I don't like this: it seems like Signal wants to morph into a social network rather than a secure messaging platform. I predict the next major features will be unencrypted public groups and API messaging access like Telegram has.
I just want to share some stories with friends in my contact list. On Signal you don’t have “followers”, just people you are in contact with. This is an unobtrusive way to for example share something interesting, or some event happening near you and so on.
I too am not a fan of such a move. However, their goal is to increase usage rates among the mainstream audience hence why such a feature is being introducing, just like stickers back in Dec 2019.
Though I'm not sure how many will actually use Stories. WhatsApp has something similar as well but I have never seen anyone among my contacts use it
Would you rather live in a world where Signal is laser focused on secure messaging to the point where no one uses it? Telegram is growing rapidly because it's adopting social media paradigms. I use both, and I wish I only used Signal.
About once a week I get a notification that random person X I haven't talked to in a decade is now on signal. About two months ago the super at my old apartment building got on signal and I got a notification. My late coworker's phone number finally got recycled and the new person using it is on signal too. They appear to be reaching critical mass.
Still really mad about them dropping SMS support. I'll be deleting it when that happens.
I really don't understand the qualms with SMS support. SMS was never secure, and it certainly doesn't become more secure when you push it through a pass-through on one app or another. There is nothing you can do to SMS to make it more secure except to send encrypted strings: but then you have the same problem of sharing secrets, etc. that requires a separate app to manage anyway.
It means I need an extra app now. Signal replaced my SMS app. I'm not going to stop using SMS completely, so if Signal drops it I need to use one more app.
And one that I have been able to happily ignore for years because Signal handled all my messages. If you are not a long-time Signal user then maybe you don't remember how they made a big song and dance out of offering this feature in the first place to make Signal more usable and accessible.
Because I already have an encrypted messaging app. It's called Whatsapp. This bumps up to E2E encrypted if both people using "SMS" have signal installed. Now this is just an alternative to WhatsApp. I will just keep using WhatsApp.
But isn't, because there's a giant icon that clearly Signals it and it pops up a warning the first time you send a message to someone new over SMS, every time. In over 5 years of using Signal, I have never sent an SMS message in the mistaken belief that it was secure, and I typically get hundreds of incoming messages per day and typically send out 100 or so.
'We're taking features away for your security' is a lowkey way of telling users that they're idiots who can't be trusted to operate their own devices. This is really pretty offensive to the people who have been evangelists for Signal for the last 6-7 years.
That let's me turn off annoying notifications from other people. Guess what, it doesn't help someone who would prefer not to advertise their adoption of Signal to everyone who ever had their contact details.
Really, is it so hard to think about both sides of this equation?
Telegram is an interesting comparison, because it isn't focused on security at all: it's a social network delivered through an app that looks like a messaging app.
I'm not against social media fundamentally, I'm against the lack of privacy and emotional exploitation as means to sell more ads on social media. Social media could be done solely in the interest of its users, and I think that could be fantastic. So far, Signal has a reputation good enough to make me optimistic about it adding social network features.
I definitely do not expect Signal to drop encryption by default in any feature though. That's their fundamental value.
I don't see how Signal adding features that shift communications from insecure venues to private encrypted channels would lead you to think they are abandoning privacy.
I love how Signal (and WhatsApp adopting Signal's protocol) made privacy easy for the general public and technically inclined alike. Privacy will never be the default until it's made easy.
I'm guessing some folks won't like use feature because it's too "social media-y" (myself likely included) but as they say in the post:
- You can turn the feature off and you won't see other people's stories
- You can choose the audience and the max you can share it with is with Signal users in your contacts list
Thank you Signal team for giving the general public what they want and making it private.
> I love how Signal (and WhatsApp adopting Signal's protocol) made privacy easy for the general public and technically inclined alike. Privacy will never be the default until it's made easy.
WhatsApp did not really adapt it in privacy mind, to be fair. All metadata is unencrypted.
Meta harvests your contact information, intervals and time when you message specific persons. Often, this information is more interesting than the message content itself.
Pretty sure both work the same way regarding metadata. Think about it: if Signal didn't know that A was messaging B, how would they route that message to B's phone? A has to be able to find B's ip address someway. B can't broadcast its ip address to all the Signal users -- that would be a huge security hole.
It probably works like this:
1) A sends encrypted message + B's phone number to the server
2) server looks up the ip address for B's phone number
3) server routes the message there.
Also, both WhatsApp and Signal hash the contacts data the same way. Signal does seem to go a bit further, however.
Pretty sure both work the same way regarding metadata.
They don't, that's covered pretty extensively in the many technical writeups of various Signal features. It's one of the main value propositions of Signal, that it doesn't work like most secure messengers especially when it comes to metadata.
> Think about it: if Signal didn't know that A was messaging B, how would they route that message to B's phone?
There is no need for signal to know because their servers are not involved to transport the message but only ip routing infrastructure in between and of course the two parties. That's P2P
WhatsApp contact uplod mechanism continues here [1].
It means, that if the contact list contains numbers which have not accepted WhatsApp ToS, their content is stored only as hash.
When the user starts using WhatsApp, their number and hash is being mapped.
Vaguely described as
> Each cryptographic hash value is stored on WhatsApp’s servers, linked to the WhatsApp users who uploaded the corresponding phone numbers before they were hashed so that we can more efficiently connect you with these contacts when they join WhatsApp.
Which means that WhatsApp knows the numbers of the WhatsApp users, and how they interact together.
Signal does not know numbers or how these contatcs interact.
It is described here [2]. Number is only needed for creating the unique hash.
Server knows only the recipient, not the sender.
> Signal does not know numbers or how these contatcs interact.
> It is described here [2]. Number is only needed for creating the unique hash. Server knows only the recipient, not the sender.
Signal does know everyone's numbers as everybody is logged into a Signal account on the server end (this is how your client fetches messages for your number). That same account and IP are also used when you send a message.
The server does not really store IPs, since mobile phones are likely behind CGNAT.
In theory, B could publish a new public key as identity per target user.
I see two main problems: First, push notifications do require the server to actually identify the user and second efficiency: The client would like to maintain a single long connection instead of many short lived requests with pseudonyms.
Of course there would still be some timing patterns …
And all the rest of the data too, for all intents and purposes.
After all it is Meta that provides the keys, operates the network, and controls the closed source apps. Also, it is precisely Meta's type of behaviour that warrants encrypting personal data in the first place.
I'm pretty technically inclined and I lose my Signal history every time I get a new phone because I just can't remember to transfer it. (I don't use it a ton.) I really wish this was more seamless. (I understand the complexity of the security issues around it.)
I find it interesting that the option to opt out of Stories exists in the Chat settings. Apparently they couldn't be buggered to even create a link to view the settings for Story inside of the Story UI's context menu.
But hey, I'm an old, biased, grumpy man. They're taking away SMS (which was what allowed me to get it onto my family's phones) and shoving TikTok in my face instead. I'm displeased by this and looking for things to pick on.
Don't really care for this but more feature parity with WhatsApp or SnapChat could hopefully attract more people and make it somewhat mainstream. Personally, I know a lot of people that use these messengers just to look at or post stories.
Personally I'd rather avoid the feature bloat. I also think it just waters-down the "secure" image they are clearly going for. I mean, broadcasting images to your contact list isn't exactly what I think of when I think "private messaging".
Everything about Signal will make more sense if you forget every opinion you've had or read on a message board, and accept that the project's mission is simply to transition as many people off insecure systems as they can. For example: message board nerds are apoplectic about Signal's phone number requirement, but the systems ordinary people were already overwhelmingly used phone numbers already. As communications trend towards ephemeral video messages (I have trouble understanding why, too, but then I'm old), that's where they're going to head.
The cool stuff about Signal is what happens under the hood. They don't want a special identity as a "private messenger"; they believe all messaging should be secure.
What I don't understand here (though admittedly I haven't been following the iOS discussions closely) is why backups are possible on Android but not on iOS?
As I understand it, iOS backups normally go to iCloud -- where they're stored encrypted but the keys are held by Apple (i.e. not end-to-end encrypted, and not a zero-knowledge system by any stretch). This makes iCloud-stored iOS backups susceptible to subpoena, malicious employees, and/or good-enough hackers.
The backups on Android are near useless as well - they expect users to remember and save a massively long string of numbers (that are pre-generated, so they can't even choose a password they remember) and then they only do backup manually and onto device storage where it'll be gone together with everything else on the device if it breaks or dies.
Getting that backup off the device is yet another manual process for most users they need to think about.
Compare this to Telegram: user doesn't have to do anything.
Compare this to iMessage: user doesn't have to do anything.
Compare this to WhatsApp: user just needs to click agree.
The last two even save backups in an E2E encrypted fashion unreadable by servers.
Then do it insecurely and warn the user. 'We can't figure out how to do this securely' is their BS excuse for every bad design decision or unimplemented feature.
You might say 'but they don't want to make people less secure, people will get the wrong idea!' But they do this already, in ways that are much worse than allowing the user to make a security decision for themselves.
You can change a setting to prevent screenshots inside the Signal phone app, so you can't take screenshots. Your conversations are now secure, right? Nobody can take pictures of your disappearing messages! WRONG. You can turn on that feature and I can still take screenshots all day, including disappearing messages that you send to me.
Likewise, Signal can't tell if you're downloading pictures or copying text I send to you. You could be backing up everything - my only 'assurance' is that you probably aren't doing it because it's inconvenient.
You can change disappearing messages timer to anything you want! Great! But the change of timer is itself a message. So if we are arrested and police get into one person's Signal, they can see when disappearing messages were turned on and when the timer was lengthened or shortened. Sure, the messages disappeared, but what were you doing on August 23rd at 7:39pm that made you change the timer to 10 minute4s for 3 hours? We know where you were because of your phone's IMEI, I guess we will tell the court that you were trying to cover something up during those 3 hours and charge you with obstruction of justice.
I have asked them to change the latter behavior repeatedly, explaining why it could be a problem for users, and all I ever hear is 'good point, we'll look into it' even though there's no reason that information should be stored.
Your former examples are things that quite simply can’t be mitigated in any case. If you want to send a message to someone there is no way to prevent them from storing it in a way you control.
Your latter example is also a security concern they can’t address. A jurisdiction that allows a message about a settings change being used as a basis for obstruction of justice can rule the use of signal as the same (though I do agree that former is problematic on its face).
I dont know the ins and outs of the problems with backups, but it doesn’t take a phd in cryptography to envision a case where your settings about backups open all your contacts to automated dragnet surveillance. In that case it doesn’t make sense for a single user to downgrade everyone else’s security settings.
I'm not saying they can be mitigated, I'm saying that casual users have the illusion of security through settings that seem to mitigate security concerns, but don't.
The disappearing message timer history could absolutely be mitigated by simply not retaining that information or timestamping it.
If you could export/back up single conversations, you would have much more granularity than exporting or backing up your entire message database. Other people could also get a message that the conversation had been exported. there are lots of cases where you might want to do this by mutual agreement, but it isn't possible.
It supports backing up to a file that you can't specify. This is unhelpful in many use cases.
Example: I am running out of space on my phone. I look, and see Signal is taking 4gb of space. But I would like to preserve a lot of that media. So I buy a mini-SD card and install it in my phone. Yay! Now to turn on Signal chat backups!
Oh, but the backups are hardcoded to a location on your primary storage that you can't change. so even though I have 126gb of free space on the SD card I installed, I can't back Signal up to it and I am still running out of space.
My only option is to try removing every other app I have installed, and hope there is enough space reclaimed to perform a backup, which I can then copy off my system so I can reinstall my apps...WTF.
Meanwhile there is no way to back up a single chat. You can archive it, but that just removes it from your Signal home screen, it doesn't actually create an archive of any kind. And there is no way to back anything up on desktop.
Even a cynic like me wouldn't go so far as to assume bad intent here. Signal is open source so the file format should be readable and likely this is just an oversight, I guess it's not a highly requested feature. Have you filed an issue?
I never said anything about intent. If it's an oversight then maybe they should be thinking a little harder and listening to feedback from beta testers, of which I am one.
Backing up to the same device on which are running out of space is an extremely obvious problem, to which the solution is to just ask the user where they want the backup stored instead of deciding for them.
Repeatedly refusing to fix this widely reported issue with non-sensical explanations does imply bad intent.
In the beginning, it might have been an oversight. Now moxie is just making seriously misleading arguments on behalf of people he doesn't know to make their service worse.
Please explain how do I configure Signal for people in my family so they won't lose any message, photo or group membership if their phone falls out of the pocket.
This means:
* Backup must be automatic.
* Backup must be done off device.
* Backup must be common enough that messages aren't lost.
* Restore must be available to person of average technical ability.
* Restore must not require a person to remember typing in a 20+ character pregenerated number they probably lost in last 2 years of having Setup signal.
It absolutely does not do that by itself. As proven by other secure implementations with more user friendly approaches to entering encyption keys.
It's also funny how demanding on use of phone numbers, shoving in crypto currency and demanding everyone to use out-of-date Electron app is somehow fine, but making backups user friendly is suddenly a massive "security" issue.
This is the BS security theater I despise at Signal. It's the software equivalent of having every single airplane passenger take off shoes.
It's a very First World take on it, though. Mid-to-high-end phones are usually the ones that pack a considerable amount of integrated storage but ditch the SD card slot. Budget ones are the other way around, though.
I'm sorry, but that's just not true. Stickers are widely used in the group chats I am in. I myself have created multiple sticker packs since the sticker feature launched. Before that, several people mentioned they thought Signal looked like a shitty app because it "didn't even have stickers."
Ultimately there was no shortage of boring, cryptographically-secure apps. Signal is filling demand for an app that is both secure and fun to use.
Taking it up after it became available is not the same thing as asking for it. Sorry but this a frivolous cosmetic thing compared to security issues like Signal's ongoing linkage to phone numbers.
That is correct, but "nobody was asking for stickers" isn't, and that sort of thing does dramatically affect adoption. Also, in the cases I am talking about, not using an app because it doesn't have a feature technically does mean they didn't request the feature, but I'm not sure that is a useful distinction if our goal is to get people to use more secure methods of communication.
I really can't buy the proposition that demand for stickers outweighed the years-long pain points about things like your Signal identity being tied to your phone number or a ping going out to everyone in a person's address book who already used signal, both of which are at odds with the core mission of secure and private communications.
Why is that? Not disagreeing but genuinely curious. One of the issues I face sometimes is wanting to stay in touch with someone I met. I'd like to do that over Signal (I don't use any of the popular social media platforms) but I don't feel comfortable sharing my phone number with them. It would be nice if I could use a unique user handle instead.
It allows Signal to work similarly to the messaging services it replaces without having to keep serverside contact lists. Those contact lists, which practically every other "secure messenger" keeps, are the most valuable metadata the service keeps, in many cases more than the content itself: they're a record of who talks to who. Signal's phone number system means they can keep those contact lists clientside by piggybacking on the device contact list, which is keyed by phone number.
> broadcasting images to your contact list isn't exactly what I think of when I think "private messaging".
Neither was signal taking your contact list and uploading a copy along with your name and photo and storing that data forever in the cloud. Neither was refusing to update their privacy policy to reflect their new data collection practices. A company that promotes itself to whistleblowers and human rights activists and then lies to them about what data they collect and keep is highly unethical.
None of this inspires confidence in Signal as a private/secure messaging service. I've moved away from it. I wish them luck as a social media platform.
Yes, “though contacts are encrypted, users are not prevented from using a weak PIN” would have been a better way to word this criticism from the start, rather than implying that they are stored completely unencrypted.
“though contacts are encrypted, users are not prevented from using a weak PIN” ignores that Signal encouraged users to set a weak pin (for many people the word "PIN" means a 4 digit number) and that the data is stored using SGX which has already proved to be vulnerable. In my view the fact that they have been lying in their privacy policy is a much bigger problem for a company we're supposed to trust.
My curmudgeonly self would prefer if the stories were off by default. It's not a feature I'm even remotely interested in, and feature creep really isn't a positive thing.
I've tried snapchat and Instagram stories, and I hate that the messages disappear with time. It seems counter-intuitive for an asynchronous communication method, and that doesn't even count how it always feels like another FOMO marketing gag to keep you engaged with the app.
Just let people delete posts (and really delete them to boot).
I think you don’t quite have the right mindset for the purpose of stories. The point is “this is not important enough to interrupt my friends; but here’s what I’m up to if you’re interested”. It doesn’t matter that it expires, because it’s only relevant to what is happening now.
Of course it still has all the usual social media failings where it is used to make the senders life seem more exciting and fun than it really is but I see the point of having the option.
I especially like signal’s groups implementation. I have a couple of large group chats where I am happy to share my day with people but it’s not important enough to notify everyone’s phone and it doesn’t matter if they miss it.
See - that's the part I don't get. Photos, to me, are not ephemeral. They are valuable, even if you don't think they are at the time. I've lost too many photos because I considered them to be ephemeral, and I regret that loss because I now only have vague memories of the events they captured. My only remaining memories of some of my oldest friends who are no longer with me are captured in those "irrelevant" photos.
Future you will thank you for keeping photos of your friends.
I mean the person who took the photo still has it and you can still ask for it if you like it? If anything stories make you likely to see more photos of your friends, not less.
When I first opened the app and saw a "Stories" tab, I thought "oh no... not here too, ffs...". Then I immediately went to the settings and was mildly relieved (but perhaps I'm naive) to see that I could opt-out.
Now I dread the day when they might decide to make it so that you won't be able to opt-out. Why can't we have nice things?
Perverse incentives to get folks to use signal more. Checking it when you get a message isn't good enough, need to get creators and influencers on the platform to let folks doom scroll.
Is there anyone that actually gets excited when they see a platform has stories, or is adding them?
I feel like it's just out-of-touch product managers who see everyone else doing the stories thing and blindly aping it cause it's the thing to do.
In reality, the only place people seem to use stories is Snapchat, Instagram, and seemingly some people post to Facebook stories but I think it's mostly cause of the toggle in Instagram to cross-post to there.
> Is there anyone that actually gets excited when they see a platform has stories, or is adding them?
I was honestly excited when I saw the headline, not because I have any intention of using stories myself, but because my friends have repeatedly tried to explain to me why they use stories on Whatsapp and Snapchat, and I have some hope this will make Signal more attractive to them.
I feel the same way about stickers and the Giphy proxy, both of which are features I would never have asked for and was initially skeptical of, but that have wound up being widely used by most of my friends who use Signal.
As of now, Signal still has no concept of followers. My stories are at most only visible to all my contacts on Signal. In my mind this is a big difference between all the other major platforms with stories.
Nice, I like seeing new features being added - despite on my personal opinion about them. As someone else pointed out, the more feature parity we reach with WhatsApp (or other popular messengers) the fewer battles we'll have to fight to bring people over.
I like it! Making it more "mainstream" is the way to go even if purists might say that it's feature bloat for their secure messenger.
It's similar to how it's good if more people use Tor for all kinds of activities as it doesn't immediately label you as suspicious just because you use Tor or Signal.
I use signal for SMS. Is this an iOS thing? If so presumably it's an Apple restriction?
edit: ah, they announced recently that they are removing SMS support in Android. The reasoning is solid IMO, I've accidentally sent insecure messages before.
Maybe I'm the odd one but I haven't received an SMS in a decade. It's all iMessage, WhatsApp, Telegram and the only SMS are transactional that I receive but never send.
Indeed I forgot the "I've never met you but need we need to make a transaction for some reason (buying a house or a TV second hand), so let's start with SMS which will work for sure".
For anything else, using SMS is like using Notepad to write books. Many better alternatives have come through in the decades since that tech was new.
It feels very weird to have both a very good end-to-end encryption (the Signal encrypted messages) and a very bad system (SMS) together in the same app. People should just move away from SMS, it's not like it's hard.
I have no idea (and not living here long enough). But if I had to guess, it could be that cheap/free SMS texting came before cheap/free mobile internet and thus it was already established.
I know that Signal announced plans to have accounts based on usernames rather than phone numbers in the past. I wonder if the removal of SMS has something to do with usernames.
On this new Google Pixel 7, the app launcher thing is limited to just 4 apps. Now that I can't use Signal for SMS, it has lost it's convenient spot on my home screen. I find myself using it less, so like you, I'm very displeased about their dropping SMS. The forum thread on Signal's Discourse about the change is full of snide remarks from their moderators, and it's extremely disappointing to see Signal community leaders disparaging their own long-time users over SMS. Turning back on the legacy of TextSecure in this way justifies framing this as a betrayal.
All that being said...
I still trust Signal's Stories implementation over any other. While I believe they could have competed with SMS-capable apps like iMessage, Google Messages, and Samsung Messages, if pivoting into WhatsApp/Instagram/Snapchat/TikTok territory is what they'd rather do, then I believe they can execute it well.
Conversely, when Signal drops support for SMS, I expect to stop messaging anyone still on SMS. So far it's been fairly painless getting the people I actually care about to switch, but YMMV. My mom doesn't care if she has to use a separate app to message me.
RCS has been around since 2013 and the only alternative client to Google Messages was your device maker's app that was allowed to tie into Google Messages via a device vendor only API (but essentially these were just a skin for Google Messages).
Google has not provided any public API for RCS, and they control the ecosystem fully. If Google wanted other clients to use RCS as a platform, there would be public APIs that Signal, iMessage, Textra, Facebook Messenger and other SMS clients could integrate with.
SMS is very rarely used anymore outside of the US and a few select other countries, and for most people Signal and similar messengers serve as a replacement for text messages, not a supplement. It's probably just not a worthwhile market/feature to keep anymore.
Come to think of it, I'm having a very hard time coming up with any sensible use case for using Signal over text message. Presumably both sides still need Signal for the encryption to work, so what's the point? Might as well use the internet to send the message. The only scenario I can see it being useful is when you have GSM, but no internet connectivity, and that's rare these days.
Signal hasn't supported using SMS as a transport for encrypted messages for years now. The impending change that people are discussing is dropping support for sending and receiving ordinary SMS from non-Signal-using parties.
I was only able to convince family to use Signal because they didn't need two apps for messaging. It's pretty much a dead app for me now and the decision makes my conversations profoundly less private and safe.
Did all of your family members only message you and not each other? I don't understand why they would move away from signal when they were messaging each other using signal. Each one would have several signal contacts.
Did they not see any value in signal over SMS? Didn't you have any group chats?
So did Moxie leave because Signal got overtaken by Feds? Why is a secure messenger adopting the appearance of social media? Doesn't this work explicitly against the entire claimed reason for not having an account system?
> So did Moxie leave because Signal got overtaken by Feds?
No, he worked on Signal for so long that he probably just wanted to take a break to work on other passions too - he's still on the Signal Foundation board (https://signalfoundation.org/)
> Why is a secure messenger adopting the appearance of social media?
I'd argue that Stories (or equivalent) is nowadays a standard feature in many messengers.
To more directly answer your question no - Signal is missing a key aspect of Social Media: discovery. Stories is pretty much equivalent to share a picture to a group of people.
You can also easily disable the feature in settings.
> Doesn't this work explicitly against the entire claimed reason for not having an account system?
I'm not sure specifically to what you refer to but in general: phone numbers is still the primary way to find new folks, but they're working on a username feature. They will still use phone numbers for simplicity as "account" but again, Stories is simply a new interface to share pictures with your contacts.
"Standard" implies a lot, and definitely there is nothing about "enabling two-way communication between willing participants" that requires "make available a video on the screens of my contacts in a non-directed way" to be part of the offering.
Signal is not social media. That is not its intention, nor its purpose, nor even its design. It is a messaging service. We already have a discovery feature in Signal: using your contacts, you can see who has Signal installed or not.
This feels like bikeshedding to the max, because it is.
I guess its up to uoaei to define companies instead of themselves. They have a mission statement and othing more and that mission could be achieved as a social media company.
I mean, it is now since they just added a stories feature. Sorry that your view of the product doesn't align with Signal's.
You're also using the word bikeshedding in a way unfamiliar to me. I use that word to mean intense debate about inconsequential changes that don't matter, like the right color for a bicycle shed. Which ofc is ludacris because there is no right or wrong color for a bicycle shed. In contrast to that, there are absolutely product decisions about the app that are material to its desired and undesired functionality. If signal decided to change the functionality of their product and stop encrypting texts, would discussion about that be bikeshedding? Why then, is this change in functionality not of similar concern?
The important part of "bikeshedding" is the part about ignoring more important changes by focusing on trivial changes around the edges. If stories are more than trivial, I'd like to know how.
Personally, I think call quality and server reliability with respect to private messages are more important for a service that is explicitly (and, until this change, exclusively) about private messaging, especially considering recent outages.
If Signal changed the encryption protocol to an insecure one, or simply removed it, then they are fundamentally altering the promise of the app vis a vis its core technology, ie, the essence of the provided service. Obviously that is analogous to the foundation of a house, not to the shed in the backyard.
> Let's not conflate "normalized" with "standard".
Good point - I agree, should have phrased better.
> We already have a discovery feature in Signal
Another point I should have been more clear. I agree that contact discovery is ... well, discovery! I think what I meant is that right now you can only discover folks you already know (i.e.: have the number for) but you don't get recommendations.
So yeah... I'd say that one of the major points distinguishing Signal from a Social Media (at least one of the definitions of) is the lack of recommendations of new people to follow or things to discover. Signal in that sense is a communication platform.
[note I mean Signal the app not the company]
> bikeshedding
You mean if Signal is or isn't a Social media? Or it's run by the feds?
I mean I replied to the above company with a serious comment but I thought the original one was not particularly useful to any discussion around Stories per se.
Session seems OK. I sort of like the look of Matrix but it's a lot harder to establish a security policy when 10 different people might be using 10 different Matrix clients, and nobody can do technical support for anyone else.
Why use multiple apps to text people? I don't us FB messenger, WhatsApp, Telegram, or any of that. I use Signal. Signal lets me send a message to ANYONE else with a phone number protocol agnostic. That's very useful, especially when I'm talking to committed iMessage users.
I get you but it feels like a weird hill to die on. Questionable why SMS support was added to Signal in the first place but removing it makes sense in the context of where they want to take Signal (e.g. usernames).
The problem is that for many other people, this one feature is the only reason to even have Signal - they won't bother with it if it can't be used to message random people already on their contact list.
And then once those people drop it, you have to do so as well if you want to keep talking to them.
Am I in a bubble and these features are, in fact, widely used on WhatsApp?
I'm in groups with a whole lot of other people including a few who keep up with modern social media stuff, use TikTok, use Instagram, et c., and zero of them use the Status feature or Stories or anything but messaging. For us it's just ICQ/text with better media embedding (but still really bad, somehow). Some of us regularly use similar features, but only on other platforms, never on WhatsApp.
Is that unusual, and these are in fact much-beloved features by a good chunk of the WhatsApp user-base?
I'm using WhatsApp everyday, but have never encountered anybody using stories (I can't even find it in WhatsApp on Android, is it the camera-ocon in the top-left?)
Can't speak for the world but WhatsApp Statuses (stories) are used by many many people in East Africa. It is basically what keeps me coming back to WhatsApp over Signal so I am quite thrilled to see Signal now have them. Maybe that will shift more people over.
A lot of people around me in Germany from all ages and bubbles use this feature in WhatsApp as if it were some kind of Instagram. I see multiple status updates every day.
By my experience only people in poor countries outside Europe use this feature. Don't ask me why this specific group chose this instead of Facebook/Instagram. Literally none Europeans from various countries in my Whatsapp use this.
What the fuck happened with Signal? Why did we remove SMS (step 1 into "only criminals use this app") and then start adding stuff that has absolutely nothing at all to do with messaging? Did a federal agent start running the show with the sole mission of destroying the entire app?
Why did we remove SMS (step 1 into "only criminals use this app") and then start adding stuff that has absolutely nothing at all to do with messaging?
I think that "only criminals use this app" is always going to be used on anything that uses encryption by folks that are against encryption (usually governments for some reasons...). SMS or not is always going to be there. I don't think that having secure communication apps intentionally offer insecure communication is the right way to solve this. SMS was a legacy feature for Signal that just got removed now.
> adding stuff that has absolutely nothing at all to do with messaging?
Stories?
> Did a federal agent start running the show with the sole mission of destroying the entire app?
I just replied to another similar comment, not sure if it's the same person or not... but then I'd say...
Use Telegram! It's unencrypted by default!
Use WhatsApp - unfortunately encrypted by default, but at least Meta will collect so much more metadata than you can keep track for.
Use iMessage - It will upload your encrypted chat and the decryption key to Apple servers for you.
My point saying "it's the feds running it" without proof like that is not the most constructive conversation - Signal is by all accounts one of the most secure and private (not necessarily the same as anonymous) messaging apps out there with no clear competitors at the same level of privacy and security.
You mean the messaging service with no SMS support and an assumption that criminals are the main users?
Signal was great because it gave encrypted messaging to people who didn't know they needed it. When you take away SMS support, the only people who use it are people who know they need it.
Signal has already committed suicide by removing its most important feature, "compatibility with other messaging apps", from its list of supported features. It's a dead app walking at this point, though it will probably take a few years to wind down and die.
Yep, and if you check your local app store, it's full of thousands of also-ran messaging apps that are, indeed, dead. While Signal had SMS it had a feature that was NOT common on other apps, now it has the SAME feature set as, say, Whatsapp, and so instead of being a better Whatsapp (because it had features Whatsapp didn't) it's now a worse Whatsapp (same feature set, much smaller userbase), so it's doomed. Just like all the other also-ran apps.
Canadians, people in their 30s and beyond, people who aren't on Facebook, random people not in your friend group, businesses. But most of all, the people who keep complaining about SMS support! What you're saying is a bit nonsensical "if I ignore everyone in this group, the group has no one in it".
I use SMS from time to time too - especially random people that call me, but I don't see much added value of having it unified in Signal. I just use the default SMS app on my phone (iMessage app in my case, which also works for SMS). For me Signal is about E2E encrypted messages with more features, SMS is a different much more limited platform.
Discovery. If you and another were texting each other via SMS, but signal was your app, signal would just upgrade your sms to a signal msg. You didn't have to have a conversation ahead of time, or save them in your contacts and let signal scan them - it just worked.
Discovering you're not limited to sms was nice, when now you have to have an aside - "hey, have you ever heard of signal?"
Signal on Android previously worked a lot like iMessage on iOS - you'd use it as your default messenger, it'd SMS if that was the lowest common denominator, or it'd seamlessly upgrade to Signal protocol if both sides had it.
Lots of people like having just one messaging app, for messaging that's basically SMS-like. Apple and Google have both chased that dream for their SMS apps, for a good reason (Apple with more success than Google—does Google still have another messaging service attached to their SMS app, or did they give up on that when the first attempt was a disaster about a decade ago?)
You don't! But that's exactly the problem - you don't need signal at all. All the important messages that you get are gonna come through another platform (SMS, whatsapp, weechat, etc [depending on where you are]). So, now that SMS support is gone, all signal installs are in addition to the apps that you actually need.
Most people will use the messaging platforms that they need to have installed to get through their days. It's nice, ofc, to have friends who are privacy enthusiasts - but Signal main goal has always been to go beyond that group.
This is the boat I'm in. My version of Signal already updated and encouraged me to switch SMS out of the app, which I did. Now I'm sort of split between these two apps; my family is, for the moment, still using Signal for both, but I expect they'll soon enough be forced to use Android Messages, at which point we'll have little reason to continue using Signal.
Once my immediate family is out, I expect it'll be a domino effect with my extended family and friends -- those of us on Signal will have fewer and fewer reasons (ie, individuals in our graph) to use it. As much as I'd like this to not be the case, I think it will be. A smallish percentage of my contact list was on Signal, but every few months, another few people would join. I expect this trend will reverse.
Other than the privacy features, that was my #1 selling point when trying to convince someone to install Signal - that you won't need two apps for your SMS since it will become your default app and the UI is better anyway.
Will be a lot harder to tell people to switch now.
I can accept that it is a real argument, since so many people mention it. But I just don't get it.
People have multiple apps for their social networks, and are completely fine with them. Snapchat, Facebook, TikTok, WhatsApp, Telegram. At the end of the day, I think it's just an excuse. They don't want to install Signal because they follow what others do, and it seems like others are not on Signal.
Instead of saying: "Install Signal, it will be your new SMS app", if you said "What? You don't have Signal? That's the new thing man", I'm sure they would try it. Then realize that they don't have contacts there, and uninstall it (because they reaaaaaallly need to save those 6MB badly on their phone, for some reason).
People don't use what's best, people use what other people use. They don't want to think.
I can imagine it would be a useful alternative to having a bunch of group-chats for people who want to share baby/cat/travel photos. And I can disable it. Win-win.
Not likely to happen. While it's OSS, there's still a central Signal backend, and they don't like clients other than their own to connect to it. Any fork would eventually need to have their own backend, and now you're basically no longer using Signal since you won't be able to communicate with anybody else not using yours.
I think that's called Matrix and we already have that.
Anyway, good luck getting Signal to federate with you until you have enough of a user base that they're losing users to your backend. They have zero reason to want to do this, and it introduces some privacy issues (what if your server doesn't respect deletions, etc?).
We even had it long before that. It's called XMPP, it's the internet standard for instant messaging and modern clients implement Signal style encryption.
479 comments
[ 3.2 ms ] story [ 320 ms ] threadThough I'm not sure how many will actually use Stories. WhatsApp has something similar as well but I have never seen anyone among my contacts use it
Still really mad about them dropping SMS support. I'll be deleting it when that happens.
Did its SMS feature support encryption somehow? Because sounds like a bad idea to include unencrypted messaging in a secure app: it's a giant footgun.
'We're taking features away for your security' is a lowkey way of telling users that they're idiots who can't be trusted to operate their own devices. This is really pretty offensive to the people who have been evangelists for Signal for the last 6-7 years.
Settings > Notifications > Notify when... > turn off "Contact joins Signal"
Really, is it so hard to think about both sides of this equation?
I definitely do not expect Signal to drop encryption by default in any feature though. That's their fundamental value.
I'm guessing some folks won't like use feature because it's too "social media-y" (myself likely included) but as they say in the post:
- You can turn the feature off and you won't see other people's stories
- You can choose the audience and the max you can share it with is with Signal users in your contacts list
Thank you Signal team for giving the general public what they want and making it private.
WhatsApp did not really adapt it in privacy mind, to be fair. All metadata is unencrypted.
Meta harvests your contact information, intervals and time when you message specific persons. Often, this information is more interesting than the message content itself.
Pretty sure both work the same way regarding metadata. Think about it: if Signal didn't know that A was messaging B, how would they route that message to B's phone? A has to be able to find B's ip address someway. B can't broadcast its ip address to all the Signal users -- that would be a huge security hole.
It probably works like this: 1) A sends encrypted message + B's phone number to the server 2) server looks up the ip address for B's phone number 3) server routes the message there.
Also, both WhatsApp and Signal hash the contacts data the same way. Signal does seem to go a bit further, however.
WhatsApp's implementation: https://www.whatsapp.com/legal/information-for-people-who-do... Signal's implementation: https://signal.org/blog/private-contact-discovery/
They don't, that's covered pretty extensively in the many technical writeups of various Signal features. It's one of the main value propositions of Signal, that it doesn't work like most secure messengers especially when it comes to metadata.
There is no need for signal to know because their servers are not involved to transport the message but only ip routing infrastructure in between and of course the two parties. That's P2P
It means, that if the contact list contains numbers which have not accepted WhatsApp ToS, their content is stored only as hash. When the user starts using WhatsApp, their number and hash is being mapped.
Vaguely described as
> Each cryptographic hash value is stored on WhatsApp’s servers, linked to the WhatsApp users who uploaded the corresponding phone numbers before they were hashed so that we can more efficiently connect you with these contacts when they join WhatsApp.
Which means that WhatsApp knows the numbers of the WhatsApp users, and how they interact together.
Signal does not know numbers or how these contatcs interact.
It is described here [2]. Number is only needed for creating the unique hash. Server knows only the recipient, not the sender.
[1]: https://faq.whatsapp.com/423109552047857/?locale=en_US&refsr...
[2]: https://signal.org/blog/sealed-sender/
> It is described here [2]. Number is only needed for creating the unique hash. Server knows only the recipient, not the sender.
Signal does know everyone's numbers as everybody is logged into a Signal account on the server end (this is how your client fetches messages for your number). That same account and IP are also used when you send a message.
On top of that fact, sealed sender has been known to be broken for some time now: https://www.ndss-symposium.org/ndss-paper/improving-signals-...
In theory, B could publish a new public key as identity per target user.
I see two main problems: First, push notifications do require the server to actually identify the user and second efficiency: The client would like to maintain a single long connection instead of many short lived requests with pseudonyms.
Of course there would still be some timing patterns …
Worth reading.
https://signal.org/bigbrother/cd-california-grand-jury/
And all the rest of the data too, for all intents and purposes.
After all it is Meta that provides the keys, operates the network, and controls the closed source apps. Also, it is precisely Meta's type of behaviour that warrants encrypting personal data in the first place.
1) Enable daily backups in Signal
2) Set up Syncthing to automatically send these backups to your laptop/whatever.
3) Profit.
Is there any solid evidence for this or are we just believing what Facebook says?
WhatsApp's APK files have obfuscated code. A few years ago they forgot to obfuscate a file and they got exposed.
Not to mention so many severe vulnerabilities discovered in WhatsApp every now and then.
People who really think WhatsApp's claims about E2EE are true and it's making them safer or private, are trusting Facebook too much.
But hey, I'm an old, biased, grumpy man. They're taking away SMS (which was what allowed me to get it onto my family's phones) and shoving TikTok in my face instead. I'm displeased by this and looking for things to pick on.
The cool stuff about Signal is what happens under the hood. They don't want a special identity as a "private messenger"; they believe all messaging should be secure.
Getting that backup off the device is yet another manual process for most users they need to think about.
Compare this to Telegram: user doesn't have to do anything.
Compare this to iMessage: user doesn't have to do anything.
Compare this to WhatsApp: user just needs to click agree.
The last two even save backups in an E2E encrypted fashion unreadable by servers.
In any case, I actually prefer it the way Signal does because
1) I don't have to sign up for / rely on a cloud provider,
2) if need be, I can decrypt the backup on my own and export it to some other format.
> then they only do backup manually
Wrong. The backup can be done automatically (i.e. every day).
You might say 'but they don't want to make people less secure, people will get the wrong idea!' But they do this already, in ways that are much worse than allowing the user to make a security decision for themselves.
You can change a setting to prevent screenshots inside the Signal phone app, so you can't take screenshots. Your conversations are now secure, right? Nobody can take pictures of your disappearing messages! WRONG. You can turn on that feature and I can still take screenshots all day, including disappearing messages that you send to me.
Likewise, Signal can't tell if you're downloading pictures or copying text I send to you. You could be backing up everything - my only 'assurance' is that you probably aren't doing it because it's inconvenient.
You can change disappearing messages timer to anything you want! Great! But the change of timer is itself a message. So if we are arrested and police get into one person's Signal, they can see when disappearing messages were turned on and when the timer was lengthened or shortened. Sure, the messages disappeared, but what were you doing on August 23rd at 7:39pm that made you change the timer to 10 minute4s for 3 hours? We know where you were because of your phone's IMEI, I guess we will tell the court that you were trying to cover something up during those 3 hours and charge you with obstruction of justice.
I have asked them to change the latter behavior repeatedly, explaining why it could be a problem for users, and all I ever hear is 'good point, we'll look into it' even though there's no reason that information should be stored.
Your latter example is also a security concern they can’t address. A jurisdiction that allows a message about a settings change being used as a basis for obstruction of justice can rule the use of signal as the same (though I do agree that former is problematic on its face).
I dont know the ins and outs of the problems with backups, but it doesn’t take a phd in cryptography to envision a case where your settings about backups open all your contacts to automated dragnet surveillance. In that case it doesn’t make sense for a single user to downgrade everyone else’s security settings.
The disappearing message timer history could absolutely be mitigated by simply not retaining that information or timestamping it.
If you could export/back up single conversations, you would have much more granularity than exporting or backing up your entire message database. Other people could also get a message that the conversation had been exported. there are lots of cases where you might want to do this by mutual agreement, but it isn't possible.
C'mon, don't bs us :)
Example: I am running out of space on my phone. I look, and see Signal is taking 4gb of space. But I would like to preserve a lot of that media. So I buy a mini-SD card and install it in my phone. Yay! Now to turn on Signal chat backups!
Oh, but the backups are hardcoded to a location on your primary storage that you can't change. so even though I have 126gb of free space on the SD card I installed, I can't back Signal up to it and I am still running out of space.
My only option is to try removing every other app I have installed, and hope there is enough space reclaimed to perform a backup, which I can then copy off my system so I can reinstall my apps...WTF.
Meanwhile there is no way to back up a single chat. You can archive it, but that just removes it from your Signal home screen, it doesn't actually create an archive of any kind. And there is no way to back anything up on desktop.
This isn't a feature, it's an antipattern.
Backing up to the same device on which are running out of space is an extremely obvious problem, to which the solution is to just ask the user where they want the backup stored instead of deciding for them.
In the beginning, it might have been an oversight. Now moxie is just making seriously misleading arguments on behalf of people he doesn't know to make their service worse.
What are you referring to? An option to choose your backup location got added two years ago. It works on Android 10 and above.
https://github.com/signalapp/Signal-Android/commit/ee3d7a9a3...
This means:
* Backup must be automatic.
* Backup must be done off device.
* Backup must be common enough that messages aren't lost.
* Restore must be available to person of average technical ability.
* Restore must not require a person to remember typing in a 20+ character pregenerated number they probably lost in last 2 years of having Setup signal.
This is the bar other messaging apps have set.
It's also funny how demanding on use of phone numbers, shoving in crypto currency and demanding everyone to use out-of-date Electron app is somehow fine, but making backups user friendly is suddenly a massive "security" issue.
This is the BS security theater I despise at Signal. It's the software equivalent of having every single airplane passenger take off shoes.
That's probably your answer. I don't know anyone who uses a mini-SD card. The last time I bought a phone no phone I considered had an SD slot.
Nobody was asking for stickers, stories, or crypto. Those things aren't cool.
Ultimately there was no shortage of boring, cryptographically-secure apps. Signal is filling demand for an app that is both secure and fun to use.
Neither was signal taking your contact list and uploading a copy along with your name and photo and storing that data forever in the cloud. Neither was refusing to update their privacy policy to reflect their new data collection practices. A company that promotes itself to whistleblowers and human rights activists and then lies to them about what data they collect and keep is highly unethical.
None of this inspires confidence in Signal as a private/secure messaging service. I've moved away from it. I wish them luck as a social media platform.
It seems incomplete to not mention that that data is end‐to‐end encrypted, and that name and photo are optional.
I've tried snapchat and Instagram stories, and I hate that the messages disappear with time. It seems counter-intuitive for an asynchronous communication method, and that doesn't even count how it always feels like another FOMO marketing gag to keep you engaged with the app.
Just let people delete posts (and really delete them to boot).
Of course it still has all the usual social media failings where it is used to make the senders life seem more exciting and fun than it really is but I see the point of having the option.
I especially like signal’s groups implementation. I have a couple of large group chats where I am happy to share my day with people but it’s not important enough to notify everyone’s phone and it doesn’t matter if they miss it.
See - that's the part I don't get. Photos, to me, are not ephemeral. They are valuable, even if you don't think they are at the time. I've lost too many photos because I considered them to be ephemeral, and I regret that loss because I now only have vague memories of the events they captured. My only remaining memories of some of my oldest friends who are no longer with me are captured in those "irrelevant" photos.
Future you will thank you for keeping photos of your friends.
Now I dread the day when they might decide to make it so that you won't be able to opt-out. Why can't we have nice things?
How many followers on Signal do you have?
I feel like it's just out-of-touch product managers who see everyone else doing the stories thing and blindly aping it cause it's the thing to do.
In reality, the only place people seem to use stories is Snapchat, Instagram, and seemingly some people post to Facebook stories but I think it's mostly cause of the toggle in Instagram to cross-post to there.
I was honestly excited when I saw the headline, not because I have any intention of using stories myself, but because my friends have repeatedly tried to explain to me why they use stories on Whatsapp and Snapchat, and I have some hope this will make Signal more attractive to them.
I feel the same way about stickers and the Giphy proxy, both of which are features I would never have asked for and was initially skeptical of, but that have wound up being widely used by most of my friends who use Signal.
As of now, Signal still has no concept of followers. My stories are at most only visible to all my contacts on Signal. In my mind this is a big difference between all the other major platforms with stories.
It's similar to how it's good if more people use Tor for all kinds of activities as it doesn't immediately label you as suspicious just because you use Tor or Signal.
edit: ah, they announced recently that they are removing SMS support in Android. The reasoning is solid IMO, I've accidentally sent insecure messages before.
For anything else, using SMS is like using Notepad to write books. Many better alternatives have come through in the decades since that tech was new.
It feels very weird to have both a very good end-to-end encryption (the Signal encrypted messages) and a very bad system (SMS) together in the same app. People should just move away from SMS, it's not like it's hard.
All that being said...
I still trust Signal's Stories implementation over any other. While I believe they could have competed with SMS-capable apps like iMessage, Google Messages, and Samsung Messages, if pivoting into WhatsApp/Instagram/Snapchat/TikTok territory is what they'd rather do, then I believe they can execute it well.
Actually, there is an RCS API.
However, Google restricts its use to themselves and specific OEMS only. IIUC, that's currently only Samsung[0].
[0] https://www.xda-developers.com/google-messages-rcs-api-third...
IIUC, the RCS API is not part of AOSP[0], and as such, not part of LineageOS. As such, I believe the answer is "no."
[0] https://source.android.com/
Google has not provided any public API for RCS, and they control the ecosystem fully. If Google wanted other clients to use RCS as a platform, there would be public APIs that Signal, iMessage, Textra, Facebook Messenger and other SMS clients could integrate with.
Come to think of it, I'm having a very hard time coming up with any sensible use case for using Signal over text message. Presumably both sides still need Signal for the encryption to work, so what's the point? Might as well use the internet to send the message. The only scenario I can see it being useful is when you have GSM, but no internet connectivity, and that's rare these days.
Did they not see any value in signal over SMS? Didn't you have any group chats?
I would love to hear tptacek's views on this.
No, he worked on Signal for so long that he probably just wanted to take a break to work on other passions too - he's still on the Signal Foundation board (https://signalfoundation.org/)
> Why is a secure messenger adopting the appearance of social media?
I'd argue that Stories (or equivalent) is nowadays a standard feature in many messengers. To more directly answer your question no - Signal is missing a key aspect of Social Media: discovery. Stories is pretty much equivalent to share a picture to a group of people. You can also easily disable the feature in settings.
> Doesn't this work explicitly against the entire claimed reason for not having an account system?
I'm not sure specifically to what you refer to but in general: phone numbers is still the primary way to find new folks, but they're working on a username feature. They will still use phone numbers for simplicity as "account" but again, Stories is simply a new interface to share pictures with your contacts.
"Standard" implies a lot, and definitely there is nothing about "enabling two-way communication between willing participants" that requires "make available a video on the screens of my contacts in a non-directed way" to be part of the offering.
Signal is not social media. That is not its intention, nor its purpose, nor even its design. It is a messaging service. We already have a discovery feature in Signal: using your contacts, you can see who has Signal installed or not.
This feels like bikeshedding to the max, because it is.
I mean, it is now since they just added a stories feature. Sorry that your view of the product doesn't align with Signal's.
You're also using the word bikeshedding in a way unfamiliar to me. I use that word to mean intense debate about inconsequential changes that don't matter, like the right color for a bicycle shed. Which ofc is ludacris because there is no right or wrong color for a bicycle shed. In contrast to that, there are absolutely product decisions about the app that are material to its desired and undesired functionality. If signal decided to change the functionality of their product and stop encrypting texts, would discussion about that be bikeshedding? Why then, is this change in functionality not of similar concern?
Personally, I think call quality and server reliability with respect to private messages are more important for a service that is explicitly (and, until this change, exclusively) about private messaging, especially considering recent outages.
If Signal changed the encryption protocol to an insecure one, or simply removed it, then they are fundamentally altering the promise of the app vis a vis its core technology, ie, the essence of the provided service. Obviously that is analogous to the foundation of a house, not to the shed in the backyard.
Good point - I agree, should have phrased better.
> We already have a discovery feature in Signal
Another point I should have been more clear. I agree that contact discovery is ... well, discovery! I think what I meant is that right now you can only discover folks you already know (i.e.: have the number for) but you don't get recommendations.
So yeah... I'd say that one of the major points distinguishing Signal from a Social Media (at least one of the definitions of) is the lack of recommendations of new people to follow or things to discover. Signal in that sense is a communication platform.
[note I mean Signal the app not the company]
> bikeshedding
You mean if Signal is or isn't a Social media? Or it's run by the feds?
I mean I replied to the above company with a serious comment but I thought the original one was not particularly useful to any discussion around Stories per se.
And then once those people drop it, you have to do so as well if you want to keep talking to them.
Any day now (for the last 5 years)
I'm in groups with a whole lot of other people including a few who keep up with modern social media stuff, use TikTok, use Instagram, et c., and zero of them use the Status feature or Stories or anything but messaging. For us it's just ICQ/text with better media embedding (but still really bad, somehow). Some of us regularly use similar features, but only on other platforms, never on WhatsApp.
Is that unusual, and these are in fact much-beloved features by a good chunk of the WhatsApp user-base?
I think that "only criminals use this app" is always going to be used on anything that uses encryption by folks that are against encryption (usually governments for some reasons...). SMS or not is always going to be there. I don't think that having secure communication apps intentionally offer insecure communication is the right way to solve this. SMS was a legacy feature for Signal that just got removed now.
> adding stuff that has absolutely nothing at all to do with messaging?
Stories?
> Did a federal agent start running the show with the sole mission of destroying the entire app?
I just replied to another similar comment, not sure if it's the same person or not... but then I'd say...
Use Telegram! It's unencrypted by default! Use WhatsApp - unfortunately encrypted by default, but at least Meta will collect so much more metadata than you can keep track for. Use iMessage - It will upload your encrypted chat and the decryption key to Apple servers for you.
My point saying "it's the feds running it" without proof like that is not the most constructive conversation - Signal is by all accounts one of the most secure and private (not necessarily the same as anonymous) messaging apps out there with no clear competitors at the same level of privacy and security.
You mean the messaging service with no SMS support and an assumption that criminals are the main users?
Signal was great because it gave encrypted messaging to people who didn't know they needed it. When you take away SMS support, the only people who use it are people who know they need it.
Discovering you're not limited to sms was nice, when now you have to have an aside - "hey, have you ever heard of signal?"
1) Spam (~40%)
2) Transactional messages (~40%)
3) Conversations with old (45+) relatives (~15%)
4) Conversations with people I barely know (parents of kids' friends, people responding to a web market listing, that kind of thing) (~5%)
Google Messages (the default SMS app on newer phones) uses RCS if available and overlays E2E encryption on top using the Signal protocol.
Most people will use the messaging platforms that they need to have installed to get through their days. It's nice, ofc, to have friends who are privacy enthusiasts - but Signal main goal has always been to go beyond that group.
but you are right it doesn't have much use for children
Once my immediate family is out, I expect it'll be a domino effect with my extended family and friends -- those of us on Signal will have fewer and fewer reasons (ie, individuals in our graph) to use it. As much as I'd like this to not be the case, I think it will be. A smallish percentage of my contact list was on Signal, but every few months, another few people would join. I expect this trend will reverse.
my guess is that carriers/telcos offer unlimited SMS because they can data mine and monetize the shit out of it
also most people are still somewhere at the level of "the Internet is Google Chrome"
Will be a lot harder to tell people to switch now.
People have multiple apps for their social networks, and are completely fine with them. Snapchat, Facebook, TikTok, WhatsApp, Telegram. At the end of the day, I think it's just an excuse. They don't want to install Signal because they follow what others do, and it seems like others are not on Signal.
Instead of saying: "Install Signal, it will be your new SMS app", if you said "What? You don't have Signal? That's the new thing man", I'm sure they would try it. Then realize that they don't have contacts there, and uninstall it (because they reaaaaaallly need to save those 6MB badly on their phone, for some reason).
People don't use what's best, people use what other people use. They don't want to think.
Anyway, good luck getting Signal to federate with you until you have enough of a user base that they're losing users to your backend. They have zero reason to want to do this, and it introduces some privacy issues (what if your server doesn't respect deletions, etc?).
XMPP is just SMTP and some protocol addons on top. SMTP is just FTP with RFC 469 and others. Etc.
I haven't used but it is supposed to be a hardened version of signal.
Not that it supports SMS, but it _is_ a fork that uses Signal's servers.
https://github.com/johanw666/Signal-Android/releases
At least they realize we want a way to avoid stories.