[messaging] Crypto standards in modern-day consumer apps

Mike Power mike.power.casual at theguardian.com
Mon Jun 15 03:24:02 PDT 2020

thanks to mike and tom for the help on this.

I have a few freelance colleagues who are becoming increasingly
concerned about privacy post pandemic, with contact tracing, apps,

Even reporting on far-right riots, for example in the US and UK,
presents new dangers. How do we educate ourselves to the dangers of
state surveillance? What data do our phones leak? How can we work in
the field anonymously, ideally ephemerally, and securely?  I know PGP
and Tor as I wrote a book about the emergence of a digital drug

But most people I know don't have a clue how to send a text-based
message privately via email and have never used a VPN.

How do journalists like me protect ourselves and our families from
observation, intimidation – and worse? I'm speaking from a tech and
digital [perspective.

Are devices like this of use, say to connect to the internet whilst
travelling or reporting from danger zones or when dealing with
protected sources? Using a UK or EU contracted phone as the net

which wifi dongle is most trusted for safety by users here?

I was recently interviewing a number of women who had been sexually
assaulted, and they were uniformly cautious/frightened about speaking
on skype, whatsapp, or normal phones. i used Signal audio, on speaker,
recorded to local hardware. It worked, but felt makeshift.

how can I speak or exchange messages with subjects such as these in a
way that is safe, secure, and simple for us all?

Apologies if this isn't quite on topic, and thanks again for the
interest and the answers.

best, Mike

On Tue, 9 Jun 2020 at 10:18, Mike Hearn <mike at plan99.net> wrote:
> Interesting question.
> Unfortunately their website offers little more information than the Liverpool Echo article you link to. It appears to simply be a customised Android phone, with a few features that are especially useful for criminals. Without a doubt 95% of the tech in them is the same as you can get on a regular Android phone, but the remaining 5% of the integration and feature work is sufficiently valuable to justify the eyewatering cost.
> From looking over the advertised feature set, my guess is the value comes from a very small number of features. The majority of advertised features are industry standard and nothing special, e.g. disk encryption, secure boot, tamper proofing, the message cryptography they discuss etc. They advertise them because they're security related, but they're not actually a competitive advantage.
> I'd dig in to this mysterious "notary" verification process, which is presumably some method of verifying public keys. They say:
> "All clients directly negotiate keys automatically with each other’s devices. Our servers, located offshore in our datacenter, never create, store, or decrypt keys, message conversations or user data."
> To me this implies some sort of Bluetooth based key transfer or key agreement, probably combined with the ability to send keys between users. Sort of like the PGP web of trust but integrated with the phone itself.
> The point of this would be to ensure police can't force EncroPhone to intercept messages by changing public keys, which is an issue for every centralised messenger otherwise.
> Users who buy this phone have demonstrated a huge willingness to make effort up front, as apparently to get one you have to know someone who can supply you. You can't buy them from shops. So, they can probably impose rules like "you may only communicate with someone you interacted with physically before, or someone they vouched for", whereas for normal consumer-oriented software it's all about maximum convenience so the messengers all use centralised public key directories linked to phone numbers.
> The other obvious eye-catching feature is the duress/capture stuff, like being able to request all your contact phones delete all your messages triggered by a panic PIN. There's even mention of a countdown which I suppose can be useful if you suspect you're walking into a trap - you could set up a timer, be grabbed immediately, your phone taken from you without even a chance to touch it at all, and all the evidence is still destroyed. Finally the ability to hide that you're using this phone via dual boot is quite clever.
> I'll now say something that may be a bit controversial for this list (though it's a point I've made before).
> It's worth observing that these sorts of features are in many ways a meaningless shell game. EncroPhone are a Dutch company with (presumably) known owners who can be found. All the fancy stuff they advertise is controlled by software. That makes it meaningless because EncroPhone can push a "security update" to their users that disables all of it, or adds arbitrary message interception facilities, without any visible change and at any time. For example, how do the users know the message deletions are really working? The only trustable evidence is complaints from the police.
> Even though stock Android will notify users that an update is available and ask them to apply it, users can't tell the difference between a real security update that makes their phone harder to hack by the police, and one that makes it easier. No matter what option they take (apply/ignore) there's a risk it's the wrong one.
> This is a fundamental problem with all end-to-end encrypted messaging services. Despite all the progress made in this space, it all still boils down to the trustworthiness of a brand because the service owners always have the option of just switching it off - and in ways users cannot actually detect except via some sort of hypothetical continuous reverse engineering effort, which nobody anywhere has ever mounted.
> Whilst pitched for privacy advocates, if that were true they'd presumably make it easier to buy them via their website and charge less. The fact that it's so expensive and that they're only leasable implies something odd is going on there. It won't surprise me if at some point EncroPhone gets silently taken over by the Dutch police and used in a sting operation, in the same way that Tor markets sometimes were. For them to be legally safe they'd have to avoid anything that could be used to prove a criminal conspiracy, which from your description of how they operate and the news articles sounds unlikely.
> W.R.T. your last question. All consumer messaging systems on smartphones route all messages via central datacenters. That's not unique to WhatsApp and is the entire motivation for the end-to-end encryption features to start with. The only "peer to peer" messaging system that works is SMS, and obviously it's peer to peer only in some pedantic technical sense that the telcos themselves communicate directly with each other (so e.g. messages stay in country). All app-based messengers route messages either via Google/Apple datacenters, or their own, or more typically a mix. Moreover most modern messengers use the same cryptography. Certainly Signal, WhatsApp and probably this EncroPhone thing (which sounds like it uses a modified version of Signal) all use the same underlying tech developed by the sort of people who are on this mailing list. Telegram I don't know, someone else can tell you about that, last I heard they were different and used their own thing.
> From a pure cryptographic perspective none of them are really hiding the message metadata people care about and indeed cannot, as the Liverpool Echo story points out (police can still track EncroPhone users via cell sites and messengers must still route messages to the right devices).
> So with respect to what you can use that your contacts will trust, sorry but I have no idea.


This e-mail and all attachments are confidential and may also be 
privileged. If you are not the named recipient, please notify the sender 
and delete the e-mail and all attachments immediately. Do not disclose the 
contents to another person. You may not use the information for any 
purpose, or store, or copy, it in any way.  Guardian News & Media Limited 
is not liable for any computer viruses or other material transmitted with 
or as part of this e-mail. You should employ virus checking software.

Guardian News & Media Limited is a member of Guardian Media Group plc. 
Registered Office: PO Box 68164, Kings Place, 90 York Way, London, N1P 2AP. 
 Registered in England Number 908396

More information about the Messaging mailing list