-- HEADSUP: BAD CRYPTOGRAPHY-JOURNALISM AHOY! --
@VICE @motherboard in Germany is spreading a lie that @facebook @messenger end-to-end encrypted "secret conversations" can be decrypted; because the author @ok_but_why does not know what an HMAC is …
@VICE @motherboard in Germany is spreading a lie that @facebook @messenger end-to-end encrypted "secret conversations" can be decrypted; because the author @ok_but_why does not know what an HMAC is …
External Tweet loading...
If nothing shows, it may have been deleted
by @ok_but_why view original on Twitter
The piece runs thusly (via Google Translate) - and it conflates the abuse-reporting mechanism with the "Franking" mechanism that "Secret Conversations" uses, and which (a) @matthew_d_green helped design and (b) is fully documented.
I know, because I led the project. #lol
I know, because I led the project. #lol
The Franking mechanism is designed to support abuse-reporting: if Alice receives abusive material (eg: unwanted dick-pics) then she may want to report them to Facebook... but (given the nature of E2E) how can we trust Alice not to make a bogus report to incriminate Bob? 
Enter "Franking" - the E2E message is HMACed as it travels through the Facebook infrastructure. If Alice reports the dick-pic to Facebook, the data which she sends to Facebook can validate that the packet traversed the FB infrastructure as-described / is not a Photoshop-job. 
So, yeah, Facebook get to see the dick-pic which Alice received from Bob, IF-AND-ONLY-IF Alice actually reports that onwards to Facebook.
This is not exactly news, @ok_but_why.
This is not exactly news, @ok_but_why.
This is all nicely explained in the white paper which one of my former colleagues authored — and which I helped review — but I suppose that the long words may have been a bit confusing. Or something. fbnewsroomus.files.wordpress.com/2016/07/secret… 
I've archived a copy of the stupidity at archive.is/LQVR8 for posterity's sake, in the expectation that @motherboard will fix this or take this down, real soon now. /cc @lorenzoFB
tl;dr - 
OMG LOOK! I HAVE DISCOVERED A BACKDOOR IN #SIGNAL SECURE MESSENGER! ALERT @motherboard @Motherboard_DE @lorenzoFB !!!
WITHOUT THE SENDER NOTICING, A RECIPIENT CAN 'FORWARD' A MESSAGE TO SOMEONE ELSE! THIS IS NOT A BACKDOOR IN THE STRICTEST TECHNICAL SENSE, BUT...
WITHOUT THE SENDER NOTICING, A RECIPIENT CAN 'FORWARD' A MESSAGE TO SOMEONE ELSE! THIS IS NOT A BACKDOOR IN THE STRICTEST TECHNICAL SENSE, BUT...
Let me to be 100% clear: this attempt by @Motherboard_DE to attempt to brand the ability to forward/report an abusive message to Facebook, including proof of authorship, IS NOT THE ANTICAPITALIST-ANTISURVEILLANCE SECURITY HORROR STORY THAT THEY WERE LOOKING FOR.
In truth: franking is a really good idea, and a neat crypto-trick to provide blinded proof of authorship of an abusive message, when the RECIPIENT CHOOSES TO FORWARD IT as evidence of badness, exploitation, etc.
I am horrified that @Motherboard_DE have apparently retrenched into a Guardianesque "Well, it's not a traditional backdoor, but if you squint a little and redefine 'backdoor' in line with what makes us look less clueless and spiteful…"-approach: 
This shallowness of reportage — apparently in pursuit of an equally shallow and facile agenda — is a stain on the otherwise respectable history of reporting from @VICE @motherboard; and it deserves to be loudly called-out until repaired.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
