Not relevant but since F-Droid has been mentioned in the context of it. F-Droid is based in the UK and their accounts are over-due. 'Free' does not exist forever. https://beta.companieshouse.gov.uk/company/08420676
Original from 2018, 467 comments https://news.ycombinator.com/item?id=17723973. Not commenting as snark (reposts are ok after all) more to save Dang digging out the link and also to see how many more or less duplicate sentiment comments are made and / or how perceptions have changed.
I thought that first comment had some inappropriately personal things to say about ddvault and his article. It also seemed like they didn't really respond with substance to the what the article said.
What substance in the article did I miss? Unlike the author, I stand by what I wrote originally.
I'll note the irony of calling my critique overly personalized, when the original article is based on the logic that Moxie's disagreement with DeVault's opinion about F-Droid --- a controversy that is meaningful to less than 1% of Signal's Android user base --- implies inexorably that Moxie is untrustworthy and disingenuous.
- Signal introduced mandatory PINs to store certain user information (profile, contact list) on their servers in an encrypted fashion (protected by the user's PIN and, if the user chooses a short PIN, Intel SGX enclaves that Signal uses)
- PIN UI was/is exceptionally bad, didn't explain what PIN was for and came with annoying Do-you-still-remember-your-PIN popups which made zero sense when user chooses long passphrase.
- Most importantly: If user chooses a short PIN, protection of their information will hinge purely on Intel SGX enclaves. But: The PIN UI didn't recommend choosing a long passphrase and also didn't explain this point.
- Lots of users didn't want any of their information on Signal servers to begin with, were annoyed by popups and/or didn't trust SGX and ran amok (see the above two links)
There is no alternative that provides the ease of use and privacy guarantees.
I think the OWS/Moxie hate is misplaced. They’re competing with iMessage and WhatsApp and Instagram and Facebook, and Signal is a much better option than all of those.
Let’s be honest: the alternative is that Facebook gets all of our chats in cleartext.
I think Drew responded to that. I thought this was a key quote:
> Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don’t view “but that makes it harder for the average person” as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries....it’s your responsibility to clearly explain the drawbacks and advantages of the tradeoffs you make. If you make broad and inaccurate statements about your communications product being “secure”, then when the political prisoners who believed you are being tortured and hanged, it’s on you.
Which is pretty rich, because in the post where that quote originally appeared, the author recommended as an alternative to Signal a tool that wasn't even end-to-end encrypted by default.
A) I see that nowhere in this post, so the author must have retracted it when he found that out.
B) Matrix has always been very easy to set up E2E
C) Matrix is now E2E by default, at least with the client non-technical users will be using. I think it is for the other clients as well, but I do not know for sure.
I'm not sure how point B is relevant. Obviously, every message board argument about bad UX is going to feature someone saying that the UX is just fine. Telling vulnerable users to adopt a tool that is default plaintext is malpractice.
Whenever I moved my friends onto Matrix, all I had to do was hit the "Encrypt room" button for each of our rooms. They did not have to do anything else. Is this ideal? No.
Is it E2E for their other rooms? No.
Is it E2E for any usage of matrix they were going to be doing? Yes.
I also told them to be sure to hit that button if they did start any other rooms. None of them ever did, but they knew that they should if they cared about being secure.
Riot.im also did a good job of letting you know that it was unencrypted unless you hit that button.
Edit: What it boils down to, is that Matrix has been easy to set up E2E for as long as I can remember. It is also trivial to create a matrix account with no tie to your IRL self.
> in the post where that quote originally appeared, the author recommended as an alternative to Signal a tool that wasn't even end-to-end encrypted by default
You seem really hung up on that. A transient recommendation has very little to do with stated expectation that "a tool which claims to be secure [should] actually be secure".
Yes, I take secure messenger recommendations seriously; bad ones get people hurt. Tfiles have been passed around about the harm that has come to people using two other then-popular "secure" messengers.
(Matrix is very cool and I think it has a bright future as an IRC replacement and ultimately, perhaps, a Slack competitor --- something that provides opsec suitable for a commercial setting. I always come across as a Matrix hater in these threads, and I do not hate Matrix, and wish the project well.)
I sincerely appreciate this blog post and discussion, as it raises a lot of important and compelling points, but I wish it had had some discussion of alternatives and why.
To me, messaging is a mess at the moment, somewhat like IoT because of lack of solid widely adopted standards (either de facto or de jure).
It's extremely difficult to get friends and family to use something. Most decisions are driven by secondary considerations, like it comes with an OS, or as part of an email or office system, or a gaming system. In some cases it's because "it's what everyone is using".
This shifts the threshold a bit in terms of concerns. What I mean by that is given the inertia involved in moving people to use a messaging system, the bar gets raised in terms of moving people off because of network effects. It's hard enough to get any friends or family to use Signal as an alternative to other things; convincing them to switch again introduces other problems.
I'd prefer something that can be used in more decentralized way, but that has its own issues in terms of syncing and always-on problems. And as security increases, more and more inconveniences are introduced -- it might be worth it, but the case still has to be made implicitly or explicitly to friends and family.
Again, not saying these kinds of discussions shouldn't happen, but they often seem kind of theoretical to me or like they're missing the point because of bigger issues with the messaging ecosystem in general. If you're not going to be able to use Signal anyway because everyone you know is using Whatsapp or iMessaging, or feel like messenger use is driven by "whatever is most popular" it feels like it's difficult to weigh things like "won't put on fdroid". I'd love to see it on fdroid but where does that rank?
My son has eight different IM things on his phone, counting Signal/SMS as just one. There is Element, Discord, and a bunch of others, that all warble and chime at him.
I don't buy it. I've been running my own Matrix homeserver and giving access to non-techy members of my family for years already. Setting up e2e is not automatic, but nothing that my mother couldn't do after 5 minutes of hand-holding.
It is on us with tech skills to help others to get out of any centralized alternative. Ease of use will come with the less technical user base.
Yes, you are absolutely right. No, it does not invalidate what I am saying.
If we keep expecting underfunded and under-resourced parties to come up with software ready and with absolute feature-parity over what is being pushed by the companies that have time, money and marketing teams, we are never going to make a dent on mindshare of the general public.
If on the other hand are diligent in refusing for centralized alternatives while willing to learn and emulate what they do right, then we will at the very least be in a state of steady progress. Matrix and Synapse from two years ago where way worse than they are today. I am confident that in two years from now it will be even better and easier than it is today. Facebook/Google Meet/MS Teams/Skype from two years ago was centralized and closed, just as I expect them to be closed two years from now.
Not sure what you mean here. To me Signal is just another startup that wants to keep control over the market and uses excuses such as "federation leads to fragmentation and bad UX" in order to put its own interests ahead of the users. To me they are no different than FB or Google.
Forgive me for being dense, but I still don't get the point you are trying to make. Do you think Signal is worthy of some praise that the alternatives are not? Was their software ready to compete with the status quo of the time in features?
What was the point of this statement: "If we keep expecting underfunded and under-resourced parties to come up with software ready and with absolute feature-parity over what is being pushed by the companies that have time, money and marketing teams"?
My counterpoint is: Signal started as any startup. Now it basically defines e2e encryption. Why can't other "underfunded and under-resourced parties" do similar things?
Because "defining e2e encryption" is the case of building a feature and not a product, and a startup creating a novel feature is a lot easier than bringing a whole product with feature-parity against the dominant market leader?
It doesn't change the fact that there is an alternative besides Signal that provides e2e. And it specially doesn't change the fact that it is almost trivial to self host Matrix and get to interoperate with other clients, while Signal does everything possible to avoid that and keep everyone under their control.
Depends on what you want. If you want Signal-like security and everything it offers on avoiding collecting data that it can view/analyze, then I'm guessing nothing. Maybe Matrix (matrix.org) with E2E is close enough. Wire (wire.com) is another one that has better features than Signal and also has E2E for all conversations.
There is no alternative. Signal has its downfalls but it's still the gold standard in secure messaging on mobile, unless you're willing to accept some pretty substantial tradeoffs.
Considering the first few pages of text of this guys problems with signal is it heavily encourages (but does not require) the google app store to install and update the app, I'm guessing he would really freak out on an apple device, where there is no tools that really let you bypass the apple store, and services.
Personally I use Matrix [0], specifically the Element client [1] which was previously known as Riot.
Among other features, it has end-to-end encryption, federation, comprehensive support for multiple devices and doesn't require a phone number. Basically, as far as I'm concerned, it has all of Signal's security but none of its flaws.
For the Android folks, it's available on F-Droid as well as the Play Store.
Surprisingly, despite the features and security, it's approachable enough that my mostly tech illiterate wife is able to handle it without issues.
> it has all of Signal's security but none of its flaws.
What about metadata protection? Whenever I hear people talk about how unsupportive Signal / Moxie is of federation and how federation would be better for everyone's privacy, my question is this: In case of Signal you only need to trust one provider (Signal) with your metadata (who's talking to whom) whereas with a federated network you have to trust your provider and all providers your friends use.
On top of that Signal has a track record of standing in for their users' privacy[0]. That probably can't be said about the administrator of some random Matrix server.
> whereas with a federated network you have to trust your provider and all providers your friends use.
Currently, yes, you're right. However Matrix is actively working on eliminating this problem in various ways. The most recent reference I know of is [0].
However I don't think the state of things today leaves a clear winner. Right now it's a tradeoff. You can either trust Signal and put all of your communications in the hands of a single third-party (so single point of failure) or you can use Matrix and deal with the levels of trust you're happy to place in your friends' homeservers (but gain multiple points of failure).
I really don’t think OWS has the authority to stop forks from
using the Signal servers, any more than YC has the authority to dictate that I use Chrome to view HN.
There is, of course, the vague language of the CFAA, so I’m not sure I’d want to test this theory, but his demands that forks not use the main centralized servers are, in my opinion, unenforceable bluster.
Might be unenforceable, but they don't have to cater to them and can and will break forked clients for however long it takes those to catch back up. And then Signal gets flak for not hobbling their development processes to the speed of the slowest (somewhat popular) fork.
You can literally just look at Matrix, the tool you recommended, to see the problem with federation, fragmentation, and market demands to support lowest-common-denominator security. It took years after your recommendation for Matrix to have universal default E2E, the table-stakes feature of a secure messenger.
In fact, it is an argument that you were wrong, and the evidence for that is that when you made the argument, and for two whole years afterwards, your recommendation would have put vulnerable users on a platform that was for many users default-plaintext.
The EFF reference at the bottom of that link provides a useful alternative position:
> What’s the legal theory behind warrant canaries?
> The First Amendment protects against compelled speech. For example, a court held that the New Hampshire state government could not require its citizens to have “Live Free or Die” on their license plates. While the government may be able to compel silence through a gag order, it may not be able to compel an ISP to lie by falsely stating that it has not received legal process when in fact it has.
> Have courts upheld compelled speech?
> Rarely. In a few instances, the courts have upheld compelled speech in the commercial context, where the government shows that the compelled statements convey important truthful information to consumers. For example, warnings on cigarette packs are a form of compelled commercial speech that have sometimes been upheld, and sometimes struck down, depending on whether the government shows there is a rational basis for the warning.
> Have courts upheld compelled false speech?
> No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. For example, Planned Parenthood challenged a requirement that physicians tell patients seeking abortions of an increased risk of suicidal ideation. The court found that Planned Parenthood did not meet its burden of showing that the disclosure was untruthful, misleading, or not relevant to the patent’s decision to have an abortion.
> Are there any cases upholding warrant canaries?
> Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie. To borrow a phrase from Winston Churchill, no one can guarantee success in litigation, but only deserve it.
As counterpoint, the US Supreme Court held that Idahoans are obliged to advertise "famous potatoes" on their license tags. But potatoes really are famous (at least by Idaho standards) so it is just a fact and not an opinion. I guess.
I reacted to previous posts about this by installing Element (was Riot.im; search for both words) matrix client, setting up a periodic donation to privacytools.io, and making accounts with that as homeserver (chat.privacytools.io) for me and for the rest of the family.
(Previously, I had a Librem.one account, but they don't maintain their server, so I dropped it.)
It works... Still waiting for anyone else I know to come over.
Element really needs to set up as an optional SMS handler, on phones. Probably building in a Signal gateway is needed too. Signal would be nowhere today if it didn't also do SMS. Separate gateways are too clunky.
Matrix does pretty well in terms of privacy these days.
As for privacytools.io, I can't really agree. They have made a number of suggestions which are less about actual privacy and more about a trend I've come to think of as "privacy roleplaying" - trendy software & services which use privacy and security as a selling point but whose implementation doesn't back it up. An example is Protonmail. When it comes to the privacy vs usability debate I come down hard on the side of privacy. Doesn't matter how pretty it is if it's going to get you rubber hosed.
This is useful information. So, not librem.one, not privacytools.io, then... Maybe that leaves a homeserver of my own? I guess I am glad no one has picked up my current address. But it doesn't bode well for adoption.
I had thought that parking on a homeserver was not trusting them.
I only use phone calls (sync) and e-mail (async) nowadays.There's no other communication channel I would need. I'd only be willing to substitute them with their encrypted, P2P, and open-source counterparts, if they ever come into existence.
Texting, on the other hand, used to be the bane of my existence, as--especially in its current form (free, nested layout, etcetera)--it's one of the most distracting, inefficient, absurdly redundant and useless communication mediums I know.
You could have substituted email for its encrypted, P2P, open-source counterpart for almost 30 years now. It's called PGP / GnuPG. What more do we really need? It actually has more legal protection and formality, and way more clarity, than any centrally managed "E2EE" chat platform.
We just need a really good app that uses SMTP as the underlying protocol to send messages that aren't MIME / HTML email, but rather are a simple new format for chat, and then start using email as a chat mechanism. There's no real reason why it can't be fast enough.
I like pre-paid cellphone plans which give me a small number of text messages, a small amount of airtime. Using these I can communicate with people when I am not near a WiFi AP. I do not want to pay for data and would prefer to use my and my friends' access points and the free wifi in the small number of commercial locations that I visit.
In Canada all of the major carriers disable WiFi Calling² on pre-paid plans. They essentially only enable it as crutch to leach off public infrastructure to take up the slack on their insufficient private infrastructure.
So I infrequently (but enough to be annoyed) find myself in the situation that I am not near a WiFi access point and wish to communicate with someone else. Currently Signal will only allow me to do this via insecure SMS messages.
I read their original explanation in 2015 for disabling this functionality. Namely SMS leaks too much metadata¹ and we are only catering to needs of real-activists in real-dictatorships, and anyway SMS is too expensive there so this is a 1st World Problem.
As an explanation it leaves me wondering why I would bother with Signal: if I bite the bullet and sign up for a circa CA$50/month plan with data I may as well just use Element Matrix over WiFi. Signal brings nothing to the table except the possibility of accidentally sending an insecure SMS message and incurring a 30c charge for it.
As noted on this article, your compatible device must have been purchased from Fido. If you have a non-Fido device and no conflicting services, Wi-Fi Calling may work, but we can’t assure that the feature will work properly!
Without WiFi Calling enabled sending Secure Signal messages will not work. The only option left is sending a normal insecure SMS to which the message text has been input using the veneer of the "secure" Signal app.
No experience in Wifi Calling but I use the 2ndLine app for (very rare) calls and SMS. It gives you a local number. Data-only is the most cost effective imo
Thanks for the response. One more question: when I look at those plans on Fido¹ they seem to suggest that I need to be an existing postpaid customer. The plan seems like an add-on to other plans. Is this accurate or did you sign up from scratch with no other commercial relationship with Fido?
Make sure that you are an eligible Fido customer. You must be an existing, postpaid, mobile customer.
I trust Signal's end-to-end encryption promise, but I have a problem with the application not offering anonymity or privacy. By demanding users to provide a cell phone number to enable their accounts, they are connecting actual people to the Signal accounts and consequently also allowing them (or someone else) to visualize social networks; in intelligence gathering, data such as who speaks to whom, at what hours, with what message frequency etc. is highly valuable. It's also important that users ask themselves how Signal manages to finance all the SMS costs and the infrastructure when the application is gratis and free from ads.
Just to add... yes, I know it's possible to register a Signal account with a disposable VLN, but how many Signal users can be expected to be "tech literate" to this level? Practically none.
I would guess that a significant portion of Signal's users are non-technical people dragged there by their technical friends that couldn't get them onto Matrix.
I would still guess that none is a bad assumption, however.
The exact opposite privacy thing is happening with Signal. They use your phone number because your phone links it to your contacts, which Signal uses as its "buddy list". By repurposing your contacts as a buddy list, Signal avoids storing any of that information itself. Virtually every other competing service stores a plaintext buddy list serverside, where it can be subpoena'd and NSL'd. The data in that buddy list is of equal value to state-level adversaries as the contents of the messages themselves.
I think --- I have no special knowledge here --- that nobody wants to do away with phone numbers more than Signal itself. That's what the "secure value storage" drama is about: using SGX to optionally vouchsafe an encrypted contact database, which would allow Signal to operate with opaque identifiers rather than contacts.
Ah, yes, because it's impossible to store a contact list client-side. Or to encrypt arbitrary data like that to store server-side! Glad Moxie's looking out for us.
I don't understand. You just claimed that it was easy for messengers to store contact databases clientside. Of course, it isn't, or everyone would. Asking you to provide evidence for your argument isn't "whataboutism". Not only that, but you're commenting on a thread about Signal's phone number requirement.
You can't inject snark into a thread and then assume some kind of moral high ground when you faceplant.
The ability to store data on your device is a basic requirement of a software environment which is provided by all platforms. I'd forgive someone for not understanding that arbitrary data can be encrypted, but you claim to have some expertise in cryptography so you don't get a pass there. Someone like OWS, the developers of a privacy app, certainly don't get a pass.
It is possible, and it is easy, and you know this.
Support your claim with evidence, like I asked earlier. Not axiomatically; with an example of a mainstream messenger other than Signal that doesn't store a database of contacts serverside. For example: do either of the two messengers you formerly recommended manage to avoid this problem? After all, it's apparently super simple to solve this. Look at where this left Tox.
>Not axiomatically; with an example of a mainstream messenger
I don't have to provide the specific sort of evidence you're asking for in order to be right. I could write up a small script demonstrating the approach I'm talking about here, but it's rather obvious and based on simple, well-understood axioms. Unless you reject the axioms that (1) contact lists are representible as data, (2) applications can store data on your device, and (3) that data can be encrypted?
If you're just going to argue in bad faith then you can take it elsewhere, I'm not interested. Based on my past experiences with you, I don't have high hopes.
>do either of the two messengers you formerly recommended
Recommandations which have been retracted; I decline to answer.
You might have preferred it if I had written up a retraction in the article itself, but nevertheless, the statement was removed over 2 years ago and has no bearing on the present-day discussion. Stop being a bully and leave me alone! I am tired of your harassment.
Until a couple years ago, Tox worked with sidecar services that existed solely to store this information serverside. That, and the fact that Tox is not a mainstream messenger, illustrates the point I'm trying to make --- which is about messengers, not about this post, which thankfully doesn't make this bogus but popular argument.
> Tox worked with sidecar services that existed solely to store this information serverside.
So Tox is out. No contest.
> That, and the fact that Tox is not a mainstream messenger, illustrates the point I'm trying to make --- which is about messengers
This doesn't make sense to me. @ddevault stated that a messenger could store contacts client side. Jami clearly demonstrates this. What does it being mainstream or not have to do with this?
> thankfully doesn't make this bogus but popular argument.
What does this add, except a personal attack? We can see that you think this is a bad argument from the fact that you're contesting it.
You can do anything if you relax the constraint that people are willing to use your tool. By that logic, PGP is a perfectly cromulent secure messenger! That's the point of narrowing it down to mainstream messengers.
You misread my last sentence. DeVault's post does not make the bogus argument we're discussing. I'm trying to be explicit that I'm not criticizing his post for doing so. If it's an attack, it's an attack on an argument that he didn't make. (If it reads like a personalized attack on an argument that you believe in, I apologize, and will dial it back).
> You can do anything if you relax the constraint that people are willing to use your tool.
I used Jami until I found Matrix. The only reason I shifted was Matrix was more interoperable with other protocols, and riot.im's interface was more like Discord, which is what my circle wanted to use but I refused.
Regardless, the threat model for this discussion is one where the targets have the option to use any messenger they want to communicate within themselves. I see no reason why they would be unwilling to use Jami.
> PGP is a perfectly cromulent secure messenger!
I recognize this is not what you are stating but...
PGP + Email + A nice client, yes I would agree, and it checks all of the security and privacy boxes.
Edit: Just saw
> (If it reads like a personalized attack on an argument that you believe in, I apologize, and will dial it back).
It's not that I believe in it per se, but that it reads more aggressively then seems appropriate for a board like HN. That said, I am still a bit of a noob here, so what do I know.
That said, I see no reason a messenger couldn't do this, I used one that did for a while.
If you'd like to know why PGP doesn't check those boxes, and why virtually everyone who works professionally in this space disagrees with you about its soundness, feel free to shoot me an email.
Take your SIM and install it in a clean phone. Install WhatsApp and verify the account.
Notice that when you open WhatsApp, only your group memberships are populated. Individual contacts are not, because they are held on the original device.
Applications can request access to the contact list at any time. They don't need to incorporate some sort of "ask for a phone number to send an SMS to" functionality to enable this. Additionally, there's nothing preventing them letting users confirm accounts by e-mail instead of SMS.
The Signal project itself has repeatedly explained why they use phone number identifiers, which are the most controversial feature of the platform. I'm not misunderstanding them.
I love Mr. DeVault's work, and think he consistently shows integrity in his work, to say nothing of his incredible productivity and engineering.
That said, in my time following his blog and Mastodon toots, he's prone to making these hot-takes that take down successful projects that do a lot of public good, but don't tick every check. His repeated criticism of Mozilla is a good example of this.
It often feels like cutting off ones nose to spite the face. Without the Mozillas and OpenWhispers of this world, we've no hope for the DeVaults which create incredible feats of engineering that tick all the ideal boxes but lack some of the creature comforts (e.g. sr.ht, wayland, etc..)
I'm optimistic for the future, and the projects started by Moxie and DeVault are a large part of it.
I appreciate your feedback, and I try to be more balanced with this kind of article these days, and publish them less often. However, I'd like to point out that I've always strived to find other resolutions to these problems first - I spoke with Moxie and others involved in Signal at length before writing this article, and only wrote this as a last resort. With organizations like Mozilla, I have also spoken directly to some of those responsible, though it's more difficult with a larger organization, and waited until a long-term pattern of bad behavior had been established. I make these criticisms because I want them to live up to the ideals they proclaim - it's with the hope that they'll change for the better.
> I make these criticisms because I want them to live up to the ideals they proclaim - it's with the hope that they'll change for the better.
Thanks. It's important that projects are held to high standards, even if they're hard to achieve. Otherwise there'd be no pushback against pure pragmatism.
I'm sorry you're getting downvoted. Though I disagree with some of your stances on OWS and Mozilla, your articles are always thoughtful and there is never a doubt you're earnestly fighting for a better world w.r.t software.
I've been seeing him get downvoted frequently, often for well written and thought out comments. I suspect there is a non-negligible number of people who just vote based on username.
Many of his blog posts (4 out of the last 5 submissions from drewdevault.com) are ill-informed and angry rants about a technology or company. These discussions generate a lot of heat but little light; it’s not surprising that they are downvoted.
Having gone back and re-read many, I have to agree about most of the downvoted items though not all. I do agree with most of them though, so that's why I felt this way.
That being said, most of the comments I saw that could be considered to be breaking the guidelines do have substantial content, but are ended with/include non-negligible snark.
> Many of his blog posts (4 out of the last 5 submissions from drewdevault.com) are ill-informed and angry rants about a technology or company. These discussions generate a lot of heat but little light; it’s not surprising that they are downvoted.
None of these were posted here by ddevault. His statement about writing them is above, so presumably you've seen it already.
I would like to add, I use much of ddevaults software on a daily basis, and have found it to be some of the absolute best I've ever used. As such, I tend to give what he says at least a moment of thought.
I agree that the post you linked to was downvoted unfairly.
Many of his subsequent posts have been fairly downvoted.
I think some of his downvotes are from people who have interacted with him elsewhere. His reply to one of my comments is why I’m using this alternate account.
His recent post about pkg.go.dev misrepresented the facts.
> I would like to add, I use much of ddevaults software on a daily basis, and have found it to be some of the absolute best I've ever used. As such, I tend to give what he says at least a moment of thought.
It’s your call but I would be hesitant to use anything by him. How would he respond if I report a bug or open a feature request?
> Many of his subsequent posts have been fairly downvoted.
> He frequently takes an absolutist stance, often assumes negative intent, and is at best abrasive.
I don't disagree about this. Having gone back and reread many of his comments, they do come across as aggressive, even if I agree with much of the contents.
> It’s your call but I would be hesitant to use anything by him. How would he respond if I report a bug or open a feature request?
I don't know to be honest. That being said, his absolutism/idealism make me a little more comfortable with using his software, as I can be reasonably sure it's being held to a high standard.
When it was first published, it included an emphatic recommendation to use Matrix, and, later, Tox --- in fact, the post even included a changelog at the bottom recording the inclusion of Tox. After it was pointed out to the author that Matrix didn't even do E2E by default, the recommendations (and the changelog) were ghost-edited out of the post, but you can still see them on Archive.org.
I don't understand why people take this post seriously.
Ah, once again with the insubtantive rebuttal of the last point in the article, the point which has the least relevance to the meat of the article. And this time, your rebuttal is out of date, because Matrix does have end-to-end encryption by default for all chats! Always lovely having you around on HN, tptacek.
Recommending a tool that wasn't even end-to-end encrypted over Signal because you didn't like the way Signal's leadership responded to your demand to support F-Droid is the most relevant thing you wrote. Just because it was malpractice doesn't make it out of bounds.
Once again: you did not retract your statement. You ghost-edited it out of your post. The purpose of a retraction is to inform your readers of your mistake, and a retraction would be a good thing to add to your post.
The distinction is especially germane in a thread on a post that purports to discern how trustworthy someone else is. You set the bar, now clear it.
I'm so proud that a family member managed to get all of my extended family on Signal. My grandparents are even on Signal.
I wouldn't trust such an app for anything actually secret due to the mentioned issues (and phone number req), but I think it's great that we're using high grade encryption to talk about what we had for dinner.
Encrypted and private should be the default no matter what!
I use Signal because I think it protects my SMS messages
It depends. I think calling them simply SMS messages instead of being more precise is misleading because:
Text messages sent through your mobile SMS/MMS plan are insecure and need your phone to be connected to your mobile network.
and
Signal Desktop does not send or receive SMS/MMS messages. Only Signal messages will be sent or received. The desktop app is an independent client that works whether or not your mobile device is present or online. We also want to encourage users to move away from insecure legacy protocols.
It has other features, but the main point of using Signal is to send encrypted messages to people using the PSTN directory service (e.g. phone numbers). You are still in that sandbox.
The secondary feature it it ostensibly encrypts messages at rest on your device so they cannot be decrypted and read by other apps. (Assuming that's true.)
If you want a more secure messenger, use Wickr, Riot/Matrix/whatever it's called now, or protonmail or something similar, as these don't depend on the phone directory for identity and so they resist some traffic analysis and contact tracing as well.
The threat model is both the business model and use case for security products, so talking about the features or implementations outside the context of the threat model is going to just add uncertainty, imo.
Open loop criticisms are why I often can't stand other security and crypto people.
To be clear, if someone is a Signal user, you use their phone number for directory discovery and initializing identity, then Signal messages themselves are encrypted and transported via Signal servers using WebRTC as a transport protocol?
I think without a sequence diagram, most discussion of security protocols is pointless.
Signal does not send encrypted SMS messages. Period. It can send encrypted messages but they are not SMS.
I think that without using the same words that other "security professionals" (which I would not class myself as) use most discussion becomes absolutely pointless.
114 comments
[ 4.5 ms ] story [ 177 ms ] threadI'll note the irony of calling my critique overly personalized, when the original article is based on the logic that Moxie's disagreement with DeVault's opinion about F-Droid --- a controversy that is meaningful to less than 1% of Signal's Android user base --- implies inexorably that Moxie is untrustworthy and disingenuous.
[1]: https://blog.cryptographyengineering.com/2020/07/10/a-few-th...
https://community.signalusers.org/t/dont-want-pin-dont-want-...
https://community.signalusers.org/t/mandatory-pin-without-cl...
TL;DR:
- Signal introduced mandatory PINs to store certain user information (profile, contact list) on their servers in an encrypted fashion (protected by the user's PIN and, if the user chooses a short PIN, Intel SGX enclaves that Signal uses)
- PIN UI was/is exceptionally bad, didn't explain what PIN was for and came with annoying Do-you-still-remember-your-PIN popups which made zero sense when user chooses long passphrase.
- Most importantly: If user chooses a short PIN, protection of their information will hinge purely on Intel SGX enclaves. But: The PIN UI didn't recommend choosing a long passphrase and also didn't explain this point.
- Lots of users didn't want any of their information on Signal servers to begin with, were annoyed by popups and/or didn't trust SGX and ran amok (see the above two links)
- It seems PINs can now be disabled[0]
[0]: https://support.signal.org/hc/en-us/articles/360007059792-Si...
For more details, see the post by Matthew Green that was posted in a sibling comment.
I think the OWS/Moxie hate is misplaced. They’re competing with iMessage and WhatsApp and Instagram and Facebook, and Signal is a much better option than all of those.
Let’s be honest: the alternative is that Facebook gets all of our chats in cleartext.
> Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don’t view “but that makes it harder for the average person” as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries....it’s your responsibility to clearly explain the drawbacks and advantages of the tradeoffs you make. If you make broad and inaccurate statements about your communications product being “secure”, then when the political prisoners who believed you are being tortured and hanged, it’s on you.
B) Matrix has always been very easy to set up E2E
C) Matrix is now E2E by default, at least with the client non-technical users will be using. I think it is for the other clients as well, but I do not know for sure.
Matrix was years from being E2E by default when this post, and that recommendation, was written.
It was still removed. Would it have been better to leave a note saying it had been? Yes. Nobody is perfect however.
> Matrix was years from being E2E by default when this post, and that recommendation, was written.
See point B from my other comment.
Edit: Add Would ... however.
Is it E2E for their other rooms? No.
Is it E2E for any usage of matrix they were going to be doing? Yes.
I also told them to be sure to hit that button if they did start any other rooms. None of them ever did, but they knew that they should if they cared about being secure.
Riot.im also did a good job of letting you know that it was unencrypted unless you hit that button.
Edit: What it boils down to, is that Matrix has been easy to set up E2E for as long as I can remember. It is also trivial to create a matrix account with no tie to your IRL self.
You seem really hung up on that. A transient recommendation has very little to do with stated expectation that "a tool which claims to be secure [should] actually be secure".
(Matrix is very cool and I think it has a bright future as an IRC replacement and ultimately, perhaps, a Slack competitor --- something that provides opsec suitable for a commercial setting. I always come across as a Matrix hater in these threads, and I do not hate Matrix, and wish the project well.)
To me, messaging is a mess at the moment, somewhat like IoT because of lack of solid widely adopted standards (either de facto or de jure).
It's extremely difficult to get friends and family to use something. Most decisions are driven by secondary considerations, like it comes with an OS, or as part of an email or office system, or a gaming system. In some cases it's because "it's what everyone is using".
This shifts the threshold a bit in terms of concerns. What I mean by that is given the inertia involved in moving people to use a messaging system, the bar gets raised in terms of moving people off because of network effects. It's hard enough to get any friends or family to use Signal as an alternative to other things; convincing them to switch again introduces other problems.
I'd prefer something that can be used in more decentralized way, but that has its own issues in terms of syncing and always-on problems. And as security increases, more and more inconveniences are introduced -- it might be worth it, but the case still has to be made implicitly or explicitly to friends and family.
Again, not saying these kinds of discussions shouldn't happen, but they often seem kind of theoretical to me or like they're missing the point because of bigger issues with the messaging ecosystem in general. If you're not going to be able to use Signal anyway because everyone you know is using Whatsapp or iMessaging, or feel like messenger use is driven by "whatever is most popular" it feels like it's difficult to weigh things like "won't put on fdroid". I'd love to see it on fdroid but where does that rank?
It is on us with tech skills to help others to get out of any centralized alternative. Ease of use will come with the less technical user base.
If we keep expecting underfunded and under-resourced parties to come up with software ready and with absolute feature-parity over what is being pushed by the companies that have time, money and marketing teams, we are never going to make a dent on mindshare of the general public.
If on the other hand are diligent in refusing for centralized alternatives while willing to learn and emulate what they do right, then we will at the very least be in a state of steady progress. Matrix and Synapse from two years ago where way worse than they are today. I am confident that in two years from now it will be even better and easier than it is today. Facebook/Google Meet/MS Teams/Skype from two years ago was centralized and closed, just as I expect them to be closed two years from now.
Signal started as any other startup. And yet ;)
> while willing to learn and emulate what they do right, then we will at the very least be in a state of steady progress
In total agreement with you
Not sure what you mean here. To me Signal is just another startup that wants to keep control over the market and uses excuses such as "federation leads to fragmentation and bad UX" in order to put its own interests ahead of the users. To me they are no different than FB or Google.
My counterpoint is: Signal started as any startup. Now it basically defines e2e encryption. Why can't other "underfunded and under-resourced parties" do similar things?
Among other features, it has end-to-end encryption, federation, comprehensive support for multiple devices and doesn't require a phone number. Basically, as far as I'm concerned, it has all of Signal's security but none of its flaws.
For the Android folks, it's available on F-Droid as well as the Play Store.
Surprisingly, despite the features and security, it's approachable enough that my mostly tech illiterate wife is able to handle it without issues.
[0]: https://matrix.org/
[1]: https://element.io/
What about metadata protection? Whenever I hear people talk about how unsupportive Signal / Moxie is of federation and how federation would be better for everyone's privacy, my question is this: In case of Signal you only need to trust one provider (Signal) with your metadata (who's talking to whom) whereas with a federated network you have to trust your provider and all providers your friends use.
On top of that Signal has a track record of standing in for their users' privacy[0]. That probably can't be said about the administrator of some random Matrix server.
[0]: https://signal.org/bigbrother/eastern-virginia-grand-jury/
Currently, yes, you're right. However Matrix is actively working on eliminating this problem in various ways. The most recent reference I know of is [0].
However I don't think the state of things today leaves a clear winner. Right now it's a tradeoff. You can either trust Signal and put all of your communications in the hands of a single third-party (so single point of failure) or you can use Matrix and deal with the levels of trust you're happy to place in your friends' homeservers (but gain multiple points of failure).
[0]: https://fosdem.org/2020/schedule/event/dip_p2p_matrix/
There is, of course, the vague language of the CFAA, so I’m not sure I’d want to test this theory, but his demands that forks not use the main centralized servers are, in my opinion, unenforceable bluster.
"It took a while" is not actually an argument that the procedure is wrong or less correct, in case you were unsure.
https://web.archive.org/web/20141027143819/https://github.co...
> What’s the legal theory behind warrant canaries?
> The First Amendment protects against compelled speech. For example, a court held that the New Hampshire state government could not require its citizens to have “Live Free or Die” on their license plates. While the government may be able to compel silence through a gag order, it may not be able to compel an ISP to lie by falsely stating that it has not received legal process when in fact it has.
> Have courts upheld compelled speech?
> Rarely. In a few instances, the courts have upheld compelled speech in the commercial context, where the government shows that the compelled statements convey important truthful information to consumers. For example, warnings on cigarette packs are a form of compelled commercial speech that have sometimes been upheld, and sometimes struck down, depending on whether the government shows there is a rational basis for the warning.
> Have courts upheld compelled false speech?
> No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. For example, Planned Parenthood challenged a requirement that physicians tell patients seeking abortions of an increased risk of suicidal ideation. The court found that Planned Parenthood did not meet its burden of showing that the disclosure was untruthful, misleading, or not relevant to the patent’s decision to have an abortion.
> Are there any cases upholding warrant canaries?
> Not yet. EFF believes that warrant canaries are legal, and the government should not be able to compel a lie. To borrow a phrase from Winston Churchill, no one can guarantee success in litigation, but only deserve it.
(Previously, I had a Librem.one account, but they don't maintain their server, so I dropped it.)
It works... Still waiting for anyone else I know to come over.
Element really needs to set up as an optional SMS handler, on phones. Probably building in a Signal gateway is needed too. Signal would be nowhere today if it didn't also do SMS. Separate gateways are too clunky.
As for privacytools.io, I can't really agree. They have made a number of suggestions which are less about actual privacy and more about a trend I've come to think of as "privacy roleplaying" - trendy software & services which use privacy and security as a selling point but whose implementation doesn't back it up. An example is Protonmail. When it comes to the privacy vs usability debate I come down hard on the side of privacy. Doesn't matter how pretty it is if it's going to get you rubber hosed.
I had thought that parking on a homeserver was not trusting them.
Texting, on the other hand, used to be the bane of my existence, as--especially in its current form (free, nested layout, etcetera)--it's one of the most distracting, inefficient, absurdly redundant and useless communication mediums I know.
We just need a really good app that uses SMTP as the underlying protocol to send messages that aren't MIME / HTML email, but rather are a simple new format for chat, and then start using email as a chat mechanism. There's no real reason why it can't be fast enough.
I like pre-paid cellphone plans which give me a small number of text messages, a small amount of airtime. Using these I can communicate with people when I am not near a WiFi AP. I do not want to pay for data and would prefer to use my and my friends' access points and the free wifi in the small number of commercial locations that I visit.
In Canada all of the major carriers disable WiFi Calling² on pre-paid plans. They essentially only enable it as crutch to leach off public infrastructure to take up the slack on their insufficient private infrastructure.
So I infrequently (but enough to be annoyed) find myself in the situation that I am not near a WiFi access point and wish to communicate with someone else. Currently Signal will only allow me to do this via insecure SMS messages.
I read their original explanation in 2015 for disabling this functionality. Namely SMS leaks too much metadata¹ and we are only catering to needs of real-activists in real-dictatorships, and anyway SMS is too expensive there so this is a 1st World Problem.
As an explanation it leaves me wondering why I would bother with Signal: if I bite the bullet and sign up for a circa CA$50/month plan with data I may as well just use Element Matrix over WiFi. Signal brings nothing to the table except the possibility of accidentally sending an insecure SMS message and incurring a 30c charge for it.
1. https://signal.org/blog/goodbye-encrypted-sms/ 2. https://support.signal.org/hc/en-us/articles/360007321171-Ca...
As noted on this article, your compatible device must have been purchased from Fido. If you have a non-Fido device and no conflicting services, Wi-Fi Calling may work, but we can’t assure that the feature will work properly!
Without WiFi Calling enabled sending Secure Signal messages will not work. The only option left is sending a normal insecure SMS to which the message text has been input using the veneer of the "secure" Signal app.
Make sure that you are an eligible Fido customer. You must be an existing, postpaid, mobile customer.
1. https://www.fido.ca/consumer/tablets
I found out about the deal on a Redflagdeals post where some have successfully got the plan without being a Fido customer
https://forums.redflagdeals.com/fido-4gb-tablet-plan-cpo-tab...
I would still guess that none is a bad assumption, however.
Edit: Spelling
I think --- I have no special knowledge here --- that nobody wants to do away with phone numbers more than Signal itself. That's what the "secure value storage" drama is about: using SGX to optionally vouchsafe an encrypted contact database, which would allow Signal to operate with opaque identifiers rather than contacts.
You can't inject snark into a thread and then assume some kind of moral high ground when you faceplant.
The ability to store data on your device is a basic requirement of a software environment which is provided by all platforms. I'd forgive someone for not understanding that arbitrary data can be encrypted, but you claim to have some expertise in cryptography so you don't get a pass there. Someone like OWS, the developers of a privacy app, certainly don't get a pass.
It is possible, and it is easy, and you know this.
I don't have to provide the specific sort of evidence you're asking for in order to be right. I could write up a small script demonstrating the approach I'm talking about here, but it's rather obvious and based on simple, well-understood axioms. Unless you reject the axioms that (1) contact lists are representible as data, (2) applications can store data on your device, and (3) that data can be encrypted?
If you're just going to argue in bad faith then you can take it elsewhere, I'm not interested. Based on my past experiences with you, I don't have high hopes.
>do either of the two messengers you formerly recommended
Recommandations which have been retracted; I decline to answer.
You asked for specifically mainstream messengers.
Cutting out mainstream, I can think of Tox and Jami off the top of my head.
Update 0: remove Tox, as you mention it in your comment.
Update 1: add Tox back in because your reply is about it, and I made edit 0 before seeing your reply.
So Tox is out. No contest.
> That, and the fact that Tox is not a mainstream messenger, illustrates the point I'm trying to make --- which is about messengers
This doesn't make sense to me. @ddevault stated that a messenger could store contacts client side. Jami clearly demonstrates this. What does it being mainstream or not have to do with this?
> thankfully doesn't make this bogus but popular argument.
What does this add, except a personal attack? We can see that you think this is a bad argument from the fact that you're contesting it.
You misread my last sentence. DeVault's post does not make the bogus argument we're discussing. I'm trying to be explicit that I'm not criticizing his post for doing so. If it's an attack, it's an attack on an argument that he didn't make. (If it reads like a personalized attack on an argument that you believe in, I apologize, and will dial it back).
I used Jami until I found Matrix. The only reason I shifted was Matrix was more interoperable with other protocols, and riot.im's interface was more like Discord, which is what my circle wanted to use but I refused.
Regardless, the threat model for this discussion is one where the targets have the option to use any messenger they want to communicate within themselves. I see no reason why they would be unwilling to use Jami.
> PGP is a perfectly cromulent secure messenger!
I recognize this is not what you are stating but...
PGP + Email + A nice client, yes I would agree, and it checks all of the security and privacy boxes.
Edit: Just saw
> (If it reads like a personalized attack on an argument that you believe in, I apologize, and will dial it back).
It's not that I believe in it per se, but that it reads more aggressively then seems appropriate for a board like HN. That said, I am still a bit of a noob here, so what do I know.
That said, I see no reason a messenger couldn't do this, I used one that did for a while.
Notice that when you open WhatsApp, only your group memberships are populated. Individual contacts are not, because they are held on the original device.
My contacts aren't all my buddies and conversely many of my buddies in WhatsApp or Snapchat or whatever aren't in my contact list.
Trying to repurpose one data silo that contains contacts such as my dentist and a taxi firm and reusing it as 'buddies' is clumsy and ill-considered.
That said, in my time following his blog and Mastodon toots, he's prone to making these hot-takes that take down successful projects that do a lot of public good, but don't tick every check. His repeated criticism of Mozilla is a good example of this.
It often feels like cutting off ones nose to spite the face. Without the Mozillas and OpenWhispers of this world, we've no hope for the DeVaults which create incredible feats of engineering that tick all the ideal boxes but lack some of the creature comforts (e.g. sr.ht, wayland, etc..)
I'm optimistic for the future, and the projects started by Moxie and DeVault are a large part of it.
Thanks. It's important that projects are held to high standards, even if they're hard to achieve. Otherwise there'd be no pushback against pure pragmatism.
Many of the comments I see from him violate the guidelines at https://news.ycombinator.com/newsguidelines.html
Many of his blog posts (4 out of the last 5 submissions from drewdevault.com) are ill-informed and angry rants about a technology or company. These discussions generate a lot of heat but little light; it’s not surprising that they are downvoted.
Having gone back and re-read many, I have to agree about most of the downvoted items though not all. I do agree with most of them though, so that's why I felt this way.
That being said, most of the comments I saw that could be considered to be breaking the guidelines do have substantial content, but are ended with/include non-negligible snark.
> Many of his blog posts (4 out of the last 5 submissions from drewdevault.com) are ill-informed and angry rants about a technology or company. These discussions generate a lot of heat but little light; it’s not surprising that they are downvoted.
None of these were posted here by ddevault. His statement about writing them is above, so presumably you've seen it already.
I would like to add, I use much of ddevaults software on a daily basis, and have found it to be some of the absolute best I've ever used. As such, I tend to give what he says at least a moment of thought.
I honestly can't understand why it would be downvoted otherwise.
[0] https://news.ycombinator.com/item?id=24122834
Many of his subsequent posts have been fairly downvoted.
I think some of his downvotes are from people who have interacted with him elsewhere. His reply to one of my comments is why I’m using this alternate account.
His recent post about pkg.go.dev misrepresented the facts.
https://news.ycombinator.com/item?id=24023998
He frequently takes an absolutist stance, often assumes negative intent, and is at best abrasive.
Here are some examples:
https://github.com/freeCodeCamp/mail-for-good/issues/357
https://github.com/kisslinux/repo/issues/100
> I would like to add, I use much of ddevaults software on a daily basis, and have found it to be some of the absolute best I've ever used. As such, I tend to give what he says at least a moment of thought.
It’s your call but I would be hesitant to use anything by him. How would he respond if I report a bug or open a feature request?
> He frequently takes an absolutist stance, often assumes negative intent, and is at best abrasive.
I don't disagree about this. Having gone back and reread many of his comments, they do come across as aggressive, even if I agree with much of the contents.
> It’s your call but I would be hesitant to use anything by him. How would he respond if I report a bug or open a feature request?
I don't know to be honest. That being said, his absolutism/idealism make me a little more comfortable with using his software, as I can be reasonably sure it's being held to a high standard.
When it was first published, it included an emphatic recommendation to use Matrix, and, later, Tox --- in fact, the post even included a changelog at the bottom recording the inclusion of Tox. After it was pointed out to the author that Matrix didn't even do E2E by default, the recommendations (and the changelog) were ghost-edited out of the post, but you can still see them on Archive.org.
I don't understand why people take this post seriously.
The distinction is especially germane in a thread on a post that purports to discern how trustworthy someone else is. You set the bar, now clear it.
I wouldn't trust such an app for anything actually secret due to the mentioned issues (and phone number req), but I think it's great that we're using high grade encryption to talk about what we had for dinner.
Encrypted and private should be the default no matter what!
I use Signal because I think it protects my SMS messages from:
a) being harvested and read by other apps on my phone
b) being read by someone who unlocks my phone
c) being passively intercepted and stored by carriers and their snoopy employees
d) opposition researchers or private investigators targeting my friends, acquaintances, and business associates.
For anything targeted and state level, all bets are off anyway, so it's not a solution for people who have that problem. What am I missing?
It depends. I think calling them simply SMS messages instead of being more precise is misleading because: Text messages sent through your mobile SMS/MMS plan are insecure and need your phone to be connected to your mobile network.
and
Signal Desktop does not send or receive SMS/MMS messages. Only Signal messages will be sent or received. The desktop app is an independent client that works whether or not your mobile device is present or online. We also want to encourage users to move away from insecure legacy protocols.
https://support.signal.org/hc/en-us/articles/360007321171-Ca...
I find it very confusing.
The secondary feature it it ostensibly encrypts messages at rest on your device so they cannot be decrypted and read by other apps. (Assuming that's true.)
If you want a more secure messenger, use Wickr, Riot/Matrix/whatever it's called now, or protonmail or something similar, as these don't depend on the phone directory for identity and so they resist some traffic analysis and contact tracing as well.
The threat model is both the business model and use case for security products, so talking about the features or implementations outside the context of the threat model is going to just add uncertainty, imo.
You can't.
I think this is a common misconception.
To be clear, if someone is a Signal user, you use their phone number for directory discovery and initializing identity, then Signal messages themselves are encrypted and transported via Signal servers using WebRTC as a transport protocol?
I think without a sequence diagram, most discussion of security protocols is pointless.
I think that without using the same words that other "security professionals" (which I would not class myself as) use most discussion becomes absolutely pointless.