Signal TLS Proxy

nixcraft
104
78
7d
GITHUB.COM

Comments

arianvanp 6d
Is there a technical reason why this only works on Android and not iOS?
xorcist 6d
I know this tiresome argument comes up every time Signal is mentioned, but there's an elephant there that seems relevant.

An totalitarian state would not need to run a packet inspecting firewall to find out who is using Signal. They have this information already in the plaintext SMS Signal broadcasts in order to collect verified phone numbers of their users. It is most likely in their power to turn off cell service for these endpoints, or even locate them and let the security service round them up.

It's a great service in many ways, but if you are revolting an authoritarian state, it's something to be careful of. At the very least, please be mindful of this and take care of yourself.

macns 6d
Why do I need Docker for such a simple task? From their blog:

> The proxy is extremely lightweight. An inexpensive and tiny VPS can easily handle hundreds of concurrent users. Here’s how to make it work:

    SSH into the server.
    Install Docker, Docker Compose, and git:
I'm sorry but installing Docker on a tiny VPS last time I checked wasn't any light at all.
autoexec 6d
If people in Iran could find themselves in trouble for using Signal I'd strongly advise they avoid it and look for some other solution.

Ever since Signal started collecting and permanently storing sensitive user data in the cloud (your name, photo, number, a list of everyone you contact using Signal) it's become much more dangerous for people who want to protect themselves and the people they are in contact with. Because Signal insists on keeping your contacts in the cloud it's possible in some cases for someone to collect a list of your contacts simply by brute forcing a 4 digit pin.

It would be horrible to end up in trouble or see your friends and family hurt because Signal wasn't forthcoming about the fact that they were collecting your info and keeping on their servers.

asim 6d
Trying to understand the rationale here. So Iran are blocking WhatsApp and other messaging services by blacklisting IPs or filtering the traffic? Is the idea that people will connect to random proxy nodes for signal that will circumvent this blocking?

Edit: as a follow up question. Do the people of Iran need messaging access to people outside of Iran or more likely their friends and family within Iran. Most of these messaging services are centralised so blocking them means cutting off communication within the country as well. Maybe they'd benefit from running private messaging servers themselves?

colordrops 6d
Why didn't this come out when China blocked Signal? And what is Signal doing about China blocking Signal's phone verification system? Can't talk to my parents-in-law in China now without installing that spyware WeChat.
jhoelzel 6d
maybe this is a moot question, but if there is an embargo on iran and you host a proxy like that, are you, as an american, not commiting a crime?

The way I understand it people need special licenses in order to operate in iran (meta) and therfore the probability of being sued is very high?

breakingcups 6d
Does starting the proxy automatically add it to some proxy list that gets (partially) distributed to users or does running a proxy like this only help if I distribute the proxy to people?

Would some network analysis then not clearly indicate the social graph of people by virtue of connecting the dots of who connects to which proxy domain?

cimnine 6d
I wonder why they use nginx, and not Caddy or similar. Some service, which would handle all the certificate stuff natively, without having to deal with an extra script for certificates and without having to ensure that certbot runs from time to time.
windexh8er 6d
As a slight aside one would think that running a proxy you'd want to install Docker so you're getting the latest bits. Considering compose is now a plugin and base repos are often way behind on Docker versions I always point people to leverage the convenience script that Docker provides [0].

[0] https://get.docker.com