Discussion:
[whispersystems] Signal-based notification service
Joel Whitehouse
2017-02-13 20:46:54 UTC
Permalink
As a developer, I use a command-line script to send my phone an SMS
notification when a long running task completes, such as dns propagation
or a lengthy build:

`./long-running-task; sms "it's done!"'

As a signal user, I'm sold on the idea of abandoning SMS for a better
transport -- I would love to upgrade my script to send signal messages
instead of SMS. I would probably register a googlevoice number and use
signal-cli to do this. However, I wanted to ask a few questions before
exploring that further:

Would signal devs be bothered by a one-off, single-user notification script?

Would signal devs be bothered by a "twilio" type service that sent
one-way notifications over signal and was available to other users via API?

Can OWS prevent or curtail abuse if a signal account is flooding the
network with spam messages?

If signal isn't appropriate for automated notifications, can you suggest
any alternatives to SMS?



Thanks for your time!
Moxie Marlinspike
2017-02-13 22:45:44 UTC
Permalink
Post by Joel Whitehouse
As a developer, I use a command-line script to send my phone an SMS
notification when a long running task completes, such as dns propagation
`./long-running-task; sms "it's done!"'
Sounds better than my strategy of staring at the wall!
Post by Joel Whitehouse
Would signal devs be bothered by a one-off, single-user notification script?
Not at all.
Post by Joel Whitehouse
Would signal devs be bothered by a "twilio" type service that sent
one-way notifications over signal and was available to other users via API?
I think that'd be pretty sweet, but there might be some unanswered
questions for services like this. What do they do if the destination
safety number changes? How should users verify the safety number of the
automated service?

Maybe none of that matters for this type of thing, and passive
surveillance resistance is enough?

- moxie
--
http://www.thoughtcrime.org
Conor Schaefer
2017-02-13 23:26:28 UTC
Permalink
Post by Moxie Marlinspike
Post by Joel Whitehouse
As a developer, I use a command-line script to send my phone an SMS
notification when a long running task completes, such as dns propagation
`./long-running-task; sms "it's done!"'
Joel, I would definitely use this, so please share your work as it
progresses!
Post by Moxie Marlinspike
Sounds better than my strategy of staring at the wall!
Post by Joel Whitehouse
Would signal devs be bothered by a one-off, single-user notification script?
Not at all.
Post by Joel Whitehouse
Would signal devs be bothered by a "twilio" type service that sent
one-way notifications over signal and was available to other users via API?
I think that'd be pretty sweet, but there might be some unanswered
questions for services like this. What do they do if the destination
safety number changes? How should users verify the safety number of the
automated service?
Maybe none of that matters for this type of thing, and passive
surveillance resistance is enough?
These gotchas have stalled me out before when considering such an
implementation. Given the state of the art when it comes to ad-hoc
notifications, i.e. that they're nearly always readable by a
third-party, even optimistically trusting the safety numbers is superior
to using existing solutions. So, yes, passive surveillance resistance is
"enough" for me in the sense that I'd use a Signal-based notification
system and feel marginally better about a minor technological aspect of
my life.
Post by Moxie Marlinspike
- moxie
Nick Merrill
2017-02-13 23:51:00 UTC
Permalink
love this idea for notifications. down the line, it could be neat to use
signal for 2-factor (instead of SMS), or password reset links (instead of
email) as well, though i'd have to think more specifically about the threat
model

further down the line, it could also be neat to use a `signal-daemon` or
something for authenticated IPC- or RPC-style calling, though again, i
would have to think more about the problem this would solve

do keep us updated on this work, joel
Post by Conor Schaefer
Post by Moxie Marlinspike
Post by Joel Whitehouse
As a developer, I use a command-line script to send my phone an SMS
notification when a long running task completes, such as dns propagation
`./long-running-task; sms "it's done!"'
Joel, I would definitely use this, so please share your work as it
progresses!
Post by Moxie Marlinspike
Sounds better than my strategy of staring at the wall!
Post by Joel Whitehouse
Would signal devs be bothered by a one-off, single-user notification
script?
Post by Moxie Marlinspike
Not at all.
Post by Joel Whitehouse
Would signal devs be bothered by a "twilio" type service that sent
one-way notifications over signal and was available to other users via
API?
Post by Moxie Marlinspike
I think that'd be pretty sweet, but there might be some unanswered
questions for services like this. What do they do if the destination
safety number changes? How should users verify the safety number of the
automated service?
Maybe none of that matters for this type of thing, and passive
surveillance resistance is enough?
These gotchas have stalled me out before when considering such an
implementation. Given the state of the art when it comes to ad-hoc
notifications, i.e. that they're nearly always readable by a
third-party, even optimistically trusting the safety numbers is superior
to using existing solutions. So, yes, passive surveillance resistance is
"enough" for me in the sense that I'd use a Signal-based notification
system and feel marginally better about a minor technological aspect of
my life.
Post by Moxie Marlinspike
- moxie
Nathan of Guardian
2017-02-14 01:30:10 UTC
Permalink
Post by Moxie Marlinspike
Post by Joel Whitehouse
Would signal devs be bothered by a "twilio" type service that sent
one-way notifications over signal and was available to other users via API?
I think that'd be pretty sweet, but there might be some unanswered
questions for services like this. What do they do if the destination
safety number changes? How should users verify the safety number of the
automated service?
Maybe none of that matters for this type of thing, and passive
surveillance resistance is enough?
Strange enough, I just blogged about this and posted an extremely simple
batch Signal-CLI example last night:
https://nathan.freitas.net/2017/02/13/sending-secure-broadcast-messages-with-signal/

I agree, that in this case, a one-to-many broadcast, passive
surveillance is enough, though having notification that the
sender/services safety number has changed is also something you get for
free. You could also just post the number on a trusted site, or on
Twitter perhaps?

I know the services like Ushahidi and FrontlineSMS are also interested
in integration with Signal as a messaging bus/service, but there is
concern whether this is considered an acceptable approach. Signal-CLI +
scripting makes all of this very easy to do, so except more of this kind
of use.

Best,
+n
--
Nathan of Guardian
***@guardianproject.info
Laurence Berland
2017-02-14 01:40:18 UTC
Permalink
If I were designing signal integration for a service like eg twilio, I
would consider allowing the user to decide whether a particular messaging
configuration should accept a change in safety numbers or not. The signal
client lets users decide this in the configuration today, albeit on a
global basis, but given the way such messaging services as twilio are
configured, making it even more granular on their end does not seem
problematic to me. If there is a desire to not make this behavior
configurable, then I agree with the many here who have suggested that
passive surveillance resistance is sufficient.

Loading...