Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/signalapp/Signal-Android/issues/1085 below:

Allow different kinds of identifiers for registration · Issue #1085 · signalapp/Signal-Android · GitHub

I know it's come up in the mailing list and on twitter and I'd also really like to see the possibility to register with different kinds of proof of identity.

It's obvious that this would be a rather large feature and all the little quirks and bugs have to ironed out before any of the devs will have time to think about implementing something like this. But I'd like to use this issue for brainstorming and discussing ideas which possibilities of proof of identity exist, that are safer and / or more anonymous than phone numbers or email addresses.

TextSecure uses a security model called trust on first use or TOFU.
This means the TextSecure server checks if you control some unique identifier by which your contact's know you.

This is currently done with your phone number, which is great if your friends want to find you. But it's not ideal at all if you don't want to be found. And also for security reasons.

If this initial check was not compromised, you can be very sure that your communication can not be intercepted or faked by any known kind of attack on the transport. If TLS breaks (again) then an attacker with control to the data transport can tell that you are using TextSecure and probably also with which number you registered and who you talk to. But they won't be able to read your texts, unless they compromise your phone directly. But this isn't something TextSecure or any app can do much about. It's also a lot harder, more expensive, complex and dangerous (easier to detect) to do this on a wide scale than it is to compromise the transport.

Phone numbers are really bad for many reasons:

1. They are directly linked to your real life identity by several public and non-public databases. There are no throw-away phones in Europe and many other parts of the world like there are in the US. EU law requires the stores to register and verify your identity with your national ID card.
2. You can only carry around / check so many phones/sim cards. You also have to get one phone for each sim card, because the phones IMEI is automatically logged together with the sim card identifier. That means if you just change sim cards, it's rather obvious to the network provider / the guy that owned the network provider / your average dictator that you are still using the same phone. So you are probably the same person/entity.
3. Once you somehow got a relatively anonymous phone number, it's not easy to just switch to a different one, because you probably use this for a number of different places / contacts, because it was expensive/arduous to get and you can't have 50 phones lying around all the time (see 2.).

4 It's really easy for the network providers or anybody with a little incentive to trace you to a rather small physical area. If you want to know more about the phone tracing (for 15$), watch some of Karsten Nohl's talks from the differenc Chaos Communication Congresses.

1. It's also rather easy to fake the identity of a mobile phone. Not just for the network operators but also for the average IT guy. Watch the same stuff I recommended in 4. if you want to know more.

In the future it will be possible to register with an email address, but that's not that great either. Let's see which of the above problems disappear by using an email.

1. It's really easy to get an anonymous email address. TOR + some random email account, that's not linked to anything else you do, should be good enough for most people.
2. No problem, you can have as many email accounts as you like. But you should start a new TOR session for checking each and should probably not check them one after another to prevent correllation attacks (the same e-mails always get checked together, it's probably the same guy).
3. No problem, it's easy as pie to get a new one (see 1.)
4. With TOR and/or other methods of anonymization it shouldn't be a problem if you are disciplined enough to always stick to some basic rules.
5. Okay that's a biggie. It's actually easier for a powerful attacker to fake owning somebodies email address, or to get control over the adress itself by other means than it is for mobile phones.

So especially problem Number 5 still has to be solved.
Because this means that it's possible to do a man in the middle attack (MITM) on somebody who is using TextSecure.

Currently there aren't many ways to get a unique but anonymous identifier that is also extremely hard to impersonate.

One possible solution would be to use some kind of crypto currency.

Some possibilities I found:
Software:

• Pond identities with PANDA for easy authentication. interesting talk about pond+panda
• GNUnet egos Appears to be a great solution but an alpha web client is at least going to take until the end of the year.
• Bitcoin SIN
• NameID (Namecoin identity + OpenID)
• OneName
• Keyhotee
• Decentralized Anonymous Credentials
• NXT (coin) alias
• Ripple identity
• Ethereum identities
• Maidsafe identities
• Twister identities
• PGP keys

Hardware:

• Yubikeys
• CryptoStick
• TREZOR
• Other Smartcards

It would be great if we found something that can be run on the clients themselves, otherwise we would still have to trust the TS server, that he has verified the identity (as it is now). But then all our effort would have been rather futile, because if the server gets compromised, the same attack as described above can happen.

However, the block chains of the crypto currencies that have a kind of id or alias system enabled are already too big to fit on most cell phones. If we just run a "light client", that asks a website if the person is indeed who he pretends to be, we have to trust this server that it hasn't been compromised. Sounds like a lot of work for nothing. We could ask several different servers, to lower the chances of an attack, but we can never be really sure.

Then there are things like Yubikeys or the Crypto-Stick. But they are so little used that there is currently no easy way to get them anonymously from a local shop.

I'm open for any suggestion.

Currently it seems to me like using anonymous email + verifying the keys after the exchange is probably the least effort.

This is also kinda connected to #838.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4