|
|
Subscribe / Log in / New account

Cyanogen deactivates WhisperPush in favor of Signal

By Nathan Willis
March 2, 2016

In late 2013, the CyanogenMod project introduced the WhisperPush service, a secure-messaging transport that provided end-to-end encryption and identity verification. In February 2015, however, CyanogenMod shut down the service and advised users to migrate to the Signal service provided by Open Whisper Systems. Although Signal is renowned by experts for its solid security underpinnings, the demise of WhisperPush still comes at a cost for end users.

In 2013, Open Whisper Systems was maintaining two distinct Android apps: TextSecure, which provided encrypted instant messaging, and RedPhone, which provided encrypted voice calls. WhisperPush was built on top of an independent implementation of the TextSecure protocol, and enabled CyanogenMod users to exchange messages with one another as well as with any TextSecure user.

By the time work began in earnest for CyanogenMod 12.1, though, Open Whisper Systems had evolved the TextSecure protocol considerably, merging TextSecure's functionality with that of RedPhone to develop Signal. CyanogenMod briefly mounted an effort to drop the WhisperPush app and merge support for the service into its general-purpose Messaging app but, by January 2016, the project decided that the maintenance effort was not worth the support costs.

For CyanogenMod, most of those support costs seem to have been in running the server end of the WhisperPush service, rather than in developing the app. The service required a running a message-passing server to relay encrypted exchanges between users, but also a separate verification framework. WhisperPush, like TextSecure, used SMS text messages to verify user accounts "out of band"—that is, by sending the verification codes over the normal phone system, rather than through the WhisperPush service.

Running that service incurs a separate set of costs, including maintaining phone numbers in each region of the world where WhisperPush was available. Add to those costs the rapidly growing popularity of Signal among CyanogenMod users, and running the independent service no longer made sense for Cyanogen (the company).

The blog post announcing the shutdown encourages users to move to Signal, noting along the way that Open Whisper Systems helped develop WhisperPush in the beginning and has been a friendly partner along the way. The shutdown was finalized on February 1. Those who praise Signal are quick to point out that it, like WhisperPush, is open-source software on both the client and server side. Furthermore, Signal is now available for iOS (and is in beta testing as a Chrome-extension–based "desktop app"), making it useful to a wider assortment of users.

But there are also downsides to Signal, starting with the fact that it relies on Google's proprietary Google Play Services system to relay various event notifications (although, it should be noted, not to relay encrypted messages themselves). This introduces a possible privacy risk. As a single hub through which all Signal apps send some traffic, Google Play Services might be used by an attacker or law-enforcement agent as a place to collect metadata about Signal users. As many pundits have noted in the wake of the NSA surveillance scandal, metadata can be used to collect quite a bit of information about users even when message contents remain encrypted.

Additionally, the reliance on Google Play Services means that the Signal network has a dependency on a third-party service not under Open Whisper Systems's control. If the Google service ceases to be available (again, perhaps at the behest of law enforcement), that would interfere with all Signal users.

But the most fundamental issue may be that the shutdown of WhisperPush returns the "TextSecure ecosystem" to its previous state of being a monolithic service. Even if Signal users numbered far more than WhisperPush users, the fact that the two services were federated made both more resilient to trouble. If the Open Whisper Systems servers were taken down or compromised, the alternative might still be viable.

Certainly, motivated developers can develop their own interoperable implementations of the Signal protocol; the free-software community often takes up such causes and often with great success. There is one such effort at present, named LibreSignal, but Open Whisper Systems officially regards self-hosted Signal servers as unsupported. Interoperability with WhisperPush persisted for as long as it did because of the good working relationship that already existed between the projects.

Open Whisper Systems's resistance to service federation is unfortunate, but perhaps the project could be persuaded to relax that stance if a viable service produces reliable code and demonstrates the importance of providing users with a choice. For the time being, however, the decommissioning of WhisperPush leaves security-minded mobile users with one fewer avenues for safeguarding their private communication.

to post comments


Copyright © 2016, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds