Hacker News new | past | comments | ask | show | jobs | submit login

This is freakin' awesome:

A non-profit foundation with $50 million in the bank dedicated to providing usable encryption to the general public, with no other agenda other than the public good.

Go read the blog post by Moxie and Brian Acton (who is joining Signal). Very exciting!




I hope they eventually develop a federated, privacy oriented messaging protocol, once the rapid technological evolution settles down.

I know Moxie's position on federated protocols [1], but I think we must eventually agree that an open environment with a multitude of providers and implementations is the only way to provide long term privacy - any single provider is vulnerable. It would also be a very useful tool in the context of regulating communication platforms and breaking up monopolies.

[1] https://signal.org/blog/the-ecosystem-is-moving/

Edit: emphasize federated, not open, Signal is indeed an open protocol.


Signal Protocol is one of the best documented cryptographic message protocols on the planet, and is accompanied by multiple GPL'd implementations.

https://signal.org/docs/


which sounds like it could be used to develop a federated protocol. I've heard there is an effort to do an RFC on the subject, but I'm not sure it uses the Signal protocols (for some reason), also there are two of them (I'm confused):

* https://tools.ietf.org/html/draft-barnes-mls-protocol-00

* https://tools.ietf.org/html/draft-omara-mls-architecture-01


Using OMEMO on XMPP is a federated implementation of the Signal protocol. I believe Matrix' e2e encryption is also based on it.


I’m really hoping OMEMO makes it into Openfire (XMPP Server) and Adium (XMPP Client) sooner rather than later, we current use OTR but OMEMO is objectively superior in every way I can see.


In general, servers should have nothing to do with end-to-end encryption, except for not actively breaking it.

OMEMO in particular uses:

- Personal Eventing Protocol (PEP, XEP-0163) to transport key material; and

- core RFC3920/RFC6120 XMPP protocol to transport encrypted messages.

Both of which are already supported by Openfire [see JM-1122]. So, as far as I can tell, Openfire is fully capable of delivering OMEMO messages right now.

https://issues.igniterealtime.org/browse/JM-1122

[EDIT] For Adium OMEMO support, have a look at Lurch: https://github.com/shtrom/Lurch4Adium


I don't think Adium is doing much in terms of active development sadly.


Do you consider SMS a federated protocol?

https://silence.im/


SMS is federated, users of one providers can send messages to users of a different provider. Same with phone calls. Becoming a telephony provider probably takes a bit more investment than with some random Internet based service.


Unfortunately, it looks like the signal people are possibly not friendly to third-party devs and have levied seemingly spurious IP threats against third-party implementations: https://medium.com/@wireapp/axolotl-and-proteus-788519b186a7

Obviously this is just one side of the story, but it sounds rather alarming.


I believed this was debunked by moxie somewhere on HN


Would you mind linking it? I've tried to see his past comments but couldn't find anything dated after the blog post on a first look. Just a lot of LibreSignal stuff.



Extract from that comment:

> We haven't patented any of the concepts here, and we've done a lot to explain and popularize them. We're happy for people to use these concepts to build their own implementations of similar protocols, but we don't want people slapping things together and calling that Signal Protocol.

That doesn't debunk anything in the blog post - it reinforces the point that moxie doesn't want any third-party implementations of the protocol.


It sounds like they'll defend the Signal trademark, but not the implementation concepts. I don't see how that's bad.


Especially with crypto, one small implementation error could ruin any security value. It's completely reasonable that they don't want their trademark used with code they aren't responsible for.


Yeah. "You can do whatever you want with our GPL'd code, so long as you follow the license, and we don't have any patents, just don't use our name/branding on stuff we don't control" is a reasonable way to ensure the reputation of your name. It's the same thing Firefox does with Linux distros who want to add their own patches.


> It's the same thing Firefox does with Linux distros who want to add their own patches.

"did", I think. I don't know which distros still run into this, but Debian now ships Firefox (RIP Iceweasel).


Or, conversely, modifications could add to the security value.


Did you read the license?


It’s just one side of the story, but after Moxies comments regarding LibreSignal, third-party clients, etc, it’s hard not to believe it.


And Moxie disallows people from building third-party clients for the server where 99% of Signal users are on, and without that, group chats aren’t useful.


Since when? You by default use the main servers when you install Noise or signal-cli, despite how Moxie may dislike this fracturing of the Signal client ecosystem.


Moxie still disallows their use of his servers, they just disregard his demands.


And yet even the best of the best cryptographic protocols provide little to no value on very insecure systems like iphone and android.

It's like bike shedding of security, where Moxi focuses on the things he can do but for the systems where it doesn't matter.


I find it odd that someone would say an iPhone is “very insecure” after the USG, of all players, very publicly couldn’t get into a model from right before the security design hardened, not to mention the also very public panic in the IC about losing access to intelligence due to mobile phone developments. That’s a strange position to tout with the underlying implication that PC platforms are better.

Are you broadening “insecure” to mean “centralized, opinionated security architecture designed for tech-illiterate masses that I don’t like?” Because that isn’t what it means.


Very secure means high-assurance for both hardware and software, very insecure means no assurance for neither hardware, nor software, with control over system belonging to multiple third parties and what not, basically consumer stuff. And threat model for this consumer stuff just doesn't include an adversary capable of intercepting all of your communication and cracking less secure protocols, this is just silly. Because with such level of capabilities an adversary can just target a whole bunch of third parties that have control over your system, penetrate one of them and push a fake update to your system with screen grabbing malware or whatever. By the way, this is an example of a real world attack.


I thought that ended with the government getting into the phone using an exploit, just without forcing Apple's cooperation.


Hence the hardened part. That exploit doesn’t work against any later model, and they spent a lot of money to get into that particular phone. Even with that observation, how can one claim “very insecure?” Do you think it’s that difficult to compromise a PC with physical access? What does secure even mean to people any more?

I trust my phone a hell of a lot more than any general purpose computing platform, and I’d say the same if I owned any number of a significant collection of Android devices. This isn’t phone vs. phone advocacy, just annoyance at opinions that people disingenuously consider factual, useful observations on security.


Only after they paid an Israeli security company for a 0-day vulnerability, which allegedly cost north of $1m.

Interested to know how that amount compares to other OSes, I really don't know what the going rate is on Windows/Linux.


And this was a vulnerability that concerned an iPhone 5c, which did not have a secure enclave. The iPhone 5s was the first model with Touch ID and an secure enclave.

https://www.extremetech.com/mobile/226164-fbis-iphone-hack-l...


I would question how much of this was not being able to get into it and how much was a platform for "we need backdoors into everything".


Ever ask yourself why they did this "very publicly"?


To convince congress to legislate a backdoor.

There are very logical and reasonable reasons for them to advocate publicly. Not everything is a conspiracy.


> I hope they eventually develop a federated, privacy oriented messaging protocol, once the rapid technological evolution settles down.

Like matrix[1]? That uses signals encryption.

[1] https://matrix.org/


You mean, Matrix does not pose arbitrary limitations to clients that want to use end-to-end encryption. Clients that do not yet feature it by default, and that give huge warnings when you try to enable it. Clients that have problems with complex navigation when trying to verify fingerprints. Matrix is not the future, because at some point you're going to need to defeat metadata, and decentralized platforms can't do that. The future is in apps like Ricochet and Briar.


To be fair; Matrix's crypto is fairly solid. The key management however is a mess, and we have run late on fixing it - but we're working on it currently. The metadata concern is bogus however: we designed Matrix to evolve into a hybrid p2p/decentralised architecture in future without changing a line of clientside code, so folks who want to store their metadata on their client rather than their server can do so - https://matrix.org/~matthew/2016-12-22%20Matrix%20Balancing%... has some notes on that. In practice, we think neither pure federation (like XMPP) or pure p2p (like Riocochet) or pure centralisation (like Signal) is desirable - you want to have a hybrid of decentralisation & p2p so you can get the best of both worlds.


What are the benefits of decentralized servers over p2p?

"Metadata concern is bogus" yet the linked documentation explicitly says bridges expose metadata, and that home servers expose metadata.

One advantage of Pond-hybrid is "Supports any and all Matrix clients via the existing standard client-server API". This means the issue is desire to remain compatible with insecure clients. This is lack of agility is not needed.

I hope you fix things before it's too late and focus on Pond or other Tor hidden service based communication.


> What are the benefits of decentralized servers over p2p?

* A server-based system gives you a well-defined secure place to keep an always-on copy of your data, with whatever physical/geographic/network security model you prefer... rather than smearing it across a bunch of handsets or laptops which could get lost/stolen/run-out-of-storage etc.

* Thin-client protocols like Matrix or XMPP are going to typically use way less battery and bandwidth than maintaining a full p2p mesh on a mobile device, which is generally desirable. The way to fix that in p2p is to introduce master nodes of some flavour... at which point you're back in a hybrid p2p/federated architecture again.

* A thin-client-first approach also means that you can easily support different clients (and bots/bridges etc) rather than the client being tightly coupled to a complicated p2p protocol.

To repeat: i'm advocating a hybrid p2p/decentralised approach - not religiously pure decentralisation, nor religiously pure p2p either.

> "Metadata concern is bogus" yet the linked documentation explicitly says bridges expose metadata, and that home servers expose metadata.

My point was that in the medium/long term we have a clear route to avoid having to expose metadata on servers.

> One advantage of Pond-hybrid is "Supports any and all Matrix clients via the existing standard client-server API". This means the issue is desire to remain compatible with insecure clients. This is lack of agility is not needed.

You're missing the point. There's nothing insecure about the clients. The whole idea of the PDF is to spell out that you could swap out a federated server for a local p2p-based server (perhaps even running in the client) whilst reusing all the same clients... which now magically become p2p (if desired). This agility is very desirable indeed, given the huge amount of effort which has now gone into writing good Matrix clients like Riot, nheko, Quaternion etc.


> I hope they eventually develop a federated, privacy oriented messaging protocol, once the rapid technological evolution settles down.

Yes. It's hard to get too excited for the 'expansion' of Yet Another Walled Garden. I say this as a long time user of Signal. It's currently the lesser of most evils, but it still has a lot of room for improvement.


If federated communcations is a desire, OMEMO[1] is a thing.

However, there are issues with federated protocols beyond the velocity issue that Moxie mentions. Some of them are technical and some of them are not (see conversations.im comment on doing xmpp notifications on iOS for example), but they do exist.

1: https://xmpp.org/extensions/xep-0384.html


> Signal is indeed an open protocol.

The Signal protocol is public, but not open. It is a proprietary protocol which is controlled entirely by the company behind Signal.


> once the rapid technological evolution settles down

Why wait?


Users don’t want federation.

See also: Adoption failure of Google Talk XMPP, massive adoption of Facebook Messenger and Whatsapp, and AIM before it.

I wish it were different, too.


Users "want" what everybody else is using so they can communicate. If everybody is using a federated protocol, like email, that's what they will want.

You might say it is fundamentally easier to build closed systems and entice users to adopt them, but that's a business aspect not a user preference. Exactly the type of business that's of interest to regulators.


I think users would prefer federated systems. Who wouldn't? Even though most people have probably never heard the word before, they almost certainly use and appreciate federated systems like phones and email.

Do people want federation enough to have to take a principled stance in order to force change? Heck no. And that's the problem: there's no reasonable way for their desire to impact the producer side of the market. Can't vote with your wallet since public IM service is universally free, plus network effects are strong.

Users are being worn down, too. I remember when Pidgin, Adium, Trillian, etc were rather popular. Now most people don't even use those kinds of consolidation apps either, and resign themselves to literally running many separate apps.

This is a crazy mess we got ourselves in, and there is no easy fix. Time machine to 1980 to get a standard out before ICQ, maybe.


> Now most people don't even use those kinds of consolidation apps either, and resign themselves to literally running many separate apps.

IMO that is really one personal hell for me. I blame android and apple for this. I was happy with my N900 where you got one chat application that supported SMS, Skype, XMPP, AIM, ICQ, whatever. The world was so simple back then. Now everything has to be a separate "app", where previous there where just plugins. Such a decline in usability.


Pidgin (formerly known as GAIM) and its subproject libpurple is the one to thank for. Telepathy [1] and Bitlbee [2] are based on that. I used all of these throughout the '00s. Before the Nokia N900, I used a Nokia E71 with Nimbuzz (basically proprietary but it runs something like Bitlbee under the hood on their servers).

Some of these protocols are open, some are reverse engineered. Problem with the current generation is that they're focussed much more on security features such as E2EE. Although before GAIM, we had other applications which did multiple protocols we also had loads of single purpose applications for all these protocols you mentioned and a whole lot more. Back in the end of '90s if you wanted to run MSN and ICQ and AIM on Windows, you had to use a client for each of these. Its basically a cat and mouse game. Look at the history of the Skype support for an example of that.

[1] https://telepathy.freedesktop.org/

[2] https://www.bitlbee.org


As a former user of N900 I get your point, but frankly I don't mind at all. For me it makes no difference if I need to open one app or another, it's the same amount of tapping. So I'm in the camp who wouldn't mind federation, but won't bother to lift a finger for it either.


> I think users would prefer federated systems. Who wouldn't? Even though most people have probably never heard the word before, they almost certainly use and appreciate federated systems like phones and email.

Except that they don't; they mostly use Facebook Messenger, iMessage, and Whatsapp. Those that do use email use gmail, which barely federates (most gmail users never see messages from my personal email address, because google routes them to spam despite my IP never having spammed).


What we've seen isn't users showing how they feel about federated systems, it's users being forced into walled gardens as closed systems added support for open systems, but open systems could not reciprocate, and the market adjusted.

If your choice as a user is to buy an iPhone that can communicate with your Apple friends over imessage and Android friends over hangouts, or buy an android phone and not access anyone through imessage, there's an advantage to Apple there. Google just decided to level the playing field (if slightly) by privatizing the hangouts protocol, and we all lost out a bit because of it.

Federation isn't something most people even experienced throughout all that, so it's hard to think it was factored in, even a few times removed, from their decision.


" it's users being forced into walled gardens as closed systems added support for open systems, but open systems could not reciprocate, and the market adjusted."

We haven't seen users forced to do much of anything. In general, there's multiple ways of achieving their goals. They almost always pick either a proprietary company that likes lock-in or a free, ad-driven solution that sells them out. They neither take time to understand the consequences of that ahead of time nor cared enough to switch in the years I've explained it to hundreds (thousands?) of them. Very, very few would switch. And for social media, it's usually a network effect they're joining where stadiums worth of people would have to switch at once or close together to avoid chicken-and-egg problem. They could collectively use open standards to communicate like open-source IM and buddy lists but most don't given they'll sacrifice control of their data and privacy for convenience.

There is a market effect like you describe where the suppliers benefit from lock-in. That's been steady a long time with even the open standards often intended to catch new customers in lock-in in other ways. On the demand side, though, the masses haven't used open-source as a factor in their purchasing much at all. So, it's not even a differentiator on their end for most suppliers to target. The market didn't even adjust: it defaulted on lock-in strategies for owners' benefit with companies occasionally experimenting with other methods they sometimes reversed.


> We haven't seen users forced to do much of anything.

Well, it depends on how you want to interpret forced. Sure, they aren't required to use a product, but if you've been using Gtalk for years, and that's how everyone knows to get hold of you and how you get hold of people, and it's an open protocol (XMPP) which you can and do use through a third party client (e.g. Pidgin), when they switch to Hangouts you are forced to use their proprietary client and protocol if you want to keep the same contact list without making everyone switch. It's not strictly "forcing", but Google is exerting force to drive customers to a different usage.

I'm not sure any centralized IM service that expected to compete would have done different and survived with any appreciable market share, but that the ones that existed switched is notable.

> On the demand side, though, the masses haven't used open-source as a factor in their purchasing much at all.

The benefits of an open system aren't readily apparent to many people until they start experiencing the problems of a closed system. Closed systems have numerous benefits at the starting stage the open systems don't (for example, a clear way to monetize that works in line with people's expectations and human nature). We were lucky with the internet because it was federated by design (and necessity, pretty much), and grew to the point that it would be too costly to close the protocol before gaining too much popularity. Even so, we're seeing pushes to in that direction. Maybe when the problems of the closed IM systems become apparent enough, we'll actually have some more widespread adoption of open systems. WRT human nature and systems such as these, I'm not sure we've even seen full cycles of how people perceive and deal with the systems (we're only now really having a sizable group of adults that have always had the internet WRT the population as a whole), so a lot of how people deal with open/closed systems over time is still in flux.

P.S. Long time no see/read. Nice to have a conversation with you again. :)


" Sure, they aren't required to use a product, but if you've been using Gtalk for years, and that's how everyone knows to get hold of you and how you get hold of people"

There's the problem right there. They created a dependency on a single provider that could turn on them at any time. Many providers have gone out of business or done unscrupulous things. One should always have alternatives if anything is really important. In this case, they usually solely rely on one provider for convenience when not also cost (sometimes trivial cost). Still true for things like Facebook.

They walked right into a big problem because convenience or apathy about risks trumped everything. From there, they can be forced in the way you describe to go along with what vendor wants. At that point, they might also start switching and/or avoid doing that sort of thing in the future. In many cases, they avoid the switching cost and do the same kinds of things in other services. Their very nature is to willingly create opportunities for suppliers to cause them problems.

Even as they do this, there's a small subset of the market doing either the opposite or taking steps to limit the damage which make me think this is more willing than forced. If anything, history has shown we have to use things like regulations to force market participants to behave more safely on average. They usually don't do it on their own because they don't want to or don't care. Seatbelts when driving are the classic example.

"The benefits of an open system aren't readily apparent to many people until they start experiencing the problems of a closed system."

I agree. We probably need a way to quickly present that when they make these choices. Enough of the market making an informed choice might sustain more alternatives that are better. This already happens with at least some of the FOSS market where the buyers specifically liked the benefits of open source. The wider, long-term effects you describe will also be interesting to watch. We might see some of the FOSS-friendly decisions on consumer side as they see the benefits or experience the detriments.

"Long time no see/read. Nice to have a conversation with you again. :)"

Likewise, buddy. Although I comment less, I've read plenty of yours. Usually insightful and enjoyable. :)


> They walked right into a big problem because convenience or apathy about risks trumped everything.

Well, or just lack of knowledge, and lack of knowledge about lack of knowledge. I think from our positions it's easy to overlook that. Sure, it seems like people are becoming more technically literate, and they are, but I think when it comes to knowing what you can do, and knowing what you should do, the latter comes well after the forming in almost all exploratory loarning (which internet usage mostly is). We've heard the historical stories (myths), that impart this knowledge. Usually we've lived a few cases of it as well. Even then, it doesn't always take right away, or we get caught out not heeding our own advice. I can't fault a largely novice internet populace for not having had the same conditioning we have.

That doesn't mean they are off the hook though. You're right, there's a shitload of ignoring the signs in favor of convenience and general apathy, it's just not the entire story.

> If anything, history has shown we have to use things like regulations to force market participants to behave more safely on average.

I agree with regulations. I just vastly prefer them to target the specific problems and not try to get too complex with mechanics. Sometimes that requires really looking into the problem, and it can be a hard sell if the general audience for choosing/voting the implementation doesn't have enough knowledge. In this case, I think a lot of the problem all stems from using personal information as currency. Strong regulations on the collection, notification, maintenance, and ability to force removal of personal information by remote entities would make what the real cost is of the systems obvious (you know what they collect and how it's used, or in some cases you know what actual money you pay since that will become a much more viable model again). Open source cometes well in that market, because the actual costs are all apparent instead of hidden.

> We probably need a way to quickly present that when they make these choices.

I have hope this is a problem that will be mostly solved through the normal way societal best practices are passed down, from mentors (parents, teachers, trusted authorities). We just need to get to a point where the mentors actually know this stuff, which requires time and them being bitten by it and learning the hard way, or reading about those stories, or eventually learning it from their mentors. When your Mom or Dad is usually the one that cautions you at an early age to beware any free service that might be trading on your personal info, we've reached a good equilibrium (but we'll still have issues with those that don't have as much access to mentors, which is a constant societal problem).


> most gmail users never see messages from my personal email address, because google routes them to spam despite my IP never having spammed

This is off topic but very briefly: implement SPF and DKIM and get a number of Gmail users (I'm not sure what this number is, but it is order of magnitude 10) to mark your emails as "Not Spam". Eventually Gmail will come to accept emails from your self-hosted server.


“they almost certainly use and appreciate federated systems like phones and email”

Two channels which have become saturated with spam and junk once the federated network starts to include players who are willing to permit bad actors to access the network in exchange for money.

People enjoy federated networks of regulated, good faith players; wide open federated networks tend towards anarchy.


>People enjoy federated networks of regulated, good faith players; wide open federated networks tend towards anarchy.

Like... email and the phone system? both of those have huge amounts of bad actors and spam, and people still use them as primary means of communication. Email and phone are generally expected to be more reliable, I think, than any of the walled garden communication protocols.

(Speaking of, if you have ideas about curbing phone spam other than keeping the number secret, do let me know.)


I'm explicitly questioning "people still use them as primary means of communication"

Really? Even internal company phone systems have largely switched over to walled garden voip or videocalling systems in most places I've seen. Nobody calls anybody any more - the only use of phones I see is for dialling in to conference bridges. Email is used internally within businesses.

What do people really still use public phones and email for?


On a more personal note, I grew up using messenger protocols, icq, aim and yim. Now, I'd use a multi-protocol client, which is a little like federation, but now that doing this is inconvenient? SMS has almost entirely taken over the role of instant messaging in my life.

It's interesting, because I always felt that a SMS was way more 'urgent' than an instant message over AIM, but... most of the adults in my social circle, even those I knew from back when we all used AIM, no longer are on any instant messenger services. They have sms (often, but not always through imessage) and they have email. Then they are on their various social networks, but everyone I know checks email more often than their social network accounts.


>What do people really still use public phones and email for?

My impression is that inter-company communications all go over email and public phone. Intra-company,of course, you use the company's walled garden, if the company is large enough to dream of forcing the world into their garden (as most of the companies I've worked for lately have been.) but even so, interviewing is conducted through public phone systems. In fact, even when I'm interviewing a candidate on behalf of my current employer, half the time the connection between the internal walled garden voice system and POTS is so bad I end up using my personal cellphone. Silicon valley companies are serious about 'dogfooding' to the point where actually doing your job sometimes feels like a secondary concern. Smaller players tend to use existing technologies, and so more often use federated systems.

I have worked at smaller places, earlier in my career; I've even setup VOIP for one of those places, but it was still terminated to a POTS T1; it just used SIP lines and asterisk rather than a wired PBX, and they mostly used public email (I mean, their own email server, but it was federated email) - those are still federated systems.

I'm currently considering going to college; today, I scheduled a bunch of academic stuff, using the phone and email. If I end up locking myself into an institution, of course, then we will probably switch to using their walled garden, because they will have the power to force me to do so, but until that happens? we're communicating via federated systems.

Whenever I'm scheduling a medical appointment outside of my primary hmo? I use the phone.

My impression is that the walled gardens are mostly used in places where the relationship has been established, and one party is big enough to have built a walled garden system, and important enough to force the other party to eat the dogfood in question. Within my primary HMO, I use the proprietary 'secure messaging' application to communicate with my doctor. Within the company, I use the company's messaging system and screen sharing system.

My own conclusion is that forcing you to login and use my communications system is a power move; everyone is still dreaming of replacing email with something more profitable.


At least in my country, incoming call filters do wonders, in particular those which query the incoming number at an online database to show you who's the caller.


Not sure about elsewhere, but in the US, it is possible to spoof phone numbers. The only way to verify that the person you are talking to is actually associated with the number is to hang up and call them back. This is particularly a problem for companies like banks and insurance.

Android actually does provide some amount of filtering[1], but if someone, say, spoofs a seemingly legitimate number, it will come through fine.

[1]: https://www.androidpolice.com/2016/07/25/googles-phone-app-n...


I've seen similar applications for ios, but they all seemed to want permissions I wasn't so happy to give to some rando. If apple provided the service, I'd probably be okay with it, but I'm not super comfortable feeding my entire contact list and all my call metadata to some random third party


Is this something the phone company implements? or that your phone implements?


It does not have to be regulated by any third-party, though. Federated networks participants can regulate networks for themselves. Look at Mastodon network. If some server tolerates spamming, it will be blocked by major servers as a whole.


Parent's downvotes are undeserved as they are spot on.

Users don't want federation in a sense that they don't _care_ if it's federated or not. Not that they actively decide against it.

They only care if they can start chatting with people from their address book right after installing a chat app.


> Users don’t want federation.

I don't care what users want. I want it!

That is the beauty in narcissism: You can use the best technology to chat with yourself. :)


Xmpp was pretty popular. Fb messenger and Google talk never allowed federation, but they did for a while allow access by xmpp clients.

Apparently WhatsApp still use xmpp, but afaik also never supported federation.

Aim didn't allow federation.

So I'm not sure what you're trying to say?

You could claim the rotting corpse of duckduckgo's xmpp service is evidence that users don't want federation - but I thinks more just an example of a mis-managed service.

[ed: the other two obvious examples of users do seem to want federation is the rise of irc despite many architectural flaws, and the continued popularity of email.]


Google Talk absolutely federated: http://googletalk.blogspot.com/2006/01/xmpp-federation.html

Unfortunately they were the only major service provider to do so, and the capability was later discontinued.


[ed: aha! They didn't really support federation in a standards compliant way:

"However, since the Google Talk Service does not support server-to-server encryption via TLS (something that was required by RFC 3920 in 2004), a number of servers (including jabber.org) refuse to establish a connection since May 2014."

https://xmpp.org/2015/03/no-its-not-the-end-of-xmpp-for-goog...

I recall there were issues...]

Wait, what? You could chat from you@example.com on your bespoke xmpp server and send messages to user@gmail without needing a Google account and vice-versa?

Was Google talk really so unpopular that I didn't seriously try to use it until it became the walled garden that didn't support server federation?


> Wait, what? You could chat from you@example.com on your bespoke xmpp server and send messages to user@gmail without needing a Google account and vice-versa?

For some glorious years between 2006 and 2013 (Hangouts), this was indeed possible. I run my own XMPP server and I used to chat with GTalk users all the time. For literally years.

> They didn't really support federation in a standards compliant way

It was standards compliant enough. In the original RFC, server-to-server TLS was mandatory to implement but not mandatory to enable/deploy. The XMPP community later moved towards enforced server-to-server encryption, but this was many years later and had little impact on GTalk federation during the time that it was supported.


I remember looking into it, and discovering that it didn't work in a sane way (ie: no server tls support). Why would I want to expose traffic unencrypted? Especially considering dangerous content, like attachments etc.

Now I see that Ms allows federation for on-premise lync - but not for office 365. :-(

Everyone wants their own silo, and force their multitude of awful clients on people.


Actually, it still worked for existing contacts until half a year or so ago, when they seem to have silently dropped it completely (I haven't really investigated, contacts I had on google simply moved to other servers, that fixed that).


User want federation. See the adoption of email.


you mean that means of communication where spam problems effectively forced a centralized infrastructure provided by a few providers and that now is relegated to mostly being used as a poor man's notification service?

running your own smtp server these days is painful.


Not that painful (speaking from experience of running one).


It's somewhat painful, but not because of spam. The pain all comes from jumping through hoops for the centralized providers (and then discovering that no matter how many hoops you jump through, it's never enough).


And see the subsequent flocking to APNS, its child iMessage, Firebase Messaging, and Facebook Messenger.

Email is obsolete.


Why does every product always have to conform to the most general use-case? Who cares what "users" want?


It seems like they have a lot of overlapping goals with Keybase.io.

I wonder if they're in contact or work with each other.


Isn't keybase a for-profit startup leveraging advances in cryptography to build yet another social network?


Keybase is not really a social network. It feels much more like a sort PKI with a Slack client on top of it. The focus seems very much on Teams.

However they could go into more of a social network direction, the features are basically there.


Keybase is an amazing idea which seems to be trapped by the current zeitgeist. It implements smooth and intuitive PKI via a command line, a mobile app and a web/electron app and seem to be rolling it out as a slack and/or dropbox alternative which are pretty solid use cases.

The downsides are that it has a very cartoony 'silicon valley' type feel which is great for early adopters, but will be a significant barrier to enterprise and government customers who would otherwise be an absolute prime market for easy-to-implement, easy-to-administrate PKI.

It also has a very start-up oriented world view in terms of 'teams'. There would be great call for generic group management. I would love to have some stakeholder management across some projects where we could have a shared space, but also have separate areas for client, supplier and subcontractors. Keybase kind of doesn't quite fit the need for privacy there, although it is so close to being exactly what is needed.

Bringing it back round to the social networking thing though - it feels kind of like it was inspired a lot by social networking. This would be a boon if it were to become a social network. It is absolutely a downside if they're looking for a wider remit.


Idk if they realized what they had... They don't even need their own chat client - I implemented an example where I could encrypt and decrypt messages automatically to anyone, over any web based client:

http://lettergram.github.io/AnyCrypt/

(Current version in repo doesn't automatically encrypt, but tests show it's straight forward).

I think that's the real power, the centralized authority of "you are X, with public key Y"


They came up with a good solution to the 'key signing party' problem.

Using public social media accounts to help prove identity is a good idea - it's a solution to the main problem that PGP had.

I think Facebook could have done something similar by generating key pairs for all users and then allowing third part access to the public keys (basically a huge public key server). For users that wanted their own private key off of Facebook they could upload their own public key. It's probably better with the keybase model though and using multiple social media accounts.


> The downsides are that it has a very cartoony 'silicon valley' type feel which is great for early adopters

I feel like once they want to role it out to companies its frailly easy to change these things.

> There would be great call for generic group management.

They have subgroups, so that's something.


is it for profit?


Nothing is monetized yet as far as I can see. I like Keybase more though, it doesn't force me to have a phone (what the hell, Signal's Linux desktop client requires that at least).


I also like the keybase product. But when I see an ambitious, well-funded startup without a paid product or clear business model... that tells me I cannot yet trust their product, strategy or management team to endure. Next year they might be a completely different company, or might not exist at all. Since they haven't open-sourced their server, that makes it risky to rely on their products, because I don't really know what it is I'm relying on.

Signal in comparison is very clear about their goals, management and business model, and I believe are 100% open-source. That gives me confidence to adopt it now, even though it's a less feature-rich product.

I would love to see Signal adopt the Keybase identity-by-proof model, I think it's very clever and pragmatic.


When you sum it up like that it sounds like a blatant op run by a clandestine agency...

Sigh, trust is hard after the crypto wars.



Not that it matters that much, but where did the 50 mil come from? I didn't see it in the post, but I may have missed it.


From Brian Acton, one of the cofounders of WhatsApp and now Executive Chairman of the Signal Foundation board.


Gotcha, I wasn't too clear on that from the post. Quality philanthropy.


Quality philanthropy in the tradition of Mitch Kapor (EFF).


Morally, how does one weigh the implications of this, in that it will be easier for general citizens to use strong encryption, but also be easier for terrorists/ne'er-do-wells as well?


Simple. There are more "good people" (people who care about others lives', even if only in small ways) in this world, than "bad people" (people who don't care about others' lives). By a large margin.


By that same logic I assume you don't believe in gun bans, right?


They are also dozens of other Actons and companies that can write a $50 mil check if needed. NSA might be in trouble




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: