Hacker News new | past | comments | ask | show | jobs | submit login
Signal Desktop beta now publicly available (whispersystems.org)
168 points by vmorim on May 5, 2016 | hide | past | favorite | 62 comments



Signal Desktop has a standalone registration UI that works perfectly fine in the source (https://github.com/WhisperSystems/Signal-Desktop), but this hidden feature has been entirely removed from this version.

Here is a convoluted process that will allow you to register with any SMS-capable phone number, no Android app required:

First, install the Signal GitHub repo (unzip https://github.com/WhisperSystems/Signal-Desktop/archive/mas...) unpacked in Chrome, inspect the background page and enter `extension.install("standalone")` in your console. Enter a phone number to get your verification code. Do not submit your registration using the standalone UI! Keep your verification code for use with the official app.

Next, uninstall the source app and install the official app. Inspect the background page and type this in your console: `getAccountManager().registerSingleDevice("your phone number", "verification code")`. Don't forget to include your country code in your phone number (+...) and remove the dashes from your verification code, or you will probably get an error.

No idea why Open Whisper Systems felt that it was necessary to entirely remove this hidden UI, when it wasn't accessible through any of the standard UI anyways. The feature works completely fine (and has for months). The only purpose this removal seems to serve is to force users to install their mobile app.


I get an "HTTPError: Failed to connect to the server, please check your network connection" for the first part (extension.install). Does that not occur for you?

Edit: Ah, it's using a broken SSL cert (chain is broken). Going to the URL manually and accepting the break works.

Edit 2: The verification code doesn't work.


I just wish Signal was easier to get through a firewall.

"You need to open TCP 31337 and all UDP ports in order for Signal to work." Emphasis mine.

http://support.whispersystems.org/hc/en-us/articles/21369721...

When I first read that I was sure that must largely apply to the calling (voip) features, but testing showed me I was wrong. I couldn't even make messaging work through a firewall so now I sourly use Telegram instead (no private chats by default in telegram??).


No private chats at all for Windows/Linux. It is actually insane that (unless I'm missing something) there is no usable/accessible trustworthy end2end encryption chat program that has both mobile and desktop clients.

Note: Telegram desktop alternative apps have major usability issues at least on Linux.

Edit: Also, many people refuse to install/use Chrome for various reasons, so even if you don't have to open ports, this still won't be a solution.


OTR plugin[1] has been around for years. I have used it on top of icq, aim, skype and jabber. Also there are few clients for android that support jabber & otr.

[1] https://otr.cypherpunks.ca/


OTR does not support offline messages which makes it utterly useless in the modern, mobile world. OMEMO is what it's at.


Try to get an average user to copy their private keys onto android from their adium/pidgin install... Even just using adium with other people using adium with the plugin had all kinds of usability issues for me.


qTox, µTox and Antox do the job. Antox is very batter hungry, but that was it comes with fully decentralized network (DHT nodes setup by volunteers) with complete end to end encryption.

https://tox.chat/


does tox have device syncing yet? I usually set my phone down out of reach when at a computer, but still need to receive messages on the go. I have antox and qTox both installed, but Im not going to convince other people to switch if it's not going to be in a usable state.


> Edit: Also, many people refuse to install/use Chrome for various reasons, so even if you don't have to open ports, this still won't be a solution.

Let's be honest, there aren't many. Chromium is enough to please the majority of OSS people. And if they are not using Chrome for 'security' reasons they are very misinformed.


I don't use Chrome or Chromium because I'm not happy with advertising companies deciding how the web should develop. Companies who's very survival is based on being able to extract information about users, being empowered to pick and choose what goes into modern web browsers due to market share? Great idea, with no possible long term damage.


Better not watch any TV shows, read newspapers, or use any search engines either then. They are all financed by ads. /s

Chromium is the best product on the market. I honestly don't see what negative influence Google's business model has on it. I use Duckduckgo as my default search engine and Google doesn't do any monitoring/tracking in Chrome, despite what most people think.


Hey everyone has their own preferences. I try out a different browser every once in a while, or you may lose out on a feature that the "other" side has, or maybe a degradation that is not. Way back when, the great eagle king of browsers used to be Opera, no competition :) But those days are long gone (and after they fired the Presto team, the only similarity today is the name of the company, don't even bother).

Currently am using Firefox. Recently gave Chromium a good try for a month or so, for my personal experiences, right now best product on the market is Firefox. The address bar / search bar in Chromium is just inferior--you only get ~five autocompletes from your history and bookmarks, total. That basically means there's a reasonable chance the thing you're looking for will appear, but it's not really something you can rely on to navigate the personal knowledge base of bookmarks and history. Not talking about search suggestions btw. The other thing is Firefox Android supports Add-ons, so you can have uBlock and Ghostery on your phone (not even sure why anyone would even begin to consider a browser that doesn't support adblocking?) and Firefox Sync works well, to connect to the desktop and back (gave Pocket a try, didn't like it).

I also use DDG as default search in Firefox, very useful with the bang syntaxes, more powerful than Google (which is just a !g away anyhow). Also in Chromium, so the address bar feels more familiar and somewhat makes up for its lack of power :)


Nice straw man.

Firefox is the best product on the market.

Google makes money from tracking people on the web. They will not introduce or develop new technology to their web browser which hits that revenue stream hard.

By using Chrome or Chromium you are giving them market share and therefore power to shape the future of the web. The future of the web under Googles custodian is more advertising, more tracking and less privacy.

It's pretty obvious.


It's quite a battery killer as well. For a simple IM app, you lose hours of battery life.


Show me where to get a NoScript replacement and I'll consider that Chrome or Chromium might have a clear advantage in security. But if you try to point me at an extension that only blocks JavaScript based on URLs, I'll consider you very misinformed.


NoScript does more than block JavaScript, but if that's all you're interested in, uBlock Origin can block inline and external scripts on a global or site-specific basis.

https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-qu...


This is a misdirection. Nobody is arguing for switching to Chromium as primary browser. One can use it as app framework for Signal.


You will find https:///www.wire.com/ interesting. e2e encrypted, clients for Windows, Mac, Android & iOS. And chats are synched between all your clients. Also .. no phone number required to sign up; use your email.


It's closed source, has no linux client and it's not end-to-end encrypted. https://mobile.twitter.com/thegrugq/status/54017648967774617...

Also have a look at https://wire.com/legal/#privacy


All crypto is open sourced.

https://app.wire.com offers full functionality on Linux.

That tweet you link to is over a year old. Wire is E2EE since March 2016. https://wire.com/privacy has security and privacy whitepapers.

PS. I work at Wire.


Missing Linux native, but that might be too much to ask. Thanks for the link. I'll give it a try.

Do you know if it's open source or at least gone through an audit?


The crypto modules are indeed open source. https://github.com/wireapp

I don't know whether they have been formally audited.


That would be the source of some crypto code, not necessarily the code the app itself uses. Since the app is closed, there's no way to verify.


How is client sync possible with e2e?


Why wouldn't it be possible? The app knows who is sending to who and which devices are linked.


Because if it's end to end encrypted each device would either need the same private key to decode the messages or each message is encrypted with each devices public key.

This would require some kind of key exchange i.e. scanning bar codes.


There are probably a million ways to deal with it.

I haven't looked into it at all, but one way I just thought of right now is to have your own devices p2p the message among themselves with original sender's information after the one used most recently receives it.


I've noticed that a new device added to the account will not see the history. It only sees those messages that are received or sent after it has been added to the account.


There's no technical reason that the synced devices couldn't distribute the missing messages amongst themselves. :)


Signal also syncs its e2e encrypted chats


Client-to-client, simple as that. Pushed in encrypted form like regular messages.


It's possible because chats are not end-to-end encrypted.


The UX of the official Linux desktop Telegram client is really nice, IMHO. Simple and snappy even on a low-powered netbook. Syncs perfectly and immediately across devices. Copy/paste/drag/drop of images and files works very well. I also like the option-on-hover "drop here to quickly send compressed photo / drop here to send without compression" for its ease of use. Although given I had to explain some people, less curious / techsavvy people may not discover it or notice it.

But yeah, no encryption to speak of. So I'm no longer going to recommend Telegram over Whatsapp :) Just pointing out how much I like the UX of the Telegram client, no reason why you couldn't have that on a properly encrypted platform, after all :)


Am I missing something? Why would you want to use an alternative app for Telegram on Linux? Their own app works a dream for me.


No encryption which defeats the purpose of using it.


> I just wish Signal was easier to get through a firewall. ... I couldn't even make messaging work through a firewall...

That's really, really strange. I sit behind an IPv4 NATting router whose policy is "default REJECT unless the packet is related to a connection that conntrack knows about". [0] The device also runs UPnP, but Signal never attempts to forward any ports. Full disclosure: I have good IPv6 service, but textsecure-service-ca.whispersystems.org doesn't have any AAAA records, so I don't see what that would have to do with anything.

My friends and I can use both Signal text and voice messaging without issue.

Just what sort of obscenely restrictive firewall are you behind?

[0] You know, a typical NAT firewall configuration.


> Just what sort of obscenely restrictive firewall are you behind?

Many companies block outbound on non-well known ports, for various reasons. tcp/443 is almost always available though.


> Many companies block outbound on non-well known ports...

Mmmhmm. Yeah, I'm aware of that. :) However, click170 made no mention of a corporate firewall. He said:

> I just wish Signal was easier to get through a firewall.

Which is dramatically at odds with my and my friends experience with Signal; namely that it passes through firewalls with no configuration required.

If he would have mentioned that it was a corporate firewall that he was trying to get through, I expect his comment would have been much less popular, and much less confusing. :)



Thanks. I hadnt seen that.

That last comment makes me wonder if they understand the objections being raised in that ticket though.

8443 != 443


What's with all the weird restrictions on using Signal? Why do I have to register via an Android account? Why not a simple messaging app that just lets me message anyone else with the app with no bullshit?

Signal has done an excellent job of branding itself as the one true E2E encrypted messaging app made by real experts, as against e.g. Telegram. But the actual product is hugely disappointing because of these apparently arbitrary and, in the case of requiring a phone number, privacy-damaging restrictions.

I'm ready to look for something else.



Even if I could get over it using Chrome as it's runtime environment requiring a phone number is a deal breaker.


Indeed! I can not understand the logic of using phone number in such apps while many security experts (like Jacob Appelbaum) call cell phones as little tracking devices which allow you to make call and send text with! Such a disappointment!


Tried signing up for Signal using a RingCentral number. The callback verification triggers way too quickly for a VoIP call to propagate, answer and verify.

Gave up. =(


Google Voice works in my experience. Just to be clear because I know moxie reads hn... What should happen differently?


Solution: introduce a sufficiently long wait to allow for call to connect and pick up


I believe this is something they'd have to talk to twilio about?

Have you had any experience with twilio? Any problem receiving calls?


I didn't know Signal used Twilio on the backend to verify. I haven't used it myself but know someone that works there. Maybe they can help look into it.


It really would make sense if Signal would support more than just phone numbers as identifiers. It shouldn't be too hard: in the protocol, use URIs as identifiers, using tel: (or sms:?) for mobile phones, mailto: for email addresses, maybe urn:uuid: for general UUIDs.

I've not looked at the internals — it's possible of course that it already does exactly this.


This is 1 month old...


This is back from April. Why is it on the front page now?


Collective audience amnesia + use of weasel words like "now" + said audience's hard-on for anything encryption-related.


Android only


Is it only me or does the UI look an awful lot like WhatsApp Web ?


But does it work on iOS?


Downvoted because this information is trivially discovered. :(


I guess you missed the ironic intent of my comment. To spell it out explicitly: Signal desktop still doesn't work if you have an iOS device.


Is there a specific bug for iOS compatibility?


Ugh.

Check the second result of [0] (entitled "What is Signal Desktop? How can I sign up?").

[0] https://encrypted.google.com/#q=%22signal+desktop+ios%22


From what I see your link does not provide a ticket item but a plog post which is an entirely different thing.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: