
Signal Creator on Considerations for distributed and decentralized technologies - dpeck
https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270
======
saurik
1) This was posted a few days ago when it was first posted to CCC's website,
where it already had a lot of conversation. I recommend people read the posts
there, as this video has a number of issues in its argument.

[https://news.ycombinator.com/item?id=21904041](https://news.ycombinator.com/item?id=21904041)

2) Moxie did not want to be recorded at this event, and was told he wouldn't
be recorded, and yet the video was posted anyway for a bit before the CCC took
it down (which is why it is being hosted on PeerTube).

[https://twitter.com/moxie/status/1211427007596154881?s=21](https://twitter.com/moxie/status/1211427007596154881?s=21)

~~~
baby
Oh wow that is definitely not cool. I’m happy I got to watch it, but if he
didn’t want to be recorded that is a massive breach of trust from CCC.

I got to hear Moxie speak at RWC when he received the Levchin prize and I
gotta say it was one of the best talk I’ve heard and it’s a shame he didn’t
want to be recorded back then as well.

~~~
lorenzhs
No bad intentions, just some confusion:
[https://twitter.com/moxie/status/1211427007596154881](https://twitter.com/moxie/status/1211427007596154881)

------
nimbius
the greatest concern to centralized systems like Signal is not ease of use,
its censorship and de-platforming. In China, Signal servers are outright
banned. No servers, no secure communications.

In the United states players like Cloudflare have demonstrated twice the can
and will de-platform entire communities for controversial speech. senator
Joseph Lieberman, with a single phonecall, had wikileaks immediately
deplatformed from AWS. All it takes is a violation of a term of service and
that service vanishes.

Increasingly Moxie seems to value the developer experience over any project
goal for Signal. its still AWS, it still depends greatly on google services
and play store for distribution. Begrudgingly hes added a secret-ish link on
the signal website to download the APK directly, but he still ardently refuses
to publish the package on FDroid.

and as for his "federated services are stuck in time" argument, these are
glaring architectural issues that have plagued his application for five years.
The only tangible evolution of signal in the past year has been new cat and
dog stickers that no one asked for.

~~~
mintplant
> The only tangible evolution of signal in the past year has been new cat and
> dog stickers that no one asked for.

I've been asking for them! I've been asking for them for _years_ , in fact.
I'm chuffed that my tiny little crusade finally bore fruit, and that the
implementation they landed on is precisely as I always envisioned it.

It was the #1 excuse friends made for why they wouldn't consider Signal. But
also, personally, I really do get a lot of value out of the sticker system in,
say, Telegram, and it's great to have available for my Signal conversations,
too.

~~~
feanaro
What are the use cases for stickers? I cannot seem to get them. They seem to
express the ~same thing as emojis while being non-standard and not guaranteed
to be available. I guess there might also be some overlap with "gifs", but
with less flexibility.

~~~
Legogris
Sticker are fun and can convey nuances and intended personality emojis don't
in the same bandwidth. Also always just two taps away in the same place, as
opposed to gifs. Depending on your communication style, this may or may not be
a feature for you.

I have also seen stickers as a hurdle for Signal adoption for years.

AFAIK, LINE was the first IM platform to make sticker-use widespread. Imagine
you're about to meet up with a friend downtown for a Sunday brunch and the
different situations and moods you can encounter on the way, check out their
initial starter pack and I think you can see how this can actually make
communication more efficient.

[https://www.line-stickers.com/moon-james/](https://www.line-
stickers.com/moon-james/)

~~~
feanaro
So a kind of middle ground between emojis and gifs? That makes sense.

I'll admit I still don't find it appealing from any examples I've seen so far
and I've never encountered sticker usage "in the wild" with my contacts to get
a hands-on feeling of it.

~~~
Legogris
Yeah, I first encountered them living in East Asia where the majority use them
consistently (including foreigners who generally pick it up pretty fast).

I'd probably have your stance if I hadn't experienced it IRL.

------
0xdeadb00f
Counter argument by XMPP/OMEMO developer:
[https://blog.jabberhead.tk/2019/12/29/re-the-ecosystem-is-
mo...](https://blog.jabberhead.tk/2019/12/29/re-the-ecosystem-is-moving/)

~~~
StavrosK
> 5 years are not a long time to update the entirety of the internet

Given that WhatsApp manages to update its entirety of the internet in a few
days, I'd say that is quite a long time. Is there a name for this fallacious
"arguing for/against something without comparing it to alternatives"?

> But the answer to this problem would logically be that we need to increase
> our efforts to change that by reducing the number of GMail accounts and
> increasing the number of self-hosted email servers, right?

No, the argument is that decentralized services will mostly be centralized
_anyway_ due to the fact that centralization can move faster. Everyone has
Gmail on the other end because Gmail is better than other services (that is
the argument, not what I personally believe, as I think Fastmail is better).

Given that decentralization will lead to the existence of a few large points
of centralization anyway, we should make those points secure, and centralizing
allows us to do that better, the argument goes.

> While this is an issue, there are solutions to this problem, one being
> nomadic identities.

The point is that nobody has _zero-knowledge_ nomadic identities. AFAIK Signal
were the first ones to come up with a practical implementation a few days ago.

> For some reason Marlinspike confuses a decentralized system with a
> centralized, but distributed system. It even reads “Centralized Service” on
> his slides…

Moxie is talking about a centralized service. It says centralized on the
slides, he said centralized twice, the author seems confused here.

> These suites act as maps that point a way through the XEP jungle.

Yes, and a centralized service needs none of this.

Personally, I don't see this article debunking many of the points.
Decentralized is better for censorship-resistance, and I prefer it, but it's
better for that because centralized platforms aren't usually designed for
censorship resistance. Signal knows nothing about its messages, and thus it's
much harder to censor people using it.

I feel like Moxie made some good arguments, and would like to see some
solutions in making decentralized servers and clients more easily upgradable.
Signal's approach works for signal, but it also works for almost every other
person, since everyone seems happy to use Facebook or Slack or whatnot instead
of Riot for their communications. I really like what Mastodon is doing in the
federated microblogging space, and hopefully that will extend to other areas.

~~~
shakna
> Given that WhatsApp manages to update its entirety of the internet in a few
> days, I'd say that is quite a long time. Is there a name for this fallacious
> "arguing for/against something without comparing it to alternatives"?

You're comparing the wrong thing there. The alternative to a protocol
specification is not a closed source implementation of a proprietary system.
How fast Windows Update can change their architecture doesn't really matter a
jot when looking at changes to apt, etc.

We can instead look at how long it took to update the IMAP spec to include
TLS, or the move towards requiring OAUTH.

~~~
StavrosK
The original argument was comparing centralized vs decentralized services. We
aren't talking about closed vs open, the point remains even if you substitute
WhatsApp with Signal.

~~~
shakna
I wasn't talking about closed/open either. Outlook and Thunderbird are both
clients that use known specifications. One is open, one is closed.

Getting both updated to the specification takes more time (and in Outlook's
case may never happen), then updating something where no specification exists.

------
j88439h84
Matrix seems like a great path forward. Widely supported, well-funded,
decentralized. Mozilla has adopted Matrix as its internal messaging system.

[https://matrix.org/blog/2019/12/19/welcoming-mozilla-to-
matr...](https://matrix.org/blog/2019/12/19/welcoming-mozilla-to-matrix/)

[https://about.riot.im/](https://about.riot.im/)

~~~
baby
I would be interested in a blogpost going through Moxie’s argument with
Matrix. I don’t know much about the project but it seems like Matrix doesn’t
target normal users no?

~~~
zahllos
I'm not Moxie, and I can't speak for him, but I have a good idea what the
arguments are as I "do crypto". These aren't my opinions necessarily, I'm just
repeating what I believe the arguments to be.

This can be summarized quite quickly (and for all federated/distributed
protocols). Should you need to deploy some kind of feature or security upgrade
to the protocol, a centralized system lets you do this for everyone (and more
or less force them into it). A distributed system has the potential to end up
like TLS, where "ciphersuite agility" can be a negative in that you end up
supporting something relatively weak or otherwise problematic because one
member of the network refuses to turn it off "just in case" one of their
customers need it.

This is the distributed vs centralized part. From a security perspective,
Moxie would also likely take issue with the server-side metadata in Matrix. If
your "homeserver" is hacked (or otherwise accessed), my understanding is that
it would likely contain a fair amount of information on who you communicate
with and what rooms you are in, or you would be able to piece it together.
Here's the schema for data stored server-side in the reference server:
[https://github.com/matrix-
org/synapse/blob/master/synapse/st...](https://github.com/matrix-
org/synapse/blob/master/synapse/storage/data_stores/main/schema/full_schemas/54/full.sql.postgres)

Signal by contrast is designed precisely to minimize the amount of data users
expose even to Signal's own servers. Profile information, group membership
etc, it's all encrypted.

Finally, Matrix doesn't E2E by default - not all clients support its double
ratchet implementation. This has been getting better over time, but I'm not
sure if you can still negotiate cleartext connections all the time or force
clients to downgrade. Experience has shown leaving users to consciously turn
on encryption is a bad idea. This is also a problem in PGP, XMPP/OMEMO/OTR,
Telegram, SMIME etc. If you use Signal, WhatsApp or Wire, you cannot fail to
turn on the crypto, which means non-technical users benefit from it without
even realizing it.

~~~
Arathorn
fwiw we're aiming for E2E by default in Matrix for end of Jan (although it's
going to be tight).

Edit: We're also working on minimising metadata by storing it all clientside
and running peer-to-peer; see
[https://fosdem.org/2020/schedule/event/dip_p2p_matrix/](https://fosdem.org/2020/schedule/event/dip_p2p_matrix/)

~~~
baby
what's the plan after E2E is on by default? Can you still downgrade to no
encryption or will you just block clients that can't do E2E?

~~~
Arathorn
you can’t really downgrade today. so yeah, if your client doesn’t do e2e you
will either be running blind or you’ll need to use a daemon like pantalaimon
to bridge the gap.

------
rogerkirkness
I just finished watching this, it's excellent. It's a much simpler and more
cogent counter argument to people's idealogical interest in decentralization
from Moxie of Signal. Really worth watching in the context of privacy,
decentralized internet services as well as clear thinking about product and
the future.

~~~
inciampati
It's interesting that the things he says are bad aspects of decentralization
(that protocols become fixed) are precisely the reasons that people want
decentralization. No single actor can shift the protocol out from under a
distributed system. That makes it something that can be trusted.

~~~
Vinnl
Perhaps, but I'm still afraid AMP for email will be pushed through, by just
getting a small number of players to agree:
[https://news.ycombinator.com/item?id=19493378](https://news.ycombinator.com/item?id=19493378)

------
MajesticHobo2
While I found the talk more compelling, it's also worth mentioning Moxie's
2016 article, "Reflections: The ecosystem is moving", for several of the key
points: [https://signal.org/blog/the-ecosystem-is-
moving/](https://signal.org/blog/the-ecosystem-is-moving/)

------
baby
Related, this prompted me to write about the history of end-to-end encryption:
[https://www.cryptologie.net/article/487/a-history-of-end-
to-...](https://www.cryptologie.net/article/487/a-history-of-end-to-end-
encryption-and-the-death-of-pgp/)

------
3xblah
"You are blocking Javascript, and we totally get that. However this endpoint
uses Angular, so the front end is in full JavaScript and won't work without
it.

There will be other non JS-based clients to access PeerTube, but for now none
is available. Be sure we will update this page with a list once alternative
clients are developed. You can certainly develop you own in the meantime as
our code is open source and libre software under GNU AGPLv3.0.

There might be numerous reasons you refuse to use JavaScript. If it has just
to do with security (or lack thereof) of JavaScript-based webapps, then
depending on your threat menace you might want to go through the code running
on the node you are trying to access, and look for security audits.

We are sorry but it seems that PeerTube is not compatible with your web
browser.

Please try with the latest version of Mozilla Firefox.

If you think this is a mistake, do not hesitate to report it."

    
    
       peertube-dl(){ a=$(case $1 in "")sed t;;https://*)echo $1;esac|sed 's/videos/static/;s/watch/webseed/');curl -4O $a-720.mp4; }
    

Usage:

    
    
        peertube-dl https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270
    
        echo https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270|peertube-dl
    

Download link:

[https://peertube.co.uk/static/webseed/12be5396-2a25-4ec8-a92...](https://peertube.co.uk/static/webseed/12be5396-2a25-4ec8-a92a-674b1cb6b270-720.mp4)

~~~
majewsky
The standard tool for downloading videos from websites, youtube-dl, also works
great with PeerTube. (Don't let the name mislead you. YouTube is only one of
hundreds of supported providers.)

~~~
BuildTheRobots
You're not kidding - there seems to be well over 1,000 sites supported:
[https://github.com/ytdl-org/youtube-
dl/blob/master/docs/supp...](https://github.com/ytdl-org/youtube-
dl/blob/master/docs/supportedsites.md)

I do have to give peertube some thanks though - it might require javascript,
but there's a large and obvious download button (at least on the mobile page).

------
newscracker
At the risk of burning away virtual points, I have the following observations
and opinions. I respect the encryption technologies that Signal has developed,
but I'm always frustrated with Signal as an app, platform and where it seems
to be headed. Throughout this talk, the one quote that came to my mind for
every point he was defending was this:

 _" It is difficult to get a man to understand something, when his salary
depends on his not understanding it." ― Upton Sinclair_

I also found it amusing when he said that it's easier to switch from WhatsApp
to Telegram to Signal. The truth is that switching people from WhatsApp to
Telegram, in my experience, will earn you brownie points because Telegram is a
lot more feature rich than WhatsApp (let's keep the encryption part aside for
the moment). If you manage to switch people from WhatsApp or Telegram to
Signal, again in my experience, you'll lose credibility and trust because
Signal, for all the money the foundation has, moves at snail's pace. Moxie's
argument early in the talk about centralized systems being able to change fast
just does not apply to Signal. It still lacks stability in delivering
messages. Its UX for joining groups, re-joining groups after reinstalling your
OS, etc., completely sucks. Don't even get me started on Signal treating its
users as if everyone uses a burner phone and doesn't care about keeping their
conversations when they switch devices or even have to wipe a device and get
it running again (Signal on iOS still explicitly prohibits backups after so
many years, and the Signal team's most recent addition to the app was
stickers!).

The example for switching from WhatsApp to Telegram to Signal being easy
because it's tied to phone numbers is disingenuous. Following how WhatsApp and
Telegram identify their users may not be the best thing to do. Signal assumes
that people always have the same phone number and that phone numbers are the
best way to identify people. But it fails to acknowledge that using email
addresses to sign up (at least as an option for those who want to avoid phone
numbers), like how Wire does, provides people a choice in how they want to
appear on a platform. I know people who don't want to use a phone number based
platform because they don't want all their phone contacts to know that they're
on a particular platform (this was partially solved by Telegram in an update a
few months ago, where you have control on who gets to know that you're using
it, even if they have your number in their address book). His non-answer for
the question around the 38 minute mark on Signal being tied to a phone number
and that being a risk shows that Signal is stuck with what he/they believe is
ideal, and refusing to acknowledge that this is a big problem for some
sections of people...the very people Signal claims to be most useful for.

