SimpleX said at https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html#end-to-end-encryption-security-attacks-and-defense: “SimpleX Chat does not use signature in any part of client-client protocol, but the signature is currently used when authorizing sender’s messages to the relays. v5.7 will improve deniability by enabling a different authorization scheme that will provide full-stack repudiation in all protocol layers”, however there is not even the word “deniability” or “repudiation” in the “What’s new in v5.7” blog post https://simplex.chat/blog/20240426-simplex-legally-binding-transparency-v5-7-better-user-experience.html which is according to the first quote the version where the improved deniability came in place and I would therefore like to ask if this is now really implemented?
You are thinking of cryptographic deniability but there is also plausible deniability to consider. You may be interested in this post about deniability.
It was never implemented? So does that you can‘t deny any message plausibly?
Lol, I thought that they use a scheme where they release the key used to sign the previous message in the next one, but that the use message signing.
If they don’t use any message signing, how do they prevent a middle men from impersonating anyone?
They use signatures, but only in authorizing the message to the server.
Reading the Simplex documentation, especially:
Gives me the impression that they are using a signign scheme, because otherwise you couldn’t prevent the server from forging messages, not deliver certain messages or perform similar malicious behavior
Yes, AFAIK Session never implemented what they suggested.
Any messaging service that doesn’t allow easy editing of other users’ messages arguably doesn’t have plausible deniability. An edit feature built into an official client would create the possibility that the chat history may have been tampered with.
Based on my understanding of Session’s explanation when they unveiled their protocol in 2020 (see “Practicality” under “Deniability” heading), generally speaking if another party to someone’s conversation presents their chat history as evidence to a court or media outlet, there is a real chance the chat history will be accepted as evidence. The court case involving the communications of Chelsea Manning and Adrian Lamo is a US precedent of this.
IRL deniability/repudiation is just marketing slogan.
So I can just solve this question with „No messenger has the feature of plausibly denying messages“?
I guess it was SimpleX that implement it that they release the signing key of the previous message inside the next message, which would allow all participants to edit to create any message they want with the signing key
This I believe is the current situation for all messaging apps I know of, for better or worse. It’s best to assume courts and media don’t demand cryptographic integrity/authenticity; they may happily accept screenshots and assume those captured messages are legitimate.
If a feature that allows locally editing messages sent by any user is implemented, that would increase the likelihood of achieving plausible deniability. Even then there would still be evidence of who communicates with who, when they communicate, how often they communicate, etc.