I went looking for Signal's warrant canary, but it turns out that they don't have one because they don't believe they work (apparently they have been advised that conveying information by not taking an action such as updating a web page would still run afoul of a gag order).
A related factoid: Signal has committed to publishing all government requests for user data, but the most recent such information is from 2016[0]. I find it a bit suspicious that apparently no such requests have been made for the past several years.
What will it take to convince people of a federated protocol like XMPP? Someday, maybe, we can make people care about open protocols and decentralization.
Maybe someday the apps that implement open protocols and decentralization are user friendly enough to allow non tech people to use them to talk to each other and share baby photos.
We've tried Matrix in our friend group and it was impossible for us to get it to work. And that was with a non self hosted identity provider.
Signal isn't perfect but it seems to offer better privacy and is trivial to set up.
> Maybe someday the apps that implement open protocols and decentralization are user friendly enough
That is everyone's dream. The problem is every startup/project with $$$$ is investing into reinventing the entire client/server wheel (Signal, Wire, matrix, threema, etc..) instead of investing their $$$$ into making a user-friendly client for an established/reliable protocol.
In this sense, and despite all my criticisms of email/XMPP ecosystems, i'm a big fan of delta.chat and conversations.im. They took a well-established federation, and applied lots of UX/security on top, so that people don't have to choose between freedom and security, and can enjoy modern features in backwards-compatible, federated way.
> Signal isn't perfect but it seems to offer better privacy
Compared to SMS yes. Signal evolved from smssecure/textsecure which was an encrypted SMS app/protocol (which continues to this day as silence.im though barely maintained by a single exhausted volunteer).
But Signal is a central actor that has power over all users at the same time (compared to a federated network like email/matrix/XMPP) so it's less healthy. And in particular, Signal uses servers from big internet giants which thanks to signal using Google's push notifications server on Android (the reason why the libresignal/f-droid vs signal "controversy" started) can give them a really good overview of who's talking to who.
I trust that Signal employs some really clever cryptographers and very competent UX designers. I just don't trust anyone (including myself) to hold the privacy of the entire planet, even less so when their plan to protect metadata relies on shady tech (intel SGX) and shady actors (amazon/google) not proper systems architecture, and they have openly/strongly opposed decentralization and standardization/interoperability (see "The ecosystem is moving" and/or the libresignal drama).
I wasn't even aware of the 'libresignal/f-droid vs signal "controversy"', thanks for sharing.
> Compared to SMS yes.
Unencrypting messengers, for sure. I was also thinking of messaging client that encrypt but aren't open source (e.g. WhatsApp) and clients that don't encrypt messages consistently (Telegram).
Thanks for sharing your thoughts. It opened up another "level" for me of considerations to think about. I agree that a federated system are the next step in the right direction.
For now I'll just enjoy for a while having completely removed myself (and some from my social circle) from the Facebook ecosystem.
Was your experience with Matrix bad because of the server setup or the Element client app? If server, I found this video to be super helpful: https://www.youtube.com/watch?v=dDddKmdLEdg
When was this? Element (formerly Riot) as a client has gone from having serious UX limitations in 2019 to something I can hand to techno-phobic contacts today.
Integrating with Slack, IRC, etc all in one app has also been quite convenient.
I've tried blogging, with mixed results from people on the other side of the fence.
A lot of people are actually less likely to adopt something if I promote it since I'm "that guy" who only uses FLOSS and open platforms. Promotion works better with people who don't know me IRL.
I have a doubt about XMPP, can someone please clarify?
If someone logs into my account on another device, how can I know it? In Signal, Telegram etc there is a place in settings that lists all the logged in sessions. But I can't find anything like that in the 'Conversations' android app. Am I missing something?
They need quality; Being fast, frature-ful, open APIs with good wrapper libraries, and not having tons of bugs.
While WhatsApp already sucks (each time I try their bloody web app after years it still doesn’t work), other apps have solid quality. Telegram is easily two orders of magnitude more valuable to me than Matrix.
(Comment adapted from one I made under the post itself)
Whether or not the server-side code is visible isn't very important. There are two reasons why:
1. (Anti-Signal) Signal is a closed platform; users can't self-host a Signal server and expect to be able to talk to other Signal users. Users must accept whatever code the server runs, no modifications. This is an example of the difference between "free software" and "open-source"; this type of SaaS is open-source but not necessarily free.
2. (Pro-Signal) All three Signal apps (at the time of writing this comment) use E2EE with minimal metadata leakage. The server is unaware of the contents of the messages and cannot connect a sender to a recipient. As long as the apps don't get an update that changes this situation, users don't need to trust a Signal server to protect their privacy.
I wrote about the first reason in a bit more detail in a blog post, posted here previously [0].
A follow-up article [1] covered alternative asynchronous messaging platforms: email, XMPP and Matrix. None of the three is a perfect replacement of Signal due to metadata leakage, but all offer a greater degree of freedom. My main thesis is that when choosing a messaging platform to adopt, it's important to consider implementation and provider diversity to prevent lock-in.
A 12 year old kid in India was able to clone the Signal app, change the branding, publish it on the Play Store, get tens of thousands of users, get news coverage, and yet it took Signal 4+ months to get that application blocked.
Signal, afaik, hasn't made a public statement on the clone application and whether the users were impacted in any way.
> All three Signal apps (at the time of writing this comment) use E2EE with minimal metadata leakage.
Three most important metadata of a message is sender, receiver, time. AFAIK all three are available to Signal server (while sender, receiver identified at least by IP address).
> This is an example of the difference between "free software" and "open-source"
Given Signal's insistence that modified apps don't connect to their users' existing accounts, Signal is better characterized as shared source. You're only meant to look, not to touch.
Their silence has been so frustrating. Not even any acknowledgment from the team -- they just keep releasing updates and posting to the forums as if nothing happened.
It would be a lot easier to believe this was due to a court order if Signal's attitude wasn't always like this. I call them "the Apple of open source" because they rarely (if ever?) accept PRs from outside Signal, don't have a public roadmap they share, and the development process is all done behind closed doors (commits are made public only when the associated build has been released). These are all unique to Signal afaik versus its competitors (Matrix and the like), and it's made me grow to hate it.
Keeping the server's source closed is probably the final straw for me, a long time Signal-apologist.
Maybe it’s time for experts whose names matter to call Signal out on this and not pretend that the metadata collected by Signal (which has increased with the new groups design) is of little or no significance. Metadata is as valuable as or more valuable than data!
Seriously, knowing this background on the server code and the total silence about this for nearly a year now, would anyone still recommend Signal to activists? Saying there’s nothing better is not a real answer, IMO.
Oh... there was this guy last time on HN who insisted that signal is open source but they want to"protect signal brand" and that means not allowing federation or even third party apps or servers to connect to official servers because.
Then goes on to say for a lead "has explained why it disant federate with element" and that should be it.
According to them, its "open source" but see, dont touch. Also, because its built over a "foundation" it has less chance of being taken over so count your blessings and join signal because.
26 comments
[ 3.5 ms ] story [ 66.0 ms ] threadA related factoid: Signal has committed to publishing all government requests for user data, but the most recent such information is from 2016[0]. I find it a bit suspicious that apparently no such requests have been made for the past several years.
[0] https://signal.org/bigbrother/
We've tried Matrix in our friend group and it was impossible for us to get it to work. And that was with a non self hosted identity provider.
Signal isn't perfect but it seems to offer better privacy and is trivial to set up.
That is everyone's dream. The problem is every startup/project with $$$$ is investing into reinventing the entire client/server wheel (Signal, Wire, matrix, threema, etc..) instead of investing their $$$$ into making a user-friendly client for an established/reliable protocol.
In this sense, and despite all my criticisms of email/XMPP ecosystems, i'm a big fan of delta.chat and conversations.im. They took a well-established federation, and applied lots of UX/security on top, so that people don't have to choose between freedom and security, and can enjoy modern features in backwards-compatible, federated way.
> Signal isn't perfect but it seems to offer better privacy
Compared to SMS yes. Signal evolved from smssecure/textsecure which was an encrypted SMS app/protocol (which continues to this day as silence.im though barely maintained by a single exhausted volunteer).
But Signal is a central actor that has power over all users at the same time (compared to a federated network like email/matrix/XMPP) so it's less healthy. And in particular, Signal uses servers from big internet giants which thanks to signal using Google's push notifications server on Android (the reason why the libresignal/f-droid vs signal "controversy" started) can give them a really good overview of who's talking to who.
I trust that Signal employs some really clever cryptographers and very competent UX designers. I just don't trust anyone (including myself) to hold the privacy of the entire planet, even less so when their plan to protect metadata relies on shady tech (intel SGX) and shady actors (amazon/google) not proper systems architecture, and they have openly/strongly opposed decentralization and standardization/interoperability (see "The ecosystem is moving" and/or the libresignal drama).
> Compared to SMS yes.
Unencrypting messengers, for sure. I was also thinking of messaging client that encrypt but aren't open source (e.g. WhatsApp) and clients that don't encrypt messages consistently (Telegram).
Thanks for sharing your thoughts. It opened up another "level" for me of considerations to think about. I agree that a federated system are the next step in the right direction. For now I'll just enjoy for a while having completely removed myself (and some from my social circle) from the Facebook ecosystem.
I didn't set up my own server though, that was through matrix.org. And probably an intermittent issue.
That video explains the setup very well if one is inclined to run their own server. Thanks for sharing.
Integrating with Slack, IRC, etc all in one app has also been quite convenient.
A lot of people are actually less likely to adopt something if I promote it since I'm "that guy" who only uses FLOSS and open platforms. Promotion works better with people who don't know me IRL.
If someone logs into my account on another device, how can I know it? In Signal, Telegram etc there is a place in settings that lists all the logged in sessions. But I can't find anything like that in the 'Conversations' android app. Am I missing something?
While WhatsApp already sucks (each time I try their bloody web app after years it still doesn’t work), other apps have solid quality. Telegram is easily two orders of magnitude more valuable to me than Matrix.
Whether or not the server-side code is visible isn't very important. There are two reasons why:
1. (Anti-Signal) Signal is a closed platform; users can't self-host a Signal server and expect to be able to talk to other Signal users. Users must accept whatever code the server runs, no modifications. This is an example of the difference between "free software" and "open-source"; this type of SaaS is open-source but not necessarily free.
2. (Pro-Signal) All three Signal apps (at the time of writing this comment) use E2EE with minimal metadata leakage. The server is unaware of the contents of the messages and cannot connect a sender to a recipient. As long as the apps don't get an update that changes this situation, users don't need to trust a Signal server to protect their privacy.
I wrote about the first reason in a bit more detail in a blog post, posted here previously [0].
A follow-up article [1] covered alternative asynchronous messaging platforms: email, XMPP and Matrix. None of the three is a perfect replacement of Signal due to metadata leakage, but all offer a greater degree of freedom. My main thesis is that when choosing a messaging platform to adopt, it's important to consider implementation and provider diversity to prevent lock-in.
[0]: https://news.ycombinator.com/item?id=25982860
[1]: https://seirdy.one/2021/02/23/keeping-platforms-open.html
Signal, afaik, hasn't made a public statement on the clone application and whether the users were impacted in any way.
News Report (2020-09-04): https://keralakaumudi.com/en/news/news.php?id=383731&u=a-bol...
Report after which the app was taken down (2021-01-12): https://twitter.com/selfrefute/status/1348994641165631488
Edit: On second reading, realized you meant Federation, and this isn't that (the clone app talks to the Signal servers)
Three most important metadata of a message is sender, receiver, time. AFAIK all three are available to Signal server (while sender, receiver identified at least by IP address).
Given Signal's insistence that modified apps don't connect to their users' existing accounts, Signal is better characterized as shared source. You're only meant to look, not to touch.
It would be a lot easier to believe this was due to a court order if Signal's attitude wasn't always like this. I call them "the Apple of open source" because they rarely (if ever?) accept PRs from outside Signal, don't have a public roadmap they share, and the development process is all done behind closed doors (commits are made public only when the associated build has been released). These are all unique to Signal afaik versus its competitors (Matrix and the like), and it's made me grow to hate it.
Keeping the server's source closed is probably the final straw for me, a long time Signal-apologist.
/sarcasm
Seriously, knowing this background on the server code and the total silence about this for nearly a year now, would anyone still recommend Signal to activists? Saying there’s nothing better is not a real answer, IMO.
According to them, its "open source" but see, dont touch. Also, because its built over a "foundation" it has less chance of being taken over so count your blessings and join signal because.
Yuck.