The 50 million infusion happened in 2018. Why has it taken so long to scale up?
Anyway, I don't think it can take on WhatsApp. If you look at the history of when signal succeeds and gains many users, it's only when WhatsApp is down. Which is not for very long, as it's so important that it goes back up pretty quickly.
Let me know when it's ready to use without a phone number.
As it is, I lose my identity if I switch phone numbers (say, I move to another country). Even worse, someone else might get my old identity when my old phone number is recycled.
Is there an actual technical limitation preventing Signal from offering a one-field signup, whereby one would simply enter a self generated public key?
There's no technical limitation, but read this (https://news.ycombinator.com/item?id=22357948) comment to understand why Signal did what they did. Your SIM card stores your contact list across devices. With usernames, your phone's contact list doesn't work anymore. You need a persistence, i.e. cloud backups, to store the contact list first. This is in the works (https://signal.org/blog/secure-value-recovery/). Expect to see user names once that's done.
The nice thing is the persistence can also remember identity keys, fingerprint and their verification statuses, and even group membership status -- so it'll mean much more convenient use once it's ready.
You could register it with a voip number. This doesn't entirely mitigate the problem, but at least you'd have more digital control over what happens to that number (and can pretty much be sure you won't lose it unless you want to).
If you already have it registered to a "real" number on your cell phone, there are processes for porting that number to google voice.
Signal has MAJOR UX problems when you have several devices (which is fairly normal for mainstream users). Try using the same account multiple computers, smartphone, tablet / chromebook at the same time. It's painful.
Compared to Telegram (which is also privacy-focused and NOT owned by Facebook like WhatsApp is) that simply works, I'm not sure what Signal brings to the mainstream table.
The people behind the predecessor to Signal were somewhat successful in a disinformation / FUD campaign against Telegram's cryptography early on, but 0 POC exploits have ever been released. Telegram even upgraded their cryptography to alleviate some of the concerns - https://core.telegram.org/mtproto . They are now recognized as IND-CCA secure https://en.wikipedia.org/wiki/Ciphertext_indistinguishabilit....
To be mainstream, you have to have mainstream usability. Signal does not (at least not right now).
I don't have any love of Electron but this seems to be how the majority of messaging products are targeting the desktop. Slack works the same way...
I guess it seems a bit unfair to use this as a criticism for Signal in particular; they are already fighting an uphill battle UI-wise. To my mind, since the client is about as frustrating as Google Hangout was, I'm willing to accept it as good enough.
Thank goodness there's the highly optimized Telegram Desktop client that's not a tire fire since it has the secure end-to-end encryption for both group chats and one-on-....ahahahahahahahahahaha
Telegram's cryptography isn't comparable to Signal's. Telegram provides end-to-end encryption only for private messages between two people, and, last I checked, that encryption was disabled by default. There is no group end-to-end encryption; rather, Telegram claims that TLS hop-by-hop encryption --- in which Telegram's own servers get to see message plaintext --- is sufficient.
Signal provides true end-to-end encryption, for groups, by default, always-on, in a privacy-preserving design that ensures that Signal's servers don't have to collect a log of who's talking to who. Signal won the Levchin Prize at Real World Crypto --- in fact, they won the first Levchin prize ever awarded, meaning that when Dan Boneh and Tom Ristenpart and Kenny Paterson and the other referees sat down to figure out who should get the inaugural Levchin Prize, Signal was the first thing that came to mind.
That cryptographers recoil from Telegram's bizarre IGE-based cryptography is besides the point. Nobody needed to "FUD" Telegram to show that it's inferior.
I agree so much. There's a long list of reasons cryptographers like Schneier and Green recommend Signal, and why they advice against using Telegram. I've never seen any cryptographer or security expert recommend Telegram. It's always some random person online who seems to know a lot about encryption (like what is IND-CCA security) but who don't want to explain Telegram's lack of ubiquitous E2EE.
I've tried explaining this to friends on Telegram - they don't care that the cryptography isn't as good, but that its fast, it works, and Facebook doesn't control it. They don't use Signal because it isn't as polished as Telegram.
Meanwhile I have Matrix-using friends explain to me that Signal is secure but its centralization is a threat by being a single point of failure, but I don't use Matrix because it isn't as polished/consistant as Signal.
Unfortunately it's controlled by the Mark Zuckerberg of Russia who still has access to his data brokers. None of the companies with access to our private data seem problematic at first. Google was a gift from the heavens with it's insane 1000MB gmail accounts back in 2003, now it's a private intelligence agency. Facebook was about free fun and connectivity, now it's a private intelligence agency. But Telegram's going to be different and money comes from magic and ICOs even after it reaches critical mass.
Also, the security model of Telegram is exactly the same as Facebook Messenger: A bunch of promises about respecting your privacy, coupled with opt-in end-to-end-encryption that doesn't work cross-device, and the use of which reveals the intention to hide messages from server (which is extremely valuable metadata: these messages I want to hide from service provider and governments!)
Telegram does invest heavily on their UI. It's been hard for me to convince people to move to it, regardless.
I imagine I'd have an even harder time moving people to Signal. While their encryption is better, I've seen complaints of messages not being sent and the sender not being aware until days/weeks later after personal follow up on the receiver. Even if this didn't deter me from using it, I have little to no contacts using it. And for the ones that do have it I have no way of knowing if they uninstalled and I'm sending a message to a black void.
If Signal had the reliability, UI polish, consistent updates, and feature-rich experience of Telegram I'd be putting more effort to convert users toward it rather than the latter. I'm a fan of both apps and companies running them nonetheless and am using Signal as my primary SMS app as it's a step to detach from Google.
To me it comes down to one simple question... do you want other parties reading the messages you send to your family and friends? If not, use Signal and encourage them to as well.
You didn't list out any actual UX issues with Signal. I use it on my phone, desktop PC, and laptops without coming across any issues.
And you'd want to use a cipher agreed upon by the general cybersecurity community to be secure. You don't roll your own crypto, deploy it, then hope the security field vets it later.
Another user already commented that Telegram isn't E2E encrypted by default, so you have to trust both their servers _and_ MTProto. And one thing not yet mentioned is that both users have to be online to initiate this E2E-encrypted chat, so it's pretty useless.
As much as I agree with your criticism of Signal (my main gripe is enforcing use and verification of phone numbers as identifiers), Telegram is not privacy-focused, despite their marketing and public perception.
* Messages are cleartext w.r.t. the server by default (I'd wager >99.9% of all Telegram chats are sent this way). E2E-encrypted conversations have to be enabled explicitly, are tied to a single device and only available on mobile.
* Encrypted group-chat not possible.
Hell, you might as well use Google or Facebook, the only difference is who's monitoring. Even WhatsApp has more privacy than Telegram.
Of what I tried so far, Keybase is really damn close. Their UX has been improving a lot, multi-device where all are first-class citizens, E2E by default, etc etc. The whole identity-graph thing, server-side being closed source and platform being run by a US-based business are the only things that keep me from trying to onboard everyone I keep in regular touch with. Too bad neither of those things are likely to change anytime soon.
Phone numbers are every message board person's gripe with Signal, and it's a totally understandable gripe. But Signal doesn't demand a phone number because they want your personal information, but rather because they're allergic to it: to run a messaging system, you have to provide users with contact lists, and the way all other services do that is to store contact lists in serverside databases. That means that other messaging applications store the complete contact graph of the service --- literally a log of precisely who talks to whom --- in plaintext, in a single centralized location. Signal avoids doing that by piggybacking on the contact list you already have, and so doesn't have to store a contact graph at all. It's a UX sacrifice Signal makes in favor of superior privacy and security; UX sacrifices for security are basically Signal's brand.
I don't buy it. They could have kept it the default but allowing e-mail as an alternative (which can also be stored in phone's contact lists).
Or just have usernames, for that matter. It's not like they're a 5 person bootstrapping team who don't have the resources to solve the small kinks to make that user-friendly.
It's not hard to build serverside contact lists with usernames; 1-person teams routinely build that feature. But all of those systems store plaintext complete contact graphs serverside. If it's so easy to get this feature with email addresses, why does Wire have a durable log of who's talked to whom on their service stored in a database? It's not because they want it.
I still don't see how these have to be mutually exclusive. Fine, default to phone number since that's what most people are comfortable with, but it's not like there's anything inherent making supporting alternative identifiers a difficult problem.
Let it be my problem making my friends add my e-mail address to their contacts.
Another huge issue with Signal (and telegram) is that it is tied to your phone number which effectively ties it to you as a person. Which is by default something that raises eyebrow.
Same problem with Telegram. You can't register account without phone number. Also, Signal is already working on user names, it's just a lot more complex problem than you might think.
Now that's a horrible UX See how many of your friends use Briar. You need an existing social graph to start. Also, secure cloud backups for the account data isn't an easy thing, see e.g. their blog post on that. But now that it's coming, you'll most likely get to create a username too, and backup contact list to cloud protected with latest and greatest password hashing algorithms so that Signal doesn't have access to it (unlike Telegram).
"Compared to Telegram (which is also privacy-focused and NOT owned by Facebook like WhatsApp is) that simply works, I'm not sure what Signal brings to the mainstream table."
Firstly, with Telegram asynchronous chats are trivial to make, because all you're doing is managing data the server has using multiple clients. The moment you add E2EE for multiple clients, that's when things get hard, like really, really hard. Try enabling secret chats for desktop client with Telegram and you'll see how convenient Telegram is. See the thing is, Telegram doesn't even have cross-client E2EE. None of the official desktop clients support E2EE, and the 3rd party client that do, are not interoperable with other clients. You don't see the messages on multiple devices.
Telegram is snappier because the team is cheating with the star topology architecture. There's no way to have forward secret, future secret group chats with shared encryption key. There's three choices.
1. No E2EE for groups at all (The Telegram way \o/)
2. E2EE with static group chat key (no forward/future secrecy)
3. Individual encryption of messages to each peer (has both forward and future secrecy) -- the way Signal does it.
So to answer your question "I'm not sure what Signal brings to the mainstream table." Signal brings actual Privacy by Design that Telegram developers have been unable to implement at any point.
"0 POC exploits have ever been released."
That's not what security is about. It's not the researchers with capability to break the encryption, it's the intelligence agencies, and they're not very eager to share.
"They are now recognized as IND-CCA secure"
They sure are. I'm going to be honest with you. I think MTProto end-to-end encryption is fine. It might be even great. You have the fingerprints, you can check there's no MITM. Great. But there's a tiny problem:
1. This great E2EE protocol isn't enabled by default (unlike with Signal)
2. This great E2EE protocol isn't available for group chats on any client (unlike with Signal where all clients support it)
3. This great E2EE protocol isn't available for desktop clients (unlike with Signal)
"To be mainstream, you have to have mainstream usability. Signal does not (at least not right now)."
You might be right in that Telegram is more usable, now. But Signal is catching up and fast, and once the gap closes, every feature will also be an actual feature (one that works privately as opposed to one that has privacy tradeoff of private content having to be shared with the server). At that point Telegram has to implement everything from the ground up.
Also, as for what the Mark Zuckerberg of Russia does with the tens of billions of plaintext messages stored on their server, I have no idea. All I know is that's a really, really, really tempting target for nation state hackers. And I have serious concerns about whether Telegram team would admit their messages were compromised, given that they can't mitigate and promise it'll never happen again by deploying app-wide E2EE: if they had the know-how they'd already done it.
Given that majority of Fortune 500 companies have been hacked, what are the chances Pavel Durov and his team (who lack the capability to implement basic E2EE) have magically hardened their servers against NSA, GCHQ, the Israeli Unit 8200, the Chinese intelligence, the Russian intelligence. Don't make me laugh.
I'm personally against using any instant messaging app, even more so if it's on a smartphone rather than on a desktop computer. I don't care how private they are. Why? Well, I think it's an inefficient communication tool, and thus a huge waste of time. Modern instant messaging applications work by interrupting people and being interrupted by them constantly throughout the day, since there's no way to turn it off—in contrast, MSN Messenger didn't allow for offline messaging until 2005; most of the time you found yourself in front of the computer with the program opened if somebody sent you a message, ready to engage in conversation instead of dealing with anything else.
Of course, you can turn the notifications off and check messages at a specific time every day, but good luck with that! If nested conversations without a subject attached to them, no character limit, and no formal way of telling when they either start or end aren't already put off enough and stretched out unnecessarily, imagine setting a time restriction to your responses. Imagine setting up a meeting or a date: as cumbersome and as long as it takes as it is, you'd spend a week trying to meet with somebody. Believe me, I've been there. I've tried it all: installing WhatsApp on a virtual machine with Android_x86 and only using it at night didn't solve a thing; still, a phone call was always faster and much more efficient in dealing with anything you can conceive. However, most people didn't want to pick up the phone; texting, on the other hand? I'd receive texts from people wanting to start full conversations there, to which they would respond every two or three hours. How can anyone do anything efficiently or be productive enough at work, or even enjoy hobbies, while doing that?
I know I'm alone on this one, but it's really frustrating seeing how something that isolates us and separates us from our own lives, immediate environments, and thoughts will probably never stop growing.
> How can anyone do anything efficiently or be productive enough at work, or even enjoy hobbies, while doing that?
by replying every 2 or 3 hours, when you're waiting in the elevator, or have some other idle time to fill
>you can turn the notifications off and check messages at a specific time every day, but good luck with that
some people simply ignore their notifications until they're ready to deal with them. they don't toggle some setting on their device, they simply choose to ignore the whole device. it varies from person-to-person and you might just not be personally suited to this kind of technology.
personally, i read every email i get as soon as i get it, but i realize this is not the norm.
>by replying every 2 or 3 hours, when you're waiting in the elevator, or have some other idle time to fill
Most people don't seem to do that. Most people I know, in fact, check their phones while driving, during lectures, during meals with friends and family, walking the dog (poor things), in the gym, walking down the street... I mean, you see it every day. Those aren't ideal times at which you should be checking your phone. Moreover, idle time can be hugely beneficial to rest our minds, relax, or to quietly reflect on important things about our lives.
>some people simply ignore their notifications until they're ready to deal with them. they don't toggle some setting on their device, they simply choose to ignore the whole device. it varies from person-to-person and you might just not be personally suited to this kind of technology.
If having your smartphone around occupies some of your cognitive capacity [0], imagine trying to "ignore notifications". You are keeping your mind busy with endless conversations kept on the air. I don't think anyone is suited to this kind of devices, because the software they run on has been designed to keep you glued to it [1]. I just don't tolerate it as much as other people, I think.
That’s because group chat in an encrypted messenger with good ux is an unsolved cryptographic research problem. Everyone else just punts on it.
I get why that’s unsatisfying from the user perspective, but it’s absolutely necessary from the perspective of maintaining user trust over time. Signal has a plan to fix it but we’ll have to see if they can actually implement their new groups solution.
What? No it’s not an unsolved crypto research problem. Signal supports group chats just fine, it’s just that’s it’s hidden away behind a couple extra clicks and you have to name them that inordinately annoys me compared to imessage where you just type the recipients out all in one place. It makes it feel like you’re Setting Up A Group instead of just bullshitting with friends.
You misunderstand this problem. Doing group chat where you do a massive rekeying of all participants every time someone joins doesn’t scale, but it is secure. Signal doesn’t practically support large groups like Telegram does (although telegram is unencrypted as a result).
I can assure you that large secure groups with strong cryptographic guarantees and evolving membership lists is unsolved.
Nah, you misunderstand the complaint. The UX is annoying if you just want to message your friends Alice and Bob. On other platforms it's trivial. On those, you type alice into the new message bar, click her contact, type bob into the address bar, click his contact, then write your message and hit send. On signal, you have to create a new group first.
I'm not talking about wanting to make the kinds of groups with dynamic membership like you're talking about.
I'm probably missing the point, I use groups in Signal but I never faced any issue. I'm probably not a power user. Can you provide more details please? I'm curious about it. Thanks :)
Not sure what exactly OP is referring to, but this bug has plagued Signal for quite some time in that it doesn't handle Signal to non-Signal group messages gracefully:
The bug is my only real complaint with Signal's group messaging system.
EDIT: I should note that the bug was opened in January of 2019 (although existed for much longer than that) and as of December 2019 it was still in ongoing problem for some users.
Signal started lately (maybe it's AB tested and it happens at differet times to different oeople) doing the annoying "add your name" thing, where you get askedfor your name pretty much every time, and you can only caugh it up, or say "remind me later", not"no thanks".
How is this scummy dark pattern good for privacy is beyond me. If it werent for my obe privacy nut friend, I would have stoppped using it.
Started a HackerNews group chat on Signal to test it out. Ping me your signal phone # to hngroupchat@mattcrampton.com and I'll invite you to the group.
Serious question: Is this the only way to invite users to a Signal group?
Couple of concerns here; you might use google to host your email for all I know and I’m not inclined to help google update my shadow profile. Also, giving my phone number to random dudes seems ridiculous given what we’re ultimately trying to achieve here.
BTW I’m not being snarky towards you, it just reads that way :P
It's not what Signal is built for. If you want to join public chat rooms, you can use Telegram equally securely. E2EE never hurts in the case of public groups, but since you're not able to verify none of the group members are malicious, and logging and leaking your (and everyone else's) comments to every bad actor, it doesn't matter.
Your only protection is anonymity, but that's something not even Telegram offers by default: This has lead to speculations about attacks where the Chinese cyber army has performed massive reverse look-ups of Hong Kong citizens' phone numbers, by storing what TelCo has in it's database / what IMSI catchers / hacked towers see, and adding them as contacts. This by default reveals Telegram user's username to the attacker. You can disable this by opting in, but very few do.
> Enabling group administration was also a hard feat, as Signal has to give administrators the ability to add and remove members without its servers knowing who's part of the conversation.
I was chatting with Trevor Perrin about abstract crypto relating to this when he was presumably working on this, and never got the chance to ask him - even if the group crypto hides this information, the Signal server still has to physically deliver the messages to the correct people in the group, whose phone numbers are all known by the server, so isn't this exercise a bit pointless? Or are there long-term plans to drop the critical reliance on phone numbers?
That's a good start. I forgot to add though, to actually make group membership private for real-world practical purposes, you have to achieve all of the following:
1. group crypto can't give away the identities
2. your identity system can't give away the actual people
3. your distribution system can't give away the locations of those people
It's a hard problem, nobody in the world has done it yet. Signal seem now to have some concrete thing for (1), by your link they are supposedly working on (2), but (3) is also needed.
Eh, I want to like signal. I really do. But it does not play nice with Blokada ( though that is an easy fix ). My tech illiterate parent was unable to use it ( when compared to whatsapp ). I am kinda done with whatsapp so I finally broke down and added international plan.
60 comments
[ 2.4 ms ] story [ 121 ms ] threadExtensively discussed already; this piece is literally just a summary of that one.
As it is, I lose my identity if I switch phone numbers (say, I move to another country). Even worse, someone else might get my old identity when my old phone number is recycled.
Is there an actual technical limitation preventing Signal from offering a one-field signup, whereby one would simply enter a self generated public key?
The nice thing is the persistence can also remember identity keys, fingerprint and their verification statuses, and even group membership status -- so it'll mean much more convenient use once it's ready.
If you already have it registered to a "real" number on your cell phone, there are processes for porting that number to google voice.
Compared to Telegram (which is also privacy-focused and NOT owned by Facebook like WhatsApp is) that simply works, I'm not sure what Signal brings to the mainstream table.
The people behind the predecessor to Signal were somewhat successful in a disinformation / FUD campaign against Telegram's cryptography early on, but 0 POC exploits have ever been released. Telegram even upgraded their cryptography to alleviate some of the concerns - https://core.telegram.org/mtproto . They are now recognized as IND-CCA secure https://en.wikipedia.org/wiki/Ciphertext_indistinguishabilit....
To be mainstream, you have to have mainstream usability. Signal does not (at least not right now).
I guess it seems a bit unfair to use this as a criticism for Signal in particular; they are already fighting an uphill battle UI-wise. To my mind, since the client is about as frustrating as Google Hangout was, I'm willing to accept it as good enough.
But hey, if feeling slick with your polished app and having nothing to hide is your thing, good for you.
Signal provides true end-to-end encryption, for groups, by default, always-on, in a privacy-preserving design that ensures that Signal's servers don't have to collect a log of who's talking to who. Signal won the Levchin Prize at Real World Crypto --- in fact, they won the first Levchin prize ever awarded, meaning that when Dan Boneh and Tom Ristenpart and Kenny Paterson and the other referees sat down to figure out who should get the inaugural Levchin Prize, Signal was the first thing that came to mind.
That cryptographers recoil from Telegram's bizarre IGE-based cryptography is besides the point. Nobody needed to "FUD" Telegram to show that it's inferior.
Moreover, there is no option to enable e2e encryption on GNU/Linux at all!
https://askubuntu.com/questions/739341/telegram-with-secret-...
Meanwhile I have Matrix-using friends explain to me that Signal is secure but its centralization is a threat by being a single point of failure, but I don't use Matrix because it isn't as polished/consistant as Signal.
Unfortunately it's controlled by the Mark Zuckerberg of Russia who still has access to his data brokers. None of the companies with access to our private data seem problematic at first. Google was a gift from the heavens with it's insane 1000MB gmail accounts back in 2003, now it's a private intelligence agency. Facebook was about free fun and connectivity, now it's a private intelligence agency. But Telegram's going to be different and money comes from magic and ICOs even after it reaches critical mass.
Aral Balkan explains this better than I ever could https://www.youtube.com/watch?v=jh8supIUj6c#t=35m02
Also, the security model of Telegram is exactly the same as Facebook Messenger: A bunch of promises about respecting your privacy, coupled with opt-in end-to-end-encryption that doesn't work cross-device, and the use of which reveals the intention to hide messages from server (which is extremely valuable metadata: these messages I want to hide from service provider and governments!)
I imagine I'd have an even harder time moving people to Signal. While their encryption is better, I've seen complaints of messages not being sent and the sender not being aware until days/weeks later after personal follow up on the receiver. Even if this didn't deter me from using it, I have little to no contacts using it. And for the ones that do have it I have no way of knowing if they uninstalled and I'm sending a message to a black void.
If Signal had the reliability, UI polish, consistent updates, and feature-rich experience of Telegram I'd be putting more effort to convert users toward it rather than the latter. I'm a fan of both apps and companies running them nonetheless and am using Signal as my primary SMS app as it's a step to detach from Google.
And you'd want to use a cipher agreed upon by the general cybersecurity community to be secure. You don't roll your own crypto, deploy it, then hope the security field vets it later.
Another user already commented that Telegram isn't E2E encrypted by default, so you have to trust both their servers _and_ MTProto. And one thing not yet mentioned is that both users have to be online to initiate this E2E-encrypted chat, so it's pretty useless.
* Messages are cleartext w.r.t. the server by default (I'd wager >99.9% of all Telegram chats are sent this way). E2E-encrypted conversations have to be enabled explicitly, are tied to a single device and only available on mobile.
* Encrypted group-chat not possible.
Hell, you might as well use Google or Facebook, the only difference is who's monitoring. Even WhatsApp has more privacy than Telegram.
Of what I tried so far, Keybase is really damn close. Their UX has been improving a lot, multi-device where all are first-class citizens, E2E by default, etc etc. The whole identity-graph thing, server-side being closed source and platform being run by a US-based business are the only things that keep me from trying to onboard everyone I keep in regular touch with. Too bad neither of those things are likely to change anytime soon.
Or just have usernames, for that matter. It's not like they're a 5 person bootstrapping team who don't have the resources to solve the small kinks to make that user-friendly.
For app-specific contacts: They can store and sync conversation logs. I don't see how contact lists would be harder.
Let it be my problem making my friends add my e-mail address to their contacts.
Firstly, with Telegram asynchronous chats are trivial to make, because all you're doing is managing data the server has using multiple clients. The moment you add E2EE for multiple clients, that's when things get hard, like really, really hard. Try enabling secret chats for desktop client with Telegram and you'll see how convenient Telegram is. See the thing is, Telegram doesn't even have cross-client E2EE. None of the official desktop clients support E2EE, and the 3rd party client that do, are not interoperable with other clients. You don't see the messages on multiple devices.
Telegram is snappier because the team is cheating with the star topology architecture. There's no way to have forward secret, future secret group chats with shared encryption key. There's three choices.
1. No E2EE for groups at all (The Telegram way \o/)
2. E2EE with static group chat key (no forward/future secrecy)
3. Individual encryption of messages to each peer (has both forward and future secrecy) -- the way Signal does it.
So to answer your question "I'm not sure what Signal brings to the mainstream table." Signal brings actual Privacy by Design that Telegram developers have been unable to implement at any point.
"0 POC exploits have ever been released."
That's not what security is about. It's not the researchers with capability to break the encryption, it's the intelligence agencies, and they're not very eager to share.
"They are now recognized as IND-CCA secure"
They sure are. I'm going to be honest with you. I think MTProto end-to-end encryption is fine. It might be even great. You have the fingerprints, you can check there's no MITM. Great. But there's a tiny problem:
1. This great E2EE protocol isn't enabled by default (unlike with Signal)
2. This great E2EE protocol isn't available for group chats on any client (unlike with Signal where all clients support it)
3. This great E2EE protocol isn't available for desktop clients (unlike with Signal)
"To be mainstream, you have to have mainstream usability. Signal does not (at least not right now)."
You might be right in that Telegram is more usable, now. But Signal is catching up and fast, and once the gap closes, every feature will also be an actual feature (one that works privately as opposed to one that has privacy tradeoff of private content having to be shared with the server). At that point Telegram has to implement everything from the ground up.
Also, as for what the Mark Zuckerberg of Russia does with the tens of billions of plaintext messages stored on their server, I have no idea. All I know is that's a really, really, really tempting target for nation state hackers. And I have serious concerns about whether Telegram team would admit their messages were compromised, given that they can't mitigate and promise it'll never happen again by deploying app-wide E2EE: if they had the know-how they'd already done it.
Given that majority of Fortune 500 companies have been hacked, what are the chances Pavel Durov and his team (who lack the capability to implement basic E2EE) have magically hardened their servers against NSA, GCHQ, the Israeli Unit 8200, the Chinese intelligence, the Russian intelligence. Don't make me laugh.
One more thing, AFAIK there's no audit of Telegram's code base, and it's some of the smelliest code I've ever seen: https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/... Look at that file size,...
Of course, you can turn the notifications off and check messages at a specific time every day, but good luck with that! If nested conversations without a subject attached to them, no character limit, and no formal way of telling when they either start or end aren't already put off enough and stretched out unnecessarily, imagine setting a time restriction to your responses. Imagine setting up a meeting or a date: as cumbersome and as long as it takes as it is, you'd spend a week trying to meet with somebody. Believe me, I've been there. I've tried it all: installing WhatsApp on a virtual machine with Android_x86 and only using it at night didn't solve a thing; still, a phone call was always faster and much more efficient in dealing with anything you can conceive. However, most people didn't want to pick up the phone; texting, on the other hand? I'd receive texts from people wanting to start full conversations there, to which they would respond every two or three hours. How can anyone do anything efficiently or be productive enough at work, or even enjoy hobbies, while doing that?
I know I'm alone on this one, but it's really frustrating seeing how something that isolates us and separates us from our own lives, immediate environments, and thoughts will probably never stop growing.
End of the rant.
by replying every 2 or 3 hours, when you're waiting in the elevator, or have some other idle time to fill
>you can turn the notifications off and check messages at a specific time every day, but good luck with that
some people simply ignore their notifications until they're ready to deal with them. they don't toggle some setting on their device, they simply choose to ignore the whole device. it varies from person-to-person and you might just not be personally suited to this kind of technology.
personally, i read every email i get as soon as i get it, but i realize this is not the norm.
Most people don't seem to do that. Most people I know, in fact, check their phones while driving, during lectures, during meals with friends and family, walking the dog (poor things), in the gym, walking down the street... I mean, you see it every day. Those aren't ideal times at which you should be checking your phone. Moreover, idle time can be hugely beneficial to rest our minds, relax, or to quietly reflect on important things about our lives.
>some people simply ignore their notifications until they're ready to deal with them. they don't toggle some setting on their device, they simply choose to ignore the whole device. it varies from person-to-person and you might just not be personally suited to this kind of technology.
If having your smartphone around occupies some of your cognitive capacity [0], imagine trying to "ignore notifications". You are keeping your mind busy with endless conversations kept on the air. I don't think anyone is suited to this kind of devices, because the software they run on has been designed to keep you glued to it [1]. I just don't tolerate it as much as other people, I think.
[0] https://news.utexas.edu/2017/06/26/the-mere-presence-of-your....
[1] Tristan Harris has talked at length about it, among other people.
I get why that’s unsatisfying from the user perspective, but it’s absolutely necessary from the perspective of maintaining user trust over time. Signal has a plan to fix it but we’ll have to see if they can actually implement their new groups solution.
I can assure you that large secure groups with strong cryptographic guarantees and evolving membership lists is unsolved.
I'm not talking about wanting to make the kinds of groups with dynamic membership like you're talking about.
https://github.com/signalapp/Signal-Android/issues/8571
The bug is my only real complaint with Signal's group messaging system.
EDIT: I should note that the bug was opened in January of 2019 (although existed for much longer than that) and as of December 2019 it was still in ongoing problem for some users.
I elaborated in responding to another user.
How is this scummy dark pattern good for privacy is beyond me. If it werent for my obe privacy nut friend, I would have stoppped using it.
Couple of concerns here; you might use google to host your email for all I know and I’m not inclined to help google update my shadow profile. Also, giving my phone number to random dudes seems ridiculous given what we’re ultimately trying to achieve here.
BTW I’m not being snarky towards you, it just reads that way :P
Your only protection is anonymity, but that's something not even Telegram offers by default: This has lead to speculations about attacks where the Chinese cyber army has performed massive reverse look-ups of Hong Kong citizens' phone numbers, by storing what TelCo has in it's database / what IMSI catchers / hacked towers see, and adding them as contacts. This by default reveals Telegram user's username to the attacker. You can disable this by opting in, but very few do.
I was chatting with Trevor Perrin about abstract crypto relating to this when he was presumably working on this, and never got the chance to ask him - even if the group crypto hides this information, the Signal server still has to physically deliver the messages to the correct people in the group, whose phone numbers are all known by the server, so isn't this exercise a bit pointless? Or are there long-term plans to drop the critical reliance on phone numbers?
Yes
https://community.signalusers.org/t/signal-introducing-usern...
1. group crypto can't give away the identities 2. your identity system can't give away the actual people 3. your distribution system can't give away the locations of those people
It's a hard problem, nobody in the world has done it yet. Signal seem now to have some concrete thing for (1), by your link they are supposedly working on (2), but (3) is also needed.
I am annoyed, but I can't really blame my parent.