What Most People Get Wrong About Secure Messaging with Signal CTO Ehren Kret
Season 3 Episode 19 •Show Notes
Most people think secure messaging begins and ends with encryption. Signal CTO Ehren Kret says that is only part of the picture.
In this episode of Cyber Focus, host Frank Cilluffo sits down with Kret to discuss what private communication really requires, from protecting message content to limiting what platforms can learn from metadata, identity, group membership and social graphs. Kret explains how Signal’s nonprofit model shapes its privacy-first design choices, why endpoint security remains a major challenge, and how AI built into operating systems could create new risks for private communication.
The conversation also explores post-quantum encryption, lawful access debates, phishing threats against messaging accounts, and why the future of secure communication depends not only on better technology, but on helping users understand what is and is not truly private.
Main Topics
- Secure messaging misconceptions
- Metadata and social graphs
- Endpoint security risks
- AI and platform privacy
- Post-quantum encryption
- Signal’s nonprofit model
Key Quotes
“Disappearing messages, and that’s one piece of the puzzle… But a lot of people think that’s sort of the end.” — Ehren Kret
“You should also be looking at does your service provider have access to the message content and is it protected from visibility from them?” — Ehren Kret
“Being able to build a social graph can reveal information, even though you don’t necessarily have the message content, it is highly leaky. You can infer from a social graph, you can see who is talking to who, and a lot of times that reveals information about the content of those communications .” — Ehren Kret
“Signal…is an anti mass surveillance tool. It’s not necessarily an anti targeted surveillance tool because at the end of the day your phone is still an endpoint that can be targeted.” — Ehren Kret
“Since it’s a nonprofit, the primary goal for Signal is to spread the use of end-to-end encrypted for messaging and for communications in general.” — Ehren Kret
Relevant Links and Resources
- Signal Foundation
- Signal: Sealed Sender
- Signal: Quantum Resistance and the Signal Protocol
- Cloudflare Post-Quantum Roadmap
- Google Research on Quantum Vulnerabilities
About Ehren Kret
Ehren Kret is the Chief Technology Officer at Signal, where he helps lead the development of privacy-preserving communication technology. He previously served as an engineering director at WhatsApp, where he helped scale end-to-end encryption for more than a billion users.
Transcript
Ehren Kret [00:00:00]: Over 99% of messages delivered through Signal, we don’t have the sender side of the equation. And so it’s kind of equivalent to going to a random post office dropbox you’ll find on the street and just dropping in an envelope with only a delivery address and no return address.
Frank Cilluffo [00:00:16]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week I have the privilege to sit down with Ehren Kret. Ehren is the Chief Technology Officer, or CTO at Signal. He previously served as the engineering director at WhatsApp. And I think, Ehren, the last time you and I had an opportunity to connect was at the New York Stock Exchange at a great event hosted by Lisa Plaggemier and the National Cyber Alliance. So really look forward to sitting down with you, Ehren, and welcome.
Ehren Kret [00:00:54]: Great. Thanks so much for having me on. Should be a fun conversation.
Frank Cilluffo [00:00:57]: Absolutely. And I thought we’d start with, I mean, most everyone knows of Signal, but I’m not sure everyone appreciates what differentiates it and what sets it apart and also why so many security leaders recommend the use of Signal. So I thought maybe to sort of not get into a very specific what differentiates it from all the other messaging apps, but what makes it unique would be a great way to start the conversation.
Ehren Kret [00:01:24]: Yeah, I think what really sets Signal apart from the other players in the field is sort of the dedication to privacy at the sort of extent that we go through to protect it. And so if you look at comparables, you’ll have things like either metadata about messaging, like who is being messaged is known to the service operator or the user’s address book or these sorts of things, and Signal goes through great efforts to protect that information as well, in addition to just the message content. So on top of message content being secured with the protocol that we have, we also have the information about who is messaging who, and also the user’s address book protected.
Frank Cilluffo [00:02:02]: Awesome. And if you had to explain sort of in a sentence to a policymaker, whether a member of Congress or Executive Branch or a CEO or a regular user, in terms of every day, what do most people misunderstand when they talk about secure communications? Because, I mean, I know there’s so many different bits and pieces and integers into this, but if you had to pinpoint in a sentence or two, what would that be from your perspective?
Ehren Kret [00:02:34]: Yeah, I think the most common thing that people lean to when you’re talking about secure communications is things like disappearing messages, and that’s one piece of the puzzle. If you’re looking for the person you’re talking to, having the data automatically clean itself up after a period of time. But a lot of people think that’s sort of the end. And from user experience perspective, you can understand why people think this, but that is not everything you should be looking at. You should also be looking at does your service provider have access to the message content and is it protected from visibility from them? You know, who actually is able to read this? And so that is a common, I’d say the most common user misunderstanding of what secure messaging looks like.
Frank Cilluffo [00:03:13]: Great, great point. And I think you’re right. Most people think it’s not on their box, so it’s gone. I’d also be curious, you helped pull together and scale encryption at WhatsApp. Any lessons there that you brought to Signal?
Ehren Kret [00:03:30]: Oh, for sure. There is just a huge amount of variety of devices and problems that those devices can encounter out in the world when you’re deploying into an encryption to a billion plus people. I remember seeing things in the logs while we were trying to roll the system out, diagnose why various decryption failures were going on. That ranged from poor randomness sources, there was a category of Android devices out there where everyone had the same random number generator effectively. The devices had like a constant seed for their, for their random number generator. So everyone was generating the same values, which was not, not good at all. And then there were some out there where you could just see, okay, the RAM that fails validation for devices that get shipped to the west doesn’t necessarily get thrown away. Sometimes it just gets put in cheaper phones that get shipped to other parts of the world.
Ehren Kret [00:04:24]: And so you will see bits being flipped at random in things that are constant values in your code. This is like that value can’t be this. It’s a constant. Well, when the RAM is not good RAM, sometimes the constant value gets changed.
Frank Cilluffo [00:04:38]: Well said. And you know, when most people think or hear secure communications, they immediately turn to encryption. And of course that is significant. But what else needs to be protected for a system to be private or truly private?
Ehren Kret [00:04:58]: Yeah, so you’re looking at message metadata, which is generally who is messaging who, kind of looking at like group messaging in particular, looking at who’s in the group, what is sort of the group subject, the group avatar, your profile name in the product, this sort of information that’s not exactly the message content, but is also very relevant to the exchange of messages back and forth. So this sort of information is not necessarily protected by everyone who has end-to-end encryption, but it’s something that we at Signal have taken great pains to try to make sure is private and secure as well.
Frank Cilluffo [00:05:33]: Yeah, so in sort of simple terms, so even if the metadata itself is encrypted, that’s not the whole, that’s not the whole puzzle. Right? Can you explain why that matters?
Ehren Kret [00:05:45]: So you’re looking for the metadata itself to be, like encryption is one element of it, but you’re also looking for, you’ve got authentication systems and systems like this which can reveal information. And so you’re trying to do as much as possible to hide the information from the service provider that would link these accounts together. So our group system, all the group IDs are encrypted, but somehow you have to authenticate to that system. So we use a system of zero knowledge proofs where you can prove to the group server that you are one of these members without actually revealing at any point to our server what your actual user ID is. So there’s different techniques you can use to try to protect this information beyond just the encryption side of it. But that’s certainly one big piece of the puzzle.
Frank Cilluffo [00:06:31]: And can I pull that thread just a teeny bit further? And it’s sort of, it’s not just protecting the message itself, it’s also the identity, anything you can share there?
Ehren Kret [00:06:43]: So yeah, beyond the message content, we’re also like the vast majority of our messages that are sent through Signal are sent via an unauthenticated channel. And this allows us to sort of protect the sender side who the sender is. We call this sealed sender and we have a blog post about how it works. Really the only time that we require a sender to identify themselves to Signal to send a message is when you’re sending a message to someone who hasn’t pre authorized you to message them. And in that case that’s done for spam fighting reasons so that people can’t create an account and then flood our system with messages that people don’t want to receive. But what this allows us to do is achieve, that over 99% of messages delivered through Signal, we don’t have the sender side of the equation. All we have is someone showed up, dropped off an anonymous message here that said deliver to this address. And so it’s kind of equivalent to going to a random post office dropbox you’ll find on the street and just dropping in an envelope with only a delivery address and no return address.
Ehren Kret [00:07:42]: So that’s, the vast majority of messages delivered through Signal look like that.
Frank Cilluffo [00:07:45]: That was a very good analogy because it made it very concise in so many ways. And just one more question along those lines before we jump into a couple of other matters, but even if a platform gets, if a platform gets metadata wrong, even with strong encryption, what can actually be inferred? What are we really exposing here?
Ehren Kret [00:08:16]: You can infer from a social graph, you can see who is talking to who, and a lot of times that reveals information about the content of those communications because those people have either, if they’re public personas, you kind of know what their focus area is or speciality is, or if they’re known to be affiliated with certain movements or certain groups, you can infer from them, okay, this group of people is likely all discussing this topic, or this group of people is discussing this topic. So being able to build a social graph can reveal information, even though you don’t necessarily have the message content, it is, it is highly leaky. And so you want to protect the user social graph as much as possible as well.
Frank Cilluffo [00:08:56]: Well said. And sort of looking at it through sort of how risk is changing, so, I mean, even if you get all the fundamentals right, whether it’s encryption, metadata, identity, we’re dealing with a dynamic environment here that is changing quite rapidly. And we’ll get into the AI discussion in a second, but I’d be curious where you see the biggest risk now and into the future. Is it on the device? Is it in the platform? Is it somewhere else? Is it a combination, or is it a complete unknown at this stage?
Ehren Kret [00:09:33]: Yeah, I think it’s a combination on the platform and the device. So we can go so far in protecting against the attackers in the middle. We have the mathematics for that. We can build cryptography that will protect against that. But ultimately, endpoint security is a different topic area. And endpoint security being can someone break into your phone or your computer, whatever your sort of communication endpoints are? And I think that area is somewhere where we’ve got a lot of work to do to make this more secure. I mean, we’re looking at platforms that are built on top of software that’s been around 40, 50 years in a lot of cases. And the security of this software is largely dependent on have people been able to find issues or not, and what software stacks are running on there, and how thoroughly vetted have they been? And this sort of a giant open question that’s really like, well, how can we build this in an affordable way? Making software that’s sort of guaranteed has just been too expensive historically.
Ehren Kret [00:10:38]: And so if you look at, you know, all of our mobile platforms, for example, there’s software in the iPhone platform that dates back to the days of NeXT computers, you know, before, before Steve Jobs rejoined Apple. There’s, there’s things in there that are, that are clearly named from the next step days is just like this is how far back the software goes and how long this stuff lives.
Frank Cilluffo [00:10:58]: I have a buddy of mine who was an engineer with NeXT and moved on to Apple and he’d actually be curious to hear this. And you know, just, not to belabor the encryption discussion, but if the endpoint itself is compromised, encryption doesn’t matter all that much. Right? And I mean it does, but are we underestimating where the biggest bang for the buck could be and where the fight is, the device? And I’m just curious here what your thoughts are.
Ehren Kret [00:11:34]: Well, end-to-end encryption is sort of necessary as a first step, but you need that endpoint security too in some fashion. And so what we saw is, you know, attacking the middle is much cheaper and much more possible to do en masse. And so if you look at what Signal is as a, as a product, and in general into an encrypted messaging overall is, is an anti mass surveillance tool. It’s not necessarily an anti targeted surveillance tool because at the end of the day your phone is still an endpoint that can be targeted. And if you’re like high enough value target, the phone itself becomes like there are ways in, there are, there’s zero days and unknown exploits on the phone that people can know about and try to attack. So what we see is end-to-end encryption really restricts that, that ability to sort of go in and like mine an entire country’s set of communications or just monitor the public en masse. But you know, you sort of ratchet up the expense of breaking into someone’s message content. And so you still have this problem of like targeted surveillance and that’s very much more difficult and gets much more expensive to defend against.
Ehren Kret [00:12:46]: But it’s going to go after the endpoint now that we’ve sort of protected the middle of the end-to-end encrypted messaging.
Frank Cilluffo [00:12:54]: And that’s really I think an important point, targeted versus mass. And again the level of capability that needs to be brought to the fight. And you know, and not sure how much you want to get into this, but FBI did put out an alert not too long ago mentioning that multiple Russian intelligence services are targeting multiple messaging services. Anything that, anything you can discuss there that is relevant, and did Signal take it seriously?
Ehren Kret [00:13:24]: Yeah, we’ve definitely taken it seriously. I’d say the most common thing we’re seeing so far has actually not, not been super sophisticated, but generally kind of phishing attacks where they are sending out the SMS registration codes for things like WhatsApp or Signal, trying to get people to re register or effectively send the SMS codes to a third party attacker and then they just register for the account themselves and trick people into sending the messages to the new device they registered. So that’s been the most common thing that’s been going on and it’s always sort of a balancing act of trying to adjust your messaging to be like, don’t share this with anyone. But people sort of like the longer you make the message, the more people just sort of skim through it and don’t read it. And you sort of have a bit of a problem of like how to effectively communicate that you should not be giving this to someone else. But that’s been the most common thing we’ve heard about.
Frank Cilluffo [00:14:20]: Well said. And let’s get into touch on, I mean we can’t go into ad nauseam around AI, but as AI gets built into more and more products, devices, systems and the like, what new privacy and security pressures does that create for private communication such as, such as Signal?
Ehren Kret [00:14:42]: Yeah, it opens a bit of a challenge, especially as it gets built into the lower layers below the application. Certainly at the application layer, like we can control what’s in Signal ourselves and make sure that if there is any use of AI, which we don’t currently have, but if we were to actually consider anything in the future, we would make sure that it is private, nothing leaves the device and the end user’s data is protected. But there’s often AI being built in below the application layer at this point into the operating system or the platform itself. And those tend to be focused more on like what’s the maximum feature set we can offer the user without necessarily taking into consideration the privacy guarantees that we are trying to make in our product or that other products are trying to make. And so that’s been a little bit difficult to work with at the moment because there’s no way to like inform the operating system or the platform. You should not use this content. I know we’re making it available to the, to the operating system in the form of notification content, for example, is like a number, number one way. And we have some controls for that in the application, like being able to turn off the notifications or turn the notification content into something generic that as you have a new message.
Ehren Kret [00:15:53]: But at the end of the day, that’s really a pretty strong usability hit for the user that you’d have to go through and remove your notifications in order to avoid the platform AI from reading them. And so what we really want to see there is just that the platforms, as they build in this AI, allow greater controls or allow more user customization that gives you control of the privacy guarantees of where is my data being sent. If I’m going to run an AI model on it, if it’s on the phone, okay, well, that has very similar processing constraints as to just running the application on the phone. And so that seems more acceptable. Whereas, oh, if you’re going to send this off and run it on a model on the platform provider servers, well, you know, okay, we’ve gone through all this work to end encrypt messages and now the phone is just going to leak them off to some server somewhere. You know, that that’s not, that’s not great. We don’t want that to be happening.
Frank Cilluffo [00:16:42]: And as everyone’s sort of hair on fire in D.C. and elsewhere with Glasswing and Mythos and some of the latest models, anything you’re thinking about there or you’d like to know more about there?
Ehren Kret [00:16:55]: What we’ve seen from just like these scanning systems is they’re pretty good at finding different issues.
Frank Cilluffo [00:17:02]: Pretty scary.
Ehren Kret [00:17:03]: So basically, as these issues are, as issues are found and surfaced by these things going through and fixing them, in general, it’s sort of been like a boon to finding and securing your systems. They’re not a guarantee that, like, everything is fixed. So they are, they are good for identifying issues that you may have missed or that other human reviewers may have missed. But just because you get a clean report from one of these systems does not mean your software is secure. It just means that they haven’t found it. And it’s very similar with the, you know, human scanning services that are out there too. They sort of go, go through as well and they can give you a clean report, but that just means, you know, they didn’t find an issue.
Frank Cilluffo [00:17:41]: Well said. And I think sometimes there’s that false sense of security in the flip side as well and all that. Right? You know, just because we touched AI, let’s go to post quantum as well. And I genuinely feel this isn’t something we need to be thinking about in five years. It’s kind of here and now and should we, should we be preparing for that now? And anything that Signal in particular is thinking through as, as we have another tectonic shift.
Ehren Kret [00:18:15]: Absolutely. In fact, I think there was a blog post from Cloudflare just a few weeks ago talking about moving all the deadlines up for when they expect post quantum cryptography to become a bigger threat. It used to be people were talking about 2035 or that sort of timeframe, and now everyone’s sort of shifted forward to, oh, we need to have everything updated for TLS by 2029. And the reason for that is there was a paper published, I believe by Google, a few months back talking about a much more efficient system for executing Shor’s algorithm on a quantum computer than had been previously known. And Shor’s algorithm is sort of the way that classical cryptography is expected to be broken into on a quantum computer. Previously it was thought you would need a quantum computer that is significantly larger than what the new algorithm they have found would allow you to use. And as I recall, they didn’t even exactly publish the algorithm itself, but they published a zero knowledge proof that they had such an improvement, which was kind of a clever thing to do as well. So, yes, it is very much relevant here and now.
Ehren Kret [00:19:21]: And Signal, we have been working on this problem already for a number of years now. So we updated our protocol, our message encryption protocol, a couple of years ago now to solve for sort of the harvest now, decrypt later threat that quantum computing introduces, where if you record all the crypto text ciphertext that’s being passed back and forth now, when a quantum computer comes about later, you can go through and break it. So we’ve been protected against that for a couple of years now, and we are now updating our protocol to deal with the threat of a contemporary quantum computer being the one that would exist at the same time. And so there’s a few more steps to getting that completed, but we’re pretty close to rolling that out at this point. In fact, I think some of our beta users have that on at this point.
Frank Cilluffo [00:20:04]: Awesome. Good to hear. And as governments are pushing harder on lawful access and the like, I’d just be curious what the discussion is like in terms of the tension between sort of legitimate security needs vis a vis preserving private communications. What does that look like in your environment? And I’m sure it’s a difficult set of questions because it is a conundrum. I mean, you want to be able to provide some level of safety and privacy to those in China, or you name the country where they’re dealing with oppressive regimes. But then, flip side is you sometimes have legitimate security concerns. What does that discussion look like at a place like Signal?
Ehren Kret [00:20:57]: Yeah, I’d say in general what you’re looking at there is, we kind of touched on a little bit earlier, Signal sort of protects against mass surveillance and protects against surveillance directly in the application. So Signal’s not the right target for when people are trying to like do a direct intercept on a particular target. At that point, like you go to the person and you get a hold of their phone or you go to them in person and do this sort of thing. It’s sort of, what Signal and other end to end encrypted messaging products protect against is what we saw back with the papers that, I believe it was Prism, if I remember the name correctly, were doing where it was just harvesting all communications that were passing through various middlemen, nodes in the network and sort of capturing everyone’s communications en masse. And so we have systems that protect against that. But ultimately when people are doing this sort of like deeper law enforcement action or this sort of thing, if they get a hold of the user’s phone, get it unlocked, they can, you know, they’ll have the same access that the user has to their phone. And so our answer to this is usually like we don’t have any access to the message content ourselves.
Ehren Kret [00:22:11]: If you’re looking for that sort of information, you’re going to have to go to the, to the person who has it with a warrant and get it from them.
Frank Cilluffo [00:22:18]: Excellent. And there are no easy answers to all of this. But one thing that I think most people are not aware, I wasn’t until you and I had a chat not too long ago, is that Signal is a nonprofit, and I think that helps it stand out in the tech world. And I’d be curious how the business model helps shape the choices you make around product design, privacy, growth. In many ways, it’s not simply to get more clicks and eyeballs or more users. I’d just be curious what the thinking is there, Ehren.
Ehren Kret [00:23:00]: So since it’s a nonprofit, the primary goal for Signal is to spread the use of end-to-end encrypted for messaging and for communications in general. And because of that, there’s actually our software in use in a number of other companies products in addition to our own. Both Meta and Google have licensed our software and use the Signal protocol in some of their communications products. And there are a number of smaller companies out there as well who have licensed and use our software. And so our goal is to sort of spread that more ubiquitously like throughout communications products and in general, just sort of increase the amount of communication that is protected with end-to-end encryption. And yeah, we’re trying to build more awareness that Signal is a nonprofit. It is one of those things where a lot of people have assumed that it is not. And so we’ve been kind of working on like, how do we get that word out there that it is supported by donations.
Ehren Kret [00:23:55]: And you know, certainly like growing the product directly is still something that helps us. We think it helps sort of build the case that people want this and so that more people should include it in their products because people want this, but it doesn’t make it the primary goal for Signal. And so that way we can actually share our software. And our software is open source, in fact, so people who aren’t building it into a commercial product can use it directly, but the folks who are building commercial products on top of it have licensed it from us.
Frank Cilluffo [00:24:24]: Well said. And we can add links in our show notes to some of that as well. Because honestly, I, even if I wanted to, I couldn’t survive without it now because everyone’s Signal-ing me in all these groups now and, and what have you. And I’d just be curious with that nonprofit model, the, the, when privacy pulls you in one direction and maybe not profit, but convenience pulls you in another, how do you hold that line? How do you start making some of those decisions?
Ehren Kret [00:24:57]: Oh yeah, that one’s a very tough balancing act. And so you certainly, you want to build a product that is usable for people because if it’s not usable, it doesn’t matter how secure it is if no one’s going to use it. And you’ve seen that with like prior cryptography projects, it’s just too hard for the average person to use. And so even though it may be highly secure, it’s so highly secure that no one can use it. But if you go too far in the direction of being usable, you end up with, you end up trading off on the security side of the application as well. So what it generally ends up being is when those debates come up, we will usually have pretty spirited discussions internally about where’s the right place to sort of stake out the trade off here. And we tend to lean very heavily on the side of being secure, even when it is slightly less usable. Just for Signal as a product in particular, we feel like that’s the right trade off to make.
Ehren Kret [00:25:50]: But some of the other folks using our software, using the Signal protocol have made choices that are more towards the usability side. So if you compare, say WhatsApp versus Signal and say WhatsApp has leaned more towards usability and has traded off on some of things in order to reach that, whereas Signal has like more on the side of security and sort of maximize security a little bit more. But that said, there’s always sort of a little bit of a sliding scale in the gray area there. You try to choose like what’s the right area for your product. And on top of that, I kind of think that it’s going to be, there’s some element of user choice in there as well. And so we have in our application currently controls like I touched on earlier for whether or not notifications are shared with the platform or this sort of thing. And right now it’s sort of like okay, they’re all like individual settings scattered throughout the app.
Ehren Kret [00:26:42]: We think at some point in the near future we’re going to add like another setting that allows people to sort of one tap, customize the app into like maximize the security for me and minimize all the usability in order to get the like the most security experience possible for those people who really want that to sort of have that option. But for sort of the mass market user, maybe not everyone wants that trade off.
Frank Cilluffo [00:27:05]: Excellent. And penultimate question. Say we have you back on two years from now and we’re sitting and having the same conversation. What’s the one thing that worries you most about the future of private communications and what’s the one thing that gives you most confidence? And it doesn’t have to be one, but I would just, just curious what you think two years would look like now and what are some of those game changers there?
Ehren Kret [00:27:32]: Yeah, it’s interesting. I mean one of the things I see that’s, that’s always been like a biggest concern for me around just like communications products in general, and when we start talking about the security and privacy elements of them, is that most people aren’t in a position to be able to judge those for themselves. And so they’re sort of relying upon third parties, whether that’s media or people that they know or their friends or family. And so that works well if you have good sources that you can trust. But then there’s also products out there that people think are as private or secure as Signal or WhatsApp or that sort of thing that aren’t into an encrypted at all, and there seems to be a widespread perception that they are. And just how this perception exists and has continued to spread around despite the fact that the product is storing all the messages on, on the server, like is, fighting that perception is, is a, is a difficult problem.
Ehren Kret [00:28:29]: So for me, that’s like one of the challenges I feel like secure communications faces is if users don’t know what is and what is not secure, they just sort of lean towards, oh, well, this one’s the easiest to use,
Frank Cilluffo [00:28:39]: The easiest one to use. Yeah, yeah.
Ehren Kret [00:28:40]: So I should use this. So I feel like that’s one of the biggest threats it faces, just like how to educate people on like, what actually is a secure messaging product and what’s not. And in terms of the biggest promise for secure messaging, I think what we’re seeing is there is a demand for it, people are moving to it and people are talking about it. And you see people increasingly aware of why they want this. So the sort of growing demand from it, and not just from one side of the aisle or the other, it is sort of across the aisle within the US context, sort of bipartisan.
Ehren Kret [00:29:18]: Both, both sides want this. And I think we need to continue to be a platform that is available to everyone to use because you should be able to communicate privately with people. As we move away from a world where everyone gets together in the same room and has a discussion there, you have to have a sort of similar model for online communications, for being able to do communications in private without having to be in the same room. Otherwise we don’t have any way of actually having like a, a private conversation anymore. Because how often do people get together and meet in person these days?
Frank Cilluffo [00:29:52]: True, true. Ehren you’ve dropped so much knowledge here and insight, and I know I’ve learned a lot. What’s the one question I didn’t ask that I should have?
Ehren Kret [00:30:03]: I always think one of the most interesting things about Signal in particular is sort of like all the group system works on Signal and how we are able to build a collection of people who can communicate to each other and sort of manage that state without having a sort of central server that knows all this state. And so for that system, we rely heavily on zero knowledge proofs. And I think there’s a lot of context out there where zero knowledge proofs would be highly useful beyond just the encrypted messaging space. And so I think encouraging more people to think about what are the contexts that zero knowledge proofs are useful in is sort of a good avenue of exploration, perhaps a future topic of discussion. But I think they would be very useful for a number of other things that people are talking about out in the world right now too.
Frank Cilluffo [00:30:57]: Ehren, thank you for all you do every day. Thank you for spending so much time with us today. And keep fighting the good fight. Really appreciate it. Thank you, Ehren.
Ehren Kret [00:31:07]: Thank you. Frank.
Frank Cilluffo [00:31:09]: Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.