He keeps bringing data privacy and data encryption as the sole motive for decentralization but that's not really the point. The main point is data ownership and freedom of usage.
WhatsApp and Signal are good messaging services indeed but:
- We are tied to their official clients.
- Which means that we are tied to the platforms they support
- We are also required to have Google Play services installed on our Android phones
- We are tied to phone numbers
- And if (for whatever reason) we trip on their abuse detection services, we might get banned and completely prevented of using their own service (mistakes on their side can happen as we have been seeing with Google)
The point of decentralization is to avoid all these annoying constraints. Encryption and privacy are a bonus, not the selling point.
Also, all of his points about centralization are completely refuted by the efforts of the Matrix project.
If you've listened to him talk many times before, it seems almost disingenuous that you'd believe he hasn't made this choice because mass-adoption and user experience are the first priority of his design constraints.
It doesn't mean your criticisms aren't valid wants in a messenger but there is a logical and publicly explained motivation to why Signal is the way it is. One piece of good news is that being tied to phone numbers is a problem Signal appears to be solving in the near future. 
- By relying purely on phone numbers for user accounts, they remove a good chunk of infrastructure for having to deal with problems with logging in or missing passwords or stealing accounts.
- And by relying on Google Play Services, they avoid having to maintain a push notification infrastructure.
And I'm okay with this! It's smart and effective but I just wish he would be open and honest about it and not spread FUD about decentralization and other alternatives as an attempt to justify Signal's design decisions and make it look like "the only true way of messaging securely".
When he was asked by the public during his talk about the phone numbers, he went a long way to give an answer that didn't really answer the question. It was almost like a politician trying to justify an ulterior decision.
He is a salesman, a very good salesman. A good part of his presentation was not even about the "ecosystem", he just was wandering off-topic walking the public through his point of view. You could see this when he started to sneakily dismiss decentralization with saying "I host my own email" basically saying "So I am an authority on everything about decentralization".
It was mentioned in a sibling comment to GP, but Play Services are no longer required. If you don't have them installed, Signal will use its own push notification infrastructure.
Indeed, this was not always possible, because they had to implement and maintain it first, in a way that would provide a good user experience for users. (And even then, the non-Play Services version is still somewhat detrimental to the user in the sense that their battery depletes more quickly, so it's a trade-off they'll have to make themselves now.)
But then you force users into a risk model where third parties (such as Google or Apple) may know everything, and users must trust them.
Also, i'm not sure what you mean by third parties knowing "everything" since Signal provides E2E encryption of content and pretty good social graph protection. For existing users of Android and IOS (target market) I'm not sure what extra trust or knowledge Signal users must give to Apple/Google other then the fact that the user does use Signal.
I'm not arguing that they're doing that. Just that the risk model depends on trusting them not to do it.
And if there is compelling evidence that they can't do it, I'd love some cites.
Also, Signal accounts are tied to telephone numbers. And it's well known that phones by default accurately know their locations. So any app with adequate permissions knows the device's location. And location privacy depends entirely on software settings.
FYI: You can download the Signal apk from their homepage.
Can one still side load Signal via adb install?
Yes, you can download the APK from the Signal website (https://signal.org/android/apk/) and install it with adb. If you have trust issues then you should think about compiling the source code yourself—it's very easy in Android Studio—and installing with adb.
However, I feel that maybe he isn't considering the downsides of being able to change quickly. Sure WhatsApp was able to add end-to-end encryption with a single update, but they can just as easily remove encryption with another update. Additionally, while I will admit that it sucks that email is not encrypted, knowing how many people and businesses rely on email every day, it should be incredibly difficult to make changes to it. I don't want a single person or company to be able too suddenly decide to change how email works.
One area where I am sympathetic towards Moxie and Signal is requiring phone numbers (mentioned at the end in the Q&A). Personally, I don't see it as being all that big of a deal and it does bring several advantages with it:
* Users get to store/control their own social network in their phones address book
* Users can switch easily between WhatsApp/Signal/etc.
Although I agree that requiring phone numbers does reduce the privacy of Signal users, I think it is a worthwhile trade off for making the app usable by the public.
Also, it seems like usernames might be supported in the future: https://signal.org/blog/secure-value-recovery/
I'm still paying for a phone service in a country where I previously lived (5 years after leaving) because I can't move all the stuff that's linked to that phone number. I even had to send them a government issued photo ID recently so I could keep the number.
And to use the number without switching SIM cards I have a separate phone that I'm booting up just for that purpose. I actually bought a third phone to manage all my SIM cards. This time I was smart. I bought an Android phone with dual SIM slots in spite of being an iPhone user.
After listening to Moxie's talk, I realise that many of his arguments sound entirely plausible from a US centric point of view but make far less sense if you live elsewhere.
Building on top of phone numbers also assumes that end-to-end encrypted messaging will always be permitted in the mobile app stores. It's a reasonable assumption as far as the US app stores are concerned. I wouldn't bet on it here in the UK though, and even less so in many other countries.
Sure, something could and maybe should replace phone numbers, as the system is definitely messy wrt international dialing and countries changing numbering plans.. But the thing that replaces phone numbers in their usefulness will bring the same frustrations you express.
Email has mostly the same characteristics, especially for non-computer-people. My parents were paying $10/mo for dialup up to ten years after switching to DSL and Gmail, just to keep their old email address. I bring that up not to point out the extortion -- email could theoretically have had address providers decoupled from hosting provider through DNS, if it had been made user-friendly -- but to point out the value in the stable identifier. I know this is an anecdote, but the story of AOL email is similar, that 2.5 million people  were still paying $20/mo for their dialup and bundled email when "some of whom" (sorry there's no better information on this) had since switched to a different ISP, but kept paying AOL to keep the email.
> I even had to send them a government issued photo ID recently so I could keep the number.
Governments will always want to link users to their stable identifiers. It's in their policing interest, for better or worse. Switching away from phone numbers will just shift the problem.
No, not at all. Most of my contacts don't have my current actively used phone number or the old one I'm forced to keep. I have a whole box full of SIM cards I once used for one reason or other. Most of them no longer work (I think).
It's the same thing in the other direction. I have tons of phone numbers of some people and I have absolutely no idea which ones actually work.
You're right that email is the same mess, at least for people who don't have their own domain (which is most people).
But Signal is a centralised service. So why not use usernames?
The reason is not stability, because phone numbers can hardly be more stable on Signal than Signal's own usernames.
I believe the reason is that Signal was hoping to get faster traction by showing people who else in their phone book has Signal installed.
I find that creepy to say the least. And it's a very bad reason force the whole usability disaster that is phone numbers, SIM cards and phone companies onto all Signal users.
In fact some countries (Russia, at least) require you to give over Government issued ID when you get a new phone number. So it’s directly tied to your real persona, this is not just one country doing that either. I believe it is also a requirement in the UK now too. (They’re combating “burner” phones)
I think university should have a mandatory course where IT student go and interact with real users and have a budget to manage according to the success of their exhange. It would make those questions much less likely.
It’s the only thing that exists which can be anonymised properly and is static through many centralised providers.
Otherwise it’s back to usernames and the bazaar that is: does this person /actually/ have their names on telegram/skype/whatever
In my experience, for reasons like this, people do not generally bother swapping phone numbers any more.
Meanwhile, in Southeast Asia recently, I was unable to sign up for Discord because they required verification with a phone number. My local phone number was rejected because it was prepay, not a contract. I wonder how many people in that part of the world have a phone contract? Does Signal also enforce that requirement? Should access to secure comminications really be linked to one's credit history in that way?
Now that it can't, it invasive use your personal information to suggest contacts.
My phone service is data-only. Requiring I have a legacy communication service like a phone number makes the service unusable by me and I'm sure I'm not the only one.
The benefits are many orders of magnitude trivial compared to the scam-factor and abuse risk.
Such a shame.
Had it been optional it would have been an entirety different story.
Reduce? I'd say eliminate. Unless it's an ~anonymous number. Which is entirely nontrivial.
Now maybe one can say that most people don't care about privacy. But it's only fair to be straight about it.
Stagnation of development is caused by fragmentation of platforms. For every app we need to develop the same app over and over and over, and then keep them in sync. That's why we need a precise, unified, and well designed OS/VM layer. Only then we can run and update the same app on many systems with ease.
The reason why it takes so many engineers is the byzantine stack of layers we've developed over the years and platform fragmentation. Which compounds with the fact that every decentralized app has to develop the same set of things over and over. If only the OS/VM layer had it ... built in - like in Urbit.
Censorship resistance problem described in the talk is not an issue if the ID is decoupled from the infrastructure. Something that I still don't understand why federated protocols don't get (I'm looking at you Mastodon). If you make them scarce and transferable it will additionally help fight the abuse.
The list would go on, but it has all been described many times.
Is this not exactly why the web has become a platform for apps? And wouldn’t all of the issues inherent in the web also then apply to this OS you describe?
Urbit is built for p2p architecture.
While he clearly understands it not only was but still is a very difficult problem to make a centralized service private (as he points out how much work has gone into making some basic aspects of Signal seem usably private), he doesn't want to admit the idea that someone could or should spend commensurate time also working on researching or improving decentralized systems :/. In the process, he ignores attempts to work on what I'd consider the primary problem (something someone thankfully poked him about during the Q&A, though I'd say not hard enough)--transport obfuscation--and thereby goes so far as to claim that decentralized systems are fundamentally less private (using an example involving peer-to-peer video/audio calls on Signal that they decided to instead route through their centralized servers) based on that assumption of non-private transports (as clearly we should all trust Moxie Marlinspike and the handful of people who work at Signal with our metadata over anyone else we might want to be able to choose to trust).
As part of this, he spends a lot of time trying to argue that people don't actually have any useful control in a decentralized system anyway, which is, of course, extremely convenient given how he doesn't really acknowledge that the entire point of his thesis is that he and his centralized organization not only should but in fact must maintain all the control so that he can follow the moving ecosystem :/. Meanwhile, he cites federated systems of the past as clear and unmitigated failures, including specifically IP, a layer upon which he somehow manages to build Signal on top of despite being supposedly fundamentally and horribly flawed due to being a decentralized protocol frozen in time and nearly impossible to change (which isn't even true! IPv6 was insane for actively going out of its way to break transition paths, but as many people have pointed out it didn't have to be that way; and even within IPv4 we have seen a lot of manipulation and progress in the form of protocol extensions. many of his other examples are also clearly flawed if you know anything at all about the protocols involved).
"Finally"--a word I use here both in terms of it being the most repetitively frustrating things about this talk (and so I list it last) but also as it came up again at the very end (thereby closing the video) due to a question from the audience poking him hard on this point (to great applause)--he continues his apologetic rhetoric for the idea that phone numbers are somehow better as an identifier than any other possible alternative--something that is so wrong on the face of it that we can point at ludicrously popular chat systems, such as Kik, that were largely popular because they did not use phone numbers at all, in addition to the vast majority of popular social networks that merely use phone numbers for account password recovery (and while many of them now require phone numbers to sign up, that is entirely unrelated to the service and how you use it, and was usually not the case when the service first came into existence: it was way more common to require an e-mail address than a phone number)--to the point of seriously claiming multiple times that ceding control of identity to the telecom infrastructure (something we know is horribly insecure even if you trusted all of the players, which I don't think anyone does) is one of the things that makes chat fundamentally better than e-mail (?!?).
Really, the best line from the video came from someone in the audience asking a question, leading with: "thanks for the thought provoking talk... you said so many things I disagree with, it is tough to pick a question" :/. For me, that feeling goes well past just this talk and his positions on chat systems: his love for Intel SGX--a technology that has been broken multiple times and whose key feature, Remote Attestation, is just "DRM" by another name--puts him on what I would argue is "the wrong side" of the war over general purpose computing, wanting to rely on user-hostile hardware to protect decentralized cryptocurrencies (such as his MobileCoin) from attack by anyone... other than Intel, obviously, as they can be trusted?... or any governments that can lean on Intel, as maybe we like those governments?... or of course, anyone with a zero-day hardware side channel attack, as we can pretend all of those have been found? :/... essentially, in the end, most of his positions just seem like a way to shill for centralized government control over everything, with metadata being protected only by the security of the memory of his servers (something which was pointed out by yet another question from the audience, and for which he didn't really have a good answer) wherein the best case scenario is that laws like the DMCA end up being what protect us from attackers as opposed to actual math :/.
That is an extraordinary mischaracterization of his talk. What he actually says is that decentralization makes many desirable characteristics -- enumerated at some length in this video -- more difficult. The implicit argument, then, is since we're struggling to achieve certain desirable characteristics even in centralized systems, we should focus our efforts there first.
Most decentralized systems seem to have more surface area for surveillance, not less. Why couldn't surveillance agencies and data-grabbing corporations just launch a bunch of "Sybil" nodes to surveil everyone? These would be virtually undetectable as they would be otherwise well behaved nodes and could be put behind ordinary looking cloud or ISP connections. Most shared data stores can be trivially scanned and data mined, decentralized networks like DHTs can be crawled, decentralized apps can be MITMed with Sybils and honey pots, and so on.
I predict that if any decentralized or federated system really becomes popular enough to merit attention from data-grabbers we will see the launch of an industry of companies and consulting services dedicated to mining and surveilling it. Security is hard, and security across a heterogenous decentralized network run by users and volunteers is many times harder.
I suppose you can see something analogous in the cryptocurrency space. I've argued for a while that Bitcoin and similar CC systems were in fact rapidly compromised, but not by attacking their cryptography or protocols. They were compromised via social engineering and financial game playing that transformed them from currencies of the sort they were intended to be into decentralized Ponzi schemes and money laundering vehicles. They were taken over and repurposed, not taken down or hacked in the conventional sense. The same thing would probably happen to e.g. Matrix or Mastodon if it got popular enough. Companies and governments would just assimilate and repurpose these things into surveillance and spam-delivery vehicles. With superior resources and economic forcing functions this would be quite easy.
A centralized system has a single point of failure, but that also limits attack surface. I assume centralized systems to be surveilled by their own operators and their host countries, but it's a lot harder for other actors to do so.
1) It's a reasonable comparison of centralised and decentralised systems.
2) It's a way to discredit decentralised systems so people move to Signal because Moxie is a corporate / government shill or want to be the personal Jesus or something.
Which explanation looks more likely to someone, is mostly based on how they personally trust Moxie. And a lot of people in the community don't consider Moxie trustworthy.
In my personal opinion, this talk made a lot of people angry, precisely because Moxie went to Anarchist club (CCC) and had a talk that can be summarised (again, in my personal opinion) as "give up on decentralisation, give all power to ME ME ME and I'll take care of you, pinky swear." Of course Anarchists don't want to hear that.
But to someone who trusts Moxie or centralised power in general, this might seem like a crazy interpretation.
(I don't necessarily agree with Moxie but I saw his talk as neither of your 2 points.)
What gives you that impression? I've heard many cryptographers say a good first step is to "just trust moxie and install his stuff". He's certainly better regarded than Pavel Durov (Telegram).
Actually, we've been quite clear publicly that Matrix's initial incarnation didn't try to deal with metadata privacy, e.g. this presentation taken from a 2015 talk at the Jardin Entropique cryptography conference in Rennes: https://matrix.org/~matthew/2016-12-22%20Matrix%20Balancing%...
The fun thing is these days we've got to the point of building out metadata-preserving federation transports in Matrix (I just spent the Christmas break working on the stuff outlined in https://fosdem.org/2020/schedule/event/dip_p2p_matrix/).
It feels like we (as Matrix) should do a formal response to moxie's "ecosystem is moving" stuff at some point, not least because the original blog post was written in response to me mailing him to consider linking Signal into Matrix :/
Moxie doesn't want to share, does he?
I hypothesize that the reason for this is time poverty, not lack of expertise or desire to learn. People are more time-poor today than even 20 years ago. Even people who know computers well and could figure out how to use more DIY systems do not have time to do so.
I have a rule of thumb when designing systems: each step required to install or use something halves the number of people who will try it. If 1000 people discover something with a 10-step install, only 1-2 of them will actually try it. Remove a few steps and that number doubles a few times. Most successful "viral" apps have three or fewer steps.
Decentralized, federated, and generally more open systems have been consistently unable to deliver anything close to the ease of use of vertically integrated systems.
No one ever asks who is funding him, Signal development and their running costs.
My takeaway is that he highlights that centralization makes moving fast easy (he's not wrong) and prods those who want to develop decentralized systems to be aware of the downsides. He holds up bitcoin OSS as a "fork to evolve" model as something that sortof works but isn't great either.
We need something better. Perhaps a stack that solves the fundamentals in a reusable manner (discovery, e2e encryption, hiding metadata, group management, ...) so that people don't have to sink man-years into every new project.
That said, there are also flaws in his arguments such as the "server goes down, everyone has to change identity" example seeming too simplistic since identity does not necessarily have to be tied to a single instance in a distributed environment.
Wait? When was Kik ludicrously popular? Usernames clearly wasn't a feature that kept users coming back as the service almost shutdown in October before being sold off.
There are certainly some people that would prefer a username or other identifier, but avoiding yet another invitation fest by using your existing address book seems like a better onboarding experience to me, and seems to work ok for enough people. Also, who wants to fight for usernames again?
I don't agree that phone numbers are good for onboarding: sending the first message to somebody on whatsapp requires asking for the phone number. Sending the first email requires asking for the email. Sending the first Skype message requires asking for the username. Not much different.
Whatsapp gives the extra bonus of being able to phone call and send sms to the contact and have the information required to add it to other networks. Maybe this is a power I wouldn't grant to all of my whatsapp contacts but I'm forced to of I want to use it.
Finally, it's much easier to change a username and reset my personal social network for a single messaging service than changing my phone number and lose most of them.
The argument for phone numbers is that you probably already have the phone numbers for your contacts, and not their Skype username if you've never contacted them on Skype before. It allows easy transition of contacts from the unencrypted phone network to encrypted messaging.
But it's still not clear what the issue is with at least having the option to use an email address instead of a phone number, which you also might already have in your contacts before the first time you communicate with them using a new messaging app.
Kik was ludicrously popular among 16-24 year olds (and, both sadly and notably, I believe people even quite a bit younger); one of the main reasons cited is because your parents couldn't find you easily using your phone number (as they could on WhatsApp) or your real name (as they could on Facebook), etc. FWIW, I'm way too old to have used it myself (and was just as shocked at how popular it was as you seem to be when I learned of its existence at age 36).
> Usernames clearly wasn't a feature that kept users coming back as the service almost shutdown in October before being sold off.
I mean, the story is that Kik had a hard time figuring out how to monetize its user community, particularly given how many kids were using it, and so they decided to try launching a cryptocurrency at the height of the crypto bubble in 2017, which led to a $100 million dollar fine from the SEC due to irregularities in their offering... they got to the point of being so screwed that they decided to try crowdfunding their legal defense against the SEC, and so shut down Kik and fire most of their staff to conserve cash (where they were still in the "lose money on massive growth" phase of "maybe one day we will figure out how to sell ads or get bought by Facebook" trajectory).
However, that's the story; when I started looking into it (as I cared a lot about their SEC issues, as someone else who was working on a cryptocurrency project) I noticed they were also under some serious investigation for what was looking like child trafficking on their largely anonymous network of kids, and so one might want to consider the idea that this whole SEC SNAFU served as a good excuse for shutting down a business arm that was actually about to land them in much hotter water with the FBI than their offering was landing them with the SEC without actively coming out and saying "we looked into it and uhh... it was bad". Either way, AFAIK they didn't shut Kik down because it wasn't popular.
> Also, who wants to fight for usernames again?
Usernames aren't the only way to deal with identity. I'm not advocating for usernames (and in fact have some serious issues with them: I have on many occasions--all of in talks, on panels, and in comment threads--argued that the usage of permanent and unique chosen identifiers is actually immoral for a number of reasons I won't delve into again here), but the idea that phone numbers are somehow fundamentally better--particularly this argument comparing them to e-mail addresses--makes no sense given that essentially no other popular social network bootstrapped off of your identity being a phone number; the closest you could argue is that they supported mass address book contact matching, but that was always optional and somehow those services succeeded.
(Really, I think the argument Moxie was making was just fundamentally flawed as it was a broken analogy: he was trying to compare it to e-mail addresses as if e-mail were the competitor, but most people treat e-mail as the backdrop reality of identity not a viable competitor to their real time chat app, whether or not you want to argue they "should" see those as competitors. He then just fails to really tie the argument together with how any of these other social network services bootstrapped, and comes to this conclusion that the phone number is somehow the perfect identity. Like, if you compare phone numbers to e-mail addresses from the perspective of a service that is neither a phone company nor an e-mail service I think you get a very different answer than if you compare Signal trying to rely on third-party phone numbers to e-mail services relying on first-party e-mail usernames.)
The monetization of the web went from services fees to advertising supported to subscription. Those closed off subscription pay walls are going to merge into each other and we're going to end up subscribed to one big cable-like service that becomes an institution upon itself. The web will become an institution like the old library, university and newspaper. Only when everybody is ID'd and institutionalized like Brooks in the Shawshank Redemption will the true value of a decentralized web be realized. People will be aching to get out, to play in the fields again outside the FAANG cage. Have non-polite conversations in secret or hold competitive advantages outside the borg.
Signal is the definition of a honeypot from the old days, the thinking around privacy has disappeared people just accept being a database entry on facebook's servers.
I think you meant to write Matrix?
This would be like calling all of email "GMail" or "Outlook". Sure, some people do say that -- but it's still inaccurate.
> How does wire compare to matrix?
Matrix has most of the same features, but also supports groups much better than Signal-based protocols (a group-wide key is used an regenerated frequently, which amortises the cost of all the peer-to-peer messages required for Axolotl). It's also federated -- which means you can also self-host your own homeserver (very similar to email, but even easier). And Matrix has native support for bridges to other chat systems, allowing you to reduce siloing between chat platforms (you can talk to Slack, IRC, and Matrix users in a single Matrix room completely seamlessly). As far as I know, Wire doesn't do any of those things.
I also think the newest features Matrix has for key exchange (both the emoji-based verification and the new device cross-signing features) are objectively the most intuitive and easy-to-use when compared to any other E2EE chat system. Yes, even better than Signal's UX for key exchange.
Yes but I was referring to the clients.
He is kind of a weirdo
I totally don't get the phone number obsession.
All you need is a seed phrase that generates a key.
Unless you're using PGP (and -- critically -- the other people know how to use it as well), then your email is stored as plaintext on your email provider's email server (and the email provider of anyone you send the email to, as well as any forwarding agents that passed the email along).
The original comment didn't imply usage of PGP. They asked whether messages being encrypted between mail hosts counted as E2EE -- and remember that the number of email users who also use PGP is close to 0%.
But with PGP, sure -- though PGP has many other problems which make it a questionable choice unless you are forced to use email for some other reason:
* Most email clients don't know how to use it and will often allow you to accidentally reply to an encrypted email with clear-text. This comes back to "every single one of the recipients of your email needs to actively know how to use it correctly".
* PGP doesn't have perfect forward secrecy (instead depending on long-lived keys) which means your entire conversation history is threatened if your keys ever become compromised.
* Most PGP implementations are not using properly-authenticated cryptography (yeah, there's the MDC but Efail showed that there were serious bugs in its design -- and backwards compatibility made it bypassable). OpenPGP still hasn't standardised AEAD.