When Your Threat Model Is Being a Moron

Originally posted by @anonymous308
Archive: When Your Threat Model Is Being a Moron

lol.

Sure, maybe the signalgate or whatever are morons. But Signal has a flaw where it does not compulsorily authenticate the user before initiating chat. Of course they are clear about it in threat model and recommend oob verification, but the article blames the user for being a moron when it should blame them for not using the correct tool, especially with quotes like:

There is no threat modeling that can account for you sending information directly to someone who you do not want to have it,

When tools already exist to solve for the exact threat model they say doesn’t exist. Right tool for the right job should protect even the worst users, or at least most of them.

Since they had both tools available to them and chose to use Signal, I think the article is saying the first thing is the same as the second.

I can see that, but this reads more like a political dunk (maybe well deserved) than informative about privacy. Off topic tag rather than privacy as I see it. Subjective topic of course. A privacy focused article that I would want would point out this as exactly the issue with tool based recommendation, people think of privacy as things they have to use instead of things they have to do.

I also ask you
what tools?!
Like with phishing, you can’t solve the human part with just tools, they require training and more importantly enough intelligence for the tools they use at their disposal.

I’d say the more relevant article from 404media is actually this one, and something we should probably consider noting in our own guides:

Passkeys solve phishing like 99% of time. Famously bad example.

Yup, I agree. This is actually what should be privacy tagged.

Unless you demand employees not to save logins, even passkeys are ineffective of stealer malware they could run from them being phished (or otherwise the attacker leveraging RAT to attack the other systems)

I don’t understand the point. But this is off topic, please create a new topic if you want to discuss that tangent.

you brought it up first.
Also this is on topic since you mentioned the “wrong tool” being used here, that’s not how it works here. (Unless they used whatsapp or something sure but not the case here.)
What I’m trying to say is, most of the blame is human error, not the tool, there’s a difference between failing opsec due to human error or failing opesec due to the tool itself (also this is not worth making a seperate thread imo)
more importantly you haven’t mentioned what tools, I feel like @jonah did it already for you which is crazy.

No, you are misunderstanding. The issue about passkeys is off topic.

Human error is adding the reporter, not using signal. Terms have meanings. Using signal is bad tool for a job. A tool that is made for a purpose can be made such that it fulfills the purpose. The issue here is signal is not meant for these communications.

I am also not sure what you mean by “what tools”, the comment overall is slightly unintelligible to me, which I agree might be a fault on my end.

I disagree. I think this article is very informative, and an excellent reminder to people that E2EE alone is not enough to protect them, they have to consider their threat model and be mindful.

Have you ever been afraid of accidentally sending a message to the wrong person? I have. That can happen, even on Signal. In a Tech Lore video, Henry mentioned the fact that if you are in group chat with hundreds or thousands of people, expecting information not to leak just because the chat is E2EE is ridiculous. I 1000% agree, but I still prefer my group chats E2EE regardless of their size.

What do you make of the fact that Signal allows recipients to see all versions of an edited message?

Personally, I don’t like it. Even though all my edited messages are for typo and text formatting.

That said, I can understand why Signal made that decision. Not allowing the recipient to see the changes compromises the integrity of the message.

On Telegram, not only can you delete months old messages, but there is no notification that a message was deleted. Deleting old messages can completely change the interpretation of an exchange, and compromises its integrity when one party is not notified that old messages have been deleted.

On YouTube if you comment I love MLK! and the channel liked it, but then edit your comment to I love #itler!, the like will disappear. At least that’s been my experience with comments I’ve edied for typos.

Maybe I’m wrong, but when it comes to Signal, I think it would be better if Signal didn’t show the original message to the recipient if they had not read it, but still notify them that the message that they are seeing is not the original.

Good points, I can see that. Thats why I said the above.

I think doing that would be unwise;

“Hi, in order to join this conversation you need to first meet face to face with the 54 other group members where-ever they may be, to scan this obscure code, to prevent an advanced attack you don’t even understand.”

Yeah in general prompting users to take measures in protecting against MITM attacks would be nice. But that’s not enough for government use. The critique against using Signal has been mostly about endpoint security: Like TDS showed, a former white house official had told Politico:

“Their phones are all hackable, and it’s highly likely that foreign intelligence services are sitting on their phones watching them type the shit out.”

There’s nothing Signal can do about this kind of attack, so this type of communication always needs to be handled on approved devices only. The NSA has its own wafer fab they use to make hardware. They probably have their OS too, most likely hardened RHEL since the collaborated with RedHat with SELinux. Thus, they most likely also have their own phone OS for the custom phones, and custom communication apps used by the top brass of the government. But that system most likely abides by the federal records act and you can’t have that when you’re trying to compromise democracy.