Some stream of consciousness, running notes, as I read through:
“Oh, it turns out, they’re wrapping GMP.” That’s definitely not constant-time!
You would be surprised how often this particular finding crops up.
Narrator: I wouldn’t.
For this blog post series about Signal, I will use Semgrep, because it’s currently free as in beer (though the prominent Series D funding announcement makes me worry about its eventual enshittification, so don’t take my hasty tool selection as any sort of endorsement).
Semgrep looks like a free trial. So “free as in the taster of beer that the bartender will pour you so you can decide whether you want to buy a whole one”. But in any case, I don’t think charging me for a product is really enshittification.
Missing sections from the technical documentation are like a flashing neon sign that says “audit me”.
I’ve done a couple crypto audits and (many) general network security audits, and this is a fundamental truth. Both for missing sections and for present-but-suspiciously-under-detailed sections. I like to map documentation sections to the source tree, then see what parts of the source tree have missing or superficial docs.
Every time I learn new ways to attack cryptosystems, I always look at Signal or Tor to see if I can break either of them, because they’re difficult targets and you win instant bragging rights if you succeed.
This is the most time I’ve spent writing about a negative result on this blog.
If you read this whole series from start to finish and feel a little disappointed that nothing fell out of my review, I want to make something clear to you in particular:
I didn’t feel that “I looked at Signal and didn’t find any vulnerabilities in it” is exactly a convincing argument, so instead, I wanted to lead you down the journey I took to review Signal; to show you the code snippets I reviewed, and what (if anything) significant I thought about them.
I like the way this person thinks. I haven’t spent enough time with the Signal source code to say whether I agree with these findings. And I still don’t like that you need a phone and a phone number to bootstrap Signal. But this was a well-written and well-explained piece about why the cryptography behind Signal’s protocol is very likely as solid as we expect it to be.
The home page definitely looks like that, but you can just pip install the thing. Some features (cross-file analysis, and some data flow stuff e.g. the more advanced taint analysis) are locked, but the static pattern matching and some of the taint analysis is available out of the box. I assume some of the current experiments might be locked to pro users if they get stabilised.
But in any case, I don’t think charging me for a product is really enshittification.
I would assume the fear is less about a paid product and more investor / exit-driven priorities.
I would further assume they selected a free product so readers can reproduce without having to pay for a possibly expensive license.
The home page definitely looks like that, but you can just pip install the thing.
I absolutely didn’t pick up on that. I’d agree that the risk of the company changing the trial offering so that people can’t reproduce this analysis due to investor pressure is at least adjacent to enshittification. But it’s not the bait and switch that I usually associate with that.
It’s really a small point. But the way the writer phrased it made me briefly ponder the difference between a free trial + up-sell and “enshittification”.
If someone is promoting a VPN service in 2025 and that service doesn’t use WireGuard as its underlying protocol, they are almost certainly LARPing at security expertise rather than offering valuable advice.
This sounds a bit strong. Cloudflare’s WARP uses QUIC, noting valid issues with Wireguard:
That being said, the protocol is not without its issues. Like many tradeoffs in technology, WireGuard’s strengths are also its drawbacks. While simple, it is also rigid: it’s not possible to extend it easily, for example, for session management, congestion control, or to recover more quickly from error-state behaviors we’re familiar with. Finally, neither the protocol nor the cryptography it uses are standards-based, making it difficult to keep up with the strongest known cryptography (post-quantum crypto, for example).
IPSec was raising my eyebrows in 2005. I think now we know that developing an IPSec profile we can all understand as secure is a really tall order, and outside of such a very well understood and narrowly specified profile, IPSec is not really actually reasonable.
Their business greatly depends on being considered secure. Why would they risk that image by adding a backdoor when everyone is already given them their data willingly?
I definitely consider their MITM an issue with security, privacy, and infrastructure centralization, but it doesn’t mean they can’t produce good tech.
I’m still skeptical of MASQUE as one should be of anything new related to security.
The generally accepted definition of “hit piece” includes an attempt to sway public opinion by publishing false information. Leaving aside the fact that the user who linked this story did not publish it, and deferring the discussion of who may or may not pay them to post, that is a significant claim that requires significant evidence.
So, please share your evidence… what’s the false information here, and how exactly is @freddyb attempting to sway public opinion? To what end? Be very specific, please.
That’s a fair point. I should have said “false or misleading.”
So I’ll amend my question, which I doubt will get answered at any rate:
@ecksdee: So, please share your evidence… what’s the false or misleading information here, and how exactly is @freddyb attempting to sway public opinion? To what end? Be very specific, please.
If you look at the history of soatoks blog on lobsters it is pretty obvious that sooner or later anyone from this community would post this entry.
Now you have to show me how mozilla is related to signal in any positive or negative way. You yourself seem to have a strong feeling towards mozilla at least.
This is a great read. Thank you for sharing it.
Some stream of consciousness, running notes, as I read through:
Narrator: I wouldn’t.
Semgrep looks like a free trial. So “free as in the taster of beer that the bartender will pour you so you can decide whether you want to buy a whole one”. But in any case, I don’t think charging me for a product is really enshittification.
I’ve done a couple crypto audits and (many) general network security audits, and this is a fundamental truth. Both for missing sections and for present-but-suspiciously-under-detailed sections. I like to map documentation sections to the source tree, then see what parts of the source tree have missing or superficial docs.
I like the way this person thinks. I haven’t spent enough time with the Signal source code to say whether I agree with these findings. And I still don’t like that you need a phone and a phone number to bootstrap Signal. But this was a well-written and well-explained piece about why the cryptography behind Signal’s protocol is very likely as solid as we expect it to be.
The home page definitely looks like that, but you can just pip install the thing. Some features (cross-file analysis, and some data flow stuff e.g. the more advanced taint analysis) are locked, but the static pattern matching and some of the taint analysis is available out of the box. I assume some of the current experiments might be locked to pro users if they get stabilised.
I would assume the fear is less about a paid product and more investor / exit-driven priorities.
I would further assume they selected a free product so readers can reproduce without having to pay for a possibly expensive license.
I absolutely didn’t pick up on that. I’d agree that the risk of the company changing the trial offering so that people can’t reproduce this analysis due to investor pressure is at least adjacent to enshittification. But it’s not the bait and switch that I usually associate with that.
It’s really a small point. But the way the writer phrased it made me briefly ponder the difference between a free trial + up-sell and “enshittification”.
This sounds a bit strong. Cloudflare’s WARP uses QUIC, noting valid issues with Wireguard:
https://blog.cloudflare.com/masque-building-a-new-protocol-into-cloudflare-warp/
IPSec can also be a valid basis, used to power cloud VPNs, e.g. https://aws.amazon.com/what-is/ipsec/
I stick with Wireguard because I like it’s simplicity and silence, but those are just tradeoffs. There are other good choices too.
In fairness, Cloudflare saying “we built our own VPN protocol” is a lot different from some random VPN company saying it.
Yes, though the comment was regarding what a VPN services uses, rather than what it has designed. A VPN provider using MASQUE or IPSec is reasonable.
IPSec is raising some eyebrows in 2025 imho. MASQUE is really neat actually :)
IPSec was raising my eyebrows in 2005. I think now we know that developing an IPSec profile we can all understand as secure is a really tall order, and outside of such a very well understood and narrowly specified profile, IPSec is not really actually reasonable.
Out of interest, are there any sources you recommend reading wrt IPSec weaknesses?
it’s worse
Cloudflare’s business model is MITMing the internet. We should be especially skeptical of any DIY encryption protocols from them.
Their business greatly depends on being considered secure. Why would they risk that image by adding a backdoor when everyone is already given them their data willingly?
I definitely consider their MITM an issue with security, privacy, and infrastructure centralization, but it doesn’t mean they can’t produce good tech.
I’m still skeptical of MASQUE as one should be of anything new related to security.
+1 to scepticism when it comes to security.
MASQUE is going through IETF, and is built on HTTP/3.
[Comment removed by author]
[Comment removed by moderator pushcx: Don't post crude accusations. Talk to a mod if you think there's something untoward.]
The generally accepted definition of “hit piece” includes an attempt to sway public opinion by publishing false information. Leaving aside the fact that the user who linked this story did not publish it, and deferring the discussion of who may or may not pay them to post, that is a significant claim that requires significant evidence.
So, please share your evidence… what’s the false information here, and how exactly is @freddyb attempting to sway public opinion? To what end? Be very specific, please.
I don’t think “hit piece” implies false information, just a lopsided sample of the information available.
That’s a fair point. I should have said “false or misleading.”
So I’ll amend my question, which I doubt will get answered at any rate:
@ecksdee: So, please share your evidence… what’s the false or misleading information here, and how exactly is @freddyb attempting to sway public opinion? To what end? Be very specific, please.
If you look at the history of soatoks blog on lobsters it is pretty obvious that sooner or later anyone from this community would post this entry.
Now you have to show me how mozilla is related to signal in any positive or negative way. You yourself seem to have a strong feeling towards mozilla at least.
[Comment removed by moderator pushcx: Pruning an off-topic thread.]
[Comment removed by moderator pushcx: Pruning off-topic accusation.]
[Comment removed by moderator pushcx: Don't laugh at him, just flag or otherwise get a mod.]
[Comment removed by moderator pushcx: Pruning off-topic accusation.]
[Comment removed by moderator pushcx: Pruning an off-topic thread.]
[Comment removed by moderator pushcx: Pruning an accusation.]
[Comment removed by moderator pushcx: Pruning an off-topic thread.]
[Comment removed by moderator pushcx: Pruning an accusation.]
[Comment removed by moderator pushcx: Pruning an off-topic thread.]
[Comment removed by author]
[Comment removed by moderator pushcx: Pruning an off-topic thread.]
[Comment removed by moderator pushcx: Pruning an off-topic thread.]
[Comment removed by moderator pushcx: Pruning an off-topic thread.]