"Tool allows stealthy tracking of #Signal and #WhatsApp users through delivery receipts"
-
"Tool allows stealthy tracking of #Signal and #WhatsApp users through delivery receipts"
Another privacy vulnerability caused by the dependency on phone numbers.
In #ArcaneChat (and other #chatmail clients like #DeltaChat) you don't need a phone number (or any private data at all!) to register, so such attacks are simply impossible, keep your family safe, join https://arcanechat.me
When you post something about a vulnerability in another messenger and completely misrepresent it, in a way that implies that you don’t understand the cause of it at all, it gives me no confidence in your system.
The root cause is nothing to do with phone numbers. It depends on two things:
- Being able to send messages to someone from some public identifier. Any messenger that doesn’t require an interactive flow for pairing devices (as some military systems do) has this feature.
- Receiving read receipts from messages. Signal allows you to turn off read receipts if you are concerned about information leaks from them.
If you actually wanted to convince people your system was better you would:
- Show that you don’t issue read receipts (which will put some people off because they are useful).
- Show how you mitigate this kind of attack, by rate limiting this kind of message, adding jitter to responses, and so on.
Email-based flows tend to not be vulnerable to this kind of attack because they do most of the processing on the server, so you’d only be able to probe the server. But you wouldn’t bother because email has so little metadata protection that you don’t need to bother with an attack like this. From what I know of DeltaChat’s group chat protocol, I suspect there is a way of triggering a similar attack by sending broadcast invalid messages and timing the error response. If you really wanted to convince people that your system is better, you’d show a security analysis that explains why I’m wrong, rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.
Oh and before anyone jumps in with anything about XMPP: this attack is completely trivial on XMPP. Send an invalid iq stanza to the client’s bare JID and time the response. And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.
-
When you post something about a vulnerability in another messenger and completely misrepresent it, in a way that implies that you don’t understand the cause of it at all, it gives me no confidence in your system.
The root cause is nothing to do with phone numbers. It depends on two things:
- Being able to send messages to someone from some public identifier. Any messenger that doesn’t require an interactive flow for pairing devices (as some military systems do) has this feature.
- Receiving read receipts from messages. Signal allows you to turn off read receipts if you are concerned about information leaks from them.
If you actually wanted to convince people your system was better you would:
- Show that you don’t issue read receipts (which will put some people off because they are useful).
- Show how you mitigate this kind of attack, by rate limiting this kind of message, adding jitter to responses, and so on.
Email-based flows tend to not be vulnerable to this kind of attack because they do most of the processing on the server, so you’d only be able to probe the server. But you wouldn’t bother because email has so little metadata protection that you don’t need to bother with an attack like this. From what I know of DeltaChat’s group chat protocol, I suspect there is a way of triggering a similar attack by sending broadcast invalid messages and timing the error response. If you really wanted to convince people that your system is better, you’d show a security analysis that explains why I’m wrong, rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.
Oh and before anyone jumps in with anything about XMPP: this attack is completely trivial on XMPP. Send an invalid iq stanza to the client’s bare JID and time the response. And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.
@david_chisnall by saying "requires phone numbers" I was implying that you can discover people by phone numbers since that is the case in 99% if not 100% of all apps that offer phone number registration, that you can disable this feature is meaningless if it is opt-out and most people will leave it like that, by saying ArcaneChat is immune to this I meant because you can't discover people like that, people must get in contact directly via QR or invite link
-
P pelle@veganism.social shared this topic
-
@david_chisnall by saying "requires phone numbers" I was implying that you can discover people by phone numbers since that is the case in 99% if not 100% of all apps that offer phone number registration, that you can disable this feature is meaningless if it is opt-out and most people will leave it like that, by saying ArcaneChat is immune to this I meant because you can't discover people like that, people must get in contact directly via QR or invite link
@arcanechat So there is no way for anyone to use a public identifier like an email address or similar to reach you?
What do you put on business cards or similar if you want people to contact you? An invite link?
-
When you post something about a vulnerability in another messenger and completely misrepresent it, in a way that implies that you don’t understand the cause of it at all, it gives me no confidence in your system.
The root cause is nothing to do with phone numbers. It depends on two things:
- Being able to send messages to someone from some public identifier. Any messenger that doesn’t require an interactive flow for pairing devices (as some military systems do) has this feature.
- Receiving read receipts from messages. Signal allows you to turn off read receipts if you are concerned about information leaks from them.
If you actually wanted to convince people your system was better you would:
- Show that you don’t issue read receipts (which will put some people off because they are useful).
- Show how you mitigate this kind of attack, by rate limiting this kind of message, adding jitter to responses, and so on.
Email-based flows tend to not be vulnerable to this kind of attack because they do most of the processing on the server, so you’d only be able to probe the server. But you wouldn’t bother because email has so little metadata protection that you don’t need to bother with an attack like this. From what I know of DeltaChat’s group chat protocol, I suspect there is a way of triggering a similar attack by sending broadcast invalid messages and timing the error response. If you really wanted to convince people that your system is better, you’d show a security analysis that explains why I’m wrong, rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.
Oh and before anyone jumps in with anything about XMPP: this attack is completely trivial on XMPP. Send an invalid iq stanza to the client’s bare JID and time the response. And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.
> rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.
I don't understand why do you seem so upset, #DeltaChat has received several REAL PROFESSIONAL INDEPENDENT security audits, all listed here: https://delta.chat/en/help#security-audits
can you provide a similar list of REAL sec. audits for Signal? -
@arcanechat So there is no way for anyone to use a public identifier like an email address or similar to reach you?
What do you put on business cards or similar if you want people to contact you? An invite link?
@david_chisnall #DeltaChat is for private chatting, so you normally don't put your link anywhere publicly, you could create a dedicated profile for public interactions tho, which, unlike in signal, it is super easy to do and you can have as many as you want,
and notice the use case I am talking here is family chat, not business and public interactions, that is why I said "keep your family safe" I am talking about family chat solution here
-
@david_chisnall #DeltaChat is for private chatting, so you normally don't put your link anywhere publicly, you could create a dedicated profile for public interactions tho, which, unlike in signal, it is super easy to do and you can have as many as you want,
and notice the use case I am talking here is family chat, not business and public interactions, that is why I said "keep your family safe" I am talking about family chat solution here
#DeltaChat is for private chatting, so you normally don't put your link anywhere publicly, you could create a dedicated profile for public interactions tho, which, unlike in signal, it is super easy to do and you can have as many as you want,
Okay, so your use case for 'private chatting' excludes journalists publishing contact information for whistleblowers? It excludes union organisation? It excludes protest organisation?
I guess that's fine, but maybe don't claim to be operating in the same space as Signal then.
and notice the use case I am talking here is family chat, not business and public interactions, that is why I said "keep your family safe" I am talking about family chat solution here
Then you need to learn about the concept of an anonymity set. If you have one mechanism for talking to your family and another different one for talking to your union rep, it's really easy for a passive adversary to track when you suddenly start using a different mechanism for high-value conversations.
-
> rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.
I don't understand why do you seem so upset, #DeltaChat has received several REAL PROFESSIONAL INDEPENDENT security audits, all listed here: https://delta.chat/en/help#security-audits
can you provide a similar list of REAL sec. audits for Signal?I don't understand why do you seem so upset,
Because you're spreading misinformation to score marketing points and spreading misinformation about secure messengers gets people killed.
I don't understand why do you seem so upset, #DeltaChat has received several REAL PROFESSIONAL INDEPENDENT security audits, all listed here: https://delta.chat/en/help#security-au
So, none after this particular class of attack was discovered and therefore none that include this in the threat model?
-
When you post something about a vulnerability in another messenger and completely misrepresent it, in a way that implies that you don’t understand the cause of it at all, it gives me no confidence in your system.
The root cause is nothing to do with phone numbers. It depends on two things:
- Being able to send messages to someone from some public identifier. Any messenger that doesn’t require an interactive flow for pairing devices (as some military systems do) has this feature.
- Receiving read receipts from messages. Signal allows you to turn off read receipts if you are concerned about information leaks from them.
If you actually wanted to convince people your system was better you would:
- Show that you don’t issue read receipts (which will put some people off because they are useful).
- Show how you mitigate this kind of attack, by rate limiting this kind of message, adding jitter to responses, and so on.
Email-based flows tend to not be vulnerable to this kind of attack because they do most of the processing on the server, so you’d only be able to probe the server. But you wouldn’t bother because email has so little metadata protection that you don’t need to bother with an attack like this. From what I know of DeltaChat’s group chat protocol, I suspect there is a way of triggering a similar attack by sending broadcast invalid messages and timing the error response. If you really wanted to convince people that your system is better, you’d show a security analysis that explains why I’m wrong, rather than just say ‘I don’t understand this attacks but the researchers who published it didn’t bother trying to attack the protocol I use and so I’m sure it is secure!’ That is exactly the attitude to security that makes me distrust DeltaChat.
Oh and before anyone jumps in with anything about XMPP: this attack is completely trivial on XMPP. Send an invalid iq stanza to the client’s bare JID and time the response. And this is impossible to fix without redesigning the protocol because unknown iq stanzas must be forwarded to the client to enable future extension and clients must respond with errors.
@david_chisnall In Delta Chat there are no device-to-device delivery receipts ("two empty checkmarks" in Signal: https://support.signal.org/hc/en-us/articles/360007320751-How-do-I-know-if-my-message-was-delivered-or-read) and no automatic error responses. There are read receipts, but they require displaying the message, so cannot be silent and are not sent for reactions. There is a known issue with long-living QR codes/invite links, but this cannot be used to probe online status of someone you just happen to be in the chat with, I posted about it here:
https://support.delta.chat/t/careless-whisper-on-deltachat/4396/2 -
#DeltaChat is for private chatting, so you normally don't put your link anywhere publicly, you could create a dedicated profile for public interactions tho, which, unlike in signal, it is super easy to do and you can have as many as you want,
Okay, so your use case for 'private chatting' excludes journalists publishing contact information for whistleblowers? It excludes union organisation? It excludes protest organisation?
I guess that's fine, but maybe don't claim to be operating in the same space as Signal then.
and notice the use case I am talking here is family chat, not business and public interactions, that is why I said "keep your family safe" I am talking about family chat solution here
Then you need to learn about the concept of an anonymity set. If you have one mechanism for talking to your family and another different one for talking to your union rep, it's really easy for a passive adversary to track when you suddenly start using a different mechanism for high-value conversations.
@david_chisnall @arcanechat
Sorry for jumping in as a random person here, but I think I have some relevant points.
First of all, you admittedly both missed the mark about the cause of the security issue Arcane posted. Delivery receipts are separate from read receipts, and turning off read receipts in signal does not mitigate this issue.
Now as per Delta Chat's FAQ: https://delta.chat/en/help#what-do-the-ticks-shown-beside-outgoing-messages-mean
It should have the same issue. Delta Chat claims to send "delivery" receipts, but as far as I can tell, there is no UI indication for the sender when a client receives the message (I tested both mobile and desktop). So unless there is an email sent that doesn't result in any UI indicator for the sender, I think Delta Chat is safe from this particular privacy issue. If it is the case that Delta Chat identified this bad decision and fixed it, please also update your FAQ to match!
The rest of y'all's argument seems to hinge on aspects of how delta chat and arcane chat are marketed/presented, rather than the technical details, so I'm not interested. But what I *do* find really interesting is the idea that "private" and "secure" chat programs would ever send automatic responses without user action. To me, it seems painfully obvious that "features" like this just create an attack surface for probing. Look... I use Signal (as well as Delta Chat), and I like it, and I'm not going to stop using either anytime soon. But it was disappointing to learn about this anti-feature. It *is* a legitimate criticism of Signal that needs to be addressed.
Also, while this issue had nothing to do with phone numbers, I think the fact that Delta Chat does not require phone numbers, and allows the creation of more identities than one might even *have* phone numbers, is an enormous advantage compared to Signal for people who want to protect the privacy of their identity and not just the contents of their messages. -
I don't understand why do you seem so upset,
Because you're spreading misinformation to score marketing points and spreading misinformation about secure messengers gets people killed.
I don't understand why do you seem so upset, #DeltaChat has received several REAL PROFESSIONAL INDEPENDENT security audits, all listed here: https://delta.chat/en/help#security-au
So, none after this particular class of attack was discovered and therefore none that include this in the threat model?
The attack class is not really new though, for Signal "delivery receipts" it is known that they can be used to track when devices get online since at least 2018: https://anarc.at/blog/2018-07-27-signal-metadata/
It is also very similar to "Silent SMS" problem.
