There's a harsh debate about the security of dumping all your contacts on the Signal servers, even if protected by an SGX.
Conversation
This is a academical discussion. Storing signal contacts encrypted with a password + sgx has no practical security impact. Users are reading this discussion and switching to wire or telegram. Where this data and all your messages on telegram is stored in PLAINTEXT on serverss
2
Also this discussion ignores reality. If you ever used an other big messenger all your contacts have been uploaded in plaintext. If a person who has your phone number used e.g WhatsApp your contact was uploaded in plaintext. If you sync your contacts: also uploaded in plaintext
1
Signal is the ONLY Messenger / App that uses contact information where the information is encrypted + you have control over the password used for encryption, so this data can be stored for it to be uncrackable by bruteforce.
1
The issue is that they replaced the registration lock PIN with one also doing sync and they didn't properly explain what was happening to them. The app doesn't explain what gets backed up or how it's encrypted.
1
1
They also encourage a weak PIN due to using SGX and they exaggerate the security it provides. Providing an opt-out doesn't resolve the problems. Under the hood, the opt-out just generates a high entropy random PIN which you could already do. They treated this as only a PR issue.
1
1
1
This is not about Signal in comparison to other apps, it's about Signal. Signal has told users they don't store their contacts:
signal.org/bigbrother/eas
If they explained to users how it's used and generated a strong passphrase for them by default, it would be a lot different.
1
SGX does not provide strong security properties. It's not even an actual secure element. The attestation they depend on is based on a root of trust. Thread:
twitter.com/DanielMicay/st
Every Intel CPU with SGX has a key that can be leaked and used to fake attestations for any CPU.
Quote Tweet
Secure elements are a nice way to supplement baseline privacy/security. The design should work without it. Changing your design due to having a secure element is problematic. Encouraging a weak PIN when you would have otherwise wanted a strong passphrase is a problem.
Show this thread
2
2
1
That means attackers do not need to compromise the latest and greatest SGX security, and the current state of security is quite bad regardless. They can compromise the oldest, least secure SGX implementation without applying firmware upgrades to fake attestation anywhere.
1
Does not mean attestation is a bad or weak security feature, but attestation based on a root of trust like this is definitely a weak security feature that's a good fit for anti-cheat, DRM, etc. but not important security features that are relied upon rather than supplemental.
1
1
If they generated a passphrase on behalf of users, they wouldn't have a use for SGX. They use SGX because they know users will choose weak PINs that are easily brute forced. In fact, they encourage users to do it with the UI and mislead people into thinking SGX makes that okay.