68.3% of people in China use third-party keyboards – many of them use Signal
community.signalusers.org"many of them use Signal" - where is this conclusion come from? They have WeChat. I've never seen any of my Chinese friends using Signal.
That's kinda irrelevant to whether Signal should try to help Chinese users?
Totally irrelevant, but it's there, in the headline and it's not true.
They probably tried to say that most of signal users use third party keyboards.
Idk. I commented because the title is wrong and misleading.
This. Absolutely none of my family and friends in China use Signal. There are a few that uses slack though.
When Donald Trump threatened to block WeChat in the US expats and Chinese people alike started to download Signal.
https://www.nbcnews.com/tech/security/trump-bans-wechat-some...
That's about Chinese people in the US. The headline explicitly says "people in China".
Note that even for Chinese people in the US (myself included), Signal was in my experience a pretty minor choice when Trump was trying to ban WeChat. Whatsapp, Line, etc were among the favorite alternatives.
I'll file this under "security tips". Signal should probably give its users tips for communicating securely - but that's at least one degree separate from "warn users about insecure IMEs".
Additionally, if you're already using a chinese phone, why does it matter whether your IME is compromised? Doesn't the CCP already have its nose in all of the manufacturers' OSes already? Maybe Signal should warn about that as well.
I'm all for helping people communicate securely, something Signal should be very interested in, but the hyper focus on IMEs is confusing.
> Doesn't the CCP already have its nose in all of the manufacturers' OSes already?
What specifically are you saying here? Are you suggesting that every Chinese person's phone is sending off their keyboard inputs to the Chinese government even if they don't use a compromised IME? Because if not, then yes it matters whether or not your IME is compromised. Otherwise your position is just "the phone might be compromised in ways I don't know, so I won't even bother fixing the ways I do know".
> Are you suggesting that every Chinese person's phone is sending off their keyboard inputs to the Chinese government even if they don't use a compromised IME?
Yes.
You have a point about the rest, though, especially when it comes to more secure systems.
I would assume that any phone purchased in China is compromised by the CCP.
In what way though? Are you arguing that people should just ignore security vulnerabilities that they are aware of, on the basis that you think there might be some vulnerabilities that they're not aware of?
The linked paper literally just says "(assume the default IME app does not have these problems)" in it without justification.
This thirdparty IME concern seem really more relevant for e.g. Japan being worried about it's citizens using a compromised Baidu IME instead of a more trustworthy preinstalled Japanese one. All IMEs all can be keyloggers and the Chinese government can necessarily access Baidu data, and any smaller Chinese IMEs will be outside the auditing and enforcement jurisdiction of the Japanese government.
If you're inside China using the preinstalled OnePlus IME that "untrustworthy supposition" just already holds to the preinstalled one, and there's little reason to believe at least some of these third party IMEs are more likely to be compromised than the preinstalled one instead of less likely.
Some years ago, the Japanese government send out warnings and restriction on usage of Baidu's IME. It was one of the early ones to sync to the cloud for better predictions.
https://www.techrepublic.com/blog/asian-technology/japanese-...
I'm not sure the headline reflects the discussion issue...It is anecdotal on how many Chinese users are using Signal, but the concern is that so many use third-party keyboards it could be compromising the secure nature of Signal (and the discussion is advocating for users to be made aware of the risks of using third party keyboards with Signal)
I chose to highlight the Chinese aspect, but you're absolutely right: any keyboard with personalisation puts Signal users at risk.
The guidelines exhort us to:
> ... please use the original title, unless it is misleading or linkbait; don't editorialize.
https://news.ycombinator.com/newsguidelines.html
If you can still edit the title, you should change it to the original "Signal should warn users who are likely using insecure IME apps"
I'll bear it in mind in future. Thanks.
I remember a few days ago there was a post on hackernews to stop being mean to the people that worked at signal. The Twitter user linked in that article is railing into signal devs and she calls them assholes that don’t care about what happens outside of western society.
https://twitter.com/RealSexyCyborg/status/119769537620088012...
> calls them assholes that don’t care about what happens outside of western society
That's hardly her main point:
> For Chinese who are used to a specific IME- like Sogou, trying to type on something else is a tiny bit like a QWERTY user suddenly faced with Dvorak- we can make it work, but it's slow enough day to day that 50/50 they just install Sogou because what's the big deal right?
> The Signal "fix" is "Incognito Mode" aka for the app to say "Pretty please don't read everything I type" to the virtual keyboard and count on Google/random app makers to listen to the flag, and not be under court order to do otherwise.
> Needless to say, Sogou/Baidu dos not respect the IME_FLAG_NO_PERSONALIZED_LEARNING flag. So basically all hardware here is self-compromised 5 minutes out of the box.
> so unless journalists tell them otherwise, which they have not been doing- users will install Sogou.
This is important.
I understand Naomi's point here, but I'm unclear how it relates to Signal. Isn't this an issue with 3rd party keyboards in any app?
If it's an issue in any app that can lead to privacy leaks, it's a showstopper issue for something like Signal. It being an issue with any app is even more reason to tell people about it, not less.
But if a person has something important to say, calling people that don't know about the issue assholes is not a great way to go about it. I know there is a western, and especially US/English, bias in tech. But it's not like everyone tries to annoy others, it's more an issue of ignorance.
Btw I agree that when Signal says your messages are secure, it should probably do something to warn about ways things still may leak.
She has been ignored for over a year (she tried to get them to discuss the issue in 2019), and all the while people have been getting kidnapped by the Chinese government due to this misunderstanding. I can understand why she would feel upset. I think what set this off was signal responding to questions to some tiny Twitter account after ignoring her for so long.
It is an extreme exageration to say that the Chinese state artitrarily detaining people is due to Signal not working around the IME issue.
Let's be clear: the Chinese state detains people all the time, based on many sources of information, probably the least important being interception of keystrokes to Signal in an input method app. They own all the app makers and the app stores. They can push a specific version of an app to a specific person. Frankly it is meaningless to rely on Signal on a device like that.
The OWS team is small. They don't have a social media team like big corps do, tracking social issue engagement, what big accounts have tweeted etc, and it is ridiculous and counter-productive to be going off about it.
Of course signal is not the only way people get compromised in China but if the claim in TFA that 70% of Chinese users use a third party IME is correct, it seems reasonable that some of them, thinking their chat is secure, would say something that gets them in trouble. Naomi Wu has claimed this has happened and I have no reason to doubt her.
Yes OWS is small, but a major security vulnerability for a country with over a billion people seems worth addressing, no? Naomi Wu is certainly a big account on Twitter and we can see from TFA that Moxie and OWS are aware of this complaint. The question is what to do about it. If you read TFA you will see that the best suggestion seems to be a warning to users using any third party IME. Seems quite reasonable to me.
Since MSS are unlikely to tell us their decision making process it is quite opaque. It could have been CCTV, an informant, an unfounded denunciation, something they said on WeChat, one of the main compromised Chinese apps. It really isn't open to her claim this level of confidence.
If the keyboard is leaking keystrokes or word searches on a wide basis it would be difficult to hide technically. DFIR techniques for this are pretty straightforward, I'm sure plenty of people in HK could do it. Why no details?
But ultimately this is a much bigger Android problem, and won't be solved by fixing the keyboard (which OWS is obviously unqualified and ill-equipped to do). A broad ranging device lockdown guide, and OPSEC training (like [1] but for protest groups), is necessary to have anything except illusory protection. I don't think OWS should get into the business of issuing security advisories for all the platforms that they port to.
The pro-democracy groups seem to have this stuff figured out as well as you can and still have a visible protest movement. Very much following Chairman Mao: "The revolutionary must swim with the fishes."
Where we disagree is that I believe OWS should consider security advisories. This comes up multiple times if you read the whole thread linked in the top of this HN post (TFA). OWS wants to assume that users are normal people without much knowledge of opsec. They want the users to trust the engineers to guide them. Well, if everyone is saying “Signal is end to end encrypted and no one can read your chat” OWS might be able to help a lot of people by clarifying that while messages sent over the wire are encrypted, a compromised phone could still mean compromised conversations. This is painfully obvious to you or I, but regular people I speak to have no idea about things like this. Non technical folks I speak to still don’t understand the most basic opsec.
Telegram/WhatsApp/iMessage/FB Messenger all go pretty far down the 'this is secure messaging' path, with far less justification. (And for a Chinese iPhone iMessage is completely broken.) Far more people use the big platforms. Getting a significant user base for Signal is a big comparative win, even if the handset security it weak.
Should they be less minimalistic on their website? Probably yes. Would anyone read it? Geeks, yes. Maybe people who are worried. But I think it is a small win at a high cost.
Maybe it's possible to write a basic phone opsec guide and just stick it on medium or something. Rely on the magic of Google to help people find it. (Would Baidu index it? I wonder.)
Can you substantiate this claim? Or is this just "I know someone who was arrested, it had to be the keyboard"?
This was Naomi Wu’s claim. She herself has been “taken away for questioning” by the Chinese government (and she shared photos of it) so I have no reason to distrust her claims.
I'm not sure I'd know about this if the statement wasn't notable for its coarse language. Moreover it's not just a case of criticizing someone who didn't know about the issue, it's criticizing people who are telling people to do something without understanding the risks.
> But if a person has something important to say, calling people that don't know about the issue assholes is not a great way to go about it.
I don't mind it at all. If someone uses "being called asshole" as a reason to not even inform anyone, they would have found another excuse. Some people simply register it as strong language and otherwise focus on the content. At any rate, it's very easy to judge what someone says in frustration when you yourself don't even suffer from the situation and/or don't care about those who do.
> But it's not like everyone tries to annoy other, it's more an issue of ignorance.
So she shed light on that, and instead of talking about the important bit, people think it's super important to teach a random person to not be rude, ever? That's what we're focusing on?
> That's what we're focusing on?
That's my point. By presenting the issue the way she did, people moved the conversation away from the issue and instead ended up in a meta-discussion about the discourse. If her points were laid out in a nicer manner, she would be closer to actually achieving her goal.
She did that over one year ago and was ignored. Policing her tone instead of addressing the issue that has people getting kidnapped in China is really missing the point.
> By presenting the issue the way she did, people moved the conversation away from the issue
By HER doing A, OTHERS did B? That doesn't even parse as English, and betrays doublethink.
Open source devs are horribly mistreated for a service they provide for free/very low income. I will gladly focus the conversation on someone being rude to someone that has dedicated their life to making the world a better place. Signal is a nonprofit organization dedicated to the betterment of mankind. They want to a good job and they’re not assholes.
"Making the world a better place" is terribly generic, and not impressive in context of stubbornly refusing to even acknowledge, much less warn users about, an issue that puts actual lives in danger. If they ignored her for so long, what was the excuse before she dared to say "asshole" to adults who dabble with something as serious as this?
tweet thread is claiming app store apps are downloaded unencrypted and that they can be modified in flight. Any proof of this?
The thread there is really interesting. Apparently the "OEM" IMEs aren't the ideal standard for Chinese input, so people tend to use a proprietary one like Sogou's. [1]
The OEM IMEs are also proprietary, which makes me question everyone's points.
Naomi analyzes the technical side very well, but somehow face plants on the conclusion.
Insecure IMEs exist everywhere and affect every app. Not just Signal, not just in China.
This is the operating system's job to tackle, not Signal's. And oh wonder: Android displays a scary reminder when you install an IME (of course they could and should disallow network access for IMEs as well).
Signal should show a reminder to help people be secure, but framing this as some kind of obligation towards the people of China is weird.
I think Naomi wants at least a clear recognition of the issue from signal. All of us on HN can say “well yeah that’s obvious” but signal keeps telling everyone their app is “secure” without caveats that your keyboard could be leaking everything you type, making the system not secure. Saying “well that’s not my department” isn’t acceptable when people are being put at real risk here.
EDIT: The specific request in TFA is to detect users using a third party IME and give them a security warning. Seems pretty reasonable.
> This is the operating system's job to tackle, not Signal's. And oh wonder: Android displays a scary reminder when you install an IME (of course they could and should disallow network access for IMEs as well).
(ios makes the third-party keyboard ask the user for "full access" in order to hit the internet.)
It doesn't matter. You can compromise most of the phones (at least non rooted) if you or your people make the OS and thus also the OS level libraries that handle Text input from the IME, or even touchscreen information would be enough in most cases (unless everyone uses the randomized keyboard layout, and guard against "known plaintext" type attacks)
I thought Signal came out with their own keyboard and I was excited.
Even if they did, creating a Chinese IME is a really difficult problem space. Since typing is generally done phonetically in mainland/HK/taiwan and the real words being typed are ideographic, there's a lot of inference to translate in between.
Considering how quickly the language moves to keep up with internet culture and new newsworthy names, new parlances, new memes, an IME has to do the equivalent of staying up to date with the equivalent of urbandictionary for users to be able to invoke the latest "lit" colloquialism. This is a full-time job on its own.
Yep this. Even on computers, most Chinese people I know won’t use the OS’s IME and instead use third party programs.
There are entire companies that exist to solve just this problem that is basically orthogonal to Signal’s purpose and mission. While it would be great for there to be a top tier Chinese IME from someone we trust, it’s by no means an easy task like most people are probably envisioning.
Serious question and not trolling: Is Chinese/Mandarin very hard to romanize? In India we have indic IMEs but romanization works pretty well and it's rare to see people using Indic IME. Especially far-south languages have fewer consonants and there are very few ambiguities on how to pronounce. Is it not possible for Chinese?
Not a Chinese speaker, but I know like 10 words.
They already have some romanizations like Pinyin that are largely phonetic.
But take something like "mao". Without any accents to indicate the tone, that could be:
To be honest, I got tired of compiling the list at this point. There's lots more.* 毛 - like a dozen distinct meanings * 猫 - a few meanings, but mostly "cat" * 冒 - half a dozen meanings * 昴 - one meaning * 懋 - a few meanings * 帽 - a few meanings * 貌 - a few meanings * 牦 - one meaning * 矛 - one meaning * 铆 - a couple meanings * 锚 - one meaning * 贸 - one meaning * 茂 - two meaningsWhen someone uses a romanized keyboard to type "m", "a", "o" you've got like two dozen possible characters that becomes. If you're trying to figure out from context which one the person might be intending, you need to look at like 60 different possible meanings in context and figure out which characters are most appropriate. And that's given the previous several things they've entered have been narrowed down to one character, but likely still have several meanings.
A lot of (I'd dare say most?) Chinese people do use romanized input (the alternative I've seen is very slowly drawing out each individual character on the screen), but whether the keyboard sees you type "I have a cute... mao" and decides you want 'anchor' or 'cat' has a huge impact on day-to-day usability for people actually using it.
The written language is vastly more complicated than the spoken one as far as I can tell. A syllable that can have 60 meanings is relatively easy to figure out in context, but when written the meaning has to be made explicit. As a really basic example, "ta" is both he and she. So they just don't have masculine and feminine pronouns, right? Wrong. 他 is he, 她 is she. These are said exactly the same so even given accents to indicate tone they're romanized identically. But when written, the distinction is made.
And if you make a mistake somewhere in all of this?
Well, baba (爸爸) is dad. baba is also poop (㞎㞎).
Wo ai ni, baba. I love you, poop.
The side effects of chinese not adopting a phonographic writing system when it could, or having both like japanese does so you don’t need to use such an informal ambiguous layer when actually writing.
That doesn't really solve the problem. Homophones exist, and entering the phonetic representation in some native character set would still require an additional conversion step to disambiguate the homophone. (i.e. in Japanese you can type in hiragana, and many phone IMEs work like that, but you still have to convert that input to kanji; nobody wants to read your long stream of hiragana.) The input methods add value based on how frequently they suggest the correct conversion as the first candidate (based on context).
Imagine typing English by speaking. You can say "flower", but that might get written out as "flour". Some intelligence has to be implemented that picks the right one based on context, or give you the ability to correct it. That is where the complexity in east asian input methods come from.
(Yes, as English-speaking computer users we are very lucky. The exact sort of symbols that readers of English expect map 1:1 to our keyboards. Still kind of a pain on a phone, though!)
Native Chinese speaker here.
I'm not sure I understand your point. Without keeping up with the new memes, IME still let people type them (it's simply not as easy when IME does not auto-suggest the new combination, users can manually select each Chinese character).
Regarding "an informal ambiguous layer", are you implying there is something more fundamental/low-level than the Chinese characters used in communication? If so, what is that?
Japanese IMEs operate basically the same way as Chinese ones.
But native OS IMEs in japan are used frequently, while in China they are not? From what I understand hiragana -> kanji conversions are formalized and thus are easy to add by dumping a dictionary, while in chinese since the phonography is informal you need to do more effort to maintain the dictionary, as everyone ends up typing in whatever they thing they think it would be in pinyin or similar AFAIK, along with all the dialectal variations.
The paper cited for the 68.3% figure http://web.cse.ohio-state.edu/~lin.3021/file/SEC15.pdf says that third-party IMEs are also "very popular" in Japan and Korea, though they do not cite any statistics. (Their statistics for China are from 2014. The paper was published in 2015.)
Chinese orthography is just as standardized as Japanese and hanzi/pinyin dictionaries are not harder to maintain than kanji/hiragana ones. Some people have trouble with sound distinctions in Standard Mandarin that don't exist in their speech and enter incorrect pinyin (e.g. z instead of j or zh), but that can be treated as a typo, the same as phonetic misspellings in other languages.
Support for dialectal variations is essentially nonexistent in mainstream IMEs. People who want to use varieties other than Standard Mandarin would have to use shape-based input (including methods that decompose each character into smaller parts, like Cangjie) or send a voice message. (There are projects to create IMEs for other Sinitic languages, like https://hanhngiox.net/ but almost nobody uses them.)
(Do any Japanese IMEs support non-standard dialects or even other Japonic languages?)
Japanese IMEs are even more complicated than Chinese ones, what are you talking about? (The existence of kana doesn't solve the homophone and homograph problems.)
Here's a popular, commercial Japanese IME: https://en.wikipedia.org/wiki/ATOK
How does Signal work in the context of the Great Firewall?
Can china shut down Signal by banning traffic that seems like Signal communication??
Agreed this was my surprise about the headline. I assumed it'd be blocked.
It isn't really suitable for political dissent. I think they would be more unhappy with things like Telegram that can have huge group chats.
It works as is usually on Chinese ISPs though I noticed occasional interruptions. Using a VPN got rid of those disruptions.
People use Twitter, YouTube, Facebook, Telegram with VPN in China. Twitter are mostly for porn, telegram for shady business and porn. I would assume you will probably need to use VPN for Signal.
I wouldn't expect the first party keyboard on a Chinese-manufactured phone to be any safer than a third party IME.
I would say I would be surprised if many>1% of the people. I have yet to know a single Chinese ever mentioned Signal.
Im confused .. people are debating wether it's good to track what keyboard people use but instead of tracking which keyboard peoeple use, would it be not simpler for signal to basically build their own integrated keyboard and deactivate the android default one ?
This is likely the result of this discussion. To fix an issue (decide to commit dev resources to develop an integrated keyboard, communicate to users the data leakage risk of using a keyboard not integrated into the app), you must first raise said issue and perform discovery.
I think the word 'track' is misleading in this context. The proposal outlines various methods to detect the use of a third-party keyboard, whereas the term 'track' commonly denotes corporate surveillance.
They could do that, but it would have a maintenance cost. I do think we need to find a solution to this, however, as these personalised keyboards actually _track_ what people type. That could have real-world implications.
The word is not from me, read the messages of the issue
Why a keyboard application code even needs access to the internet? Could the OS just not allow it in the first place? I honestly don't fully understand why it's a Signal's problem in any way.
Obviously due to the fact that Chinese input could be better optimized by third parties.
But are Microsoft or Google's keyboard apps actually secure? That is, is it certain that they don't log keys or phone home somehow?
Net net: what IME is best for a mainland Chinese user of Signal?