Identity hijacking and key resets

What's a key reset?

One of the biggest security holes in contemporary E2E-encrypted chat apps like Signal is that application servers can hijack your identity.

This functionality exists in order to support account recovery. When you log in to Signal on a new device, after confirming your identity through 2-fac, Signal's servers will unilaterally reset your public key in their database, and inform all of your peers of that change.

This is the whole premise behind "safety numbers" in Signal. Signal knows that it's inherently sketchy that their servers can reset your keys, and their hope is that users will manually verify any key changes by confirming safety numbers. In practice, I doubt many users bother.

What's the big deal?

E2E encryption is meant to put users in control of their data and their digital identity. But when application servers can unilaterally issue key resets, your digital identity is ultimately controlled by those servers, not by you.

This may seem like an academic concern, but there are many scenarios where it becomes relevant:

A government could issue an order to Signal forcing them to reset an identity to a specific key. They could then hijack that account and use it to trick peers into communicating sensitive information.
A security breach in Signal's application servers could lead to an attacker hijacking any number of identities. This is what happened in Twitter's recent breach, which showed that 2-fac is only as strong as the application servers validating it.
A rogue employee at Signal could create a backdoor in Signal's application servers that allows them to hijack an identity. This may seem far-fetched, but Facebook has had to fire employees for abusing company privileges to spy on people they knew, and Google operates under the assumption that foreign intelligence services have compromised their engineering org.

How is Comm different?

We don't allow key resets. In Comm, the only way to change your public key is with a signed message from the old key.

Our backup service enables account recovery as long as you remember your password. We encrypt your private key on your local device using either your password or your crypto wallet, and upload that encrypted private key to our backup servers.