-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A Joint Statement on Recent Events Between Signal and the Anti-Censorship Community #63
Comments
-----BEGIN PGP SIGNED MESSAGE----- I'm a maintainer on https://github.com/shadowsocks/shadowsocks-windows. I approve this message. iHUEARYIAB0WIQRNztFeNG4pI7kx1vcconVGvtuLAQUCYCJBmwAKCRAconVGvtuL |
-----BEGIN PGP SIGNED MESSAGE----- I am DuckSoft from Qv2ray Developer Community and I prove my identity by GPG signing this message. My opinion is consistent with what is listed in the article. Here goes the signature of the article: iHUEARYIAB0WIQRNztFeNG4pI7kx1vcconVGvtuLAQUCYCJAjQAKCRAconVGvtuL -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE2H0QtOEy/6QN7CMrejqfpuT9So0FAmAiQdgACgkQejqfpuT9 |
|
|
|
|
additions: if something is dangerous, people |
|
There's no exploit or vulnerability here (despite your misleading use of the "PoC" and "responsible disclosure" terms that apply to such things). The fact that you can detect a Signal proxy as a Signal proxy isn't a vulnerability; if it gets censored you're no worse off than you were if that proxy didn't exist: the main Signal servers are censored in Iran already. Indeed, this is the Signal circumvention proxy working precisely as designed. Pretending it's dangerous or that there is an "exploit" is terribly misleading. This transparent attempt at attention-seeking (including your bogus claims of some coverup) is an unnecessary distraction from the real, important work. |
Then they should learn how to design. |
|
you are not focusing on the issue that it can be detected, you are leading people to personal attack those whistleblowers, what you are saying is a big distraction.
hope you can take responsibility for what you are saying, cause i've seen lots of people go to jail in china just because their server be detected and their real IP be found.
|
@sneak sorry, but Signal did not "design" anything. okay? it's a stupid SNI Proxy. and, that is fine with me if this was just recognized as a simple PoC or an attempt to demonstrate another use-case for Nginx. in the end, you are not the one who has to use such proxies on daily basis. so trust me, there is A lot to be done here if they actually intended to help. |
As someone who has had the privilege to speak with people behind the GFW and the Iranian Firewall, I too support this statement. These people often go through great technical efforts to provide safe solutions for them and people around them and avoid detection. If detected, real life consequences are a possibility. And while I personally haven't heard of anything drastic, I heard of people getting fined and intimidated. Providing Signal Users in Iran with an easy to detect proxy might be equivalent to letting them run into an open blade. ISPs are able to see the proxies, and they're able to see who connects to them. I'm just hoping that A) These people won't face any dire consequences B) Signal eventually provides a better solution Good luck to everyone here! |
|
I am Xiaokang Wang. I am in favor of the article above. The avoidance of censorship in the authoritarian country should not only focus on speed. Dictators don't stay in power with network censorship alone, as they also have law enforcement on their side with the threat of physical violence. It is not only about access a service today, and it is also about remaining anonymous and lives another day unidentified. Some people may have unlimited chances to change protocol and make improvements as many times as needed, yet someone may have only one identity, once revealed to the dictator, can put their singular life at the mercy of the self-proclaimed overlord. Nothing is perfect, but a better design will make it more difficult for the adversary to attack, which is the point. Respect your user, and treat security issues seriously.
|
|
In case the GPG public key is needed:
|
If an app brands itself as a secure-messaging app and intends to serve users under authoritarian regimes like Iran and China, it should consider protecting users' physical security when deploying anti-censorship technologies. No physical security = no information security at all. |
I hope discussions at this place will remain academic. It is a lost cause to argue with Signal that they are wrong, for having different design goals and threat models. This is arguing from different premises and it will not end in a useful conclusion. It's time to agree to disagree. |
我是 RPRX,对于 Anti-Censorship,我致力于不断将新颖、有趣的灵感付诸实践。 我客观地经历了整件事,基本认同 issue 所述的内容和观点。 一直以来,我注意到全球范围内,每天都在涌现新的代理工具,但是这些工具大多是研究型的,没有得到大规模应用、经历检验。 而在中国,有很多行之有效且流行的代理工具,它们得到了难以想象的大规模应用,并且还在对抗中不断迭代、进化。 与此同时,这带给了我们丰富的经验、敏锐的嗅觉与判断能力。 所以我想说的是,在 Anti-Censorship 领域,来自中国的研究人员的声音非常、非常、非常重要,这应当成为共识。 Machine translation added by @wkrp: I'm RPRX, and I'm committed to constantly putting new and interesting ideas into practice for Anti-Censorship. I've experienced the whole thing objectively and basically agree with the content and views stated in the issue. I've been noticing that globally, new agent tools are emerging every day, but most of these tools are research-based and have not been applied and tested at scale. In China, however, there are many proven and popular proxy tools that are being used on an unimaginably large scale, and they are iterating and evolving against each other. At the same time, this brings us a wealth of experience, a keen sense of smell and judgment. So I would say that the voice of researchers from China is very, very, very important in the Anti-Censorship space, and that should be the consensus. |
|
|
It's easy to remain dispassionate and tone police others when it's not your people getting arrested because Signal advertises functionality it does not have. |
Perhaps you could link us to where this is happening, @sexycyborg? I doubt this claim, and if this is indeed factually accurate, it should be trivial for you to substantiate it. |
It advertises itself as a secure messenger, it is not for Chinese nationals- and attempts to mitigate those vulnerabilities had to be fought over for over a year. We've made some progress recently with disclosure of the IME problem, but Moxie, and so Signal Foundation have shown a disturbing degree of callousness towards a large group of extremely vulnerable users. |
Your claim of insecurity, versus their claim of being a secure messenger, is not "advertises functionality it does not have", as "secure" is not an objective analysis (nor is it "functionality"). You have failed to substantiate your claim that "Signal advertises functionality it does not have", which is a different claim from the one you switched to, which I think is summarized as "Signal is not secure" (an opinion I do not share). To do so, you would have to substantiate both of: a) Signal claimed certain functionality b) Signal's product did not have that functionality You've done neither. I'm going to unsub from this thread now, as I think it's degraded into a pure smear campaign, something I've no interest in participating in. I wish all of you llamas a fun drama party. |
@sneak Signal app itself is safe, just use it. I never read it's code, so I can't figure out anything new in it's app at the moment. Yes, you said lack some feature is by design. That's ok. If someone needs those feature, they just switch to other tools. In case someone forget reading the doc, here's their goal. |
|
Agreed with the above. I really like Moxie, and Signal is amazing, but to brush aside obvious flaws is disrespectful and harmful to users. |
I am Awn, I'm a security researcher and programmer who has worked on censorship resistance. This issue has become quite inflamed. Lots of people care about this very strongly because the consequences are high. In the West we can shrug things off as good enough because our governments don't generally imprison people and threaten their lives and livelihoods over such things. The anti censorship community and researchers in this field have a wealth of knowledge and experience in creating systems that work. At the end of the day it is Signal users that matter the most, and if we all work together we can make something that will help them instead of provide them with false hope and false security. But let's stick to the technical details. This started when Signal posted this blog post: https://signal.org/blog/help-iran-reconnect/ The blog post is titled "Help users in Iran reconnect to Signal". The blog post describes the "simple" TLS proxy as an "interim solution". So, it should be treated as such. However, the section "An unorthodox-y proxy" gives the impression that the solution is more resistant to censorship than it is. For a post that, in the title, advertises resistance to censorship in Iran, one of the most restrictive Internet censors in the world, there's a surprising (apparent) lack of research (or care) into actual censorship resistant systems. In terms of passive attacks, this paper which studies the TLS fingerprints of widely used implementations may be useful in implementing a proxy that blends in with background traffic. The main issue however is resistance to active probing attacks that compromise the identity of proxy servers which then compromises their lifespan and the identity of their users. I've seen some people say that resistance to being censored in-transit is orthogonal to the goal of remaining hidden as a proxy and protecting the identity of users. This is incorrect, the concepts are closely related. If a proxy is easily discovered with a probing attack, the effort that a host went through in order to set it up has gone to waste. They have to provision a new IP address, which is more costly than adding an IP to a blocklist is. It's a bad user experience for users of the proxy, and it ruins the security properties. Adding resistance to active probing attacks may not even be that difficult. There are a number of papers that discuss this topic.
I hope that the Signal team will start being more cooperative instead of defensive and reactionary, and I hope that the people who are inflaming the situation by becoming angry will calm down so that we can work together towards solutions. |
Forks of the Signal codebase that use Signal servers are against Signal's terms of service. Unfortunately Signal themselves have to solve this issue, or change their terms of service. Edit: The user who I am replying to deleted their comment. |
The software copyright license is what determines the rights afforded to forks of the code. The Terms of Service (entirely distinct from the software copyright license) apply only to end users of the web service, not software publishers. My understanding of copyright law is that due to the free software license that Signal is released under, anyone may fork it and specify Signal's official servers in it, against Signal's wishes. Doing so would not violate the software copyright license, and distributing such a fork would not fall under the terms of service for the Signal service, as that applies to the end users accessing that service, not the publisher of free software. Don't confuse Signal the application source code (which is free to fork and modify), governed ONLY by the GPL under which it is licensed, with Signal the web API service, which has a separate and unrelated terms of service that applies to the people who connect to and use it. The beauty of the GPL is that you can't restrict forks or features or publication of free software simply because it has your URL in it. |
Just make it an official goal and vision of the app. Censorship proof communication can serve humanity to save the few real democracies that exist. In the real terms it will be a hard compromise and always a balance between different methods that will change over time. Privacy as the basic vision does indirectly include censorship resistance. |
Hi, I am Nicholas from the V2Fly community who focuses more on the technical writing and translations than the actual codebase. After reviewed the event and talked with a few first-parties, I personally had the following conclusion of my thoughts about this event, which solely on behalf of myself and based on my limited point of view. In this event, both our researchers and Signal's administrators did not acted in very professional manner. Firstly, it is never a right move to release a PoC without prior notifications to related parties and a reasonable response time, and I am not justifying for that. I am also not surprised at all that a critical criticism on their products' security, what they've always been advertising for, would irritate an 501c3 organization who run on donations and value their public image, and therefore make irrational decisions. However, after reviewing their initial blog post, even though there are multiple paragraphs indicating it is a temporary, workaround-alike, not sophisticated designed at all, and not even fully tested solution published as a beta version, it is still looked to be too promising to the end users, especially for its intended users. They did not warn the end users about the risk beforehand, and they also did not treat the raised issue seriously enough after-hand. Yes, I even agreed with the Moxie's tweets that "Yes, a proxy will always be detectable as a proxy" when we encountered with the Qv2ray's probing issue against v2ray-core, but I believe that it's not hard to warn users the proxy which "is designed to blend into the background as much as possible" is not working as fine as it would probably need to be, and let those who are "setting up a Signal proxy and letting the world know" also learn about the potential risks they may have if they are in some degree being governed by those they are against with. It is never that simple to work on security related issues in any field, and I believe everyone from both our community and the Signal community are having similar initiations that is to work for a free internet environment. I am looking forward to see Signal releasing security advisories and follow-up fixes about the issue raised, and at the same time everyone who found security-related issues could disclose the details in a more responsible, more professional manner. Nicholas [email protected] Signature
|
-----BEGIN PGP SIGNED MESSAGE----- I approve this message. iQJGBAEBCgAwKRxEeWxhbiBCYXJsb3dlIEFiZWwgPGR5bGFuQGR5bGFuYmFiZWwu |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A Joint Statement on Recent Events Between Signal and the Anti-Censorship Community
Sorry to bother you all, but in light of recent events that have happened between Signal and some of our anti-censorship community members, it is my belief that we, a community that's dedicated to censorship circumvention and Internet freedom, must come together. In case you didn't know, here's a quick recap.
After raising an issue about Signal's new proxy implementation designed to circumvent Iranian government's censorship, @DuckSoft and @studentmain have been repeatedly dismissed by Signal and its co-founder Moxie. They have found that Signal's simple TLS-in-TLS proxy is subject to simple active probes, and can be detected by conventional DPI systems.
Our community have been silent for too long. We are the underdogs, doing the real work, and yet unappreciated by many people. Our opinions are underrepresented. That's what makes me believe that we must speak out this time, that we should release a joint statement, to condemn Signal's dismissive and irresponsible attitude to the anti-censorship community, and to call for our unity as a community and their immediate action on the matter.
Timeline
Our statement
Who we are and what we stand for
We are a group of volunteers from around the world, working together for the same goal of helping with censorship circumvention. We believe everyone should have equal access to a free Internet.
V2Fly maintains V2Ray, a proxy and routing tool that helps people behind China's GFW and Iran's Internet firewall stay connected to the internet.
The Qv2ray workgroup is a research group that focuses on the security of censorship circumvention tools. The workgroup has helped discovered several flaws in V2Ray that could lead to detection by adversaries. The workgroup also maintains Qv2ray, a GUI frontend for V2Ray.
Shadowsocks for Windows is a cross-platform Shadowsocks client implementation in C#. We are a part of the Shadowsocks organization.
Why Signal should have listened to us
Signal might have their reputation rightfully earned with end-to-end encryption for all chats. But they are apparently no experts in the field of censorship circumvention.
With years of engineering experience fighting China's GFW, our community have the expertise in designing a proxy protocol that can circumvent firewalls and censors by keeping the traffic unidentifiable from normal Internet traffic.
What Signal has done wrong
Signal's proxy implementation has several critical flaws.
And this is not the first time that Signal ignores researcher's findings and voices from the community.
Sergey Frolov shared his experience when reporting Signal Android app's TLS fingerprint issues. Multiple emails sent to Signal were all ignored. In the end they posted an issue in their repository and the issue has also been deleted.
A developer in the open source community contributed this PR for the Signal's repository. In the end he only got a response from Moxie asking the contributor to start from smaller bug fixes to "get a feel for the project". The reply from Moxie has gotten 45 downvotes from the community so far.
A former Wayland maintainer also shared his insight on Signal, over Moxie's hostility on the community and unwillingness of federation.
Since the takedown of the BleepingComputer article, Moxie has been claiming multiple times on Twitter, that a proxy is always identifiable, ignoring evidence suggested by anti-censorship researchers and our community members.
What we ask Signal to do
We urge Signal to issue a statement that informs its users of potential risks caused by the flaws of its proxy implementation. Signal must stop advising people in Iran to use its fragile, temporary solution. Instead, Iranian people should seek for other well-established solutions, like the ones from our community.
On a community level, we ask all of us to stop attacking each other.
We ask our community members to stay united, while keeping the conversations civil. Do not initiate personal attacks. Do not make up or spread conspiracy theories. Support our findings and explain with facts, instead of forcing our mindset onto other people.
We ask Moxie to apologize for his dismissive response and baseless claims. Let the people who understand the subject speak. Stop making false claims when you are not at all familiar with the subject.
We ask Signal to stop treating the anti-censorship community like adversaries. We are not your enemy. Treat the community with respect, by taking issue reports from the community seriously, by responding to our inqueries instead of deliberately ignoring us. Together we can fight censors and help build a better Internet.
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQRNztFeNG4pI7kx1vcconVGvtuLAQUCYCJAjQAKCRAconVGvtuL
AQ98AQCKAPkcLKPuaQKCXlQxejr3mww7KaM+g0Kho17RQvQLXwD/ZROq0YuPEll9
jGlj3AfW9lK797p7AFuo1CXlRteFgwc=
=j1jf
-----END PGP SIGNATURE-----
The text was updated successfully, but these errors were encountered: