It's good to see Acton quoted; he'd been so silent since his donation-to/association-with Signal that I was beginning to wonder if behind the scenes, there'd been a falling out.
However, these "enrichment features" from Signal over the last 2 years are less than what competitors like Telegram put out in 2 months.
Really basic things remain undone. Like being able to carry your contacts/message-history forward across planned device-upgrades on iOS – https://github.com/signalapp/Signal-iOS/issues/2542 – 4.5 years after it was "on the roadmap".
Many of Signal's novel cryptographic innovations, while cool, depend on trusting Intel SGX: both as a technology & in Intel's stewardship of the master keys/attestation-chains. Many cryptographers don't believe SGX will be technologically reliable anytime soon, and much of the world will probably see US-based Intel Corp similar to how the US sees China-based Huawei.
I second this. I like Signal and appreciate all the efforts people put in. But I don’t really care how Signal added cute stickers or optimized image showing. I just need a privacy app and keep my data. The only reason I didn’t recommend Signal to my non-tech friends was not being able to migrate/export chat history on iOS. This seems to be such a basic (not necessarily easy) thing to do but they just didn’t do it.
> But I don’t really care how Signal added cute stickers or optimized image showing.
That's maybe true for privacy enthusiasts. You severely underestimate the need for these cutesy features when targeting mass market though. I claim stickers are much more important for that than data exporting.
Personally, I don't care much for features supporting cyber-grooming. What's the point of using cutesy features to attract users who don't care about security, just so someone else can _securely_ cyber-groom them?
Are you somehow equating stickers and grooming? That takes quite a leap of imagination.
Stickers aren't targeting young audiences in any sense. It's very weird to draw such conclusions just if you're not using them yourself (if that's the case).
There isn't much point in having a secure chat application if you want all your chats to be portable and exportable across devices and operating system upgrades. You may as well just use Telegram and opt for 1:1 secret chats for when you actually want security.
Signal offers this backup/restore function on Android – where about 60-70% of their users are, if I understand the Wired stats correctly.
So user-controlled portability doesn't seems fatal to the "point" of having a secure chat app, there.
My workaround, last time I upgraded my iOS device, was to screenshot all the old conversations I wanted to retain. Pictures come over just fine! Did Signal forcing me to do that make me more secure?
I think they just hate iCloud. (Perhaps while they trust Intel, they distrust Apple? It'd be great to know why.)
Well, I don't trust iCloud with my device backups, either. There are other things, in other apps on my phone, more sensitive than my Signal logs.
But it seems Signal is holding my chat histories hostage because they don't trust me. And it seems their ultimate plan for this will require me to use some Signal-run, Intel-SGX-mediated 'trustable cloud' for my contacts & messages. No, thanks!
A backup method that just copies it _somewhere else on the same device_ is not really a very useful backup. It involves manually moving files around if you want a real backup, which feels very antiquated in 2020. Why isn't there some way to automatically store my (encrypted!) backup via a cloud backup solution, whether that's Google Drive, Dropbox, or just allowing it to be backed up as part of an Android backup?
Doesn't copying device data to another device, such as a laptop or desktop, do that? I mean... it's not cloud based, but I _thought_ it was a full local backup.
> There isn't much point in having a secure chat application if you want all your chats to be portable and exportable across devices and operating system upgrades
Sorry but I don't understand this sentence. Why?
Like, I get that it's challenging from a technical standpoint, but I absolutely don't see why it would be pointless?
Riot/Matrix does it: it's far from mature/polished—plenty of room for improvement—but it uses double-ratchet, and it functions.
Storing conversations is introducing a massive security hole. One single person in a group can compromise every message from every user.
Secure messages shouldn’t persist and if they do they aren’t secure. Being able to export, upload, and restore an entire conversation history is the opposite of secure.
There is no point in using a secure messaging system if your entire conversation history can be downloaded the minute a single person in your group loses physical security on their device. Just use FB Messenger.
This is a nice, but ultimately utopic, non-sensical, impossible security requirement. I take your point that anything persistent is insecure, but anything received is potentially persistent.
There's no such thing as perfect security, there are only levels. Even a system with some hypothetical form of perfect plausible deniability designed into the receiving end could be compromised via transit metadata.
Saying persistence makes secure messaging pointless is pure hyperbole. Encryption protects against a broad range of threat vectors, some simple, others extremely challenging. There's value in every measure.
Could this be because of a non-compete clause agreed on during the Whatsapp acquisition by Facebook. I heard Whatsapp team was around 50 people, wouldn't be surprising Zuckerberg wanted some extra assurances.
> However, these "enrichment features" from Signal over the last 2 years are less than what competitors like Telegram put out in 2 months.
It should be noted that most of these were released at breakneck speed in the past couple of months. It feels like they spent most of the past two years hiring and training new people, probably stabilising the code bases a bit, and that that's now starting to pay off.
"Many cryptographers don't believe SGX will be technologically reliable anytime soon"
E.g. for online backups, SGX will only handle rate limiting. If you're using sufficiently secure password (+80 bits), Argon2 will provide robust enough security for your login and not even a backdoor in SGX matters.
this popped up a few days ago. Could become an interesting alternative ode day. It's p2p based (no blockchain nonsense):
> Session is an open-source, public-key-based secure messaging application which uses a set of decentralized storage servers and an onion routing protocol to send end-to-end encrypted messages with minimal exposure of user metadata. It does this while also providing common features of mainstream messaging applications
Kind of unfortunate that Matrix is probably not focussing on making the protocol and apps easy to get on and use Matrix/Riot as a WhatsApp, Signal replacement for end users (person to person comm). It seems to be just for teams and orgs (Slack, Discord).
RiotX (the next gen of Riot) is a Matrix client from the core team, designed to go up against WhatsApp/FB Messenger/iMessage by default... and then expand into Slack/Discord style use cases for powerusers who want that. It's currently in the final stages of beta on Android: https://play.google.com/store/apps/details?id=im.vector.riot...
The fact that there exist other clients that are specifically "built with user experience in mind" (Ditto) or built "to be a Matrix app that
everyone can use" (Pattle) sometimes makes me wonder why that would not also be the goal of the official client?
I think RiotX is supposed to replace Riot eventually, at least the Android client https://github.com/vector-im/riotX-android. Didn't find a link for an iOS client though.
... they also cite this as a bottleneck for adding non-phone identifiers. It seems like they are putting the infrastructure in place to fix a lot of the remaining usability issues that people have with them.
'Secure Value Recovery' that will rely on their newfangled, Intel®-SGX-dependent trustworthy cloud key services.
Why do they need me to trust Intel, or novel crypto/software that might be deployed in... when exactly? Why can't they let me just trust the same secure backups that all my other sensitive data/communications are in?
SGX that, as a user, you can't even verify is in use.
I really don't know why they're focusing on things like this. It does nothing to increase evidence-based trust, so it's no better than saying "we added a rate limiter, and delete keys after X attempts" (which I'd be totally fine with, and they could probably put in place in practically no time). Either way you're still relying on them doing what they said they're doing.
What I think is most notable about this article is that they go out of their way to point out how its significantly more difficult to roll out all these "user nicety" features everyone expects, when you live in a world where you can't just "let the server know everything" (like many other apps people often compare with).
I think it’s a good case study on why the state of security in the world is the way it is right now; people want convenience more than security.
I even fall victim to this myself: Signal not having a search history or losing message history when activating a new device is often too much of a show stopper.
I really hope Signal will be able to pull this off somehow, but seeing how much these type of apps rely on a network effect, I am skeptical.
Lack of search is just a lack of a locally-implementable feature. There's really no security reason why it would be more difficult.
Transferring to a new device, on the other hand, does get somewhat more complicated. For ease of use, the data needs to be placed somewhere intermediate. That being said, I can understand Signal's hesitation to embrace Google's cloud storage options for such a feature.
> The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years—thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.
Seriously, Signal is probably the app that’s focusing least (and also slowly) on being more appealing to the mainstream and to large groups of people (protesters and activists) who might benefit from it, because:
1. It relies on a phone number for signing up. Worse, it exposes your phone number to everyone who has your number in their contacts list, thus allowing enumeration attacks (like what was done with Telegram in Hong Kong, where Telegram quickly pushed a fix).
2. It’s 2020, and it has no chat backups on iOS. Change your device and you lose not only all your old chats, but also group memberships (you have to figure out how to rejoin groups and then face issues like not seeing other members).
Overall, the “breakneck speed” of development that the article speaks of doesn’t actually exist. If they want to see real breakneck speed in adding features, they have to look at Telegram for comparison and then decide what words to use.
If you want better accessible alternatives and E2E and cross device sync and backups, take a look at Wire. Support wise you don’t get much from it, since the company is focused on paying clients. For the free tier users, it already provides more than Signal can in 2020.
I see “no backups” as a feature, not an issue. If there are backups, that means that someone can a) steal them b) or ask to see them (government). I use signal a lot with a few friends, and we all know that the what we share might immediately disappear, and that’s ok.
I don’t disagree with your stance, but my argument is against the claim that they’re developing features to appeal to mainstream users. No backups is not a mainstream feature.
They statically link a openssl library for their forked version of sqlcipher, which makes it impossible to build signal on anything other than ubuntu.
Static linking against an old openssl library is also not that good for security reasons, which imho is a bad sign if you say your chat programm stands for security and privacy.
The AUR has a working patch so it clearly isn't impossible. You can probably follow the same procedure. So I just wouldn't say that it is impossible to install it on non-Ubuntu distros, just not trivial. But this seriously doesn't look complex.
Also, wasn't Signal pushed into the main repos recently?
Of course you can replace the dependency, but do you know if it is 100% compatible?
My point was that as long as the maintainers don't give us the reason for the static link or the custom dependency, we can assume we can replace it, but we don't know.
Could be that it works, but it uses an insecure cipher, could be that there is a silent corruption.
Nothing is impossible, just means you have to reedit and patch each time and know you running untested things for a secure application.
I cannot fathom the proliferation of phone-only messaging apps.
Am I really the only person who prefers to type on a full-sized keyboard, and see my multiple conversations on 27" screen, as opposed to one and a half inches of no-feedback glass surface? :-/
I went to Signal site, downloaded the Windows app, and once installed, it asks me to link my phone. No option for any other signup. NOwhere in the download process or on main site does it warn me that this is a phone-only app. The desktop app itself simply starts to a "Connect your phone" screen with no explanation why I have to do it, whether there are or aren't alternatives, etc. Nothing about this is remotely user friendly.
I have half a dozen laptops, two phones, few tables at home alone; the notion that I must be crippled to only communicate via the smallest, least practical communication device I own; and then be horribly crippled in attaching one-at-a-time additional device but with crippling dependency on said phone... I guess I'm a negative focus group and completely out of touch with the realities of the world, but I cannot imagine or understand who wants to live like that :-/
You're not the only person who prefers to type on a full-sized keyboard, and I share your preference. But you should recognize that you are in a relatively small minority of users, and that Signal has made the eminently rational decision to focus its efforts on the majority use case.
If you look at Signal as a response to SMS, WhatsApp, and iMessage --- the messaging platforms most people use --- its most controversial decisions make a whole lot more sense. Doing that requires people to accept that Signal wasn't necessarily designed for them, and that in order to decisively solve the problems it has set out to solve, it's had to make tradeoffs that cut against what other people want. That's unusual for a startup! Startups usually try to make everyone happy! But then, Signal isn't a startup.
Meanwhile: you're ultimately going to get the Signal that you want. A desktop-based, phone-untethered Signal seems inevitable; in fact, it seems like we might get it not that long from now. But we're certainly not going to get it on the timescale that message board people want to get it on.
In fully recognizing that I am a minority case,I am sceptical signal and whatsapp will *ever have a fully untethered protocol with desktop as a first class device. My understanding is that it would require a complete rearchitecture... For no benefit other than to appease a few grouchy nerds :-)
Pity; even though all of my family use whatsapp and are unlikely to move, there's a fascinating look on their face when they first ponder the idea they could've picked up their conversation on their big tablet when at home. It just doesn't occur to them to expect / demand more :-/
> I am sceptical signal and whatsapp will *ever have a fully untethered protocol
It sounds like they may want to do this eventually, but it requires some significant re-engineering of how users are identified on the network. This is mentioned near the end of the article:
>That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. "I’ll just say, this is something we’re thinking about," says Marlinspike. Secure value recovery, he says, "would be the first step in resolving that."
My understanding is that it's not an architecture thing, but an authentication thing: SIM/# as ID is just too practical for both dev and user and they have no plans on changing that.
You're closest hope for a skype replacement that runs equally on all platforms is tox, which requires managing your key.
>SIM/# as ID is just too practical for both dev and user
In what way is that practical for a user? Once i've chosen an ID and password for a service I can easily type that in using literally anything that can connect to the service and spew out some characters.
An id linked to a SIM/# is is a real pain in the ass when you need to change your SIM/#, hence why i've got a bunch of old contact numbers for people stored on my phone alongside new ones so I can talk to them on whatsapp or signal and have it show me their name still after they change numbers.
I've also got a bunch of whatsapp contacts that aren't even people I know any more because their numbers no longer belong to them. People who's pictures and updates I can see who I don't recognize or know.
SIM/#'s are ephemeral in a lot of places, I know people that change them fairly regularly, having that linked as some kind of identifier is not good for users.
This is just me making an assertion, so take it for what you will, but the typical user cares a lot more about contact discovery than everything you mentioned, so an authentication system that makes that work more goodly is quite practical for them.
In both situations I have to have a contact's information already to find them. For a ID/password, you need your contact's ID to find them, for a SIM/# system, you need their phone number, every person I talk to on whatsapp or signal have given me their phone number, or vice versa, so we can communicate through those platforms.
I had some friends that used Kik before, they had to give me their username. These two scenarios are exactly the same, in both cases I still need info from my contact before finding them. Only, an ID is more secure, because it can be used only with one service if you so choose, with a SIM/# you have to give your contact your phone number, allowing them to contact you through any other service you use that number with, whether you like it or not.
I cannot see any benefits of that system for the user that you don't get from a ID/password and some cons that personally, I find unacceptable, such as the afore mentioned, seeing stranger's pictures and info just because they have a number my friend used to have, that's downright creepy and makes me wonder how many people who've saved my number can watch me on whatsapp and see when I'm online or check my profile out.
Even people I do know, I don't necessarily want to see on there, employers, numbers i've saved for looking at places to rent, my ex landlord, clients i've had for work i've done. I don't need or want to have all these people automatically added to every chat program I install they also happen to have.
Have you ever asked the average user how they feel about:
>seeing stranger's pictures and info just because they have a number my friend used to have, that's downright creepy and makes me wonder how many people who've saved my number can watch me on whatsapp and see when I'm online or check my profile out.
>Even people I do know, I don't necessarily want to see on there, employers, numbers i've saved for looking at places to rent, my ex landlord, clients i've had for work i've done. I don't need or want to have all these people automatically added to every chat program I install they also happen to have.
I have, it inspired them to clean up their contact list.
I think you might be wrong on that, based some of the code changes made to Signal over the last few months. They are internally moving to have users be identified by a UUID and phone number. I suspect they will eliminate the requirement for phone number identifiers when they introduce other identifier options.
I don't believe it's "SIM as ID" - I believe it's SIM as complete authentication (i.e. userID+password in traditional systems).
(I have my thoughts on THAT as well, you'll be surprised, when it comes to security... we're nerding out about obtuse and obscure end-to-end encryption, meanwhile, majority of those 2bil users don't have a lock on their phone, and now they also have no protection on their messaging :-/ )
I'm surprised nobody has mentioned https://web.whatsapp.com/ yet. You need to log in by scanning a QR code with your phone, but once you do, you can use your full-size keyboard to chat!
I know it doesn't check all the boxes for you, but hopefully it can improve your quality of life while talking to your family :)
You cannot create an account or sign up via web app. But let's put that aside.
You can ONLY sign up / register / add one device.
Not "at a time", even. At all.
You use your tablet, your phone disconnects.
You use your computer, your laptop disconnects.
You switch from laptop to desktop a few times, and now it's suspicious and gives you additional difficulties or bans you outright (that may or may not still be the case, but was when I tried this nightmare of an app a year ago or so).
You can only have ONE mobile and ONE computer device, at best, if you're lucky, and stars align, and it's second Tuesday of the month and the moon is full and you sing praises to Garmunklee the demon of impractical communication methods. Trying to access it on work and personal laptop; work and personal phone; or on phone and tablet; all is completely outside the supported use case and is for all intents and purposes impossible.
Compare to old-school ICQ, AIM, any XMPP, or Hangouts or indeed email etc, where you can seamlessly transition communication from device to device - and even check your messages on trusted public or 3rd party device such as friend's computer - and it's like waking up in a twilight zone.
It is pretty much the most architecturally user-hostile system I've encountered in my life, but again - I'm clearly in 2,000,000,000 vs 1 minority here :D
I feel like this is a very long way of saying that in WhatsApp there is a single private key which is stored on the device that you register.
You're not supposed to be switching between devices like that. You're supposed to be proxying your messages through your primary device (i.e. cell phone) using the web interface.
Like the UX is bad for people with two phones and the mobile experience of WhatsApp web is nonexistent so that kinda sucks but "having one phone, and sometimes a tablet/laptop with the web interface" covers a lot of people.
E2E is hard when you have to route messages to multiple devices, aren't storing messages in a central server, and those devices can be unavailable for indeterminate amounts of time and no guarantee that a subset of devices having the complete chat history will ever be on at the same time to sync.
>E2E is hard when you have to route messages to multiple devices, ...
OpenPGP has been dealing with multiple recipients since forever with no back channel even.
> ...aren't storing messages in a central server,...
Who cares if we are doing E2E?
> ...and those devices can be unavailable for indeterminate amounts of time and no guarantee that a subset of devices having the complete chat history will ever be on at the same time to sync.
You only have to store the encrypted messages for each individual client until they connect again. If you are doing perfect forward secrecy then the client has to keep the decryption key around until the next connection so the server stored messages can be decoded. Then the key is destroyed.
>>You're not supposed to be switching between devices like that.
That's the Apple "You're not supposed to use our device that way" approach, and again, while it works for a huge swath of users and I am completely cognizant I'm in a tiny contrarian minority, it still and nevertheless feels like a hostile user experience.
Note that "Switching devices like that" is ever so tiny a misnomer; I am "Using multiple devices" (not replacing my phones permanently etc, which I get is a more difficult scenario... and one that Whatsapp historically deals with in the most insecure fashion imaginable; until recently their FAQ held explanations that you may get somebody else's messages if you get their phone number; or that if you switch your own phone number you need to email support and wait; it really feels they focused on the E2E encryption, important to tiny proportion of their userbase, over any other security consideration; but again... I get I'm alone in this perception :)
My problems with WhatsApp desktop isn't that I can't use multiple phones, it's the various issues that don't affect Signal desktop. (Can only have one desktop/laptop, no iPadOS, messages randomly won't send/receive if phone is in too deep a sleep mode.)
Signal's desktop app does not tether to the phone permanently. After connecting the desktop client, youc can use it fully independent ly from the mobile phone. WhatsApp doesn't allow that.
You need an untethered protocol to support chatbots and other applications. And desktop as a first class device falls out of that. And mobile users benefit too, now no longer having to distribute their phone number. I feel that they had started with untethered, then Signal would be a lot father along the road to its goals.
Against my better judgement, I'm setting family members up on Matrix right now specifically because they don't have phones and I can't switch them to Signal. A consequence of that is that I'm setting up a bunch of people who do have phones with Matrix, because the alternative is excluding people. In a world where Signal was even just a tiny bit more open, I'd be able to use it for my family right now, and I could at least wait longer for Matrix's E2E solutions to mature more. That would definitely be the world I prefer.
> "This is not just for hyperparanoid security researchers, but for the masses," says Acton. "This is something for everyone in the world."
If you want encryption for the masses, delivering 90% solutions and dismissing unconventional use-cases is going to put a ceiling on adoption. It's not just technical users who balk at phone numbers. I'm dealing with elderly users, I'm dealing with kids.
"It's not designed for you" is a reasonable response if you're building a niche product for a niche audience. But it's important to note, that is explicitly not Signal's goal. Signal is advertising itself here as an encryption platform for everyone. A ubiquitous chat problem has higher requirements -- even if 99% of my family has a smartphone, that's not good enough, because we're talking about shared group chats. The solution has to work for 100% of my contacts.
I don't think Matrix is mature enough to trust for super-sensitive communication, I think it's a lot less unpolished than Signal, I think it's a lot more annoying and a lot more buggy. I'm irritated that I'm using it this early in development. But I don't see what the alternative is, because it works for 100% of my contacts, and that's what encryption for the masses requires: 100%.
Heck, I can even bridge Matrix (albeit, poorly) to other clients, a feature that Signal has specifically rejected. Which is a fine decision for a niche product. It's not fine if you want a chat application that everyone can use. I need to be able to talk to users who aren't on Signal.
The "minority" argument is bullcrap given Signal's stated goals in this very article. Sure, Moxie is talking about eventually getting rid of phone number requirements as a highly-theoretical, future event after contact integration, and key retrieval, and whatever. But I'm not going to wait literally years to have a secure E2E conversation with my nieces.
> I'm setting family members up on Matrix right now specifically because they don't have phones and I can't switch them to Signal.
> “It’s not designed for you” is a reasonable response to you’re building a niche product for a niche audience. But it’s important to note, that is explicitly not Signal’s goal. Signal is advertising itself as an encryption platform for everyone.
Aren’t people with no phone increasingly niche?
I’m not trying to be combative but I would argue attempting to build your app for every single use case is literally a million niches which would require so many concessions and that is the opposite of Signal’s approach. Signal has no interest in building for odd and strange use cases and instead choose the most likely use case and build specifically and securely for that use case.
:) I don't take it as combative, but it's worth pointing out the vision you have of Signal as a focused product is not the vision that Signal's developers have, or at least not the impression I personally get when I read the linked article.
> "I’d like for Signal to reach billions of users. I know what it takes to do that. I did that," says Acton. "I’d love to have it happen in the next five years or less."
When you look at a platform like Slack, it's fine for the devs to say that they don't care about certain users, because Slack is not a universal chat app. Slack has a very specific market: business users. Other users are nice, but not really required, and it's fine for them to go use something else. Signal on the other hand doesn't really have a specific market; they've always described their target market as just 'everyone'.
This is extra-tricky for a chat app because network effects come into play. An app that I can use by myself without relying on anyone else doesn't need to be particularly inclusive: 90% support (or even lower) is probably good enough. But if Signal decides that it's not for 10% (or even 1%) of the people in my social group, then there's a very real chance we might all abandon it. Supporting 99% is excluding not just 1% of your users, but also everyone directly connected to those 1% of users.
And honestly, I would push back on the idea that smartphones are going to reach even 99% saturation any time soon. There's an very consistent demographic of people who don't have phones: kids who are given hand-me-down tablets or laptops. I know a nontrivial number of parents who are waiting longer to give their kids phone numbers, but they still want their kids to be able to message friends and family members. I don't think in 5 years we'll be at the point where every single 5-10 year old has a smartphone.
This is exactly the situation I'm in, where I'm trying to figure out how to allow younger family members to communicate with me, with their parents, with their friends. Even if I set them up with phone numbers, I'm asking them to break contact with anyone else in their social network that doesn't have a phone.
The most obvious group of people who avoid mobile phones are the elderly, and you can't just wait for them to die of old age because there will continue to be new elderly people avoiding mobile phones. At least until we solve age related physical deterioration. And waiting for the market to come to you isn't a brilliant strategy in any case, because your competitors are not standing still.
And as the OP states, it isn't just the people who avoid mobile phones who won't switch to tethered protocols, but people who want to message the people who avoid mobile phones. And a high proportion of us have elderly relatives, and we email or Skype or Facebook them.
I am on the standard Riot client, I didn't realize that RiotX existed. Will definitely give that a try, thanks for the heads up!
Note that the polish concerns I have aren't just for Android though -- some of my contacts are only on desktop, and Riot's desktop app also has issues with contrast, resource usage, notifications/updates, searching in encrypted rooms, key synchronization. Even on the backend, setting up closed communities is just really confusing and buggy. I had to abandon a community and recreate it half way through because it bugged out trying to remove an empty E2E room and then couldn't add/remove/edit any rooms after that point -- and this was on the main, public Matrix homeserver.
It's getting better. A year ago, I don't think I could have used Matrix/Riot to the extent I'm using it now. I don't want to be too critical, because it's improving at a genuinely impressive rate. I'm still betting on Matrix being the future-proof choice for me to make for the majority of my chat/community infrastructure.
It just feels like it's still early in development, clients like RiotX are still in beta -- which makes it tricky when I'm trying to roll it out in "production" to very young and very nontechnical users.
Having just struggled through verifying keys on multiple devices, that video makes me really happy, for a lot of reasons. Particularly, it's a nice bonus-surprise to see the E2E search and Pantaliamon as generic tools that 3rd-party clients can hook into, because there are a few communities where I'm thinking about putting together very narrowly-focused custom clients.
And I just installed RiotX and it shows reactions correctly!
Hopefully comments like this aren't too exhausting. There's two sides of it, one of which is all the stuff to complain about. But the other side is that stuff like Pantaliamon is really cool -- it means if I want to build a custom chat client with weird features, I can have decent encryption for free without having to worry that I'm doing something horribly insecure. The bridges are still getting polished, but similarly, they're also amazing because bridges allow me to make very forward-facing, future-proof decisions about where I want to host communities and I know that I won't have to abandon existing members that are on platforms like Discord.
The core project is just really exciting, it addresses all of these problems that I've had in the back of my head for a long time. There's this wonderful feeling where you're constantly annoyed about something and feel like there's nothing you can do about it, and then one day you find out that not only does someone else feel the same way, but they're actually fixing it. And even more than that, just finding out that it is actually possible for those problems to be fixed; that there's going to be a point in my future where that happens.
So there's admittedly a lot of impatience there, but it's coming from a very hopeful place, and I hope it isn't discouraging.
IIRC, apps that stay alive in the background have to use that persistent notification. It doesn't happen if you can rely on push notifications, though. I do not use google services (f-droid version), so I was expecting to see that, but do you see it as well if using them?
Note that you can hide the notification by long-pressing it.
> That's unusual for a startup! Startups usually try to make everyone happy!
I don't know about that. Most startups - and especially the successful ones - have few qualms with ignoring "edge case users" and focusing on what they perceive to be their target market.
A little tongue in cheek, of course. I suppose you could run an encrypted protocol over any untrusted transport.
The point is that Signal is designed around your real life identity. That's a real use case, it helps discoverability immensely, and that's generally why people use it. Should you wish to communicate pseudonymously there are plenty of options already available.
(The XMPP suggestion was only partly in jest. Any modern client, such as Conversations, is pretty solid. But there is no shortage of options for chat.)
One of the big issues with any messaging system is how to address your recipient. WhatsApp, Signal etc use a phone number. Jabber, irc, etc use other.
So, one of the problems to bring your use case to life is that you'd need to remember your friends' phone numbers AND you'd need to know that they're on Signal.
Signal, as an app gives your phone the ability to completely replace your sms system seamlessly. If a particular friend doesn't have Signal then it goes via sms.
So, the use case you're mentioning is definitely relevant, but having yama (yet- another- messaging- app) is going head to head with WhatsApp, jabber & co, and not currently what signal seems to be aiming for: secure messaging for the masses.
Maybe in the future it'll add usernames as an address recipient, but it may turn out to be a mess like Skype if so (Am I phoning someone, or skyping? Do i have credits, etc). Currently, Signal clearly delineates in the app ui what's going to happen when you press send (or call).
Thinking out loud some more: usernames are a terrible idea.
Maybe using a hash, (like Tox does) is a way to individualize recipients, and meta data: phone, email, etc are then tied to that (eg like keybase does it). This way friends lists can be harvested from the phone (something I'm always wary of) for the masses, whereas privacy conscious ppl can maintain it by giving out a throwaway email address. It means you could set up Signal on multiple phones and not once leak your phone number by using the same hash account. It probably wouldn't even need a password (again, like Tox).
Trust is relative. I'm not a crypto expert but Thomas ostensibly is. Is he the best? I don't know but he's a consistent figure here and I made a friendly, perhaps in-artfully phrased request for an opinion on a related subject.
I do regret asking as I wasn't looking for the negativity I received.
Searching for validation for my question found an interesting thread on Thomas and his role here:
"tptacek is using an appeal to authority given his standing as a security expert on this forum. That's the only reason his comment containing no justification is being taken seriously."
I don't know why anyone would trust either of us, when you can take the Levchin Prize referees word for it; that includes Dan Boneh, Kenny Paterson, Brian Ristenpart, and Nigel Smart.
> I cannot fathom the proliferation of phone-only messaging apps.
Because they work. Not ideally, but reliably.
I can pick up my phone, and actually message my friends, and I don't have to debug why my open source Linux client isn't compatible with their open source Windows client, or their XMPP server doesn't want to talk to my XMPP server, or figure out which identifier they're using today.
Signal takes away choice, and delivers a product that works. Which beats a product that is theoretically "better" (multi-device support, desktop support, ...) but in practice cumbersome or just not up to the task (e.g. because my friends aren't using that messenger, or OMEMO messages are not decryptable because someone mismanaged their key, ...)
Moxie made all the right choices, even and especially where unpopular: Aggressive action against alternative clients to keep their existence marginal and ensure a consistently good user experience, phone numbers as identifiers to overcome the network effect, etc.
In order to be useful, a messenger has to support mobile - I will want to talk to my friends when I'm on my way to meet them. So for a desktop messenger it's either flawless multi-device support or failure, and the former just doesn't seem to be achievable yet. A desktop-only messenger is useless because it doesn't meet my needs when I most need it; a mobile-only messenger is a bit annoying, but works 100% of the time, even when I'm using a desktop, because my phone is also nearby.
You make very good points about the tradeoffs they avoid :)
I'd be satisfied if they could do some form of eg bluetooth connection between a desktop app and your phone to give a limited desktop experience, however. I don't think that'd be impossible, similar to how whatsapp web really just proxies to your phone (well, best I can tell that's how it works)
Threema Web uses WebRTC data channels to establish a direct connection between phone and browser: https://github.com/threema-ch/threema-web/ Definitely possible (but quite complex in practice).
I use Signal heavily, mostly on desktop. It would be more accurate to say that Signal registration is mobile-only. Once registered, you can never touch your phone again and everything will work.
I've tried Telegram, WhatsApp, Hangouts, Facebook Messenger, iMessage. Signal has been the only one so far that I have been satisfied with because it:
* Has desktop and mobile apps that can be used independently (after registration at least; WhatsApp appears to require your phone to be on and near the desktop for the desktop app to work)
* Distributes messages to all Signal clients (Telegram was nearly unusable due to this problem - I had to mentally remember where the conversation was when switching between desktop and mobile)
* Doesn't have some sort of highly constrained user experience that requires using a social media platform or requires using a specific web browser (this has been a real problem with Hangouts and Facebook Messenger since they stopped supporting XMPP - RIP Adium)
* Supports mainstream desktop and mobile operating systems (iMessage fails at this, despite Apple's promises in the last decade)
* Has feature parity with other major chat services (this is the only weakness of Signal, but these days I can't think of a feature on WhatsApp or Telegram that isn't on Signal)
I agree that I wish they would steamline the registration so that you don't have to go through a somewhat convoluted process to get started, but it really is not a phone-only app. Desktop is a full first-class citizen after the initial fixed cost. I think that's the price they may pay by being a non-profit - maybe the marketing isn't exactly what Facebook/Google/Apple/<pick your own DataVortexCorp> can afford.
EDIT: Oh, I guess I should have mentioned Skype, but no thanks. Sorry, Microsoft, just no.
You do have to touch your phone for every desktop client you link, and if you reinstall or bounce between machines, you encounter this a lot. Infrequently, the link just screws up and you have to 'relink' the desktop client, again requiring the phone. No way to log back in without the phone. Really my only complaint with an otherwise perfect tool.
Agreed. I'm hoping the article is correct and they're working on a method to handle login/registration that doesn't require registration/linking via phone, and doesn't leave a "bricked" account.
I do not see how this affects it. As a matter of fact, if you do not have adversarial relationship with your correspondent you would not need that piece of drm.
When I'm flying at the airport, a border guard can compel me or my friend to unlock our phones and show them all our messages. If our conversation history is regularly automatically cleared, we can both have peace of mind.
I don't know how you can have peace of mind giving your regular phone to a border guard in any case. If you travel on any regular basis, a dedicated phone for travelling that gets wiped before crossing borders is well worth the purchase, IMO.
Disappearing messages do help with your friend who doesn't have a sanitized device.
That's exactly why Google Allo was a no go for me from the start. I'm using Telegram now, and their desktop client is great. Any mobile first solution is uninteresting for me, and that includes hacks where messages are routed from my computer via my phone.
Google Hangouts is pretty great, so of course Google is discontinuing it. I always have email open anyway, so its very convenient to fire of a chat while I'm on desktop.
I've used Hangouts since it was Google talk and used xmpp. I used several different multi protocol programs to connect to Google talk, Microsoft messenger, ICQ at the same time. Things where different back then.
Now I try to get as many as possible to get away from at least Google and Facebook services.
The point of encryption is to protect content from third parties. TLS-like encryption where messages can be read by server, is not protecting the content this way, therefore, calling it encryption is misleading. When average user asks "is it encrypted?", they're not asking "Oh I totally get that the developers can access the content but is it safe from passive eavesdropping in the network backend?", they're asking "Can anyone else read the messages?", i.e. "Are they E2EE?". To which the answer is no.
I mean, given the Signal protocol, the alternative would be your messages being routed from your phone via your computer. And the average person's computer isn't on/awake/connected to wifi as often as their phone is, so that'd be a much spottier experience.
Forgive the slight tease, but this just sounds like “I cannot fathom why <thing I dislike> is more popular than <thing I like>.” It’s really as simple as more people being comfortable with <thing I dislike>. From there it’s relatively easy to come up with reasons - an example in this case might be that people really enjoy sending messages / photos when on the move in situations where getting a laptop out is impractical.
2. But, I feel quite the opposite is the case here.
I fully comprehend that somebody may want to use phone as their primary communication device (my wife, for one:). More power to them and I would never get in their way. I will use it myself when on the move. On the other hand, so many people seem to get a "deer in headlights" look when trying to imagine my use case of using laptop to communicate.
App like Google Hangouts supports phone and laptop as equal first-class citizens. It makes EVERYbody happy. It's a great superset of all use-cases. You can share your pictures on the phone and type your long messages or parallelize conversations on a laptop. Everybody happy! :)
Signal and Whatsapp, I will counter, do not solve the problems or userss case that we on HN think it does. NOBODY I know using Whatsapp has a clue that it uses end-to-end encryption, nor do they care. I would venture that's the case for majority of the 2bil userbase. All they know is they never had to create an account or password, which makes it simple to use. It is actually the "lack" of security that's the biggest selling feature (though of course, at this point, the network effect is the single biggest selling feature over anything else; my family uses Whatsapp because everybody they know uses Whatsapp - QED).
I don't understand your point. You have full-size keyboard access through Signal's desktop app on your laptops paired to your phone so what's the problem?
The problem (my opinion, not necessarily the op's) is using the cell phone number as the public id. An alternative id would promote better privacy. If Signal scales to even a fraction of the user base of a Facebook or WhatsApp, it needs to reconsider using the cell phone number as a public id. I can see where a group invites you to join and there's a bad egg in the group. That bad egg (randomly or intentionally) uses your cell phone number for all sorts of nefarious intents. I like to keep my cell phone private and not have it out in the wild.
Any idea about how the security posture changes? I would expect some significant tradeoffs are required to make all your messages appear in your browser
I haven't used it in a while but I think it's probably similar to WhatsApp where it basically just tunnels it through your phone without actually running a Signal client on your machine.
i'm not 100% sure how it works, but it seems to sync some messages. Not working perfectly as my desktop client does not have the full history from a chat, even though my phone does. It only has some of the messages from where the desktop client was first started.
Can I use Signal from desktop only? Can I create an account from desktop? Is my account independent of any specific device? Can I use Signal on multiple computers at the same time with correct credentials?
Yes, the desktop client functions independently from the phone client once linked (so not like whatsapp that proxies everything through your phone).
> Can I create an account from desktop?
Technically yes, but you either need to compile the desktop client yourself[0] and miss some features or use something like signal-cli[1] to act as the main client. So it's not supported (yet?).
> Is my account independent of any specific device?
The first client that registers acts as the main client, so no. But it might get easier to restore access on a different device without using backups with the secure value recovery[2] stuff they are working on.
> Can I use Signal on multiple computers at the same time with correct credentials?
It's possible to link and use several desktop clients at the same time.
You need a phone to create an account and register the desktop app but then you can then use it completely separately from the phone, even when the phone is not online. You can link multiple desktop apps to one account/phone (afaik).
The Signal desktop apps at least are independent in that they do not require the phone after the initial setup, but yeah, it's annoying. They were far from perfect, but the multi-chat-protocol clients from the ICQ&co days had a lot going for them...
Having signal be tethered to a real phone number does give you a point to root your account around, and allow recovery. It must reduce spam, and it's always a way to find other users. But I do find it irritating that you can't have a virtual account too. When my phone busted, because I hadn't saved off all my security recovery info, it didn't matter that I had signal running on my laptop, etc, I had to reset my signal account on my new phone. It would have been nice if I could have "added" a new root account on my new phone from a working device. keybase allowed this.
It is borderline trivial to steal someone else's phone number through social engineering and the systems underlying the world's GSM networks are very easy to spoof, MITM, and otherwise hijack with a minimum of equipment.
It's crazy to me that with all of Signal's emphasis on security (being designed by one of the top security researchers in the world, no less), they chose to make tying your account to a phone number a requirement.
I go very far out of my way to make sure that nothing important to me is tied to my phone number.
If you have and use Signal you can tell it not to let somebody else hijack Signal along with your phone number. You set a PIN, and then it pesters you for the PIN periodically to check you didn't go "Oh I'll just type some random digits and then moan later when I'm locked out, that'll be fine".
So long as you keep entering the correct PIN periodically, Signal won't let anybody register with your phone number without knowing the PIN you've shown you remember.
If you quit using Signal, after a while there haven't been any correct PIN entries for too long and anyone can claim that phone number again (and if they want, set a new PIN).
Anecdata: just set my mom's new iPhone up today, and re-registering Signal required she set up the registration lock PIN. I don't personally use that feature yet but interesting that it was mandatory.
That introduces the problem of someone getting a new phone number. If the previous user had it tied to pin+signal it means that the number is essentially blacklisted.
If you get a new phone number the week after a prolific phone user lost it, I'm guessing that would be super annoying already?
"Hello? No, this isn't Dave, he got a different number. No I don't know what it is. No this isn't a prank, please stop calling"
As a result I would imagine that unless the network is absolutely clean out of numbers (which they try hard to avoid) it will just never reuse numbers in such a short period. The only way somebody else has the number while the PIN is valid is that they're attacking you, which a PIN blocks.
So my guess would be that this ends up not being a problem in reality, it worried me right up until I read the expiry mechanism and then I went oh, that makes sense.
Ha! True.
Well, a less prolific number may not get all the calls.
I've seen first hand how numbers can be reused fairly quickly (months). (This was in the Caribbean).
A 7 day pin expiry? I need to look at more details here because I can definitely go 7 days without using my phone. Or, I've travelled abroad and used a local SIM while my "home sim" was never in use for the duration of the stay. (But I kept the ID number on whatsapp/signal/telegram).
> It's crazy to me that with all of Signal's emphasis on security (being designed by one of the top security researchers in the world, no less), they chose to make tying your account to a phone number a requirement.
It isn't crazy. There's a tradeoff between convenience and security. Signal appears to trying to create the most secure system that's still usable by most people, and are advancing the state of the art in many areas to make that happen.
It's important to keep in mind that the best security in the world is of no use if you don't bother to use it.
In any case, Signal gives you optional actions you can take to solve some of the problems your concerned with.
> Having signal be tethered to a real phone number does give you a point to root your account around, and allow recovery.
It also makes it dead simple for most users, even nontechnical ones, to use and understand. They don't even have to do anything special, their Signal contact list is already bootstrapped when they install the app.
> I have half a dozen laptops, two phones, few tables at home alone; ...
I'm dreaming of a messaging system with end-points that consume a Plan9 style file-system. Each device mounts the file-system, et voila you can send and receive messages from any device that has the FS mounted.
Generally I want to hack the Android kernel so that it uses the Plan9 style FS so that I can not worry about the how-where-why of syncing docs-photos-music-etc between sundry devices.
I say "Plan9 style FS" because the Plan9 FS requires some host server, some single end-point for file storage. I'm dreaming of a FS that negotiates storage (perhaps using an LRU policy) between a network of devices (ie, my phone, my laptop, maybe a DO droplet or something on AWS).
Sharing could be encrypted blocks (to obscure discrete binaries), perhaps using the bit torrent protocol?
I know there are software packages that do what I'm talking about, but it isn't easy. I can't just scan a QR code (and then do the two-factor authentication) and have access to my files.
At some point Chris Coyne implemented a terminal chat UI on top of KBFS and `tail -f`. I can't remember if he published it anywhere though.
One of the reasons you don't want a real chat app to be implemented like this is that KBFS has to be pretty conservative about conflict resolution. If you and I both edit `foo.txt` at the same time, then we're going to wind up with something like `foo.txt` and `foo.txt_CONFLICTING_COPY_2020_02_14`. (Basically the same as what Dropbox does.) But of course, that's not what we want to happen if you and I send a message to each other at the same time. There, we want the server to just tell us which one came first, and that's fine. There's no real conflict. (For larger gaps, where my phone has observed your message before I send mine, Keybase will indeed sign over that observed history, and the server won't be able to reorder the messages.)
What if we push the abstraction? Folders in the FS represent recipients and files are the messages? Then if you and I send a message we don't have to worry about who edited some file last, rather, we inspect the time stamps of the file IOT render the messages in the correct order. We could even do arbitrary nesting/threading a la reddit if we wanted (treating writable files as folder descriptors as well, like Scrivener).
If I send you a message for the first time, your FS (nodes connected together) gets a request/ invitation to mount a new FS/folder containing files where each is a message. Want to add someone? Invite to mount the collective FS. Instantly the new member can see the chat history and begin writing new files/messages to the FS.
That all seems possible, but this honestly just seems like tons of effort for very little benefits compared to a rest api and a nice little data-store.
You probably already know about Syncthing, which is a block-based peer-to-peer file synchronization solution.
There are some talks in the project to add a way to only download files when actually accessed and there's no real-time communication, but I imagine it would not be insanely hard to add. It already somewhat offers the adding-process you describe.
I had syncthing running on my phone and my laptop. I've had lots of issues with the sync actually working; ie it will hang on certain kinds of Jupyter notebook files, or it will ignore my images directory completely. I'm sure I've had other issues...
Anyway, I gave up trying to get it to work because sending myself emails or using GDrive has less friction.
I've been fascinated by usability for a long time. It seems that many high-brow projects (see plan9 and others) aren't very interested in usability by the general population. Not you and me, but Joe(lene)-Schmoe who doesn't have a clue about the innards of their phone. They just want their stuff here (on there phone) and there (on their computer).
I want that too. I guess I want to make neat and useful tech approachable to many.
I even have an idea to monetize the above FS: a single page application that automatically spins up VMs that provide encrypted nodes for your personal network. A byproduct of that is a web access point to your stuff that doesn't (shouldn't) go down. This is important because, if you're like me, all your nodes are wireless and run on battery and therefore could leave the network at any time.
Eons ago I wondered why the IRC and NNTP protocols weren't being improved.
I still do.
The AIMs and MSNs and Skypes came and went. Now it's the WhatsApps and Discords. Every one of them trying to reinvent the wheel the should have just been fixed 20 years ago.
But why has nobody sat down and said, "Here's a better IRC, here's a reference client, here's the source code, knock yourself out."
It's still not too late you know. In fact, there has never been a better time (and need) to revamp those classic platforms for the modern era. With services like GitHub and AWS, it should be easier than ever to collaborate on building ever better clients and hosting servers etc.
Here's my wishlist for improvements over what I can remember of IRC:
• Mandatory encryption for client-to-server and direct peer-to-peer.
• Server-side chat history, spam filtering and DOS resistance.
• Ability to send binary data like images, audio, video and arbitrary files in public channels and private chats.
• Message deletion and temporary messages.
Basically a decentralized Discord (which is a centralized IRC to begin with.)
> Eons ago I wondered why the IRC and NNTP protocols weren't being improved.
For the same reason SMTP hasn’t meaningfully improved in the last 25 or so years. It’s an ossified protocol because of all the competing implementations. Moxie is right about that bit.
HTTP and HTML are slightly different because of the huge dollars backing implementers, but there are still significant features not in one or more if the major browsers, and adoption of HTML5 was actually pretty slow.
Basically, open standards sound awesome, but they quickly get frozen in time due to compatibility constraints.
The only things certain in life are death, taxes, and the top comment on HN being someone complaining about how the product doesn't fit their very specific use case.
It’s either that or attempting to trivialize the content of the link to let everyone know that they could do the same thing in 4hrs after work on a Wednesday.
I am pretty happy with whatever Google calls its chat/hangouts thing these days, as I can send SMS's from my browser or chat via either a browser or my phone, and it's all pretty transparent.
I want nothing to do with tech I can only use on my phone.
Hangouts is actually one of the best messaging apps to this day, I'll be sad when it disappears.
I love being able to send and receive messages from my PC and phone, seamlessly. And, probably the best part of all? All of my messages are searchable using Google's excellent search in my gmail inbox. I've been able to find specific messages I remember sending years ago. No other messaging platform does this (at least, not well).
The desktop version of Signal works very similarly to Android Messenger. Although Signal doesn't require the phone to be turned on to send receive messages.
No. The emulated phone in this proposal is a way to run the Signal Android app.
During enrollment Signal uses SMS to close the loop on a claimed phone number. The OPs real phone doesn't run Android but it can receive SMS messages so it gets that SMS. The next screen in the emulated app says if the SMS code wasn't filled out automatically then please type it in, and that's what you do.
Tada, now your Signal account is linked to your quite real phone number for a dumb phone.
It's because Signal chose to make the phone number their main identifier, not some random username or email.
(I can't immediately find their rationale for that decision, but I think it had to do with making the service available to those millions that have a cell phone but no email, and usernames make it hard to auto-populate contacts whereas phone numbers can be cross-referenced with your contact list)
The rationale is this: messaging platforms are social networks, all of them are based on contact lists, and all mainstream messengers besides Signal store contact lists on servers. Those contact lists are incredibly valuable metadata, probably the most valuable intelligence target outside of message contents themselves.
Signal uses phone numbers because Signal users already have contact lists outside of Signal. By piggybacking on phone contacts, Signal can avoid storing metadata about who's sending encrypted messages to whom.
Compare that with Wire, which is a fine system, but which also effectively stores a log of every pair of users that have spoken to each other on the platform, in a database, constantly available.
Not having that database is the win for phone number identifiers.
Meanwhile, while the loss from that decision is painfully felt by people who communicate on platforms like HN, it's hardly felt at all by ordinary users, who already communicate primarily on platforms that use phone numbers as identifiers. WhatsApp, the most popular messenger in the world, was created as a pin-compatible replacement for SMS.
Signal's decision here is not the decision I would have made, because I loathe phone numbers (and, for that matter, messaging people on my phone). But it was a smart, principled decision, and almost certainly the right one; I'd decide otherwise because protecting the most people in the most effective way might be my stated preference, but it wouldn't be the preference my own actions would reveal.
I don't see how account-based systems, or Wire in particular, must "effectively store[] a log of every pair of users that have spoken to each other on the platform, in a database, constantly available". As far as I can tell – and just like Signal – they just need to hold (destination-ID, blob) for all as-yet undelivered messages. And if the destination-ID isn't a phone-number, it's harder to correlated with other extant databases of (phone-number -> IMEI) or (phone-number -> person). That is, this undelivered-log has less metadata in an account-based system than a phone-number-based system.
I get that using the contact-lists, and the constant re-uploading of contact-lists, is great for Signal's bootstrapping. Anchoring IDs to phone numbers might also work as an abuse throttle.
But I don't see how it minimizes metadata. Can you clarify?
The contact graph isn't necessary to deliver messages, but it is necessary to make the system usable: when people open up the application, they expect to see a contact list. To make that feature work, most systems just store the contact list on the server; the aggregation of all those contact lists is the entire contact graph for the service. That's the thing Signal won't store.
Sure, it makes it more usable. (Though, I use Telegram & WhatsApp with many contacts just fine without sharing my contact list with them, neither once nor the repeated-uploads Signal wants.)
But Signal could still be keeping a database log of everyone who's actually ever sent a message to anyone else. (To the extent anyone's using 'sealed sender', it'd be harder – but apps like Wire could do something equivalent to 'sealed sender', too.) And that database is way more valuable to many attackers if it's keyed by the phone-numbers Signal has, compared to the aliases other systems have.
And to the extent the Signal client wants to keep re-uploading my entire contact-list, even a one-time, temporary compromise of their SGX-based system would reveal all my phone contacts.
The synchronized contact list feature of other messengers requires them to keep the contract graph stored. We don't have to wonder whether they're logging it; they have to be.
You need a phone to set up Signal (mainly to prevent spam) but once you've done so you need never use it again if you choose not to. I use the desktop version most of the time. It does lag a few steps behind the phone version though, because most people aren't using a 1.5" screen, and want to have secure communication in the field as well as at home.
For me, the biggest problem lies in the fact that your messages are local. And phones will always have less capacity than dedicated storage servers.
What bothers me the most is when I have to resend a photo or file to a friend of mine on WhatsApp because he changed his phone and didn't want to install the WhatsApp backup from cloud. Or you simply had to delete things to free up space on your phone. Or I've lost something because I didn't want to have my phone's storage full of cat memes or something.
The way WhatsApp makes "backups" is totally dysfunctional. Instead of using a database with support for indexes and full-text search, it simply creates a kind of zip file with a proprietary protocol that forces you to download the entire backup again to search for a single file or message.
I hate having to use WhatsApp and I try to bring people to Telegram as much as I can.
It is as if we have gone back in time and gone back to MSN Messenger, only worse.
I used to feel this way too, but then was talking to family that was visiting from other parts of the world where no one they know owns a laptop or desktop computer, but everyone has a phone. For much of the next wave of computer users in rising countrues around the world, the phone is the first and only computing device that a person owns. They grew up on smaller screens and digital keyboards and have no care to move to what they consider a less convenient form factor. It really helped me better understand why some of these global messaging platforms are focused so much on phone based systems.
I understand why people like Matrix and wish that project the best of luck, but it is not comparable to Signal as privacy technology. The last time Matrix was discussed here, just a few weeks ago, the network couldn't even require support for E2E encryption, apparently because too many of its clients didn't have it working.
How long have people been watching and discussing Matrix on HN? It feels like a long time. It's 2020 now. It has never been possible to send an unencrypted message on Signal.
People should use Matrix if they like Matrix. But they should not be suggesting to random strangers that Matrix is as safe as Signal.
> The last time Matrix was discussed here, just a few weeks ago, the network couldn't even require support for E2E encryption, apparently because too many of its clients didn't have it working.
Ironically, we turned on E2EE by default on the develop branches of Riot (the main client) 12 days ago at FOSDEM: https://fosdem.org/2020/schedule/event/matrix/. It will go live across the whole network in the next release, complete with cross-signing for key verification.
So what percentage of Matrix users will now be using E2EE chats? Is it both groups and one-on-one chats or will there exist disparity between the two? Does the app prompt enabling E2EE in rooms where it's not enabled?
A nitpick on that solution (that no longer applies to me, because I no longer use an Android device):
It isn't persistent. Signal always defaults to secure messaging, which caused me regular headaches when I used it. More than a few people I knew installed Signal, used it briefly (or not at all), and went back to sms. Signal would always default to sending securely, and I'd always send these people a message that they'd never see, because they were no longer using Signal.
After some time I'd realize they didn't get it and would have to resend as an insecure sms. Missed more than a few time-critical communications because of that.
I really, really wish they'd made it a per-contact default I could have set.
They're talking about the Android app. In Android the application which sends messages can be replaced, and so Signal offers to replace it, as a result it needs to be able to send old-fashioned SMS messages when the correspondent doesn't seem to have Signal.
Your iPhone doesn't let anybody do that, just like it doesn't let Mozilla provide a different web browser and so on. This has upsides and downsides for security which I'm sure you've already thought about, for me it's a good reason not to own an iPhone, but the rationale for the opposite decision is sound.
I have tried to get my family & friends on Matrix. Setup a small server on Amazon instance and created the full system, "How to" guide on installing the app, etc.
I do not appear to have the persuasive skills, clout, or sheer dominance over my family members that some of the more Matrix-successful fellow geeks here do :-D
Well, My family (parents, siblings, cousins, etc) members keep asking me to join them on various chat solutions (mainly Watsapp). I won't, and I've explained them why. I've also mentioned that specific alternatives might soon be mature enough to be easily usable by them. I've hesitated onboarding them on Signal, but we do not need to be that paranoid, and Signal can prove difficult in the way it handles media and free space on the device. Moreover, I will likely get a Linux-based phone (I have my pinephone braveheart next to me) soon as my daily driver, and I bet that Signal doesn't have a nice compatible client.
I'm eying Matrix, together with Fluffychat. I guess that when reactions will be there (for feature parity between clients, I don't want to miss some important information someone sent as a reaction like "I arrive at 8 tomorrow, can you pick me up at the train station" -> thumbs up) plus a few nitpicks, I'll be able to consider it ready.
What happens next? I am not sure. I would like to onboard them on a different homeserver, but I might tinker a bit too much with my personal server for this, plus it would be unavailable when moving around, etc. So I guess I should set up a cloud-hosted homeserver, but I am afraid of the costs, especially if they start joining busy rooms.
The best answer would be to use decentralized identities[1] on my HS for now, and migrate them over to a backup one in case of an outage, but we're not there yet. That's the main reason I keep an eye on p2p Matrix work with Dendrite (then, because it's more generally awesome).
Your comment is a single reason I use Telegram. WhatsApp does the same, you can't even see web version without phone, and I'm probably the only one in the world, who doesn't have any apps on it... ;)
Signal is not a replacement for the sort of chat app you might use on a computer; it is a replacement for the unencrypted SMS you might otherwise be using on your phone.
That's a very artificial distinction. What's the difference between SMS and chat these days?
Not only that, but you have e.g. iMessage and Hangouts (especially on Google Fi, where the desktop client can send and receive SMS directly), which blurs the line even further.
The younger generation does not own full fledged desktops or even laptops in many cases. Two thumbs are the only input method they know. The same applies to the developing world. If you use messengers with 10 fingers, you're probably a global 1%. All that matters in this space is user count, not quality of users, so I understand why they neglect the desktop apps.
>it asks me to link my phone. No option for any other signup. NOwhere in the download process or on main site does it warn me that this is a phone-only app.
It isn't a phone-only app. I think it wants a phone in the flow above to authorize your desktop install. They use the phone, and its E.164 address as the root of trust. But the app works just fine on Windows.
This comment is misleading. You can use Signal through the desktop app, you just have to register through the phone app first. Maybe they will allow registration through desktop in the future, but this is how it works right now.
The only downside is that you can only message other signal users via the desktop app. At least last time I tried. This has caused me to use googles messages app via their web so that I can type on my keyboard :(
And oddly enough the "your phone" app on windows 10, which is frankly, quite good.
Wire works without a phone mostly because you don't have to use a phone number as login. I have an e-mail based account for instance, but I think you have to add contacts manually, pretty much like skype.
Most of the time the computer I sit in front of is my company provided work computer. That is not a piece of hardware that I would use to access my (non work related) secure messaging platform.
OK, that's useful... how's your experience in the real world? I'm eager to check it out :)
edit: Whopsie; unsurprisingly, no iOS app (background: iPhone is forced upon us by work; reason #2138 I don't like messaging / using the phone :P ). Might still be useful for my personal devices though...
If you're using MacOS as your desktop, you don't need Pushbullet, because iMessage can remote control your iPhone for sending and receiving SMS messages. You can also make and receive phone calls via Facetime too.
Add to that things like universal copy/paste or the ability to quickly resume some activity from your phone, like opening the active web page, or the usually seamless mirroring of your screen via Airplay, etc.
It does lock you into Apple's ecosystem but the experience is much better than Pushbullet, or anything else.
Yes I did use Pushbullet when I was an Android user. I was one of their first users. I don't miss it.
I stopped using Pushbullet even before I moved to iPhone b/c it's a potential privacy leak and security problem. It's bad enough that we have to trust the phone maker, with something like Pushbullet you give all control of your phone to a third party. Yes they claim the ability to do e2e encryption, but talk is cheap and I've never heard of an independent audit.
If you were using an Android device frequently I'd say it's worth it at the current price, I actually cancelled it a few months ago trying to save money and lasted about a half hour before I reactivated. When I first installed it they had it (they might still) so you could have a free tier for a small amount of SMS messages. I used it for 3 or 4 and then paid for it right then. My only other option at the time was to use Hangouts (gross). My Chromebox has had Google Messenger support for quite some time now but I don't want to use Messenger on my phone as I prefer Textra.
Aside from using it for SMS via my Chromebox (or less frequently my Win10 lapto, Chromebox is my daily driver) at my desk I also:
- use it to quickly send someone a photo from reddit/imgur just by saving it and attaching it instead of firing off the link (so I know they actually look at it)
- Use it to send YouTube videos and pages from my phone to my browser at home and it just opens it in a new tab there. I actually use this several times a week for when it's something I want to give my attention to but am out and about doing something.
- To mirror phone notifications in my Chromebox/laptop browser. You can select individual apps to do this. I mostly just use this to quickly scan messages if I'm watching something on YouTube or in a Reddit thread.
It also works fine with Grammarly on my Chromebox (Dunno about the Win10 machine) which isn't a big deal but I like getting anything I type on that machine counted in my weekly Grammarly stats because I'm a nerd.
My only complaint is sometimes SMS will just hang sending from your browser, if you unlock your phone they then send. I imagine I could fix this by changing the appropriate power saving features in Android but it's not a big deal, just a half second finger swipe on my phone.
It can be insignificantly buggy sometimes, it'll be blank in Chrome but maybe 90% of the time if I just click out of it and then click back into it, voila. The other 10% of the time switching tabs corrects it. That could just be my Chromebox though, I've never see it do it in Win10.
Just in case you are seriously wondering why you have to connect your phone, it's because the web interface is basically a convenient interface for your phone. WhatsApp works exactly the same way. It works pretty well.
Presumably it is because synchronizing conversations across devices while using end to end encryption is really difficult. You could give up end to end encryption but I'm pretty sure you wouldn't like that either.
Why do I hate to give up end to end encryption? My end is PC, encrypt that. If I want a shared message history, it's understandable that I have to perform some kind of synchronization between PC and phone to, but it should be optional feature. I don't even want it, personally.
If you get to use it just your personal computer (any modern OS) without a smartphone, than you would also get to choose your own identifier. For Facebook (WhatsApp) this is a non-starter, because your phone number is a way better identifier to link your profiles and sell your eyeballs to advertisers, so it will stay a requirement.
On a PC you could even have multiple accounts on the same device, which is not good value for advertisers either (one device per person makes it easier to correlate various data sources and track you).
No idea why Signal doesn't enable us to use their tool without a smartphone. It makes it look a bit dodgy from a software freedom perspective.
Still it needs a phone number to be used, which is a huge privacy vulnerability, also by encouraging to be used on some of the most spyware ridden platforms out there: a malicious tap/key-logger is much much much easier to hide in a 90% closed source phone than in a FOSS oerating system install on a PC.
FOSS phones hopefully might/will change this, but they're a few months away, and we should also assume most users would rather wait for them to be available than go the easy Android/iOS path.
> we should also assume most users would rather wait for them (FOSS phones) to be available than go the easy Android/iOS path
Why should we assume that? In my estimation, 99% of people in the world are never going to own a FOSS phone. 99% of people probably don't know what FOSS even means.
The Signal iPhone app has made huge improvements over the years and is just about as user-friendly as WhatsApp as far as I can tell. I would love to see it match the smoothness and responsiveness of the animations found in iMessage. It seems silly, but the visual experience of messaging in iMessage is such a delight.
Pity it crashes for me 100% of the time when opening on an older iPhone. Haven't been able to receive my messages for over 2 months - which is insane for a messaging app (I'm not even sure if I'll receive the messages if/when they ever fix it).
This is despite me contacting support and sending the crash logs to them when it happened.
As much as I'd love to support Signal and switch everything from WhatsApp - it doesn't seem like a wise choice if this kind of thing is a possibility.
Out of all features, the one that really holds Signal back from mass adoption: there's no way to backup or transfer messages to a new phone from iOS.
In order for Signal to reach "the masses", it needs to become popular with a large number of people who don't really understand encryption or care about it, but are using Signal anyway because they happen to communicate with people who do care about encryption. That's a good thing!
Unfortunately, it's a really hard sell to tell someone, "Hey, download this new messaging app so you can talk to me. Oh, and by the way, when you get a new phone, you'll lose your entire chat history with me".
It involves a 6 step (with multiple sub-steps) process of navigating the sdcard contents and then transferring some obscure file over USB to a computer and then from that computer to the new phone. I doubt this is something that "the masses" will be able or willing to accomplish.
Also, iOS has about 48% market share in the US, so it's at least half the masses there.
Seriously? How often do you change your phone?
I mean, sure I know that handing your Iphone to some genius means, you lose all your data and so on but that's not always the case on Android phones.
> Also, iOS has about 48% market share in the US, so it's at least half the masses there.
It is not throughout the world and since this app does not target the US population only, I doubt this group is somehow (more) relevant to the argument. Especially because we talk about a small sub-group of both markets who even cares about backups.
This must be the most ridiculous thing I've ever read about the technology market. It is so far beyond delusional, it only can come from an Apple user.
...and than you wonder why people make fun of you.
Literally no "non-tech-savvy" person I know backs up anything at all. I seriously doubt that backup / transfer is on anyone's mind at all when deciding to use a new messenger.
I mean, for most competing apps this backup is completely transparent. It's when they reinstall Signal that they'll notice all their messages are gone irrevocably.
I don't understand this claim: I don't know any non-tech person who has WhatsApp backups enabled and working. If I don't go through the process with them when they're changing phones they'll literally start from blank state and are ok with that.
I installed Signal a few years ago, and pretty much never touched it again. Today I open the app and closed it. After a few minutes, there were a lot of hello ‘messages which got me intrigued. It seems when I opened the app, all my contacts using Signal got a notification! What gives? Obviously uninstalled it straightaway...
By default Signal notifies users when someone in their contacts starts using Signal. You may have installed it before that feature existed so it triggered when you opened it.
Isn't that what all chat apps do? Telegram as t least, and I keep getting notifications of people joining for names I've never ever heard before, so seems like they were a bit overeager even.
Are we still allowed to have heroes? It's risky, sure.
Moxie is one of mine, for all that I'm sure our politics are very, very different. He seems to have integrity. I really hope I'm not being deluded there.
I was wondering why Signal hadn't caught on more. I only use it with a few people. I had no idea it was still in such heavy development! It may be a tough sell. There are many countries where WhatsApp is the default form of communication and has been for years.
There's a workaround. If you use the iOS app in combination with a desktop client, then it is possible to back up messages, assuming they have been synced to the computer.
2. Unpack it and run DB Browser for SQLCipher.exe.
3. Open database, select %APPDATA%\Signal\sql\db.sqlite.
4. In the following dialog, select Raw key type and enter the encryption key stored in %APPDATA%\Signal\config.json into Password field (prefix it with 0x).
5. Now you can work with the database, including exporting its contents to unencrypted SQLite, CSV and JSON.
> I'm guessing your stance on data portability makes your life very hard on iOS anyway.
I have zero understanding why you would ask this. Every single first party and third party app other than Signal on iOS allow me to include its data in backups and/or export it’s data.
> I'm guessing your stance on data portability makes your life very hard on iOS anyway.
Pretty much all of the data in the stock apps on my iPhone is easily portable, and most of it is API accessible, meaning I can use multiple apps to view and manipulate it. Apple even publishes a support doc on how to export your data using first-party tools. For any more complex needs, there are plenty of easily accessible 3rd party options.
Has anyone had success in actually restoring their conversations from the signal backup? I'm on Android and reinstalled the app once when it was causing me trouble (it especially lags with group chats) thinking I'd be able to restore my chats no problem. Unfortunately, even though I had the passcode to unencrypt the backup saved, it didn't restore a single message.
I've done it across three phones so far, works great. The flow is a bit weird though, you need to put the backup in the Signal folder before you start the app for the first time (before it tries to re-register) and it'll ask for the key and import happily.
This is indeed the crucial step, having had to do it several times as well. If you accidentally start the app before getting the backup file onto the device folder, going into the Apps setting and clearing all Signal app data is required to get the import process to work.
I've set Signal to auto-delete old messages. This is like SMS and IRC not an archive.
When I want to save something from a conversation in Signal (or slack or email), I copy it out and store it. Signal does not block you accessing your data.
In addition you actually do have an import/export function for your messages if you're on android [1].
Probably an encouragement to use the disappearing messages feature. It's a peaceful feeling to let data just evaporate without worrying about backing it up. If something is really so important that I can't let it go poof, I'll take a screen shot or save it as a photo/note.
No, it isn't - even on Android it requires you to manually manage the backup files, write down a huge random string and then manually setup sync.
My circle stopped using Signal when it became apparent that dying/lost/stolen phone also means complete destruction of all memories they store in the conversations (unless you go through a lot of hoops to get autobackup working).
It's pretty much the only chat app of the more marketed ones that will lose all your personal data.
> Signal would have to be much better with features everyone (not just the tech-savvy) can appreciate to be able to outweigh Whatsapp's network effect.
Network effects work both ways, and they're only an insurmountable barrier if you preemtively surrender to them. They're also predominantly built of local components, which allows the change to start small by influencing those smaller groups.
For instance, if the tech-savvy switch to Signal and boycott WhatsApp, you'd have the nucleus of a network effect starting to work in Signal's favor. Some political constituencies would probably find Signal's non-profit organization specially appealing, and could also help form that nucleus.
Social behavior can also start help reenforce and accelerate a more general change. If WhatsApp is treated as unfashionable and dated, while Signal is treated as fashionable and new, some people will be more motivated to switch.
Everyone already uses multiple messaging apps (unless they stick to plain SMS). I doubt we will ever converge on one. However, success for Signal would be encouraging enough people to have it installed that it doesn't have any special friction associated with it.
I believe the term you're looking for is 'micronetwork'[0]. This is how Wickr gained use: a certain segment of the population found it very useful, even if it couldn't be used for all their friends.
Signal misses out on this by not offering anonymous user accounts, but otherwise they would have a very clear path to mass adoption.
There's only a finite amount of 'features' a messenger can really have, I don't think it's going to work like that at all. If Signal can reach feature parity with WhatsApp/FB Messenger/iMessage it already offers a massive advantage that's getting more and more popular and it sounds like it is already close to reaching parity.
The biggest win for Signal (although not for the general public) is if WhatsApp ever compromises on their E2E adoption. Because right now there isn't a significant reason to switch between the two given WhatsApps massive adoption.
One unique feature advantage might be the encrypted contacts stuff they mention in the article, but even then that just keeps them at the top tier privacy wise.
I think the point is that most people barely even know what encryption is. They definitely know what end to end encryption is and they don't care.
Signal needs so feature that normal people care about to get them to switch from WhatsApp. Not only that - it needs a feature so amazing it trumps WhatsApp's "can communicate with everyone" feature - i.e. everyone uses WhatsApp. That's going to be insanely hard, if not downright impossible.
They definitely don't know what end to end encryption is
FTFY
Seriously, look at the comments on any discussion about some app deploying end-to-end encryption, or having any sort of security issue/change. Its clear that most people simply don't know the difference between "transport encryption" (device-to-server) and "end-to-end encryption" (device-to-device) (and often move the goalposts to cover on-device data at rest too, often out of confusion).
The common criticim against Signal is that they constantly add features that 'everyone' wants but they don't fix the problem the 'tech-savvy' people want. Signup without phone-numbers and so on.
Interesting. Is there a way to import Telegram sticker packs into Signal? Or convert them automatically? There is an enormous amount of these packs readily available on Telegram but lacking on Signal, after all.
I've been following the team for years. They well deserve the plaudits for the work they have done. I work with people on a daily basis in countries where their lives depend on it.
I still have Signal on my phone (nobody I know uses it, though, as much as I wish otherwise), but there was one problem that I found vexing: if I set Signal up as the default messaging app, any severe weather alerts went nowhere - until I restored the stock SMS app as default and I saw several that I had missed.
Sorry, but I still fail to see how it's considered a good to have used $50 million to make "yet another messaging app" (because anything "for the masses" is "yet another thing" because of network effect).
With 50 million, one would have hoped instead that they would have helped improve XMPP, that they would have developed the "perfect" XMPP client that everybody could and would use, and that they would run "for free" one XMPP server with all the features one can expect of a good messaging service while letting the hard-core base have their own server if they want (no need to support the hard-core base, they do it already on their own).
Or maybe with Matrix if one really don't want to contribute to XMPP, but still, with OMEMO, ... I feel like all the "security features" are coming to the XMPP world.
I still believe that if you're not in control of the whole chain (open source client + open source server), you're not in control at all, because you still have to believe the they are doing what they are promising they do, without being able to verify it.
I was kind of an early and enthusiastic WhatsApp adaptor. Started migrating everything and everyone shortly after it turned out Facebook hadn't bought it to be nice.
I was kind of an early (and current) Telegram user.
I've already installed Signal a while ago and I'm happy to see more and more names showing up there and I'll be happy to move a number of groups in that direction soon I guess.
That said I don't think it will be perfect. As a one to one messenger it will be close to ideal. I also guess short-lived groups will work.
I have doubts about how easy it will be to export all photos from 2019 from a group to create a online photo book or just post it to my familys (private) blog, so I think the last two will live side by side for a while: Telegram for postcard level security (hi grandma, this is what the garden looks like now).
I only wish Moxie was less polarizing and actually stepped down from being its face. He often makes subpar and inaccurate statements about other technologies. He is famous for his derogatory comments about PGP. His talk at recent CCC was anything but dismissive of others.
The thing is, Signal is not special. Matrix, Wire and others sorted problems of encryption while remaining open (Wire is commercial but that good for some).
So congratulations Signal. But we should think really hard whether we want another centralized behemoth. I would prefer donate to Matrix. Support project building client with great UX for masses on top of open, extensible protocol rather than hand over more control to centralized organization led by individual speaking in absolutes.
His statements about PGP are right, though. It's using terrible, outdated cryptography. The odds of finding one who's actually got a setup that isn't full of holes for it is slim, even among programmers. It's barely been used. It's a UX and technical disaster.
Wire keeps track of everyone that every user has contacted for the entirety of the lifespan of their account (not to mention only released it as Free Software after someone found a bunch of glaring holes in their platform, including sending passwords to the server in plain text), and is a U.S. company that goes out of its way to store excessive amounts of metadata.
For that matter, actually, Signal's just as open as Wire. Wire's more or less as centralized, but with way greater risks in the event of Wire's datacenter getting raided.
Tox is the best thing trying to do a similar thing that Signal is doing, and even Tox isn't even very good.
> Wire keeps track of everyone that every user has contacted for the entirety of the lifespan of their account (not to mention only released it as Free Software after someone found a bunch of glaring holes in their platform, including sending passwords to the server in plain text),
Can you link to these issues you mention?
> and is a U.S. company that goes out of its way to store excessive amounts of metadata.
How did you arrive to this conclusion? It is registered in Switzerland https://wire.com/en/about/. Whole development takes place in either Switzerland or Germany. They have usual sales office in San Francisco.
The Wire client authenticates with a central server in order to provide user presence information. (Wire does not attempt to hide metadata, other than the central server promising not to log very much information.) The Wire whitepapers spend an unusual amount of space discussing the engineering details of this part of the protocol. However, the method of authentication is the same as it is on the web: the Wire client sends the unencrypted, unhashed password to the central server over TLS, the server hashes the plaintext password with scrypt, and the hash is compared to the hash stored by the server. This process leaks the user's password to the central server; the server operators (or anyone who compromises the server) could log all of the plaintext passwords as users authenticate.
This particular report is what caused them to open up the server.
> In connection with the financing, our holding company moved from Luxembourg to the U.S., as we believe this will be helpful in future fundraising necessary to support our strong growth. Notwithstanding the foregoing, our current and future customers are licensed and serviced from Wire Switzerland, our software development team remains in Berlin, Germany, and our hosting is European-based. Our enterprise customers can deploy their own instance of Wire in their own data center.
If data, technology and control is subsidiary then Wire, as technology, data and its user still fall under Swiss law.
Holding company =!= all of its business is based in that country.
That said, I appreciate the murky approach to communicating this fact.
We turned on E2E by default on Matrix a few weeks ago at FOSDEM on the develop branches: https://fosdem.org/2020/schedule/event/matrix/. The bug you quoted will get updated and closed once it gets released to stable in the coming weeks. See the last comments on the bug for the actual status :/
I think we see in this that Signal's success is less about tech and more about some product-driven superiority, insofar as it actually reached users and is used a lot already.
It's the old mantra that you may need a Wozniak to do it but you need a Jobs to package it into a great product and sell it. I feel like Moxie is opinionated like a product leader, even more so than as a technologist. He's polarizing. And while it rubs everyone the wrong way on occasion, it's also the story of many a great success.
Signal works great. The one big barrier to more uptake is a feature that many non-nerdy users seem to use: group video chat. You can one-on-one video chat, but not with a group. The moment that's there I imagine huge amount of people would be interested to move away from messenger/Skype.
I've also been told by family that in some Asian countries you have to pay to get it on Android/iPhone, but maybe that's a copycat that is just using the name...
> I've also been told by family that in some Asian countries you have to pay to get it on Android/iPhone
That sounds extremely suspicious. If Signal isn't available in the Google Play Store in those countries, or the Play Store itself isn't available, it can be downloaded here:
I first started using Signal not because of its hard-core encryption, but because it was the only messaging app I could find that:
- Wasn't SMS
- Had a quality interface and feature set
- Had a desktop app
- Wasn't overly clunky for direct messages (Slack and Discord)
- Wasn't affiliated with any major tech company
Its encryption pedigree was just a bonus. I think it's well on its way to becoming a WhatsApp replacement (it already is for me of course, but for the average joe too), especially with the recent breaches the latter has had.
Signal still requires a phone number. That alone should make it non-usable for people who are serious about their privacy.
My alternate solution: stop using smartphones altogether. Technology is not a good solution to the privacy problem, especially when a collective such as the government can read your data anyway, or beat it out of you.
If you're worried about drowning, don't go near water. There are no fullproof life vests.
In many countries (an ever-expanding list), you cannot purchase a SIM card without showing ID, and a copy of your ID is made and sent to the state authorities. That is, mobile numbers are always connected with your identity, you cannot have an anonymous phone number. Consequently, the state can easily determine which of its citizens are using Signal.
While communications on Signal are end-to-end encrypted, in authoritarian states merely using a secure messenger can draw police suspicion.
Some people might not want to give a phone linked to them to certain people while attempting to remain anonymous.
I don't disagree this is less then the userbase of Signal, but I assume it shouldn't be hard to use a randomly generated ID (or similar) system as a fallback options for identifiers, and leave phone numbers as the default and recommended setting.
That's a good point about privacy, but then you're throwing the baby away with the bathwater, since all your secure communication now requires you to operate a laptop at the very least. You'll have more privacy, but significantly less operational capability (ie to communicate with your friends while walking around).
Phone number is convenient to find people and uniquely identify them with a standard info that you have anyway for most friends. If not for the phone-based account I'd have missed that many friends do already have signal.
Verification with a real cellphone number (non-VoIP) is statistically/numerically a good anti-abuse tool.
If Signal wants to allow no-phone-number accounts, it should mark them as such to the other participants in the conversation. Discord does that, and it seems to work well.
But this is a separate argument from using your actual phone number in-app and allowing anyone who has your number to find you in the app.
Does Signal have or plan to have an open source client? Not necessarily freely licensed, just with some minimal auditable component available (like Tarsnap.)
I have no reason not to trust the app, but it would be great if the trust in Signal was strengthened by knowing that (at least) the client source code had been publicly audited and could be verified and built by end users.
Signal's server[1] and client source code[2,3,4] has been publicly available for many years and are even licensed under the (A)GPL-3.0 (with an exception to allow distribution via Google Play and the Apple App Store).
I don't know where you got the impression this wasn't the case. An earlier VOIP product of theirs (RedPhone) had a proprietary server implementation, but ever since the feature was added to Signal proper it has been free software.
IMO, the best way for an alternate messaging app to catch on (to WhatsApp) is federation. If we can figure out a way to have a common signaling protocol across apps and users can choose whatever clients they want, then they have a chance of competing against WhatsApp. At this point, there is no real reason to move out of WhatApp, given it just works?
I think that would be among the best ways to kill the app. With federation and multiple clients you'll never be sure what feature set the other end is using, and the service stagnates to the lowest common denominator of features.
I really hope the UX improves considerably and basic features actually function as expected. Notifications for new messages on OS X were broken for several months last year, for example, and notifications on Android are still hit-or-miss (literally "miss" when you miss a message for several hours!).
I haven't really had any issues per se, at height about a year ago I had just over a dozen contacts on signal. The biggest UX deal breaker was no profile pictures. You can set one, but almost no one will ever see it since almost everyone uses Gmail or another cloudy email provider that will sync or store ancient Google+ (or equivalent) avatars to your contacts. Signal chooses to display a contact photo from your device over what a user sets. This is insanely counterintuitive approach and no other app works that way, meaning no one expects it to work that way. My family and all but two contacts moved back to WhatsApp. I'm glad to read they're focusing on UX now, but I can't bring up switching again with these people. Maybe when or if phone numbers are abandoned, then I won't have to link/associate contacts to my address book and see those old avatars.
I'm hoping someone here has some insight they can share, because I've not really seen it addressed elsewhere.
As per the linked article:
> Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal's servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that's meant to hide certain data even from the rest of the server's operating system [1].
I assume that this is an offshoot or a continuation of what Signal started a few years back with Private Contact Discovery, a truly difficult problem considering the amount of user data and metadata Signal wants to avoid collecting [2]. It's a hell of a job, and I commend Signal's efforts.
Assuming I'm right, I'm curious as to why Signal is going down this road, specifically, relying on SGX (or any proprietary vendor solution) for security, or if they should. Due to the spate of speculative execution vulnerabilities in Intel hardware, it would seem to me (a layman) that this is a bad approach that will create more work for them down the line, and may rely too heavily on a single set of features. The Foreshadow attack was one that supposedly compromised SGX, with full mitigation only being possible with hardware revisions [3]. Even then, it may not be safe to assume that's the end of problems. Only recently, another attack on SGX was found, specifically, PlunderVolt [4], which at least can be supposedly mitigated via microcode update vs hardware refresh. Still, it seems like shaky ground, especially to be building additional Signal features upon.
Much further down the list of concerns, it seems like all these SGX-reliant features lock them into using Intel's platform exclusively. It's probably neither here nor there, but is this something they should be concerned about, or is that just the price to be paid for the advanced privacy features Signal offers? Is there any effort to disconnect these features from the hardware platform? Is it even possible? Should they? Am I even asking the right questions?
My worry is that Signal finally reaches some form of feature parity with the biggest messengers (I'd say it's there, mostly), SGX gets broken in a way that's not easy to fix, and all this time and effort will have been wasted, especially if they have to roll back user features which grow the platform in order to maintain safety.
I ask all this having no solutions myself, unfortunately. I'm neither dev nor cryptographer, only someone curious with some mild technical leanings. I generally lump myself in with the average user crowd, knowing just enough to be saddled with the 'Family's IT Person' label, but not enough to actually work in the field...as such, forgive any ignorance or obvious mistakes on my part. I've just not seen these issues addressed, and figured you would be the crowd best able to do so.
From what I understood of the article about secure value recovery [1], SGX is used to derive a more secure key from the password you provide, so a broken SGX alone is not enough to decrypt the data stored on the server, you still need to crack the user’s password. Of course this only helps those people with an actually secure password, which is why they go through all the trouble with SGX. This makes me feel a bit better about their reliance on SGX – as long as you use a long random password stored in my password manager, you don’t have to trust SGX at all.
Thanks for the reply. That makes sense in the context of Secure Value Recovery (to be rolled out, I think); it sounds similar in concept to how 1Password uses a user-derived master password along with a semi-random secret key in order to make a Master Unlock Key, which is then used to open the vault [1]. This seems pretty solid, at least to me.
It doesn't speak to any unexpected weaknesses in SGX due to hardware issues with Intel, though, that could be exploited with speculative execution attacks, and what possible information might be obtained were that to happen. I'm not certain how useful it would be to attack this specific feature to obtain saved social graphs when it may be easier to leverage those speculative execution flaws elsewhere in Signal's back end (I may be talking out my ass here, since even your link was pretty in the weeds for me).
I'm also not sure if it's prudent to trust SGX when it seems its protections can be overcome. Hiding all this information behind different SGX features might be all for naught if SGX itself isn't much of an impediment. Which all gets back to my original concern: is this trust in SGX (and by extension Intel) putting too many eggs in a single basket? Is there any fallback, just in case? What would that look like?
I sure as hell don't know, but I haven't even seen the question asked. Signal hasn't addressed it, and it may not even be worth making hay over, but I figured the smart folks around here would, if nothing else, be able to make some headway.
Signal's quality has gone down for me in the past few months. Delayed messages(<insert paranoid fears of MITM>),UI quirks and other instabilities. It was not like this for the past few years.
Slack took over the world ? They only have 12M DAU. Sure, they’re successful in the enterprise market in the US, but by no means they have taken over the world.
Signal doesn't have deletion. I just tried. All it seems to have is delete on my device and set timeout on all messages.
Messenger only got delete last year.
Neither have editing.
If ~all messaging apps sans IRC and SMS have message deletion why does Signal not have it?
It's like IT people live in a bubble. Why on earth would you not allow users to edit a sent message. It's like they believe some indoctrinated idea where a sent message is untouchable not matter what users want or some cargo cult ideas about IT security.
Slack gave users what they wanted, not what IT nerds wanted them to want. How in the 21st century can we not be able to edit sent messages? Are we connected or not?
> Signal doesn't have deletion. I just tried. All it seems to have is delete on my device and set timeout on all messages.
I see. I definitely assumed it's deleting on both ends of the conversation.
Slack didn't win because of features, but because of marketing, free tier, and network effects. It never was and still isn't the best chat service when it comes to features -- the trainwreck of their threading implementation is one of the more prominent examples.
And the founder of whatsapp is bitter about what Facebook did to it, and is funding signal now. And Moxie is no fan of Facebook either. These aren't some random kids and a VC.
I'll never cease to be amused by the synthetic love for "Moxie Marlinspike" - that is, Matthew Rosenfeld. Funny what a little publicity and millions of dollars of government money can do.
if it needs my phone number to sign up then it is not remotely making me more secure. the mere fact they get my phone number makes me less secure in multiple ways
That's cool, but I'd rather Signal first did 2 other things:
- Make it so notifications go through consistently, for both messages and calls. Right now, about 1/3rd of the time, I find out about new messages when I open the app. Doesn't matter if it's desktop or mobile.
- On Desktop, please, please find a way to make it not feel extremely laggy. I'm typing and I'm getting like 10 fps, it's horrible. And it uses so much RAM. Jesus christ, it's 5GB and I've only got 2 contacts.
This my professional opinion since I lack the resources to perform a true analysis, so instead I speculate based on current nation state trends and the US government’s surveillance track record. Signal is a big red flag to me. I choose not to trust it. Signal specifically targets an audience of interest for the NSA—those who are actively trying to encrypt their communication. I have an eking suspicion that Signal could be a surveillance tool similar to the UAE’s ToTok messaging app. I don’t care if it is open source or uses E2E encryption. Unless you’re jailbroken or rooted and can install unsigned binaries, the binary you installed from the Play Store or App Store could contain backdoors. Your decision to trust and use this should be judiciously evaluated based on your threat model.
I also had this thought. Given how vehemently reproducible f-droid builds were rejected, along with forks, and the app insistance in "phoning home" continuously on phones without Google Play at the expense of the battery, regardless of the multiple fixes submitted that were ignored. The outdated openssl in signal-desktop, the lack of libsignal development vs fancy UI, the strong rejection of any sort of federation work as "too hard", the plans to upload contacts somewhere as if the masses they target needed this at all... but yeah they added stickers so must be legit.
Literally yes, but it's a very reasonable fear based on a very prominent level of uncertainty and doubt in quite a few of Signal's / Moxie's decisions.
How? Can you prove the binaries on the Play Store/App Store do not have backdoors? Most nation states engage in domestic surveillance. Here is a story about ToTok: https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.... Logically, chat applications are an ideal platform to engage in surveillance. There is no FUD here.
As greysonp points out, yes; Signal has had reproducible builds since March 2016. So we can prove that those published binaries do not have backdoors insofar as we can prove that the corresponding source code does not have backdoors.
Federation makes secure cryptography very difficult and is confusing to less technical people, which is Signal’s target audience. Also, SIM swap attacks don’t work if you set a registration lock PIN.
A centralized phone number based service is a requirement for a messaging app to get any real traction. A messaging app is useless if no one you know in real life actually uses it.
Difficulty or "real traction" types of arguments are just an excuse to pursue walled garden approach. I find it unacceptable.
And "confusing for non technical people" is a completely bogus argument which also hides real intent of those who oppose federation. Non technical people get e-mail idea just fine. And it's federated for the reference.
"WhatsApp had used Signal's open-source protocol to encrypt all WhatsApp communications end-to-end by default"
Allegedly*.
Since Whatsapp is proprietary, it can't be proven that OpenWhisper wasn't tampered with on the server. And chances are always against the link that needs the most protection, the user.
It should be sufficient to inspect the client because end-to-end encryption prevents the server from seeing the message plaintexts. The worst it could do is send the wrong encryption keys to the clients (i.e., attempt a MITM attack, or add unauthorised participants to a group chat), but this can be checked out of band (e.g. QR code in person), and the client provides a message when a contact's public key changes.
If the client implements the Signal protocol correctly, and the key pair is generated securely, private key not transmitted to the servers, etc., then the server should not be able to do anything nefarious without the client noticing.
However, these "enrichment features" from Signal over the last 2 years are less than what competitors like Telegram put out in 2 months.
Really basic things remain undone. Like being able to carry your contacts/message-history forward across planned device-upgrades on iOS – https://github.com/signalapp/Signal-iOS/issues/2542 – 4.5 years after it was "on the roadmap".
Many of Signal's novel cryptographic innovations, while cool, depend on trusting Intel SGX: both as a technology & in Intel's stewardship of the master keys/attestation-chains. Many cryptographers don't believe SGX will be technologically reliable anytime soon, and much of the world will probably see US-based Intel Corp similar to how the US sees China-based Huawei.