I definitely agree with the article that it felt a bit like a betrayal. I've pushed some friends and family to use it over Telegram despite significant usability issue, and now I see that instead of implementing some IMO basic features like proper message sync and easy backup when you get a new phone, they prefer to implement a... micropayment system? Based on some niche altcoin which doesn't even exist on mainstream exchanges?
It goes beyond the usual issue with cryptocurrencies. Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea? You can already send wallet addresses over signal if you care to do it.
I'm willing to give the Signal devs the benefit of the doubt and assume that they meant well and aren't actively trying to benefit from the move (even though I'm not completely dismissing this possibility) but at the very least it's just showcases a very strange way to lead the project and prioritize issues. I can think of a dozen things out of the top that would do more to drive Signal adoption than integrating with some "literally what?" cryptocoin.
This is going to drive the adoption of this niche cryptocoin, it's not going to do anything at all for Signal.
The perceived advantage of Signal over Telegram is LITERALLY not having an option for a cloud-synced chat and ONLY having end to end encrypted chats. That's all.
You give up of usability to get that advantage. Explain to your mom why she has to give up Telegram to get basically the same functionality as Telegram secret chats.
Signals crypto is used by Facebook and was sponsored by the US Govt. Before you believe "OMG Telegram crypto is bad!" FUD, do 15 minutes of research.
Signal's by default e2e encrypted chats can be used across platforms, e.g. synced across desktop and mobile.
Telegram's secret chats are only available on the device where you initiated them. That's a major disadvantage.
Signal doesn't even have a web app. They have a desktop app that works great and that I use every day, all day long for all kinds of communication. On my desktop and laptop.
The problem is entirely that its cryptography was sketchy and just plain weird to begin with. It wasn't wrong, per se, but raised some eyebrows. And then some of the questionable choices were silently fixed removing the ability to MITM, etc, but with no real notice.
Interestingly, if you say that Signal's funding is sketchy and it raised some eyebrows, that would be FUD (see sibling comment). But saying the same about Telegram encryption is for some reason perfectly fine and definitely not FUD.
Shouldn't we have the same standard for all claims?
> Interestingly, if you say that Signal's funding is sketchy and it raised some eyebrows, that would be FUD (see sibling comment). But saying the same about Telegram encryption is for some reason perfectly fine and definitely not FUD.
> Shouldn't we have the same standard for all claims?
So you're saying we should have the same standard while literally giving two different types of allegations that are thrown at Signal and Telegram respectively?
We either consider the funding of both and decide how the funding COULD ultimately impact the product, or we could look at the source code of the applications and the cryptographic theory supporting them and talk about that. If crypto experts aren't finding holes in Signal's protocols [1], I don't think random people on the internet yelling "bUt It WaS fUnDeD bY ..." will make it less secure.
That's a big advantage, and a very important one. But definitely, that and the superior crypto is what keeps me on the app. Telegram is in a whole different level when it comes to usability and refinement.
>Signals crypto is used by Facebook and was sponsored by the US Govt
Hey, advisor for a non-signal E2EE chat service here that also benefited from the Open Technology Fund.
I recognize that you'd basically just be taking my word for it, but literally all they did was take an application from us, approve it after doing their diligence, and paying Cure53 for an assessment. There was no other involvement or, as you're implying, interference.
Just my experience, but I'm publishing this because the fud breaks my heart. OTF does good work.
In my experience, most people who project nefarious intentions on the government have no experience working with or within the government. The government, after all, is a big thing with no unified goals or intentions. But for some reason, for some people, 'government' always means 'bad'.
It could be, I believe what you say is very much the truth.
But that doesn't really matter. Even by doing that. these two are associated. Imagine, if there was a non-profit, that took money from some Kremlin or Fobidden City development program, using exactly the same procedure. Would be that non-profit trustworthy going forward, given their association?
So this one is the same, just with red and white stripes. Definitely not FUD, they did take money from US Gov agency.
> Would be that non-profit trustworthy going forward, given their association?
Kinda depends. If the money was authorized by a parliamentary body (with clear legal text around who's receiving funding, what the conditions are, etc), I wouldn't be so worried. If it was authorized by an executive as a disbursement from a random pot, I'd be more worried about strings.
Ergo my comfort with US congressional funding v. a DARPA grant or In-Q-Tel investment.
That is not the point. The point is what does the funding get them? A backdoor? The algorithm as well as the client source are open for audit and have been audited multiple times.
Last I checked, end-to-end was only available on the phone app (not the desktop client) and only for one-on-one conversations. That's a pretty huge difference, but one that most people won't even understand or care about.
But the simple fact is that for most people the security profile of Telegram is good enough and its UI is miles ahead of Signal.
I've already complained about that in the past but the fact that the desktop client still won't let me set the spellchecking language is baffling to me. It's an application that's meant mainly for exchanging text, and it won't let me configure the spellchecking, and let's not even talk about formatting options.
It amused me when in the announcement they said that the reason for testing the payments in the UK was that they were English speaking. You can tell that this is an application developed my monolinguals...
Can you share what you have discovered about Telegram's crypto implementation in these 15 minutes of research when you did them? That would be far more useful than just leaving a teaser without anything concrete.
As someone who has been defending Telegram against certain claims here from time to time this is still a sad day for me.
I'd appreciate however if everyone who has been saying ugly things about the alternatives would take a step back now and consider if there is more to security than E2E-encryption.
E2E-encryption is a seriously nice and useful property of a messaging system, but in the long run it is only one of many important details, and while E2E-encryption is always a good thing for end users as far as I can see other useful properties are often directly at odds with each other:
- incentives and funding. Free to give everyone the ability to use it or paid to align incentives?
- anonymity or verified identies? Both have significant advantages.
- repudiation or non repudiation? Depends on if you agreed on a contract or discussed something that the new regime doesn't approve of.
- backups? or ephemeral? Again, depends on if you are sharing family photos in a group or or sharing something that should stay between you and the recipient
Edit to add: As for solutions I think healthy competition is one of the best ways to ensure every messaging system tries to be tje best they can be.
I just recently got a new phone, and used the new feature to do this (uses wi-fi direct) and I have to say it seemed like it would be easy enough for non-techy users to use.
Not completely. WhatsApp pushed out an Android-compatible backup option on their BlackBerry 10 app when they announced that they were shutting the app down a few years ago. But it was behind a notice that said it was 'not supported', even though it worked fine. Only to Android though.
I transferred between two Android phones, and had to re-pair desktop clients. It all worked, but now the desktop client won't receive messages I've sent via phone.
Also video calls still don't synchronize orientation. It's very hard not to stoop down to use more vulgar language to express my feelings about this.
Most people don't switch platforms very often so it's not a big deal to them and just a corner case. Also most people don't care that much about old messages so again a corner case.
That's great to know, I didn't know they had improved on that front. Last time I tried to do it you had to manually copy a file from a micro-SD card (and it was only supported on Android) and then you had to copy a crypto key. In the end I couldn't get it to work and gave up.
Unfortunately day-to-day my issue is more with syncing the desktop to the phone client's history and as far as I know it still won't let me do that.
An other super convenient feature of Whatsapp and Telegram is that they offer a pure web interface with basic functionality which is super convenient if you're in a pinch and don't want to/can't install the standalone desktop application.
Yeah, but consider the use case where you lose your phone in an accident or someone steals it. You can recover your sim card, you know your recovery password. But you'll be SoL and you won't be able to recover the history of all of your group and individual chats. This sucks.
I only just got this set up, but you can point the automatic backups to your SD card on Android. I guess some cloud sync app could pick it up from there or internal storage.
Not sure why this was downvoted. I switched phones yesterday and transferring signal with the direct wi-fi transfer was easier than transferring whatsapp, I do know that that used to not be the case.
Zero. This was an obvious get rich quick scheme. They intentionally fragmented the space of privacy coins to profit off of a frankly disgusting pump and dump.
Mobilecoin (Foundation) is a technological, ethical, and legal tour de force. I recommend you read their FAQ, but, to me anyway, it is obvious why Signal/Moxie needed to create a new coin (tl;dr: It needed to be a private venmo-like experience). To prevent conflicts of interest, a new org was created. Hence Mobilecoin, not SignalCoin. A few highlights:
Technological:
* First Oblivious RAM implementation, "fog", so that transacting parties cannot be revealed
* Their Rust codebase is really nice
* Instant transfers with little computing power (CO2 emissions)
Ethical:
* Moxie and Josh Goldbard hold no MOB, along with the employees. The Mobilecoin foundation has some awesome partners, e.g. the Long Now Foundation.
* Mining is not ethical, it pollutes the planet and is just bad. The only alternative is a "pre-mine" given to an independent org, ie Mobilecoin Foundation
Legal:
* The US's laws are not clear on what is allowable with privacy coins, so Mobilecoin has played it conservatively by saying US residents can't own the coins.
In summary, the critiques of Mobilecoin (in any of its incarnations, foundation, moxie, etc.) are assuming the agents involved have a financial interest in MOB being expensive -- I contend that is not the case. Please show your evidence.
>Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea?
No, not private. Also slow. Also pollutes planet. Monero is close on the privacy front, but takes 3 minutes to send (very stressful). It's possible a coin with the proper attributes could be made on stellar, but that raises questions towards ownership of Lumens (and pumping them) and their stellar reimplementation in Rust is likely more secure.
>Niche coin
nit: MOB has a top 15 market cap with 250m coins in distribution. Though I would hesitate to compare to other cryptocurrencies which are almost entirely scammy, polluting garbage.
> Moxie and Josh Goldbard hold no MOB, along with the employees
Right, the foundation sells the premined crypto-currency at a pumped up price. The foundation pays Goldbard and Moxie for their work. Employees are paid from the VC. No one connected has to hold any of it, nor will they want to after the dump.
Agreed that the foundations and payments need to be transparent. But if they are making, say on the order of a hundred grand a year in payments, wouldn't it behoove them to have a stable or increasing MOB market cap in the long run. IOW, if payments << market cap (currently O(10B)) then pumping and dumping is a disincentived move.
Could you provide a concrete link please? There's a bewildering array of officials looking websites with zero information. And a widely shared white paper (among others linked from Wikipedia) that Josh claims isn't the whitepaper he originally wrote. It's hard to know what's what.
This makes me sad. I have, up until now, been happy with Signal, but with this foray into cryptocoins, I now put it in the general "why do you hate the planet" bucket that all other cryptoshills are in.
It works (FSVO "works") for small levels of transaction, but does not scale to "a substantial fraction of humanity uses it for payment" (low-end, imagine 2.5 billion people trying to make on average 3 economic transactions per day, you'd need to be able to sustain about 80k transactions per second; now note that I low-balled bot the number of economic transactions AND the global population).
As a signal user and even promoter my biggest issue with a new cryptocurrency is that my privacy and security concerns for a chat app are different from my privacy and security concerns for monetary transfers.
I'm not sure why you find Monero's confirmation any more stressful than instant-like blockchains, most wallets will show pending transactions as soon as they enter the mempool.
Proper message sync is hardly possible with end-to-end encryption everyone so excited about (without fully understanding the implications of true secrecy). If you have e2ee and then sync messages via google drive (looking at you, Viber), you are kinda missing the point.
I remember that Skype, before it was bought and ruined by Microsoft, had P2P chat history sync that worked the following way: once two of your devices were online at the same time, they synchronized chat history among the two running instances flawlessly. It was super reliable and predictable.
I am sure that Signal could implement the same peer-to-peer sync scheme with full end-to-end encryption without any secrecy compromises.
Don't forget about when IM networks actually used open standards instead of closed proprietary protocols. Managing all of my accounts through pidgin was a breeze, and didn't leave me swapping between half a dozen different programs trying to remember which networks somebody would typically use.
That was never a thing: Pidgin & the rest had to write their own implementation for many of those protocols, starting with AIM.
There was a tiny period, somewhere in 2006, when many services were XMPP, maybe even federated, but due to the lack of good clients - compared to skype -, it never manifested as good as it should have.
There are now many nice XMPP clients, but the big players now all moved into proprietary territory.
I also remember a period in time when I could use Trillian to connect to ICQ, MSM, AIM and have it all in one convenient chat client without having to fire up all the individual ones. Granted it sometimes broke when the protocols updated, but for a moment it was pretty cool.
This is actually working very bad in most practical situations. The way to go is Telegrams way, where you store all data on the server and happily sync ut easily between devices. Just do it on your own server using xmpp. E2ee helps mostly against server owner, and you eliminate this risk by being your own server owner.
> E2ee helps mostly against server owner, and you eliminate this risk by being your own server owner.
Unfortunately you only eliminate it by being your own server owner _and_ your recipient being their own server owner. Take a look at email: I might not want to use e2ee because I self-host, but the second I send an email to a friend hosted on gmail, Google gets all the content.
I think federation does have its place (for different reasons) but it unfortunately isn't enough for privacy.
XMPP is extremely light, you can use a moderately powered personal computer to handle traffic from several users. I don't have the numbers with me but last I'd heard, the number was in the hundreds.
The nice thing about client-side/end-to-end security is that the service provider matters less.
Also, $2/month is $2 more than many people would be willing to pay for private messaging, and I can't message people on a network they're not on, no matter how much I pay.
And if you're privacy is worth less than $2/month, just use Telegram. It works way better than these messenges obsessed with privacy, precisely because it does not have encryption for most messages
That looks a lot like a server hosted by somebody else in a data center.
It's also way more hassle than almost all of my contacts would be willing to go through, and if only I self-host but they don't, it'll be Gmail all over. (Almost all emails go through Gmail because that's what at least one of the parties in an exchange is likely using.)
Point-to-point encryption is not enough for messaging in today's network topology.
> just use Telegram
No thanks, I'll continue using one actually spending some effort on not being able to read the messages their users send.
Fortunately most people in my country do. Ironically it's only a couple of people in my circle of friends worried about the privacy of said messenger switching to Telegram "because it's encrypted"...
One of the features of the Signal protocol is that each message is signed with a different key so that if one message is somehow compromised it's still impossible to retrieve the others. I think this would break with P2P sync.
Your Signal client has all the messages stored unencrypted (this is true because you can read them all, and search all the local messages).
What's preventing the client from dumping all the messages to a single file, encrypt it with a public key of the other running instance of Signal logged in to the same account, and send it, so that your other device can decrypt the file and import all the messages?
First people want full security, but when they encounter inconveniences that come with true full security, they start wanting convenience. What works best is a very very very good promise of security without e2ee, as shown by Telegram. It's users just know that Telegram is the most protected messages, and they are happy with it's advanced features.
e2ee is a technical term, not a social term. It only means that 2 devices exchange bytes and no third-party can read them. Nowhere is there any obligation that the 2 devices belong to different people: it is perfectly possible to exchange history between your laptop and your smartphone with e2ee.
This article mirrors my feelings toward this announcement well. I spent a significant amount of time trying out different messaging apps and convincing my friends and family to move over from Telegram and WhatsApp. I used my reputation and their trust in my expertise.
The whole blockchain industry is just too mixed with scams that I feel comfortable to have my non-tech relatives dealing with it. It's enough that I have to educate them on 'investments' in random coins (it's gambling) and cure their FOMO regarding NFTs. Now the technology will be integrated into the messaging app that I endorsed, well-packed together with the smelly involvement of Moxie with the currency.
I've always hesitated to recommend Signal to people due to Moxie's attitude towards the more traditional security and privacy community where things like federation and open source are respected concepts. Tack this on the list and Signal just seems like a crazy thing to recommend now.
If they can get the onboarding process on Element to be just a little bit easier, maybe a phone number based default, I'll be dumping Signal in a heartbeat.
That's exactly my thoughts. I convincd all my friends and family to switch over to Signal, and now this bullshit. I should have trusted my gut feeling about Signal not wanting to use a decentralized protocol to be a bad sign in the long-term.
> I've always hesitated to recommend Signal to people due to Moxie's attitude towards the more traditional security and privacy community where things like federation and open source are respected concepts.
My understanding is that is a part of the amateur 'security' community, not the professional or expert one?
>>> I've always hesitated to recommend Signal to people due to Moxie's attitude towards the more traditional security and privacy community where things like federation and open source are respected concepts.
>> My understanding is that is a part of the amateur 'security' community, not the professional or expert one?
> Why would you think that? And what is the amateur 'security' community?
Hi - I think that because IME federation and open source are heavily emphasized by amateurs, and much less so by professionals.
By amateur 'security' community, I mean nothing more than it sounds - non-professionals who focus on security, among a constellation of other issues.
My point is that the arsome's comment (the first one) uses "traditional security and privacy community", and I want to clarify what that means. Among professionals, Moxie is much more traditional than the amateurs are, as I understand things.
I've been highly impressed with the UX for quite some time, but have refrained from pushing it (and the likes) onto friends. My family and friends seems to have slowly drifted towards signal, and I haven't bothered affecting that, but if I would go from a pure UX, I'd suggest telegram. So, I'm genuinely curious to know others' thoughts on it. I have only limited knowledge, just vague recollections of Russian developers (?), which might or might not have distanced themselves from political pressure (?), as well as the app itself being somewhat open sourced (?), based on the same protocol as signal (?).
Telegrams stupidity was marketing itself as secure. If it never had, then all arguments and sour intent towards it would be hugely misplaced.
As it stands, it’s not E2E by default and it’s E2E scheme is homegrown- which is usually not recommended (though IMO was not a dealbreaker), the big issue there was that there were flaws in the original design of the encryption scheme which makes it harder to look passed the fact it’s homegrown.
Telegram can intercept most messages on the platform, however, ultimately I trust them more than Facebook; so I’m less concerned.
Additionally, since Facebook controls _both_ ends of whatsapp _and_ does not support third party programs, then even though WhatsApp is E2E there’s little preventing Facebook from pushing an update to your phone which backs up all your chats to their cloud.
Yes, and enabling E2E "secret chats" on Telegram actually hurts user experience, so most non-tech-savvy users avoid it. Additionally, your address book is continuously synced to Telegram servers.
> there’s little preventing Facebook from pushing an update to your phone which backs up all your chats to their cloud
Just to add to your point- WhatsApp currently backs up your chat history to Google Drive or iCloud unencrypted. It requires opt-in but they nudge you frequently.
> Additionally, your address book is continuously synced to Telegram servers.
It doesn't even need access to contacts to run, and it happily runs on machines that don't even have address books (and, might I add, has the best UX there as well).
What you do need, at least for initial signup, is the ability to receive SMS, like you do with Signal. I wish all of them would just stop that nonsense.
Contrast that to email. Even if gmail.com bans you or shuts down, you can still use a different email vendor or self-host. (You lose your old email address if you don't own a domain, but you can still communicate with others.) The only good IM that has this characteristic seems Matrix.
As we've seen from XMPP and Matrix federation comes with it's own set of tradeoffs. Matrix (specifically the element client) has come very far but it's still not at a state where I can reccomended it to non technical acquaintances.
Perhaps you tried it before key cross-signing? In that case, you had to verify each of your devices with each of your participants devices. Now you only need to verify once per participant. It's much better now in general.
I am also a happy Telegram user and think it offers amazing UX but if you leave WhatsApp due to privacy concerns, Telegram might not be the right solution. All Groups and by default any other conversation you have are only encrypted in transport between your client and their servers. Also their encryption has been called into question a lot at the beginning.
As other the other answers state: It's them rolling their own cryptography. Also, not having E2EE in group chats. Their UX is really good and I agree with you, going from that alone I would always suggest Telegram too.
There are other considerations too, like that fact that I often got notifications that someone joined Telegram but that person was a friend of a friend and not in my personal contact list. One of my friends works for an actor's agency and then I got notifications when some of his clients joined the platform. I'm pretty sure they weren't aware of it and from a privacy standpoint this is very questionalbe and left a very sour taste. I always feared that I missed a privacy setting and am exposed the same way.
If that person is your contacts, you get a notification.
If you're in someone else's contacts, they'll get a notification when you sign up too.
Contact information gets uploaded (Name, Email, Phone Number) so that they can generate "rich" push notifications, as the server issuing the push has to produce the message (no code can run client side).
Which has benefit so that you can see past messages. This why I think Telegram is a perfect place for hosting public groups chat (like an IRC but with better usability).
I interviewed at signal a while back, and none of their recent mishaps surprise me. At first, they had me talk to Brian Acton on the phone for about an hour, who seemed to think I was already getting an offer, and he was there to sell me on it. He was cool to talk to, so I didn't mind, but I was surprised at this level of confusion for a company that small.
Next, I was given a lengthy take home project (which I was warned not to do in a language other than Java, because Moxie would reject candidates if they didn't pick a language he liked). After I finished it, they disappeared for a month.
Apparently I passed. They said I was basically the only one out of 200 people they sent it to that did pass. I assumed this meant I would be getting an offer, but they then wanted me to do a full onsite. The "onsite" weirdly consisted of another take home, but shorter, and a live interview. After not hearing back again for a while, I got an email titled: "Hello from Signal!". Great! I opened it, excited: it was a rejection.
I tried to get feedback on why I was rejected but never heard back. The best thing I can come up with: in the system design interview, as a solution to a postgres node being overloaded, I didn't come up with the solution of having a SPOF redis node with a full key scan every 10 minutes acting as an intermediate data store before transferring to postgres. I was told this is how they actually do things.
Take this with a grain of salt, since I'm obviously still irked by the experience, but it's all true.
> I didn't come up with the solution of having a SPOF redis node with a full key scan every 10 minutes acting as an intermediate data store before transferring to postgres.
Obviously that is bad architecture smell.
But if you didn't already know; redis supports high availability through "sentinel"[0].
Sentinel smears the SPOF out into a redundant (but still memory-backed) system. Backups mitigate the risk of data loss further. AOF can also be used but may cancel out the performance gains.
...and none of those change the fundamental durability/performance tradeoff of the system, nor do they replace a proper scaling strategy for an RDBMS.
> SPOF redis node with a full key scan every 10 minutes acting as an intermediate data store before transferring to postgres
On the one hand, oof.
On the other hand, the number of massive software architectures on extremely well-known platforms held together by exactly that system (not an equivalent one, exactly Redis-in-front-of-RDBMS-with-cronjob-flush, no RDB backups, AOF, Sentinel or anything either) I've seen is also depressingly high.
I was recently pulled onto Signal by a non-techie who values his privacy. I talked to him about Matrix/Element and he had no idea what that was, but was very happy with Siganl. I must admit, the app is very nice. All I had to do was give it access to my contacts and bam, I am now able to chat with all my contacts.
By comparison, Element is much more like a chat program than a phone messenger. It's good for "I want to connect with that person from GitHub" instead of "messaging the cute girl I met last night" or "messaging my grandpa". And yet, it feels to me like Matrix/Element is the platform less likely to pull something like this. Then again, Keybase seemed that way as well...
> By comparison, Element is much more like a chat program than a phone messenger. It's good for "I want to connect with that person from GitHub"
Element is what messaging should have been from the START: a federated service just like email, where you register an account with your provider of choice, just like email, and start adding/chatting other people after getting to know their address, just like email. So, instead of asking that cute girl her phone number or her email address, you would ask her her element address.
Whatsapp spoiled this approach years ago, so now we are basically screwed because everyone is used to the central approach and it's almost impossible to move away from it. But TODAY's implementation of Element and their shiny clients 12 years ago, would have been a great success just like WhatsApp was (whishful thinking at its finest, I know).
There's also DeltaChat: It looks more or less like WhatsApp, but it uses email as the transport and storage mechanisms, and it is seamlessly encrypted with AutoCrypt. It supports both one-on-one and group chats. It has apps for mobile and desktop.
But I said with today's Element UI/UX. Anyway email was already a standard before corporations took over internet, it would have been really difficult to have a decentralized standard taking over in the 2009 Internet already. Also XMPP was EEE by both Google and Facebook around that time.
I think you hit the nail on the head with "Element is much more like a chat program than a phone messenger". Me and a friend experimented chatting with Element (Riot at the time), and while it certainly "worked", the process of getting everything working was not something I would expect a non-programmer to be able to figure out. We had to finagle different keys across different computers and phones and it was fairly painful. Both of us are software engineers, so at some level we have fun figuring this stuff out, but I cannot see a universe where Element catches with the general public unless the process is as quick and painless as Signal.
I feel like Element works better as a competitor to Slack or IRC than as a competitor to Signal or Whatsapp.
> I feel like Element works better as a competitor to Slack or IRC than as a competitor to Signal or Whatsapp.
To me it's a competitor to Keybase. "I want to send my co-worker/client an API key that I don't want exposed to the public" is about the only use for Keybase I've had. I have like 5 contacts on there for this reason. Slack/IRC is much more usable for getting shit done, but not being E2E I wouldn't send anything sensitive over them. Element is currently a "this is a mildly nicer experience over PGP + Email/Slack.
I know very little about the intricacies of cryptography, but part of me wonders if there's some way of doing a federated "key synchronization" service similar to keybase.
So Keybase is just a UI for PGP/GPG (well that was what it was before it became a Borg). The problem with GPG:
1. You need to keep your private key very private, which is incompatible with the idea that you might have several devices you normally use. GPG itself does not provide you with a mechanism to sync your private keys between devices because this is a super insecure thing to do without some serious work.
2. GPG requires that you and another person verify each others' public keys out of band. I need to meet you in a parking lot to validate your key fingerprint while you validate mine.
3. GPG's web of trust relies on attaching public keys to real world identities. You are asked to validate government documents when verifying public keys. That's incompatible with how a lot of us want to work. Note that this isn't a built-in requirement, but GPG itself provides no guidance on how to validate user123 on GitHub, just User Onetwothree Jr in real life.
4. GPG's UI is almost as arcane as tar :)
Keybase solved this by:
1. Providing a secure way to manage private keys across devices.
2. Outsourcing proof of identity to other providers. Its use case is validating the identity of user123 on GitHub, which happens to also work fairly well for CelebrityName on Twitter, or FriendName on Facebook.
3. See #2: social proof means you can attach that proof to any kind of identity.
4. GUI + nice TUI works better.
Where Keybase fell short was that a non-techie will not understand much about "social proof" and the only kind of social proof they have access to is limited to Twitter, Facebook, and Instagram.
Signal's solution to this was simpler: you have a QR code/set of numbers that represent your fingerprint right in the app. You show me yours, I'll show you mine. We get connected by phone number or email. That's it. If Signal was built on a federated platform it'd be perfect and nothing about it from what I understand prevents that.
That sounds kinda similar to the problem Matrix solved with cross-signing, how when you login to a new device and verify it with one of your already logged-in devices, it can request your old message keys E2EE so you get all your history.
Maybe a similar thing could be built on top of it?
It has improved a lot. I once wanted to switch with another tech-savvy friend 2 or 3 years ago and the experience was abhorrent.
Nowadays I use it mostly like a IRC client and it improves constantly.
However the comparison between this and signal falls flat due to the metadata that needs to be stored on matrix servers due to its federated setup.
They are less likely to do this kind of secretive development, but they could go that direction. They have considered cryptocurrency in the past, see https://matrix.org/blog/2017/08/22/thoughts-on-cryptocurrenc.... They are open, but still driven by a single company which could change direction at any time.
They also surprised their community multiple times with renames of their app and weird redesigns (remember the horizontally-scrollable unordered bubbles for room selection?)
Which part? The part of also integrating SMS functionality? The part where I can message my other contacts who aren't using Matrix via SMS and finding them by phone number? Having a good marketing strategy?
Sorry, I should have quoted. They are “unable to pull something like this” due to being a federated protocol. If they try to add crypto to their app, another app can be used to communicate to the same people in the same way.
Would you say this is a weakness of element or matrix itself? In principle you could made a clone of signal, WhatsApp, telegram etc. using mobile APIs right?
I think it's 100% the client. But this is the problem with a federated system like this: it increases your marketing surface without providing apparent value to the consumers. Consumers don't want choice, they want the one product that will do exactly what they need it to do. When I am presented with "choose your client from this list of 5-15" my eyes glaze over. I just want to try the thing. That isn't to say that there shouldn't be choices, there absolutely should. But the problem is that there needs to be a very easy short and gentle on ramp for new users.
Element is none of those things. It's name is so forgettable and so generic that people often don't even know whether it's an app, a library, a website, etc. The mobile app is yet another chat app with nobody on it until I do the legwork of pulling them in. It's just not usable on day one after I already spent the time to figure out which app I need. In the meantime, Signal can become your default messenger on Android within a few minutes and do everything you used to be able to do but more and better.
1) I started MobileCoin to fund Signal. That’s it. I believe that a world with a well-funded signal is a better place. In order for signal to compete in the 21st century with messaging apps around the world they need a payment story. MobileCoin is the only thing ever built that is both privacy protecting and fast that meets the standards of data retention signal requires.
2) MobileCoin Inc. intends to maintain an extreme minority of the coins once the dust settles.
3) This is designed to be used as a payment rail, which requires us getting coins in the hands of users. As you might imagine, navigating the regulatory waters of how to do that with compliance to how governments want us to behave is non-trivial. It’s important for us to move with correctness over speed.
4) this project is 4 years of my life building real technology. This is not a pump and dump scam. We have been very careful in the design, operation, and development of this system to give it the best chance at surviving in the world of cryptocurrency projects. It is non-trivial to deliver a coin that is useful for payments (the requirements are speed, privacy, low-energy footprint, and operation in resource-constrained mobile environments).
Let me put it simply, I love signal and we intentionally designed this currency to be as oblivious as possible with respect to user data so that signal could maintain their relationship with their users, one of retaining as little information as possible without compromising on the user experience. Nothing else in cryptocurrency, or payments, comes close to the level of privacy and performance that MobileCoin has achieved.
I welcome any questions I am able to answer. Note that some questions revolve around tightly regulated areas of concern and may take longer to answer as I must check with outside counsel before replying.
To be clear, we want to get the coins into the hands of users so they can buy things with them. Doing so in a legally compliant fashion is non-trivial. Looking at what happened with key base and stellar, a simple airdrop to users of the system doesn’t necessarily result in utilization or economic development.
There are multiple different things to consider here: 1) regulatory, 2) economic system design, 3) usability, and 4) user-first commerce.
In short, it’s much more important for us to be correct than it is to move quickly. When all is said and done, users of MobileCoin will have obtained coins many ways: through giveaways, sales, and commerce activities. Making sure we do these things correctly is the only way the ecosystem will be able to operate long term.
I'm not sure what you mean by dump. MobileCoin plans to reinvest coin proceeds into the ecosystem to help foster economic development. We also plan to give away coins once we figure out how to do so in a regulatory-compliant fashion.
MobileCoin also needs some amount of money to operate, some of which will come from the sale of coins, but our balance sheet of coins is quite limited. We would prefer to minimize those sales as much as possible.
I think you need to lay out the plans much more concretely and have a proper plan for transparency.
The crypto world is full of scams and misinformation. Technical people are unlikely to trust the coin if transparency and oversight stay so vague.
Scanning through this discussion, quite a few red flags have been raised by users. I assume your intentions are good at the outset. But when the money comes rolling in, even the most pure plans can be corrupted.
Sell your token at overinflated prices (in a similar way as other ICO scams) and funnel money into pockets of whoever is running this specific scam, with some minor amounts put toward claimed goals.
This is hard because we don't have any control over the price of the coin whatsoever :(. We don't sign any listing agreements or do market making or pay exchanges anything to list. We literally haven't done anything except publish the code and make the coin available to the public.
Thank you for helping me to understand what you're looking for; we will go back to our counsel and ask them for more advice with this in mind.
All of your answers are so obviously not answering directly. You were simply asked if you would be selling the coins to retail investors on exchanges and gave a bunch of blabber when the answer is clearly yes.
Form your post above RE selling coins at inflated prices to the public, you said “This is hard because we don’t control the price”
Umm, you could give away the coins. You claimed that Stellar gave away coins but the coins didn’t end up being used by end users. How does selling the coins at hyper-inflated prices to end-users change this? Why will they use the coins if they are sold them vs given they?
It would be great to know the timing, amounts and prices of coins that have been sold to either investors or the public.
Your reputation and Signals are hanging on a thread here. We’d all appreciate some transparency.
How many coins will Mobilecoin sell and over what time period? You and Mobilecoin currently control about 212.5M coins which is $8.5 Billion created out of thin air. The price was recently inflated with a suspiciously perfect timed short squeeze, likely orchestrated by one of your investors looking to pump their bags.
You mentioned exchanges own ~50% of the mobilecoin supply, how did they come to posses that amount of coins? Did you give them away for free? Or did they pay some price for each of the coins they have? If it's the latter can you disclose at what price you sold the coins for? This would give mobilecoin users a good baseline price for what the creators of the coin believe it's worth. Thank you.
I'm pretty sure that's just a buzzword for "revenue model", which is to say a plan for how it will make money. The charitable interpretation in this case would be "how to keep devs on the job and not homeless", and the uncharitable case would be "how to make Moxie Marlinspike and his buddies obscenely rich".
It looks to me like either there's a lot of selling out going on here or there's a lot of great examples of how not to market a good thing to reasonable, aware, suspicious people (which is, in short, pretty much the core market demographic of privacy software users).
As for me, I'm starting to wonder whether Session is much better than Signal, and I think that if you want privacy in a cryptocurrency you're probably better off with Monero.
I love the dichotomy 'working vs homeless'. It's a sad state of a country if being jobless implies homeless. Also, I don't think someone working for a SV company can't just move somewhere cheaper and reduce spending until the next gig.
I don't understand this either. Does Signal need to compete with streaming services like Netflix next? What about Steam? I didn't choose Signal as a platform, I chose it because it is (supposedly) a secure and privacy focused messenger app.
I guess there are some users who expect something in this vein after seeing it in whatsapp or imessage? Still, bundling some unstable opaque cryptocurrency to it instead of just normal money seems a bit disingenuous.
Is it a stable coin? Users want to send real money; MOB is just temporary inconvenience necessary for digitalization.
Do you guaranter that users can get out the same £ they put in (minus a clearly disclosed fee, within a reasonable time frame of days to weeks)?
If not, it's useless. I'm a chat app user, not a Forex trader.
This is not a stablecoin. MobileCoin has plans around stablecoins in short order that will allow users to transparently get back to stability on their transactions, but those aren't available on day 1.
What financial interest does Moxie have in MobileCoin Inc, MobileCoin TS Ltd or any connected business? Does he stand to gain from the success of MobileCoin?
You could have avoided most of the criticisms if you had a clear explanation of why you pre-mined. Saying that you intend to sell it is not as reassuring as you seem to think it is.
The pre-mine has to do with using stellar consensus protocol. Basically if you don't have staking or mining (which I personally believe are detrimental to the longevity of these networks) then you end up with a pre-mine. Essentially all of the game theoretical systems for rewarding operations of the network pit the interests of the miners/stakers against the interests of the users of the network.
MobileCoin has made over 50% of the coins available for purchase. We are currently figuring out how to give away coins while remaining regulatory compliant.
That does not answer the question. You answered the question of "how many coins do you intend to sell" not "how many coins do you currently hold." Based on your answer I can only assume that you hold >50% of the coins and intend to sell 50% of them in the near future.
Unfortunately cryptocurrency regulations are anything but clear and obvious. This is a new frontier and operating with an abundance of caution is of paramount importance. We respect the hard work all of the regulators are doing trying to figure out this new world.
We're all doing our best to work within the constraints.
Yeah but like, what if you find out that you can't distribute the remaining coins in a compliant way? Wouldn't that be something that should have been determined before all the work to integrate with Signal was done? It just feels like if that were a true priority, it wouldn't be in the "implement first, figure the rest out later" category. Even if it's a complicated question.
I can assure you that we have the best minds in the regulatory and legal worlds thinking about this and there just isn't a lot of regulatory clarity. If you had told me that 4 years after I started MobileCoin we still wouldn't have guidelines on how to issue a cryptocurrency in the US I would've told you that you were insane, yet here we are. This isn't to point fingers at the regulators, I really think they have a humongous task before them; regulating cryptocurrency is the institutional challenge of a lifetime.
We want to make sure we operate out of an abundance of caution. Correctness is more important than speed.
Out of an abundance of caution and advice from our counsel. The regulatory landscape in the United States is complicated. It is hard to predict what is and what is not ok. We tend to be far more conservative than other players in the space.
I find it strange that you bundle your currency ecosystem into a product that is widely used in the US and you haven't ironed out how to sell it directly to them. Also, it's a strange choice geoblocking the traffic rather than serving a static lander explaining the issues. This entire situation is rife with strange choices.
I see risk exposure increasing greatly across the board, for Signal operations, users, and everyone involved from your side due to this merging of services.
1) I started MobileCoin to fund Signal. That’s it. I believe that a world with a well-funded signal is a better place. In order for signal to compete in the 21st century with messaging apps around the world they need a payment story.
So I think that's the base of what people are upset with. Signal suddenly essentially became a for-profit (it decided to prop up a for-profit company which would in turn fund it as a revenue model). Now a lot of people that donated to and promoted what they considered to be a non-profit project feel cheated.
So instead of contributing to the Monero project to improve the space for everyone, you decide to fragment the privacy coin space instead with a sketchy premined coin.
From some of the discussions I've seen, it looks like part of the MobileCoin strategy is to shit-talk Monero as a way to build hype for MobileCoin, and claim all prior art came directly from CryptoNote while ignoring the fact it's implementing stuff pioneered in implementation by Monero. I've seen some pretty friendly discussion history with Monero in the first days of the nascent MobileCoin project turn into MobileCoin people being absolutely, obnoxiously awful later on.
If there's some way this can be explained away by MobileCoin people, I think it'll make a great story, because there seems to be a lot of stuff there that doesn't look explainable.
Network effect and perceived legitimacy is critical. Splitting that is obviously suboptimal, especially when privacy depends on having a large number of users to blend in with. There isn't a single cryptocurrency in the top 20 by marketcap that isn't mass-surveillance-friendly
Why not use the Bitcoin Lightning Network? It allows faster transactions then MobileCoin and much better privacy than on-chain Bitcoin. Privacy doesn't match Monero, but will undoubtedly improve over time.
Clearly this would prevent the "get rich from pre-mine" benefit, but also remove 99% of the criticisms related to greed, centralization, geographic limitations, etc.
I don't see how MobileCoin can be censorship-resistant, neutral or permissionless in the long run. Are those goals of the project?
1) tx settlement time is ~3 seconds on mobilecoin, p99 latency right now with single block finality. Eth and Btc are great but they aren’t that fast (for payments speed really matters).
2) with respect to privacy, the key innovation of MobileCoin is that when all of the systems are operational, there is no transaction graph stored in the ledger. The links between transactions are known only to the counter parties to those transactions. In the event of a failure of the Secure Enclave, links between transactions degrade to probabilistic links between transactions (and forward secrecy can be restored upon recovery of the enclave).
The effect is a payment system that is both fast and privacy-protecting with no central authority, a quality not present in any other payments system I am aware of today.
Does that answer your question?
Oh, last and perhaps most important, because of our consensus design, we don’t use a ton of energy like btc and eth.
I have not yet read in detail how you use SGX. But setting up SGX requires complicated processes and signing contracts and other paperwork with Intel. (Correct me if this is wrong.)
Given that setting up the "systems" requires a huge effort, I assume that the architecture assumes a single central entity is running all these core systems, right? If yes, does the system rely on these core components to be up? If yes, how does it not rely on a central authority?
Another aspect I don't yet understand: Traditional cryptocurrencies solve the distributed consensus problem through mechanisms like proof-of-work or proof-of-stake. What does MobileCoin use as a consensus mechanism?
Nano doesn’t solve privacy to the degree we were excited about. Again, fast + privacy protecting is really hard to achieve, particularly if you care about fast tx recovery on a mobile device.
If you actually cared about privacy, you'd have just used Monero, and saved yourself 4 years effort building YAS (Yet Another Shitcoin).
And no, speed is not the most important. As long as the user can see the payment incoming, it's trivial UX to say "Payment received. Will be confirmed and available for use in 3 minutes."
edit: it appears MobileCoin is (allegedly) built on a combination of XMR + the Stellar consensus protocol? If true that's a slightly better scenario than I previously thought
Monero isn't fast enough and doesn't support transaction recovery (it also has probabilistic linkage which MobileCoin doesn't due to our use of secure enclaves). We spent almost 18 months building MobileCoin Fog to solve the second problem (https://github.com/mobilecoinfoundation/fog). It's a non-trivial stack of code to allow users to recover strings from servers they don't control without the operators of those servers being able to learn what strings are being recovered.
Don't get me wrong, we stand on the shoulders of giants, but there's a lot of new tech here.
> In order for signal to compete in the 21st century with messaging apps around the world they need a payment story.
No, it does not.
There are two distinct groups of people using Signal. None of these groups needs MobileCoin-based payments.
Group one is probably the biggest and consists of "normal" users which use Signal because it's the free messenger that is NOT affiliated to Facebook and has a good reputation with regard to privacy and data protection. There's another messenger with similarly good reputation, Threema, but that one costs money, hence Signal is the more popular choice. These users may indeed find a simple payment solution through their messenger a useful feature, but they want to send each other "money", not "MobileCoins". Those are not interchangeable for this kind of user; they expect to send whatever is their local currency, USD or EUR or whatever, and they expect the entirety of the money they send to arrive at the target - having 20% crypto market swings within minutes eradicate 20% of their share of last week's restaurant check while they're transferring it to their friend is a non-starter for this group. So are exchange fees for USD-MOB/EUR-MOB exchanges before and after sending money, even if the exchange execution itself may be automatically run in the background. This is true especially since there are already well-known and established solutions out there specifically targeting this particular need - PayPal Friends and the Cash App for example. Sure, it would be nice to have messenger integration, but if the only way to get that is to transact in MOB instead of USD and always send 10% more value than you intend to pay just to ensure the receiver gets "enough", the established out-of-band solutions which don't have those problems will simply be used. Also, this group doesn't really have strict anonymity requirements, because they usually send money (and messages) to people they know in real life as well. Whether your awesome crypto coin is more anonymous than PayPal thus doesn't matter at all for these guys.
Group two consists of those that actually depend on Signal's security, privacy and anonymity features because they need exactly that in a messenger. Think whistleblowers, journalists, people doing stuff that's illegal where they live. A lot of these want to send information to their contacts, not monetary value, and don't have any use for a payment option in a messenger. And even those that do want to transfer monetary value won't exactly be enticed by a one-click crypto transfer feature in their secure messenger, since they can be assumed to be technically competent enough to utilize the already-existing cryptocurrencies (especially those with a much longer history of privacy protection, such as Monero) and crypto exchanges to perform whatever monetary exchange they want to do. I would even say that these people would explicitly NOT want to use a messenger-integrated cryptocurrency, because that limits them in their choice of cryptocurrency and fiat on/off-ramps, which are crucial decisions to be made carefully if you want to preserve your anonymity. And the entire idea that these guys would switch from Signal to WeChat just because "WeChat has a money sending function" is blatantly absurd.
I do not see any sufficiently large group of people that might get any value out of this MobileCoin-Signal-integration feature. Hence I predict this feature to ultimately fail due to lack of user interest. But that will only become clear AFTER a lot of good-will from tech- and privacy-minded people has been burnt by this unnecessary stunt, as can be seen for example here in the HN comments.
We don't vet node operators. Node operators each individually choose who to peer with in a liquid democracy. Anyone can peer with anyone else; consensus is an emergent property of the graph.
Okay, so do the current node operators publish their peering requirements?
Given your description it sounds like governance is whatever the MobileCoin foundation and its partners dictates. Unlike the consensus in this thread I think there's a lot to like and explore for a privacy token that chooses a different set of tradeoffs but the opaque governance, token holder distribution/circulating supply and lack of acknowledgement to the Monero project really sets it back.
The MobileCoin Foundation only publishes software, the nodes decide whether they want to run that software or not. Ultimately all of the nodes can run whatever code they want and call it MobileCoin if they can agree upon it.
The governance is actually quite simple: a set of decentralized nodes individually choose what software to run and who to peer with. Consensus is an emergent property of that trust graph.
What do you do differently from Stellar or Ripple at the consensus layer which both started out with similar ideas, but quickly found that their validators fall apart due to the strongly-connected validator set requirement not being met? In other words, how do you avoid the exact same fate that both Stellar and Ripple ran into in their consensus models when they also tried to let "node individually choose"?
Hi,Josh:
If MOb can be used by Signal user, there must be a stablecoins. You said your team has plans around stablecoins in short order, can you tell the relationship between mob and stablecoins ?
Can you talk about scaling issues. What are your projections for the size of the MobileCoin blockchain, assuming it is successful and people want to do >1000 transactions/second.
We've tested MobileCoin at ~100 transactions per second right now using low core count boxes. We suspect we can scale to 10,000/second on the existing tech stack by throwing bigger boxes at it AND doing some performance tuning. SCP has been shown to hit very large tx/s numbers so it's just a matter of tweaking it until we get those numbers out. 100 tx/s is more than adequate for quite some time for our use case.
I was thinking more along the lines of storage requirements. How much space would be consumed on a full node by a network running at constant 1000 tx/sec?
We designed it to scale to 1B users. I can grab someone from eng to give the exact numbers but it'll be a long time before we have issues with storage.
I'm pointing to the foundational problem that led to the Big vs Small block debate in the context of Bitcoin and which is the argument for second layer networks.
Presumably you've come across this question in your four years of development and would have exact numbers (perhaps not for my chosen value of tx/sec) already at hand. The fact that we're three comments deep into this, leads me to believe you are dancing around the question.
There’s no dancing going on. He said he doesn’t know the exact numbers but is asking the engineers to dig it up for you. Please don’t be rude and please don’t put words in other people’s mouth.
As I say, this is a foundational issue that every blockchain project should address. Before I asked my initial question, I searched the documentation to see if it had been addressed. Such answers might be a second layer story, or some form of transaction aggregation on the base layer blockchain. I could not find anything that obviously looked like that.
At this point I think it's perfectly fair to start with the assumption that a new Crypto is a scam and it needs to do the legwork to show that it isn't. To claim that a blockchain (the most ludicrously inefficient data-structure ever devised) can scale to a billion users is an outrageous claim. The technical means they found overcome this problem should be front and center in their documentation.
I am going to do an AMA over at r/signal on Tuesday at 10am; please save questions for over there as I have to get back to work. I'll say this: the punchline here, as I'm sure you're aware, is that there are limitations to layer 1 scaling. We haven't discovered those limits at MobileCoin, but they surely exist.
The question becomes: what is tx throughput at N billion users? What are the scaling strategies that will get us there? It is zk-rollups (or zk-zk rollups)? Is it sharding? Is it moving to custom hardware circuits? I suspect it will be some combination of all of the above.
We don't know what the answer is yet and we will devote tremendous resources to figuring it out. I don't want to give the impression that MobileCoin as it is written today will scale to Alipay levels of tx throughput, but I do believe there is a path to get there that requires a ton of work.
Overall the adoption of these systems is too difficult. Something that could be overcome with signal/mobilecoin.
Democracy earth is just an example application. Overall I would appreciate to own my data and have it secure (like signal provides), when it comes to the whole ecosystem of the future for: social media, voting, contracts, etc.
Every time Matrix is brought up here, the federation and open spec is criticised as being too slow moving compared to Signal's BDFL approach. Well, this is what happens when the interests of the BDFL and community diverge. If New Vector decided to fuck up Element on the other hand, you could just move to a new client and not deal with marketing a network move to your social network.
> the federation and open spec is criticised as being too slow
To be fair I don't think that the slowness and complexity is being put forward as an example of why Matrix is "bad", but rather as an example of why it can't compete with Signal for "normal" users — and if you want to create something that competes with Messenger, Whatsapp or Snapchat, you need to put "normal" users first, it can't be an afterthought.
What stops a Matrix client producer from putting "normal" users first?
Is it that all such producers plan to do something evil once they have enough users locked in, which an open protocol like Matrix would impede?
Or is it that the protocol is not yet mature enough? In which case, a deliberate approach to evolving the spec may be for the best so long as it eventually gets to where it needs to be?
A couple years ago the Riot client was unusable on Mac. Now Element seems to be fine. Why won't it continue to get better?
Normal users primarily want what their peers already use for communication. Hence a power user who is able to use two messengers and switch between them has a disproportionately big market impact. /s
Did anyone ever consider that this is actually on purpose to deter people from using Signal by it's authors?
Lets imagine, theoretically, some three letter agency in the US has forced signal to backdoor their platform somehow, and so signal stops posting source code to the clients, and everyone just keeps on using it for a year even though the authors thought that maybe this would be a big red "DANGER" signal to the users (who they're not legally allowed to inform, or shutdown the platform for any more) then how else could you try and mitigate this?
Pushing a shitcoin onto a largely tech user base may do the trick eh?
Or maybe I just put on my tinfoil hat this morning..
That's highly unlikely and not the way one deals, with this kind of thing. The responsible thing to do in that case is to shutdown your operation, just what lavabit did back in 2013.
Theories like this are interesting because if you have a hundred of them one is probably true. It's definitely plausible even if it seems on the face unlikely. It's interesting enough that this is what I'm going to take from the story anyway so thx for putting on the hat
I think it's just a bad call. I don't think there's anything nefarius to it. I'm unsure why they didn't use a real cryptocurrency that is somewhat popular like ethereum or monero. I would prefer none of that and to add more convenient messaging features.
I'm a little surprised that nobody is mentioning that any kind of blockchain payment system creates a permanent, public ledger. One US Attorney called Bitcoin's blockchain "prosecution futures" as it's only a matter of time before the sender/receiver addresses for transactions are correlated with unique individuals. This permanent, public record of a transaction between a Signal account and another user or a service flies in the face or Signal's presumed goal of completely private e2ee communication.
MobileCoin uses a combination of two other private coins, Monero and Zcash. There are no addresses on the MobileCoins's blockchain to be correlated. Didn't it cross your mind that a private messenger would probably use a private cryptocurrency?
With a "private" crypto-currency you're still making a bet that there's no exploit. Roping payments into a message app increases the attack surface for both.
Monero's primatives are pretty well researched [0]. Of course there is always the chance of bugs in the implimentation but it looks MobileCoin's crypto primatives library has at least been audited [1].
While I like your line of thought and agree that pairing meta information from messages and financial transaction might weaken anonymity, the trajectory of cryptocurrency development (like zk-SNARKS) will make this incredibly difficult.
It's anonymous with some caveats. The transaction graph is still there, it's just that there are decoy inputs/outputs which provides plausible deniability. However, over repeated transactions the plausible deniability weakens. ie. having an output to a darknet market in one of your transaction is easily explainable by bad luck, but it's present in several transactions it becomes suspicious enough that the police can start investigating you.
This might be true of the particular decoy approach used with Monero, but I don’t think it’s true in general; e.g. with mixer/tumbler services. If every transaction that everyone does has some outputs to darknet markets (because they’re popular and high-volume), and some outputs to legitimate businesses (because they’re also popular and high-volume) then that really is reasonable doubt that any particular individual did anything bad.
It’s like how you can’t charge someone with possession of cocaine because there’s cocaine on the US dollar bills in their pocket: there’s actually trace amounts of cocaine on every US dollar bill.
>If every transaction that everyone does has some outputs to darknet markets (because they’re popular and high-volume), and some outputs to legitimate businesses (because they’re also popular and high-volume) then that really is reasonable doubt that any particular individual did anything bad.
The problem is that transacting with a darknet market will still bring your illicit output % above average. Right now monero has 10 decoy outputs per transaction. If the proportion of illicit addresses to legitimate addresses were 50%-50%, then a legitimate transaction would have an average of 5 illicit outputs but a illicit transaction would have an average of 6 illicit outputs. The same applies to inputs. The difference between 5 and 6 might be small enough to be indistinguishable from background noise, but that result is heavily dependent on the proportion of illicit vs legitimate address. If the proportion is something like 95%-5%, then the difference would be 0.5 vs 1.5, which is significant. I won't bother to do the probability calculations for this, but I'm going to estimate you can get to 95% certainty within 10 transactions.
>It’s like how you can’t charge someone with possession of cocaine because there’s cocaine on the US dollar bills in their pocket: there’s actually trace amounts of cocaine on every US dollar bill.
The interesting bit is that they don't have to charge you based on that alone. If they're 80% sure you bought illegal drugs, they'll either get a warrant to search your house or perform surveillance on you and wait for you to slip up.
I get what you mean, I think — you’re talking about traffic fingerprinting. But you can use the same anti-traffic-analysis techiques used elsewhere in systems like Tox. For example, the darknet market itself could use some of its revenue to pay for “noise transactions” (wash transfers through the mixer, then intentionally “black-laundered” in the market) to keep the number of darknet-market-spent outputs constant per mixer step, by asking for advance notice from buyers for when transfers targeted at their sellers will happen, and then running N fewer “noise transactions” during the appropriate mixer steps.
Though also, you’re assuming a constant “your account” in the above. If you mix 100% of your holdings every time you transact, setting it so that a set amount goes to a darknet market, and the rest goes back to a newly-created public-key-hash that you just generated the keypair for — and then when you want to use money from that address, you fully consume it to mix it again — then nobody ever gets the opportunity to fingerprint “your” traffic. There’s no stable “you.”
(I have a theory that this is the goal Satoshi was aiming at with Bitcoin UXTOs, but never finished that element of the design, and launched it half-baked.)
This also means that the mixer gets to eat a percentage fee off of your complete holdings every transaction, so it kind of sucks, but what can you do.
> If every transaction that everyone does has some outputs to darknet markets ... and some outputs to legitimate businesses ... then that really is reasonable doubt that any particular individual did anything bad.
It says that no particular individual made a Bad Guy payment, but that all of them facilitated it by providing cover noise.
Blockchains and privacy are antithetical. The whole purpose of a blockchain is to keep track of transactions so that everyone knows how many coins everyone else has in order to prevent double-spending. You can try to achieve anonymity through obscurity but this will never work in principle or in practice.
The process of reaching consensus on the current state doesn’t have to involve reaching consensus on the past state for all participants. A blockchain can be built such that all historical previous state + the txs required to get to those historical states are discarded after a quorum of nodes reach consensus on it, leaving only the current state.
(This is basically what already happens if you do a “network version upgrade” on a Cosmos-based network: everyone keeps their balances, but just in the form of a new genesis block that all the nodes from the previous generation of the network separately deterministically generated from the state, but which new nodes have to just trust. If you join the network during the new generation, you just download the new genesis, and so can’t “see back” past that point.)
Just make the whole network do an automatic “network upgrade” every block — and keep all the state in-memory in the meantime — and now you’ve got a blockchain with forward secrecy.
Honestly I don't see how this would help. If every bit of transaction history is public at some point in time, then the transaction history is public, since it is impossible to make someone forcefully forget something.
Transactions don’t need to ever be broadcast to the network as a whole (e.g. via a gossip protocol) — they only need to be submitted directly to the quorum that will execute them.
Think about physical replication in a DBMS: you only need to transact with the master. Physical replication receivers don’t see logical TXs; they just see the new state (= WAL segments) that the master decided on.
Of course, in a Proof-of-Work network, the quorum could be anybody, so your OPSEC is “leaky” — it’s like having forward-secrecy enabled on a public chatroom that anyone can enter and sit in listening/recording.
But in a Proof-of-Stake or Proof-of-Authority network, the quorum only consists of the stakeholders. So, as long as the stakeholders all intentionally discard transactions, then there’s nobody to recover the data from. It’s very similar to private corporations whose service involves intentionally discaring (or avoiding logging) user interactions, e.g. “private” / “anonymous” email services. Just scaled into a federated, “open-but-audited membership” system. In such a system, network governance would likely declare that new stakeholders must have their infrastructure setup security-audited by auditors chosen by the existing stakeholders, at the new stakeholder’s expense, before being allowed to run as a validator for the network.
wouldn't mean there wouldn't be any rolling back by consensus since there is nothing to roll back in case of an issue? Wouldn't the software have to perfectly retain state in the present since it always deletes old transactions?
Monero has been shown to not be completely anonymous on more than one occasion despite the claims. It's not as safe as people say. It's better than bitcoin in that respect though.
That’s the hope but remember that it’s irrevocable: you’re gambling that they got the implementation perfect, the network is operated securely without practical side channels or timing analysis, no unrecognized attacks will become practical, and that your clients will not have any bugs or backdoors — for the rest of your life!
It's absolutely hilarious, the SEC has gone after so many different coins, ICO's and exchanges now who have gone to far greater lengths in excluding Americans. The first person who gets around it opens you up to all sorts of civil and criminal charges.
I don't understand how after years of this happening any company thinks it's somehow safe with nothing more than an IP geofence.
Thus far the SEC penalties are fairly uniformly ... raise a billion dollars from suckers, pay a penalty of $25 million as part of a settlement where they promise no further action kinda stuff. Just a really minor cost of doing business.
If they make reasonable attempts to keep out Americans, requiring IP proxies and checking a box saying "I am not an American," then is it really their fault when Americans end up using it?
They have to. If they allow even the possibility of a monetary transaction to a United States citizen, they fall under SEC, FINRA, and FINCen, which among other things, requires compliance with AML/a KYC process.
This kills the Signal value proposition.
You can move money electronically legally, or you can be anonymous in the U.S. It us incredibly difficult if not nigh impossible to do both.
It's part of the U.S. soft power projection scheme. If you want access to American markets/easy movement of financial assets, you leave audit trail.
> If they allow even the possibility of a monetary transaction to a United States citizen, they fall under SEC, FINRA, and FINCen, which among other things, requires compliance with AML/a KYC process.
Bad news for them then: there are lots of American citizens in the UK.
But I thought moving from the walled garden owned by Facebook to another walled garden owned by a Non Profit Organisation whose main maintainer controls the entirety of the platform and discourages any forks/federation would solve all our problems. Surely they would never dare to push shady shit in their application since they are the good guys™.
Yeah, I am a bit annoyed that I got several people to switch or at least use Signal, with the whole WhatsApp thing. Now I can't really recommend it and I feel like I have used up my influence on people when it comes to recommendations for apps.
Agreed, I never really saw the point of moving to Signal since they always felt shady to me. Why go through the effort to convince your friends to move from one shady chat client to another?
Ultimately history has proven your decision to be wise, but there was still a meaningful selling point: Signal was (ostensibly) open source and its developers hadn't yet demonstrated any ill-will or incompetence.
Matrix really was not an option in the early days of signal (and arguably still isn't, for most non-technical users). I adopted Signal even though I disliked its centralization, resigned to the fact that it was a poor compromise but the best available.
In hindsight, though, Signal coaxed many users into its walled garden by being "good enough," which leads to complacency. That has only distracted us from the true importance of embracing and improving the nascent decentralized alternatives.
I criticized both WhatsApp and Signal in an article linked here previously, and made the same points in a bit more detail: "WhatsApp and the domestication of users". Discussion: https://news.ycombinator.com/item?id=25982860
A sequel [0] describes how an open platform/protocol isn't a silver bullet, since open platforms can become (or act) closed if we're not careful. It goes over XMPP, email, and Matrix; I described Matrix in a generally negative light but I think it still shows promise.
While I'm generally happy with cryptocurrency for reasons of practicality, privacy, and broader governance,
connecting both your private communications and your private purchases to your phone number (and to each other) is exceedingly unwise. Especially as most western countries insist on connecting your phone number with government-issued ID. Anybody with technical knowledge and a modicum of appreciation for privacy should be either bitterly amused or straight up appalled.
The correct solution: decouple messaging from your offline identity (phone number etc.). Decouple transactions from offline identity and from communications - proper use of cryptocurrency is good for that.
"Every program attempts to expand until it can connect online identity with offline identity. Those programs which cannot so expand are replaced by ones which can." [1]
--
[1] with apologies to jwz - his original is: “Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.”
If you are looking for e2e encryption, it all depends on which features you need (like voice messages) and how good usability and UX needs to be for your family and friends to adopt the new tool.
This isn't a privacy breach at this point though. It's just questionable. The security model of Signal doesn't require us to trust the servers (in theory - in practice, well, you've got the app chain and non-reproducible builds and distribution).
I don't mean to sound pessimistic but "Security in theory" isn't really secure, is it?
I still have way more trust for Signal than I have for say Messenger or Telegram, but I've been burned too many times to take these things at face value.
I feel the biggest concern is about focus shift for Signal since doing one shady thing usually means other shady things will be done.
You can ignore it for now but how much will they push it over time to make it harder and harder to ignore? Will grandma accidentally buy tokens due to some dark pattern UI and then call you about it? Will you get constant messages from scammers trying to get you to send them tokens?
This might not happen but I feel it is a valid concern for a platform you wish to stay on longer term.
edit: And since the CEO of the token company has said he wishes to make future monetary donations to Signal they have an incentive for making the token do well.
The problem is that these features need to be worked on, they require attention and the implementation sends a (strong) message.
It's not just the fact that it exists that leaves the bad taste, it's the fact the decision was made, what that implies about the mentality/goals of the people making such a decision and that it will from that point on hog resources. And those aspects won't go away by not using it.
Problem is that with the cryptocurrencies, it opens the app to whole new financial legal frameworks and agencies.
Not to mention that with the number of scams with cryptocurrencies It's not inconceivable that either Apple or Google will eventually ban them from App store (apps using cryptos)
No. This is an unacceptable shit move. No way I can keep using signal with a clear conscience.
Now I am ashamed to swallow again all the shit that I supported from my colleagues who said that in a few weeks I would be asking them to switch to a less-evil place than signal. And here we are.
Very much a betrayal. Signal has an image of "for the weak against abuse by the strong". Cryptocurrency is "I'll sell my grandmother and everyone I know for money. HODL YOLO!", which is not exactly compatible.
And it's not just disappointing, it's also dragging the to-the-core corrupt world of these people into Signal.
This is making Signal lose the moral high ground, making it that much easier to drag its name through the mud that is cryptocurrencies.
Everybody with a brain knows. Are we all tired of the HODLers who parrot the same mantras in secret hopes to wake up millionaires one day when their crapto makes it big and their bits they bought saving money from not eating lunch can buy them a house finally?
Oh well. No such thing as free lunch after all. Yet again, a user-funded nonprofit would be the way to go, but users want free stuff. Minority would donate, but good luck having a steady cash flow and being able to pay for the infrastructure and your wages.
Moxie seems to think that they need to do this to keep up with the Joneses, as they try to build some kind of decentralized alternative to WeChat. I guess we should have seen this coming when he got involved with MobileCoin. I'm not a psychic and it might turn out okay but it still seems like a bad idea to me.
Yes in the other article in Wired that was on here he said they felt like it was important to add this feature because other messenger clients we're adding it. That was one of his primary justifications for it along with the promise of adding privacy to payments and making that mainstream, like they've attempted to do with encryption.
I found a quote from Goldbard in the article: "To be frank, there's a moral imperative to do so, because Signal has to offer payments in order to remain competitive with the world's top messaging apps."
Yeah ... well the update that includes MOB will be the uninstall event trigger for me.
I remember skimming that article from 2018 before I'd switched myself and all my friends (the shame!) to Signal and counted it as a negative for that platforms reputation. I guess my honeymoon is over. On to the next chat platform!
May I recommend something based on matrix? If you keep getting upset by companies changing their product, hosting it yourself is pretty much your only option.
(Apart from hopping from startup to startup every 3 months I guess)
It could be nothing, but it seems like it should have been disclosed and the article author neatly avoided it. They're the CTO of something very financ-ey/crypto-ey oriented in the B2B payments space, although the site (adjoint.io) explains little. Going by their GitHub most of their work somehow relates to cryptography.
I really like the direction Threema is going to. I admit I was pretty skeptic back when they were closed-source and just starting out, but their recent actions (like open-sourcing most of the code) look very promising. Their client is also pretty good and the reactions (agree/disagree) are pretty innovative and useful. I'm somewhat surprised that feature has not popped up in other messengers yet.
Super sad. I played a major part in getting a lot of people I know onto Signal and felt vindicated by the masses switching recently, and now this.
So how do I adjust my filter for who I trust now? Are all American organisations corrupt, not just big tech? Why would I ever support any app again if even Signal is corrupt?
I see Keybase mentioned a lot in this discussions (both in the linked article, and in HN comments). Does anyone have a good summary to read up on what happened with Keybase?
After adding features like Git repos and file storage, keybase started their own currency called Stallar (XLM).
They airdropped XLM to Keybase users. About 2 billion IIRC. It resulted in bit accounts for obvious reasons, so they had to make many changes to their original plan.
I converted what I received into BTC, and it looks like XLM is still functional to this date though.
Keybase was a very well regarded app, but users lost a lot of trust with the cryptocurrency news.
Zoom bought Keybase, and we didn't really hear any big news from them lately.
In this case, I'm glad that, around the time everyone was talking about moving to Signal, I threw out the baby with the bathwater and ditched my smartphone entirely. I'm so disappointed in this action by Signal, and very glad I never bothered to loudly promote Signal to friends and family.
Bram Cohen famously called Bitcoin "digital Goldbuggism." Since then he's given talks on cryptocurrency and found bugs in Bitcoin's code that were copied by most of the alt-coins. Now he's even got his own blockchain cryptocurrency called "Chia" that is based on "proof of space-time."
There are numerous devs who are devoted FOSS zealots and randomly dive into the idea of using blockchain to fund their work.
Blockchain seduces hackers the same way Walmart seduced small towns to give it every incentive conceivable to move in and suck up the local economy.
"Et Tu, Signal?" simply isn't a grown-up argument. If it were, the vast majority of Hacker news would have quit adtech and already figured out fast homomorphic encryption by now.
If you want to help, figure out what social problem hackers think they are routing around with blockchain. Then explain sensible approaches to those social problems in a way hackers can understand. If Richard Stallman's endless world tour of his boring-ass one-man-play is any indication, it is possible to convince hackers of ethical arguments that have implications outside of software. But you've got your work cut out for you. (Also notice-- the least convincing part of his play comes when he tries to imply you're a bad person betraying a cause if you write proprietary software.)
It seems any platform/app/software moving forward has the "risk" of incorporating a cryptocurrency variant to their platform and I can't totally blame them for it since they want to get funded one way or another. But why not open avenues for donations as well? Wikipedia managed to do so, Khan Academy is doing it, WhatsApp used to do it.
Someone here mentioned Keybase, which I would have gladly donated to as a heavy user back before the Zoom buy out. They instead tried their own crypto integration, then Zoom bought them, leaving that platform in a questionable state.
I get the excitement of wanting to integrate or even create your own crypto but after the fiasco a few years ago where everyone and their parents spun a new variant it seems to have left a bad taste to most people while causing a major issue: how to get people to actually use it? Especially through a chat app where chat in itself is fragmented.
Having integrated payments is an excellent way to enable the donations of which you speak.
Note that keybase's payment integration wasn't their own, but was presumably a (paid) advertising deal with the B-list cryptocurrency in question, Stellar.
A lot of organizations that raised a lot of money during the 2017 boom are now trying to turn that into marketshare. Most integrations are paid marketing.
Scooping the cream off every monetary transaction between some friends is a more appealing proposition than hoping some people will pay for your software.
I should probably say first that I totally agree with the overall point of the article. This was a sketchy move by Signal and I really question the motivations that played into making such a decision. With that said, there's just something about the way this is written that really bothers me. For starters, the first paragraph makes it sound like Signal was a grassroots movement the entire tech community got behind that then stabbed us in the back, and I can't get over how naive and borderline dangerous that line of thinking is.
"This news really cut to heart of what many technologists have felt before when we as loyal users have been exploited and betrayed by corporations, but this time it felt much deeper because it introduced a conflict of interest from our fellow technologists that we truly believed were advancing a cause many of us also believed in. So many of us have spent significant time and social capital moving our friends and family away from the exploitative data siphon platforms that Facebook et al offer, and on to Signal in the hopes of breaking the cycle of commercial exploitation of our online relationships. And some of us feel used."
I don't understand how any of that is the fault of Signal and not the user. Don't treat the products you use like they mean anything other than the profit motive that built them. It just seems kind of naive to say "every consumer messaging app you use is terrible, come use this one instead and we'll all hope that a massive userbase doesn't inspire them to monetize their platform" when that is essentially the job of what I roughly estimate to be half of the people on HN.
I think it's whack that Signal thought this was a good idea, but I also think it's insane how many people are up in arms as if Signal was once a utility for public good and not the product that it is. They did this because they know how many people bent over backwards to get their loved ones on the platform and they know most people aren't going to get their entire extended family to switch to another messaging app because they added in GarboCoin or whatever the fuck.
"Quid facis, Catilīna? Quid cōgitās? Sentīmus magna vitia īnsidiāsque tuās. Ō tempora! Ō mōrēs! Senātus haec intellegit, cōnsul videt. Hic tamen vīvit."
"What are you doing, Catiline? What are you thinking? We know your great treachery and plans. Shame on the age and on its principles! The senate is aware of these things, the consul sees them, and yet this man lives."
(I like the gentle reprimand of the 'and yet this man lives' line)
The irony is that the coin would be excusable if it was used as a utility token to power a decentralized network of incentivized nodes (like Status or Session).
But Signal is still centralized. So there’s no reason for the sh*tcoin other than to make some people rich.
As usual, Stephen's correct about the 42% and so mad about it that he's missing the 58%.
Stephen's understanding of blockchain is only skin-deep. If we keep lionizing his articles by upvoting them to #1, then HN's understanding of blockchain is only going to be skin-deep, too.
Here are some of the problems with Stephen's objections to Signal's use of cryptocurrency:
- in prior essays, Stephen's majority objection to blockchain has been proof of work and the environmental impact, but the blockchain chosen by Signal is not proof of work
- Signal would love to use US dollar payments instead of a new and volatile token. But, Signal was sprinting towards private payments. On Signal's timeline, there was no technology option for the payments to be USD-denominated because the blockchain they chose is optimized for semi-centralized private payments, not decentralization or programmability, and it takes extra work to peg a token's value to USD
I find it concerning that HN looks for blockchain wisdom from, eg., Stephen and Schneier (I love Bruce), because they honestly don't know what they are talking about, and I know that because I've been full-time on ethereum for three years.
edit I should have prefaced my comment with the fact that I find it odd that people got caught by surprise when the inventor of a cryptographically focused mobile messaging app integrated his cryptographically focused payment system which he unambiguously called mobile coin.
Mobilecoin has the same design principles as Signal insofar as it uses sgx enclaves to do its crypto work. While I would not want to rely on enclaves to do crypto work, it seems to fit in Signal's wheelhouse.
Also, on a speculative basis and assuming no colossal foul-ups, it appears to me that signal+mob want to distribute the mobile coins to artists and community groups. So, the marketing for mob will probably include their honest mission of having a green crypto that does good for the community.
> Also, on a speculative basis and assuming no colossal foul-ups, it appears to me that signal+mob want to distribute the mobile coins to artists and community groups.
When the company holds 85% of the pre-mined coins, they’re looking for any excuse to distract from that fact. The claim that they might give some token amount to artists and communities in the future is a distraction. The CEO of MobileCoin was in HN threads yesterday spamming the link the site where you could buy MobileCoins directly from them.
This is a clear as day pump and dump scheme. Don’t let yourself be distracted by hints of potential future charity. They could give those tokens to charities right now, but they won’t because they would just be sold off and push the price down. Instead they’re spreading claims of future donations so they can cash in on price appreciation without downward selling pressure.
They only want people buying MobileCoin, not selling it. That’s the only way the founders get rich.
I see this more as an interesting test of the "post-2000 wto protest" black-flag anarchist cohort. Will this particular "strange and radiant machine" make the world a better place?
Its own currency seems odd, arguments could be made instead for better wallet integration so discreet payments could be made through signal but this would complicate ease of use for people. Also a very slim minority of people would actually perform the action of installing a wallet and connecting it to signal.
If signal is your wallet and you are sending signal coins everybody who has signal will be able to receive a payment from you without worrying about installing a wallet separately and connecting it to their account.
This is smart from a usability perspective and maybe wallet integration and other currencies will come later.
Another reason this makes sense is by controlling the cryptocurrency signal has control over the protocol to ensure it's privacy and anonymity.
My theory is that the reason Signal was so reluctant to add slightly-less-secure-but-usable backups is that it is going to have some unified infrastructure for crypto and messaging storage/backup. The backup usability weirdness makes way more sense in that context.
I don't understand security/crypto stuff so much, but the new version of the server seems to use the same secret token for crypto transactions as it does for backup https://github.com/signalapp/Signal-Server/search?q=userAuth... , which offers some evidence that this be the case.
A workable fork would most likely require standing up new servers that would be isolated from the existing Signal user base. I think we'll see a handful of forks very shortly and it will be interesting to see how the new maintainers navigate the current landscape.
There is already a fork, it's called Session, but it's decentralized, so there's no requirement for servers to be stood up other than introducer nodes AFAIK. https://getsession.org/
This outright hostility towards third-party clients was how I knew that Signal was just a wolf wearing open-source clothing. Glad I stayed far far away.
Last I checked, the mobile clients are GPLv3 and the desktop client and server are AGPLv3. I assume a usable fork will materialize due to Signal's introduction of a token scam. Unfortunately, signal has the network effect and asking friends and family to move again will most likely fall on deaf ears. I'll move if the new project looks sustainable.
Would you pay for it if they just asked money? I use Threema and I paid for it, but most people simply refuse that (even at that price), so the others don't even try it. So how are companies supposed to make money? The usual ways; get larger and larger investor rounds and then get out (resign and sell shares for personal reasons or whatever) or sell the company before it all collapses. Not sure if that or tokensales is worse; they both can be used for good and bad.
I would pay. I currently pay for some open source projects I enjoy, and donate to Wikipedia and Archive.org whenever they ask for it. I buy Linux games I never get to play. It's important to spread the love when you can.
Most people are not aware of what project they use and that they're not for-profit.
I used to work for an ISP, and people could pay for the WiFi hotspot feature (on phones they owned). People paid when they needed it.
Signal is pretty big, I think, so why couldn't it ask for donations? And possibly get some extra love from eg. The Linux foundation..?
> So many of us have spent significant time and social capital moving our friends and family away from the exploitative data siphon platforms that Facebook et al offer, and on to Signal
And then he says:
> Signal users are overwhelmingly tech savvy consumers
I find it hard to believe that both of these can be true at once. If the second statement is true, then the time spent moving friends and family was wasted. If the second statement is true, people won't actually use MobileCoin currency if they are skeptical.
Now I feel like an idiot for donating to the Signal Foundation. This is the worst kind of scope creep when it comes to the goals of maintaining usability and privacy.
I actually didn’t mind the stellar/Keybase deal and thought it was a pretty cool value addition. I don’t know if this holds for signal but at least on Keybase you’re not _required_ to purchase coins. You only use them if you want.
Also - the free XLM Keybase distributed are now worth hundreds! It’s the only app that has ever paid me to use it. I have obvious complaints but I do like the app.
Signal (messenger, not foundation)’s plan for cryptocurrency was in news 4 years ago already. It can feel like a betrayal but can we put others responsible others for our feelings?
How can we expect a company to provide us what we want for free? Robots running on solar power will build them?
How about this: stop approaching a monetization problem as if it's a choice being evil vs. not evil.
Seems like I dodged a bullet. Didn't install the app, neither bothered to try the service. All the signals (excuse the pun) about this app seemed off to me. Centralized servers, no f-droid listing, used GCM, apparently the devs were hostile to feedback etc.
Though can't blame everyone who hopped on the bandwagon
I don't understand what all the all fuss about. How much money people have really that you need 100 payment apps to send money on top of existing banks? I just wise/transferwise for overseas transfer other than that my bank. You think I am poor minority and don't care about payment drama?
The scam is to create a new altcoin, give most of the altcoin supply to the founders, then try to force as many people as possible to use the altcoin by deploying it as part of something popular like Signal.
Now if anyone wants to use Signal’s money transfer feature, they have to buy MOB. The CEO of MobileCoin was in the threads yesterday pushing the website where they were selling MOB.
They don’t really care about transferring money. They just want to sell MobileCoin and pump up the price by making it look useful.
Can't you just shape that as any founder creating something though? Like oh, they own 50% of the company with their co-founder, then just grow it over 10 years to 100M ARR, then sell it to private equity to make a profit! Can you believe it?
If their implementation of a secure, fast, mobile cryptocurrency works and is accepted mainstream as a way to send money anonymously and securely then why shouldn't they make a dime off it? They'll have to sell their shares eventually. Everyone always does.
Don't get the hate here. I'll likely never use it, but they're trying something, and if it works let them get paid for it.
Cryptocoins (like MobCoin) are a non-fungible token for facilitating payments. Usually the other companies you mention offer a useful/unique value that is not just being a forced middle-man.
I understand what you saying it is indeed scam. But my question can I use Signal just to chat with my friends/family and ignore everything else and live my life peacefully? In other words, are they forcing every user to use this "MOB" to transfer money for something? If not, then we can ignore them :)
It's funny, to me, to see a culture that values personal freedom and shuns regulatory oversight get bent out of shape when their platforms take those values to their logical conclusion. It's even funnier when they realize there's no Free Market solution.
If the line between oversight and overreach is so far tilted to one side that shenanigans like the story here pass legal muster, what's the difference?
It’s very odd to me that HN has a problem with premined cryptocurrency, considering equity operates the same way. All startups sell “tokens” (shares) they created out of thin air. Startups also eventually sell them to the public, after having sold them to insiders.
I'm afraid we'll always be jumping to new apps. If we jump ship from Signal to Matrix, as some people suggest, then I fear that in 2-5 years, Matrix will morph into something unacceptable, just as Signal has.
Matrix is an open, federated protocol so something like this can't happen. Worst that could happen is bad stuff happens to Element (the flagship client) at which point people can either fork it or simply use another client.
This assumes that there’s enough volunteer capacity to maintain it and that federation remains open despite business incentives to close it or the maintenance costs (i.e. spam).
That could be true but the track record hasn’t been good and it definitely won’t happen without a concerted effort to support it.
I think there is a big enough community to maintain it, should that ever happen. There are multiple totally community-made clients that work well, and there's at least one community-made server that's getting close-ish to federation, even if no-one forked Element/Synapse/Dendrite.
Afterall, private organizations can do what they want according to the mantra repeated here. At least that was the defense for social media organizations implementing censorship and bans.
Broadly agree with the article, but I don't understand the Diem comparison. Isn't Diem a stable coin? No premining is possible, right? Am I missing something?
Payments seems at least potentially to have a lot of utility. Don't understand the kneejerk hate for this. For me social media direction is more dubious
I have met Moxie and followed his work for over a decade. He is one of the most ethical people in the information security industry. I would suggest people put down their pitch forks and think this through carefully. I can’t imagine this was done lightly or without considering Signal’s core mission in a highly ethical context. There is a lot of anti-crypto sentiment these days. Does this announcement actually change the ethical or moral landscape for Signal, at all? Does it compromise Signals security as a messenger client?
As a background I'm broadly pro-crypto, in particular the privacy-preserving coins.
>He is one of the most ethical people in the information security industry.
Connecting your communications history, your transaction history and your offline ID through phone number is an explicitly pro-establishment move. Something must have changed along the way about his originally cypherpunk positions.
>Does it compromise Signals security as a messenger client?
Not that we know. The problem is much more pernicious: through centralization, it makes the user less secure. In case of a privacy breach or court ordered document reveal or seizure, the scope will be much broader: communication history AND transaction history. Given that it will also list the transaction counter-parties, this opens up others to the privacy risks just as well.
The correct solution: decouple messaging from your offline identity (phone number etc.). Decouple transactions from offline identity and from communications - proper use of cryptocurrency is good for that.
I am willing to wait until the dust settles before passing judgement, but if the facts in the linked article - that the exchange backing this basically unknown currency is financially tied to Signal in some way - then it's hard to not see _potential_ conflicts of interest here, and be suspicious of the motivations involved.
If it walks like a duck, and quacks like a duck... etc..
As for Moxie.. he has indeed done great work, but a lot of people, ethical or otherwise, get to a point in their life where they just want to get paid and move on.
I'm not saying that's the case here, I have no insider info, but it has certainly happened before.
All I hope is that this is an opt-in feature that you can easily ignore or disable, and it's not constantly being pushed on us and getting in the way of just sending messages.
Unfortunately the fact that the code updates were hidden from GitHub while this feature was in development and the fact that the announcement doesn’t really address the risks argue against this being an ethical move.
> He is one of the most ethical people in the information security industry.
What does this statement actually mean? To my mind both cryptocurrency and cypherpunk culture have set some fairly low bars for ethical and moral conduct.
There appears to be a bit of a pattern of idolisation in crypto and cypher areas. A developer who fits the media mould of the 1995 Hackers film is spotlighted as saving the world. The spotlight brings attention and drives a project forward. Eventually the spotlight reveals these people have the same motivations as most people. Onlookers are disappointed.
If Signal can be as successful with private payments as they have been with private communications, then that would be a big win for everyone. I don't see why people are complaining about this.
What's the fundamental difference between private payments and private communication. Why support the latter but not the former?
Can you explain exactly how capitalism is at fault here, and contrast it with other economic systems which you think would have had a different result?
I'm baffled how people assume this is monetization.
Signal has been a nonprofit for years and has no money issues: https://signalfoundation.org. The organization has no formal ties to the alt-coin, although Moxie does. It doesn't monetize the Signal foundation.
I'm very unhappy with this, but it's not a monetization scheme.
> Signal has been a nonprofit for years and has no money issues: https://signalfoundation.org. The organization has no formal ties to the alt-coin, although Moxie does. It doesn't monetize the Signal foundation.
Even worse, in my opinion. If a nonprofit running a useful encrypted app was trying to fund itself by shilling some altcoin, I wouldn't be happy but I would be understanding.
If the lead of the project is inserting the altcoin for personal enrichment at the cost of the nonprofit and the useful project, that's pure and simple corruption. As far as I can tell, no good is coming of this (I mean, unless you're interested in actually using Mobilecoin, of course. Personally I have no interest in doing so, and if my Signal contacts wanted to send me money I'd say to use Venmo instead).
So, signal is all about privacy, but when they chose a cryptocurrency, they didn't chose based on privacy. If privacy was the point, why not choose Monero, a mainstream coin which already has a reputation for privacy? So, if privacy wasn't their main concern in choosing a cryptocurrency, it's perfectly reasonable to wonder what was their main concern. And given that MOB's only unique characteristic (as far as I can tell) is the deep pockets of their foundation (because they allegedly own ~85% of MOB tokens, worth Billions), it's not much of a stretch to assume that those deep pockets are the reason that MOB was selected.
For a crass comparison, let's say you've got a friend named Bob. Bob likes blondes. He loves 'em. He's always talking about how he loves the blondes and could never be with a brunette or a redhead. One day you bump into Bob, and he tells you that he has just married a bald chick, who just happens to be very wealthy. How strange, that this guy, who always harped on this one feature, suddenly made a decision that was not based on that feature at all! Clearly, some other feature was the driver of his decision. Now, that doesn't necessarily mean that Bob is a gold digger. But wouldn't you wonder?
MobileCoin was advised by Moxie, Signal integrates MobileCoin and the footer at https://www.mobilecoin.com/ states "MobileCoin uses and recommends Signal Private Messenger". There certainly seems to be a link, and I would be hugely surprised if the Signal foundation doesn't have some stake in these MOB tokens.
> The organization has no formal ties to the alt-coin, although Moxie does.
I've tried to rephrase this few times, because it seems too obvious to state, but isn't it a bad thing that a technical "lead" on an app is very likely going to personally benefit from some other technology being shoe-horned into that app?
It's his (and the Foundation's) baby, so he of course can, but I can't help but feel like this unholy but super convenient marriage will harm the reputation of Signal and MobileCoin. They could both sink or swim based upon the perception of the other.
Sorry if this is obvious. It feels like I'm taking crazy pills.
Let me try to de-baffle you -- it is the shitcoin-oh-god-yet-another-ICO aspect, not the monetize-aspect which is causing friction.
If Signal switched to a 'Lite' vs 'Pro' model, or other incremental features, or had more donation related nagging, I doubt it would raise the slightest bother.
Many people switched from other messaging apps on princple, much of that signalled (pun intended) by actions of the founders. This moves seems to be incompatible with many people's principles.
Yup. Before WhatsApp was bought by facebook they just charged people. This was fine and seemed fair. Same with 'pro features' or such.
The crypto scheme however does not seem like a fair deal. It looks like monetizing through a backdoor under false pretenses. Exploiting the unsavvy rather than dealing in good faith.
This is especially bad as signal was 'the app we trust' for many of us.
There's very much a horrible system right now with of all these free services creating demand free only services at the expense of any possibility of paying for it ... and then we get upset when they scramble to pay for things in other ways.
Personally I'd like to pay for things (would like a system to manage it)...
I thought the title was a pretty good hint as to the content of the article, assuming that you're familiar with the reference to "et tu Brute": https://en.wikipedia.org/wiki/Et_tu,_Brute%3F
Probably using people to market and, in some cases, donate to their non-profit then essentially selling their user base to a friend. A perfect example of crony capitalism.
> of which the issuing organization controls 85% of the supply.
> [citation needed]
This is based on the original whitepaper which says they pre-sold 15% of the tokens (to investors) and still own the rest. They claim to have not followed that whitepaper but the new one only says they start with 100% ownership and will not answer questions of how much they still own. So all we can go on is their original plan which was to hold onto 85% of the supply as long as possible.
Thanks to you and the others who responded with information. Looks like some of the claims I highlighted above cannot be sourced at all, and others can only be sourced to a whitepaper that the developers are distancing themselves from.
So... Yeah, being downvoted and flagged really showed me, I guess.
When massive amounts of money are involved than a cynical take is the right take. The burden on proof is on the company to show that they are working in good faith not for everyone to assume they are working in good faith. Hiding things, denying association with things and avoiding questions should not be taken as a good faith effort but rather as proof of bad faith. I think we've had enough crypto scams by now to no longer be naively optimistic about them.
edit: You can see in this very thread the CEO use every weasel words way of avoiding directly answering how many coins they currently hold. A very simple question which is always answered in a way which doesn't answer it.
I didn't mean to suggest that everything is fine with MobileCoin! Quite the contrary, it appears to be a complete shitshow. But in ways that are different from what the featured article claimed.
I'm very much opposed to Stephen Diehl's default approach of "everything to do with cryptocurrency is a scam, because I say so". Many things (probably including MobileCoin) are scams, but proper sources are still needed, and it's good to keep factual criticism separate from vague allusions to unnamed exchanges in some Caribbean country or another.
The issue is that by the time you have found enough proper sources, especially with the scammers actively making it harder, the scam will have been done with and paid out to the scammers. So the only logical approach I feel is to assume it's a scam unless those involved put the effort into proving otherwise.
The author has obviously "found enough proper sources" because they were able to quote the figure about the issuers controlling 85% of the supply etc. It's really not too much to ask to link to the place where they read this.
The protocol isn't based on mining, and they have a finite supply of 250m coins which they won't disclose the distribution of other than to try to assure everyone to not be concerned:
They fact they can't even disclose coin distribution but Signal is already integrating it is both shocking and extremely concerning for the future of Signal. I seriously question what Moxie was thinking unless this is just a money grab for him.
>> of which the issuing organization controls 85% of the supply.
There's this interesting comment chain from yesterday's thread (https://news.ycombinator.com/item?id=26717253), where a commenter says the source is the coin's whitepaper, which states there will be 250 million tokens and they pre-sold 37.5 million. However, the creator (josh2600) says the whitepaper is out of date, but stops short of saying the 250/37.5 million token figure is incorrect.
I agree that if it's true it's incredibly damning and probably warrants some hard evidence.
That being said it's still a strange move by Signal, given that it's still a rather niche messenger that's now integrating with an even more niche payment system. The only ones that really stand to benefit from this are people holding this cryptocurrency.
It's just a super strange move by Signal, regardless of your stance on cryptocurrencies. Did anybody really think "you know what's missing from Signal compared to the competition? First party cryptocurrency payment support".
It sounds like they are trying to increase their revenue/profits and think this is the best way. I get that it is hard, because when everyone is anonymous then it is hard to collect money from people. Perhaps make some way to donate/subscription for signal a la pay what you want? I love Signal and would pay for it if I could.
1. It's not a company but an NGO. Therefore, in theory, as long as they can cover the operational cost, they should be good. Of course, there's plenty of NGOs that don't do that.
3. Brian Acton (WhatsApp co-founder) "donated" a hundred million to it. In theory, that alone should keep them running for at least a decade, but the "donation" was more of a loan with 0% interest, meaning that Signal will have to re-pay it back at some point. Also, just to make it shadier, he happens to be the chairman of the Signal Foundation. So he loaned the money to the org he's in charge of.
Woah putting telegram to the same bucket is insane - their network was permined, true, but unlocking value exchanging of 500m users makes this a tiny drop in the ocean.
> Signal is a still a great piece of software. Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business. This is not the way.
Digital currency is just digital communications. Signal allows us to communicate privately. Should people care whether or not this communication is a message that a language we also speak, or a message that contains a digital transaction.
Again...
> trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely
If you care about the privacy of Signal users to communicate freely about anything they chose, don't also hate when these same Signal users want to communicate digital currencies.
... and before you downvote, let me know why I'm wrong (although, they should have chosen a more mainstream privacy coin like ZCash or Monero at least).
This seems to ignore the fact that absolutely nothing about using Signal requires that one use this additional feature. It's not required if you don't like it.
Yet it insists on it being a pump and dump scam, without evidence. :(
No one wanted Google+ either, but these things are a sign of a company with misguided or missing focus, a misunderstanding its own product and the core competencies of its team, and which may be chasing trends in search of growth, perhaps a sign that current revenue streams are not sustainable.
None of this bodes well for the future of Signal, either the app, the service, or the company.
Actually, bitcoin proponents can agree with 99% of what this guy is saying. The only thing that is not accurate is when he mentions counterparty risk: Signal is planning to add a non-custodial wallet, therefore there's no counterparty risk (granted, no counterparty risk of magical shitcoins, but yeah, no counterparty risk).
Signal did a bad move here, but they will learn their mistake eventually: once they remove shitcoin support and add bitcoin support.
Here we have an nonprofit app that has succesfully broken into a major consumer market, and because of their ambitions to break up another cartel, and this is bad ?
Lets take a stab at understanding the authors complaints.
Author states users are smart and "we make the majority of users". Going beyond the entitlement of that statement, author can feel betrayed, but for signal to succeed it needs to keep iterating and address the consumer market.
Author may not need fast/cheap payments. But what about the rest of the world including the underbanked?
Author may fret about asymetry of info around transactions. However, will author think about the users of cash app and the million others that democratized stock trading ? Users have spoken and they prefer something, over nothing.
The article is unfortunately reeking of elitism. Sour grapes because a 3rd party will make money off an excellent application. I say keep an open mind.
This is the best thing that could happen to the world. Someone has the guts to finally take on currency, and has the potential to succeed. Yes it not perfect. Yes some will make money and signal may be able cover for their forever loan. Thats good.
The project has been a great endeavor since the days of redphone / textsecure. Project is still open sourced and nonprofit.
Signal is the future of privacy and security of the masses. As recently as 2019 that was still not clear.
It's rolled out in the UK with one if the best banking systems in the world. Plus like hell Signal is anonym, it still relies on an sms capable phone number, which is hard to get in many countries.
I don't understand how UK selection is bad. You need to build to an addressable market and build in that.
Someone made an assesment that the UK made sense. Presumably that someone could be wrong. But they are going to try. Which is 100% better than the rest of the payment apps because they are closed, for profit, and sell your data
Re sms. Agree. But you do agree that prioritization is subjective? What signal leadership thinks it needs to maximize privacy and security may differ from your perspective, correct?
> Which is 100% better than the rest of the payment apps because they are closed, for profit, and sell your data
Riiight. A shitcoin scam is 100% better, than a banking system that has been polished to what it is by learning the hard way for the past 300 years. Got it.
"Many technologists viscerally felt yesterday’s announcement as a punch to the gut [...] our fellow technologists that we truly believed were advancing a cause many of us also believed in."
It can be painful when a belief system runs into reality.
"Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business."
Lol. Because that usually goes over well. Hey, just do what we tell you! We don't care what's involved, just get it done! Says the user of the free service.
It goes beyond the usual issue with cryptocurrencies. Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea? You can already send wallet addresses over signal if you care to do it.
I'm willing to give the Signal devs the benefit of the doubt and assume that they meant well and aren't actively trying to benefit from the move (even though I'm not completely dismissing this possibility) but at the very least it's just showcases a very strange way to lead the project and prioritize issues. I can think of a dozen things out of the top that would do more to drive Signal adoption than integrating with some "literally what?" cryptocoin.
This is going to drive the adoption of this niche cryptocoin, it's not going to do anything at all for Signal.