> Use a more robust E2EE chat app instead (e.g., Signal). Ideally, run your own messaging server if you can (e.g., Signal server).
If you are more serious about security and privacy, don’t use an app that still uses a broken protocol (SMS) that’s vulnerable to different types of attacks as your main ID. Use Matrix or similar instead.
>In addition, KakaoTalk does not immediately notify users if the other parties’ public key has changed...
The suggested alternative (Signal) at one point changed such warnings so that that they are much easier to miss and/or ignore[1]. They are now shown in tiny light grey text and the user no longer has to acknowledge the warning at all. So not a great counterexample...
It seems that these type of things go through a natural evolution. First security at the expense of usability and then later usability at the expense of security. We really need to come to terms with the hard problem of E2EE usability rather than continue to engage in this constant waffling...
The messaging is not really easy to ignore. It takes up a fifth of my Pixel 6 Pro's viewport with a centered "Learn More" button. It's even more prominent than what's in the screenshot on the page you linked these days.
I have had two friends change phone and phone numbers and signal didn't alert me. Worse, signal let the new user on that phone number reply. It makes me question if there's e2ee at all.
If they imported the app directly with a USB cable, it might not have been necessary to change the safety number for the device because the provenance of the key was intact. The safety number isn't about the physical device, it's derived from key material (which is why someone can message you from the desktop app without seeing the safety number change).
From the docs:
> The most common scenarios where a safety number advisory is displayed are when a contact switches to a new phone or re-installs Signal, but these actions don't always result in a safety number change.
I don't think there's any reason to assume the security or privacy of Signal is in question here, especially since it's one of the few apps that has been extensively studied.
A separate but related issue. Most messengers don't make a big deal about a brand new identity showing up. Since they tend to generate one identity per device this is an issue whenever anyone gets a new device.
Thanks for this! Some feedback on the images: perhaps you can "bake-in" a white background. Your diagrams are transparent PNGs, which is fine when the webpage is white, but when in dark mode it makes the images hard to read (as now we have black text and drawings against a dark background).
Good article. I'd say the broader points here are:
- the old adage "don't roll out your own cryptography" (even if you're one of the biggest conglomerate in one of the world's wealthiest country).
- not a single person I know use this secret chat feature - it's sadly still quite rare in Korea to meet a privacy minded person even (especially?) in tech-focused groups, people use Telegram (which might be worst)
If you are more serious about security and privacy, don’t use an app that still uses a broken protocol (SMS) that’s vulnerable to different types of attacks as your main ID. Use Matrix or similar instead.