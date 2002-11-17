from the Shhhhhhhhhhh! dept.
Open Whisper Systems (OWS), the non-profit that develops the Signal messenger and its end-to-end encryption protocol, released a new standalone desktop application that will replace the existing Signal Chrome App. The move comes as Google is preparing to end support for Chrome Apps in its browser.
[...] Because Google is deprecating its Chrome Apps, Signal's developers had to find another way to offer their users a desktop application without having to rewrite one from scratch. The group used Electron, an open source framework for creating native applications using HTML, CSS, and JavaScript. This way, OWS was able to convert its existing Chrome App code into a standalone Electron application without too many changes.
Although we don't get a truly native Signal application, there are still some advantages to be gained from this transition. For one, you don't need to install Chrome anymore, just to be able to use the desktop Signal application. Firefox and Safari users can run the new Signal app separately, just like any other desktop app.
The second advantage is that you no longer need to keep your smartphone around to be able to chat via the desktop app, as you have to do with the desktop version of WhatsApp, for instance. After the initial set-up and linking of your smartphone to the desktop app, the new desktop app can be used independently of a smartphone.
Approximately two weeks ago, Open Whisper Systems announced the merger of two of its Android apps, Redphone (secure calling) and TextSecure (encrypted messaging) into one: Signal for Android. This is a counterpart to Signal for iOS, created by the same team. A Chrome extension is forthcoming.
Signal has been getting a lot of love from the security community (Snowden, Schneier, etc) specifically for it's user-friendliness --- something that has prevented the adoption of other crypto software.
The encrypted messaging algorithm seems to be a version of OTR modified for asynchronous mobile environments. Some version of this has been implemented in CyanogenMod as WhisperPush and WhatsApp.
Their blog has a lot of nerdy crypto detail for those interested. For example: deniability, forward secrecy, calling network.
All of their code is open source and funded by donations. Donations are also possible using bitcoin. Accepted pull requests get a payout using another of their projects, Bithub (code).
According to an article on engadget today, Egypt is blocking access to the encrypted messaging application Signal, made by Open Whisper Systems.
Egypt has blocked its residents from accessing encrypted messaging app Signal, according to the application's developer. Mada Masr, an Egypt-based media organization, reported yesterday that several users took to Twitter over the weekend to report that they could no longer send or receive messages while on Egyptian IP addresses. Open Whisper Systems, the team behind the app, told a user asking about a situation that everything was working just as intended on their end. Now that the company has confirmed that the country is blocking access to Edward Snowden's preferred messaging app, it has begun working on a way to circumvent the ban. They intend to deploy their solution over the next few weeks.
Signal can be downloaded here for android and here for ios
Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts. Bypassing online censorship in countries where internet access is controlled by the government can be very hard for users. It typically requires the use of virtual private networking (VPN) services or complex solutions like Tor, which can be banned too.
The solution from Signal's developers was to implement a censorship-circumvention technique known as domain fronting that was described in a 2015 paper [PDF] by researchers from University of California, Berkeley, the Brave New Software project and Psiphon.
The technique involves sending requests to a "front domain" and using the HTTP Host header to trigger a redirect to a different domain. If done over HTTPS, such redirection would be invisible to someone monitoring the traffic, because the HTTP Host header is sent after the HTTPS connection is negotiated and is therefore part of the encrypted traffic.
