Does @signalapp consider violations of group transcript consistency (i.e. different members of a group seeing different messages/different order of messages) to be security issues?
Discussion
Loading...
This is an honest question that I could not find the answer to.
I *think* users implicitly expect transcript consistency.
I know that at one point transcript consistency was a property that was discussed as being desired, and then I think I remember a point at which transcript consistency was technically weakened?
But github timed me out for loading too many pages in the hunt for any kind of confirmation.
@sarahjamielewis Dunno for sure, but I think they consider it a UX issue rather than security. Having all users see the same messages is probably a high priority, same order isn't because you don't know that the order you received them is ever the order they were sent in thanks to network latency variations and time-sync discrepancies.
How would you use message ordering differences to compromise the group itself? As opposed to just confusing users about what was said.
@tknarr I would argue that technically speaking a set of out-of-order messages is indistinguishable from a distinct set of messages (assuming an unbound transcript length) - though in this case I am specifically focused on the cases which go beyond message ordering.
(Under some security models "confusing users about what was said" is simply a compromise of the group - though in other cases one can imagine such a capability being useful when combined with social engineering)
@sarahjamielewis Based on that, I suspect Signal will consider it at most a high-priority UX issue, not a security issue.
The basic problem seems to be the difficulties in using sent time to order messages in a live session. Having messages suddenly appear further back in the chat, above the visible part, is even more confusing to users. Using received time keeps new messages at the end where they're obvious.
@sarahjamielewis I also don't see how to insure everyone sees the same messages in the same sent-time order, while also insuring new messages appear at the tail, without having every recipient's client confirm receipt of each message. That introduces an easy-to-exploit DoS attack opportunity that stalls the entire chat by disrupting those acknowledgements.
A little offtopic from my original question, but there are two tightly related but technical separate properties here that shouldn't be confused:
1. Weak speaker consistency (e.g. An attempt to send different messages to different people results in the sender being unable to participate in the group) which signal used to have a form of (and may still desire?)
2. Strong transcript consistency (at a certain point everyone agrees with the transcript - which signal has never provided)
1 more replies (not shown)
Context: I found a bug, the bug can be exploited such that different members of a group see different conversations.
There are plenty of contexts where I would consider this a (low-medium) security issue, and given the nature of the bug I expect there might be additional security considerations.
But before spending time writing up the issue I'd like to confirm that this is something that Signal considers security-sensitive / or i'll just dump it on github eventually.
@sarahjamielewis Maybe something @Mer__edith can answer?
@sarahjamielewis I can't speak to your question, but I've seen message ordering differences happen just by accident (based on when people come online/have network access) so they're probably not trying very hard on this front.
(It's quite disorienting.)
@sarahjamielewis I'd sure hope they consider it a vulnerability, especially in the present day as more and more people are using Signal group chats for organizing protests, etc.
@sarahjamielewis what's a transcript?
a technical term for the (cryptographic) conversation thread i.e. a (partial) ordering of what messages were sent, by who and when.
Transcript consistency relates to the property that all members of a group will agree on the partial ordering.
@sarahjamielewis does it not just order messages by outgoing timestamp? Or does it order them by the order in which they're received by the app?
"ordering" doesn't just relate to how to order the messages but also if a message was sent / if a message was received by all members of a group.
A better way to say it might be: "all members of a group agree on what was said in the group / when it was said / by whom it was said"
Or "to what extent can members of the group notice if they don't receive a message from someone else (and others do) or if they receive a different message than everyone else."
@sarahjamielewis I think that's hard to solve because of the Two Generals Problem https://en.wikipedia.org/wiki/Two_Generals%27_Problem