
Signal is finally bringing its secure messaging to the masses - jmsflknr
https://www.wired.com/story/signal-encrypted-messaging-features-mainstream/
======
gojomo
It's good to see Acton quoted; he'd been so silent since his donation-
to/association-with Signal that I was beginning to wonder if behind the
scenes, there'd been a falling out.

However, these "enrichment features" from Signal over the last 2 years are
less than what competitors like Telegram put out in 2 months.

Really basic things remain undone. Like being able to carry your
contacts/message-history forward across planned device-upgrades on iOS –
[https://github.com/signalapp/Signal-
iOS/issues/2542](https://github.com/signalapp/Signal-iOS/issues/2542) – 4.5
years after it was "on the roadmap".

Many of Signal's novel cryptographic innovations, while cool, depend on
trusting Intel SGX: both as a technology & in Intel's stewardship of the
master keys/attestation-chains. Many cryptographers don't believe SGX will be
technologically reliable anytime soon, and much of the world will probably see
US-based Intel Corp similar to how the US sees China-based Huawei.

~~~
gdoptimizer
I second this. I like Signal and appreciate all the efforts people put in. But
I don’t really care how Signal added cute stickers or optimized image showing.
I just need a privacy app and keep my data. The only reason I didn’t recommend
Signal to my non-tech friends was not being able to migrate/export chat
history on iOS. This seems to be such a basic (not necessarily easy) thing to
do but they just didn’t do it.

~~~
hurricanetc
There isn't much point in having a secure chat application if you want all
your chats to be portable and exportable across devices and operating system
upgrades. You may as well just use Telegram and opt for 1:1 secret chats for
when you actually want security.

~~~
gojomo
Signal offers this backup/restore function on Android – where about 60-70% of
their users are, if I understand the Wired stats correctly.

So user-controlled portability doesn't seems fatal to the "point" of having a
secure chat app, there.

My workaround, last time I upgraded my iOS device, was to screenshot all the
old conversations I wanted to retain. Pictures come over just fine! Did Signal
forcing me to do that make me more secure?

I think they just hate iCloud. (Perhaps while they trust Intel, they distrust
Apple? It'd be great to know why.)

Well, I don't trust iCloud with my device backups, either. There are other
things, in other apps on my phone, more sensitive than my Signal logs.

But it seems Signal is holding my chat histories hostage because they don't
trust _me_. And it seems their ultimate plan for this will require me to use
some Signal-run, Intel-SGX-mediated 'trustable cloud' for my contacts &
messages. No, thanks!

~~~
rpm91
A backup method that just copies it _somewhere else on the same device_ is not
really a very useful backup. It involves manually moving files around if you
want a real backup, which feels very antiquated in 2020. Why isn't there some
way to automatically store my (encrypted!) backup via a cloud backup solution,
whether that's Google Drive, Dropbox, or just allowing it to be backed up as
part of an Android backup?

~~~
illvm
Doesn't copying device data to another device, such as a laptop or desktop, do
that? I mean... it's not cloud based, but I _thought_ it was a full local
backup.

~~~
JetSpiegel
Can you do that on Android? Other than shutting the phone down and `dd`ing the
correct partition?

------
octorian
What I think is most notable about this article is that they go out of their
way to point out how its _significantly_ more difficult to roll out all these
"user nicety" features everyone expects, when you live in a world where you
can't just "let the server know everything" (like many other apps people often
compare with).

~~~
stingraycharles
I think it’s a good case study on why the state of security in the world is
the way it is right now; people want convenience more than security.

I even fall victim to this myself: Signal not having a search history or
losing message history when activating a new device is often too much of a
show stopper.

I really hope Signal will be able to pull this off somehow, but seeing how
much these type of apps rely on a network effect, I am skeptical.

~~~
octorian
Lack of search is just a lack of a locally-implementable feature. There's
really no security reason why it would be more difficult.

Transferring to a new device, on the other hand, does get somewhat more
complicated. For ease of use, the data needs to be placed somewhere
intermediate. That being said, I can understand Signal's hesitation to embrace
Google's cloud storage options for such a feature.

------
newscracker
> The difference, today, is that Signal is finally reaching that mass audience
> it was always been intended for—not just the privacy diehards, activists,
> and cybersecurity nerds that formed its core user base for years—thanks in
> part to a concerted effort to make the app more accessible and appealing to
> the mainstream.

Seriously, Signal is probably the app that’s focusing least (and also slowly)
on being more appealing to the mainstream and to large groups of people
(protesters and activists) who might benefit from it, because:

1\. It relies on a phone number for signing up. Worse, it exposes your phone
number to everyone who has your number in their contacts list, thus allowing
enumeration attacks (like what was done with Telegram in Hong Kong, where
Telegram quickly pushed a fix).

2\. It’s 2020, and it has no chat backups on iOS. Change your device and you
lose not only all your old chats, but also group memberships (you have to
figure out how to rejoin groups and then face issues like not seeing other
members).

Overall, the “breakneck speed” of development that the article speaks of
doesn’t actually exist. If they want to see real breakneck speed in adding
features, they have to look at Telegram for comparison and then decide what
words to use.

If you want better accessible alternatives and E2E and cross device sync and
backups, take a look at Wire. Support wise you don’t get much from it, since
the company is focused on paying clients. For the free tier users, it already
provides more than Signal can in 2020.

~~~
santiagobasulto
I see “no backups” as a feature, not an issue. If there are backups, that
means that someone can a) steal them b) or ask to see them (government). I use
signal a lot with a few friends, and we all know that the what we share might
immediately disappear, and that’s ok.

The issue about phone number is real.

~~~
saurik
And yet, on Android they support backing up your data.

------
bpfrh
Signal desktop is broken, since at least mid 2018.

There is an open github issue, where the maintainers don't really respond:

[https://github.com/signalapp/Signal-
Desktop/issues/2634](https://github.com/signalapp/Signal-Desktop/issues/2634)

They statically link a openssl library for their forked version of sqlcipher,
which makes it impossible to build signal on anything other than ubuntu.

Static linking against an old openssl library is also not that good for
security reasons, which imho is a bad sign if you say your chat programm
stands for security and privacy.

Edit:

Link wrong, now corrected

~~~
ufo
One possible workaround for now might be to use the Flatpak version of Signal
instead. I've been using it with no problems on Fedora.

~~~
bpfrh
When I run a application for security reasons, I need to either built it
myself, or have it build by official channels.

I just hand edit the signal package.json each time I need an update, but I
just don't understand why they won't update their dependency.

------
NikolaNovak
I cannot fathom the proliferation of phone-only messaging apps.

Am I really the only person who prefers to type on a full-sized keyboard, and
see my multiple conversations on 27" screen, as opposed to one and a half
inches of no-feedback glass surface? :-/

I went to Signal site, downloaded the Windows app, and once installed, it asks
me to link my phone. No option for any other signup. NOwhere in the download
process or on main site does it warn me that this is a phone-only app. The
desktop app itself simply starts to a "Connect your phone" screen with no
explanation why I have to do it, whether there are or aren't alternatives,
etc. Nothing about this is remotely user friendly.

I have half a dozen laptops, two phones, few tables at home alone; the notion
that I must be crippled to only communicate via the smallest, least practical
communication device I own; and then be horribly crippled in attaching one-at-
a-time additional device but with crippling dependency on said phone... I
guess I'm a negative focus group and completely out of touch with the
realities of the world, but I cannot imagine or understand who wants to live
like that :-/

~~~
tptacek
You're not the only person who prefers to type on a full-sized keyboard, and I
share your preference. But you should recognize that you are in a relatively
small minority of users, and that Signal has made the eminently rational
decision to focus its efforts on the majority use case.

If you look at Signal as a response to SMS, WhatsApp, and iMessage --- the
messaging platforms most people use --- its most controversial decisions make
a whole lot more sense. Doing that requires people to accept that Signal
wasn't necessarily designed _for them_ , and that in order to decisively solve
the problems it has set out to solve, it's had to make tradeoffs that cut
against what other people want. That's unusual for a startup! Startups usually
try to make everyone happy! But then, Signal isn't a startup.

Meanwhile: you're ultimately going to get the Signal that you want. A desktop-
based, phone-untethered Signal seems inevitable; in fact, it seems like we
might get it not that long from now. But we're certainly not going to get it
on the timescale that message board people want to get it on.

~~~
NikolaNovak
In fully recognizing that I am a minority case,I am sceptical signal and
whatsapp will *ever have a fully untethered protocol with desktop as a first
class device. My understanding is that it would require a complete
rearchitecture... For no benefit other than to appease a few grouchy nerds :-)

Pity; even though all of my family use whatsapp and are unlikely to move,
there's a fascinating look on their face when they first ponder the idea they
could've picked up their conversation on their big tablet when at home. It
just doesn't occur to them to expect / demand more :-/

~~~
justnotworthit
My understanding is that it's not an architecture thing, but an authentication
thing: SIM/# as ID is just too practical for both dev and user and they have
no plans on changing that.

You're closest hope for a skype replacement that runs equally on all platforms
is tox, which requires managing your key.

~~~
grawprog
>SIM/# as ID is just too practical for both dev and user

In what way is that practical for a user? Once i've chosen an ID and password
for a service I can easily type that in using literally anything that can
connect to the service and spew out some characters.

An id linked to a SIM/# is is a real pain in the ass when you need to change
your SIM/#, hence why i've got a bunch of old contact numbers for people
stored on my phone alongside new ones so I can talk to them on whatsapp or
signal and have it show me their name still after they change numbers.

I've also got a bunch of whatsapp contacts that aren't even people I know any
more because their numbers no longer belong to them. People who's pictures and
updates I can see who I don't recognize or know.

SIM/#'s are ephemeral in a lot of places, I know people that change them
fairly regularly, having that linked as some kind of identifier is not good
for users.

~~~
maxerickson
_In what way is that practical for a user?_

This is just me making an assertion, so take it for what you will, but the
typical user cares a _lot_ more about contact discovery than everything you
mentioned, so an authentication system that makes that work more goodly is
quite practical for them.

~~~
grawprog
>contact discovery

In both situations I have to have a contact's information already to find
them. For a ID/password, you need your contact's ID to find them, for a SIM/#
system, you need their phone number, every person I talk to on whatsapp or
signal have given me their phone number, or vice versa, so we can communicate
through those platforms.

I had some friends that used Kik before, they had to give me their username.
These two scenarios are exactly the same, in both cases I still need info from
my contact before finding them. Only, an ID is more secure, because it can be
used only with one service if you so choose, with a SIM/# you have to give
your contact your phone number, allowing them to contact you through any other
service you use that number with, whether you like it or not.

I cannot see any benefits of that system for the user that you don't get from
a ID/password and some cons that personally, I find unacceptable, such as the
afore mentioned, seeing stranger's pictures and info just because they have a
number my friend used to have, that's downright creepy and makes me wonder how
many people who've saved my number can watch me on whatsapp and see when I'm
online or check my profile out.

Even people I do know, I don't necessarily want to see on there, employers,
numbers i've saved for looking at places to rent, my ex landlord, clients i've
had for work i've done. I don't need or want to have all these people
automatically added to every chat program I install they also happen to have.

~~~
maxerickson
>typical user

My argument isn't that you are wrong about your wants and needs, it's that you
aren't a typical user.

~~~
grawprog
Have you ever asked the average user how they feel about:

>seeing stranger's pictures and info just because they have a number my friend
used to have, that's downright creepy and makes me wonder how many people
who've saved my number can watch me on whatsapp and see when I'm online or
check my profile out.

>Even people I do know, I don't necessarily want to see on there, employers,
numbers i've saved for looking at places to rent, my ex landlord, clients i've
had for work i've done. I don't need or want to have all these people
automatically added to every chat program I install they also happen to have.

I have, it inspired them to clean up their contact list.

------
squarefoot
Still it needs a phone number to be used, which is a huge privacy
vulnerability, also by encouraging to be used on some of the most spyware
ridden platforms out there: a malicious tap/key-logger is much much much
easier to hide in a 90% closed source phone than in a FOSS oerating system
install on a PC. FOSS phones hopefully might/will change this, but they're a
few months away, and we should also assume most users would rather wait for
them to be available than go the easy Android/iOS path.

~~~
bootlooped
> we should also assume most users would rather wait for them (FOSS phones) to
> be available than go the easy Android/iOS path

Why should we assume that? In my estimation, 99% of people in the world are
never going to own a FOSS phone. 99% of people probably don't know what FOSS
even means.

~~~
squarefoot
That was exactly my point (the average user not caring at all about privacy).

------
pgm8705
The Signal iPhone app has made huge improvements over the years and is just
about as user-friendly as WhatsApp as far as I can tell. I would love to see
it match the smoothness and responsiveness of the animations found in
iMessage. It seems silly, but the visual experience of messaging in iMessage
is such a delight.

~~~
konschubert
What I don’t like is that messages take more vertical space in Signal due to
the alignment of the time stamps.

------
chimeracoder
Out of all features, the one that really holds Signal back from mass adoption:
there's no way to backup or transfer messages to a new phone from iOS.

In order for Signal to reach "the masses", it needs to become popular with a
large number of people who don't really understand encryption or care about
it, but are using Signal anyway because they happen to communicate with people
who do care about encryption. That's a good thing!

Unfortunately, it's a really hard sell to tell someone, "Hey, download this
new messaging app so you can talk to me. Oh, and by the way, when you get a
new phone, you'll lose your entire chat history with me".

~~~
Krasnol
Since when are Apple users = "the masses"?

The masses use Android and backup works there so I doubt this is what holds
Signal back from mass adoption.

~~~
thallada
You are referring to this backup restore process?
[https://support.signal.org/hc/en-
us/articles/360007059752-Ba...](https://support.signal.org/hc/en-
us/articles/360007059752-Backup-and-Restore-Messages)

It involves a 6 step (with multiple sub-steps) process of navigating the
sdcard contents and then transferring some obscure file over USB to a computer
and then from that computer to the new phone. I doubt this is something that
"the masses" will be able or willing to accomplish.

Also, iOS has about 48% market share in the US, so it's at least half the
masses there.

~~~
Krasnol
OMG! SIX STEPS!

Seriously? How often do you change your phone? I mean, sure I know that
handing your Iphone to some genius means, you lose all your data and so on but
that's not always the case on Android phones.

> Also, iOS has about 48% market share in the US, so it's at least half the
> masses there.

It is not throughout the world and since this app does not target the US
population only, I doubt this group is somehow (more) relevant to the
argument. Especially because we talk about a small sub-group of both markets
who even cares about backups.

------
Borlands
I installed Signal a few years ago, and pretty much never touched it again.
Today I open the app and closed it. After a few minutes, there were a lot of
hello ‘messages which got me intrigued. It seems when I opened the app, all my
contacts using Signal got a notification! What gives? Obviously uninstalled it
straightaway...

~~~
mechnesium
Sounds like malware if you take it out of context. That’s unacceptable
behavior (unless maybe there’s an opt-out for the mass notification).

------
harry8
Are we still allowed to have heroes? It's risky, sure.

Moxie is one of mine, for all that I'm sure our politics are very, very
different. He seems to have integrity. I really hope I'm not being deluded
there.

------
standardUser
I was wondering why Signal hadn't caught on more. I only use it with a few
people. I had no idea it was still in such heavy development! It may be a
tough sell. There are many countries where WhatsApp is the default form of
communication and has been for years.

~~~
Y-bar
I stopped using Signal when it was clear i was not able to back up my message
history (or transfer it to a new phone).

My data is my data and I should be able to access and control it.

~~~
DCKing
Huh, but Signal does allow you to this [0]?

It doesn't allow you to do this on iOS, but I'm guessing your stance on data
portability makes your life very hard on iOS anyway.

[0]: [https://support.signal.org/hc/en-
us/articles/360007059752-Ba...](https://support.signal.org/hc/en-
us/articles/360007059752-Backup-and-Restore-Messages)

~~~
novia
Has anyone had success in actually restoring their conversations from the
signal backup? I'm on Android and reinstalled the app once when it was causing
me trouble (it especially lags with group chats) thinking I'd be able to
restore my chats no problem. Unfortunately, even though I had the passcode to
unencrypt the backup saved, it didn't restore a single message.

~~~
parliament32
I've done it across three phones so far, works great. The flow is a bit weird
though, you need to put the backup in the Signal folder before you start the
app for the first time (before it tries to re-register) and it'll ask for the
key and import happily.

~~~
gravitas
This is indeed the crucial step, having had to do it several times as well. If
you accidentally start the app before getting the backup file onto the device
folder, going into the Apps setting and clearing all Signal app data is
required to get the import process to work.

------
secfirstmd
I've been following the team for years. They well deserve the plaudits for the
work they have done. I work with people on a daily basis in countries where
their lives depend on it.

------
flyinghamster
I still have Signal on my phone (nobody I know uses it, though, as much as I
wish otherwise), but there was one problem that I found vexing: if I set
Signal up as the default messaging app, any severe weather alerts went nowhere
- until I restored the stock SMS app as default and I saw several that I had
missed.

------
yannovitch
Sorry, but I still fail to see how it's considered a good to have used $50
million to make "yet another messaging app" (because anything "for the masses"
is "yet another thing" because of network effect).

With 50 million, one would have hoped instead that they would have helped
improve XMPP, that they would have developed the "perfect" XMPP client that
everybody could and would use, and that they would run "for free" one XMPP
server with all the features one can expect of a good messaging service while
letting the hard-core base have their own server if they want (no need to
support the hard-core base, they do it already on their own).

Or maybe with Matrix if one really don't want to contribute to XMPP, but
still, with OMEMO, ... I feel like all the "security features" are coming to
the XMPP world.

I still believe that if you're not in control of the whole chain (open source
client + open source server), you're not in control at all, because you still
have to believe the they are doing what they are promising they do, without
being able to verify it.

------
speedgoose
Signal isn't on F-Droid, which is a red flag IMHO. It looks like they don't
allow non official builds on their servers.

~~~
nelblu
I have wondered the same. I use both fdroid and signal, but never really
understood why signal isn't on fdroid. Can anyone please comment?

~~~
snazz
[https://www.reddit.com/r/signal/comments/bwuudc/why_isnt_sig...](https://www.reddit.com/r/signal/comments/bwuudc/why_isnt_signal_on_fdroid/)

------
eitland
I was kind of an early and enthusiastic WhatsApp adaptor. Started migrating
everything and everyone shortly after it turned out Facebook hadn't bought it
to be nice.

I was kind of an early (and current) Telegram user.

I've already installed Signal a while ago and I'm happy to see more and more
names showing up there and I'll be happy to move a number of groups in that
direction soon I guess.

That said I don't think it will be perfect. As a one to one messenger it will
be close to ideal. I also guess short-lived groups will work.

I have doubts about how easy it will be to export all photos from 2019 from a
group to create a online photo book or just post it to my familys (private)
blog, so I think the last two will live side by side for a while: Telegram for
postcard level security (hi grandma, this is what the garden looks like now).

------
openplatypus
It is great and I root for Signal.

I only wish Moxie was less polarizing and actually stepped down from being its
face. He often makes subpar and inaccurate statements about other
technologies. He is famous for his derogatory comments about PGP. His talk at
recent CCC was anything but dismissive of others.

The thing is, Signal is not special. Matrix, Wire and others sorted problems
of encryption while remaining open (Wire is commercial but that good for
some).

So congratulations Signal. But we should think really hard whether we want
another centralized behemoth. I would prefer donate to Matrix. Support project
building client with great UX for masses on top of open, extensible protocol
rather than hand over more control to centralized organization led by
individual speaking in absolutes.

~~~
kick
His statements about PGP _are right,_ though. It's using terrible, outdated
cryptography. The odds of finding one who's actually got a setup that isn't
full of holes for it is slim, even among programmers. It's barely been used.
It's a UX and technical disaster.

Matrix still hasn't gotten E2E encryption rolled out by default, or something
like half of the stuff they want to have done before doing it:
[https://github.com/vector-im/riot-web/issues/6779](https://github.com/vector-
im/riot-web/issues/6779)

Wire keeps track of everyone that every user has contacted for the entirety of
the lifespan of their account (not to mention only released it as Free
Software after someone found a bunch of glaring holes in their platform,
including sending passwords to the server in _plain text_ ), and is a U.S.
company that goes out of its way to store excessive amounts of metadata.

For that matter, actually, Signal's just as open as Wire. Wire's more or less
as centralized, but with way greater risks in the event of Wire's datacenter
getting raided.

Tox is the _best_ thing trying to do a similar thing that Signal is doing, and
even Tox isn't even very good.

~~~
openplatypus
> Wire keeps track of everyone that every user has contacted for the entirety
> of the lifespan of their account (not to mention only released it as Free
> Software after someone found a bunch of glaring holes in their platform,
> including sending passwords to the server in plain text),

Can you link to these issues you mention?

> and is a U.S. company that goes out of its way to store excessive amounts of
> metadata.

How did you arrive to this conclusion? It is registered in Switzerland
[https://wire.com/en/about/](https://wire.com/en/about/). Whole development
takes place in either Switzerland or Germany. They have usual sales office in
San Francisco.

~~~
kick
[https://forum.privacytools.io/t/wire-swiss-gmbh-is-now-
owned...](https://forum.privacytools.io/t/wire-swiss-gmbh-is-now-owned-by-a-
usa-holding-company/1932)

Wire Swiss GmbH is owned by a U.S. company.

> Can you link to these issues you mention?

[https://crysp.uwaterloo.ca/opinion/wire/](https://crysp.uwaterloo.ca/opinion/wire/)

 _The Wire client authenticates with a central server in order to provide user
presence information. (Wire does not attempt to hide metadata, other than the
central server promising not to log very much information.) The Wire
whitepapers spend an unusual amount of space discussing the engineering
details of this part of the protocol. However, the method of authentication is
the same as it is on the web: the Wire client sends the unencrypted, unhashed
password to the central server over TLS, the server hashes the plaintext
password with scrypt, and the hash is compared to the hash stored by the
server. This process leaks the user 's password to the central server; the
server operators (or anyone who compromises the server) could log all of the
plaintext passwords as users authenticate._

This particular report is what caused them to open up the server.

~~~
openplatypus
Thanks for links. The commenters on privacytools sites were insightful but
sounds like they missed the key piece of information:

[https://wire.com/en/blog/wire_business_update/](https://wire.com/en/blog/wire_business_update/)

> In connection with the financing, our holding company moved from Luxembourg
> to the U.S., as we believe this will be helpful in future fundraising
> necessary to support our strong growth. Notwithstanding the foregoing, our
> current and future customers are licensed and serviced from Wire
> Switzerland, our software development team remains in Berlin, Germany, and
> our hosting is European-based. Our enterprise customers can deploy their own
> instance of Wire in their own data center.

If data, technology and control is subsidiary then Wire, as technology, data
and its user still fall under Swiss law.

Holding company =!= all of its business is based in that country.

That said, I appreciate the murky approach to communicating this fact.

~~~
kick
Holding company = they're still subject to U.S. law.

~~~
openplatypus
Yes, holding company is.

Subsidiary? Greatly depends on the control structure, agreed terms AND law in
which subsidiary is incorporated.

Given that these details are not disclosed at this time accusing Wire Swiss
GmbH of anything constitutes rumors and conspiracy theory.

------
pergadad
Signal works great. The one big barrier to more uptake is a feature that many
non-nerdy users seem to use: group video chat. You can one-on-one video chat,
but not with a group. The moment that's there I imagine huge amount of people
would be interested to move away from messenger/Skype.

I've also been told by family that in some Asian countries you have to pay to
get it on Android/iPhone, but maybe that's a copycat that is just using the
name...

~~~
ac29
> I've also been told by family that in some Asian countries you have to pay
> to get it on Android/iPhone

That sounds extremely suspicious. If Signal isn't available in the Google Play
Store in those countries, or the Play Store itself isn't available, it can be
downloaded here:

[https://signal.org/android/apk/](https://signal.org/android/apk/)

------
_bxg1
I first started using Signal not because of its hard-core encryption, but
because it was the only messaging app I could find that:

\- Wasn't SMS

\- Had a quality interface and feature set

\- Had a desktop app

\- Wasn't overly clunky for direct messages (Slack and Discord)

\- Wasn't affiliated with any major tech company

Its encryption pedigree was just a bonus. I think it's well on its way to
becoming a WhatsApp replacement (it already is for me of course, but for the
average joe too), especially with the recent breaches the latter has had.

------
throwaway8879
Signal still requires a phone number. That alone should make it non-usable for
people who are serious about their privacy.

My alternate solution: stop using smartphones altogether. Technology is not a
good solution to the privacy problem, especially when a collective such as the
government can read your data anyway, or beat it out of you.

If you're worried about drowning, don't go near water. There are no fullproof
life vests.

~~~
icebraining
What's the "privacy problem"? I suspect yours is different from many other
people's.

~~~
Mediterraneo10
In many countries (an ever-expanding list), you cannot purchase a SIM card
without showing ID, and a copy of your ID is made and sent to the state
authorities. That is, mobile numbers are always connected with your identity,
you cannot have an anonymous phone number. Consequently, the state can easily
determine which of its citizens are using Signal.

While communications on Signal are end-to-end encrypted, in authoritarian
states merely using a secure messenger can draw police suspicion.

------
diebeforei485
Verification with a real cellphone number (non-VoIP) is
statistically/numerically a good anti-abuse tool.

If Signal wants to allow no-phone-number accounts, it should mark them as such
to the other participants in the conversation. Discord does that, and it seems
to work well.

But this is a separate argument from using your actual phone number in-app and
allowing anyone who has your number to find you in the app.

------
dmix
> and an experimental method for storing encrypted contacts in the cloud.

Signal released an experimental encrypted contact syncing app for Android long
ago (I can't remember the name).

I wonder what the challenges have been to integrate this or release it as a
full product.

It's great they've grown from 3 to 20 people, now they can really start to
address some of their wider goals from the beginning such as this.

~~~
Forbo
It was called Flock:
[https://signal.org/blog/flock/](https://signal.org/blog/flock/)

~~~
basicplus2
"Try Flock for free"

Google Playstore - We're sorry, the requested URL was not found on this
server.

------
gorgoiler
Does Signal have or plan to have an open source client? Not necessarily freely
licensed, just with some minimal auditable component available (like Tarsnap.)

I have no reason not to trust the app, but it would be great if the trust in
Signal was strengthened by knowing that (at least) the client source code had
been publicly audited and could be verified and built by end users.

Too tin-foil-hatty?

~~~
cyphar
Signal's server[1] and client source code[2,3,4] has been publicly available
for _many_ years and are even licensed under the (A)GPL-3.0 (with an exception
to allow distribution via Google Play and the Apple App Store).

I don't know where you got the impression this wasn't the case. An earlier
VOIP product of theirs (RedPhone) had a proprietary server implementation, but
ever since the feature was added to Signal proper it has been free software.

[1]: [https://github.com/signalapp/Signal-
Server](https://github.com/signalapp/Signal-Server) [2]:
[https://github.com/signalapp/Signal-
Android](https://github.com/signalapp/Signal-Android) [3]:
[https://github.com/signalapp/Signal-iOS](https://github.com/signalapp/Signal-
iOS) [4]: [https://github.com/signalapp/Signal-
Desktop](https://github.com/signalapp/Signal-Desktop)

~~~
gorgoiler
I genuinely didn’t know either way though I hadn’t ever heard of it being open
source so I admit to assuming a little pessimism, for sure.

Thanks for the links. It will be a very interesting project to build my own
Signal.app!

------
gramakri
IMO, the best way for an alternate messaging app to catch on (to WhatsApp) is
federation. If we can figure out a way to have a common signaling protocol
across apps and users can choose whatever clients they want, then they have a
chance of competing against WhatsApp. At this point, there is no real reason
to move out of WhatApp, given it just works?

~~~
distances
I think that would be among the best ways to kill the app. With federation and
multiple clients you'll never be sure what feature set the other end is using,
and the service stagnates to the lowest common denominator of features.

------
narsil
I really hope the UX improves considerably and basic features actually
function as expected. Notifications for new messages on OS X were broken for
several months last year, for example, and notifications on Android are still
hit-or-miss (literally "miss" when you miss a message for several hours!).

~~~
416chad
I haven't really had any issues per se, at height about a year ago I had just
over a dozen contacts on signal. The biggest UX deal breaker was no profile
pictures. You can set one, but almost no one will ever see it since almost
everyone uses Gmail or another cloudy email provider that will sync or store
ancient Google+ (or equivalent) avatars to your contacts. Signal chooses to
display a contact photo from your device over what a user sets. This is
insanely counterintuitive approach and no other app works that way, meaning no
one expects it to work that way. My family and all but two contacts moved back
to WhatsApp. I'm glad to read they're focusing on UX now, but I can't bring up
switching again with these people. Maybe when or if phone numbers are
abandoned, then I won't have to link/associate contacts to my address book and
see those old avatars.

------
CtrlAltT5wpm
I'm hoping someone here has some insight they can share, because I've not
really seen it addressed elsewhere.

As per the linked article:

> Another new feature it's testing, called "secure value recovery," would let
> you create an address book of your Signal contacts and store them on a
> Signal server, rather than simply depend on the contact list from your
> phone. That server-stored contact list would be preserved even when you
> switch to a new phone. To prevent Signal's servers from seeing those
> contacts, it would encrypt them with a key stored in the SGX secure enclave
> that's meant to hide certain data even from the rest of the server's
> operating system [1].

I assume that this is an offshoot or a continuation of what Signal started a
few years back with Private Contact Discovery, a truly difficult problem
considering the amount of user data and metadata Signal wants to avoid
collecting [2]. It's a hell of a job, and I commend Signal's efforts.

Assuming I'm right, I'm curious as to why Signal is going down this road,
specifically, relying on SGX (or any proprietary vendor solution) for
security, or if they should. Due to the spate of speculative execution
vulnerabilities in Intel hardware, it would seem to me (a layman) that this is
a bad approach that will create more work for them down the line, and may rely
too heavily on a single set of features. The Foreshadow attack was one that
supposedly compromised SGX, with full mitigation only being possible with
hardware revisions [3]. Even then, it may not be safe to assume that's the end
of problems. Only recently, another attack on SGX was found, specifically,
PlunderVolt [4], which at least can be supposedly mitigated via microcode
update vs hardware refresh. Still, it seems like shaky ground, especially to
be building additional Signal features upon.

Much further down the list of concerns, it seems like all these SGX-reliant
features lock them into using Intel's platform exclusively. It's probably
neither here nor there, but is this something they should be concerned about,
or is that just the price to be paid for the advanced privacy features Signal
offers? Is there any effort to disconnect these features from the hardware
platform? Is it even possible? Should they? Am I even asking the right
questions?

My worry is that Signal finally reaches some form of feature parity with the
biggest messengers (I'd say it's there, mostly), SGX gets broken in a way
that's not easy to fix, and all this time and effort will have been wasted,
especially if they have to roll back user features which grow the platform in
order to maintain safety.

I ask all this having no solutions myself, unfortunately. I'm neither dev nor
cryptographer, only someone curious with some mild technical leanings. I
generally lump myself in with the average user crowd, knowing just enough to
be saddled with the 'Family's IT Person' label, but not enough to actually
work in the field...as such, forgive any ignorance or obvious mistakes on my
part. I've just not seen these issues addressed, and figured you would be the
crowd best able to do so.

[1] - [https://www.wired.com/story/signal-encrypted-messaging-
featu...](https://www.wired.com/story/signal-encrypted-messaging-features-
mainstream/)

[2] - [https://signal.org/blog/private-contact-
discovery/](https://signal.org/blog/private-contact-discovery/)

[3] - [https://arstechnica.com/gadgets/2018/08/intels-sgx-blown-
wid...](https://arstechnica.com/gadgets/2018/08/intels-sgx-blown-wide-open-by-
you-guessed-it-a-speculative-execution-attack/)

[4] - [https://plundervolt.com/](https://plundervolt.com/)

~~~
mfsch
From what I understood of the article about secure value recovery [1], SGX is
used to derive a more secure key from the password you provide, so a broken
SGX alone is not enough to decrypt the data stored on the server, you still
need to crack the user’s password. Of course this only helps those people with
an actually secure password, which is why they go through all the trouble with
SGX. This makes me feel a bit better about their reliance on SGX – as long as
you use a long random password stored in my password manager, you don’t have
to trust SGX at all.

[1]: [https://signal.org/blog/secure-value-
recovery/](https://signal.org/blog/secure-value-recovery/)

~~~
CtrlAltT5wpm
Thanks for the reply. That makes sense in the context of Secure Value Recovery
(to be rolled out, I think); it sounds similar in concept to how 1Password
uses a user-derived master password along with a semi-random secret key in
order to make a Master Unlock Key, which is then used to open the vault [1].
This seems pretty solid, at least to me.

It doesn't speak to any unexpected weaknesses in SGX due to hardware issues
with Intel, though, that could be exploited with speculative execution
attacks, and what possible information might be obtained were that to happen.
I'm not certain how useful it would be to attack this specific feature to
obtain saved social graphs when it may be easier to leverage those speculative
execution flaws elsewhere in Signal's back end (I may be talking out my ass
here, since even your link was pretty in the weeds for me).

I'm also not sure if it's prudent to trust SGX when it seems its protections
can be overcome. Hiding all this information behind different SGX features
might be all for naught if SGX itself isn't much of an impediment. Which all
gets back to my original concern: is this trust in SGX (and by extension
Intel) putting too many eggs in a single basket? Is there any fallback, just
in case? What would that look like?

I sure as hell don't know, but I haven't even seen the question asked. Signal
hasn't addressed it, and it may not even be worth making hay over, but I
figured the smart folks around here would, if nothing else, be able to make
some headway.

[1] - [https://1password.com/files/1Password-White-
Paper.pdf;](https://1password.com/files/1Password-White-Paper.pdf;) pgs. 24-26

------
pensatoio
I don’t care about stickers. Signal is my messenger of choice, but I can’t
recommend it to people because it is SO SLOW.

Seriously guys. Backups, persistent history by distributing identity across
multiple devices, and fix the app load time.

------
novok
The images of moxie are very nytimes gloomy ( Ex:
[https://twitter.com/nytimesgloom](https://twitter.com/nytimesgloom) )

Did moxie want it that way or did wired set it up that way.

------
badrabbit
Signal's quality has gone down for me in the past few months. Delayed
messages(<insert paranoid fears of MITM>),UI quirks and other instabilities.
It was not like this for the past few years.

------
aaron695
Slack took over the world in part because you could edit and delete messages.

I don't get why this isn't rolled out across messaging yet.

~~~
distances
Slack _definitely_ didn't take off because of that, and ~all messaging apps
sans IRC and SMS have message deletion, sometimes editing too.

~~~
aaron695
Signal doesn't have deletion. I just tried. All it seems to have is delete on
my device and set timeout on all messages.

Messenger only got delete last year.

Neither have editing.

If ~all messaging apps sans IRC and SMS have message deletion why does Signal
not have it?

It's like IT people live in a bubble. Why on earth would you not allow users
to edit a sent message. It's like they believe some indoctrinated idea where a
sent message is untouchable not matter what users want or some cargo cult
ideas about IT security.

Slack gave users what they wanted, not what IT nerds wanted them to want. How
in the 21st century can we not be able to edit sent messages? Are we connected
or not?

~~~
distances
> Signal doesn't have deletion. I just tried. All it seems to have is delete
> on my device and set timeout on all messages.

I see. I definitely assumed it's deleting on both ends of the conversation.

Slack didn't win because of features, but because of marketing, free tier, and
network effects. It never was and still isn't the best chat service when it
comes to features -- the trainwreck of their threading implementation is one
of the more prominent examples.

------
jokoon
Must have a smartphone to use on desktop, to me it's a little weird, I wish I
could have an explanation for this.

------
JohnJamesRambo
I’ve got pretty much all my important friends and family on Signal now and it
is great feeling private and secure.

------
hvmonk
Not to downplay this (infact I am a signal user), but What if fb buys Signal,
as it did with WhatsApp?

~~~
ancientworldnow
They would have to agree to sell themselves which they have no interest in
doing. This seems like a silly fear.

~~~
MattJ100
Except that's basically what happened to WhatsApp. And this is always a risk
of any centralized/propriety network.

Some further reading for perspective: [https://homebrewserver.club/have-you-
considered-the-alternat...](https://homebrewserver.club/have-you-considered-
the-alternative.html)

~~~
raquo
And the founder of whatsapp is bitter about what Facebook did to it, and is
funding signal now. And Moxie is no fan of Facebook either. These aren't some
random kids and a VC.

------
typeformer
This is very good news and a victory for civil privacy!

------
RedComet
I'll never cease to be amused by the synthetic love for "Moxie Marlinspike" \-
that is, Matthew Rosenfeld. Funny what a little publicity and millions of
dollars of government money can do.

------
dogo22
Is chat history across new phones really important to people?

------
asiachick
if it needs my phone number to sign up then it is not remotely making me more
secure. the mere fact they get my phone number makes me less secure in
multiple ways

------
gavreh
Try Keybase!

------
alt_f4
That's cool, but I'd rather Signal first did 2 other things:

\- Make it so notifications go through consistently, for both messages and
calls. Right now, about 1/3rd of the time, I find out about new messages when
I open the app. Doesn't matter if it's desktop or mobile.

\- On Desktop, please, please find a way to make it not feel extremely laggy.
I'm typing and I'm getting like 10 fps, it's horrible. And it uses so much
RAM. Jesus christ, it's 5GB and I've only got 2 contacts.

------
mechnesium
This my professional opinion since I lack the resources to perform a true
analysis, so instead I speculate based on current nation state trends and the
US government’s surveillance track record. Signal is a big red flag to me. I
choose not to trust it. Signal specifically targets an audience of interest
for the NSA—those who are actively trying to encrypt their communication. I
have an eking suspicion that Signal could be a surveillance tool similar to
the UAE’s ToTok messaging app. I don’t care if it is open source or uses E2E
encryption. Unless you’re jailbroken or rooted and can install unsigned
binaries, the binary you installed from the Play Store or App Store could
contain backdoors. Your decision to trust and use this should be judiciously
evaluated based on your threat model.

~~~
thosakwe
This is literally the definition of FUD.

~~~
mechnesium
How? Can you prove the binaries on the Play Store/App Store do not have
backdoors? Most nation states engage in domestic surveillance. Here is a story
about ToTok: [https://www.nytimes.com/2019/12/22/us/politics/totok-app-
uae...](https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html).
Logically, chat applications are an ideal platform to engage in surveillance.
There is no FUD here.

~~~
jblwps
As greysonp points out, yes; Signal has had reproducible builds since March
2016. So we can prove that those published binaries do not have backdoors
insofar as we can prove that the corresponding source code does not have
backdoors.

~~~
mechnesium
If you didn’t create the binary yourself how can you trust it?

~~~
jblwps
Because you can reproduce that binary bit-for-bit to confirm its corresponding
source code. That's the point of a reproducible build.

[https://en.wikipedia.org/wiki/Reproducible_builds](https://en.wikipedia.org/wiki/Reproducible_builds)

------
shmerl
I wouldn't recommend anyone using Signal, due to its anti-federation stance.
Also being tied to a phone? Very bad idea. Stay away from it.

~~~
snazz
Federation makes secure cryptography very difficult and is confusing to less
technical people, which is Signal’s target audience. Also, SIM swap attacks
don’t work if you set a registration lock PIN.

A centralized phone number based service is a requirement for a messaging app
to get any real traction. A messaging app is useless if no one you know in
real life actually uses it.

~~~
shmerl
Difficulty or "real traction" types of arguments are just an excuse to pursue
walled garden approach. I find it unacceptable.

And "confusing for non technical people" is a completely bogus argument which
also hides real intent of those who oppose federation. Non technical people
get e-mail idea just fine. And it's federated for the reference.

------
dancemethis1
"WhatsApp had used Signal's open-source protocol to encrypt all WhatsApp
communications end-to-end by default"

Allegedly*.

Since Whatsapp is proprietary, it can't be proven that OpenWhisper wasn't
tampered with on the server. And chances are always against the link that
needs the most protection, the user.

~~~
joshuaissac
It should be sufficient to inspect the client because end-to-end encryption
prevents the server from seeing the message plaintexts. The worst it could do
is send the wrong encryption keys to the clients (i.e., attempt a MITM attack,
or add unauthorised participants to a group chat), but this can be checked out
of band (e.g. QR code in person), and the client provides a message when a
contact's public key changes.

If the client implements the Signal protocol correctly, and the key pair is
generated securely, private key not transmitted to the servers, etc., then the
server should not be able to do anything nefarious without the client
noticing.

