I'd love to use Signal, but in order for me to do so there's a lot that has to be added.
- Real multi device support. I want my messages on all my devices, without having to have my phone on.
- An iPad app.
- A desktop app. I'd pay for a native one, without Electron.
These things are basically table stakes for competing with Facebook Messenger, Telegram, and iMessage. If Signal's goal is to bring encryption to the masses they have to solve things like this, since regular people care less about security and more about convenience.
Although you claim Wireshark, etc. can be used to verify the lack of external communication, the fact of the matter is that it only verifies you aren't sending data to third-parties all the time. It does not mean that it won't do so occasionally, or that (say, if triggered via a message in an existing platform) it won't suddenly send your credentials to someone else and then erase its tracks, or do anything more sophisticated than the naive approach you illustrated. The reality is that open-source really is necessary to prove that nothing nefarious is going on, as unfortunate as that is. I hope you can open-source it in the future so that it enjoys full adoption.
It will be open-sourced at some point within the next 2 years without a doubt.
Like I explained in the FAQ, the plans and the potential are huge, and it would be really silly to risk it all just to become another data miner. Even if it's very sophisticated, and there's a 0.01% change it's found out, why risk everything? Besides, it's simply illegal. All the information about me and the company is public.
I wonder if you have the same concerns about other closed source software like Sublime Text.
> I wonder if you have the same concerns about other closed source software like Sublime Text.
This was an unnecessary personal jab, but I'll respond. Sublime? I don't use it. Software that deals with my credentials just like you do? Yeah, I definitely do. That's why I don't trust closed source password managers either. Text editors? Mine are open source so the thought has never crossed my mind. Other random software like my OS or Visual Studio? Depends; e.g. Microsoft is a huge corporation that has nothing to gain and a lot to lose from keylogging my passwords, but e.g. I wouldn't trust Facebook not to record my audio or fish out my contacts behind my back. Smaller utilities? Yeah, but again, they don't have my credentials at their fingertips, or need Internet access at all for that matter (I turn off auto updates so I can just block internet access for them entirely).
All of which is to say, yeah, I'm not picking on you specifically, but this isn't about me, or about you. I'm just a messenger. Verifiability is the requirement many people have for software that manages their credentials; pinkie promised aren't enough. For some of them, you can make up for some of it by having a big enough reputation to lose, and criminal history to jeopardize in their jurisdictions. For others, you can't. In your case, you don't seem to have that going for you either.
That's cool. When I tried it last it required my phone to be on just like WhatsApp. I'll check it out again.
I still hope they use some of this cash to make a real iPad and Desktop app, though. I'd really love to use the service but those are deal breakers for me.
...and my pet peeve (which Signal explicitly denies on iOS and has some convoluted method on Android) — allowing the user to backup data from the app and restoring it on a new or different device! Don't treat chats as disposable.
- Real multi device support. I want my messages on all my devices, without having to have my phone on.
- An iPad app.
- A desktop app. I'd pay for a native one, without Electron.
These things are basically table stakes for competing with Facebook Messenger, Telegram, and iMessage. If Signal's goal is to bring encryption to the masses they have to solve things like this, since regular people care less about security and more about convenience.