What Are You Verifying From PGP to Signal, the Shifting Landscape of Personal Privacy Daria Brashear

this is what are you verifying from seals to signal and i'm daria phoebe bashir the question since time immemorial has been who am i communicating with when you were talking to someone you know you apply trust anytime you are communicating with someone new to you how do you establish trust when not communicating directly with somebody how do you apply trust the relationships you have with people inform the way and the degree you trust different people and you may trust certain people more or less with certain things the first signatures were cylinder seals and these were used to emboss clay tablets while the clay was still wet these dates were about 3500 bce a cylinder might be worn about the neck

to provide ready access when it was needed so after you finished marking up your clay tab with your stylus you would emboss the clay by simply rolling the cylinder across it ink seals were the next advancement and east asian ink seals date from about 220 bce these involved basically using a red ink and you would push the stamp block into the red ink and apply it to whatever document you wish to seals typically had intricate inner workings and were unique to a person or organization and could be used to identify who had composed the work the buy one seal shown here is a rather more modern example of these seals signets and and seals were a more modern

advancement on this and basically they used molten wax which you then pushed the seal into an organization or a person might have one of these seals and in the case of an organization a smaller counter seal indicating which actual official was responsible for it might also be applied in addition to providing a signature a seal could be used to reinforce the secrecy of a document by making it evident if it had been opened before the intended recipient got it you could also for instance roll a document and apply a seal to it that would make it evident that the document had been opened or make it harder to open the document signed and sealed document still needs

to get where it's going and if you're not talking directly to your intended recipient you need to rely on other people to pass it along you could send it via passing merchants and trust that it would get there you could pay someone assuming you had the money to do so but you still needed to assume they wouldn't be attacked but in the end while this provided a point of weakness it didn't fundamentally degrade the actual validation and forgery issues it just provided easier ways to stop or tamper with messages later postal systems were invented and postal routes became commonly available to people which was just a fixed route version of the traveling merchants of earlier

and these expressly provided this service as reading and writing became more common among people it became possible to depict one's own name in one's own hand before general literacy you could only rely on the scribe and the reader if they were not the sender and the recipient this made forgery much easier you didn't even have to bother forging a document directly as you could just have the person who was transcribing it write something other than what they were told or the person reading it read back something other than what they read but regardless these forgeries even when done by signing somebody else's signature were easier than with wax seals or stamps of earlier as those had individual

flaws to them which weren't easily reproducible if you wanted to make a forged seal at this point you still needed to obscure what was being communicated as most of these systems relied on some third party to convey the message and the use of an agreed-upon cipher could provide both privacy and a measure of authentication if you assumed that only the intended recipient would know how to decode it cryptanalysis would allow you to with accumulation of enough documents figure out what was going on as it was possible knowing the lengths of words and the distribution of characters of the language to figure out what you were looking at

still the threat model of cryptanalysis at this point in time wasn't very high unless they were high value documents telegraphy was another advancement with signal fires and drum beats as the earliest forms of telegraphy dating to 400 bce reflected sunlight using a mirror to shine the light over long distances making pulses of light was another way of doing this but eventually a wire over which you sent an electrical impulse and a speaker was used to do this and then by the 1890s wireless telegraphy that is to say early radio came along as a marconi invention and ship-to-shore offerings were added instead of just the telegraph lines that you know that ran alongside railroads it was possible to recognize a sender by

their hand which is to say the way that they spaced or laid out their dots and dashes so you could tell when the person at the other end of the telegraph line wasn't the person you expected if you were used to receiving their telegraphs but again most people didn't have telegraph lines at home so this required trusting the sender and the receiver just as before with scribes without a cipher these were easily temperable voice communications were the next advancement that happened and after alexander graham bell and alicia gray nearly simultaneously invented the telephone at the beginning of 1876 the new world was ushered in multiple people were required to direct calls for anything but the smallest of

call across town and early on there wouldn't have been more than one or two lines in a town anyway but an operator would be required to patch through the call by connecting cables directly at each switchboard along the path lines were typically shared among multiple people early on as telephones were expensive the operator predated telephone directories you would call and ask for the person you wanted and your operator usually a woman probably knew most of the local customers so this was another form of authentication as she would know who she was hooking you up to but she could listen in or intentionally misdirect a call so you were still vulnerable to a man in the middle or in this case a

woman misdirecting your call or overhearing it even once lines weren't one per town in the general store for instance party lines were common and these were to save money when sometimes scarce resources multiple subscribers would share a line the simplest case involved two subscribers on a line where a coded ring would result in only one of their phones ringing but if the other party picked up the line while somebody was on a call they'd overhear it and if they wanted to make a call themselves they couldn't until the line was free there were known to be as many as 10 parties on one of these party lines and rings were encoded so that you would

know what your ring was a call for you might give one long ring or two short rings or a long short long or some pattern that you recognized as yours these were aggressively moved upon in the 1960s and 1970s and the last party line was gone from the united states by 1991 the next advancement was ubiquity ubiquitousness of landline telephones and this was effectively every location would have a landline so if you knew who you were trying to reach and you knew where they would be you could call them and reasonably assume that you were probably going to get them somebody in their house would know who they were and be able to find them for

you people might still overhear from other extensions and if you didn't know the voice of the person that you were looking for you might still not talk to the wrong person but typically this was enough authentication for most people the phone you'd expect would ring and if the person would there you would talk to the person you expected to talk to the 1970s also brought the first radio phones though secure wireless technology for phones like gsm didn't happen until later and early secure technology would later prove to have flaws now though there was the opportunity for handsets which got smaller and cheaper over time and people ended up carrying their own cell phone one or sometimes more per person and

these finally were able to serve as a smart proxy authentication token for their identity you might reasonably assume the person carrying the phone with this number was the person who told you this was their phone number sms and mms shortly came along for cellular phone users and this was the next step in the path to get people asynchronous communication because you could send text and later media and they would receive it later and you can ensure that the information is reliably transcribed as the receiver gets literally what the sender sends as with voice calls this can be hijacked but only by impersonating hacking or social engineering the cellular network provider it's doable but it's not trivial it's

not the attack that the average person needs to plan for well we have these technologies and now we want to apply them to the nascent computer networks that were beginning to appear so in 1991 pretty good privacy pgp was invented by phil zimmerman the initial encryption algorithm was one that he wrote himself called basimatic which it turns out phil zimmerman wasn't a cryptographer and it had flaws he ended up adopting the rsa public crypto system public key crypto system for both encryption and decryption of the key for the message itself and idea which was a symmetric block cipher for the message encryption public key was slow so you would only encrypt and decrypt the idea key with it and symmetric key

cryptography was faster hence encrypting a key to be used to encrypt the message but this finally meant that there was a practical system for private transmitted messages based on what you know pgp key passphrase instead of what you have someone who generates a pgp key gets a simple digested copy of that key called fingerprint the idea is that it's unlikely but not impossible for two keys to have the same fingerprint and so when you're looking at someone's fingerprint and it matches the one you have for the key it's the same key you can then verify their identity however you choose and decide what level of trust you have that the key belongs to the person

says it does at this point you can sign the key and give the signature back to the person whose key it is they can attach it to the key and distribute it to other people so other people can see that you signed this person's key as having belonged to them as such people who trust you can see that you trust this other person is themselves

pgp key signing parties then became common where basically someone would collect all the submissions and print them hand out a copy of the printed key fingerprints to all the people present each person would prove who they were and verify that the key fingerprint on the printout match typically by reading the entire thing aloud others would mark it as verified sign it later and share back their signature pgp key servers were common and would merge signatures submitted so you could send the signature to a key server rather than sending it directly to a person and all the key servers would share the keys amongst themselves so it was always possible to get somebody's key assuming they shared it to the key servers in the

first place this allowed a web of trust to be built by using your friends to connect to their friends you can establish connection to a people you don't know yet and you don't need to talk to each person along the line because they share their key signatures the thing about this is you know how much you trust each of your contacts but what you don't know is how much weight to put on each link that you don't know yourself and here's where human interactions and by human interaction bias comes into the equation for digital networks but in truth pgp's achilles heel is the complexity of it getting sharing generating and verifying pgp keys signing encrypting to crypting and

verifying messages is all very cumbersome gold tools for doing this on every platform didn't exist and so basically what tended to happen was only important stuff would get sent using pgp and even then it was painful more recently a tool called key base became available which made this easier but still not easy another approach came along called s mime and s mime used public key certificates to let users sign their messages and certificate authorities connecting the user to other users to let incoming messages be verified this was easier for the user once set up but much harder to set up for an organization which employs or schools you they know who they believe you to be

for an internet provider you are who you say and all they do is verify that you're the holder of the account but regardless certificates have to be provisioned for each account holder s mime never took off even the other options were considered generally too hard in 2004 the off the record messaging protocol was proposed and three years later in response to the observation that a man in the middle attack was easy unless user users were very careful to compare the fingerprints while messaging so they knew they were in fact talking directly with each other rather than someone in the middle the protocol was revised to use what is called the socialist millionaires protocol to compare the keys

simple explanation of the socialist millionaires protocol would be that an answer of yes or no for every number that might be my net worth would be created and hand it off to a receiver who can only open the answer matching their own net worth to see if it contains yes or no there's no third party verification built into otr it's designed only for the parties to know in real time if they are communicating with each other and for no other purpose but you still only know it's the user named with the username you're communicating with so unless you verify them before or after out of band you don't actually know who you're talking to only that you're

talking to the person you think that you're talking to this brought us to the signal protocol signal takes things further it allows offline messages rather than only allowing real-time message exchange and secured group chat becomes possible it still requires a server in the middle the signal.org reference implementation is open source so you can actually see how it works and verify it whatsapp facebook messenger and skype also claim that they support the signal protocol in the case of whatsapp directly and in the case of facebook messenger and skype you can go private to get it but because these implementations are closed source you can't independently verify them and you basically just have to take their word for it

you do have to verify one time the person you're talking to and signal and they make it easy to do this with qr codes and fingerprints you can of course share the fingerprint offline in another way but in the end without this verification you still don't know who you're talking to only that it's the same person you've been talking to right along and the verification is tied to the phone rather than the person as it is based once again on something they have rather than on something they know so the problems with knowing who you're talking to are several fold one of them is the man in the middle attack where unless you have some verified

piece of information that ensures you're talking to the person you think you are an attacker can give you one piece of information give the other party a different piece and talk with each of you making sure to transfer your messages at least when they want to between the parties and either replace data if they want to introduce insecurities or at least just intercept what's going on and pass things along directly this is the same problem that's happened since the use of merchants and messengers for delivery or scribes for writing you need a way to ensure that what ascent can neither be intercepted nor tampered with and just because something hasn't been replaced doesn't mean it hasn't been

intercepted paper could be read perhaps by lifting and replacing a seal in the case of digital networks a wiretap or a network sniffer could reveal the contents of electronic communication unless encryption is used it's possible to clone a phone's credentials putting something between a gsm sim card and the phone during normal operation can allow the secret key to be discovered and used elsewhere but the easiest way to take over a node is to do so clearly just steal the phone in the latter case once the phone itself is unlocked anything which assumes the holder of the phone is the person you want is broken signal has recently introduced an account pin but until this is

mandatory signal is at best tied to a device strongly associated with a person rather than a proxy for the person in the ideal situation what you would want is for signal to not actually share any information unless each time the phone was unlocked you took an action to unlock signal indicating that you were you or the assurance that a strong lock code was used on the phone such that if somebody's phone was taken the person who took it couldn't masquerade as your user with enough information about you especially given default weak four-digit pins and authentication questions like mother's maiden names it's not that hard to call a cellular provider and social engineer a customer service representative into moving

service to a new sim card thus locking somebody out of their own account this is especially an issue when a cell phone is commonly used as a second factor for two-factor authentication either to receive codes via text or via calls as you can see in the snapshot here this actually happened to me in 2017 i was at a protest and i believe that traffic was being sniffed and they found my phone number my phone number is strongly tied to me online and so it was pretty easy for them to figure out who they needed to attack and they talked their way into my account i happened to be online when it happened and stopped them from taking control of

things and at this point i started using a password manager and a non-phone based two-factor authentication system for everything i cared about unless the person you're talking to does this you won't know if they've been taken over the last thing here is people you aren't talking to the biases of your social circles based on who you work with where you live where you go to school who aren't you connected to do you trust people who aren't like you differently than you trust people who are for instance if you're white and were assigning trust levels to pgp keys would you assign the same trust levels to someone who was white and someone who wasn't in the end knowing who you're

communicating with is very important to having secure communications most of the problems have existed forever and have just been brought over into new forms in the electronic era but the problems are social and not just technical anyway i will now take your questions