458 comments

[ 88.3 ms ] story [ 8579 ms ] thread
Shit. Just as I convinced all my family and friends to move out from whatsapp and I uninstalled the stupid green app. What do we get to do now?
Can't the user just ignore this cryptocurrency BS if they (like myself) have no intention of using it?
You can, it's just that having the cryptocurrency in the first place leaves a bad taste in some people's mouths.
don't lick your phone then, seriously, if you don't like a feature, do use it. Done.
The problem is that these features need to be worked on, they require attention and the implementation sends a (strong) message.

It's not just the fact that it exists that leaves the bad taste, it's the fact the decision was made, what that implies about the mentality/goals of the people making such a decision and that it will from that point on hog resources. And those aspects won't go away by not using it.

I feel the biggest concern is about focus shift for Signal since doing one shady thing usually means other shady things will be done.

You can ignore it for now but how much will they push it over time to make it harder and harder to ignore? Will grandma accidentally buy tokens due to some dark pattern UI and then call you about it? Will you get constant messages from scammers trying to get you to send them tokens?

This might not happen but I feel it is a valid concern for a platform you wish to stay on longer term.

edit: And since the CEO of the token company has said he wishes to make future monetary donations to Signal they have an incentive for making the token do well.

You can for sure.

But it seems like a waste of resources by Signal, they could be making the chat part of the app better instead.

Problem is that with the cryptocurrencies, it opens the app to whole new financial legal frameworks and agencies.

Not to mention that with the number of scams with cryptocurrencies It's not inconceivable that either Apple or Google will eventually ban them from App store (apps using cryptos)

This isn't a privacy breach at this point though. It's just questionable. The security model of Signal doesn't require us to trust the servers (in theory - in practice, well, you've got the app chain and non-reproducible builds and distribution).
(comment deleted)
I don't mean to sound pessimistic but "Security in theory" isn't really secure, is it?

I still have way more trust for Signal than I have for say Messenger or Telegram, but I've been burned too many times to take these things at face value.

If you are looking for e2e encryption, it all depends on which features you need (like voice messages) and how good usability and UX needs to be for your family and friends to adopt the new tool.

Some candidates are

* GNU Jami: https://jami.net/

* Matrix with Element: https://element.io/

second the recommendation for Element. At least you can rehost it on your own.
Jami has it's own tradeoff as you'll be revealing your IP in a DHT.
I realize everyone here seems to hate it but couldn't you just keep messaging and ignore the availability of a payment system?
No. This is an unacceptable shit move. No way I can keep using signal with a clear conscience.

Now I am ashamed to swallow again all the shit that I supported from my colleagues who said that in a few weeks I would be asking them to switch to a less-evil place than signal. And here we are.

And drawing on my one semester of Latin from Wheelock just for fun here:

Quid facis, Signal? Quid cogitas?

Aha; I'm working through it right now. This quote is from Cicero's speech to the senate condemning Catiline for trying to overthrow the Roman republic for the second time (https://en.wikipedia.org/wiki/Catiline#Second_Catilinarian_c...)

"Quid facis, Catilīna? Quid cōgitās? Sentīmus magna vitia īnsidiāsque tuās. Ō tempora! Ō mōrēs! Senātus haec intellegit, cōnsul videt. Hic tamen vīvit."

"What are you doing, Catiline? What are you thinking? We know your great treachery and plans. Shame on the age and on its principles! The senate is aware of these things, the consul sees them, and yet this man lives."

(I like the gentle reprimand of the 'and yet this man lives' line)

I was recently pulled onto Signal by a non-techie who values his privacy. I talked to him about Matrix/Element and he had no idea what that was, but was very happy with Siganl. I must admit, the app is very nice. All I had to do was give it access to my contacts and bam, I am now able to chat with all my contacts.

By comparison, Element is much more like a chat program than a phone messenger. It's good for "I want to connect with that person from GitHub" instead of "messaging the cute girl I met last night" or "messaging my grandpa". And yet, it feels to me like Matrix/Element is the platform less likely to pull something like this. Then again, Keybase seemed that way as well...

(comment deleted)
> Matrix/Element is the platform less likely to pull something like this

Agree, I've been using Matrix/Element, and it's a bit slower/buggy but seems like it'll be around for longer.

The best part about Matrix/Element, is that it could be Matrix/Anything. If Element is buggy, switch to another client.
And unlike Telegram where the client is open source, with Matrix you can also switch the server. Or bring your own server.
It has improved a lot. I once wanted to switch with another tech-savvy friend 2 or 3 years ago and the experience was abhorrent. Nowadays I use it mostly like a IRC client and it improves constantly.

However the comparison between this and signal falls flat due to the metadata that needs to be stored on matrix servers due to its federated setup.

Would you say this is a weakness of element or matrix itself? In principle you could made a clone of signal, WhatsApp, telegram etc. using mobile APIs right?
I think it's 100% the client. But this is the problem with a federated system like this: it increases your marketing surface without providing apparent value to the consumers. Consumers don't want choice, they want the one product that will do exactly what they need it to do. When I am presented with "choose your client from this list of 5-15" my eyes glaze over. I just want to try the thing. That isn't to say that there shouldn't be choices, there absolutely should. But the problem is that there needs to be a very easy short and gentle on ramp for new users.

Element is none of those things. It's name is so forgettable and so generic that people often don't even know whether it's an app, a library, a website, etc. The mobile app is yet another chat app with nobody on it until I do the legwork of pulling them in. It's just not usable on day one after I already spent the time to figure out which app I need. In the meantime, Signal can become your default messenger on Android within a few minutes and do everything you used to be able to do but more and better.

I think Element is unable to do this since they have nobly chosen a federated protocol.
You can layer over easy onboarding on top of a federated protocol..
Which part? The part of also integrating SMS functionality? The part where I can message my other contacts who aren't using Matrix via SMS and finding them by phone number? Having a good marketing strategy?
Sorry, I should have quoted. They are “unable to pull something like this” due to being a federated protocol. If they try to add crypto to their app, another app can be used to communicate to the same people in the same way.
I think you hit the nail on the head with "Element is much more like a chat program than a phone messenger". Me and a friend experimented chatting with Element (Riot at the time), and while it certainly "worked", the process of getting everything working was not something I would expect a non-programmer to be able to figure out. We had to finagle different keys across different computers and phones and it was fairly painful. Both of us are software engineers, so at some level we have fun figuring this stuff out, but I cannot see a universe where Element catches with the general public unless the process is as quick and painless as Signal.

I feel like Element works better as a competitor to Slack or IRC than as a competitor to Signal or Whatsapp.

> I feel like Element works better as a competitor to Slack or IRC than as a competitor to Signal or Whatsapp.

To me it's a competitor to Keybase. "I want to send my co-worker/client an API key that I don't want exposed to the public" is about the only use for Keybase I've had. I have like 5 contacts on there for this reason. Slack/IRC is much more usable for getting shit done, but not being E2E I wouldn't send anything sensitive over them. Element is currently a "this is a mildly nicer experience over PGP + Email/Slack.

Yep yep, totally think that's reasonable.

I know very little about the intricacies of cryptography, but part of me wonders if there's some way of doing a federated "key synchronization" service similar to keybase.

So Keybase is just a UI for PGP/GPG (well that was what it was before it became a Borg). The problem with GPG:

1. You need to keep your private key very private, which is incompatible with the idea that you might have several devices you normally use. GPG itself does not provide you with a mechanism to sync your private keys between devices because this is a super insecure thing to do without some serious work.

2. GPG requires that you and another person verify each others' public keys out of band. I need to meet you in a parking lot to validate your key fingerprint while you validate mine.

3. GPG's web of trust relies on attaching public keys to real world identities. You are asked to validate government documents when verifying public keys. That's incompatible with how a lot of us want to work. Note that this isn't a built-in requirement, but GPG itself provides no guidance on how to validate user123 on GitHub, just User Onetwothree Jr in real life.

4. GPG's UI is almost as arcane as tar :)

Keybase solved this by:

1. Providing a secure way to manage private keys across devices.

2. Outsourcing proof of identity to other providers. Its use case is validating the identity of user123 on GitHub, which happens to also work fairly well for CelebrityName on Twitter, or FriendName on Facebook.

3. See #2: social proof means you can attach that proof to any kind of identity.

4. GUI + nice TUI works better.

Where Keybase fell short was that a non-techie will not understand much about "social proof" and the only kind of social proof they have access to is limited to Twitter, Facebook, and Instagram.

Signal's solution to this was simpler: you have a QR code/set of numbers that represent your fingerprint right in the app. You show me yours, I'll show you mine. We get connected by phone number or email. That's it. If Signal was built on a federated platform it'd be perfect and nothing about it from what I understand prevents that.

That sounds kinda similar to the problem Matrix solved with cross-signing, how when you login to a new device and verify it with one of your already logged-in devices, it can request your old message keys E2EE so you get all your history.

Maybe a similar thing could be built on top of it?

> By comparison, Element is much more like a chat program than a phone messenger. It's good for "I want to connect with that person from GitHub"

Element is what messaging should have been from the START: a federated service just like email, where you register an account with your provider of choice, just like email, and start adding/chatting other people after getting to know their address, just like email. So, instead of asking that cute girl her phone number or her email address, you would ask her her element address.

Whatsapp spoiled this approach years ago, so now we are basically screwed because everyone is used to the central approach and it's almost impossible to move away from it. But TODAY's implementation of Element and their shiny clients 12 years ago, would have been a great success just like WhatsApp was (whishful thinking at its finest, I know).

There's also DeltaChat: It looks more or less like WhatsApp, but it uses email as the transport and storage mechanisms, and it is seamlessly encrypted with AutoCrypt. It supports both one-on-one and group chats. It has apps for mobile and desktop.

https://delta.chat/

That seems awesome, thanks for sharing! What an awesome approach.
There was decentralized XMPP/Jabber back in the days with lots of clients and it didn't catch up.
But I said with today's Element UI/UX. Anyway email was already a standard before corporations took over internet, it would have been really difficult to have a decentralized standard taking over in the 2009 Internet already. Also XMPP was EEE by both Google and Facebook around that time.
> less likely to pull something like this

They are less likely to do this kind of secretive development, but they could go that direction. They have considered cryptocurrency in the past, see https://matrix.org/blog/2017/08/22/thoughts-on-cryptocurrenc.... They are open, but still driven by a single company which could change direction at any time.

They also surprised their community multiple times with renames of their app and weird redesigns (remember the horizontally-scrollable unordered bubbles for room selection?)

Same here, I have been looking at Element too... Alternatively, anyone use Threema?
Dang: could the title be changed to something more informative?

"Signal announces cryptocurrency: opinion"

I thought the title was a pretty good hint as to the content of the article, assuming that you're familiar with the reference to "et tu Brute": https://en.wikipedia.org/wiki/Et_tu,_Brute%3F
"Et tu" implies betrayal, but doesn't specify how.
Probably using people to market and, in some cases, donate to their non-profit then essentially selling their user base to a friend. A perfect example of crony capitalism.
I know the meaning of the saying. But it doesn't say how they betrayed us. Mentioning that they introduced a cryptocurrency is much more descriptive.
Woah putting telegram to the same bucket is insane - their network was permined, true, but unlocking value exchanging of 500m users makes this a tiny drop in the ocean.

Unlike Signal, sigh.

The piece doesn't note the additional fun fact that the website to buy the tokens is blocked in the US presumably to avoid an SEC investigation.

edit: Blocked at the cloudflare level without even an explanation of why if you go there.

> fun fact

It's absolutely hilarious, the SEC has gone after so many different coins, ICO's and exchanges now who have gone to far greater lengths in excluding Americans. The first person who gets around it opens you up to all sorts of civil and criminal charges.

I don't understand how after years of this happening any company thinks it's somehow safe with nothing more than an IP geofence.

If they make reasonable attempts to keep out Americans, requiring IP proxies and checking a box saying "I am not an American," then is it really their fault when Americans end up using it?
Thus far the SEC penalties are fairly uniformly ... raise a billion dollars from suckers, pay a penalty of $25 million as part of a settlement where they promise no further action kinda stuff. Just a really minor cost of doing business.
They have to. If they allow even the possibility of a monetary transaction to a United States citizen, they fall under SEC, FINRA, and FINCen, which among other things, requires compliance with AML/a KYC process.

This kills the Signal value proposition.

You can move money electronically legally, or you can be anonymous in the U.S. It us incredibly difficult if not nigh impossible to do both.

It's part of the U.S. soft power projection scheme. If you want access to American markets/easy movement of financial assets, you leave audit trail.

> If they allow even the possibility of a monetary transaction to a United States citizen, they fall under SEC, FINRA, and FINCen, which among other things, requires compliance with AML/a KYC process.

Bad news for them then: there are lots of American citizens in the UK.

This seems to ignore the fact that absolutely nothing about using Signal requires that one use this additional feature. It's not required if you don't like it.

Yet it insists on it being a pump and dump scam, without evidence. :(

But it requires extra code and that code can have additional bugs.
And it adds a risk that you fat-finger something disastrous.
No one wanted Google+ either, but these things are a sign of a company with misguided or missing focus, a misunderstanding its own product and the core competencies of its team, and which may be chasing trends in search of growth, perhaps a sign that current revenue streams are not sustainable.

None of this bodes well for the future of Signal, either the app, the service, or the company.

I am highly optimistic about the future of cryptocurrencies but even I can acknowledge this was a strange/risky move by Signal.
Don't blame Signal, blame capitalism.
Can you explain exactly how capitalism is at fault here, and contrast it with other economic systems which you think would have had a different result?
Oh well. No such thing as free lunch after all. Yet again, a user-funded nonprofit would be the way to go, but users want free stuff. Minority would donate, but good luck having a steady cash flow and being able to pay for the infrastructure and your wages.
Moxie seems to think that they need to do this to keep up with the Joneses, as they try to build some kind of decentralized alternative to WeChat. I guess we should have seen this coming when he got involved with MobileCoin. I'm not a psychic and it might turn out okay but it still seems like a bad idea to me.
Do you have any examples of Moxie talking about needing to keep up with the Joneses?
Yes in the other article in Wired that was on here he said they felt like it was important to add this feature because other messenger clients we're adding it. That was one of his primary justifications for it along with the promise of adding privacy to payments and making that mainstream, like they've attempted to do with encryption.
No, he wants to do this, has wanted to do this for a long time.
(comment deleted)
I definitely agree with the article that it felt a bit like a betrayal. I've pushed some friends and family to use it over Telegram despite significant usability issue, and now I see that instead of implementing some IMO basic features like proper message sync and easy backup when you get a new phone, they prefer to implement a... micropayment system? Based on some niche altcoin which doesn't even exist on mainstream exchanges?

It goes beyond the usual issue with cryptocurrencies. Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea? You can already send wallet addresses over signal if you care to do it.

I'm willing to give the Signal devs the benefit of the doubt and assume that they meant well and aren't actively trying to benefit from the move (even though I'm not completely dismissing this possibility) but at the very least it's just showcases a very strange way to lead the project and prioritize issues. I can think of a dozen things out of the top that would do more to drive Signal adoption than integrating with some "literally what?" cryptocoin.

This is going to drive the adoption of this niche cryptocoin, it's not going to do anything at all for Signal.

> easy backup when you get a new phone

I just recently got a new phone, and used the new feature to do this (uses wi-fi direct) and I have to say it seemed like it would be easy enough for non-techy users to use.

Try transferring from an iOS phone to Android. Try transferring messages to a new desktop (you can't).

It's 2021, I don't want to be platform locked and none of the other popular messaging apps have that issue.

Last I checked (about a year ago I think) Whatsapp backups were platform-locked as well.
You can get a dump of all your messages with someone pretty easily.
Not completely. WhatsApp pushed out an Android-compatible backup option on their BlackBerry 10 app when they announced that they were shutting the app down a few years ago. But it was behind a notice that said it was 'not supported', even though it worked fine. Only to Android though.
Whatsapp does, so it's probably not that critical of a feature.
Most people don't switch platforms very often so it's not a big deal to them and just a corner case. Also most people don't care that much about old messages so again a corner case.
I transferred between two Android phones, and had to re-pair desktop clients. It all worked, but now the desktop client won't receive messages I've sent via phone.

Also video calls still don't synchronize orientation. It's very hard not to stoop down to use more vulgar language to express my feelings about this.

> Also video calls still don't synchronize orientation.

This is insanely annoying in real life.

My phone needed to be factory reset, where was my backup to restore from without purchasing a second phone?
I only just got this set up, but you can point the automatic backups to your SD card on Android. I guess some cloud sync app could pick it up from there or internal storage.
Not sure why this was downvoted. I switched phones yesterday and transferring signal with the direct wi-fi transfer was easier than transferring whatsapp, I do know that that used to not be the case.
because it is only relevant for one very specific type of 'switching phones'
Yeah, but consider the use case where you lose your phone in an accident or someone steals it. You can recover your sim card, you know your recovery password. But you'll be SoL and you won't be able to recover the history of all of your group and individual chats. This sucks.
There's a backup function. Maybe they should add some cloud drive integration to that feature.
Signal for Android allows backup. Signal for iOS doesn't.
Did you ever try to salvage data off a dead phone? Many of us only buy a new device when the old is fubar.
Will that feature work if you drop your phone and it breaks? Or will you lose all your conversations and photos then?
That's great to know, I didn't know they had improved on that front. Last time I tried to do it you had to manually copy a file from a micro-SD card (and it was only supported on Android) and then you had to copy a crypto key. In the end I couldn't get it to work and gave up.

Unfortunately day-to-day my issue is more with syncing the desktop to the phone client's history and as far as I know it still won't let me do that.

An other super convenient feature of Whatsapp and Telegram is that they offer a pure web interface with basic functionality which is super convenient if you're in a pinch and don't want to/can't install the standalone desktop application.

Proper message sync is hardly possible with end-to-end encryption everyone so excited about (without fully understanding the implications of true secrecy). If you have e2ee and then sync messages via google drive (looking at you, Viber), you are kinda missing the point.
I remember that Skype, before it was bought and ruined by Microsoft, had P2P chat history sync that worked the following way: once two of your devices were online at the same time, they synchronized chat history among the two running instances flawlessly. It was super reliable and predictable.

I am sure that Signal could implement the same peer-to-peer sync scheme with full end-to-end encryption without any secrecy compromises.

One of the features of the Signal protocol is that each message is signed with a different key so that if one message is somehow compromised it's still impossible to retrieve the others. I think this would break with P2P sync.
First people want full security, but when they encounter inconveniences that come with true full security, they start wanting convenience. What works best is a very very very good promise of security without e2ee, as shown by Telegram. It's users just know that Telegram is the most protected messages, and they are happy with it's advanced features.
Your Signal client has all the messages stored unencrypted (this is true because you can read them all, and search all the local messages).

What's preventing the client from dumping all the messages to a single file, encrypt it with a public key of the other running instance of Signal logged in to the same account, and send it, so that your other device can decrypt the file and import all the messages?

This is actually working very bad in most practical situations. The way to go is Telegrams way, where you store all data on the server and happily sync ut easily between devices. Just do it on your own server using xmpp. E2ee helps mostly against server owner, and you eliminate this risk by being your own server owner.
You run your own datacenter?
XMPP is extremely light, you can use a moderately powered personal computer to handle traffic from several users. I don't have the numbers with me but last I'd heard, the number was in the hundreds.
ejabberd can host ~2k active connections on $2/month server.
Where can I get this $2/month server?

The nice thing about client-side/end-to-end security is that the service provider matters less.

Also, $2/month is $2 more than many people would be willing to pay for private messaging, and I can't message people on a network they're not on, no matter how much I pay.

Ionos.com

And if you're privacy is worth less than $2/month, just use Telegram. It works way better than these messenges obsessed with privacy, precisely because it does not have encryption for most messages

> Ionos.com

That looks a lot like a server hosted by somebody else in a data center.

It's also way more hassle than almost all of my contacts would be willing to go through, and if only I self-host but they don't, it'll be Gmail all over. (Almost all emails go through Gmail because that's what at least one of the parties in an exchange is likely using.)

Point-to-point encryption is not enough for messaging in today's network topology.

> just use Telegram

No thanks, I'll continue using one actually spending some effort on not being able to read the messages their users send.

Fortunately most people in my country do. Ironically it's only a couple of people in my circle of friends worried about the privacy of said messenger switching to Telegram "because it's encrypted"...

> E2ee helps mostly against server owner, and you eliminate this risk by being your own server owner.

Unfortunately you only eliminate it by being your own server owner _and_ your recipient being their own server owner. Take a look at email: I might not want to use e2ee because I self-host, but the second I send an email to a friend hosted on gmail, Google gets all the content.

I think federation does have its place (for different reasons) but it unfortunately isn't enough for privacy.

> Just do it on your own server

What if I don't have and don't want my own server?

Pre-MS skype was so far peak IM.
Don't forget about when IM networks actually used open standards instead of closed proprietary protocols. Managing all of my accounts through pidgin was a breeze, and didn't leave me swapping between half a dozen different programs trying to remember which networks somebody would typically use.
That was never a thing: Pidgin & the rest had to write their own implementation for many of those protocols, starting with AIM.

There was a tiny period, somewhere in 2006, when many services were XMPP, maybe even federated, but due to the lack of good clients - compared to skype -, it never manifested as good as it should have.

There are now many nice XMPP clients, but the big players now all moved into proprietary territory.

I also remember a period in time when I could use Trillian to connect to ICQ, MSM, AIM and have it all in one convenient chat client without having to fire up all the individual ones. Granted it sometimes broke when the protocols updated, but for a moment it was pretty cool.
e2ee is a technical term, not a social term. It only means that 2 devices exchange bytes and no third-party can read them. Nowhere is there any obligation that the 2 devices belong to different people: it is perfectly possible to exchange history between your laptop and your smartphone with e2ee.
> Proper message sync is hardly possible with end-to-end encryption

iMessage (and soon WhatsApp) would beg to differ.

It is much more difficult, yes, but definitely not impossible.

Telegram is just so much more usable than Signal.

The perceived advantage of Signal over Telegram is LITERALLY not having an option for a cloud-synced chat and ONLY having end to end encrypted chats. That's all.

You give up of usability to get that advantage. Explain to your mom why she has to give up Telegram to get basically the same functionality as Telegram secret chats.

Signals crypto is used by Facebook and was sponsored by the US Govt. Before you believe "OMG Telegram crypto is bad!" FUD, do 15 minutes of research.

Most non profit work in the US is somewhat funded by the US government via grants and crap ... 80% to be exact.
(comment deleted)
There are no known attacks against Telegram.

The problem is entirely that its cryptography was sketchy and just plain weird to begin with. It wasn't wrong, per se, but raised some eyebrows. And then some of the questionable choices were silently fixed removing the ability to MITM, etc, but with no real notice.

It's not FUD.

Interestingly, if you say that Signal's funding is sketchy and it raised some eyebrows, that would be FUD (see sibling comment). But saying the same about Telegram encryption is for some reason perfectly fine and definitely not FUD.

Shouldn't we have the same standard for all claims?

So you're saying we should have the same standard while literally giving two different types of allegations that are thrown at Signal and Telegram respectively?

We either consider the funding of both and decide how the funding COULD ultimately impact the product, or we could look at the source code of the applications and the cryptographic theory supporting them and talk about that. If crypto experts aren't finding holes in Signal's protocols [1], I don't think random people on the internet yelling "bUt It WaS fUnDeD bY ..." will make it less secure.

[1] https://eprint.iacr.org/2016/1013

> Interestingly, if you say that Signal's funding is sketchy and it raised some eyebrows, that would be FUD (see sibling comment). But saying the same about Telegram encryption is for some reason perfectly fine and definitely not FUD.

> Shouldn't we have the same standard for all claims?

Huh? Telegram's protocol has been criticized by cryptographers for making specific "odd" cryptographic choices (see See https://crypto.stackexchange.com/questions/31418/signal-vs-t...). It's not FUD to bring that up.

However, it is FUD to imply something concrete based for vague, indirect reasons.

More than one red flag there, there was the claim of it being secure just because the spec was out there and nobody had broken it yet.
and telegram does not used encrypted e2e messages by default. Only on the special secret messages that no ones uses.
> There are no known attacks against Telegram.

Because there isn't anything to meaningfully attack. Chats and chat backups are not encrypted by default.

(comment deleted)
That's a big advantage, and a very important one. But definitely, that and the superior crypto is what keeps me on the app. Telegram is in a whole different level when it comes to usability and refinement.

>Signals crypto is used by Facebook and was sponsored by the US Govt

Funny that you're talking about FUD.

It is not FUD.

OWS was financed by Open Technology Fund, to the tune of almost $3M, during the years 2013-2016. See here: https://www.opentech.fund/results/supported-projects/open-wh...

What is Open Technology Fund? It is a program of Radio Free Asia, which run by US Agency for Global Media, funded by US Congress.

Hey, advisor for a non-signal E2EE chat service here that also benefited from the Open Technology Fund.

I recognize that you'd basically just be taking my word for it, but literally all they did was take an application from us, approve it after doing their diligence, and paying Cure53 for an assessment. There was no other involvement or, as you're implying, interference.

Just my experience, but I'm publishing this because the fud breaks my heart. OTF does good work.

It could be, I believe what you say is very much the truth.

But that doesn't really matter. Even by doing that. these two are associated. Imagine, if there was a non-profit, that took money from some Kremlin or Fobidden City development program, using exactly the same procedure. Would be that non-profit trustworthy going forward, given their association?

So this one is the same, just with red and white stripes. Definitely not FUD, they did take money from US Gov agency.

> Would be that non-profit trustworthy going forward, given their association?

Kinda depends. If the money was authorized by a parliamentary body (with clear legal text around who's receiving funding, what the conditions are, etc), I wouldn't be so worried. If it was authorized by an executive as a disbursement from a random pot, I'd be more worried about strings.

Ergo my comfort with US congressional funding v. a DARPA grant or In-Q-Tel investment.

>Would be that non-profit trustworthy going forward, given their association?

As long as the product is proprietary, no.

In my experience, most people who project nefarious intentions on the government have no experience working with or within the government. The government, after all, is a big thing with no unified goals or intentions. But for some reason, for some people, 'government' always means 'bad'.
To be fair it usually is bad when it comes to matters of privacy and being open and honest about said privacy.
Governments gave us things like GDPR and HIPAA.
That is not the point. The point is what does the funding get them? A backdoor? The algorithm as well as the client source are open for audit and have been audited multiple times.
Signal's by default e2e encrypted chats can be used across platforms, e.g. synced across desktop and mobile. Telegram's secret chats are only available on the device where you initiated them. That's a major disadvantage.
Signal is single-device. The crappy web app that reads stuff from your phone is not a real client.
I just have to reply here because it's so wrong.

Signal doesn't even have a web app. They have a desktop app that works great and that I use every day, all day long for all kinds of communication. On my desktop and laptop.

The same is true of Whatsapp; this is not a major impediment to adoption for most people.
Last I checked, end-to-end was only available on the phone app (not the desktop client) and only for one-on-one conversations. That's a pretty huge difference, but one that most people won't even understand or care about.

But the simple fact is that for most people the security profile of Telegram is good enough and its UI is miles ahead of Signal.

I've already complained about that in the past but the fact that the desktop client still won't let me set the spellchecking language is baffling to me. It's an application that's meant mainly for exchanging text, and it won't let me configure the spellchecking, and let's not even talk about formatting options.

It amused me when in the announcement they said that the reason for testing the payments in the UK was that they were English speaking. You can tell that this is an application developed my monolinguals...

FWIW, if you’re on macOS at least, private chats are supported under the Cocoa client.
Matrix has E2EE cloud chats
Can you share what you have discovered about Telegram's crypto implementation in these 15 minutes of research when you did them? That would be far more useful than just leaving a teaser without anything concrete.
I thought about spending my time on promoting Signal, now I am happy that I avoided it.
As someone who has been defending Telegram against certain claims here from time to time this is still a sad day for me.

I'd appreciate however if everyone who has been saying ugly things about the alternatives would take a step back now and consider if there is more to security than E2E-encryption.

E2E-encryption is a seriously nice and useful property of a messaging system, but in the long run it is only one of many important details, and while E2E-encryption is always a good thing for end users as far as I can see other useful properties are often directly at odds with each other:

- incentives and funding. Free to give everyone the ability to use it or paid to align incentives?

- anonymity or verified identies? Both have significant advantages.

- repudiation or non repudiation? Depends on if you agreed on a contract or discussed something that the new regime doesn't approve of.

- backups? or ephemeral? Again, depends on if you are sharing family photos in a group or or sharing something that should stay between you and the recipient

Edit to add: As for solutions I think healthy competition is one of the best ways to ensure every messaging system tries to be tje best they can be.

(comment deleted)
Mobilecoin (Foundation) is a technological, ethical, and legal tour de force. I recommend you read their FAQ, but, to me anyway, it is obvious why Signal/Moxie needed to create a new coin (tl;dr: It needed to be a private venmo-like experience). To prevent conflicts of interest, a new org was created. Hence Mobilecoin, not SignalCoin. A few highlights:

Technological: * First Oblivious RAM implementation, "fog", so that transacting parties cannot be revealed * Their Rust codebase is really nice * Instant transfers with little computing power (CO2 emissions)

Ethical: * Moxie and Josh Goldbard hold no MOB, along with the employees. The Mobilecoin foundation has some awesome partners, e.g. the Long Now Foundation. * Mining is not ethical, it pollutes the planet and is just bad. The only alternative is a "pre-mine" given to an independent org, ie Mobilecoin Foundation

Legal: * The US's laws are not clear on what is allowable with privacy coins, so Mobilecoin has played it conservatively by saying US residents can't own the coins.

In summary, the critiques of Mobilecoin (in any of its incarnations, foundation, moxie, etc.) are assuming the agents involved have a financial interest in MOB being expensive -- I contend that is not the case. Please show your evidence.

PS. I am assuming good faith and honesty in statements, eg "Marlinspike notes, however, that neither he nor Signal own any MobileCoins." https://www.wired.com/story/signal-mobilecoin-payments-messa...

PPS. Some direct responses:

>Let's assume that they integrated with Bitcoin or Litecoin or some "mainstream" CC, would it still be a good idea?

No, not private. Also slow. Also pollutes planet. Monero is close on the privacy front, but takes 3 minutes to send (very stressful). It's possible a coin with the proper attributes could be made on stellar, but that raises questions towards ownership of Lumens (and pumping them) and their stellar reimplementation in Rust is likely more secure.

>Niche coin

nit: MOB has a top 15 market cap with 250m coins in distribution. Though I would hesitate to compare to other cryptocurrencies which are almost entirely scammy, polluting garbage.

> Moxie and Josh Goldbard hold no MOB, along with the employees

Right, the foundation sells the premined crypto-currency at a pumped up price. The foundation pays Goldbard and Moxie for their work. Employees are paid from the VC. No one connected has to hold any of it, nor will they want to after the dump.

Agreed that the foundations and payments need to be transparent. But if they are making, say on the order of a hundred grand a year in payments, wouldn't it behoove them to have a stable or increasing MOB market cap in the long run. IOW, if payments << market cap (currently O(10B)) then pumping and dumping is a disincentived move.
> I recommend you read their FAQ

Could you provide a concrete link please? There's a bewildering array of officials looking websites with zero information. And a widely shared white paper (among others linked from Wikipedia) that Josh claims isn't the whitepaper he originally wrote. It's hard to know what's what.

As a signal user and even promoter my biggest issue with a new cryptocurrency is that my privacy and security concerns for a chat app are different from my privacy and security concerns for monetary transfers.

I'm not sure why you find Monero's confirmation any more stressful than instant-like blockchains, most wallets will show pending transactions as soon as they enter the mempool.

This makes me sad. I have, up until now, been happy with Signal, but with this foray into cryptocoins, I now put it in the general "why do you hate the planet" bucket that all other cryptoshills are in.

It works (FSVO "works") for small levels of transaction, but does not scale to "a substantial fraction of humanity uses it for payment" (low-end, imagine 2.5 billion people trying to make on average 3 economic transactions per day, you'd need to be able to sustain about 80k transactions per second; now note that I low-balled bot the number of economic transactions AND the global population).

Moxie, this is seriously disappointing.

> I'm willing to give the Signal devs the benefit of the doubt

How many "benefit of the doubt" cards do they have left by now?

Zero. This was an obvious get rich quick scheme. They intentionally fragmented the space of privacy coins to profit off of a frankly disgusting pump and dump.
> of which the issuing organization controls 85% of the supply.

[citation needed]

> This token then floats on a shady offshore cryptocurrency exchange hiding in the Cayman Islands or the Bahamas, where users can buy and exchange the token. The token is wash traded back and forth by insiders

[citation needed]

> insiders are free to silently use information asymmetry to cash out on the influx of pumped hype-driven buys

[citation needed]

> Did I mention that the exchange that floats the token is the primary investor in the company itself

[citation needed, the linked article doesn't seem to say anything like this]

I mean, I wouldn't be surprised if all of this were true! But Stephen Diehl's increasingly hysterical anti-cryptocurrency rants are becoming less and less informative (talk about insider information...), and possibly, less and less grounded in reality. It's a shame, because he used to be a good, persuasive writer.

A) it’s true, B) why does the world need yet another currency? Why didn’t they partner with Bitcoin or Monero or LTC, or ETH, etc...
> of which the issuing organization controls 85% of the supply. > [citation needed]

This is based on the original whitepaper which says they pre-sold 15% of the tokens (to investors) and still own the rest. They claim to have not followed that whitepaper but the new one only says they start with 100% ownership and will not answer questions of how much they still own. So all we can go on is their original plan which was to hold onto 85% of the supply as long as possible.

Thanks to you and the others who responded with information. Looks like some of the claims I highlighted above cannot be sourced at all, and others can only be sourced to a whitepaper that the developers are distancing themselves from.

So... Yeah, being downvoted and flagged really showed me, I guess.

When massive amounts of money are involved than a cynical take is the right take. The burden on proof is on the company to show that they are working in good faith not for everyone to assume they are working in good faith. Hiding things, denying association with things and avoiding questions should not be taken as a good faith effort but rather as proof of bad faith. I think we've had enough crypto scams by now to no longer be naively optimistic about them.

edit: You can see in this very thread the CEO use every weasel words way of avoiding directly answering how many coins they currently hold. A very simple question which is always answered in a way which doesn't answer it.

I didn't mean to suggest that everything is fine with MobileCoin! Quite the contrary, it appears to be a complete shitshow. But in ways that are different from what the featured article claimed.

I'm very much opposed to Stephen Diehl's default approach of "everything to do with cryptocurrency is a scam, because I say so". Many things (probably including MobileCoin) are scams, but proper sources are still needed, and it's good to keep factual criticism separate from vague allusions to unnamed exchanges in some Caribbean country or another.

The issue is that by the time you have found enough proper sources, especially with the scammers actively making it harder, the scam will have been done with and paid out to the scammers. So the only logical approach I feel is to assume it's a scam unless those involved put the effort into proving otherwise.
The author has obviously "found enough proper sources" because they were able to quote the figure about the issuers controlling 85% of the supply etc. It's really not too much to ask to link to the place where they read this.
I agree that if it's true it's incredibly damning and probably warrants some hard evidence.

That being said it's still a strange move by Signal, given that it's still a rather niche messenger that's now integrating with an even more niche payment system. The only ones that really stand to benefit from this are people holding this cryptocurrency.

It's just a super strange move by Signal, regardless of your stance on cryptocurrencies. Did anybody really think "you know what's missing from Signal compared to the competition? First party cryptocurrency payment support".

>> of which the issuing organization controls 85% of the supply.

There's this interesting comment chain from yesterday's thread (https://news.ycombinator.com/item?id=26717253), where a commenter says the source is the coin's whitepaper, which states there will be 250 million tokens and they pre-sold 37.5 million. However, the creator (josh2600) says the whitepaper is out of date, but stops short of saying the 250/37.5 million token figure is incorrect.

I don't think FTX is a big investor in MobileCoin or located in the Cayman Islands or the Bahamas.
https://github.com/UkoeHB/Mechanics-of-MobileCoin

The protocol isn't based on mining, and they have a finite supply of 250m coins which they won't disclose the distribution of other than to try to assure everyone to not be concerned:

https://community.mobilecoin.foundation/t/mobilecoin-distrib...

They fact they can't even disclose coin distribution but Signal is already integrating it is both shocking and extremely concerning for the future of Signal. I seriously question what Moxie was thinking unless this is just a money grab for him.

Actually, bitcoin proponents can agree with 99% of what this guy is saying. The only thing that is not accurate is when he mentions counterparty risk: Signal is planning to add a non-custodial wallet, therefore there's no counterparty risk (granted, no counterparty risk of magical shitcoins, but yeah, no counterparty risk).

Signal did a bad move here, but they will learn their mistake eventually: once they remove shitcoin support and add bitcoin support.

It seems any platform/app/software moving forward has the "risk" of incorporating a cryptocurrency variant to their platform and I can't totally blame them for it since they want to get funded one way or another. But why not open avenues for donations as well? Wikipedia managed to do so, Khan Academy is doing it, WhatsApp used to do it.

Someone here mentioned Keybase, which I would have gladly donated to as a heavy user back before the Zoom buy out. They instead tried their own crypto integration, then Zoom bought them, leaving that platform in a questionable state.

I get the excitement of wanting to integrate or even create your own crypto but after the fiasco a few years ago where everyone and their parents spun a new variant it seems to have left a bad taste to most people while causing a major issue: how to get people to actually use it? Especially through a chat app where chat in itself is fragmented.

Having integrated payments is an excellent way to enable the donations of which you speak.

Note that keybase's payment integration wasn't their own, but was presumably a (paid) advertising deal with the B-list cryptocurrency in question, Stellar.

A lot of organizations that raised a lot of money during the 2017 boom are now trying to turn that into marketshare. Most integrations are paid marketing.

Sorry for bringing humour into this... but are they copying the plot of HBO Silicon Valley?

Then I guess adding AI is next.

I'm baffled how tech-savvy people like the author are surprised when a seemingly free product suddenly introduce ways to monetize its service. There is no free lunch or to put it in another way, if you're not paying for the product, you are the product.
There's very much a horrible system right now with of all these free services creating demand free only services at the expense of any possibility of paying for it ... and then we get upset when they scramble to pay for things in other ways.

Personally I'd like to pay for things (would like a system to manage it)...

Yes. This is the sad truth.

Cryptocurrency is about network effects; more users, more value^2.

Today it is really the way to monetize a large collection of users, whereas it in the past perhaps was advertisement.

Perhaps it should be illegal in the same way a chain letter or pyramid scheme is illegal. However right now it is not.

I'm baffled how people assume this is monetization.

Signal has been a nonprofit for years and has no money issues: https://signalfoundation.org. The organization has no formal ties to the alt-coin, although Moxie does. It doesn't monetize the Signal foundation.

I'm very unhappy with this, but it's not a monetization scheme.

> Signal has been a nonprofit for years and has no money issues: https://signalfoundation.org. The organization has no formal ties to the alt-coin, although Moxie does. It doesn't monetize the Signal foundation.

Even worse, in my opinion. If a nonprofit running a useful encrypted app was trying to fund itself by shilling some altcoin, I wouldn't be happy but I would be understanding.

If the lead of the project is inserting the altcoin for personal enrichment at the cost of the nonprofit and the useful project, that's pure and simple corruption. As far as I can tell, no good is coming of this (I mean, unless you're interested in actually using Mobilecoin, of course. Personally I have no interest in doing so, and if my Signal contacts wanted to send me money I'd say to use Venmo instead).

> The organization has no formal ties to the alt-coin, although Moxie does.

I've tried to rephrase this few times, because it seems too obvious to state, but isn't it a bad thing that a technical "lead" on an app is very likely going to personally benefit from some other technology being shoe-horned into that app?

It's his (and the Foundation's) baby, so he of course can, but I can't help but feel like this unholy but super convenient marriage will harm the reputation of Signal and MobileCoin. They could both sink or swim based upon the perception of the other.

Sorry if this is obvious. It feels like I'm taking crazy pills.

It's absolutely absurd. I'd almost be more OK with it if it was a monetization scheme _for Signal_, this seems blatantly corrupt as I understand it.
So, signal is all about privacy, but when they chose a cryptocurrency, they didn't chose based on privacy. If privacy was the point, why not choose Monero, a mainstream coin which already has a reputation for privacy? So, if privacy wasn't their main concern in choosing a cryptocurrency, it's perfectly reasonable to wonder what was their main concern. And given that MOB's only unique characteristic (as far as I can tell) is the deep pockets of their foundation (because they allegedly own ~85% of MOB tokens, worth Billions), it's not much of a stretch to assume that those deep pockets are the reason that MOB was selected.

For a crass comparison, let's say you've got a friend named Bob. Bob likes blondes. He loves 'em. He's always talking about how he loves the blondes and could never be with a brunette or a redhead. One day you bump into Bob, and he tells you that he has just married a bald chick, who just happens to be very wealthy. How strange, that this guy, who always harped on this one feature, suddenly made a decision that was not based on that feature at all! Clearly, some other feature was the driver of his decision. Now, that doesn't necessarily mean that Bob is a gold digger. But wouldn't you wonder?

What makes you think MobileCoin is not based on privacy? It uses tech from both Monero and Zcash, two privacy cryptocurrencies.
MobileCoin was advised by Moxie, Signal integrates MobileCoin and the footer at https://www.mobilecoin.com/ states "MobileCoin uses and recommends Signal Private Messenger". There certainly seems to be a link, and I would be hugely surprised if the Signal foundation doesn't have some stake in these MOB tokens.
"I'm very unhappy with this, but it's not a monetization scheme."

It's not for Signal, it's a monetization scheme for Moxie.

Indeed, it is not monetization it is corruption and embezzlement. Moxie uses his role in a foundation to make himself and his buddies rich.
Free? I pay the Signal Foundation $3 per month.
Let me try to de-baffle you -- it is the shitcoin-oh-god-yet-another-ICO aspect, not the monetize-aspect which is causing friction.

If Signal switched to a 'Lite' vs 'Pro' model, or other incremental features, or had more donation related nagging, I doubt it would raise the slightest bother.

Many people switched from other messaging apps on princple, much of that signalled (pun intended) by actions of the founders. This moves seems to be incompatible with many people's principles.

Yup. Before WhatsApp was bought by facebook they just charged people. This was fine and seemed fair. Same with 'pro features' or such.

The crypto scheme however does not seem like a fair deal. It looks like monetizing through a backdoor under false pretenses. Exploiting the unsavvy rather than dealing in good faith.

This is especially bad as signal was 'the app we trust' for many of us.

Crypto is much a much better route for monetization than selling adds and personal data, I hope more projects start implementing it.
This article is trash. If the author did a live debate with a Signal spokesman who actually knows what he's talking about, he'd be embarrassed. Also, it will not be illegal in the US as the SEC will most likely clear its use after having reviewed the facts.

Edit: Apparently my guess was correct. Quote from sec.report: "MobileCoin, Inc. is regulated by the U.S. Security and Exchange Commission and incorporated in the state of Delaware. For financial reporting, their fiscal year ends on December 31st. This page includes all SEC registration details as well as a list of all documents (S-1, Prospectus, Current Reports, 8-K, 10K, Annual Reports) filed by MobileCoin, Inc.." MobileCoin was also initially financed by Binance Labs.

Yet another rant about a free for use, centralized app/protocol with no business model.

Expecting it to achieve world domination for journalists and grandmas alike is just misplaced expectations.

Yeah ... well the update that includes MOB will be the uninstall event trigger for me.

I remember skimming that article from 2018 before I'd switched myself and all my friends (the shame!) to Signal and counted it as a negative for that platforms reputation. I guess my honeymoon is over. On to the next chat platform!

May I recommend something based on matrix? If you keep getting upset by companies changing their product, hosting it yourself is pretty much your only option.

(Apart from hopping from startup to startup every 3 months I guess)

"Many technologists viscerally felt yesterday’s announcement as a punch to the gut [...] our fellow technologists that we truly believed were advancing a cause many of us also believed in."

It can be painful when a belief system runs into reality.

"Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. Don’t become a dodgy money transmitter business."

Lol. Because that usually goes over well. Hey, just do what we tell you! We don't care what's involved, just get it done! Says the user of the free service.

EDIT: I fixed my ad hominem by adding detail

As usual, Stephen's correct about the 42% and so mad about it that he's missing the 58%.

Stephen's understanding of blockchain is only skin-deep. If we keep lionizing his articles by upvoting them to #1, then HN's understanding of blockchain is only going to be skin-deep, too.

Here are some of the problems with Stephen's objections to Signal's use of cryptocurrency:

- in prior essays, Stephen's majority objection to blockchain has been proof of work and the environmental impact, but the blockchain chosen by Signal is not proof of work

- Signal would love to use US dollar payments instead of a new and volatile token. But, Signal was sprinting towards private payments. On Signal's timeline, there was no technology option for the payments to be USD-denominated because the blockchain they chose is optimized for semi-centralized private payments, not decentralization or programmability, and it takes extra work to peg a token's value to USD

I find it concerning that HN looks for blockchain wisdom from, eg., Stephen and Schneier (I love Bruce), because they honestly don't know what they are talking about, and I know that because I've been full-time on ethereum for three years.

this reads more like an ad-hominem. So what's your counter argument, what did he get wrong? The conflict of interest is already a big no-no...
That's fair. Updating my original comment
(comment deleted)