals, and maybe he wasn't OK with that.
I wish him well. I met him a few years ago in Switzerland, and he's about the only American in cryptography I'd trust to write code you can rely on.
If you could interrupt your cranial invasion of your own rear cavity long enough to actually read properly you may discover that my allusion to scammers and criminals was in reference to crypto currencies (although, admittedly, the reference to ecology burning technology may have been too opaque for the feeble minded).
I am not only for personal privacy, I am actively involved in protecting it (one of the reasons I met Moxie).
I'm a nice guy, says the scorpion.
A non public blockchain has no reason to be a blockchain except marketing. A public blockchain is just a slow database. A blockchain with proof of work is a flaming dumpster, one without is an open face dumpster.
Cryptocurrencies? That's what scams are made of.
They have long memories, and systems at the broder will no doubt still signal (sorry) his status.
I don't think he'll be able to get past a US boder without being harassed for quite a few years to come.
Ironically, that's what drove him to develop encrypted SMS for Android :).
> Bring them in. They are not rocket scientists.
Sorry, but that statement is utterly, err, shortsighted and childish. The problem isn't who has the biggest balls, but that all the honest, law-abiding people using Signal will henceforth be automatically marked as money laundering criminals by the authorities.
Yeah, it might increase "street cred" of wannabe "gangstas", but I don't belong to that demographic and I'm annoyed.
(Didn't downvote you though.)
Have I understood correctly, that the problem is that the Signal messaging app is being given the ability to make private, secure payments via some fly-by-night digitial currency?
Why?
Just, why?
Whatever happened to the philosophy of "do one thing and do it well"? If the idea of payments via this one currency is a good one, roll a separate application - even if it's one which uses Signal's "back end", but please do not bundle a function I can't see myself ever using into the main app, which is already large enough that my ancient phone needs a spring-clean and reboot just to create enough free space for an update!
M.
Yes, that is right. Cryptocurrency is fashionable and has 'crypto' in name so obviously Signal developers thought they must have this.
Signal is core of good idea but unfortunately covered by such crusts that it is of limited use if you want a secure messaging app. For instance contact discovery: really secure messaging app should not have it, let alone unilateral contact discovery as Signal has. Well, never mind, there are better apps.
Easy answer, but I'm afraid you will have to do invest a shocking amount of money to get it (around £2 or €3).
That said, it has some rather interesting users.
We've been using it pretty much from the day the author wrote it (i.e. from well before they did the "Work" edition), and despite some of us being on the beta path it has never let us down.
As for user discovery, unlike WhatsApp it is quite happy to work without having access to your address book, and I have personally used it to connect an informant to a police contact without either side knowing each other's identity. Of course, I had to verify the contact at the police was solid (and not routing info back to criminals), but all they know of each other is their messaging ID and it thus keeps the risk for the informant down to a minimum.
It is not as "full featured" as Telegram or Signal, but that's because these people refuse to add anything until they are absolutely sure security remains assured, and I kinda like a company that focuses on core rather than on bells and whistles.
Threema has actually also been open sourced, but as I was around when both Threema and Signal were initially developed and have actually met the developers of both) I have a fairly educated suspicion that the two share very little in the way of code.
They inevitably share some ideas, but have taken quite different routes to implementation. This is also why Threema is not multi-device (their desktop app is basically an app version of the web browser access) and Signal is - different approach.
For a number of reasons I won't go into here we have always been using Threema for anything that really had to be confidential, and Signal and Telegram as "lesser" solutions for people who wanted to have some protection but were too stingy to spend the minute amount of money on something that is more sustainable exactly because it has an income..
> For a number of reasons I won't go into here we have always been using Threema for anything that really had to be confidential,
If you are the kind of operative security professional that you appear to intimate you are, I find your choice of words very unfortunate.
"Anything that really had to be confidential" and "electronic device" (let alone one with programming and communication capabilities) just don't go together, at all.
> Cryptocurrency is fashionable and has 'crypto' in name so obviously Signal developers thought they must have this.
There is an interview with Mr Acton out there, from around the time he associated with Michael Benham (the other guy's legal name until 2017) where he makes no secret of his intentions. If I recall correctly this was his original plan for WhatsApp, pre-Facebook takeover.
It's not convenient for me to search for the link right now, but it was on one of the mainstream US media, probably Forbes or Bloomberg.
I think one of the reasons, apart pandering to some vocal users (and for obvious reasons Signal probably has a greater share of these than other platforms), might have been to facilitate support payments from users. Now that it is possible to support the app through the usual channels even this justification is no longer required.
Who knows, maybe it will be quietly removed at some point.
The main one is that you have an immediate, hard core GDPR violation if any in your business has customer details stored on the same device as they install WhatsApp. The very first thing WhatsApp does on startup is send the entire address book to Zuckerberg. Other messaging apps do contact matching with hashing, but Zuckerberg is exactly after personal details so WhatsApp doesn't. IMHO, that's also the reason why they were quite OK with adding decent message encryption to the app: that was simply not what Zuck was after.
If you as a business have not secured the permission of every single customer so exposed to ship their personal details ex EU (and try doing that for every contact on every business phone), you have a simple, straight forward breach of EU GDPR (and/or UK DPA, by the way).
Worse, because as a small business you'll be doing this in small numbers you're not entitled to the sort of volume discounts that the likes of Equifax get away with (instead of making exactly those sort of outfits an example and fine the absolute bejeezeus out of them), so you'll be facing a big fine.
Personally I am of the opinion that this ought to also apply to the private sphere because Zuck is abusing a truck-sized hole in GDPR, but given that it was also possible to establish a "(il)legitimate interest" exemption in web data collection I suspect anti-privacy lobbyists are now well entrenched in Brussels.
I can see Pritti Patel and her clones around this world to use this in hear steady line of attack: '... as we ALL very well know and agree, those ecryption apps are a regular tool for common criminals, terrorists, pedophiles (you didn't think we'd forget to mention pedophiles!) and cryptocurrency crooks to wage war on our peace, our society, our children and our children's children, etc, and ALL responsible governments MUST make EVERY effort to end this outrage, and this FACT can not be tolerated further (etc, etc, etc).
When signal fails by waving a crypto dick flag, those that disagree with having their privates investigated, will have the choice between being fucked by dubious telegram, or by Zuck's whatsapp. Great choice. Not that I have 100% faith in signal's watertightness either.
Yes, it costs to develop and maintain a system, but once you get your hands a little dirty and smelly, you'll be quickly labelled as infectious, thus dangerous, healthy or not. It's the perception that counts.
Could you explain in a little more detail how any app promising anonymity, privacy etc. is going to do so without attracting the ire of the Pritti Patels of this world? It's the confidential communication that really gets their attention.
The spooks and their idiot masters and mistresses are mainly interested in being able to extract metadata* about who people talk to and the contents of their messages. Hence, the mudslinging that only terrorists encrypt their messages using Signal and all conspiracy cranks use Telegram.
* In many situations this is all they need to know who to watch and bug.
Could you explain in a little more detail how any app promising anonymity, privacy etc. is going to do so without attracting the ire of the Pritti Patels of this world?
You start with not being in her reach. Choosing jurisdiction is not just important for reasons of taxation..
Forking is easy enough but you might end up having to run your own server infrastructure, which isn't so easy, even for the minimal overhead that Signal has. Mobilecoin has to be enabled and makes no sense for > 99% of all users – there are simpler, safer alternatives.
You might simply have more success by submitting a PR to remove the "feature".
Yes, as in all the successful privacy technology, whatever the platform or effectiveness, in common use by the public today. Even things as simple as TLS/SSL are open source. PGP is open source. The encryption algorithms themselves are open source. The clients on the endpoints are usually open source. What exactly was your objection?
One of the basic tennets of good encryption is that you should be able (even if you choose not to) to publish exactly how it works without fear that this'll help compromise the data you're encrypting.
The only true secret should be the keys used. If the above isn't the case, then the source is effectively a static portion of your key. That poses a pretty severe risk.
The same is no different for things like Signal - at it's core it's just an IM which incorporates encryption.
I'd say they were right, but only because "Kirckhoffs" is the bloke's name. Thus the trailling "s" does not denote a plural, which is the exception under which you'd just add the apostrope to indicate possession.
You add " 's " to denote singular possession, so if his name were "Kirckhoff" then you would write "Kirckhoff's principle".
Why would that be any different just because his name rather awkwardly includes a letter "s" as it's last letter? Would you write it differently if his name were written "Kirckhoffz"? It sounds (nearly) the same and as the man in question was Dutch, I wonder if that would be an acceptable Anglicanisation (-zation!)?
Speaking it out you would be wrong to say "this is kirckhoffs principle" because it indicates that his name is "kirckhoff" - you would convey meaning better by saying "this is kirckhoffs-es priciple".
If his whole family had been involved in formulating the principle, would it be "Kirckhoffss' principle", or "Kirckhoffses' principle" or something else?
Inglisch grammuh iz grate.
"open source privacy technology" Can that ever be a thing?
Well, Signal and Threema already prove that point.
The issue is not technical, it's legal (which is why "privacy technology" is a confusing term as it holds an inherent conflict). If you operate privacy protection in a country with federal laws that allow any three letter agency to walk in on a sunny afternoon when they're bored like the US you're wasting your time unless you can demonstrate Kerkhoff's Principle applies to your tech (i.e. you don't have the key). Current laws cannot compel you to backdoor something for the future (well, not yet, it's been a standard part of telecomms licenses for decades and they tried - see Clipper Chip) so at that point you're OK - if you can survive the legal fees getting there.
Examples of not getting it right: Lavabit and Silent Circle. The latter setup I knew to be a bust before they even went live, but they only discovered that themselves after Lavabit was ordered to cough up Edward Snowden's correspondence, and thus shut down their email service the very same day.
Seems like someone peed in the wading pool of someones troll farm. While those here are known for their vitriol at times, I'm a little surprised at at the brigade of exploding heads over the inclusion of an incorporated crypto payment system, when crypto users can already cut and paste a transaction into signal for the crypto network of their choice from a wallet.
So if you don't crypto, don't use it? If it's not your crypto of choice then you still have all the the other options in the world a ctl-C Ctl-v away?
The only real issue I can think of is if the app gets banned in places that have gone for a full on crypto ban. Most of that list already banned secure messaging, so I'm not sure how many people will be impacted by it being double banned instead of just being banned.
The only problem I have with signal is the lack of other sane people to talk to on signal.
With all the trash talk I gotta wonder if someone is troll people off one of the actually secure and private messaging services and onto their trash platforms like parler/gettr/whateverthefalovorofthedayis. Still, for the rest of us, there's popcorn, and once the tempest has passed, a cuppa tea to look forward to. For honor and glory gentlemen, lay ON!
> over the inclusion of an incorporated crypto payment system, when crypto users can already cut and paste a transaction into signal for the crypto network of their choice from a wallet.
I think you just highlighted the objection.
Why include it, increasing bloat and attack surface when, as you put it, it's all just "a ctl-C Ctl-v" away? As you note, it'll increase the likelihood of Signal being objected to, for what tangible gain?
> So if you don't crypto, don't use it?
Sorry, if this doesn't improve in some way the workings of the app itself, for most users (maybe not you) it's just a wart.
And in this case, legally annoying, because if secure messaging is still mostly tolerated, cryptocurrencies are illegal in many countries. If you live in one or travel to one you'll have big problems. Try proving you're not actually using that annoying appendage.
"Because we can" strikes again. What's next, a Starbucks ordering module?
(Signal user for about 5 years)
You're casually avoiding the rather important issue of code verification.
In order for code to be secure, it needs to be VERY thoroughly checked. Adding this "functionality" dramatically grows the code base and may lead to the inclusion of undesirable interactions and weaknesses not present in the original code that had several generations to mature.
Put quite blunty, this crap has IMHO no place in a messaging app. They should have done this separately so the secure container was preserved because security doesn't arrive out of the box, it's a process of checking, rechecking, and then checking again.
Love crypto? Fine. Add an app. Don't pollute a mature secure product with it.
Quote: "...Signal is one of only two mobile messaging apps deemed secure enough to be recommended by the Electronic Frontier Foundation..."
"end-to-end encryption" supplied by a faceless business...i.e. encryption which a user simply has to take on trust. Did I mention trust?
1. Why not develop your own (private) encryption? That way the spooks don't have a single encryption target for thousands (millions) of users!!!
2. Why not develop private encrypted point-to-point messaging, with a different (secret) key for each and every message? (See Diffie/Hellman for details.)
Suggestions #1 and #2 make life for snoops VERY difficult.....because when they decrypt the "end-to-end encrypted" message, what they get is......more encryption!!
Could not happen to nicer people......in Cheltenham (or Fort Meade, MD)!!
IDEA EXAMPLE
*
DKOKrGYIHOx586GomcvqJx9Bbkx5Qmi4EgfNQ/CWvVFxHkLC/u1fbZQvvMUagbDjxSpUadTatpew
DY8vaa9o0lbXuunSUjG9P1JhyMFhLZep3Q7NrC33N34p5fBVzbKHAkEyMr538iH+xsvqCLp2PsDx
1R1H38vr3P/49/sk/rzBch9pGwwJKDFkoFR62SP8AMqNJKyjMxM2z7kmDyQdbyRGrF9KanPvG7bP
cgiNI5iWQMUPiXN7+8DVC+ZCIltHxYohUp7HDyCaSAn15b1AQFFBRmyvFH/gil6rGU8hdga64zwU
PmmLpw==
*
> 1. Why not develop your own (private) encryption?
Antecdotally, the spooks *love* when people do that.
If you roll your own crypto, you're almost certain to miss something. A developer not being able to break their own crypto is perfectly normal - you need lots of eyes to spot mistakes.
It's very, very easy to screw up. If you care about the data you're protecting then use tried and trusted mechanisms
Ah....multiple eyes....few (or no) mistakes in the cipher. Well, this cipher example is a triple enciphered book cipher, where the "book" is randomised (differently) for each cipher pass.
Please feel free to let us all know what mistakes have been made in the coding....on the way to telling us all what the message actually says. Bonus points for the name of the "book" being used!!
*
e7MlqH6B8hed2NGRY1kNENov4xmXq7MTkjMn2ZwfuXch0rCDkXC309e5QR2NoputYJ0DIzqluxkT
sBMTwVYn8DwR458fsng7gte7MP6B4PqTqRUVchujyjyDybmvolOfud0fi1qBiDAT2vGjOnIL6xur
QZateZ6tsf85a54ve36pAdsfeHufavsHYnU3g1k9MFid83KnKBI3ulMLurGn6NEl4HyXWpSjYtEz
yter8puX8REn0jWVc7Od8L05GvGBwheNQP2rMh2v6h8n4puBIz4TQxUHoHiTMX0FQnML8NcjCjEZ
M7cHAhcJY3MbshipmdktUnmFS1AzuVaXY52Lij4Ho3Uj6haLmNuNuNuXs3k3ChkpGr8RoPIb67a5
UXIb6Rg72xmxCjM7axmVajgVOb4ngR2N6fExunIJW9gzApCpiRqXmbOnqBobYjsbqf6vIRW1wps7
Yb2lA1sVmxybc7G7CjSRWBIdS9Qvk5kVkv8dmn4holuxmbURi92pWj4pGRMLOXIf8XkLYdkRmH2F
43WLUDIpYNCFODMbGJCT4zef07qVKf0zavEtCVwJ2jQBoV4HE5WD8h4xWX0LgLAHq98zidqdKlC3
MHKp47OP83WPiv6XaZcTuX2XkHAL
*
Why would I spend any time trying to crack your cipher, and what would it prove either way? This isn't about my capabilities, it's about the capabilities of the state-backed adversary you seem to think this is going to thwart.
The best that can be said for it is it'll keep the specifics of your comms out of widely targetted dragnets. If they take a sufficient interest, though, it'll do fuck all
As always, XKCD is relevant: https://xkcd.com/538/
> Well, this cipher example is a triple enciphered book cipher, where the "book" is randomised (differently) for each cipher pass.
> ....
> Please feel free to let us all know what mistakes have been made in the coding
You're relying on a book cipher, so key exchange is a bit of a fucker, and convenience is often somewhat lacking. You also have no forward secrecy (without further key exchange) - if the adversary manages to figure out the books you're using, they can decrypt all past/future messages.
Essentially, your "scheme" fails because it ignores all the challenges that modern cryptography has had to overcome in order to work *at scale*, instead going for more of a WW2 feel.
There are types of crypto, like one-time-pads that tend to be fantastic in terms of individual cryptographic strength, but just like your scheme, fall down on other important aspects (particularly convenience). Those aspects increase the likelihood of an operator mistake, which increases the chance of compromise.
This really is crypto 101
@AC
Really? In 1976 Diffie and Hellman published a handshake scheme which allows two entities to share a secret key with NO EXCHANGE of the actual key.
*
So.....I'm puzzled.......how is key exchange a problem? Please enlighten me!
*
P.S. Diffie/Hellman can be applied to any messaging.....IDEA, Blowfish.......even book ciphers!!!
P.P.S. This really is crypto 101.
Do feel free to share how you're using DH with your book cipher then - Most book cipher users aren't using DH, because - again - it's not particularly convenient to do so.
DH derives a key from the inputs of Alice and Bob - you're using a book cipher which is *supposed* to rely on a conveniently available (to both parties) text.
If you're using DH to derive the base book, then you're not really using a book cipher so much as a one time pad with a slightly odd use-mode.
If you're using DH to derive a key that's then used to encrypt the book name, then your scheme is no stronger than the encryption you're using for that communication (though with modern crypto, that's likely strong enough).
The main advantage of book ciphers, really, was that they allowed you to carry a codebook "in the clear" - so long as you could rationally explain why you might be in possession of Lady Chatterly's lover, it wasn't particularly incriminating.
In any case, in the modern era, book ciphers are considered easily broken by sophisticated opponents
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
