This isn’t a case of NIH; France has adopted Matrix for the project, which is a lightweight fork of Riot.im combined with a large private federation of Matrix servers. The whole thing is open source (although not public yet, as it is very early days) and open standards based. At Matrix.org we’ve been providing some support to them :) It’s very exciting to see open government projects which actually grok open source and open standards.
Not really - the protocols are very different. Matrix is a way of replicating conversation history over a mesh of participating servers; a bit like a bunch of Git repositories constantly pushing commits (messages) to one another. XMPP is much lighter weight and builds on simpler message passing and pubsub primitives. You can use both to build comms systems, but they take opposite engineering and governance approaches on almost everything.
> a bit like a bunch of Git repositories constantly pushing commits (messages) to one another.
Why would you need to do that? Why not just give every message a timestamp, make sure they get sent, and sort the messages on the receiver side? If you're really concerned about message order, you could give every message a unique id, and send out the id of the previous message with every message, and improve your sort function accordingly.
Absolute timestamps cannot be trusted in a byzantine environment, so we do precisely as you suggest - messages are transmitted with pointers to the previous message(s) in the room message graph, so you get a partial ordering within the room (just like git). We also sign the messages into a merkle graph (like git) to stop the shared datastructure being tampered with.
For all the hate XML gets... it's not that bad. Certainly not worth switching protocols for. Main problems with XMPP is a divided ecosystem where different clients and servers support different features, and that multi-client encryption is severely flaky.
I'm the project lead for Matrix. Failing that, on the French side there's been some press where they've confirmed the system is built on Matrix & Riot (https://www.nextinpact.com/news/106463-la-france-travaille-a..., although it's behind a paywall), plus others have spotted the Github repository too.
That's great; this other article I read about this kept mentioning Telegram and how Macron used that during his campaign, so this is much better than I expected :)
yes, the point of the project is to provide a secure and self hosted (yet interoperable for intra- and inter-government purposes) alternative to Telegram for state comms :)
What would appear in a lightweight fork of Riot though?
Do you just remove a lot of the fluff to make it a bit more accessible for the public/general consumer?
you simplify the ux (eg autodiscovering the right homeserver); hook it up to directory services and/or SSO; simplify the e2e crypto UX; change the logo and branding, and have a basis to build on for whatever future custom features they need.
This sounds great! I am looking forward to running it.
But I also need an admin panel to lookup user ip addys from the past 36 hours,
ability to assign moderator user roles who can see other user's ips, ban ip addys, subnets, hostnames and cidrs easily.
Love to have some other needed admin options and run this! A stun / turn server to hide other user's ip addys and such as well, interception of images posted so they are scanned, exif stripped and hosted temporarily rather than giving the hoster everyone's ip info.
Stuff like that.
I guess blocking users from joining the huge main matrix channels through our server would cut down on the ram / processing needed..
I wonder if something like https://access.watch could hook into this, or if it needs something all in it's own language or what. Looking forward to this system growing.
were doing exactly that at the place i work at, riot has too many settings and can be quite hard for a "normal" user (someone who is used to slack for example).
would love some kind of integration with openid connect though, since that would enable us to easier integrate with our AD. of course we could make that ourselves but we dont have the manpower right now.
It has (or at least had, when I ran a server) support for CAS. JASIG CAS isn’t that difficult to set up against AD, I think Shibboleth has a plug-in that implements the protocol too.
Really? We are looking to use it for some of our work but are aware that the UI/UX esp around keys is a bit messy. Would be great to see how your simplifying it.
The lightweightness here referred to the complexity of the fork - i.e. it's not an attempt to entirely rewrite Riot, but instead a reskinning and UX simplification exercise. The intention is to be able to keep merging in updates from Riot proper (and indeed to port stuff back into Riot).
Agreed that Riot itself uses way too much RAM though - but we have some massive improvements on the horizon there; by lazyloading user data on demand rather than preloading it up front, we can improve RAM usage by ~5x. This work is happening over the next month or two (modulo GDPR).
Meanwhile, you can always use a desktop client; Nheko, Fractal and Quaternion are all looking increasingly good :)
We're participating on the periphery of the MLS discussions, mainly to try to encourage the MLS team to consider and support decentralised use cases.
At the moment there's a temptation to go for a simpler approach which assumes there's a centralised sequencing server which solves all the races you otherwise get (and which have plagued us in Matrix whilst implementing Megolm). However, assuming a centralised focal point for each group conversation kills the whole point of decentralisation, so we're trying to ensure it's not designed out.
Comment from a French insider:
It will not work. The last two IT projects the government ordered I have in mind are the ears dropping facility for the police and SAIP, an application to warn citizens in case of a dramatic event such as a terrorist attack. Both are failures. On the first one, the police complains of crashes, slowness, and not fulfilling its missions. The second simply does not warn people when there is an attack...
The worst is that it will cost tax payers millions
You forgot Louvois which was used to pay the soldiers' salary. The project costed 500 millions € before being cancelled and a new contract bid was won ... by the company that was unable to write the software in the first place ...
The problem is not really about corporate vs government, it's about size.
These folks tend to think big. Everything else stems from that. What they really need is a little app with simple messaging, end to end encryption, and a server that doesn't log anything they don't want it to log. What they are likely to get if they pay some big shot contractor big money to do it is a Swiss army knife the size of a kitchen sink. With bugs.
It is relevant because IT projects are inherently difficult, and many of them fail. Just because the French government failed at two projects mentioned in the original comment does not mean that a) it's particularly bad at IT projects or b) it will necessarily fail again. Having the corporate failure rate as a baseline could help assess the proficiency of governments around the world.
It is if the grandparent meant to disparage government IT projects (compared to corporate IT projects) -- which is a possible reading.
(It's also relevant because because we pay corporations with subsidies, tax cuts, tax evasion, research grants, public procurement, specialty laws favoring them, etc -- sometimes even more than we pay governments).
SAIP has never sent an alert to me. But I get alerts from International SOS. So a third party emergency app does a better job than the official French app. Quelle surprise!
That actually was the estimated cost; it grew at least at 81,5M€. (there's also a story in the article about one of the components of that seemingly simple app being 37 months late)
The spin here is funny. The article pretends this is done to prevent eavesdropping, while it is probably closer to the truth that this is done to ensure eavesdropping by the DGSI.
If you're talking about the metadata, yes, probably. It 's the same kind of eavesdropping capability you'd have from Signal servers (i.e: not much).
Also: from what we've seen of Macron's team, they've proven that they have good-enough internal technical advisors; so it remains to be seen if they'd use a solution that can be eavesdropped.
Unless you can verify the deployed build against an open source code, whether the code is open source or not is irrelevant, you trust all the intermediaries. Which is ok for a corporate actor but probably not when you are a sovereign actor and know you are dealing with a keen NSA. How could you control that Apple or Google wouldn’t patch the app before it gets deployed or after it has been deployed?
On Android (at least); you can verify that the apk is signed with the developer's key; and Signal provides reproducible builds. Then the app is designed to not trust the server.
I think we are in agreement that Apple or Google could patch the app before it gets deployed. But AFAIK it has never been done yet, and if it ever happens, it would undermine all credibility of the platform. Of course a state actor wouldn't want to be the first to find out.
Thinking about it, Google and Apple actually don't even need to patch the app, they have access to all key strokes and screen rendering. It just needs to be a few lines of code hidden anywhere.
It's a possibility. It just wouldn't make any business sense, it's a pure self-destruct button. And there are hundreds of reverse engineers on both platforms that could have caught it by now.
> Not sure if I'm 100% right here, but knowing all my contacts and when I communicate with whom is an awful much.
Signal actually doesn't know all your contacts - you can check the source code to confirm that it doesn't know about any contacts that you don't message using Signal, for example.
Signal also doesn't store most of the metadata that it could, so it really knows incredibly little about its users. It knows (for example) the last date that it was able to talk to a particular device, but they don't store historical data for that, so if you received a message on Signal today, they don't (anymore) know that they sent you a message yesterday, or last month.
Of course, that second part all runs server-side, so you do have to trust Signal when they describe their internal architecture. But to be frank, who do you trust more with that metadata: Moxie Marlinspike, or the government that is essentially the "sixth eye" in the Five Eyes alliance[0]?
>Signal actually doesn't know all your contacts - you can check the source code to confirm that it doesn't know about any contacts that you don't message using Signal, for example.
I get a message in the app when a contact starts using Signal, so it has to know them server-side.
The other part of the comment was reffering to what the server could know (in the gov. case - will know), and that IS quite a lot (assuming Signal style service).
And I do trust Moxie nominally, but I also believe that he will obey US courts.
Yup. As a French citizen I’d trust a Chinese servicr more than a Franch one. Sure they evedrop more, but at least they’re less connected with French politics.
What’s amusing is that foreign secret services are not the only ones snooping on French politicians. French secret services have a whole department (formally called RG) in charge of collecting files on every domestic public figure (own file is a interesting ritual read for a newly promoted minister of interior). The justice dept had also an interesting interpretation of attorney client privilege where it argued recently that it was ok to snoop if retroactively a wrongdoing is found (the Sarkozy case).
If I was a tech savvy French politician I would try to use something that is neither in control of French authorities nor foreign. But French politicians are almost exclusively political science graduates, lawyers, doctors and teachers, not typically tech savvy.
We have a non-insignificant number of engineers as politicians in Portugal. E.g. the current Secretary-General of the UN is one of our ex-PMs, and is an ex-assistant professor of Telecommunication Signals after having graduated in Physics and Electrical Engineering.
Considering our political panorama, I don't think this has helped much, though.
It seems that the source have already been published and is using open protocols.
I'm actually greatly pleased that my taxes are spent on an app that is actually accessible from the public, and will benefit open source project. This should be the standard way for most government development projects.
This is awesome to see! My only wish was that matrix and riot were clearly mentioned. This would have significantly raised the profiles of both projects that I'm a big fan of.
To @Arathorn and any other members of matrix and riot teams, kudos on this news, and great job! Next step - of course, beyond the tech work already being done on the platforms - is to promote the heck out of this news!! ;-)
thanks :) the problem here is that the government comms guys simply don’t know about Matrix or care about the underlying protocol, hence lack of reference to Matrix. Hopefully the word will get out anyway!
I thought about that too...if their concern is that they want the server to remain on French soil could they not spin up an instance of their own Signal server?
Afaik they would still need Google Services, based in the US obviously, to run Signal.
There's technically an APK on the Signal website without Gapps, but it's not officially supported by the development team. On their issue tracker they "leave it to the open source folks", i.e. ignore serious bugs like massive battery life degradation and Signal silently not updating for hours.
Thing is, you either get massive battery life degradation or your messages won't get through, there isn't much of a choice there unless you use push messaging. Google Cloud Messaging allows Signal's servers to send a "Hey, wake up and connect to us!" message to your phone, and every other app uses GCM for this as Google has spent a ton of time trying to optimize both reachability and battery life with GCM.
Maybe something will come along to supplant this, but for now push messaging is how we deal with terrible state table problems at the cell network operator level without wrecking battery life.
Not only that, Google apparently has agreements with mobile network operators to ensure that their long-lived connections don't get closed after a few seconds or minutes of inactivity. Some mobile ISPs close idle connections after as little as ten seconds, so unless you're in a position to negotiate with just about every major mobile network operator worldwide, you can't really offer the same level of service.
Apple likely has similar agreements too. I'm hoping that IPv6 will help alleviate many of these issues, as while your address may change as you move between towns, the state table needing to be maintained will be much less complex.
I've seen (at least in a dev build) support for activating an account on desktop, i.e. you enter a confirmation code sent via SMS to a phone number you chose. That phone number needn't necessarily only be accessible through a smartphone, I'd presume.
Is there a reason a crypto messenger team wouldn't seem to publish their protocol specs using BAN notation that people can objectively reason about, and then verify the implementation of it in the code?
As in, if you can't explain it this clearly, what's the problem?
Having worked on some crypto projects, the admonition to, "just read the code," is disingenuous, because without a formal spec, you have nothing to compare the code to or evaluate the code against.
I don't quite get the need of messaging service for the government when there are already other secure/official means of communication. Would any corporate promote messaging app over official email communication channel for employees?
Are these communications preserved for open records purposes? This seems like a good way for government officials to avoid scrutiny from the public or history.
Asking for "the best" might be a bit subjective, no? Early on, the Matrix Console Android client was ok; i had no problems with it. Though i think it was intended merely as a reference implementation. The Riot client (it used to be called Vector client) gained alot of attention since the beginning, so its got plenty more polish. I honestly have not used any of the other clients - since happily sticking with Riot (web client). But the matrix.org site does have a list of clients/apps (and the list is much longer than I recall since the last time I checked): https://matrix.org/docs/projects/try-matrix-now.html You lose nothing in giving a few of them a try. Cheers!
Well looks like our government (I'm French) is having the NIH syndrome as well. Why not reusing existing solutions like XMPP + OMEMO? They can invest a few thousands euros in those projects and in a couple of open source clients. Plus this will also allow the citizen to have a nice, government funded, encrypted solution.
But hey, it's not "sexy" enough. So they'll drop some public money to a big company that knows "what they are doing" and deliver a crappy platform that no one will use :) It already happened too many times.
Because it's not about building an encrypted solution, it's about building "our" encryption solution, so that we can break it when needed and infringe on privacy of citizens. Western European countries are going full speed ahead on censorship and surveillance, so no wonder they are trying to fight 'pesky' foreign encryption schemes.
XMPP is legacy, and rightfully so. With it, by default, communication is in cleartext, there is no way to ensure message reliability and integrity without privacy implications, and multi-device support is arkward.
Essentially yes (and not just PGP), strong cryptography fell under arms regulations and required, essentially, the equivalent of a firearms license (but was, by contrast, almost impossible to obtain). Import and export of cryptography technology are still regulated, though [1].
> Do they expect people to trust them?
I’m not sure what you mean by that: This isn’t a trust issue, the French government is/was completely upfront about these restrictions.
Wait a minute, does this means what I have done with Monocypher¹ is illegal? I live in France, and I clearly provided and exported "cryptographic means", and I haven't written a word to our prime minister.
Same goes for Libsodium by the way, I doubt Franck Denis bothered to ask permission as well.
As far as I understand (I haven’t lived in France since 2004), the import and export restrictions are essentially unenforced, and nobody cares (as long as you’re not actively trading with embargoed nations). But if you’re working in cryptography, it might be worth talking to other local experts. There are surely user groups that know the legal situation inside out — at the very least, publicly funded researchers should be able to point you to resources.
The trust issue is whether to trust the French government to care about the privacy of individual citizens over its own surveillance capability towards those citizens, when it made the opposite tradeoff in the past.
Though I agree it's not as bad as if they had been caught lying on the topic. Still, are they specifically saying the tool will protect people from the government itself?
I wish I would have seen a GitHub repo opened by the French government (à la Keybase) instead of an article from Reuters telling me that 20 officials beta-test an app developed by "we don't know who" using the taxes that pay my parents and friends. Show, don't tell.
So there is an open github repo, and I’m a bit surprised they’re not linking to it - I think this reflects more on the government comms processes than the FOSS side of things. On the Matrix side we’re seeing what we can do to help.
