This is pretty awesome and an exciting feature. But I want to make 2 critiques here.
1) I think Signal is really bad at communicating with its community. Especially being an open source project I think it is important to be open in communication. I wish they wrote more blog posts and were announcing these things through blog posts (I really miss those blog posts, even the non-Moxie ones. They made it feel more communal and like you understood Signal's vision. Ultimately, that builds trust, which is ironically necessary when building trustless systems). Creates a good way to succinctly explain what the feature is, the end goal, and so on. You can easily add a cross link to any forum discussions. But jesus fucking christ, I really hate these private communities. No one likes making random accounts just to submit bug reports and it is a little insulting to make devs do it when GitHub exists (I can get why they do this but there might just be no optimal solution...). But man, the Signal community is particularly bad and off-putting...
I'll add that this is an extra pain point being a security app. It should be expected that Signal users are suspicious of Signal. That should even be encouraged! But lack of communication often breeds conspiracies. People not knowing even a high level road map start believing that Signal is doing nothing while asking for money. It's a small team, so of course it is slower, but just a bit of transparency can do a lot to mitigate this. You don't need full blown PR, but PR to the tech nerds does seem necessary at this stage (can become general public when your average tech nerd is convinced Signal is more secure than Telegram and understand that Signal and Matrix are not solving the same problems). Right now it is the tech nerds that spread the conspiracies and the infighting just ends up making apps like WhatsApp more inviting. We're usually bickering over technical mostly non-issue things[0]
2) The post mentions
> The ability to dynamically offload media so that Signal takes up less space on your phone, while still letting you download that media on the fly if you scroll back.
I can tell you that the vast majority of my storage in Signal is created through dupes. As far as I can tell, every time you forward an image or other piece of media it creates a duplicate[1]. I'd get pretty good storage savings if these were soft links to one another or a COW system was used (think like BTRFS[2], but you could get the same effect without that filesystem[3]). Is there a security issue with this? If so, can someone explain? This kinda circles back to #1 because it is pretty hard to get answers to these types of things from the community as ultimately you frequently end up with results like asking on Reddit. Community answers are great for naive and unnuanced questions but the moment any technicality is brought in.
But my point here is kinda about trying to better reach out to the community. I get that listening to users is noisy, but truth is that Signal's lack of metadata means they have fewer insights into user desires and concerns. Fortunately, Signal has more technically minded users than most apps, but there's no real good communication path with them. Honestly, I think there are dozens of good ideas in their community forums that go missed. Big reason I hate these community forums is that they also use popularity as a proxy for user desire. But requiring login makes that noisy as well as many features are going to be things people want but don't know they want, especially when there's some technical aspect involved. Here's a few examples:
[4] "Airdrop": User presented an "Airdrop" like feature which benefits them, reduces Signal's bandwidth costs, and could ultimately create a pathway forward to decentralization if they decide to go that way.
[5] Link Sanitization: This is straight up a privacy feature! You know when you share a YouTube link? Strip ...
> You know when you share a YouTube link? Strip everything after the "?" because that's just tracking data
Funny because YouTube is exactly the example I would use for the URL parameters being important. I frequently send links to specific times in the video using the `t` parameter.
Why does any additional encryption need to be broken? Signal dark patterns users into using insecure few digit 'pins' to protect their data, then waves some SGX hokum around that as an argument as to why very short pins have acceptable security. Of course, no one with physical access / state level resources is meaningfully impaired by SGX, so the security is just a trivial pin crackable by a speak and spell.
Concerns that were all dismissed when the insecure pin system was introduced because only contacts and settings were hosted, not content. ...
It's already known that users can't choose secure passwords even without UI that tries hard to encourage an insecure choice and that the rare ones that are secure are the ones that also get lost/forgotten. As a cryptosystem "user chooses and remembers a key" is known to be broken. So backup to the cloud really just means "hand to NSA with already known broken encryption".
The article says that local-backups are still going to be a thing, and that it'll use the new format (so that you can restore ex an Android backup on iPhone and the other way around). Presumably you'll have to bring your own solution for storing the backup, but if its just a file / archive then you can store it however you store the rest of your backups.
Good effort, but wouldn't it be better if such backups were split into n parts and distributed among n independent providers using something like shamir secret sharing where a backup could then be restored with k out of n parts?
I trust Signal but I find this quite basic compared to just how much thought/work went into the Signal protocol comparatively.
The following two features are interesting to me. Where can I find more info on these?
* Backups are structured so that the Signal service cannot associate a backup with a given user.
* Payments are structured so that the Signal service cannot associate a payment with a given user.
10 comments
[ 3.3 ms ] story [ 30.4 ms ] threadI merely observe that there's a duty cycle here across data which states and providers have to dance through each time.
1) I think Signal is really bad at communicating with its community. Especially being an open source project I think it is important to be open in communication. I wish they wrote more blog posts and were announcing these things through blog posts (I really miss those blog posts, even the non-Moxie ones. They made it feel more communal and like you understood Signal's vision. Ultimately, that builds trust, which is ironically necessary when building trustless systems). Creates a good way to succinctly explain what the feature is, the end goal, and so on. You can easily add a cross link to any forum discussions. But jesus fucking christ, I really hate these private communities. No one likes making random accounts just to submit bug reports and it is a little insulting to make devs do it when GitHub exists (I can get why they do this but there might just be no optimal solution...). But man, the Signal community is particularly bad and off-putting...
I'll add that this is an extra pain point being a security app. It should be expected that Signal users are suspicious of Signal. That should even be encouraged! But lack of communication often breeds conspiracies. People not knowing even a high level road map start believing that Signal is doing nothing while asking for money. It's a small team, so of course it is slower, but just a bit of transparency can do a lot to mitigate this. You don't need full blown PR, but PR to the tech nerds does seem necessary at this stage (can become general public when your average tech nerd is convinced Signal is more secure than Telegram and understand that Signal and Matrix are not solving the same problems). Right now it is the tech nerds that spread the conspiracies and the infighting just ends up making apps like WhatsApp more inviting. We're usually bickering over technical mostly non-issue things[0]
2) The post mentions
I can tell you that the vast majority of my storage in Signal is created through dupes. As far as I can tell, every time you forward an image or other piece of media it creates a duplicate[1]. I'd get pretty good storage savings if these were soft links to one another or a COW system was used (think like BTRFS[2], but you could get the same effect without that filesystem[3]). Is there a security issue with this? If so, can someone explain? This kinda circles back to #1 because it is pretty hard to get answers to these types of things from the community as ultimately you frequently end up with results like asking on Reddit. Community answers are great for naive and unnuanced questions but the moment any technicality is brought in.But my point here is kinda about trying to better reach out to the community. I get that listening to users is noisy, but truth is that Signal's lack of metadata means they have fewer insights into user desires and concerns. Fortunately, Signal has more technically minded users than most apps, but there's no real good communication path with them. Honestly, I think there are dozens of good ideas in their community forums that go missed. Big reason I hate these community forums is that they also use popularity as a proxy for user desire. But requiring login makes that noisy as well as many features are going to be things people want but don't know they want, especially when there's some technical aspect involved. Here's a few examples:
Funny because YouTube is exactly the example I would use for the URL parameters being important. I frequently send links to specific times in the video using the `t` parameter.
Concerns that were all dismissed when the insecure pin system was introduced because only contacts and settings were hosted, not content. ...
It's already known that users can't choose secure passwords even without UI that tries hard to encourage an insecure choice and that the rare ones that are secure are the ones that also get lost/forgotten. As a cryptosystem "user chooses and remembers a key" is known to be broken. So backup to the cloud really just means "hand to NSA with already known broken encryption".
I trust Signal but I find this quite basic compared to just how much thought/work went into the Signal protocol comparatively.