
EU Commission to staff: Switch to Signal messaging app - maxbaines
https://www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/
======
bambataa
I once worked in the Commission, briefly. Technical security seemed to be non-
existent as far as I could tell (in an admittedly very junior role).

Once all of the interns got invited to the U.S. embassy to meet the Ambassador
(some guy who literally said he got the job because he was friends with
Obama). On the way out the nice embassy staff gave us goodie-bags, complete
with handy pen drives...

Basically everyone was giving away free pen drives in Brussels then. I would
be surprised to find that the U.S. didn't already have access to a large
number of EU institution computers.

~~~
heymijo
> _some guy who literally said he got the job because he was friends with
> Obama_

There are two kinds of U.S. ambassadors:

1) Career foreign service people

2) Friends of the presidential administration at the time

Examples of the latter aren't hard to find. Off the top of my head I'm
familiar with William Timken, a US businessman who was appointed Ambassador to
Germany by George W. Bush because he was a huge supporter [0,1]. Colloquially
we could say he got the job because "he was a friend of Bush."

I remember being surprised to learn that US Ambassadors were (maybe still are)
individually responsible for paying for a good part of their formal duties as
Ambassadors(eg throwing parties, travel, etc). So historically, having wealthy
people in the role was a requisite. I gleaned this from reading "In the Garden
of Beasts" by Erik Larson [2].

The bits I have cobbled together suggest there is an interesting history
surrounding the practice of selecting and acting as a US Ambassador.

[0]
[https://2001-2009.state.gov/outofdate/bios/t/53349.htm](https://2001-2009.state.gov/outofdate/bios/t/53349.htm)

[1] [https://www.spiegel.de/international/spiegel/us-german-
relat...](https://www.spiegel.de/international/spiegel/us-german-relations-
how-bush-s-berlin-ambassador-pick-profited-from-protective-tariffs-against-
german-companies-a-367881.html)

[2] [https://www.goodreads.com/book/show/9938498-in-the-garden-
of...](https://www.goodreads.com/book/show/9938498-in-the-garden-of-beasts)

~~~
yardie
All US ambassadorships are political appointment, therefore option 2 is the
only answer. These positions are almost always ceremonial. They are there to
execute the will of the president.

The real work is done by the diplomats who are appointed through the US
Foreign Service office. They do the actual work of the embassies.

~~~
Seenso
> All US ambassadorships are political appointment, therefore option 2 is the
> only answer. These positions are almost always ceremonial. They are there to
> execute the will of the president.

Not really, a foreign service officer can be appointed by a president to be an
ambassador. A recent example from the news is Marie Yovanovitch. In regular
times, my impression was that foreign service officers were appointed to the
more difficult and critical ambassadorships (e.g. Ambassador to the USSR), and
friends of the president were appointed to "easy" ambassadorships (e.g. to a
staunch ally with a fashionable capital).

~~~
yardie
A president can appoint a politically connected friend or choose one from the
diplomatic corp. But in any case they are all political appointments selected
by the president.

Now, for sensitive countries you want a specialist. Like your probably not
sending golfing buddies to broker Israel/Palestine peace agreements. But
they'll probably do alright being the Ambassador to Belgium or Canada. Those
embassies are practically on rails.

~~~
mtnGoat
In this case instead of a golfing buddy, his son-in-law was appointed to deal
with Israel/Palestine.

Nepotism is a problem, as is cronyism.

------
Zenst
I'm supprised they have not developed their own or at least, bankrolled the
development of one via grants.

Though it would be good if there was an open source communications platform
that would allow the public to engage with politicians in a formal and
constructive way. Alas, so much disparity in solutions that it often irks me.

[https://ec.europa.eu/digital-single-
market/en/projects](https://ec.europa.eu/digital-single-market/en/projects) Be
great if the interface was better for that site, though google didn't find
anything of note.

~~~
xmdx
Why reinvent the wheel?

Signal does the job, doesn't store data, not even metadata, and can be used
immediately.

~~~
dependenttypes
> doesn't store data, not even metadata

Isn't that just a promise? Also, even then, it is based on your contacts,
which are seen by google.

~~~
tialaramex
Signal's source code is published so you can go look for yourself. If you
believe that despite precautions the source code won't match what actually
runs on your phone then realistically you've no real option to use any
technological artefact and will be obliged to resort to maybe whispering coded
messages to close confidants. As a large technocracy this is not a practical
option for the EU.

Your phone number is sent to Signal's servers during sign-up and it uses the
conventional SMS service to "close the loop" and prove this number is under
your control. Having signed up you can use a PIN to lock the number to you so
that anyone without that PIN can't do the "new phone" dance (this expires if
you stop answering PIN questions correctly)

If you choose to do so a digest of your contact's phone numbers can be sent to
Signal for them to match against the set of (also digested) numbers of Signal
users so they can tell you who has Signal enabled.

Whether you choose to give your contacts to Google, to Facebook, to Apple or
whoever is up to you and outside Signal's control.

Signal does let you create an encrypted profile, and then your device can tell
other people's devices the keys to look at the profile if you want to allow
that. You don't have to use a profile or trust anybody else if you don't want
to. Signal doesn't learn the keys (unless I guess you deliberately sent them
those keys) so they can't read the profile.

Unlike many of its competitors Signal's messages can't be read by Signal, in
most cases this includes who sent them (Signal's "Sealed Sender" means in most
cases if you correspond with someone the indication of who sent them a message
will be encrypted such that they can tell you sent it but Signal only knows it
was someone they authorised to send them messages). When you attach images
Signal avoids learning how large the images are exactly, and if you use a
service like GIPHY to add typical meme images like Stephen Colbert eating
popcorn Signal double-proxies this so that they don't learn which GIF you
used, and GIPHY doesn't learn who used it.

Edit: Fixed name of GIPHY. Huh.

~~~
dependenttypes
> so you can go look for yourself

I can look it out for myself but there won't be any point as they can simply
run different code on their servers.

> If you believe that despite precautions the source code won't match what
> actually runs on your phone

 _On their servers

Also what precautions? As far as I know their binaries are not reproducible.

> this expires if you stop answering PIN questions correctly

After a week if I remember correctly.

> a digest of your contact's phone numbers

> also digested

A hash? This does not protect against anything. There are much less than 2^32
active mobile phone numbers per country. It would be trivial to brute-force
it.

> Whether you choose to give your contacts to Google, to Facebook, to Apple or
> whoever is up to you and outside Signal's control.

The point is that _someone* other than you will be able to see the metadata.
It does not matter if it is Signal or not.

~~~
UncleMeat
> I can look it out for myself but there won't be any point as they can simply
> run different code on their servers.

OK.

That's true for literally all services. Do you expect to be able to walk into
the server rooms and dump the binaries to inspect them?

> Also what precautions? As far as I know their binaries are not reproducible.

The client builds are. Reproducible server builds don't tell you anything
about what is running.

~~~
dependenttypes
> That's true for literally all services

The point is that your client should not send any information which you expect
to keep private to their services. It is the exact reason that we use e2ee
rather than just tls for chats.

> The client builds are

Not fully, see [https://signal.org/blog/reproducible-
android/](https://signal.org/blog/reproducible-android/)

> Reproducible builds for Java are simple, but the Signal Android codebase
> includes some native shared libraries that we employ for voice calls
> (WebRTC, etc). At the time this native code was added, there was no Gradle
> NDK support yet, so the shared libraries aren’t compiled with the project
> build.

> Getting the Gradle NDK support set up and making its output reproducible
> will likely be more difficult.

~~~
UncleMeat
> The point is that your client should not send any information which you
> expect to keep private to their services. It is the exact reason that we use
> e2ee rather than just tls for chats.

Yes. And Signal achieves this better than all the other major options, given
the number of footguns in the other tools.

If you are concerned about the client builds then run a decompiler. It's not
hard. People have been auditing binaries for ages.

------
netcan
>>Promoting the app, however, could antagonize the law enforcement community.

The margins of law enforcement and intelligence can be blurry, but to the
extent that they're antagonistic towards private communication as a whole... "
_law enforcement_ " is kind of a euphemism. The article should have said "
_could antagonize the intelligence community,_ " whether it's police or
whatever.

Over time this "antagonism" is growing, because intelligence is increasing its
reliance on these data sources.

 _" What do you mean we can't analyse IM chats. How are we supposed to do our
job?"_

~~~
dsfyu404ed
This probably antagonizes law enforcement more than intelligence.

If you are interesting enough to be a target to the CIA's of the world then
they will probably find a way to get at you, if not through your phone then
through your spouse's or maybe your Echo or whatever. These people would do
well to distance themselves from devices in general

For the masses who do nothing too wrong yet still engage in WrongThink(TM)
(relative to the politics of the time and place) these apps are great because
they astronomically increase the effort requires for law enforcement to rifle
through your private communication which greatly reduces ability of police to
have the power of arbitrary enforcement over the common man. A consequence of
this is that tracking down drug dealers and other petty criminals requires
"good old fashioned police work" as opposed to hooking their phone up to a
black box like police have grown accustomed to.

I agree with you that the distinction between law enforcement and intelligence
is blurry but it's the folks solidly on the law enforcement side that are
hindered by E2E encrypted messaging because it diminishes their power over
people who have done nothing wrong and makes their routine work marginally
more difficult.

~~~
marcosdumay
> If you are interesting enough to be a target to the CIA's of the world then
> they will probably find a way to get at you

The big thing for intelligence is that now they track _everybody_. It doesn't
matter if they think you are relevant or not, if at some time you become, they
already have plenty of material to blackmail you.

------
blunte
In previous discussion here on HN, Wire was claimed to be more secure than
Signal (something related to initial key sharing?)

I don't understand why there's so much publicity behind Signal, and Wire is
never mentioned. I've been using Wire for years, and it doesn't require a
phone number to setup.

~~~
divanvisagie
Personally, I'm suspicious of Signal because of its publicity, smells like a
pot of honey.

~~~
groovybits
The code is open, if you'd like to decide for yourself:
[https://github.com/signalapp](https://github.com/signalapp)

------
hestefisk
I know Signal is secure and all — and I use it myself — but I can’t help but
think how can we trusted that the central servers aren’t wiretapped? It would
be the ultimate proof of security if one could transparently verify that the
middle man is running the actual code it claims to be running.

~~~
thu2111
Signal uses Intel SGX to give you some assurances about this, at least for
parts of their serving stack. You can run the remote attestation tools and get
a report back from Intel that says, in effect, "you connected to a genuine CPU
and it's running software with this hash". Then you reproduce the build of the
open source code and check the hashes match.

I'd be surprised if anyone has ever actually done this. It's a very obscure
thing. But to their credit, it's possible.

SGX can't actually make you have secure end to end encryption though. The
Signal protocol is necessary but not sufficient. The operators can always just
push a software update that invalidates all the security guarantees. It's been
a problem since the start but they never talk about fixing it, even though the
issue is a glaringly obvious one.

What they could do is allow third parties to audit their software updates, and
then cross-sign the binaries. Android allows this but there's no UI for it.
It'd benefit from a collaboration with Google to allow multi-vendor apps.

After that comes sandboxing. Dalvik/ART doesn't support the Java
SecurityManager API. However, for sandboxing software components _cheaply_
it's hard to beat. If a component is sandboxed in a correct manner then the
audit costs get much lower. You don't need to re-audit a component that's
changed if the sandbox means it can't access keys or message data, for example
(and if everything is memory safe: you'd have to do multi-process on iOS which
is a lot more expensive).

~~~
pgeorgi
> Then you reproduce the build of the open source code and check the hashes
> match.

Assuming that the sgx environment hasn't been tampered with. There have been
several flaws in sgx, e.g.
[https://www.theregister.co.uk/2019/02/12/intel_sgx_hacked/](https://www.theregister.co.uk/2019/02/12/intel_sgx_hacked/)

~~~
thu2111
SGX is patchable via microcode updates (and some parts are software). The
remote attestation contains the patchlevel of the system, so, a client can
tell if you aren't keeping up to date with security patches.

And so far these are not zero day bugs. The researchers work with Intel to
only publish when there are fixes available, usually. It's not much different
to any other security system in that sense.

------
Arbalest
That's a tad unfortunate. Signal was just low profile enough that my wife and
I could use it in China. This raises the profile of it just a bit higher than
I'd like. Further, with the likes of
[https://news.ycombinator.com/item?id=22202110](https://news.ycombinator.com/item?id=22202110)
having a higher profile makes the organisation more vulnerable to harassment
from the government.

~~~
giancarlostoro
My understanding is that US Senators already use it. At least there was a
headline on HN ages back. The main issue with apps like Signal in my opinion
comes from apps that snoop on your screen. I wouldnt be surprised if there are
rogue custom keyboards that do this.

I would be more worried if only communist / socialist nations (you all know
the ones I am talking about, not sure of a better name so calling them what
they claim to be) were using it. If the NSA advises against Signal that might
be another concern. It might mean a foreign intelligence has access somehow.

~~~
mcv
> _" communist / socialist nations (you all know the ones I am talking about,
> not sure of a better name so calling them what they claim to be)"_

"Totalitarian" would be a better word, I think. This isn't specific to
economic systems, it's about governments wanting to control the communication
of their citizens (or subjects, I guess).

> _" If the NSA advises against Signal that might be another concern. It might
> mean a foreign intelligence has access somehow."_

Or it could mean the NSA does not have access. They do have a history of
wanting access to encryption systems.

~~~
giancarlostoro
Well I'd need to hear their reasons for it, but yeah. I should of phrased it
better: in the event that the NSA advises people to upgrade Signal versions or
something of the sort. Though this is much less likely than them advising
something as much more mainstream as Windows.

Totalitarian is probably closer to the word I was trying to think of.

------
cannabis_sam
Because LEOs are oversteping their mark by a billion each and every fucking
day, but the populace is too fucking computer illiterate to understand that
”data reading” (the norwegian euphemism for hacking into citizens computers)
is extremly damaging to the fundamental concept of democracy.

ACAB

~~~
jsjddbbwj
You could've put the ACAB at the beginning so we know we shouldn't not mind
the things you say.

~~~
cannabis_sam
I did it on purpose, since you obviously thought the rest was interesting :)

------
sschueller
This is a mistake. They should at least compile their own version and not
something that comes from an US based app store under US law. At any point the
US can force a change.

This is as secure as purchasing a machine from Crypto AG. [1]

[1]
[https://en.wikipedia.org/wiki/Crypto_AG](https://en.wikipedia.org/wiki/Crypto_AG)

~~~
cpach
Perhaps a better idea would be to fund an audit of the Signal app. (Or has
that been done already?)

~~~
pgeorgi
Doesn't help figure out if the signal update of the day that comes from the
store is any good.

~~~
cpach
That is true. But given how much interest there is to find vulnerabilities in
the Signal app, I would be very surprised if anyone would succeed in putting
up a compromised Signal app on the App store and also be able to fly under the
radar.

~~~
Dahoon
The "anyone" in this case would be Signal. No need to fake it when Signal is
under US law.

~~~
maqp
Ok lawyer, explain which US law allows compelled speech considering in djb vs
US it was decided code was speech, and protected by the first amendment.

------
akie
As an EU citizen I think that's a great decision.

~~~
nico_h
Is there no open source or European alternative?

Just keep relying on some Californian dude that insist i give him my and my
friends phone numbers?

And harass me so i give him more info to “personalize my profile” !?

~~~
stingraycharles
This is the “perfect solution fallacy”; just because Signal doesn’t check all
the boxes, doesn’t mean it isn’t an improvement over the existing situation.
Secure communications is the immediate goal, nation sovereignty secondary.

Looking at the other comments, the European alternatives don’t look very
secure, so it looks like they prioritized security here.

~~~
feanaro
> Looking at the other comments, the European alternatives don’t look very
> secure, so it looks like they prioritized security here.

In what way are Wire and Matrix not very secure, though?

------
Aaronmacaron
They should use Threema [1] which is based in Switzerland. Even though
Switzerland is not in the EU it's not as bad as the US (from an EU standpoint)
and since Switzerland is heavily dependent on the EU the likelihood of them
spying on the EU is pretty small. Apart from that Threema publishes a
transparency report [2] where they list all requests from governmental
authorities.

[1]: [https://threema.ch/en](https://threema.ch/en)

[2]:
[https://threema.ch/en/transparencyreport](https://threema.ch/en/transparencyreport)

Edit: Formatting

~~~
sschueller
Threema is not safe either and its audit is years old.

The BÜPF law in Switzerland requires any company that has more than 100
request per year to retain data. Threema reached this in 2019.

    
    
       "Der Dienst ÜPF erklärt eine Anbieterin abgeleiteter Kommunikationsdienste als eine mit weitergehenden Auskunftspflichten (Art. 22 Abs. 4 BÜPF), wenn sie eine der nachstehenden Grössen erreicht hat:
    
       a. 100 Auskunftsgesuche in den letzten 12 Monaten (Stichtag: 30. Juni);
    
       b. Jahresumsatz in der Schweiz von 100 Millionen Franken in zwei aufeinander folgenden Geschäftsjahren, wobei ein grosser Teil ihrer Geschäftstätigkeit im Anbieten abgeleiteter Kommunikationsdienste besteht, und 5000 Teilnehmende, die die Dienste der Anbieterin in Anspruch nehmen." [1]
    

[1] [https://www.admin.ch/opc/de/classified-
compilation/20172173/...](https://www.admin.ch/opc/de/classified-
compilation/20172173/index.html#)

------
balladeer
I’d say it’s another missed opportunity for decentralised communication apps
and services. None of them are in a state to be adopted by mass and for
critical use-cases.

------
tarkin2
The staff will be using Whatsapp. Signal has its issues but it's more secure
than Whatsapp.

~~~
maqp
The benefit is, once you've got to have Signal installed, you'll probably want
to talk to your friends over it as well to save time switching between the
apps.

------
dillondoyle
Our top political campaigns use Wickr (it's pushed down from on high) but I
have a hard time believing it adds any more security than simply mandating 2fa
security keys w/ google advanced protection.

Given the problems ive experiences with the wickr app and lack of basic phone
security ive seen this feels LESS secure to me.

Google put out research saying they had 0 successful phishing after mandated
fobs. I guess there's a concern about forwards and that Wickr shows when
someone screenshots but that doesnt stop anything...

I have seen lots of campaign staff that dont have passwords on their phone, or
weak 4 digit ones. I use a password manager to store a long wickr pass but I
think most just use a simple pass or re-use a password...

Wickr on my phone has render problems all the time and it has shown messages
without me logging in at least twice.

It's also super inconvenient. if they really care about E2E - which doesnt
even feel like the actual problem they are trying to fix (phishing/ability to
read past messages when an account is compromised) - I'd rather have some
enthusiastic outsiders develop an open source basic PGP chrome extension to
sit on top of gmail or something (maybe that already exists)

~~~
maqp
Wickr is proprietary. That alone is a reason to abandon it ASAP.

------
nottorp
How is something that's tied to your phone number "secure"?

The communications are encrypted, but my identity is public.

~~~
lorenzhs
Security is not the same thing as anonymity. Maybe Signal's design goals just
don't align with your requirements, and that's okay. But that doesn't mean
that it can't be the right tool for people with a different set of
requirements.

~~~
nottorp
Well, besides anonymity, my requirements for a reliable communication method
include not being tied to my phone.

~~~
UncleMeat
Yes, and the huge majority of people don't have that requirement. Signal's
devs have been very clear for years and years that the are optimizing for
getting as many people as possible to use functioning e2e encrypted messaging
rather than to focus on features that a subset of techies in the west care
about.

~~~
nottorp
I don't know about you, but I as a 'techie in the east-west' have a bunch of
people who ask me or follow my choices wrt tech stuff.

I might recommend Signal to them if they specifically ask for something
encrypted, but if they just follow what I use they'll see no Signal.

~~~
UncleMeat
Sure. But the fact that the huge majority of messaging users use their phones
is not exactly controversial.

Heck, whatsapp has gotten several orders of magnitude more people to use
encrypted messaging than any other software, and techies hate it.

~~~
lorenzhs
You are absolutely right. People on here love to crap on good solutions in
search for the perfect solution, whether or not that actually solves users'
problems. Case in point: your comment being greyed out. WhatsApp adopting
Signal protocol probably accomplished several orders of magnitude more than
anything else the Signal team has done. Of course Signal remains better for
privacy, and yes, there are other messengers that don't require you to use a
phone number. But for most people, using phone numbers solves so many more
problems than it causes. Use the most secure messenger that works _for you_.

------
Beltiras
Looks like it wasn't the transport method that was vulnerable. Doesn't matter
if you use Signal if the "vault" where you keep the messages can be broken
into.

------
jariel
The EU budget is 148 Billion Euros. Surely, if they have a requirement for a
secure communication app, they have the wherewithal to build one for their
needs, that EU citizens and others could then use if they so chose? Essential
knowledge is definitely public.

This is not about 'Signal' it's about why governments can't/won't deliver on
so many issues they themselves deem to be very materially important to them,
particularly in the area of IT.

~~~
cpach
As a citizen of a EU member state I would rather see them use Signal than try
to come up with their own solution.

It is true that they could throw a lot of money on the problem. But that in
itself does not guarantee that they outcome would be a world-class
communication system. So given that Signal already exists and is the gold
standard for secure communications, IMHO it’s better to use that.

What the EU can do however is to fund cryptography research. (And it would not
surprise me if they already do.)

~~~
bloopernova
I'd like to see the EU contribute to the Signal (or Keybase!) ecosystem. A
rising tide lifts all boats.

From various comments in this discussion, I've discovered that Signal is open
source and has reproducible builds, and the server is open source too. It
would be possible for the EU to create its own "EU-Certified" Signal
environment for use by people who wish to see their data remain in the EU.

------
teekert
But what should I use if I am a politician and fundamentally believe that the
government should be able to read my communications?

~~~
pilif
Does such a person exist? And if so, then just do all your communication using
existing means like email and blogs.

~~~
tyfon
Personally I believe that if you become an elected representative of the
public you should become a public person where all your in-person meetings and
all your phone calls and messages are public for the period you are elected.
If you meet someone without disclosing it, it should be a criminal offence.

I know this will never happen in real life but I think this is the only way to
solve the problem of corrupt officials and revolving doors / lobbyist
problems.

Edit: the book "Haze" by L.E. Modesitt Jr. has a good take on this.

~~~
teekert
Also: The Circle by Dave Eggers.

~~~
tyfon
Thank you, I haven't read that one. It's going to be read within the next few
weeks :)

------
newscracker
Now the staff who use iOS are going to be pissed when they find out chats
cannot be backed up or transferred to another device and that rejoining groups
on a new device is going to be painful. That’s assuming message delivery works
fine and that inadvertent “device changed” notifications don’t pop up when
nothing has changed. I’d bet that these people will soon find different ways
to communicate just to avoid some pains and probably put up a pretense of
using Signal.

Anecdote: Personally, I’ve been using Signal for some years with a few
different group chats. The number of times people in those groups talk about
how bad Signal is and want to avoid it hasn’t changed much (these people use a
mix of iOS and Android). All those groups are quite silent because people
don’t want to use it.

Edit: Security without ergonomics doesn’t help. And Signal is still behind on
that front. As someone else here pointed out, they could’ve chosen Wire, which
has a better UX and has E2E chats syncing across devices.

------
Funes-
They should use Briar [0], if they want something _actually_ secure: no
servers involved whatsoever, tor-enabled, adding contacts works by exchanging
private keys, etc.

[0] [https://briar.app](https://briar.app).

~~~
nextstep
Does Briar have an iOS app?

~~~
Funes-
Not yet.

More info: [https://code.briarproject.org/briar/briar/wikis/FAQ#will-
the...](https://code.briarproject.org/briar/briar/wikis/FAQ#will-there-be-an-
ios-version-of-briar).

------
hkt
Interesting, I sort of wish they'd decided on Delta Chat instead. No US
infrastructure at all seems like a beneficial thing for the EU and EC. Maybe
in time?

------
Tomte
Unfortunately, the IT department of the European Parliament has forbidden
Signal Desktop and recommends WhatsApp.

~~~
atticmanatee
So? Decisions and policies change. Just because someone decided something a
few months ago doesn't mean they can't make a new decision now.

~~~
Tomte
Sure they can. And I hope they will.

But I think you confuse the Commission and the Parliament.

The whole point of my comment is that two European bodies that work together
closely have diverged in their IT policies.

------
hackerbeat
It seems like nothing is secure anymore these days. Not even Signal. Let‘s go
back to sending ravens.

~~~
berkes
RFC1149, IP over Avians[1] is not in any way protected against e.g. MITM. Nor
is sending the verbatim message by Avians. Sending a micro-SD by raven does
not solve it either.

All you need is a bow-and-arrow, a practiced hand, and your own raven to MITM
the message.

[1] [https://tools.ietf.org/html/rfc1149](https://tools.ietf.org/html/rfc1149)

------
laktak
One thing I found quite surprising about Signal is that you lose your messages
if you move to a new phone - there is no backup on iOS.

[https://support.signal.org/hc/en-
us/articles/360007059752-Ba...](https://support.signal.org/hc/en-
us/articles/360007059752-Backup-and-Restore-Messages#ios_restore)

~~~
snarf21
This is the tradeoff. Being backed up somewhere is more convenient but less
secure. If it is only on that one device, it requires physical control of the
hardware. If it is in iCloud or somewhere else, it is an attack vector and one
that can be exploited remotely and at scale.

~~~
laktak
That does not make much sense since you can backup all your data on an Android
phone.

~~~
maqp
It's all going to change over time. What matters here is the direction the app
is going towards.

Are we going to get more features? Yes.

Are we confident the devs can deliver those features actually secure? Yes,
these guys are the ones leading the industry at the moment.

Do we need to worry about long term future of the app being sold? No, the
project is a non-profit, it's backed by a foundation, and it's an ideological
app, not a for-profit app or con (startup)

------
scumbert
Yes, European Commission, continuing to sell yourselves and democracy out to
China is something you'd better take great care in keeping private.

------
FirstLvR
well, at least Signal is getting free publicity

------
throway1n
why is there no european company the size of whatsapp, facebook, apple and so
on?

~~~
throwaway1590
good luck competing with 0% tax state-sponsored companies without venture
capital. The same reason there is no european huawei. There are some medium
sized companies, but they don't have the same advantages as those in the US or
China

~~~
squiggleblaz
I thought all the competitors to Huawei were European. They keep telling us
that's the problem. (Apparently we need to be more closely aligned to America
than Europe.)

------
_pmf_
Ursula von der Leyen knows about the dangers of leaving incriminating
information on cell phones.

