I have a few family-related whatsapp groups and I've been thinking about asking/moving those groups to signal, but I really can't imagine my parents/sister/friends to understand, nor care about the facebook data issue. After all, they're all on Facebook and all use it.
I don't think I'll ever get to request it, because I'm pretty sure it's going to fail, especially with my parents and other from this age group - having them download another app, signup, etc. will be too complicated.
My family group is all iphone users, so I thought about moving this to iMessage, which feels more possible, but again, I'm not even sure my parents understand the difference between whatsapp and iMessage, as they send me messages on both platform without much logic.
Like everything else "bad" that happens to Facebook, this event won't change much and impact on whatsapp will, unfortunately, not change anything.
Remember when corporates stopped advertising on Facebook? They're all back.
> I don't think I'll ever get to request it, because I'm pretty sure it's going to fail, especially with my parents and other from this age group - having them download another app, signup, etc. will be too complicated.
I moved my whole family to Signal, and its surprisingly easy. It asks for their phone number, name (it's autocompleted) and a pin. You can create a link to your family's group chat so then can join without needing someone to invite them.
I'm in the process of moving family and friends. For my friends who I believe are more than capable of moving, I just said them that I'm leaving WhatsApp, you can still reach me on Signal. Then I block them on WhatsApp, so I don't relapse. Almost all of them have moved across so far. I installed Signal for my mom and then blocked my myself on WhatsApp on her phone, so she's forced to use Signal to contact me. If someone can use WhatsApp they can definitely use Signal. It's more secure and it's cleaner.
Most people's whole family is already using WhatsApp to communicate amongst themselves, especially outside the US. It's not that signal is any harder to use, it's that you now need everyone to unlearn their "Use WhatsApp" behavior, and the only justifications you can give them is "Facebook/Privacy!".
This might work with younger groups who really care about that stuff, but as you move up the age groups you'll start to find people who think "Well I already use Facebook daily, how is this different? Why should I care?", and eventually hit the age group that doesn't know the difference between SMS and WhatsApp, they're all just "messages".
Obviously I'm over-generalizing a bit here, but even if I got my parents using Signal, they'd still use WhatsApp to talk to their friends. My parents' parents are even more locked in. Short of charging a monthly fee, I don't think there's anything WhatsApp could do that will get a majority of folks to actually uninstall it.
I don't like "nothing will happen" as a talking point. "Nothing will happen" because... they cornered the market. They're the only game in town. It's the only way for many people to contact their friends. It's not their fault Facebook is a scummy organization run by a sociopath, they don't really have any options. I don't like this implication that the public is to blame
For the vast majority of people, WhatsApp works just fine; you’re trying to get them off something they’re comfortable with rather than getting them to use something better than SMS.
I moved 10 of my non-IT (male, age ~30-35) friends from FB Messenger group chat to Signal. None of them had any problems setting it up, none had any questions during the setup. I just invited them to the group after they created accounts (you can also use an invitation link) and the chat continued on Signal. No one has looked back at FB Messenger and we are not missing any functionality. I am slowly spreading in my circles and so far with only positive feedback.
I have to. But in this case it's not a social network, I don't care if the rest of world uses WhatsApp. I don't need a "network effect". I am fine when the people around me use it. So I achieved my personal goal and while I am happy if more people will join, it will not impact my own usage.
I've managed to do the same as well - the pushback has been minimal at best. I'm more surprised at how many "X is on Signal!" messages I've received from completely non-technical friends.
What is happening here is interesting. Almost like facebook messenger has lost its network effects. Its so easy to install Signal and get setup, and there is a compelling reason to leave Facebook's ecosystem. I previously assumed the network effects were so strong no one could leave Facebook without being a hermit. It turns out people who actually want to contact me will actually bother to install Signal and join me.
I think the possibly big letdown at some point might be the non-intuitive or non-existing message backups. Getting started with and using Signal is great but the backup functionality stops me from recommending it to non-technical friends.
Facebook messenger history is online and doesn't need to be thought about. I'm fearing there will be a fair bit of resentment once the non-technical Signal users change devices and realise that all their messaging history got lost in the process.
> This is distinctly different than how iMessage and Telegram work because in both of those apps they store your private key.
Does anyone have a moment to explain this one to me? Seems to me you'd of course have to store your own key on the device. And if Apple is storing it themselves... that's news to me and pretty concerning.
Which describes that the private keys are generated and held on device.
Now I think this model *may change when you enable icloud messaging, in which case an encrypted messaging key may be stored in your icloud account. So you may opt to have apple store it, but in an encrypted manner that they can't undo.
This part is a bit speculative on my part though, so grain of salt.
iMessage does store a secure key locally on your device which never leaves. The main difference with iMessage is Apple is able to add more signing keys to decrypt the data if they wanted. This is what happens when you add a new device.
In a no-trust model once you sign in on a new device you wouldn't see all of your old messages. Because all of your old messages are decrypted and sent to the new device this is evidence that a new signing key was added to the communication chain.
Apple could also do this to decrypt your messages to give to a government agency or for whatever purposes they want without notifying you.
Is there a GitHub issue or someone to make this as a feature request for Signal since it's an open source project? +1 to easy migration features that can allow folks and groups to move from WhatsApp to Signal.
I found a bunch of sticker packs here that were easy to install. There must be a way to import telegram sticker packs, because I see them referenced. https://signalstickers.com
At least for Telegram, there are sub-groups out there that port stickers from other services (e.g, LINE). Hard to imagine that won't crop up for Signal eventually, if not already.
> - UX/UI - whatsapp seems to have a much tailored UI for beginners
How so? UX/UI for beginners is a big priority for Signal, your feedback could be helpful.
I might agree with you for Signal-Desktop: installing another application is always more friction, and it will get out of sync if you don't open it regularly, which doesn't happen with WA since the messages are retrieved from the phone.
1. Worst Offender : Facebook Messenger --> spyware for tracking all your activities even in background
2. WhatsApp : Lost trust in it since Facebook bought it, more so with the new terms and conditions. Data is not safe anymore.
3. Telegram : Trust it's privacy but it's proposed business model is also advertisement based so avoiding it.
4. Signal : Best option, there are some sacrifices to be made with lack of contacts and some features but slowly and surely we can turn the tide. Also it's open source funded by a Non-Profit so that gets it bonus points.
I rate them differently- I can use Facebook and supply minimal real personal information. WhatsApp by contrast demands full access to all my contacts whether they use WhatsApp or not
That has not been true in forever on either iOS or Android, if it ever was.
It is possible to reply to numbers bot listed in your contacts; and apparently it is possible to initiate chats with numbers by using a web api which triggers a platform specific app action.
But you’d be left with phone numbers as identifiers, and at most the user’s self description which is sometimes they name and sometimes just something like “xxx”
WhatsApp became massive before being bought by Facebook and you had to purchase it for $0.99 (or $2,99 it's been almost a decade so I can't remember the exact price). So no, as long as the network effect is there, costing money is not a no-go.
Except it wasn't really enforced. They kinda made you think you HAD to pay, but extends it to another year even if you didn't pay. So it was actually free.
I wish that they would have chosen a different name when switching from Riot to Element because I am just starting to getting used to it. But it is still my #1 option.
I like and use Element but it definitely isn't ahead in usability. Getting e2e set up for "average" people isn't trivial. Especially if they have multiple devices.
That being said it is the the best long term option in my opinion and I am donating to the organization. Hopefully they can work on polishing the e2e UX.
Do you mean about accessing an encrypted chat from multiple devices?
If yes, I was playing with that just this weekend and I did not understand at all how to trust the other devices by using "text" (which "text"? I didn't get anything to type/check/approve anywhere); on the other hand by using the option to use emoji (compare a series of emoji between devices and then confirm) was very simple.
As well finding the link to a group-chat that I just created was not simple (or at least the place where to find it was not obvious).
> That being said it is the the best long term option in my opinion and I am donating to the organization. Hopefully they can work on polishing the e2e UX.
For me the verify by text worked, but you can click on a lot of very similar places and you get different results. For example if you click verify it forces interactive verification. If you click the sessions and then click a session you can verify individual sessions. Of course you can't non-interactively verify a users main key.
I'm also confused why each device is handled separately. I would rather I just share a key around (and ideally it rotates occasionally) and not share what and how many devices I have and what one I am using at the moment.
> but you can click on a lot of very similar places and you get different results.
Aha, didn't notice that, thx!
> I'm also confused why each device is handled separately.
Well, I can understand it more or less (I guess kind of similar to confirming in Whatsapp your multiple open sessions on different devices, to ensure that nobody is using something that you forgot/left behind?), but doing it this way is quite hardcore - on the other hand it could be that the whole thing is deeply embedded in the software's encryption principles/guidelines => it would probably still be ok, but it needs to be explained better, be more clearly accessible.
I guess that having a rotating key (with the software asking from time to time "do you want to accept key jf8k4d9k?") would probably be confusing for non-technical users and would probably generate uncertainty/anxiety/etc... ?
Losing the device is an interesting point. However I think due to the way that cross signing works they could use that device to sign new sessions anyways. They would also have access to key backups so I don't think that case is supported well right now.
For the rotating key it would be automatically signed by the previous key or master key so no user-visible change would be shown.
> However I think due to the way that cross signing works they could use that device to sign new sessions anyways.
So you don't think that if I cross-sign devices A and B, and then I would cross-sign devices B and C, if I would revoke B then C would automatically become invalid as well?
Kind of similar question about "key backups" (to which keys would device C have access to?).
(I honestly did not ever look into all these details - I was hoping that this would be covered by more clever people)
It would make sense but I'm not sure how it is implemented. I can also just imagine revoking old devices because I don't use them anymore or have reinstalled them. In that case I wouldn't want the things it signed to be revoked. (Really just saying don't trust this key for anything in the future, but past things are fine).
Maybe the best solution would be revocation after a date. So you can say "don't trust anything after {time-i-lost-the-device}" or "don't trust anything after {now}" and it does the right thing. However that could be complex to implement correctly in software. Lots of bookkeeping.
Encryption in Matrix is shit, and is making me feel foolish about inviting various friends onto Matrix.
I set up my own server using Synapse, and invited about half a dozen other IRL techie friends to join me in there to continue chatting during Covid times.
Considering we've all worked in tech for decades and run our own servers/services, none of us can really work out how the hell it's supposed to work. I mean, after lots of time consuming verifying of devices it kind of works. Except recently, all of a sudden, one of the people in our main chat room can not see the messages I sent from one of my devices. It tells him to get my keys from another session, he has only every used a single device/session. There is no UI that either of us can find to help fix it. We can chat fine in a different encrypted room, or if I use a different device.
I'm not pulling anyone else into the Matrix ecosystem until encryption stops being just so god damn awful.
Same experience here but i feel like Element is slowly getting worse. It is starting to use popups for everything and its becoming so annoying my friends are slowly leaving.
Verify this, is this you that.
I think partly its because i am not always on latest version of Synapse so the self-updating clients expect slightly different backends but uff.
It feels like Moxie is right with his anti federation argument. Call me stupid but i am really trying to keep it together but i still cant tell why some of the popups show up or why some sessions of my friends wont decrypt and they show gibberish.
Can I ask why you didn't just use email? If you wanted a technical challenge you could have setup your own email server. You could also run your own Teamspeak server for video conferencing.
This is the problem with matrix et al. They have to offer something that is leagues ahead of the current baseline, which I'm not convinced they are.
We aren't using email for this, because we wanted a chat room. We aren't using Teamspeak because we don't want video conferencing.
I've been running my own email server for going on 20 years now.
[edit] To add to the above, I use the same Matrix server to chat in various Matrix, IRC and Gitter rooms, and also to host a couple of self-written bots which I use to control a few aspects of my life. Email isn't really a replacement for the things I use Matrix for.
Matrix feels akin to trying to tell my (non technical) friends that they should use HTTPS as their social media site. I think it's technically more capable but trying to explain what you can do, how to get started, or why it's better is a much higher bar than something like Signal.
Absolutely correct, I just did that this weekend: big effort trying to explain all pros vs cons and the its technical background and future outlook, prepared test chatroom, wrote simple instructions to create account and try it out => got ignored, failed miserably, hehe :)
I think Element is way behind Signal in terms of usability. The iOS app is the most confusing chat app I've seen, especially if you are using your own servers.
Exactly. Very bad name, too techy for the average folk and it doesn't have the same network effect as Signal or Telegram. I disagree that it is ahead of Signal for usability in fact it is still behind.
Although I do praise it for not requiring and collecting my phone number and being a bit more future-proof and decentralised, unlike Signal and Telegram.
But in terms of getting my friends grandmother over it, it completely loses on usability and its name is so confusing to them you just had to also mention the Matrix protocol, when it is just Element. which even that by itself is very ambiguous.
Keybase is effectively in maintenance mode after being acquihired by Zoom.
If anything, Signal should adopt some of the crypto identity primitives Keybase was known for [1] for persona management that builds on (but still supports) phone DID identifiers. Would Zoom sell or donate Keybase infra to Signal Foundation? That'd be swank.
I tried signal, matrix, Riot, Slack, Discord, Messenger, Hangouts, and Keybase is by far the best option.
It is in an uncertain place though since Zoom bought them and moved its developers to work on Zoom. There has only been one small update to Keybase since zoom purchased them.
While it's not getting updated I don't have any worries about the reliability of its existing security. It's not perfect but it's pretty mature and feature-rich.
Keybase showed a lot of promise, but ever since they were bought by Zoom I’ve been hesitant to depend on it. There’s a good chance it’ll be neglected or cannibalized in the future, not to mention the real or imagined CCP influence. Perhaps failure is a self fulfilling prophecy.
I've been a Keybase user for a couple years now. I started using Signal when it was TextSecure. From Signal Insights 98% of my conversations are encrypted because I pushed Signal hard on friends, family and colleagues early on. I talk to one person on Keybase that refuses to use Signal (not exactly sure their rationale anymore). For some reason I thought Keybase was going to give me the early experience of Twitter, where I was able to interact with people in the same field without having to know them IRL. And while Keybase does recommend I follow / interact with some of those people it feels less attainable to start up a random conversation or jump into a public thread like I did early on with Twitter. To be clear I'm not saying that's Keybase's fault. As for getting non-technical family and friends using Keybase, well... I find that it's not as approachable. I think it is more convenient in some cases (chat history is probably the #1 item), but it's also clearly geared towards people who likely have an idea what PGP is (re: PGP key identity proof, etc). I wish there was something that mashed up the best of Signal, Keybase and Twitter. But at the end of the day I'd probably still use Signal for the majority of direct person to person messaging because of the time and personal effort I've put into getting my circle to use it. The switching cost is too high a bar now to consider anything unless it's exponentially better (and I don't think that exists). I also really don't like the fact that Zoom owns Keybase and can't see myself recommending it much moving forward over alternatives like Element.
All of them: Require your phone number to work, and ask for your full address book.
Asking repeatedly for information that is not necessary is a red flag. It is suspicious, to say the least, that Signal is not censored from Apple’s Appstore.
Consider Jami - https://jami.net/ too - you don't even need to share your phone number or email id to use it.
And it has support for nearly all desktop and mobile platforms (with all the features we expect from a messaging client, and more - it is also a SIP client). It is fully open source, and all data is stored on your device.
Signal may be run by a non-profit, but it a non-profit based in the United States. In the US, a non-profit can also be converted into a for-profit business.
I've played with Jami several times because it sounds good on paper but it just flat out failed to work a lot of the time. Messages sent but never received, no indication of why or what was going on. For my uses anyway, IM needs to be above all reliable - when I send a message I need to know the recipient will get it (and in a timely manner, modulo their availability).
Most of my network is on Telegram at my urging because it was the best option at the time, but I'm constantly looking for something better to replace it (as I'm aware of the downsides to Telegram). Currently I'm trialing Element with one of my contacts and I'd say it might be ready if I can get past the initial setup headaches, but Telegram just works so darn well and is so amazingly fast that it will be very hard to get buy-in for people to switch. Most people are overloaded with IM apps already, adding another one is tough unless it can completely replace and deprecate one they're already using. Jami definitely is not that IMO.
Signal is quite good and I use it for person to person. Hopefully with an influx of new users and with that, funding, it can reach feature parity with WhatsApp which is currently much better for groups. WhatsApp and Uber and Lyft etc, are very well crafted applications on iOS. They feel magical. Signal can get there as well, but it will take funding+effort.
I see the opinion that more users will help make Signal reach feature parity but I don't understand why that follows. Unless there is a massive increase in donations but that is largely covered by the 0% interest rate funding from WA founder.
While not a guarantee, the number of donations is proportional to the number of users. Since they can't extort their current users for more money, the only hope for Signal is to get more users.
Even better is Wire: no phone number required, doesn't access your contacts, free personal accounts available, you can use it on a desktop machine with nothing more than a web browser, when using an installed app you can be logged into three Wire accounts at the same time, source code is open source and has been audited for security, you can set up your own locally hosted (or in your own cloud)... and more I'm probably forgetting.
The fact that it's a "secure collaboration platform" means it doesn't fill the same niche. I don't need a secure collaboration platform to talk with my family or friends.
I'd just like to mention that Matrix (and its most prominent client "Element") sounds similar:
> Even better is Wire: no phone number required, doesn't access your contacts, free personal accounts available, you can use it on a desktop machine with nothing more than a web browser
Same
> when using an installed app you can be logged into three Wire accounts at the same time
Don't know if that's possible with one of the currently existing Matrix-clients. I guess that maybe in the future that would be possible, respectively, doesn't sound too difficult to implement.
> is open source and has been audited for security, you can set up your own locally hosted (or in your own cloud)
Same for Matrix. Not sure about the official audit, but at least France decided to use it as a base for its own governmental chat ( https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed... ) so I guess/hope that they audited the original software.
Thank you for mention this! I don't know why Wire is not mentioned in thread like this. It is best without meta data collection (such as phone number). You can register with just an email and it is based on the encryption protocol that Signal uses. On top of that, the server is written in Haskell!!! Yes, Signal server is in Java, btw. Which is not bad. And Wire is based in Switzerland, with GDPR in Europe it has better data privacy jurisdictions.
I had a contact show up with a super old name that I wanted to update but it was right in all my other apps. Turns out I still had the old name in one of the read only merged contacts from WhatsApp (contact showed up fine in WhatsApp). I had to remove my WhatsApp account clear the app data for signal and resync everything.
How is Signal going to fund their operations in the future if they grow to anything close to the other three in size? Donations? Even if they're a non-profit they still need to keep the servers running.
The Signal Foundation received a zero-interest loan of $100,000,000 by WhatsApp founder Brian Acton which doesn't need to be paid back until the year 2068 or something.
And according to Telegram's Pavel Durov, "A project of our size needs at least a few hundred million dollars per year to keep going." [0]. So future funding sources will be needed if Signal grows to be a big player. It's fine saying they're owned by a non-profit, but even non-profits have bills to pay.
I don't think a project of that size needs that much money.
Exhibit A: The Signal Foundation's tax reports[0]
Exhibit B: The fact that WhatsApp had a very small team and rather low costs, at least prior to its acquisition by Facebook. (I can't find any numbers right now.)
According to this Wired article [0] from last year, the number of Signal users aren't public, but they've had "more than 10 million downloads on Android" and another 40% on iOS. Lets say 20 million downloads in total. Of course there's more now, but we don't know what kind of costs they have now, and I couldn't be bothered looking for more recent figures.
Telegram has close to 500 million active users each month. So of course Signal is not using as much money. The same Wired article mentions that Signal recently had gone from 3 to 20 full time employees, that adds a lot of cost as well.
My point is that I don't think Telegram have spent lavishly or focused on big profits, so it's unreasonable to assume that Signal will be able to do what Telegram does for much less money, so they will also need a new monetization eventually.
Yeah I went through the document. I'm asking on more of a mobile development perspective. The list makes it sound like when I open up Chrome and go to a site, Facebook knows right away.
How come you trust its privacy? Its privacy guarantees are by far worse than those of WhatsApp as Telegram messages aren't even end-to-end encrypted by default.
After being in the business world for 30 years, one truism is that business relationships can only be sustained for the long term if the interests of the parties are aligned. All parties need to contribute and all parties need to benefit, and the contributions and benefits need to be commensurate all around.
Social media and their users are struggling because their (our) interests have not been aligned all along. Initially, the services grew by providing great value. They developed equity through size and usage. Interests were not aligned for the long term because they lost money quarter after quarter. Then came the day they needed to convert the equity into revenue.
At that point, the pendulum swung back the other way. The users had given up privacy and publicized their lives to the world and developed habitual (addictive?) use. The user experience deteriorated, '3rd parties' paid for access and insinuated their banners into our feeds. We've become invested in these platforms, in some cases literally by developing primary income from YouTube, Locals, OnlyFans, ...
Clearly, we still don't have aligned business interests.
How can 'Big Tech' and 5 billion Internet users align our interests for the long term?
It seems clear that interests can be very aligned where users are paying for their product. It is only when services are "free" where alignment is an issue.
That's a fair comment, but a non-profit that relies on donations (as opposed to selling services to somebody other than me) strikes me as very different than Facebook et al.
It’s a viable model though. WhatsApp had only ~50 employees and already 500m users when it was purchased for ~$20B. They were already profitable on the $1/year after the first year subscription model.
Signal is approaching similar metrics (except it’s supported by a $50m endowment from Brian Acton instead of donations).
It’s easy to say that the mechanics of chat are pretty simple and a global chat service can be maintained by a roomful of engineers, but is the original algorithm-free, chronological Twitter that much more complex? It’s hard to believe there aren’t any other billionaires out there who would be willing to create an endowment securing the perpetual existence of a free social network.
Charging $1 a year like WhatsApp used to wouldn’t be such a bad idea once it got bootstrapped either, since it would make it much harder to run bot armies.
Excellent comment. I'd say there are at least three possible answers to the question you pose at the end of it:
1. As another commenter replied, Big Tech will have to start charging market prices for their services.
2. Big Tech will be unable to charge for their services, and the business relationship between them and their users will collapse, taking Big Tech with it.
3. The relationship between Big Tech and its customers will change from a business relationship to something else, where the truism you stated will no longer applies.
One might argue that (3) has already happened, and the "something else" is more like a manorial or totalitarian relationship, in which the interests of the users are irrelevant.
> How can 'Big Tech' and 5 billion Internet users align our interests for the long term?
This is a fascinating question, I want to see this discussed more. I'll throw some thoughts to get a conversation started:
I would happily pay for big tech company services - if I'm worth $30 a month in advertising revenues, I'm willing to pay $30 to subscribe to the same services in exchange for privacy. I'm convinced that I'm not the only person who thinks like this. I am waiting for a product to come around and service this market.
While I think this market is definitely there I think the problem is it's the much smaller market so a company isn't going to make a competitive set of services and intentionally alienate the other e.g. 90% of users with it by doing pay only. On the flip side it's been shown that all but a very small fraction of that 10% will use the data sale funded version of these services it's all that's offered.
So it ultimately comes down to "do we create an alternative funding model for that 1 percent of user space" which doesn't seem like much incentive vs trying to find ways to get more more out of the 99% of users.
I think the only way this changes is if that userbase grows significantly, I don't think it's simply been an overlooked/forgotten internet business model.
I suspect it's another micropayment problem. You're actually worth $0.05 in ad revenue (or something like that), but due to payment friction & billing fees you wind up paying monthly Spotify: $10 Facebook: $20 News x4 sources: $40 LinkedIn: $30 HackerNews $5 Various Forums: $50 (etc)
You get the idea- in the end you're paying incredible sums of money for a collection of services that just aren't worth all that much. A conclusion supported by the fact that your use of these services currently generates pennies a day in ad revenue.
We can see this game at play today in news, where you could easily blow $50/mo subscribing to a small selection of decent papers. It's not a big deal if you only had one subscription, but few people read only one paper- or participate in only one social network.
To make matters worse, as seen in the cable industry, paying subscribers by definition have money to spend. This means they are by definition the most valuable advertising targets, which makes the lure of advertising to your subscribers eventually impossible to resist...
> if I'm worth $30 a month in advertising revenues
Per service though, are you willing to spend $30/m each for what facebook was, for what twitter was, for what youtube was, for what reddit was, before ads took over? (that's over $100/m on 4 sm sites... now we're getting into medium, tech news sites, gmail, google search, maps, etc. And what about the people who can't afford a $300/m "internet" bill are they just cut out of this brave new world?
I give it a couple of weeks before screen shot of "violent" groups on Signal go viral, and the ban hammer will come unless they build a backdoor or remove the end-to-end encryption feature entirely.
M'y guess is Moxie would shut the company down before introducing a backdoor.
Also, if the gov tries to ban it, its just open-soirce software, right? Haven't courts (in the US at least) ruled that code is speech, and therefore protected from government restrictions by the 1st Amendment?
Except I doubt that's how it will work. They just have to get Apple and Google to bow to the pressure again and remove it from the app store. Restricting the first amendment is a lot easier if you can effectively do it without actually doing it officially.
One thing I wish signal had is key transparency. How come I can't see my own key hash and my contacts keys? I know they'r trying to keep it simple, but power users should be able to do this.
But you can? Open a conversation -> Menu -> Conversation settings -> View safety number.
Note that the safety number is basically a combination of your and your contact's (DHKE-negotiated) keys and is thus going to be different for every conversation. The reason both keys are not shown separately is that it apparently confused users.
Interesting, and thanks! Normally DHKE is authenticated though with public key cryptography? The way I understand is DHKE establishes a secret... with someone but in order to ensure it was your intended party, not a hostile government, usually a public key signature exchange takes place.
That's correct, it's an authenticated Diffie-Hellman key exchange. I'm not sure why they don't show the actual public keys anywhere but I suppose it doesn't make a lot of sense for the general public and it'd only be confusing.
In fact, the cryptography is even more complicated: The Signal protocol uses a so-called double ratchet algorithm[0] which derives from the session/conversation keys a new ephemeral message key whenever possible (again using a DHKE). This has the added advantage of providing forward secrecy.
They have a feature called safety numbers in the conversation settings. Lets you pull up a QR code and number so you can verify public keys with someone in person or out of band. Then if you hit a verify button which i assume makes the warnings for someone's key changing louder or something like that.
The problem that Signal has to solve, transfer of new messages to a new phone. Right now the iOS transfer is a whole lot better than the manual android process ( ive heard the former is not fool proof )
Being a house full of Pixel devices and sole IT person, I dont want to be responsible for lost messages when it comes time for a new phone.
Also if your phone is lost or bricked ( either platform ) say goodbye to messages
Moving from Android to iOS, bye messages.
I can move my savvier friends and family over, but the rest will remain on whatsapp where "its easier" compromise works.
Exactly this. A lot of other messaging apps have this problem (read the App Store reviews of LINE for a sampler of people upset about it), and I find it baffling. Have these devs never lost a phone (or had one break unexpectedly?)
It seems like it should be trivial to back up message history to the cloud.
I just migrated from a pixel 4xl -> 5 and back with signal.
Nobody noticed, no warnings about encryption keys changing, no problems whatsoever. Took about 5 minutes each time (including googling of the directions).
Just make a backup (with an encryption key), then do a restore (and enter said key). Not as convenient as if it was automatic, but it does seem like a pretty secure approach.
All things equal, it's good in itself to diversify geographically your portfolio of apps. Signal is in Silicon Valley, Telegram is in Dubai, so I go for Telegram.
I love that Signal generally seems receptive to features that users ask for. It's far from perfect, as there are certain features I've seen repeatedly requested that are still yet to be implemented, but over the years that I've used it, Signal has come much closer to a full-featured WhatsApp alternative while taking the harder path of maintaining privacy for these additions.
My personal wishlist:
- Making the app available on F-Droid, either on the official repos or just hosting a third-party one
- Bringing the Android backup solution (encrypted blob) to iOS
- Bringing the iOS backup solution (direct device transfer over Wi-Fi) to Android
- Signup with usernames/emails as an option instead of only verified phone numbers
- A more reliable desktop client, because most of my contacts on Signal (myself included) have experienced syncing issues, message decryption issues, notification issues, etc. I do like that the desktop client is temporarily standalone in that the phone running the app does not need to be available, although I have had to re-connect the two every once in a while so I don't find it reassuring to depend on the desktop client alone.
There is bad blood between F-Droid and the Signal devs. I don’t expect the app to ever appear on F-Droid. Signal’s developers are on record as preferring the Google Play store as the official distribution method, and even downloading the APK directly from the Signal website is something they tolerate only grudgingly.
Plus, some are predicting that forthcoming changes to Android – Google possibly mainstreaming its “advanced protection” model so that phone owners cannot install the F-Droid APK except through enabling ADB and pushing it to the phone from a computer over the command line – will further marginalize F-Droid.
Exactly, that was the reason Moxie gave for wanting to avoid F-Droid back in the day. Besides, I hear the .apk one can obtain from signal.org these days comes with an integrated update mechanism, anyway? As much as I am a fan of F-Droid, I really don't understand the criticism here. What advantages does F-Droid provide here?
If you browse the F-Droid website they actually mention that it's possible to use the .apk distributed by the developers, if the apk is reproducible. It's cumbersome and requires a lot of goodwill from both the developers and the F-Droid maintainers, but it's not impossible.
The thing is, people using F-Droid are most likely already aware that they can install the .apk directly from https://signal.org/android/apk/ so there's not much to gain (the .apk prompts the user when an update is available too).
I'd probably switch to (and get friends to switch to) Signal if it supported Android Tablets and had a web app (like web.whatsapp.com). Those items might seem minor but having to always have my phone next to me, even when I'm browsing on my tablet, is inconvenient. Same goes for not being able to login easily to a semi-trusted device via the web (e.g. my work laptop - I don't want to install the desktop client, but I trust it enough to login to a web app, possibly in an incognito window).
The desktop client is sadly a bloated Electron app that has to be paired with your phone. Thankfully it's not completely hopeless as the pairing only has to happen once and it doesn't require your phone to be online all the time to work.
Does Signal really not run on Android tablets? While you do need to receive an SMS to set up a Signal account, you can receive that SMS on any other device, even a dumbphone.
It does work on tablets, but its a side load apk, and unlike laptop/desktop it cannot be used as an "adjunct" to your phone: it becomes an independent entity or takes over the entire state.
Comparing Signal features with Whatsapp I have two thoughts:
1. I noticed that Whatsapp allows me to add someone to a call (sort of like upgrading a phone call to a group call). I couldn't find a way to do that with Signal - although Signal supports group calls (that is, calling an entire group at once).
It's a minor feature, but I discovered that I rely upon it quite often.
2. Last year, I attempted to switch from iOS to Android - and I discovered that there isn't a clean way to move my whatsapp messages over. On iOS, whatsapp creates a backup on iCloud, there isn't any way to recover that on Android.
I aborted the attempt to switch to Android only because losing my whatsapp chat history was unacceptable.
Signal currently seems to be just as bad. However, if signal can implement a reasonable way to create backups and recover them across devices and operating systems, it will seal the deal and convince me to permanently delete whatsapp from all my devices.
I think it’s interesting that not many people here bring up Discord. It’s by far the most challenging competitor for the average user, IMO. Full of features and very easy to use.
Discord imo feels like 10 different spammy chat concert halls (rooms of 50+ people). Feature-wise though it has great group audio chat, and okay(a bit low-quality)-but-immediately-available video chat.
So is everyone OK with this big migration to another centralized service that doesn't interoperate?
Imagine if e-mail had been like this. You can't talk to your friends if they have a different provider, and you're not allowed to use your own client anymore.
Some months ago Delta Chat [0] trended on HN. I think in a perfect world email based chat would solve a lot of the problems with current apps like Whatsapp or even Signal. But based on Gmail popularity I assume it would just mean that Google would get the data in most cases.
I want to make my Signal (i.e. my personal cell phone number) public, but I don't want to put my cell phone number up to the internet to open up spam and MITM 2FA SMS attacks. What's the best way to do this?
Burner SIM?
Google Voice number?
Landline service?
Go find a payphone?
The "tied to your phone number" thing is weird for me, both Telegram and Signal.
If you want to change your phone number, how do these platforms handle it? Do your contacts get updated or what? What happens to people with your old number?
If your phone breaks, and you get a new one, how do they handle backups? (My iPhone's WhatsApp backups somehow disappeared when I got a droid.)
These questions are particularly infuriating for digital nomads and people living abroad. I want an inexpensive cheap way to keep my US number I've had for 10 years. I've also heard horror stories that Google Voice (or Fi? Can't figure it out) will shut down your account if you live internationally.
I have a link in the post on how to use a twilio number instead of your real phone number. Signal PINS is the first step to making non-phone number identification work.
I have no idea about phone number changes (I've had the same phone number for 20 years), but my phone broke not terribly long ago and I had to reinstall everything. As I recall, my Signal data came back just fine. Looks like you have to enable it[0], so I assume that's what I did.
> The "tied to your phone number" thing is weird for me, both Telegram and Signal.
Isn't this restriction also applicable to WhatsApp?
221 comments
[ 2.8 ms ] story [ 265 ms ] threadI don't think I'll ever get to request it, because I'm pretty sure it's going to fail, especially with my parents and other from this age group - having them download another app, signup, etc. will be too complicated.
My family group is all iphone users, so I thought about moving this to iMessage, which feels more possible, but again, I'm not even sure my parents understand the difference between whatsapp and iMessage, as they send me messages on both platform without much logic.
Like everything else "bad" that happens to Facebook, this event won't change much and impact on whatsapp will, unfortunately, not change anything.
Remember when corporates stopped advertising on Facebook? They're all back.
I moved my whole family to Signal, and its surprisingly easy. It asks for their phone number, name (it's autocompleted) and a pin. You can create a link to your family's group chat so then can join without needing someone to invite them.
That's the key move, it takes guts
This might work with younger groups who really care about that stuff, but as you move up the age groups you'll start to find people who think "Well I already use Facebook daily, how is this different? Why should I care?", and eventually hit the age group that doesn't know the difference between SMS and WhatsApp, they're all just "messages".
Obviously I'm over-generalizing a bit here, but even if I got my parents using Signal, they'd still use WhatsApp to talk to their friends. My parents' parents are even more locked in. Short of charging a monthly fee, I don't think there's anything WhatsApp could do that will get a majority of folks to actually uninstall it.
1. Install the app when you visit, go to the process together (difficult these days, I know...)
2. If you have many iPhone users in your family, answer on iMessage whenever they send you a WhatsApp. This way you can pull them over slowly
3. If Android users send you a WhatsApp, check if they have Signal installed and answer there instead.
It is "Salami tactics", but works for me.
It rejects the correct SMS confirmation code it's sending/receiving itself :)
At any rate, I know a couple of people who have recently signed up so it's not affecting everybody.
Facebook messenger history is online and doesn't need to be thought about. I'm fearing there will be a fair bit of resentment once the non-technical Signal users change devices and realise that all their messaging history got lost in the process.
Does anyone have a moment to explain this one to me? Seems to me you'd of course have to store your own key on the device. And if Apple is storing it themselves... that's news to me and pretty concerning.
Page 99 here. https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app...
Which describes that the private keys are generated and held on device.
Now I think this model *may change when you enable icloud messaging, in which case an encrypted messaging key may be stored in your icloud account. So you may opt to have apple store it, but in an encrypted manner that they can't undo. This part is a bit speculative on my part though, so grain of salt.
In a no-trust model once you sign in on a new device you wouldn't see all of your old messages. Because all of your old messages are decrypted and sent to the new device this is evidence that a new signing key was added to the communication chain.
Apple could also do this to decrypt your messages to give to a government agency or for whatever purposes they want without notifying you.
https://techcrunch.com/2014/02/27/apple-explains-exactly-how...
- stickers (big one!) - if it was possible to import whatsapp stickers library it would be a big win
- on whatsapp it's easier to share news and memes from other groups - network effect
- UX/UI - whatsapp seems to have a much tailored UI for beginners
How so? UX/UI for beginners is a big priority for Signal, your feedback could be helpful.
I might agree with you for Signal-Desktop: installing another application is always more friction, and it will get out of sync if you don't open it regularly, which doesn't happen with WA since the messages are retrieved from the phone.
1. Worst Offender : Facebook Messenger --> spyware for tracking all your activities even in background
2. WhatsApp : Lost trust in it since Facebook bought it, more so with the new terms and conditions. Data is not safe anymore.
3. Telegram : Trust it's privacy but it's proposed business model is also advertisement based so avoiding it.
4. Signal : Best option, there are some sacrifices to be made with lack of contacts and some features but slowly and surely we can turn the tide. Also it's open source funded by a Non-Profit so that gets it bonus points.
Reference: https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-...
It is possible to reply to numbers bot listed in your contacts; and apparently it is possible to initiate chats with numbers by using a web api which triggers a platform specific app action.
But you’d be left with phone numbers as identifiers, and at most the user’s self description which is sometimes they name and sometimes just something like “xxx”
If only it could be present-ready.
No, I am kidding :).
The way I see it Matrix and Signal have different short term and long term goals, some overlapping. And both could do way better in term of usability.
I like and use Element but it definitely isn't ahead in usability. Getting e2e set up for "average" people isn't trivial. Especially if they have multiple devices.
That being said it is the the best long term option in my opinion and I am donating to the organization. Hopefully they can work on polishing the e2e UX.
Do you mean about accessing an encrypted chat from multiple devices?
If yes, I was playing with that just this weekend and I did not understand at all how to trust the other devices by using "text" (which "text"? I didn't get anything to type/check/approve anywhere); on the other hand by using the option to use emoji (compare a series of emoji between devices and then confirm) was very simple.
As well finding the link to a group-chat that I just created was not simple (or at least the place where to find it was not obvious).
> That being said it is the the best long term option in my opinion and I am donating to the organization. Hopefully they can work on polishing the e2e UX.
Same here & I agree.
I'm also confused why each device is handled separately. I would rather I just share a key around (and ideally it rotates occasionally) and not share what and how many devices I have and what one I am using at the moment.
Aha, didn't notice that, thx!
> I'm also confused why each device is handled separately.
Well, I can understand it more or less (I guess kind of similar to confirming in Whatsapp your multiple open sessions on different devices, to ensure that nobody is using something that you forgot/left behind?), but doing it this way is quite hardcore - on the other hand it could be that the whole thing is deeply embedded in the software's encryption principles/guidelines => it would probably still be ok, but it needs to be explained better, be more clearly accessible.
I guess that having a rotating key (with the software asking from time to time "do you want to accept key jf8k4d9k?") would probably be confusing for non-technical users and would probably generate uncertainty/anxiety/etc... ?
For the rotating key it would be automatically signed by the previous key or master key so no user-visible change would be shown.
So you don't think that if I cross-sign devices A and B, and then I would cross-sign devices B and C, if I would revoke B then C would automatically become invalid as well?
Kind of similar question about "key backups" (to which keys would device C have access to?).
(I honestly did not ever look into all these details - I was hoping that this would be covered by more clever people)
Maybe the best solution would be revocation after a date. So you can say "don't trust anything after {time-i-lost-the-device}" or "don't trust anything after {now}" and it does the right thing. However that could be complex to implement correctly in software. Lots of bookkeeping.
I set up my own server using Synapse, and invited about half a dozen other IRL techie friends to join me in there to continue chatting during Covid times.
Considering we've all worked in tech for decades and run our own servers/services, none of us can really work out how the hell it's supposed to work. I mean, after lots of time consuming verifying of devices it kind of works. Except recently, all of a sudden, one of the people in our main chat room can not see the messages I sent from one of my devices. It tells him to get my keys from another session, he has only every used a single device/session. There is no UI that either of us can find to help fix it. We can chat fine in a different encrypted room, or if I use a different device.
I'm not pulling anyone else into the Matrix ecosystem until encryption stops being just so god damn awful.
Verify this, is this you that.
I think partly its because i am not always on latest version of Synapse so the self-updating clients expect slightly different backends but uff.
It feels like Moxie is right with his anti federation argument. Call me stupid but i am really trying to keep it together but i still cant tell why some of the popups show up or why some sessions of my friends wont decrypt and they show gibberish.
This is the problem with matrix et al. They have to offer something that is leagues ahead of the current baseline, which I'm not convinced they are.
I've been running my own email server for going on 20 years now.
[edit] To add to the above, I use the same Matrix server to chat in various Matrix, IRC and Gitter rooms, and also to host a couple of self-written bots which I use to control a few aspects of my life. Email isn't really a replacement for the things I use Matrix for.
Also you can use alternative clients, which (I think) is against Signal's TOS, and is at least discouraged.
Although I do praise it for not requiring and collecting my phone number and being a bit more future-proof and decentralised, unlike Signal and Telegram.
But in terms of getting my friends grandmother over it, it completely loses on usability and its name is so confusing to them you just had to also mention the Matrix protocol, when it is just Element. which even that by itself is very ambiguous.
https://keybase.io
If anything, Signal should adopt some of the crypto identity primitives Keybase was known for [1] for persona management that builds on (but still supports) phone DID identifiers. Would Zoom sell or donate Keybase infra to Signal Foundation? That'd be swank.
[1] https://en.wikipedia.org/wiki/Keybase
It is in an uncertain place though since Zoom bought them and moved its developers to work on Zoom. There has only been one small update to Keybase since zoom purchased them.
Asking repeatedly for information that is not necessary is a red flag. It is suspicious, to say the least, that Signal is not censored from Apple’s Appstore.
Signal (the foundation) does not get to use my phonebook even if Signal (the app) does.
Made the switch yesterday. Hope this will be a turning point for Facebook
And it has support for nearly all desktop and mobile platforms (with all the features we expect from a messaging client, and more - it is also a SIP client). It is fully open source, and all data is stored on your device.
Signal may be run by a non-profit, but it a non-profit based in the United States. In the US, a non-profit can also be converted into a for-profit business.
People use Telegram, because it has a fantastic UX and UI.
If you want people to even considering switching from WhatsApp, then the alternative must be 120% polished.
Most of my network is on Telegram at my urging because it was the best option at the time, but I'm constantly looking for something better to replace it (as I'm aware of the downsides to Telegram). Currently I'm trialing Element with one of my contacts and I'd say it might be ready if I can get past the initial setup headaches, but Telegram just works so darn well and is so amazingly fast that it will be very hard to get buy-in for people to switch. Most people are overloaded with IM apps already, adding another one is tough unless it can completely replace and deprecate one they're already using. Jami definitely is not that IMO.
Otherwise it's totally open source: https://github.com/wireapp/wire-server
Also, no mention of free personal accounts here: https://wire.com/en/pricing/
And phone ID required is a plus. I don't need people to log in or search for contacts. Just install and boom, we're connected.
> Even better is Wire: no phone number required, doesn't access your contacts, free personal accounts available, you can use it on a desktop machine with nothing more than a web browser
Same
> when using an installed app you can be logged into three Wire accounts at the same time
Don't know if that's possible with one of the currently existing Matrix-clients. I guess that maybe in the future that would be possible, respectively, doesn't sound too difficult to implement.
> is open source and has been audited for security, you can set up your own locally hosted (or in your own cloud)
Same for Matrix. Not sure about the official audit, but at least France decided to use it as a base for its own governmental chat ( https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed... ) so I guess/hope that they audited the original software.
I mean it seriously. Replicating different social graph that automatically includes your closest people is superpower.
I had a contact show up with a super old name that I wanted to update but it was right in all my other apps. Turns out I still had the old name in one of the read only merged contacts from WhatsApp (contact showed up fine in WhatsApp). I had to remove my WhatsApp account clear the app data for signal and resync everything.
[0] https://t.me/durov/142
Exhibit A: The Signal Foundation's tax reports[0]
Exhibit B: The fact that WhatsApp had a very small team and rather low costs, at least prior to its acquisition by Facebook. (I can't find any numbers right now.)
[0]: https://projects.propublica.org/nonprofits/organizations/816...
Telegram has close to 500 million active users each month. So of course Signal is not using as much money. The same Wired article mentions that Signal recently had gone from 3 to 20 full time employees, that adds a lot of cost as well.
My point is that I don't think Telegram have spent lavishly or focused on big profits, so it's unreasonable to assume that Signal will be able to do what Telegram does for much less money, so they will also need a new monetization eventually.
https://www.wired.com/story/signal-encrypted-messaging-featu...
https://9to5mac.com/2021/01/04/app-privacy-labels-messaging-...
How come you trust its privacy? Its privacy guarantees are by far worse than those of WhatsApp as Telegram messages aren't even end-to-end encrypted by default.
Social media and their users are struggling because their (our) interests have not been aligned all along. Initially, the services grew by providing great value. They developed equity through size and usage. Interests were not aligned for the long term because they lost money quarter after quarter. Then came the day they needed to convert the equity into revenue.
At that point, the pendulum swung back the other way. The users had given up privacy and publicized their lives to the world and developed habitual (addictive?) use. The user experience deteriorated, '3rd parties' paid for access and insinuated their banners into our feeds. We've become invested in these platforms, in some cases literally by developing primary income from YouTube, Locals, OnlyFans, ...
Clearly, we still don't have aligned business interests.
How can 'Big Tech' and 5 billion Internet users align our interests for the long term?
Signal is approaching similar metrics (except it’s supported by a $50m endowment from Brian Acton instead of donations).
It’s easy to say that the mechanics of chat are pretty simple and a global chat service can be maintained by a roomful of engineers, but is the original algorithm-free, chronological Twitter that much more complex? It’s hard to believe there aren’t any other billionaires out there who would be willing to create an endowment securing the perpetual existence of a free social network.
Charging $1 a year like WhatsApp used to wouldn’t be such a bad idea once it got bootstrapped either, since it would make it much harder to run bot armies.
1. As another commenter replied, Big Tech will have to start charging market prices for their services.
2. Big Tech will be unable to charge for their services, and the business relationship between them and their users will collapse, taking Big Tech with it.
3. The relationship between Big Tech and its customers will change from a business relationship to something else, where the truism you stated will no longer applies.
One might argue that (3) has already happened, and the "something else" is more like a manorial or totalitarian relationship, in which the interests of the users are irrelevant.
This is a fascinating question, I want to see this discussed more. I'll throw some thoughts to get a conversation started:
I would happily pay for big tech company services - if I'm worth $30 a month in advertising revenues, I'm willing to pay $30 to subscribe to the same services in exchange for privacy. I'm convinced that I'm not the only person who thinks like this. I am waiting for a product to come around and service this market.
<Shut_up_and_take_my_money.jpeg>
So it ultimately comes down to "do we create an alternative funding model for that 1 percent of user space" which doesn't seem like much incentive vs trying to find ways to get more more out of the 99% of users.
I think the only way this changes is if that userbase grows significantly, I don't think it's simply been an overlooked/forgotten internet business model.
You get the idea- in the end you're paying incredible sums of money for a collection of services that just aren't worth all that much. A conclusion supported by the fact that your use of these services currently generates pennies a day in ad revenue.
We can see this game at play today in news, where you could easily blow $50/mo subscribing to a small selection of decent papers. It's not a big deal if you only had one subscription, but few people read only one paper- or participate in only one social network.
To make matters worse, as seen in the cable industry, paying subscribers by definition have money to spend. This means they are by definition the most valuable advertising targets, which makes the lure of advertising to your subscribers eventually impossible to resist...
Per service though, are you willing to spend $30/m each for what facebook was, for what twitter was, for what youtube was, for what reddit was, before ads took over? (that's over $100/m on 4 sm sites... now we're getting into medium, tech news sites, gmail, google search, maps, etc. And what about the people who can't afford a $300/m "internet" bill are they just cut out of this brave new world?
Also, if the gov tries to ban it, its just open-soirce software, right? Haven't courts (in the US at least) ruled that code is speech, and therefore protected from government restrictions by the 1st Amendment?
Note that the safety number is basically a combination of your and your contact's (DHKE-negotiated) keys and is thus going to be different for every conversation. The reason both keys are not shown separately is that it apparently confused users.
In fact, the cryptography is even more complicated: The Signal protocol uses a so-called double ratchet algorithm[0] which derives from the session/conversation keys a new ephemeral message key whenever possible (again using a DHKE). This has the added advantage of providing forward secrecy.
[0]: https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm
Being a house full of Pixel devices and sole IT person, I dont want to be responsible for lost messages when it comes time for a new phone.
Also if your phone is lost or bricked ( either platform ) say goodbye to messages
Moving from Android to iOS, bye messages.
I can move my savvier friends and family over, but the rest will remain on whatsapp where "its easier" compromise works.
It seems like it should be trivial to back up message history to the cloud.
How do you protect from various evil entities from stealing your cloud backups?
Nobody noticed, no warnings about encryption keys changing, no problems whatsoever. Took about 5 minutes each time (including googling of the directions).
Just make a backup (with an encryption key), then do a restore (and enter said key). Not as convenient as if it was automatic, but it does seem like a pretty secure approach.
My personal wishlist:
- Making the app available on F-Droid, either on the official repos or just hosting a third-party one
- Bringing the Android backup solution (encrypted blob) to iOS
- Bringing the iOS backup solution (direct device transfer over Wi-Fi) to Android
- Signup with usernames/emails as an option instead of only verified phone numbers
- A more reliable desktop client, because most of my contacts on Signal (myself included) have experienced syncing issues, message decryption issues, notification issues, etc. I do like that the desktop client is temporarily standalone in that the phone running the app does not need to be available, although I have had to re-connect the two every once in a while so I don't find it reassuring to depend on the desktop client alone.
Plus, some are predicting that forthcoming changes to Android – Google possibly mainstreaming its “advanced protection” model so that phone owners cannot install the F-Droid APK except through enabling ADB and pushing it to the phone from a computer over the command line – will further marginalize F-Droid.
From a security point of view it seems quite reasonable to object to f-droid handling all signatures.
The thing is, people using F-Droid are most likely already aware that they can install the .apk directly from https://signal.org/android/apk/ so there's not much to gain (the .apk prompts the user when an update is available too).
1. I noticed that Whatsapp allows me to add someone to a call (sort of like upgrading a phone call to a group call). I couldn't find a way to do that with Signal - although Signal supports group calls (that is, calling an entire group at once).
It's a minor feature, but I discovered that I rely upon it quite often.
2. Last year, I attempted to switch from iOS to Android - and I discovered that there isn't a clean way to move my whatsapp messages over. On iOS, whatsapp creates a backup on iCloud, there isn't any way to recover that on Android.
I aborted the attempt to switch to Android only because losing my whatsapp chat history was unacceptable.
Signal currently seems to be just as bad. However, if signal can implement a reasonable way to create backups and recover them across devices and operating systems, it will seal the deal and convince me to permanently delete whatsapp from all my devices.
Imagine if e-mail had been like this. You can't talk to your friends if they have a different provider, and you're not allowed to use your own client anymore.
And no web client means I am forced to type on my mobile (ugh), and I cannot mitigate the hurt with Franz.
[0] https://delta.chat
Burner SIM? Google Voice number? Landline service? Go find a payphone?
If you want to change your phone number, how do these platforms handle it? Do your contacts get updated or what? What happens to people with your old number?
If your phone breaks, and you get a new one, how do they handle backups? (My iPhone's WhatsApp backups somehow disappeared when I got a droid.)
These questions are particularly infuriating for digital nomads and people living abroad. I want an inexpensive cheap way to keep my US number I've had for 10 years. I've also heard horror stories that Google Voice (or Fi? Can't figure it out) will shut down your account if you live internationally.
https://support.signal.org/hc/en-us/articles/360007059792-Si...
> The "tied to your phone number" thing is weird for me, both Telegram and Signal.
Isn't this restriction also applicable to WhatsApp?
[0] https://support.signal.org/hc/en-us/articles/360007059752-Ba...