After installing the phone version, I just tried the Desktop version on Debian. It doesn't work: fails to connect because none of the machines I have (even the Windows one!) is able to trust the digital certificate from https://textsecure-service.whispersystems.org/v1/config . I mean, I could try to add the certificate to the exception list, but when it comes to stuff like Signal I feel I shouldn't be doing any of this at all. And their website has no mention about adding certificates to my chain.
I wanna try to move away from Whatsapp too, but when your "Secure" app fails to work because no one trusts your digital certificate, I inevitably start questioning your claims of both quality and security... Everybody will stick to the old product if the new one isn't polished....
I just launched the Dekstop app from their Debian apt repository. It says "Something went wrong! Failed to connect to server." and then the Debug Log contains stuff such as:
Distro repos are notorious for containing super out of date stuff (especially when it comes to these kinds of apps). It's why we now have flatpack, AppImage and Snaps. Always check the version numbers when using repo stuff.
Bit of a stab in the dark here, but are you sure the repo is enabled and you're getting updates? I just realized I was using an outdated version because Ubuntu disables third party repos when upgrading.
The Signal Desktop app you are trying to install must be somehow outdated, the desktop apps I use are working perfectly (both GNU/Linux and macOS) and I never encountered this issue. Maybe try to get some help from the community? https://community.signalusers.org/
It's certainly been a while. And I've never heard anything reassuring about what they're planning; I half expect if/when we get anything that it'll be just as useless to me as the existing system. I don't actually trust Signal to deliver the features I need, and the lengthy timelines certainly don't help.
I don't think I know of any messenger at all that does what I want, and that's kinda sad.
Yes, though if you're paying attention to the protocol changes recently, you'll see it's actually true. There's been the introduction of a UID for user identifiers, a brand new group chat protocol, etc.
So the work is happening. But it's pretty major surgery, so it takes time.
I switched to Signal way before. And then Elon Musk recommended Signal to all and sundry on Twitter.
And then that got retweeted by Jack Dorsey. Now..I am a little worried. Do I want anything that has Jack’s paw prints on it. Since he and Zuckerberg turned up like creepy ideological twins at the senate hearings, I can’t tell them apart.
The first question on the Reddit AMA resonates. WhatsApp was great before FB bought that out. Who is to say it won’t repeat with Signal and someone else?
Signal is well documented and the client is open source. They've done an excellent job making e2e chat accessible to everyone. But, that's always an inherent risk.
I believe signal to be one of the best options right now. However, I'm also running a matrix server and working to convert my friends to that.
These challenges are never going to stop, but federated messaging is a big step forward.
Did WhatsApp release their protocol openly with an open source reference client/server? Or did I miss that part?
Having an exit plan makes me less concerned about a centralized service - if FB/TWT/etc buy Signal many parties are strongly incentivized to fork the code and provide migration paths.
WhatsApp had some real issues and then it seemed they cleaned it up.
It seems every mainstream researcher now agree that the message delivery part of WhatsApps is now trustworthy.
That said the metadata and incentives story is about as bad as it can get[1] and in the backup department your chats can be uploaded wholesale to iCloud and/or Google Cloud if one of your contacts from the same conversations enable cloud backup.
[1]: Owned by Facebook and they shut off the revenue stream so the only way they can make money from it is by squeezing it of the metadata they get or introduce ads.
One of the points of Signal is that the app is owned by a non profit and not a company. I highly do pressume that it means that it can't be sold to the highest bidder.
Now I don't know how these legal structures work. For what it is worth, it looks to me as if Singularity University transitioned from being a non-profit to being a "for benefit corporation".
I also have no idea what that means, other than it looks like some kind of fluidity is allowed?
Here is an interesting read (HN thread/comments mentioned in the article too)
[..] By March of 2017, 15 months in, the leadership realized it was time for more focus. So Brockman and a few other core members began drafting an internal document to lay out a path to AGI. But the process quickly revealed a fatal flaw. As the team studied trends within the field, they realized staying a nonprofit was financially untenable. The computational resources that others in the field were using to achieve breakthrough results were doubling every 3.4 months. It became clear that “in order to stay relevant,” Brockman says, they would need enough capital to match or exceed this exponential ramp-up. That required a new organizational model that could rapidly amass money—while somehow also staying true to the mission.[..]
[..] That structure change happened in March 2019. OpenAI shed its purely nonprofit status by setting up a “capped profit” arm—a for-profit with a 100-fold limit on investors’ returns, albeit overseen by a board that’s part of a nonprofit entity. Shortly after, it announced Microsoft’s billion-dollar investment (though it didn’t reveal that this was split between cash and credits to Azure, Microsoft’s cloud computing platform).
Predictably, the move set off a wave of accusations that OpenAI was going back on its mission. In a post on Hacker News soon after the announcement, a user asked how a 100-fold limit would be limiting at all: “Early investors in Google have received a roughly 20x return on their capital,” they wrote. “Your bet is that you’ll have a corporate structure which returns orders of magnitude more than Google … but you don’t want to ‘unduly concentrate power’? How will this work? What exactly is power, if not the concentration of resources?”[..]
I think OP is implying that there may be more beans in the can to be spilled than there are signal users.
Probably signal occupies a far greater mind share than it's userbase actually warrants. If they say they have 10000 DAUs, more people will write it off as worthless rather than he interested in trying it.
I have 8 contacts on Telegram, one(!) conversation. Meanwhile everyone from family and friends is at Telegram now and used to be on WhatsApp.
I wish Signal all the best: it is totally impressive, they got their incentives aligned totally unlike WhatsApp and to a larger degree than Telegram I think.
Personally I'm rooting for Matrix, but for now, based on my limited understanding Signal seems to hit the sweet spot where "kind of easy to use" overlaps to a large degree with "trustworthy".
In this video, Rob Braxman argues that most Matrix users use either Matrix.org or Element.io servers (may have gotten the names wrong). Matrix is a federation in theory but not in practice, so it's not good for privacy. What do you think?
I think the German Army and the French Police is already putting in place their own infrastructure and the company I work for might do so withing a year or two if we want.
Also, should anyone get banned from mainstream messenger because they live in the wrong country or have the wrong opinions they can run their own.
The main matrix instance is overloaded and slow so plenty of active people use other instances. Though, most people probably sign up on the main instance.
All, Signal is a 501c3 nonprofit. Your company probably matches donations. If they don't, they are eligible to be added to your company's portal. I encourage you to throw some of your wealth their way and take the extra step to get matching. This is important.
Great call to action. With other nonprofits I would immediately agree, matching is important. Is Signal in more need than other nonprofits, though? I imagine they’re still sitting on some of the $40 million the Signal Foundation got from Brian Acton, former WhatApp CEO.
> we've structured the project as a non-profit entity, so it can never be bought, has no investors, and isn't "owned" by anyone
Never is a long time. Non-profits can become for-profits. Non-profits can also spin off of their profitable components as for-profits -- just like the Mozilla Corporation is a for-profit owned by the non-profit Mozilla Foundation. Non-profits can sell ads and sell your data.
And, of course, non-profits can get money hungry just like any other organization. Look at how ICANN has found ways to vacuum up billions of dollars from the internet.
They also may not technically have any investors, but they have a de facto investor in the form a $100m loan from WhatsApp founder Brian Acton who is also on the board. He could have made it a gift, but did not -- which implies he wants the money back at some point. Signal will need a lot of donations to pay that money back -- or they could decide to sell ads or data.
All that said, I'm happy Signal is doing well, and applaud their efforts. I hope they succeed.
It also proves that it will never be easy and the choice is just move away or suck it up. I decided just to move away. Like I did with Fb and Insta. If needed I will do that again - away from Signal.
Is it documented (and provable) what happens when the Signal app is given access to Contacts and then verifies which of them is a Signal user?
It seems that some information would be revealed in that process that could be mined to eventually de-anonymize people based on relationship networks (assuming nothing easier is possible).
Does anyone here know if there's any reason not feel that is a serious vulnerability?
As the post says, their non-SGX method requires you to trust the server: “This has meant that if you trust the Signal service to be running the published server source code, then the Signal service has no durable knowledge of a user’s social graph if it is hacked or subpoenaed.”
To eliminate that requirement, they developed an SGX-based method: “Since the enclave attests to the software that’s running remotely, and since the remote server and OS have no visibility into the enclave, the service learns nothing about the contents of the client request. It’s almost as if the client is executing the query locally on the client device.”
Of course, there are plenty of attacks on SGX (I’m not enough of a cryptographer to know how practical they are to apply to Signal’s methods or not); but at some level you are going to have to trust servers you don’t control, whether your system is federated or centralized. I’m mostly willing to give Moxie the benefit of the doubt here.
> That is, why is the user forced to update in order to use the application, even if no critical security issues arose?
Because they’re adding new features, both security improvements and user-facing sugar.
Moxie’s thoughts on this are well-known: he believes he can build a better and more secure messenger by keeping deployed clients as closely aligned as possible. Even if you disagree (and plenty of people disagree, as we see in almost every Signal comment thread), it’s at least a valid opinion to hold. https://signal.org/blog/the-ecosystem-is-moving/
So when Signal decides to stop supporting your device, you're left with no choice but to get a new one.
So there's no point in auditing a Signal release.
So as Signal becomes more and more disagreeable (something that's bound to happen with any actively changing software), you're forced to take it or leave it.
It's a trap.
I am a user of Signal, and have been using it for a number of years now, but this concern remains.
Until you have a contract with someone explicitely saying what you want and what you don't want, no one owes you anything. Signal creators are doing it this way because they decided it's the best way to bring the best cryptography available to the masses, considering that they don't earn any money.
I'm a bit worried that the CEO is so vehemently against federation [0]:
> It is unlikely that we will ever federate with any servers outside of our control again, it makes changes really difficult.
I think as long as there is no federation there will always be the "benevolent dictator" situation, which often doesn't end up well in the long run.
At the same time, I'm sure that I couldn't convince my non-tech friends to switch over to a federated protocol like Matrix. The clients have been getting better, but they still lack a lot of mainstream UX. So, while Signal is better than WhatsApp for now, I think the only sensible solution is a federated protocol.
Aside from network effects, UI/UX is really king when it comes to getting people to switch messengers. It's why Telegram has managed to stake as large of a following as it has, despite its glaring flaws when compared to Signal, Matrix, etc.
I understand wanting to focus on security and privacy at the cost of all else, but if the goal is to get as many people on a reasonably safe messenger app as possible, UI/UX is unavoidably going to be a focal point — it can't just be made an afterthought, or as is the case with many FOSS projects disregarded almost entirely.
I would argue that Element on android is really good in terms of UI/UX. But I think the desktop experience is definitely behind others, and I have no idea how the iOS client is like.
I haven't used Element on iOS extensively, but in my limited experience it's "ok" but not stellar. It has a number of papercuts like the registration and login screens not hooking the password manager API and thus not offering password generation services, ability to save/restore from password manager, etc. On that front I think the iOS version of Signal is probably better.
It is good, but not good enough for the mainstream user. With Signal, you can just install it and all your contacts who also have signal are instantly there. The UX is similar to WhatsApp.
With Element, you first need to create a username that in the format <username>:<server>. This is a new notion and non-tech users don't know what this is about. I usually need to explain "it's like email, but instead of the @ there's the :".
Furthermore, there is this new concept of "Rooms" that people are not used to.
Also, there are some UX flaws like that you need to include the @ when adding use (it won't find the user if I try to add "joe:matrix.org", I need to enter @joe:matrix.org). This even threw me off for a minute or so in the beginning.
There are some clients that look and feel more like WhatsApp (like Nio), but they are still in early development. So, I'm hopeful.
One reason which I chose Matrix over Signal, other than being forced fo tie my identify to a phone number and depend on a smartphone for receiving mesaages.
Same. There's also the fact that Signal never really convinced me that it's better than Matrix.
Though if I compare Matrix and Keybase, there's a clear winner in terms of UX and depth of features. I will be missing that but there's no indication Matrix or Signal will reach feature parity before it's replaced. (A new messaging protocol and no isolated subservers with their own chat rooms? Really? This is why people are switching to Discord in increasing numbers)
Also the reason I have 80+ contacts in Signal, but 1 (one) in Matrix. Federation just doesn't work for the average person in practice. Email being the large exception because it's been around for so long.
why does federation not work for the average person?
how would they know the difference?
what does cause friction is if clients expect the users to enter their own server details beyond their email address.
i find that very annoying in irc clients for example, where i have to know the details for the network to connect to. jabber/xmpp clients generally did a bit better. and i don't know how well matrix is doing it. but making this easy for the user is a matter of interface design.
there is nothing inherent in federation that makes this hard for users. the only thing is having to choose a server. but for my family for example i would choose the same server as myself, and i'd want to send them a link to sign up. that link could then provide a way to open the messaging client with proper settings in place.
if it is more complicated now, then that's a problem, but one that can be fixed
Honest question, I'm not a distributed person. Why can't someone turn Signal federated? Wouldn't the centralized server just be a different server? Sure, you'd need to roll a custom app but plenty of people do that. I constantly see people here complaining about it not being federated, but the server is open sourced, so what's the issue?
Side note: isn't it good to be centralized while the app is quickly rolling out new features? Then a switch to federation would be better when all the features are enabled?
> Why can't someone turn Signal federated? Wouldn't the centralized server just be a different server?
The source code is all public and freely licensed, client and server. Anyone could pick it up, turn it federated, and run it. But it’s unlikely Signal would choose to federate with any other servers.
> Side note: isn't it good to be centralized while the app is quickly rolling out new features? Then a switch to federation
It’s pretty clear from Moxie’s words on the topic that he has no desire to federate Signal in the future. He’s solidly convinced that the agility necessary to build a userbase on top of a secure messenger will be lost if he has to spend resources bringing the rest of the ecosystem in line with new developments.
I guess there's something I'm missing here. I understand it is phone -> Signal server -> other phone. So don't you only need to know how to talk to the Signal server? Which should be in the OS app? So your app would just need to know which server to communicate with the right person. People that are on the Signal server get contacted through the Signal server. People on a federated server get communications passed through there.
I'm sorry if this is a dumb question. I'm really curious but I don't know much about this space. What is Signal doing that restricts you from talking to it?
Signal probably ties message encryption to client authentication. You could give the 'federated' server your plaintext and encryption keys which acts like a client app on your behalf, but that obliterates the purpose of Signal and E2E messaging entirely. And still, they can ban your server IP at any time at their discretion. Maybe you can try to create a federated server that acts as one user but publishes an authenticated encrypted message on behalf of a different user, but there's no api for that... exactly the api that is being asked for in these requests to add a federation api.
They say now they are working on letting people sign up without having to use a phone number.
I've hated this about Signal since first beginning to use it. Forcing everyone to use a phone number makes it so much harder to have a partially anonymous way to communicate.
I can't help but feel this was intentional to prevent use by those wishing to remain anonymous. I don't believe they'll ever actually do this.
If they could have they would have done so already imo. Perhaps they are fighting whatever restrictions force them to do this. We can only hope.
My belief is that various governments prevent Signal from allowing anonymous registrations and will continue to prevent them from allowing it.
I expect that what they will allow is something like "you can now register with a gmail account". That is the same restriction since you need a phone number to register for a gmail account these days.
I wanna try to move away from Whatsapp too, but when your "Secure" app fails to work because no one trusts your digital certificate, I inevitably start questioning your claims of both quality and security... Everybody will stick to the old product if the new one isn't polished....
reply