There are trade-offs in user experience between a centrally controlled effort an...

sweden · on Dec 29, 2019

It seems to me that these design constraints are more to their benefit than to the benefit of the users because it simplifies a lot the maintenance of their infrastructure:

- By relying purely on phone numbers for user accounts, they remove a good chunk of infrastructure for having to deal with problems with logging in or missing passwords or stealing accounts.

- And by relying on Google Play Services, they avoid having to maintain a push notification infrastructure.

And I'm okay with this! It's smart and effective but I just wish he would be open and honest about it and not spread FUD about decentralization and other alternatives as an attempt to justify Signal's design decisions and make it look like "the only true way of messaging securely".

When he was asked by the public during his talk about the phone numbers, he went a long way to give an answer that didn't really answer the question. It was almost like a politician trying to justify an ulterior decision.

He is a salesman, a very good salesman. A good part of his presentation was not even about the "ecosystem", he just was wandering off-topic walking the public through his point of view. You could see this when he started to sneakily dismiss decentralization with saying "I host my own email" basically saying "So I am an authority on everything about decentralization".

Vinnl · on Jan 2, 2020

> - And by relying on Google Play Services, they avoid having to maintain a push notification infrastructure.

It was mentioned in a sibling comment to GP, but Play Services are no longer required. If you don't have them installed, Signal will use its own push notification infrastructure.

Indeed, this was not always possible, because they had to implement and maintain it first, in a way that would provide a good user experience for users. (And even then, the non-Play Services version is still somewhat detrimental to the user in the sense that their battery depletes more quickly, so it's a trade-off they'll have to make themselves now.)

mirimir · on Dec 29, 2019

> ... mass-adoption and user experience are the first priority of his design constraints.

But then you force users into a risk model where third parties (such as Google or Apple) may know everything, and users must trust them.

pa7ch · on Dec 29, 2019

My point is not that you must agree with Moxie's design choices. Just that there are inherently complex trade-offs involved and Moxie makes choices focused around mass adoption and not for selling the protocol to big companies.

Also, i'm not sure what you mean by third parties knowing "everything" since Signal provides E2E encryption of content and pretty good social graph protection. For existing users of Android and IOS (target market) I'm not sure what extra trust or knowledge Signal users must give to Apple/Google other then the fact that the user does use Signal.

mirimir · on Dec 29, 2019

Users typically don't have root on Android or iOS. How do we know that Google/Android (or maybe telco) aren't obtaining plaintext before encryption?

I'm not arguing that they're doing that. Just that the risk model depends on trusting them not to do it.

And if there is compelling evidence that they can't do it, I'd love some cites.

Also, Signal accounts are tied to telephone numbers. And it's well known that phones by default accurately know their locations. So any app with adequate permissions knows the device's location. And location privacy depends entirely on software settings.