This is a clever way to do this, but it still seems like someone caring about their privacy should just do without gifs.
Edit: I should rephrase - I mean someone with a larger-than-usual need for privacy, someone paranoid for a reason. This is great for the typical privacy concious user. But if I was sending documents to WikiLeaks, I would not sum them up with a cute GIF.
Except that history has shown us that theoretically secure but feature deficient systems lose out to less ideologically pure systems that provide what users want, leaving the sum total amount of security provided to be less.
History shows us that you can't compete by being a lesser version of something else. There's nothing wrong with trying to make the application more attractive, but at the same time trying to shoehorn in features rather than doing things where you have an advantage is less likely to be meaningful.
A feature like this doesn't really matter in the context of competing with mainstream messaging services because their value is to a large extent in things like brand and network effect. The notion that you're just one feature away from mainstream adaptation is often a misconception. In reality there's limited potential in living in the shadow of something else.
I absolutely agree. Instagram/Facebook/Soundcloud have lost my interest as they've added extra features which just clutter the UI and distract from the purpose you were using the site in the first place.
If your original product isn't working. Maybe try being a different company.
It would be more interesting if people could reply why they disagree. I'm not the first one to come to this conclusion, hemlis is a public example. You simply can't compete with large companies several years after the fact without differentiating.
> And as Signal only tries to copy the features WhatsApp and co already have
Thats simply not true. WhatsApp does not support gifs, for example. Signal also has some features that others don't.
> they’ll get exactly the same security with WhatsApp, Telegram or Threema, and exactly the same features.
Telegram is less secure by miles. Threema is less secure by yards. WhatApp is less secure by inches.
> "You can create your own federated server"
Signal has never claimed that you can "federate" the server. They only mentioned that this is a feature that they might work on in the future. Since they have publicly said that they are not gone do so.
You keep repeating untrue claims in every thread about Signal, despite having been proven wrong before. At this point, I'll just have to assume that you're not interested in having a factual discussion. See, for example, https://news.ycombinator.com/item?id=12689390 and its descendant posts.
At what point has Signal ever indicated that they were targeting users that were trying to send documents to wikileaks (or require similar levels of privacy/security). They have consistently said they are trying to build a messaging app that normal people want to use over stopping targeted attacks. eg [0]
Well, than I guess I got the wrong idea about them. I thought WhatsApp was supposed to be "for the common people", and Signal was more targeted towards the paranoid.
Signal is suitable to the paranoid, while targeting "normal" people. Snowden uses it, so that's a good indicator for the paranoid.
Similar: If my mom uses it as well, that doesn't mean she's paranoid. (And I'm not saying that you said this.) And interestingly, knowing some paranoid people (by disease not profession), they usually don't care about this.
And what I was originally trying to say, is that people like Snowden, or more precisely, people requiring Snowden-like security, should probably not use this feature despite the very impressive way they made it more secure.
Why should those of us who care about privacy be required to limit the media we use to express ourselves? By including this functionality Open Whisper Systems is giving the privacy conscious a way (albeit experimental) to have our cake and eat it too.
I also think it's fine as long as they clearly communicate to the user that their search queries will be transmitted to a server not controlled by OWS.
You seem to think that those options are exclusive when in fact gif memes are a blatant example of how they aren't.
The original creator of (say) a video expresses something, a remixer expresses something when they cut it into a gif, and you're expressing something when you send someone the gif in a conversation. The thing that's expressed is almost necessarily different, and each step involves creative choices.
When Ben Franklin said "those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety", he was making the point that, in his eyes, it would be foolish for the government of Pennsylvania, seeking help from the Penn family, to give up their freedom to levy taxes on the Penn family. When someone uses the same quote today, are they making the same point?
Martin Luther King was a full-throated advocate of affirmative action, which is to say applying penalties to white people for being white. When someone today talks about "a nation where [people] will not be judged by the color of their skin, but by the content of their character", are they supporting the same idea?
So, I am an "HN bro" now...
Because I don't think this feature can possibly be up to the highest standards of security, despite being very cool and clever? I guess there are worse things to be called.
If your aim is to get more people to care about privacy, or to enable those who care about privacy to convince their friends to use a more private app, these things help.
This is Signal jumping the shark. Why is searching gifs their responsibility? Non-essential features should be skipped there is a single shred of security concern, which we can see there is.
They know that for a bigger adoption they need those usability improvements, at the same time, they make sure additional features don't compromise the security expected from their app
I've been really impressed with Open Whisper's focus on usability and functionality. So many privacy products take the stance of "if you care about privacy, you won't want to do this", and it seriously harms uptake.
Meanwhile, people are accidentally leaking their phone numbers and their contacts' phone numbers because Signal replaced fingerprints that could safely be posted publicly with QR codes that can't, and didn't explain it: https://twitter.com/webster/status/793657469381713920
Shit, really? I hadn't published any QR codes, but I sure didn't realize that was part of the new system.
That's a pretty bad round of dropping the ball... Normally I respect that OWS explains security stuff in detail if you care, but also has a product that "just works" if you use defaults without much knowledge. This is pretty much the exact opposite of that, where they released a dangerous default with minimal explanation even for people who do read their stuff.
Is there a federated and/or self-hosted alternative to Signal with similar privacy and security properties? Even if it supports fewer platforms?
I've been getting more and more interested in running my own (and perhaps my friends') infrastructure, but I haven't found anything better than IRC for chat.
I run a Synapse server (http://matrix.org/) which is federated and works very well. There are many clients but the nicest at the moment is Riot. Full encryption is now available in the Riot webclient and it's coming to the app soon.
I'm just a Matrix (and Signal) user, I haven't yet had a look into its encryption implementation yet, but for those who are interested, I think these are the docs:
> "but I haven't found anything better than IRC for chat"
If IRC was your best bet so far, you might want to have a look at good ol' XMPP aka Jabber. If you're into Android, with Conversations [0] there's a suitable client which supports end-to-end encryption. For other OS there are many other choices with different encryption options. While OTR (Off-The-Record Messaging) might be the most popular one, it unfortunately makes multi-device-support kind of a bumpy experience.
Run an IRC server on 127.0.0.1 on a dedicated server you control and allow access over SSH only. Connect to IRC through a command line client in a tmux session or similar.
"For instance, if someone messages you with an invitation, you might want to write back with a message that says "I'm excited." With integrated GIF search, you could instead do a GIF search for "I'm excited" and send one of the results instead."
What? Why? Is it some kind of attempt to become a new "cool" app? Sounds totally useless function to me, but if it helps to get more users, well, maybe that's a good thing.
Why? Because lots of people like sending gifs and prefer to use messaging apps that support them. If it's totally useless to you then fine: don't use it.
Yeah perhaps, but that would complicate the app development quite a bit. I'd rather see company invest developer time in other ways - maybe bringing desktop client support.
Yes, but it's done at a lower level, which enables a host of attacks, like the announcement says. What I'm talking about would just encrypt the payload, so none of the metadata would be encrypted (and thus preserved).
Although I guess you'd also need to specify a "reply" public key in the encrypted data, so this is becomes more of a protocol.
I don't have an iPhone, but with the Android client at least, you can disable image auto downloading in the settings page. If you hate fun and are dead inside.
> The GIPHY service could use subtleties like TLS session resume or cache hits to try to correlate multiple requests as having come from the same client, even if they don't know the origin.
How would a cache hit mean same user tried to search? TLS session resume, I can understand but cache hit only means same resource was accessed not same user tried to access.
I don't know which attack the Signal guys had in mind, but usually how this works is that the server serves a file with a unique ID to a person, sees that it gets requested, then serves the same thing again in a subsequent request to a suspect, sees that it's not requested, and treats that as evidence that the two accounts are actually the same person.
It's obviously easier when you can correlate this with a single account, but that's the gist of the attack.
But this will correlate one file to that person and will not be able to correlate multiple file requests that they all belong to the exact same person.
Great! Now that these easy, low-hanging-fruit features are taken care of, maybe we'll get some of the more involved security oriented ones, like, IDK, having an indication if I verified a contact or not so I can, you know, know whether I should verify or not when the opportunity presents itself.
People underestimate a lot the power of "useless" features, if well designed, to attract new users.
Telegram's Stickers are probably one of the features that most people feel other messengers lack to make people enjoy using it. Lots of friends are actually communicating daily through GIF's.
And when she has them, it'll be something different ridiculous. Seriously, this is what whatsapp is for. I don't see why we have to dump down EVERYTHING for those people.
From my own experience the biggest reason is that "my friends are elsewhere". I force my gf to use signal, her mother started to use it too because of that and because she wants to have PC problems solved by me. Same goes for other people that want to interact with me through an communication app like Signal. Other just have to call or write an SMS. Those functions are still there.
You call it 'dumb down', I call "useful way of communication". Gifs are a form of communication. You might not use it, but most people do.
Signal will not get traction because people want to have their PC problems fixed by Nerd friends. My IT club group chat are all nerds, yet we still do not use Signal, because things like gifs were missing.
The Strategy of Signal is to make a mass market chat client that is save. Not a nerd utopia chat client.
> EVERYTHING
Everything? Really?
I don't remember my mother asking for reproducible APK compilation. I don't remember her asking about the the forward security properties of the communication protocol.
> Gifs are a form of communication. You might not use it, but most people do.
Just like most people use whatsapp and I don't want to stop them at all. BUT there is a demand for a secure communication application that does just this. Secure communication.
I don't say they should never put in funny gifs or whatever is fancy or trendy aka "necessary" today when they are done with it and when it does not risk the main claim of the product at all.
But seeing that the priorities switch to really unnecessary stuff when there are so many important things that could be done with that, is sad and bringing in a bunch of trendy kids ideas in there won't help at all. You may be happy with your gifs then but if this is the case, and those are the features you consider important, you many be more of a problem for this product and the claim then a gain. And honestly, Signal survived without it, it wouldn't die not having it.
> My IT club group chat are all nerds, yet we still do not use Signal, because things like gifs were missing.
So what do you say? Would your "IT club" fall apart without it? Would you switch to unsecure messaging without it? If yes: Signal should not care about you at all because the marked is already covered with alternatives better suited for you. If no: why are you arguing with me?
Edit: my god...I misread that in your favour. You really don't use Signal because there is no gif search in it....this is...I don't even..
> The Strategy of Signal is to make a mass market chat client that is save. Not a nerd utopia chat client.
If their priorities are gif search and not an account without a number, secure contact sharing or all those other requests that have been out there, they will end up being not more then what WhatsApp is atm. If you think this is a viable marketing method, you should join a economics club instead.
> I don't remember my mother asking for reproducible APK compilation.
I was talking about the app in general. We have enough apps out there with fancy trending useless crap you miss so much. It even uses the same encryption. We don't need more of the same.
Encryption is only really useful when everybody participates. Otherwise you just have to arrest the people using it. So dumbing it down is actually pretty important.
Or basic message reliability? There's no reason I should be getting "Bad encrypted message" so often. Or tons of repeats. And out of order messages. And random deliverability problems.
And it seems like it has a way of picking just the right time to fuck up. Right when there's a big question or when I need to say something important, bam, Signal will start being erratic. Plus the repeat messages has on at least one occasion ended up providing a totally different meaning.
I'd say with one particular contact, we exchange screenshots of Signal over MMS once a day to avoid misunderstandings.
I've given up on Signal (for now at least). Yes the encryption and privacy is great but without a decent desktop client it's hard to get others in my network to switch to it.
Two things bothered me about the desktop application - it runs as a Chrome application rather than in a tab (not sure if there is a technical reason for this?). If I care enough out privacy to run Signal then I probably don't want to broadcast to anyone watching my screen that I'm running it (like a boss walking past etc) and would rather bury it amongst my other open tabs. I also couldn't find any obvious way to sign out of or lock the desktop client - if this isn't just user error then it seems like a significant oversight for a secure messaging app to not allow the user to control access if someone else was able to access the computer.
It also really bothered me that signal doesn't give me better control over what contacts can see my phone number. When I signed in I could see phone numbers for a contractor I had used for remodelling my home. The desktop client had them listed as someone to message on the default page. It's not a huge deal in this situation but if the phone number was for someone I no longer wanted to be in touch with (a former partner etc) then there was no obvious way in either the Android app or desktop client to block them. I assume that the other user can also see my details - security should include having control over who can see your phone number.
Edit:
Screenshots from the desktop app as a response to comment below:
There is a desktop client. It's packaged as a Chrome app. Some people downthread think a "decent" desktop app must be (more) standalone. You seem to think a "decent" desktop app should live inside a browser tab. It's hard to make everybody happy. People need to stop claiming there is no desktop app just because the very clearly existing one does not fulfill their own arbitrary set of criteria.
I don't know if you can sign out within Signal desktop (I assume you can, but I can't verify at the moment); you can sign out existing Signal sessions from within the mobile app.
The phone number is Signal's account identifier. You don't see somebody else's phone number because you've got them on Signal, you're seeing them on Signal because you've got their phone number. So you're worried about people having access to your phone number who already have access to your phone number. Signal using phone numbers as account identifiers has it's issues, this is not one of them.
I don't mean to be negative about Signal. I appreciate the work they have put into it and understand that the platform is maturing - as you said, they can't please everyone.
The chrome app vs tab is definitely a minor issue related to user preference. It's not a deal breaker for me personally but others in my network (who are less concerned about privacy) will not switch if it's not easy. Not being able to sign out is a possible deal breaker and seems like basic functionality that has security implications.
Thanks for the information about the phone numbers - I understand that they aren't a "contact" in the sense that we added each other. I do think the issue of having control over who can see my phone number is a valid one though. How would I block someone I no longer want to have contact with without changing my phone number? Again, this seems like basic functionality for a platform that is concerned about security and privacy.
Here are screenshots from the desktop app showing the only options I can see:
http://imgur.com/5nK07ER - the default screen (includes the contact that I mentioned in my first post as someone I can message right now.)
Okay, I checked now, and you're right, there does not seem to be a way to sign out (or, as they call it, unlink) the desktop app from within the desktop app. I agree, that's weird.
As a workaround, you can unlink using the phone app[1], and I assume (but have not checked) deleting the desktop app will also work.
Thanks - I see it in there now. For anyone else looking for it, it's under options/conversation settings when you are in conversation view. Thanks again.
I can live with it being a Chrome app, but I'd really like it if I could use it to send messages to people who don't have Signal (like I can with the Android app). Signal mostly takes the path of being a drop-in replacement for my SMS app, so it seems a shame not to do the same here.
Not sure if I should laugh or cry.
I don't know what half of the stuff is I have to download there on a system I don't usually run.
It's nice to know that it is possible to somehow get this running without Chrome and thanks for that but, hell...this is what I'm talking about. Wasting time on decorations that are now available through one button vs. THIS or the PUP version of it.
1) We're moving from a mobile-first to mobile-only world. This prioritization shows that the signal team are fundamentally pragmatic.
2) Most people rely on cliche to communicate. It's obvious that gifs are another cheat that is being commonly integrated by most people. It's kind of silly to avoid acknowledging the reality of how younger people are commonly communicating.
3) Please don't be sad because a software team prioritized a feature you don't like. You deserve to have more control over your own emotions. Why would you let a software feature have such a drastic impact on your own happiness?
I think the key thing is not to sacrifice performance for form. Add all the stickers, GIFs, bots and other fancy features you want. But never let load time get under 200ms. Lots of people talking about how this makes it more broadly applicable but Facebook didn't just beat MySpace on simplicity of use and Farmville access, they also beat them on speed and reliability. Not mutually exclusive either. Keep up the good work.
Read this article yesterday (https://www.techinasia.com/line-dev-day), and the introduction was eye-opening. tl;dr people like that extra stuff in messaging apps.
Sure they do. But how this go together with security awareness? We are talking about a different market here and as I've posted somewhere else: sure we can have all that trendy crap in there at some point but please don't move that BEFORE the bigger issues out there. Let's not forget that we are talking about a free app here. If this app is being developed with an eye on monetizing at some point, chances are it will become insecure with that and just join the rows of chat apps out there already covering all that trending features. Which will lead to a different app covering the needs of people who use Signal today because they need secure messaging not another app with dancing puppies.
How is this the same? Canonical proxied every search term you've ever typed to Amazon. In Signal, you have to explicitly click on a button for anything to happen.
It's also a real app[1], independent from the phone's: after the initial key exchange, you can send/receive messages even when your phone is off
[1] Compare with the Whatsapp webapp, which solves/sidesteps the E2E encryption among multiple devices conundrum by simply routing everything through the phone. The Signal app is also written with web technologies, so it might not be palatable for everyone, but it's a good compromise imho
If you open them in a browser when you're offline, you won't be able to load/read your messages (yes, I know about HTML5 manifests for offline data... but that's a mess), but with Signal you can.
Moreover, being able to vet/verify the updates (which you can apparently even block altogether) before running the app is of paramount importance for a secure app like Signal.
With a run-of-the-mill webapp that's also impossible.
Again: tradeoffs. I'd prefer if Signal desktop was built on something different, but I still happily use it as is everyday.
Now if they would just resolve real bugs (like many people not being able to register to Signal), that would be maybe cool (but as they implemented Signal Protocol to WhatsApp and others (if we can trust code we can't see) I can't say I see any point in it).
Maybe I am wrong, but it lost that appeal it had some time in past.
Wire transmits your plaintext GIF search terms to the Wire server. Their privacy policy even allows those searches to be logged. Combined with Wire's already bad e2e encryption and metadata story, I don't see how you could consider this "catching up."
I'm not sure why you would say something like that. The original TextSecure and Redphone apps were exclusively on Android until it got bundled into a single app and released as Signal on both platforms. Android is still often ahead, and seems preferred much of the time.
So they made a screencast and blended it with a video of a hand touching a phone to avoid shadows and improve image quality. Is that really your takeaway from the article?
Edit: I should rephrase - I mean someone with a larger-than-usual need for privacy, someone paranoid for a reason. This is great for the typical privacy concious user. But if I was sending documents to WikiLeaks, I would not sum them up with a cute GIF.