
Signal, a fast, secure and simple messenger endorsed by Snowden - miki123211
https://www.signal.org/
======
brianpgordon
Kind of weird posting the app as a submission like this, given that it's
pretty well-known and HN search turns up hundreds of discussions about it.
This is kind of like posting a link to slack.com.

~~~
sheerun
It became more useful and stable since last discussed

~~~
alexnewman
Interesting say more

~~~
Cactus2018
Encrypted backup and restore works now. Including media.

~~~
metildaa
For how long though? Signal Android has repeatedly broken its backup
functionality with no warning, it seems the Signal team is not testing this
feature regularly.

iOS users are still out of luck on message backup too :c

------
areoform
I wish I could keep recommending Signal to my friends. For an app as famous as
theirs, the applications and tooling don’t feel mature at all. Their MacOS
desktop app insists on updating multiple times a day. Indeed, every time I
have it open, it starts bugging me for updates. I can’t have conversations
anymore because the app insists on restarting signal. These hourly demands for
updates has caused me to ignore them entirely - devaluing the core value add
in the process. Was the latest 5pm update a security update that I desperately
need? Well, I don’t know and at this point no longer care because I’d like to
use the app to talk to people instead.

The app also doesn’t work if you have multiple phones or a tablet. I can have
signal either on my iPad or my phone. Not both. Why? I don’t know. But Signal
insists that it is more secure.

It’s a problem with these security focused applications. They often sacrifice
usability on the altar of best case security; making applications that are
hard to use for anyone but the most ardent of folks.

I want to love this app, but their bad UX makes it really really hard.

~~~
metildaa
Check out [https://pyre.chat](https://pyre.chat) (pre-alpha) and signal-
weechat for a non-electron based desktop client that won't nom all your ram.

[https://github.com/thefinn93/signal-
weechat](https://github.com/thefinn93/signal-weechat)

Signal makes for a decent SMS replacement, IMO they have put little effort
into being a group chat competitor. Some bots like
[https://git.callpipe.com/yosl/repost4privacy](https://git.callpipe.com/yosl/repost4privacy)
can make groups more user friendly, but group management is still poor.

Edit: added last paragraph about groups.

~~~
_emacsomancer_
signal-weechat looks very interesting. do you have any idea how well it works?

~~~
metildaa
Its seem much less development than pyre.chat, but it is a functional client
(tho pictures all end up in a folder when sent your way, as images + ncurses
doesn't really work).

------
Aelius
My 2c

I recently got signal because some friends made me. Given how old it is, I was
shocked by how poor some aspects are.

I liked using it as an android sms app, until I replied to one too many sms
over signal because signal always defaults to signal, rather than whichever
protocol the person sent you a message via. People uninstall the app, or use
iOS. Signal constantly defaulting to a protocol the person on the other end
isn't using was too much, so I stopped using signal as my sms app.

I hate that, now that I've stopped using signal as my sms app, it wasn't
storing sms in android's common sms store. Now chunks of history are missing,
trapped in signal.

The desktop client seems fundamentally broken, often taking 5-10 minutes to
sync messages in.

I hate that I can only mute conversations for 1 or 2 hours, 1 or 7 days, 1
year, or forever.

I hate that I can't mute a group and still receive @s.

I hate that it is tied to my phone number.

I think signal offers a really bad experience. I prefer keybase, for many
reasons. However when my mother and sister and grandmother needed a way to
share pictures and videos (which mms would convert to garbage quality), I set
them up with signal. Keybase's mobile client is, unfortunately, specifically
bad at media. Signal is decent at it.

Although, the keybase devs as recently as yesterday said they'll be polishing
the mobile experience in the coming weeks. Maybe soon I can in good conscience
not recommend signal and start pushing keybase among my family. Keybase did
also recently streamlined their onboarding process to not require a password-
you can just download and go.

Edited for spelling errors.

~~~
majkinetor
All true. The worst offender is actually sync on desktop that can take
anywhere between 5 to 50 minutes !

On-boarding of keybase was more complicated before, maybe its better now.

------
jtl999
I wish they had a competent desktop client with feature parity to mobile and
not just an Electron "app".

I could write more critique regarding the forced contact discovery, the use of
phone numbers as identifiers, but at lest the underlying security of the app
is good.

~~~
josteink
When I used Android, Signal doubled as a regular SMS app.

That meant you would _only_ use Signal, and the recipient would receive the
message via Signal if he too was a user. Basically it worked like iMessage on
iOS, but was 100% OSS.

Which from what I can tell, is a thing people here on HN (not to mention
/r/Android) are asking for all the time.

Using Signal on iOS though indeed feels weirder because you always need to
“discover” who has what IM-service, and then start the corresponding app.

That’s a flaw of iOS though, and not Signal, and all non-iMessage services
suffers for that.

~~~
jeltz
This was the main reason I never started using Signal. When I tried it some
years ago it wanted virtually all permissions on my phone and wanted to
replace my SMS client. I also did not like that they wanted my phone number.
The SMS replacement should be an optional feature, and they do not need any
phone number unless I want to use that feature.

~~~
jtl999
I registered my Signal account with a burner number not linked to any SIM
card, and thus I didn't use it as my SMS app. Don't know if it's default
behavior when you register it with the phone number attached to your SIM or
not.

I agree the permissions (especially the forced contact discovery) is
problematic.

~~~
reacharavindh
I thought of doing the same until I realized that it's a silly workaround. If
I ever need to restore my account or forget password or change device, I'd
need the same burner phone... it's a burner anymore now is it?

And then I gave up because of the forced contact discovery... it's a pity.

I wish there was a popular chat service that worked more like Blackberry.
Central network but just pseudonymns instead of the phone number.

~~~
acct1771
> If I ever need to restore my account

..for what?

------
kemonocode
Signal's hostility towards third-party contributions and staunch refusal in
federation makes it hard to recommend. Not to mention for an app that touts
itself as both being secure and being easy to use, it has a rather crappy UX.

~~~
klyrs
Also, why is it on Google Play Store but not FDroid? Tryin' to protect my
privacy, here.

~~~
cyphar
Because Moxie doesn't want it to be[1]. It should be noted though than you can
download _just_ the APK from their website[2] and it supports auto-updating.

[1]: [https://github.com/signalapp/Signal-
Android/issues/127](https://github.com/signalapp/Signal-Android/issues/127)
[2]: [https://signal.org/android/apk/](https://signal.org/android/apk/)

------
philips
I want to love Signal but is so hard to love at times:

1\. The Signal backup restore process is ridiculous and kludgey. It took me
quite some time to figure out how /Internal works on Android 9 devices using
the files app for example. [1]

2\. If your phone fails without a backup the only way to rejoin groups is
having people post a message to each group. I wish there was a middle ground
between full backup and dump my keys/group list.[2]

3\. The Linux app will, at random, take minutes to load because it is loading
100s of messages. But, this happens even if I was running the app 5 minutes
before. Watching the logs I see sqlite insertions happening no faster than 10
a second. The old web based Signal client worked great. I would love to have
that brought back.

On my wishlist, which I haven't posted anywhere publicly, includes:

1\. Clicking a contact circle _should not_ show me the Android contact, it
should show me a list of actions I can take in Signal instead: call, message,
video call

2\. Video conferences are often used with families. Please create a full
screen video call mode that is friendly for parents with kids. This means that
I can let my kid touch the screen and not immediately drop a call or switch
apps. A full screen mode with optional pin or swipe pattern to exit would make
me love the app forever.

Also, for context, my experience comes from converting dozens of family
members off of Whatsapp to Signal over the course of 6 weeks earlier this
year. For the most part it has been fine but these sharp edges have caused me
pain trying to support my family members. Whatapp lost my trust with the
announcement of Fb messenger integration and the unencrypted backup to Google
Drive.

I am hopeful that Signal will improve overtime. However, the web client
deprecation and my recent experience with the backup/restore process has me
concerned.

[1] [https://support.signal.org/hc/en-
us/articles/360007059752#an...](https://support.signal.org/hc/en-
us/articles/360007059752#android_restore)

[2] [https://support.signal.org/hc/en-
us/articles/360007062012-Ne...](https://support.signal.org/hc/en-
us/articles/360007062012-New-Number-or-New-Phone)

~~~
senectus1
this this this this this.

I like and push signal every chance i can get but yeah, the UI/UX is horrible
at times.

Also wtf should we pay attention to snowden's opinion. the guy is no "security
guru". His name is only relevent because he uses it... so what?

------
kethinov
Signal isn't federated. Use Matrix instead.

~~~
pugworthy
For those like me who aren’t used to the term federated...

“Federated architecture (FA) is a pattern in enterprise architecture that
allows interoperability and information sharing between semi-autonomous de-
centrally organized lines of business (LOBs), information technology systems
and applications.“

—Wikipedia

~~~
cbHXBY1D
For those who want to know why it's not federated:
[https://signal.org/blog/the-ecosystem-is-
moving/](https://signal.org/blog/the-ecosystem-is-moving/)

~~~
Whatitat90
For those who want to know why it still should be federated:
[https://gultsch.de/objection.html](https://gultsch.de/objection.html)

------
gnuarch
[https://quicksy.im/](https://quicksy.im/) – a spin-off of the popular
Jabber/XMPP client Conversations with automatic contact discovery.

> Even if you are not a Quicksy user you can enter your Jabber ID into the
> Quicksy Directory and give Quicksy users the ability to automatically
> discover you based on your phone number. This lets you enjoy the privacy-
> friendly, federated nature of Jabber/XMPP while giving your less tech-savvy
> friends a low barrier entry into that world

// not affiliated; saw this recently, like the idea.

------
agorabinary
Signal lags pretty hard on ubuntu 16.04, reason why I switched to Telegram
despite the latter's inferior privacy

~~~
arianvanp
Telegram is a native Qt app written in C++. It's very smooth because of it

------
reneberlin
Outside of the tech-bubble we are all in, security-blablabla sounds good - but
ordinary people just prefer any sorts of like WhateverAppMyFamilyUses.

We're stuck with alternatives, that the crowd doesn't prefer.

~~~
solarkraft
Telegram has gotten decent adoption because it makes a good compromise of
security and convenience.

~~~
theyinwhy
Like, not encrypting by default?

~~~
solarkraft
Yes. It allows you to easily have your content synchronized between devices.

~~~
theyinwhy
Well, my comment was not serious. By not encrypting by default they actually
put your data at risk. Syncing and encryption is not exclusive and could be
done in its simplest form by sharing the private key or working with subkeys.
Not encrypting by default is the worst option, imho.

------
netwanderer3
Once my phone is rebooted or ran out of battery, Signal would stop notifying
me of any new messages unless I manually launch the app, sometimes I even had
to tap on each individual conversation to check for new messages. I agree with
some posters here that its UX badly needs a redesign too.

~~~
premek
I had to do this [https://support.signal.org/hc/en-
us/articles/360007318711-Tr...](https://support.signal.org/hc/en-
us/articles/360007318711-Troubleshooting-Notifications)

------
throw2016
Those who depend on anonymity and security in any serious way should think
carefully about using technology. Two whistle blowers in a row have been
compromised in the last few months and are now in prison in their
communication with theintercept.

Don't trust anything you read online, if you need guidance try to reach out to
trusted and well regarded experts in privacy and security ecosystems and do it
in the real world face to face, not online. Cryptome has a decent faq on this.

Signal is connected to your phone number. That's game over right there and
then on any claims to security and anonymity. Things directly connected to
your identity in an insecure OS as Android cannot deliver security or
anonymity, and its dangerous to lull others into a false sense of security.

------
socceroos
I love Signal and use it as my main communication platform, but the inherent
metadata information disclosure doesn't make it the ideal secure communication
platform.

Right now, that title belongs to Briar in my opinion - it has a far more
satisfactory security model in my opinion.

------
dcsommer
How do people think about the relative trajectories of Signal and Keybase? It
seems like Keybase wins in terms of features, but Signal has a much bigger
network and is therefore perceived as more of a known entity, security wise?

------
vector_spaces
For some critique of Signal, Drew DeVault wrote this up several months ago: "I
don't trust Signal" \-
[https://drewdevault.com/2018/08/08/Signal.html](https://drewdevault.com/2018/08/08/Signal.html)

Past discussion here on HN:
[https://news.ycombinator.com/item?id=17723973](https://news.ycombinator.com/item?id=17723973)

Just posting for discussion. For me, the fact that Signal can only be
downloaded via Google Play and not F-Droid. is a major blocker.

For that reason I run a Matrix/synapse instance and that's what I use for day
to day text based communication. Matrix clients have some issues and aren't as
user friendly as Signal's IMHO, but they're getting better and better.

That said, I don't think federation actually contributes to security. My
instance is firewalled off from being discoverable by the larger Matrix
community, mainly because my instance is for close friends and family.

I can't really comment on what he brings up about the Signal founder -- not
very familiar with him..

------
seancork
I find Signal on Android handy since it can be used for sms as well.

------
regnerba
I currently use Wire. Their apps are solid, not perfect thats for sure but
good enough, but most importantly I am not required to use my phone number to
register an account.

------
neilv
I think the endorsements should acknowledge that one can't necessarily trust
the rest of the smartphone software and hardware.

~~~
dontbenebby
> I think the endorsements should acknowledge that one can't necessarily trust
> the rest of the smartphone software and hardware.

Welp, guess I should just send my messages in the clear then rather than make
them work for them

~~~
neilv
Recommending a solution for a critical need without communicating the
limitations doesn't seem like good engineering practice.

~~~
dontbenebby
> Recommending a solution for a critical need without communicating the
> limitations doesn't seem like good engineering practice.

Good security advice is about harm reduction.

Security advice is not "bad" because it does not achieve perfect security.

Using Signal instead of an app the government can access through subpoenas
(Facebook Messenger), that is closed source (iMessage) or transmits in the
clear (traditional SMS) is good advice because it reduces harm and reduces
risk.

~~~
neilv
We can't know all threat models and options of everyone who is the audience of
such broadcast endorsements, such that we can engage in noble lies and
confidently call it "harm reduction".

(Simple scenario: journalist was told by experts that such-and-such is secure,
without qualification, so journalist uses it in some ways that they would not,
had they been given a more accurate characterization.)

~~~
dontbenebby
How is saying "I endorse using Signal" a lie? Seems like that's a statement of
opinion.

~~~
neilv
You can see my first comment in this thread, which you took exception to. This
is a very important topic, and I'm not debating recreationally. There is a
long and ongoing history of security advocates overstating security, to people
who really need it, and that's the sort of thing that can get people killed,
positive movements ended, etc. Anyone advocating right now should be aware of
that, and not keep making the same mistakes.

~~~
dontbenebby
> There is a long and ongoing history of security advocates overstating
> security

I'm not sure I follow your logic. Maybe you can help me out a bit?

There are four quotes on the linked page. Which one do you feel overstated the
security of Signal, and why?

------
tribby
what kind of metadata does signal generate by using google cloud services (or
whatever) to send push notifications?

~~~
bilal4hmed
here you go
[https://www.reddit.com/r/signal/comments/ap9lin/gcm_notifica...](https://www.reddit.com/r/signal/comments/ap9lin/gcm_notification/)

Its amazing how paranoid some people are

~~~
Whatitat90
There are also these kinds of slip ups:
[https://news.ycombinator.com/item?id=18234849](https://news.ycombinator.com/item?id=18234849)

------
adev_
Signal, or what any chat system should be : E2E encryption, user friendly,
Open Source, Vendor neutral.

What else ?

~~~
JshWright
What it's missing: federation, a stable/open protocol

------
alexnewman
The pin on signal is not secure at all. easy to brutefoce bypass on existing
signal users

~~~
nichos
This won't get the history of the conversation though. And if doing this on a
new device, the security number will change, and others will be notified.

------
dqybh
"endorsed by criminals" is now marketing blurb :')

------
rodmena
Oh really? Endorsed by a guy who is working for Putin? cool.

~~~
socceroos
I hear the commies endorse the use of air for breathing too. We need to find
alternatives asap.

------
_emacsomancer_
Has the experience improved much recently? I switched a couple of years ago to
using Wire, since it seemed like a smoother experience (important for trying
to convert people).

~~~
eugeniub
I think the experience has improved a lot recently, and it's grown much more
popular than Wire, so you may find your friends already on Signal rather than
needing to convert them. For comparison, Wire for iOS has 204 ratings (3.9
stars) in the App Store, while Signal for iOS has 190,000 ratings (4.7 stars).

~~~
_emacsomancer_
Hmm... perhaps I'll try Signal again. It looks like they've add videos calls
since I seriously used them too.

------
isnetea
How long until one or more of USA/China/Russia has a device to crack such e2e
encryption? Secret quantum computer, perhaps?

~~~
krastanov
It would be incredibly surprising for such a device to be created in secret.
Moreover, there are versions of public key encryption that can not be broken
by a quantum computer.

~~~
isnetea
Makes sense. There would probably need to be a kind of intellectual hoarding
and misdirection amongst leading academics in quantum computing research. Yet
one would have to assume such research does take place in private by
governments.

Does signal use the quantum-proof variety of encryption?

~~~
krastanov
No, nobody uses quantum-proof encryption yet (usually called post-quantum
encryption). Google and others have experimented with it for https and it
worked fine, but nothing is deployed yet and standardization has barely began.
So if someone records your traffic today, they will be able to decrypt it in a
couple of decades.

~~~
cyphar
> Google and others have experimented with it for https and it worked fine

To be clear, Google didn't experiment with actually using post-quantum crypto.
Their experiment was to figure out what was the largest key sizes that
browsers and networks would accept before you start degrading connections.
Their "post-quantum keys" were just padding bytes. This was gone through in
the Bernstein and Lange talk this year at 35C3[1]. This is a good thing, given
the history of the security of post-quantum candidates[2].

[1]:
[https://youtu.be/ZCmnQR3_qWg?t=1457](https://youtu.be/ZCmnQR3_qWg?t=1457)
[2]: [https://youtu.be/ZCmnQR3_qWg?t=208](https://youtu.be/ZCmnQR3_qWg?t=208)

------
qnsi
Amazing. Endorsed by Snowden makes me trust this so much

„Snowden didn’t just steal information about “domestic spying” operations. The
truth is Snowden apparently stole many more files related to what most in the
intelligence community and beyond see as legitimate, overseas spy operations —
including anti-terror operations and those targeted against the U.S. by our
enemies. He reportedly focused his theft on the most sensitive “Level 3” data
that includes lists of sources and methods in China, Russia and Iran.

This is the type of information that “could invalidate America’s entire
intelligence enterprise if it were placed in the hands of an adversary,”
Esptein writes. He suggests Snowden would have known Booz-Allen Hamilton in
Hawaii (his last contractor position) was one of the few contractor facilities
that had the authority to hold “Level 3” data and former co-workers believe he
took the lesser paying gig”

~~~
nabla9
The data Snowden took relative to his access level does not support your
theory.

The most amazing thing about Snowden case was his access to information.
Normally NSA employees have a combination of clearances: TS (top secret) and
then SI (signals intelligence), TK (talent keyhole), and Gamma (with
subcompartments).

But then they gave some IT staff like Snowden special "root access like"
clearance called PRIVAC (Privileged Access) where people had access to all
data collected. Snowden had open list of live feeds from all active
operations, drone feeds and other information regardless of classification all
over the world.

PRIVAC didn't have two man rule, restricted access to contractors or
compartmentalization until Snowden came out and Senate hearings happened. NSA
clearly prioritized cost and data collecting over security.

If there was actual spy in the same position as Snowden, or if Snowden really
had the intention to spill everything to harm the US, the damage done would be
catastrophic.

~~~
lern_too_spel
> The data Snowden took relative to his access level does not support your
> theory.

How do you know that? The only people who know what Snowden took are Snowden,
the journalists, the NSA, and the foreign intelligence agencies who took the
data from the journalists.

Nobody thinks Snowden had the intention to damage the US. He was just so
stupid that he did it accidentally.

~~~
Dylan16807
"It's impossible to know what he took, therefore your claim about what he took
is baseless.

MY claim about what he took, however:"

~~~
lern_too_spel
We know at the very least that he took lists of Chinese targets and when they
were compromised and gave them to the SCMP, who reported in broad terms about
the content of the lists. We know he gave a list of war zone and drug
trafficking targets to Greenwald because he reported them. We know he gave a
list of Western European political targets to Greenwald because he reported
them as well. We have no idea what Russian target lists he took.

