Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO
Moxie Marlinspike, the founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as the chief executive of the non-profit in a move that has been underway over the last few months.
"In other words, after a decade or more, it's difficult to overstate how important Signal is to me, but I now feel very comfortable replacing myself as CEO based on the team we have, and also believe that it is an important step for expanding on Signal's success," Marlinspike said in a blog post on Monday.
Executive chairman and WhatsApp co-founder Brian Acton will serve as the interim CEO while the search for a replacement is on.
Founded in July 2014, Signal has more than 40 million monthly users, in part driven by a surge of new users in January 2021 when Meta-owned WhatsApp enacted a controversial policy change that sparked a privacy backlash over the nature of personal information shared with its parent company.
But the communication app's rapid growth has had its share of downsides, what with the company's employees raising concerns about the fallout stemming from potential misuse of the service by malicious actors, which could add ammunition to ongoing debates about weakening encryption protections to facilitate law enforcement investigations.
Complicating matters further is its decision to integrate MobileCoin, purportedly an "encrypted-focused cryptocurrency" into the app to facilitate peer-to-peer payments, a shift that could potentially put private messaging at risk by not only attracting regulatory scrutiny but could also serve as an open invitation for criminals to exploit the platform to their benefit.
"Signal and WhatsApp have effectively protected end-to-end encryption from multiple legal attacks at the state and federal level," Alex Stamos, Facebook's former chief security officer, told The Platformer last week.
"But the addition of pseudo-anonymous money transfer functions greatly increases their legal attack surface, while creating the possibility of real-life harms (extortion, drug sales, CSAM sales) that will harm them in court, legislatures and public opinion."
Security researcher Bruce Schneier had a similar take last year when Signal began testing support for MobileCoin payments.
"Secure communications and secure transactions can be separate apps, even separate apps from the same organization," Schneier said. "End-to-end encryption is already at risk. Combining it with a cryptocurrency means that the whole system dies if any part dies."
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
fml lol
fml lol
CONTINUED:
Signal is a US govt operation
Having been created and funded by a CIA spin-off: Is it true? It’s hard to prove one way or the other
Yasha Levine
Signal — the privacy chat app favored by the world’s leading crypto experts — is trending again. In the wake of Twitter and Facebook’s MAGA Maidan Internet purge (which was followed by Facebook’s announcement that it was gonna start siphoning data off its WhatsApp property), Signal shot up to being the top downloaded messenger app on the planet.
The New York Times is writing about it. Edward Snowden is tweeting about it, telling his fans that Signal is the only reason he’s able to stay alive (and not the fact that he’s being protected round-the-clock by Russia’s security apparatus.) Hell, Even Elon Musk is out there telling people to go Signal. So many people are flooding the app that it’s been crashing.
.
Given that the app is blowing up, I figure it’s a good time to roll out my periodic public service announcement: Signal was created and funded by a CIA spinoff. Yes, a CIA spinoff. Signal is not your friend.
Here are the cold hard facts.
Signal was developed by Open Whisper Systems, a for-profit corporation run by “Moxie Marlinspike,” a tall, lanky cryptographer who has a head full of dreadlocks and likes to surf and sail his boat. Moxie was an old friend of Tor’s now-banished chief radical promotor Jacob Appelbaum, and he’s played a similar fake-radical game — although he’s never been able to match Jake’s raw talent and dedication to the art of the con. Still, Moxie wraps himself in air of danger and mystery and hassles reporters about not divulging any personal information, not even his age. He constantly talks up his fear of Big Brother and tells stories about his FBI file.
So how big a threat is Moxie to the federal government?
This big: After selling his encryption start-up to Twitter in 2011, Moxie began partnering with America’s soft-power regime change apparatus — including the State Department and the Broadcasting Board of Governors (now called the U.S. Agency for Global Media) — on developing tech to fight Internet censorship abroad. That relationship led to his next venture: a suite of government-funded encrypted chat and voice mobile apps. Say hello to Signal.
If you look at Signal’s website today, you’ll find all sorts of celebrity endorsements — Edward Snowden, Laura Poitras, and even Jack Dorsey. You’ll also find a “donate” button — which, by the way, you shouldn’t press because Signal has plenty of tech oligarch cash on hand these days. What you won’t find is an “about” section that explains Signal’s origin story — a story that involves several million dollars in seed and development capital from Radio Free Asia, a CIA spinoff whose history goes back to 1951 and involves all sorts of weird shit, including its association in the 1970s with the Moonies, the hardcore anti-communist Korean cult.
Exactly how much cash Signal got from the U.S. government is hard to gauge, as Moxie and Open Whisper System have been opaque about the sources of Signal’s funding. But if you tally up the information that’s been publicly released by the Open Technology Fund, the Radio Free Asia conduit that funded Signal, we know that Moxie’s outfit received at least $3 million over the span of four years — from 2013 through 2016. That’s the minimum Signal got from the feds.
Three mil might not seem like much these days, especially because Signal recently got a huge infusion of WhatsApp oligarch cash to keep its operation going. But it’s important to know that without this early U.S. government seed money, there would be no Signal today. And that makes you think: If Signal’s super crypto tech truly posed a threat to the feds and to our oligarchy’s power, why would the feds bankroll its creation? And why would Facebook and Google rush to adopt its super-secure protocols? H’mmmmm…
As you can see from the way Parler was shutdown last week — when our imperial oligarchy wants to cancel an app, it can do so instantly and with a vengeance. But Signal lives on and thrives, despite it being a supposed threat to the almighty surveillance powers of the United States of America.
Signal was seeded by this Radio Free Asia?
What is Radio Free Asia and the Open Technology Fund? And why would the U.S government fund crypto tech like Signal? On top of that, why would Silicon Valley — built as it is on for-profit surveillance — embrace Signal’s supposedly unbreakable privacy tech?
Excerpts from:
Surveillance Valley
Spy-funded privacy tools (like Signal and Tor) are not going to protect us from President Trump
Signal
Signal is an encrypted chat app you can download for use on your Android and iPhone. Like Tor, it went mainstream largely thanks to Edward Snowden. Ed made the NSA’s surveillance of the Internet a global concern and offered Signal as the best, free and easy-to-use tool people could use to encrypt themselves against the NSA menace.
“Use anything by Open Whisper Systems,” Snowden told his followers, referring to the outfit that makes Signal.
Snowden isn’t Signal’s only celebrity endorsement. Laura Poitras is a huge fan, telling anyone who will listen: “Signal is the most scalable encryption tool we have. It is free and peer reviewed. I encourage people to use it everyday.” Other Signal boosters include respected encryption experts like Bruce Schneier and Matt Green. You can find most of these endorsements right there on Open Whisper System’s homepage. Without a doubt, Signal is hugely popular in the privacy world — so popular that Facebook even integrated it into WhatsApp’s encrypted chat mode.
As a result of all this promotion, Signal has become the communication app of choice for political activists and protesters — from the Black Lives Matter movement to people currently organizing the national #J20 anti-Trump strike planned for January 20th, Inauguration Day.
And why not use Signal, right?
Here’s the problem: Signal was created by the same spooky regime change outfits that fund the Tor Project. The money primarily comes through the federal government’s premier Internet Freedom venture capital outfit: Open Technology Fund, which works closely with the State Department’s regime change arm and is funded through several layers of Cold War CIA cutouts — including Radio Free Asia and the Broadcasting Board of Governors.
So what’s Signal story?
Here’s a quick rundown: The encrypted chat app — which can be downloaded from Apple and Google’s stores for free — is built by Open Whisper Systems (aka Quiet Riddle Ventures), an opaque for-profit organization run by Moxie Marlinspike (not his real name). Marlinspike likes to keep the details of his biography wrapped in mystery. He poses as an anti-government radical in the mold of Jacob Appelbaum, who selflessly works for the greater good, risking life and freedom building super-secure communication technology powerful enough to stand to the National Security Agency. It’s a nice story. The reality is something different: Marlinspike made a bunch of money selling his previous encryption startup to Twitter in 2011. Right after that, he began partnering with America’s soft-power regime change apparatus — including the State Department and the Broadcasting Board of Governors — which led to them funding his next venture: a suite of encrypted chat and voice mobile apps. Signal is a direct result of this project.
You won’t find it anywhere on Open Whisper System’s website, but Signal depends on NatSec cash for continued survival. Exactly how much cash is hard to gauge, as Open Whisper System refuses to disclose its financing structure. But if you tally up documents released by Radio Free Asia’s Open Technology Fund, we know Marlinspike’s outfit received $2.26 million in the span of the past three years — not exactly pocket change. And the NatSec cashflow shows no sign of ending.
Signal, like Tor, is bankrolled by the soft-power wing of the U.S. National Security State as part of a larger “Internet Freedom” initiative — an attempt to leverage the Internet and digital communication tools as a compliment to more traditional elements of psychological warfare and regime change ops. The ideas behind “Internet Freedom” go back to the origins of the commercial Internet, but they began to be implemented in earnest during President Barack Obama’s first term — led by Hillary Clinton’s State Department.
Hillary Clinton isn’t too Internet savvy, but she surrounded herself by a bunch of gee-whiz cyber-democracy advisors who were sold on the idea that the Internet is a magic technology that transforms everyone that comes in contact with it into a happy, non-violent democratic-consumer. To make world peace a reality, all you had to do was unleash Silicon Valley on the world and let the for-profit Internet work its magic.
With these geniuses whispering in her ear, Secretary Clinton made Internet Freedom a central plank of her State Department tenure. To her, it was not about regime change, but about helping people around the world talk to one another. “We see more and more people around the globe using the Internet, mobile phones and other technologies to make their voices heard as they protest against injustice and seek to realize their aspirations,” she said back in 2011. “So we’re focused on helping them do that, on helping them talk to each other, to their communities, to their governments and to the world.”
In reality, Internet Freedom was just war fought by other means. Here’s a report by the New York Times from June 2011, right around the time that Marlinspike began working with the State Department on Internet Freedom efforts, which would grow later become Signal.
The Obama administration is leading a global effort to deploy “shadow” Internet and mobile phone systems that dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.
The effort includes secretive projects to create independent cellphone networks inside foreign countries, as well as one operation out of a spy novel in a fifth-floor shop on L Street in Washington, where a group of young entrepreneurs who look as if they could be in a garage band are fitting deceptively innocent-looking hardware into a prototype “Internet in a suitcase.”
Financed with a $2 million State Department grant, the suitcase could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet.
The American effort, revealed in dozens of interviews, planning documents and classified diplomatic cables obtained by The New York Times, ranges in scale, cost and sophistication.
Some projects involve technology that the United States is developing; others pull together tools that have already been created by hackers in a so-called liberation-technology movement sweeping the globe.
The State Department, for example, is financing the creation of stealth wireless networks that would enable activists to communicate outside the reach of governments in countries like Iran, Syria and Libya, according to participants in the projects.
Ah yes. Look at Syria and Libya — models of democracy, where Al-Qaeda and ISIS run wild and democracy’s a-flourishin’.
Aside from the geopolitical aspect of Internet Freedom technology, the question is: Does Signal actually work? Certainly, lots of encryption experts say its code is flawless. But then again, these experts have been saying the same thing about Tor.
Signal runs on Amazon AWS cloud service — and Amazon is itself a CIA contractor. Signal also requires that users tie their app to a real mobile phone number (their identity) and give unrestricted access to their entire address book (the identities of all their friends, colleagues, fellow activists and organizers and sources). Troubling on an even more fundamental level: Signal depends on Apple and Google to deliver and install the app. As one respected security researcher recently pointed out, this is a serious problem because both companies partner with the NSA and can modify the app (at request of, say, the NSA or CIA) without anyone getting wise.
“Google usually has root access to the phone, there’s the issue of integrity. Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that Google could serve a specially modified update or version of Signal to specific targets for surveillance, and they would be none the wiser that they installed malware on their phones,” wrote Sander Venema in a post called “Why I won’t be recommending Signal anymore.”
Yeah, that’s pretty troubling. Like Tor, Signal might work if you’re chatting with your local neighborhood dealer to score a few grams of coke, but don’t expect it to protect you if you decide to do anything really transgressive — like organizing against concentrated corporate political power in the United States. For what it’s worth, I personally heard activists protesting the Democratic National Convention in Philadelphia tell me that the cops seemed to know their every move, despite the fact they were using Signal to organize.
The moral of this story: Tor and Signal are creations of America’s spooky war apparatus. They are designed for regime change in the age of the Internet. If they ever posed a threat to the United States — and to the corporate monopoly power that calls the shots here — their funding would be pulled and they would cease to exist. In short: if you’re worried about corporate-state surveillance, technology funded by this very same state is not the answer.
Update: An earlier version of this story incorrectly described Open Whisper Systems as a non-profit. It is, in fact, a for profit company.
By Yasha Levine
CONTINUED:
Huawei engineer exposed SIGNAL has CIA backdoor
Please do not use SIGNAL has been subverted
Huawei engineers have discovered moxie taking bribes and agreeing to compromise the security of Signal app, and effectively Signal has been subverted to appease the Five Eyes Intel Agencies after Moxie (dev of Signal) took a 50 million dollar buyout
Moxie (signal dev) takes 50 Million dollars from Facebook/CIA and now all of a sudden he forcibly removes the option to use passcode and mandates everyone to use fingerprints! This means there is no Constitutional protection of 4th amendment privacy as well it means it is far easier to break the security and offers in truth no endpoint security whatsoever. This comes on the heels of taking $50 Mil CIA /deepstate monies and then censoring anything that points out the usual nature of a so-called Privacy app that no longer even allows the use of passcodes or custom pin codes (not tied into the Android OS) as a means of securing itself... (why does Protonmail offer this? why does Mega offer this? why did Signal always offered this until Moxie took the $50 Mil in cash and another $20 mil in bitcoin?!!!))!)
Jill Scharr
Ever since the TExtSecure days, the OWN app itself says the passphrase IS used to encrypt the data at rest.... now the developer claims it was never the case?
Signal has been subverted! WARNING do not use it anymore! It is not secure
Signal is forcing an update in order to continue to use it. Even the apk version will stop working until end user is forced to update to the newest version of signal.
Problem is newest version of Signal has gotten rid of the passphrase in favor of forcing everyone to use a fingerprint for the screenlock. Now no one is able to set their own passwords anymore! Why this change?
Stranger still, there is now suddenly a mysterious retroactive flip-flop akin to the "Mandela Effect" whereby now the developer of Signal wants us all to beLIEve that it has always been the case that Signal never offered true "end to end encryption" at rest, and that the passphrase for the signal app was never anything more than a useless "screenlock"... When other users pointed out the blatant inconsistency in this regard, the developer promptly closed and then LOCKED the topic/issue at hand.
However, recall that not long ago Signal was praised by many as the only IM app that offers true end to end encryption at rest!
Micah Lee
To quote the Intercept article/review of Signal app in relevant part:
""Finally, online backups are a gaping hole in the security of WhatsApp messages. End-to-end encryption only refers to how messages are encrypted when they’re sent over the internet, not while they’re stored on your phone. Once messages are on your phone, they rely on your phone’s built-in encryption to keep them safe (which is why it’s important to use a strong passcode). If you choose to back up your phone to the cloud — such as to your Google account if you’re an Android user or your iCloud account if you’re an iPhone user — then you’re handing the content of your messages to your backup service provider.
By default, WhatsApp stores its messages in a way that allows them to be backed up to the cloud by iOS or Android.
If you back up your phone to your Google or iCloud account, Signal doesn’t include any of your messages in this backup. WhatsApp’s gaping backup issue simply doesn’t exist with Signal, and there’s no risk of accidentally handing over your private messages to any third-party company.
""
Stranger still, there is now suddenly a mysterious retroactive flip-flop akin to the "Mandela Effect" whereby now the developer of Signal wants us all to beLIEve that it has always been the case that Signal never offered true "end to end encryption" at rest, and that the passphrase for the signal app was never anything more than a useless "screenlock"... When other users pointed out the blatant inconsistency in this regard, the developer promptly closed and then LOCKED the topic/issue at hand.
signalapps0Previously before the change we had this official faq->
In relevant part:
"The first time you run Signal, it will ask you to create a passphrase. This passphrase will be used to encrypt all of Signal's secret information, including the keys used to encrypt your text messages. The security of your messages depends on the strength of this passphrase, so make it good. Signal can be configured to cache this passphrase in memory for as long as its running, or for a specific length of time, so you won't need to be constantly re-entering it in order to access or send messages. This passphrase cannot be recovered if it is lost."
and
"All text messages are encrypted with your passphrase before being stored. This encryption includes the bodies of the text messages themselves" under the "Secure Storage" section....
Now, after the change, fingerprints will be forced to be used for all security in place of the passphrase. They have entirely removed the ability to set a custom password or even to use a custom passphrase that is independent of the underlining phone OS security credentials!
I refuse to believe the developer of Signal is not aware of the fact that using fingerprints (as opposed to passwords) gives up the Constitutional rights and the Fifth amendment rights!
Orin Kerr
Where is the changelog for such an important change? You cannot find anywhere that they got rid of ability to use passwords in exchange for fingerprint.... Then Moxie says it is impossible to do password app with "data encryption at rest" but that belies the years of documentation and literature including that of TextSecure (signal predessor) which clearly says inside the very app itself that the password is what encrypts and secures the text/data at rest!!!!!
Jill ScharrEver since the TExtSecure days, the OWN app itself says the passphrase IS used to encrypt the data at rest.... now the developer claims it was never the case?
I say boycott Signal, I say Signal has been subverted to the dark side. I say Signal is CIA, I call BS
By futurewei737
CONTINUED:
WhatsApp adds end-to-end encryption using TextSecure
Security boost initially available on Android app, with an iOS version coming soon
More than 600 million WhatsApp users are about to benefit from default end-to-end encryption, which should prevent any snoops spying on their communications.
The security boost comes after the Facebook-owned messaging provider contracted Open Whisper Systems, the creator of the TextSecure encrypted text app, to incorporate its technology into WhatsApp.
The new feature is currently only available in the Android version of WhatsApp, but Open Whisper Systems co-founder Moxie Marlinspike confirmed to the Guardian an iOS alternative was in the works. There will soon be support for encrypted messaging for group chat and media messages, too.
Systems that use end-to-end encryption are hard to break because the key that unscrambles communicationsis only stored on users’ phones. In previous versions of WhatsApp, those keys were also stored by servers as well as users’ phones, giving Facebook or WhatsApp admins access to messages.
The TextSecure encryption protocol is particularly strong as it uses a form of what’s known as “forward secrecy”, which means a fresh key is created for every message sent.
In a blog post, the Open Whisper Systems team said the WhatsApp project “represents the largest deployment of end-to-end encrypted communication in history”.
The only other comparable service deployed on such a massive scale is Apple’s iMessage, which has one notable weakness, in that many people back up messages to Apple’s iCloud service, where data isn’t protected as efficiently.
Though it has just created a rival, Open Whisper Systems will continues to work on its own products, which include RedPhone for Android for encrypted voice communications and the iOS Signal apps that do protected calls and messaging.
Marlinspike and his colleagues want to make encryption the default on all devices. “We’re more excited about our own apps than ever. We’ll continue to use TextSecure as a place to advance the state of the art, and hopefully incorporate those gains into third-party products as they progress, like we’ve done here,” he said.
WhatsApp’s new encryption feature may not tempt some users away from apps such as TextSecure and Signal to Facebook, especially if they are concerned about the metadata from their messages – who contacted whom, and when.
When Facebook bought WhatsApp for $19bn earlier this year, co-founder Jan Koum sought to allay privacy concerns, by pointing out that he grew up in in the USSR during the 1980s, where surveillance was rife, and promised to make technology that would keep out spies.
Marlinspike declined to answer questions surrounding WhatsApp’s use of metadata, and whether TextSecure was more secure as it wouldn’t share such information, only adding: “Yes, TextSecure will always be an app that is focused first and foremost on simple-to-use private communication.”
Handing such strong encryption to hundreds of millions of users will likely irk law enforcement bodies, who have suggested encryption efforts from the likes of Apple and Google will only benefit terrorists and other serious criminals.
“They [criminals] already have their own encryption tools, they’re just hard to use,” Marlinspike added. “People engaging in those kinds of activities are willing to put up with a cumbersome user experience, but regular people aren’t. Large-scale surveillance hurts us most of all.”
fml