http://www.tomshardware.com/news/signal-messenger-standalone-desktop-app,35810.html
Open Whisper Systems (OWS), the non-profit that develops the Signal messenger and its end-to-end encryption protocol, released a new standalone desktop application that will replace the existing Signal Chrome App. The move comes as Google is preparing to end support for Chrome Apps in its browser.
[...] Because Google is deprecating its Chrome Apps, Signal's developers had to find another way to offer their users a desktop application without having to rewrite one from scratch. The group used Electron, an open source framework for creating native applications using HTML, CSS, and JavaScript. This way, OWS was able to convert its existing Chrome App code into a standalone Electron application without too many changes.
Although we don't get a truly native Signal application, there are still some advantages to be gained from this transition. For one, you don't need to install Chrome anymore, just to be able to use the desktop Signal application. Firefox and Safari users can run the new Signal app separately, just like any other desktop app.
The second advantage is that you no longer need to keep your smartphone around to be able to chat via the desktop app, as you have to do with the desktop version of WhatsApp, for instance. After the initial set-up and linking of your smartphone to the desktop app, the new desktop app can be used independently of a smartphone.
Related: Redphone and TextSecure are now Signal
Egypt has Blocked Encrypted Messaging App Signal
Encrypted Messaging App Signal Uses Google to Bypass Censorship
Related Stories
Approximately two weeks ago, Open Whisper Systems announced the merger of two of its Android apps, Redphone (secure calling) and TextSecure (encrypted messaging) into one: Signal for Android. This is a counterpart to Signal for iOS, created by the same team. A Chrome extension is forthcoming.
Signal has been getting a lot of love from the security community (Snowden, Schneier, etc) specifically for it's user-friendliness --- something that has prevented the adoption of other crypto software.
The encrypted messaging algorithm seems to be a version of OTR modified for asynchronous mobile environments. Some version of this has been implemented in CyanogenMod as WhisperPush and WhatsApp.
Their blog has a lot of nerdy crypto detail for those interested. For example: deniability, forward secrecy, calling network.
All of their code is open source and funded by donations. Donations are also possible using bitcoin. Accepted pull requests get a payout using another of their projects, Bithub (code).
According to an article on engadget today, Egypt is blocking access to the encrypted messaging application Signal, made by Open Whisper Systems.
Egypt has blocked its residents from accessing encrypted messaging app Signal, according to the application's developer. Mada Masr, an Egypt-based media organization, reported yesterday that several users took to Twitter over the weekend to report that they could no longer send or receive messages while on Egyptian IP addresses. Open Whisper Systems, the team behind the app, told a user asking about a situation that everything was working just as intended on their end. Now that the company has confirmed that the country is blocking access to Edward Snowden's preferred messaging app, it has begun working on a way to circumvent the ban. They intend to deploy their solution over the next few weeks.
Signal can be downloaded here for android and here for ios
Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts. Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.
The solution from Signal's developers was to implement a censorship-circumvention technique known as domain fronting that was described in a 2015 paper [PDF] by researchers from University of California, Berkeley, the Brave New Software project and Psiphon.
The technique involves sending requests to a "front domain" and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.
Submitted via IRC for Fnord666
The team behind secure messaging app Signal says Amazon has threatened to drop the app if it doesn't stop using an anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike — founder of Signal developer Open Whisper Systems — posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider.
Amazon has said that it's banning domain-fronting so malware purveyors can't disguise themselves as innocent web traffic. But Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal.
Source: https://www.theverge.com/2018/5/1/17308508/amazon-web-services-signal-domain-fronting-ban-response
Also at TechCrunch and TechRepublic.
See also: A Google update just created a big problem for anti-censorship tools
APT29 Domain Fronting With TOR
Previously: Encrypted Messaging App Signal Uses Google to Bypass Censorship
Related: Open Whisper Systems Releases Standalone "Signal" Desktop App
(Score: 2) by MichaelDavidCrawford on Friday November 03 2017, @01:25AM (8 children)
I have quite a long commute. Today I had a medical appointment near home, in the afternoon, so I didn't get to work until 5:30 PM.
I'm not getting anything done. Surely I should go home?
No.
My employer thinks I am working productively and in fact is pleased that I came to work, albeit so late.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by MichaelDavidCrawford on Friday November 03 2017, @01:26AM (6 children)
The logout link did not work.
The comment form had my nick and my password, but just to make sure I deleted them.
Good thing none of you know where I work.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by melikamp on Friday November 03 2017, @02:31AM (1 child)
Wow... What do you type in? M$ Word? And to think that you could publish your password
12345
===================================================
Autocompleted by SCROOGLE.COM
===================================================
(Score: 2) by MichaelDavidCrawford on Friday November 03 2017, @02:34AM
Doh
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Friday November 03 2017, @04:40AM (3 children)
160 IQ eh :D?
(Score: 2) by MichaelDavidCrawford on Friday November 03 2017, @06:06AM (2 children)
Well into kindergarten I had to get some other five year old to tie my shoes.
But that I am a genius is evidenced by the fact that I eventually figured it own on my own.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by JoeMerchant on Friday November 03 2017, @08:28PM (1 child)
I distinctly remember a day in Kindergarten when I thought "I don't need to learn to tie my shoes, my mom does it at home, and I've got classmates here who will do it for me when necessary."
It's not that I can't tie shoes (now), I just think it's an un-necessary waste of time and effort, so: https://www.olukai.com/akepa-moc.html?color=rum-rum [olukai.com]
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 1) by Arik on Friday November 03 2017, @11:43PM
It was reading that I resisted. Because I enjoyed being read to so much, I was afraid when I learned to read for myself that would quit happening. I started first grade unable to read a word. I could read numbers fine though, and I picked everything up the first time they went over it, so the kids that had a year on me were all behind me within a week anyhow. And I enjoyed being able to read for myself so much I almost forgot about being read to.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by MichaelDavidCrawford on Saturday November 04 2017, @12:23AM
- all day.
That beta milestone check is getting closer and closer.
I'm going to spend it all on hookers and blow.
No in reality I'm going to buy a car. That won't help with the commute I have right now, but it will enable me to take contracts in places that public transport doesn't run.
It will also be helpful to have a faster way to get around on evenings and weekends.
The last car I owned - a really good car, I miss it terribly - I totaled in a 2011 suicide attempt. Don't worry, at the cost of a nice car I am firmly convinced that life is worth living.
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Insightful) by melikamp on Friday November 03 2017, @02:25AM (3 children)
(Score: 2) by opinionated_science on Friday November 03 2017, @11:28AM (1 child)
I don't believe that is the only way - simply the simplest way for non-techs to get it done.
I had a peek under the hood yesterday...and I have followed this software a year or so.
The need for a phone is simply a way of getting connectivity. You materials stay encrypted on the device, no matter what the phone does.
Ironically, this is what makes a desktop version so desirable....
(Score: 1, Informative) by Anonymous Coward on Friday November 03 2017, @02:36PM
Which one must assume at this point in time the OS is not.
Android you should assume google can gain access to any crypto keys on your system. Windows 10 (or earlier versions with the telemetry backported) you can assume Microsoft can gain access to any crypto keys on your system.
Any computer running AMD PSP/Intel ME, you should assume AMD/Intel or government entities with spies embedded in them can access your keys.
Any combination of these result in the keys being compromised while the app is running/you unsecured the keys/encrypted storage, leading to all the contents either being immediately accessable, or being decryptable in the future when they also capture the physical device.
The only way to mitigate these risks is to have a complete trustworthy hardware/software stack, ideally with end-user provisioned secure boot. Less ideally with a secure boot compatible OS using a trustworthy third party's images (debian, devuan, or similiar, assuming you can find an organization you trust.) Current secure boot implementations are suspect because they include baked in keys relying on you trusting that microsoft, the root ca organizations, etc are all secure, which simply on account of size you should assume they are not.
Real information security is hard, which is why even aspects of the intelligence community often fail at it.
(Score: 2) by etherscythe on Friday November 03 2017, @06:04PM
Having used Signal, it seems to be tackling the bootstrapping issue with encryption uptake through a hybrid approach. Contacts not using Signal send you SMS messages in the clear, whereas those using Signal will send an encrypted message that seamlessly opens on your end. If you're on PC, such things as PGP already exist, and PCs are falling in favor of smartphones for many people. You're basically complaining about getting into a phone-centric communication network, and complaining that it uses a phone as its primary use case.
I'm not saying it isn't a good point, though. Telegram has a perfectly usable desktop client in comparison; I kind of feel that a communication app that can't easily be ported to other useful architectures is doing something wrong, for no other reason than ideological blindness.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 4, Insightful) by Arik on Friday November 03 2017, @02:44AM (1 child)
I'm absolutely rolling. It's like a kid mounting a slingshot on his bike and calling it a weapons system, except he's cute, and this shit isn't.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Saturday November 04 2017, @03:30AM
Criticism is easy. Writing easy-to-use software for encrypted messaging is hard.
We users use what we can -- the things that are free and which offers usable security.
If you think Signal isn't done right, then please write something you think is better so we can use it.
(Score: 1, Interesting) by Anonymous Coward on Friday November 03 2017, @12:17PM (1 child)
I'd rather they manage to keep their F-Droid app up to date, as of yesterday it no longer works.
(Score: 1, Interesting) by Anonymous Coward on Saturday November 04 2017, @03:34AM
:-( Yeah that does suck.
F-Droid is terrific and allows loading apps one can be sure is open-source.
Apps that are open-source are better for security because the software can be reviewed.
I hope Open Whisper Systems releases another open-source version that can be uploaded to F-Droid.