Profile picture
Alec Muffett @AlecMuffett
, 13 tweets, 8 min read Read on Twitter
-- HEADSUP: BAD CRYPTOGRAPHY-JOURNALISM AHOY! --

@VICE @motherboard in Germany is spreading a lie that @facebook @messenger end-to-end encrypted "secret conversations" can be decrypted; because the author @ok_but_why does not know what an HMAC is …
The piece runs thusly (via Google Translate) - and it conflates the abuse-reporting mechanism with the "Franking" mechanism that "Secret Conversations" uses, and which (a) @matthew_d_green helped design and (b) is fully documented.

I know, because I led the project. #lol
The Franking mechanism is designed to support abuse-reporting: if Alice receives abusive material (eg: unwanted dick-pics) then she may want to report them to Facebook... but (given the nature of E2E) how can we trust Alice not to make a bogus report to incriminate Bob?
Enter "Franking" - the E2E message is HMACed as it travels through the Facebook infrastructure. If Alice reports the dick-pic to Facebook, the data which she sends to Facebook can validate that the packet traversed the FB infrastructure as-described / is not a Photoshop-job.
So, yeah, Facebook get to see the dick-pic which Alice received from Bob, IF-AND-ONLY-IF Alice actually reports that onwards to Facebook.

This is not exactly news, @ok_but_why.
This is all nicely explained in the white paper which one of my former colleagues authored — and which I helped review — but I suppose that the long words may have been a bit confusing. Or something. fbnewsroomus.files.wordpress.com/2016/07/secret…
I've archived a copy of the stupidity at archive.is/LQVR8 for posterity's sake, in the expectation that @motherboard will fix this or take this down, real soon now. /cc @lorenzoFB
tl;dr -
OMG LOOK! I HAVE DISCOVERED A BACKDOOR IN #SIGNAL SECURE MESSENGER! ALERT @motherboard @Motherboard_DE @lorenzoFB !!!

WITHOUT THE SENDER NOTICING, A RECIPIENT CAN 'FORWARD' A MESSAGE TO SOMEONE ELSE! THIS IS NOT A BACKDOOR IN THE STRICTEST TECHNICAL SENSE, BUT...
Let me to be 100% clear: this attempt by @Motherboard_DE to attempt to brand the ability to forward/report an abusive message to Facebook, including proof of authorship, IS NOT THE ANTICAPITALIST-ANTISURVEILLANCE SECURITY HORROR STORY THAT THEY WERE LOOKING FOR.
In truth: franking is a really good idea, and a neat crypto-trick to provide blinded proof of authorship of an abusive message, when the RECIPIENT CHOOSES TO FORWARD IT as evidence of badness, exploitation, etc.
I am horrified that @Motherboard_DE have apparently retrenched into a Guardianesque "Well, it's not a traditional backdoor, but if you squint a little and redefine 'backdoor' in line with what makes us look less clueless and spiteful…"-approach:
This shallowness of reportage — apparently in pursuit of an equally shallow and facile agenda — is a stain on the otherwise respectable history of reporting from @VICE @motherboard; and it deserves to be loudly called-out until repaired.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Alec Muffett
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!