Hacker News new | past | comments | ask | show | jobs | submit login
Signal is finally bringing its secure messaging to the masses (wired.com)
630 points by jmsflknr 8 days ago | hide | past | web | favorite | 390 comments

It's good to see Acton quoted; he'd been so silent since his donation-to/association-with Signal that I was beginning to wonder if behind the scenes, there'd been a falling out.

However, these "enrichment features" from Signal over the last 2 years are less than what competitors like Telegram put out in 2 months.

Really basic things remain undone. Like being able to carry your contacts/message-history forward across planned device-upgrades on iOS – https://github.com/signalapp/Signal-iOS/issues/2542 – 4.5 years after it was "on the roadmap".

Many of Signal's novel cryptographic innovations, while cool, depend on trusting Intel SGX: both as a technology & in Intel's stewardship of the master keys/attestation-chains. Many cryptographers don't believe SGX will be technologically reliable anytime soon, and much of the world will probably see US-based Intel Corp similar to how the US sees China-based Huawei.

I second this. I like Signal and appreciate all the efforts people put in. But I don’t really care how Signal added cute stickers or optimized image showing. I just need a privacy app and keep my data. The only reason I didn’t recommend Signal to my non-tech friends was not being able to migrate/export chat history on iOS. This seems to be such a basic (not necessarily easy) thing to do but they just didn’t do it.

> But I don’t really care how Signal added cute stickers or optimized image showing.

That's maybe true for privacy enthusiasts. You severely underestimate the need for these cutesy features when targeting mass market though. I claim stickers are much more important for that than data exporting.

> cutesy features

Personally, I don't care much for features supporting cyber-grooming. What's the point of using cutesy features to attract users who don't care about security, just so someone else can _securely_ cyber-groom them?

Are you somehow equating stickers and grooming? That takes quite a leap of imagination.

Stickers aren't targeting young audiences in any sense. It's very weird to draw such conclusions just if you're not using them yourself (if that's the case).

Can you elaborate? I'm not totally sure what you're defining "cyber-grooming" as here.

The point is: if those users don't use Signal, you're forced to use another IM when you want to communicate with them.

There isn't much point in having a secure chat application if you want all your chats to be portable and exportable across devices and operating system upgrades. You may as well just use Telegram and opt for 1:1 secret chats for when you actually want security.

Signal offers this backup/restore function on Android – where about 60-70% of their users are, if I understand the Wired stats correctly.

So user-controlled portability doesn't seems fatal to the "point" of having a secure chat app, there.

My workaround, last time I upgraded my iOS device, was to screenshot all the old conversations I wanted to retain. Pictures come over just fine! Did Signal forcing me to do that make me more secure?

I think they just hate iCloud. (Perhaps while they trust Intel, they distrust Apple? It'd be great to know why.)

Well, I don't trust iCloud with my device backups, either. There are other things, in other apps on my phone, more sensitive than my Signal logs.

But it seems Signal is holding my chat histories hostage because they don't trust me. And it seems their ultimate plan for this will require me to use some Signal-run, Intel-SGX-mediated 'trustable cloud' for my contacts & messages. No, thanks!

A backup method that just copies it _somewhere else on the same device_ is not really a very useful backup. It involves manually moving files around if you want a real backup, which feels very antiquated in 2020. Why isn't there some way to automatically store my (encrypted!) backup via a cloud backup solution, whether that's Google Drive, Dropbox, or just allowing it to be backed up as part of an Android backup?

Doesn't copying device data to another device, such as a laptop or desktop, do that? I mean... it's not cloud based, but I _thought_ it was a full local backup.

> There isn't much point in having a secure chat application if you want all your chats to be portable and exportable across devices and operating system upgrades

Sorry but I don't understand this sentence. Why?

Like, I get that it's challenging from a technical standpoint, but I absolutely don't see why it would be pointless?

Riot/Matrix does it: it's far from mature/polished—plenty of room for improvement—but it uses double-ratchet, and it functions.

Storing conversations is introducing a massive security hole. One single person in a group can compromise every message from every user.

Secure messages shouldn’t persist and if they do they aren’t secure. Being able to export, upload, and restore an entire conversation history is the opposite of secure.

There is no point in using a secure messaging system if your entire conversation history can be downloaded the minute a single person in your group loses physical security on their device. Just use FB Messenger.

> Secure messages shouldn’t persist

This is a nice, but ultimately utopic, non-sensical, impossible security requirement. I take your point that anything persistent is insecure, but anything received is potentially persistent.

There's no such thing as perfect security, there are only levels. Even a system with some hypothetical form of perfect plausible deniability designed into the receiving end could be compromised via transit metadata.

Saying persistence makes secure messaging pointless is pure hyperbole. Encryption protects against a broad range of threat vectors, some simple, others extremely challenging. There's value in every measure.

Your comment only makes sense if we assume your security requirements match everyone else’s under all circumstances.

This is not likely to be the case.

> Storing conversations is introducing a massive security hole.

Sure, but that could be up to every sender to decide whether they want their messages to be view once/view for 24hrs/store forever.

Could this be because of a non-compete clause agreed on during the Whatsapp acquisition by Facebook. I heard Whatsapp team was around 50 people, wouldn't be surprising Zuckerberg wanted some extra assurances.

> However, these "enrichment features" from Signal over the last 2 years are less than what competitors like Telegram put out in 2 months.

It should be noted that most of these were released at breakneck speed in the past couple of months. It feels like they spent most of the past two years hiring and training new people, probably stabilising the code bases a bit, and that that's now starting to pay off.

"Many cryptographers don't believe SGX will be technologically reliable anytime soon"

E.g. for online backups, SGX will only handle rate limiting. If you're using sufficiently secure password (+80 bits), Argon2 will provide robust enough security for your login and not even a backdoor in SGX matters.

this popped up a few days ago. Could become an interesting alternative ode day. It's p2p based (no blockchain nonsense):

> Session is an open-source, public-key-based secure messaging application which uses a set of decentralized storage servers and an onion routing protocol to send end-to-end encrypted messages with minimal exposure of user metadata. It does this while also providing common features of mainstream messaging applications


whitepaper: https://getsession.org/wp-content/uploads/2020/02/Session-Wh...

Signal is on route to add contact/data recovery:


... they also cite this as a bottleneck for adding non-phone identifiers. It seems like they are putting the infrastructure in place to fix a lot of the remaining usability issues that people have with them.

'Secure Value Recovery' that will rely on their newfangled, Intel®-SGX-dependent trustworthy cloud key services.

Why do they need me to trust Intel, or novel crypto/software that might be deployed in... when exactly? Why can't they let me just trust the same secure backups that all my other sensitive data/communications are in?

SGX that, as a user, you can't even verify is in use.

I really don't know why they're focusing on things like this. It does nothing to increase evidence-based trust, so it's no better than saying "we added a rate limiter, and delete keys after X attempts" (which I'd be totally fine with, and they could probably put in place in practically no time). Either way you're still relying on them doing what they said they're doing.

Kind of unfortunate that Matrix is probably not focussing on making the protocol and apps easy to get on and use Matrix/Riot as a WhatsApp, Signal replacement for end users (person to person comm). It seems to be just for teams and orgs (Slack, Discord).

RiotX (the next gen of Riot) is a Matrix client from the core team, designed to go up against WhatsApp/FB Messenger/iMessage by default... and then expand into Slack/Discord style use cases for powerusers who want that. It's currently in the final stages of beta on Android: https://play.google.com/store/apps/details?id=im.vector.riot...

Meanwhile there are lots of other promising Matrix clients emerging which are aiming for person-to-person comms - e.g. http://dittochat.org, https://pattle.im, https://fluffy.chat etc.

The fact that there exist other clients that are specifically "built with user experience in mind" (Ditto) or built "to be a Matrix app that everyone can use" (Pattle) sometimes makes me wonder why that would not also be the goal of the official client?

I think RiotX is supposed to replace Riot eventually, at least the Android client https://github.com/vector-im/riotX-android. Didn't find a link for an iOS client though.

What I think is most notable about this article is that they go out of their way to point out how its significantly more difficult to roll out all these "user nicety" features everyone expects, when you live in a world where you can't just "let the server know everything" (like many other apps people often compare with).

I think it’s a good case study on why the state of security in the world is the way it is right now; people want convenience more than security.

I even fall victim to this myself: Signal not having a search history or losing message history when activating a new device is often too much of a show stopper.

I really hope Signal will be able to pull this off somehow, but seeing how much these type of apps rely on a network effect, I am skeptical.

Lack of search is just a lack of a locally-implementable feature. There's really no security reason why it would be more difficult.

Transferring to a new device, on the other hand, does get somewhat more complicated. For ease of use, the data needs to be placed somewhere intermediate. That being said, I can understand Signal's hesitation to embrace Google's cloud storage options for such a feature.

> The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds that formed its core user base for years—thanks in part to a concerted effort to make the app more accessible and appealing to the mainstream.

Seriously, Signal is probably the app that’s focusing least (and also slowly) on being more appealing to the mainstream and to large groups of people (protesters and activists) who might benefit from it, because:

1. It relies on a phone number for signing up. Worse, it exposes your phone number to everyone who has your number in their contacts list, thus allowing enumeration attacks (like what was done with Telegram in Hong Kong, where Telegram quickly pushed a fix).

2. It’s 2020, and it has no chat backups on iOS. Change your device and you lose not only all your old chats, but also group memberships (you have to figure out how to rejoin groups and then face issues like not seeing other members).

Overall, the “breakneck speed” of development that the article speaks of doesn’t actually exist. If they want to see real breakneck speed in adding features, they have to look at Telegram for comparison and then decide what words to use.

If you want better accessible alternatives and E2E and cross device sync and backups, take a look at Wire. Support wise you don’t get much from it, since the company is focused on paying clients. For the free tier users, it already provides more than Signal can in 2020.

I see “no backups” as a feature, not an issue. If there are backups, that means that someone can a) steal them b) or ask to see them (government). I use signal a lot with a few friends, and we all know that the what we share might immediately disappear, and that’s ok.

The issue about phone number is real.

And yet, on Android they support backing up your data.

> I see “no backups” as a feature

I will appreciate the “backup” feature. You don’t have to use it but users are better off to have such an option after understanding the risks.

I don’t disagree with your stance, but my argument is against the claim that they’re developing features to appeal to mainstream users. No backups is not a mainstream feature.

No automatic backups could be a feature but not having any way to migrate your old chats to a new device is not a feature.

Signal desktop is broken, since at least mid 2018.

There is an open github issue, where the maintainers don't really respond:


They statically link a openssl library for their forked version of sqlcipher, which makes it impossible to build signal on anything other than ubuntu.

Static linking against an old openssl library is also not that good for security reasons, which imho is a bad sign if you say your chat programm stands for security and privacy.


Link wrong, now corrected

One possible workaround for now might be to use the Flatpak version of Signal instead. I've been using it with no problems on Fedora.

When I run a application for security reasons, I need to either built it myself, or have it build by official channels.

I just hand edit the signal package.json each time I need an update, but I just don't understand why they won't update their dependency.

I believe I am using the Snap version on Solus and haven't had any issues.

> which makes it impossible to build signal on anything other than ubuntu.

I've never had a problem on Arch or Manjaro

You did a git clone and then a build without issue?

Because the repo on arch patches the issue with the statically linked openssl library:


So if you just install signal from the aur, then you use the patched version.

Sorry, let me rephrase that.

The AUR has a working patch so it clearly isn't impossible. You can probably follow the same procedure. So I just wouldn't say that it is impossible to install it on non-Ubuntu distros, just not trivial. But this seriously doesn't look complex.

Also, wasn't Signal pushed into the main repos recently?

It's in community and uses this 2-line patch:


Of course you can replace the dependency, but do you know if it is 100% compatible?

My point was that as long as the maintainers don't give us the reason for the static link or the custom dependency, we can assume we can replace it, but we don't know.

Could be that it works, but it uses an insecure cipher, could be that there is a silent corruption.

Nothing is impossible, just means you have to reedit and patch each time and know you running untested things for a secure application.

The url you posted doesn't work/point to a specific issue...

Can you link to the specific issue? You linked to a search, not sure if by accident.

I cannot fathom the proliferation of phone-only messaging apps.

Am I really the only person who prefers to type on a full-sized keyboard, and see my multiple conversations on 27" screen, as opposed to one and a half inches of no-feedback glass surface? :-/

I went to Signal site, downloaded the Windows app, and once installed, it asks me to link my phone. No option for any other signup. NOwhere in the download process or on main site does it warn me that this is a phone-only app. The desktop app itself simply starts to a "Connect your phone" screen with no explanation why I have to do it, whether there are or aren't alternatives, etc. Nothing about this is remotely user friendly.

I have half a dozen laptops, two phones, few tables at home alone; the notion that I must be crippled to only communicate via the smallest, least practical communication device I own; and then be horribly crippled in attaching one-at-a-time additional device but with crippling dependency on said phone... I guess I'm a negative focus group and completely out of touch with the realities of the world, but I cannot imagine or understand who wants to live like that :-/

You're not the only person who prefers to type on a full-sized keyboard, and I share your preference. But you should recognize that you are in a relatively small minority of users, and that Signal has made the eminently rational decision to focus its efforts on the majority use case.

If you look at Signal as a response to SMS, WhatsApp, and iMessage --- the messaging platforms most people use --- its most controversial decisions make a whole lot more sense. Doing that requires people to accept that Signal wasn't necessarily designed for them, and that in order to decisively solve the problems it has set out to solve, it's had to make tradeoffs that cut against what other people want. That's unusual for a startup! Startups usually try to make everyone happy! But then, Signal isn't a startup.

Meanwhile: you're ultimately going to get the Signal that you want. A desktop-based, phone-untethered Signal seems inevitable; in fact, it seems like we might get it not that long from now. But we're certainly not going to get it on the timescale that message board people want to get it on.

In fully recognizing that I am a minority case,I am sceptical signal and whatsapp will *ever have a fully untethered protocol with desktop as a first class device. My understanding is that it would require a complete rearchitecture... For no benefit other than to appease a few grouchy nerds :-)

Pity; even though all of my family use whatsapp and are unlikely to move, there's a fascinating look on their face when they first ponder the idea they could've picked up their conversation on their big tablet when at home. It just doesn't occur to them to expect / demand more :-/

> I am sceptical signal and whatsapp will *ever have a fully untethered protocol

It sounds like they may want to do this eventually, but it requires some significant re-engineering of how users are identified on the network. This is mentioned near the end of the article:

>That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. "I’ll just say, this is something we’re thinking about," says Marlinspike. Secure value recovery, he says, "would be the first step in resolving that."

My understanding is that it's not an architecture thing, but an authentication thing: SIM/# as ID is just too practical for both dev and user and they have no plans on changing that.

You're closest hope for a skype replacement that runs equally on all platforms is tox, which requires managing your key.

>SIM/# as ID is just too practical for both dev and user

In what way is that practical for a user? Once i've chosen an ID and password for a service I can easily type that in using literally anything that can connect to the service and spew out some characters.

An id linked to a SIM/# is is a real pain in the ass when you need to change your SIM/#, hence why i've got a bunch of old contact numbers for people stored on my phone alongside new ones so I can talk to them on whatsapp or signal and have it show me their name still after they change numbers.

I've also got a bunch of whatsapp contacts that aren't even people I know any more because their numbers no longer belong to them. People who's pictures and updates I can see who I don't recognize or know.

SIM/#'s are ephemeral in a lot of places, I know people that change them fairly regularly, having that linked as some kind of identifier is not good for users.

In what way is that practical for a user?

This is just me making an assertion, so take it for what you will, but the typical user cares a lot more about contact discovery than everything you mentioned, so an authentication system that makes that work more goodly is quite practical for them.

>contact discovery

In both situations I have to have a contact's information already to find them. For a ID/password, you need your contact's ID to find them, for a SIM/# system, you need their phone number, every person I talk to on whatsapp or signal have given me their phone number, or vice versa, so we can communicate through those platforms.

I had some friends that used Kik before, they had to give me their username. These two scenarios are exactly the same, in both cases I still need info from my contact before finding them. Only, an ID is more secure, because it can be used only with one service if you so choose, with a SIM/# you have to give your contact your phone number, allowing them to contact you through any other service you use that number with, whether you like it or not.

I cannot see any benefits of that system for the user that you don't get from a ID/password and some cons that personally, I find unacceptable, such as the afore mentioned, seeing stranger's pictures and info just because they have a number my friend used to have, that's downright creepy and makes me wonder how many people who've saved my number can watch me on whatsapp and see when I'm online or check my profile out.

Even people I do know, I don't necessarily want to see on there, employers, numbers i've saved for looking at places to rent, my ex landlord, clients i've had for work i've done. I don't need or want to have all these people automatically added to every chat program I install they also happen to have.

>typical user

My argument isn't that you are wrong about your wants and needs, it's that you aren't a typical user.

Have you ever asked the average user how they feel about:

>seeing stranger's pictures and info just because they have a number my friend used to have, that's downright creepy and makes me wonder how many people who've saved my number can watch me on whatsapp and see when I'm online or check my profile out.

>Even people I do know, I don't necessarily want to see on there, employers, numbers i've saved for looking at places to rent, my ex landlord, clients i've had for work i've done. I don't need or want to have all these people automatically added to every chat program I install they also happen to have.

I have, it inspired them to clean up their contact list.

Moxie said at his C63C talk that they were planning on getting rid of it as soon as a practical solution was found.

> they have no plans on changing that

I think you might be wrong on that, based some of the code changes made to Signal over the last few months. They are internally moving to have users be identified by a UUID and phone number. I suspect they will eliminate the requirement for phone number identifiers when they introduce other identifier options.

I don't believe it's "SIM as ID" - I believe it's SIM as complete authentication (i.e. userID+password in traditional systems).

(I have my thoughts on THAT as well, you'll be surprised, when it comes to security... we're nerding out about obtuse and obscure end-to-end encryption, meanwhile, majority of those 2bil users don't have a lock on their phone, and now they also have no protection on their messaging :-/ )

> majority of those 2bil users don't have a lock on their phone, and now they also have no protection on their messaging

They still have in-transit protection due to end-to-end encryption, so no protection isn't necessarily true.

Facebook claim [1] they're working on making Facebook Messenger and Whatsapp interoperable. And obviously messenger works fine in a desktop browser.

[1] https://www.engadget.com/2019/04/30/facebook-will-let-users-...

I'm surprised nobody has mentioned https://web.whatsapp.com/ yet. You need to log in by scanning a QR code with your phone, but once you do, you can use your full-size keyboard to chat!

I know it doesn't check all the boxes for you, but hopefully it can improve your quality of life while talking to your family :)

You cannot create an account or sign up via web app. But let's put that aside.

You can ONLY sign up / register / add one device.

Not "at a time", even. At all.

You use your tablet, your phone disconnects.

You use your computer, your laptop disconnects.

You switch from laptop to desktop a few times, and now it's suspicious and gives you additional difficulties or bans you outright (that may or may not still be the case, but was when I tried this nightmare of an app a year ago or so).

You can only have ONE mobile and ONE computer device, at best, if you're lucky, and stars align, and it's second Tuesday of the month and the moon is full and you sing praises to Garmunklee the demon of impractical communication methods. Trying to access it on work and personal laptop; work and personal phone; or on phone and tablet; all is completely outside the supported use case and is for all intents and purposes impossible.

Compare to old-school ICQ, AIM, any XMPP, or Hangouts or indeed email etc, where you can seamlessly transition communication from device to device - and even check your messages on trusted public or 3rd party device such as friend's computer - and it's like waking up in a twilight zone.

It is pretty much the most architecturally user-hostile system I've encountered in my life, but again - I'm clearly in 2,000,000,000 vs 1 minority here :D

I feel like this is a very long way of saying that in WhatsApp there is a single private key which is stored on the device that you register.

You're not supposed to be switching between devices like that. You're supposed to be proxying your messages through your primary device (i.e. cell phone) using the web interface.

Like the UX is bad for people with two phones and the mobile experience of WhatsApp web is nonexistent so that kinda sucks but "having one phone, and sometimes a tablet/laptop with the web interface" covers a lot of people.

E2E is hard when you have to route messages to multiple devices, aren't storing messages in a central server, and those devices can be unavailable for indeterminate amounts of time and no guarantee that a subset of devices having the complete chat history will ever be on at the same time to sync.

>E2E is hard when you have to route messages to multiple devices, ...

OpenPGP has been dealing with multiple recipients since forever with no back channel even.

> ...aren't storing messages in a central server,...

Who cares if we are doing E2E?

> ...and those devices can be unavailable for indeterminate amounts of time and no guarantee that a subset of devices having the complete chat history will ever be on at the same time to sync.

You only have to store the encrypted messages for each individual client until they connect again. If you are doing perfect forward secrecy then the client has to keep the decryption key around until the next connection so the server stored messages can be decoded. Then the key is destroyed.

>>You're not supposed to be switching between devices like that.

That's the Apple "You're not supposed to use our device that way" approach, and again, while it works for a huge swath of users and I am completely cognizant I'm in a tiny contrarian minority, it still and nevertheless feels like a hostile user experience.

Note that "Switching devices like that" is ever so tiny a misnomer; I am "Using multiple devices" (not replacing my phones permanently etc, which I get is a more difficult scenario... and one that Whatsapp historically deals with in the most insecure fashion imaginable; until recently their FAQ held explanations that you may get somebody else's messages if you get their phone number; or that if you switch your own phone number you need to email support and wait; it really feels they focused on the E2E encryption, important to tiny proportion of their userbase, over any other security consideration; but again... I get I'm alone in this perception :)

Why is it hard? Group chats are E2E (in WA/Signal) and solve this problem.

It's not that far fetched to make every conversation a implicit group conversation with n devices on both sides.

My problems with WhatsApp desktop isn't that I can't use multiple phones, it's the various issues that don't affect Signal desktop. (Can only have one desktop/laptop, no iPadOS, messages randomly won't send/receive if phone is in too deep a sleep mode.)

None of those are problems affecting Signal.

I mean you can do the same thing with Signal. The issue other commenters have had is that it is fundamentally tethered to a phone still.

See the right side here: https://signal.org/download/

Signal's desktop app does not tether to the phone permanently. After connecting the desktop client, youc can use it fully independent ly from the mobile phone. WhatsApp doesn't allow that.

You need an untethered protocol to support chatbots and other applications. And desktop as a first class device falls out of that. And mobile users benefit too, now no longer having to distribute their phone number. I feel that they had started with untethered, then Signal would be a lot father along the road to its goals.

Against my better judgement, I'm setting family members up on Matrix right now specifically because they don't have phones and I can't switch them to Signal. A consequence of that is that I'm setting up a bunch of people who do have phones with Matrix, because the alternative is excluding people. In a world where Signal was even just a tiny bit more open, I'd be able to use it for my family right now, and I could at least wait longer for Matrix's E2E solutions to mature more. That would definitely be the world I prefer.

> "This is not just for hyperparanoid security researchers, but for the masses," says Acton. "This is something for everyone in the world."

If you want encryption for the masses, delivering 90% solutions and dismissing unconventional use-cases is going to put a ceiling on adoption. It's not just technical users who balk at phone numbers. I'm dealing with elderly users, I'm dealing with kids.

"It's not designed for you" is a reasonable response if you're building a niche product for a niche audience. But it's important to note, that is explicitly not Signal's goal. Signal is advertising itself here as an encryption platform for everyone. A ubiquitous chat problem has higher requirements -- even if 99% of my family has a smartphone, that's not good enough, because we're talking about shared group chats. The solution has to work for 100% of my contacts.

I don't think Matrix is mature enough to trust for super-sensitive communication, I think it's a lot less unpolished than Signal, I think it's a lot more annoying and a lot more buggy. I'm irritated that I'm using it this early in development. But I don't see what the alternative is, because it works for 100% of my contacts, and that's what encryption for the masses requires: 100%.

Heck, I can even bridge Matrix (albeit, poorly) to other clients, a feature that Signal has specifically rejected. Which is a fine decision for a niche product. It's not fine if you want a chat application that everyone can use. I need to be able to talk to users who aren't on Signal.

The "minority" argument is bullcrap given Signal's stated goals in this very article. Sure, Moxie is talking about eventually getting rid of phone number requirements as a highly-theoretical, future event after contact integration, and key retrieval, and whatever. But I'm not going to wait literally years to have a secure E2E conversation with my nieces.

> I'm setting family members up on Matrix right now specifically because they don't have phones and I can't switch them to Signal.

> “It’s not designed for you” is a reasonable response to you’re building a niche product for a niche audience. But it’s important to note, that is explicitly not Signal’s goal. Signal is advertising itself as an encryption platform for everyone.

Aren’t people with no phone increasingly niche?

I’m not trying to be combative but I would argue attempting to build your app for every single use case is literally a million niches which would require so many concessions and that is the opposite of Signal’s approach. Signal has no interest in building for odd and strange use cases and instead choose the most likely use case and build specifically and securely for that use case.

:) I don't take it as combative, but it's worth pointing out the vision you have of Signal as a focused product is not the vision that Signal's developers have, or at least not the impression I personally get when I read the linked article.

> "I’d like for Signal to reach billions of users. I know what it takes to do that. I did that," says Acton. "I’d love to have it happen in the next five years or less."

When you look at a platform like Slack, it's fine for the devs to say that they don't care about certain users, because Slack is not a universal chat app. Slack has a very specific market: business users. Other users are nice, but not really required, and it's fine for them to go use something else. Signal on the other hand doesn't really have a specific market; they've always described their target market as just 'everyone'.

This is extra-tricky for a chat app because network effects come into play. An app that I can use by myself without relying on anyone else doesn't need to be particularly inclusive: 90% support (or even lower) is probably good enough. But if Signal decides that it's not for 10% (or even 1%) of the people in my social group, then there's a very real chance we might all abandon it. Supporting 99% is excluding not just 1% of your users, but also everyone directly connected to those 1% of users.

And honestly, I would push back on the idea that smartphones are going to reach even 99% saturation any time soon. There's an very consistent demographic of people who don't have phones: kids who are given hand-me-down tablets or laptops. I know a nontrivial number of parents who are waiting longer to give their kids phone numbers, but they still want their kids to be able to message friends and family members. I don't think in 5 years we'll be at the point where every single 5-10 year old has a smartphone.

This is exactly the situation I'm in, where I'm trying to figure out how to allow younger family members to communicate with me, with their parents, with their friends. Even if I set them up with phone numbers, I'm asking them to break contact with anyone else in their social network that doesn't have a phone.

The most obvious group of people who avoid mobile phones are the elderly, and you can't just wait for them to die of old age because there will continue to be new elderly people avoiding mobile phones. At least until we solve age related physical deterioration. And waiting for the market to come to you isn't a brilliant strategy in any case, because your competitors are not standing still.

And as the OP states, it isn't just the people who avoid mobile phones who won't switch to tethered protocols, but people who want to message the people who avoid mobile phones. And a high proportion of us have elderly relatives, and we email or Skype or Facebook them.

Which Matrix client are you using? Wondering if the lack of polish is because you're on Riot/Android rather than RiotX/Android.

I am on the standard Riot client, I didn't realize that RiotX existed. Will definitely give that a try, thanks for the heads up!

Note that the polish concerns I have aren't just for Android though -- some of my contacts are only on desktop, and Riot's desktop app also has issues with contrast, resource usage, notifications/updates, searching in encrypted rooms, key synchronization. Even on the backend, setting up closed communities is just really confusing and buggy. I had to abandon a community and recreate it half way through because it bugged out trying to remove an empty E2E room and then couldn't add/remove/edit any rooms after that point -- and this was on the main, public Matrix homeserver.

It's getting better. A year ago, I don't think I could have used Matrix/Riot to the extent I'm using it now. I don't want to be too critical, because it's improving at a genuinely impressive rate. I'm still betting on Matrix being the future-proof choice for me to make for the majority of my chat/community infrastructure.

It just feels like it's still early in development, clients like RiotX are still in beta -- which makes it tricky when I'm trying to roll it out in "production" to very young and very nontechnical users.

We stopped developing Riot/Android months ago - meanwhile RiotX/Android is about to exit beta and is feeling unrecognisably better.

On E2E, search is now implemented, as is totally revamped verification and cross signing and fixed key sync, as per https://fosdem.org/2020/schedule/event/matrix/

Communities are a trainwreck but next up to get fixed in the coming months.

Thanks for sticking with it; we’re catching up as fast as we can...

Having just struggled through verifying keys on multiple devices, that video makes me really happy, for a lot of reasons. Particularly, it's a nice bonus-surprise to see the E2E search and Pantaliamon as generic tools that 3rd-party clients can hook into, because there are a few communities where I'm thinking about putting together very narrowly-focused custom clients.

And I just installed RiotX and it shows reactions correctly!

Hopefully comments like this aren't too exhausting. There's two sides of it, one of which is all the stuff to complain about. But the other side is that stuff like Pantaliamon is really cool -- it means if I want to build a custom chat client with weird features, I can have decent encryption for free without having to worry that I'm doing something horribly insecure. The bridges are still getting polished, but similarly, they're also amazing because bridges allow me to make very forward-facing, future-proof decisions about where I want to host communities and I know that I won't have to abandon existing members that are on platforms like Discord.

The core project is just really exciting, it addresses all of these problems that I've had in the back of my head for a long time. There's this wonderful feeling where you're constantly annoyed about something and feel like there's nothing you can do about it, and then one day you find out that not only does someone else feel the same way, but they're actually fixing it. And even more than that, just finding out that it is actually possible for those problems to be fixed; that there's going to be a point in my future where that happens.

So there's admittedly a lot of impatience there, but it's coming from a very hopeful place, and I hope it isn't discouraging.

Do you know what the deal is with the constantly present "Listening for events" notification with RiotX?

Is this to work around the Android background task auto-killing?

IIRC, apps that stay alive in the background have to use that persistent notification. It doesn't happen if you can rely on push notifications, though. I do not use google services (f-droid version), so I was expecting to see that, but do you see it as well if using them?

Note that you can hide the notification by long-pressing it.

I agree with most of your comment, but

> That's unusual for a startup! Startups usually try to make everyone happy!

I don't know about that. Most startups - and especially the successful ones - have few qualms with ignoring "edge case users" and focusing on what they perceive to be their target market.

I believe the OP was being sarcastic there.

> A desktop-based, phone-untethered Signal seems inevitable

That one might be called "jabber".

Not anymore than it should be called ICQ. The XMPP protocol does not share any of the privacy-oriented roots of signal.

A little tongue in cheek, of course. I suppose you could run an encrypted protocol over any untrusted transport.

The point is that Signal is designed around your real life identity. That's a real use case, it helps discoverability immensely, and that's generally why people use it. Should you wish to communicate pseudonymously there are plenty of options already available.

(The XMPP suggestion was only partly in jest. Any modern client, such as Conversations, is pretty solid. But there is no shortage of options for chat.)


X stands for extendable in XMPP. Read about OMEMO.

One of the big issues with any messaging system is how to address your recipient. WhatsApp, Signal etc use a phone number. Jabber, irc, etc use other.

So, one of the problems to bring your use case to life is that you'd need to remember your friends' phone numbers AND you'd need to know that they're on Signal.

Signal, as an app gives your phone the ability to completely replace your sms system seamlessly. If a particular friend doesn't have Signal then it goes via sms.

So, the use case you're mentioning is definitely relevant, but having yama (yet- another- messaging- app) is going head to head with WhatsApp, jabber & co, and not currently what signal seems to be aiming for: secure messaging for the masses.

Maybe in the future it'll add usernames as an address recipient, but it may turn out to be a mess like Skype if so (Am I phoning someone, or skyping? Do i have credits, etc). Currently, Signal clearly delineates in the app ui what's going to happen when you press send (or call).

Thinking out loud some more: usernames are a terrible idea.

Maybe using a hash, (like Tox does) is a way to individualize recipients, and meta data: phone, email, etc are then tied to that (eg like keybase does it). This way friends lists can be harvested from the phone (something I'm always wary of) for the masses, whereas privacy conscious ppl can maintain it by giving out a throwaway email address. It means you could set up Signal on multiple phones and not once leak your phone number by using the same hash account. It probably wouldn't even need a password (again, like Tox).

Do you consider Signal to be secure? A seal of approval from you would be nice :-)

Why would you trust Thomas any more or less than Moxie?

Trust is relative. I'm not a crypto expert but Thomas ostensibly is. Is he the best? I don't know but he's a consistent figure here and I made a friendly, perhaps in-artfully phrased request for an opinion on a related subject.

I do regret asking as I wasn't looking for the negativity I received.

Searching for validation for my question found an interesting thread on Thomas and his role here:


"tptacek is using an appeal to authority given his standing as a security expert on this forum. That's the only reason his comment containing no justification is being taken seriously."

I don't know why anyone would trust either of us, when you can take the Levchin Prize referees word for it; that includes Dan Boneh, Kenny Paterson, Brian Ristenpart, and Nigel Smart.

sorry to bother you.

Because Thomas uses his real name, whereas Moxie uses an alias.

This comment is gross.

Rephrase: "one reason could be [...]"

> I cannot fathom the proliferation of phone-only messaging apps.

Because they work. Not ideally, but reliably.

I can pick up my phone, and actually message my friends, and I don't have to debug why my open source Linux client isn't compatible with their open source Windows client, or their XMPP server doesn't want to talk to my XMPP server, or figure out which identifier they're using today.

Signal takes away choice, and delivers a product that works. Which beats a product that is theoretically "better" (multi-device support, desktop support, ...) but in practice cumbersome or just not up to the task (e.g. because my friends aren't using that messenger, or OMEMO messages are not decryptable because someone mismanaged their key, ...)

Moxie made all the right choices, even and especially where unpopular: Aggressive action against alternative clients to keep their existence marginal and ensure a consistently good user experience, phone numbers as identifiers to overcome the network effect, etc.

In order to be useful, a messenger has to support mobile - I will want to talk to my friends when I'm on my way to meet them. So for a desktop messenger it's either flawless multi-device support or failure, and the former just doesn't seem to be achievable yet. A desktop-only messenger is useless because it doesn't meet my needs when I most need it; a mobile-only messenger is a bit annoying, but works 100% of the time, even when I'm using a desktop, because my phone is also nearby.

You make very good points about the tradeoffs they avoid :)

I'd be satisfied if they could do some form of eg bluetooth connection between a desktop app and your phone to give a limited desktop experience, however. I don't think that'd be impossible, similar to how whatsapp web really just proxies to your phone (well, best I can tell that's how it works)

Threema Web uses WebRTC data channels to establish a direct connection between phone and browser: https://github.com/threema-ch/threema-web/ Definitely possible (but quite complex in practice).

I use Signal heavily, mostly on desktop. It would be more accurate to say that Signal registration is mobile-only. Once registered, you can never touch your phone again and everything will work.

I've tried Telegram, WhatsApp, Hangouts, Facebook Messenger, iMessage. Signal has been the only one so far that I have been satisfied with because it:

* Supports end-to-end encryption (and "disappearing" messages)

* Has desktop and mobile apps that can be used independently (after registration at least; WhatsApp appears to require your phone to be on and near the desktop for the desktop app to work)

* Distributes messages to all Signal clients (Telegram was nearly unusable due to this problem - I had to mentally remember where the conversation was when switching between desktop and mobile)

* Doesn't have some sort of highly constrained user experience that requires using a social media platform or requires using a specific web browser (this has been a real problem with Hangouts and Facebook Messenger since they stopped supporting XMPP - RIP Adium)

* Supports mainstream desktop and mobile operating systems (iMessage fails at this, despite Apple's promises in the last decade)

* Has feature parity with other major chat services (this is the only weakness of Signal, but these days I can't think of a feature on WhatsApp or Telegram that isn't on Signal)

I agree that I wish they would steamline the registration so that you don't have to go through a somewhat convoluted process to get started, but it really is not a phone-only app. Desktop is a full first-class citizen after the initial fixed cost. I think that's the price they may pay by being a non-profit - maybe the marketing isn't exactly what Facebook/Google/Apple/<pick your own DataVortexCorp> can afford.

EDIT: Oh, I guess I should have mentioned Skype, but no thanks. Sorry, Microsoft, just no.

You do have to touch your phone for every desktop client you link, and if you reinstall or bounce between machines, you encounter this a lot. Infrequently, the link just screws up and you have to 'relink' the desktop client, again requiring the phone. No way to log back in without the phone. Really my only complaint with an otherwise perfect tool.

Agreed. I'm hoping the article is correct and they're working on a method to handle login/registration that doesn't require registration/linking via phone, and doesn't leave a "bricked" account.

> and "disappearing" messages

Aren't these basically just DRM? A really ineffective one as signal is foss.

Only if you have an adversarial relationship with your correspondent.

I do not see how this affects it. As a matter of fact, if you do not have adversarial relationship with your correspondent you would not need that piece of drm.

Mostly people don't particularly want to betray you but they're lazy and don't care very much about you.

As a result "please delete this message" won't get actioned but exploding messages can be very effective.

When I'm flying at the airport, a border guard can compel me or my friend to unlock our phones and show them all our messages. If our conversation history is regularly automatically cleared, we can both have peace of mind.

I don't know how you can have peace of mind giving your regular phone to a border guard in any case. If you travel on any regular basis, a dedicated phone for travelling that gets wiped before crossing borders is well worth the purchase, IMO.

Disappearing messages do help with your friend who doesn't have a sanitized device.

and your friend who has a gf/bf that goes through their phone taking pictures when you are asleep or in the shower, whether you know it or not..

and other apps on your phone that behave the same way.

That's exactly why Google Allo was a no go for me from the start. I'm using Telegram now, and their desktop client is great. Any mobile first solution is uninteresting for me, and that includes hacks where messages are routed from my computer via my phone.

Google Hangouts is pretty great, so of course Google is discontinuing it. I always have email open anyway, so its very convenient to fire of a chat while I'm on desktop.

I've used Hangouts since it was Google talk and used xmpp. I used several different multi protocol programs to connect to Google talk, Microsoft messenger, ICQ at the same time. Things where different back then.

Now I try to get as many as possible to get away from at least Google and Facebook services.

Encryption only available for mobile chats, right? And "secret" chats won't be available for the desktop view.

All chats are encrypted to and from the client, but only secret chats are encrypted end to end. And yes, secret chats are only available on mobile.


The point of encryption is to protect content from third parties. TLS-like encryption where messages can be read by server, is not protecting the content this way, therefore, calling it encryption is misleading. When average user asks "is it encrypted?", they're not asking "Oh I totally get that the developers can access the content but is it safe from passive eavesdropping in the network backend?", they're asking "Can anyone else read the messages?", i.e. "Are they E2EE?". To which the answer is no.

This is unfortunately correct, but I still prefer Telegram to other chat clients.

I mean, given the Signal protocol, the alternative would be your messages being routed from your phone via your computer. And the average person's computer isn't on/awake/connected to wifi as often as their phone is, so that'd be a much spottier experience.

Forgive the slight tease, but this just sounds like “I cannot fathom why <thing I dislike> is more popular than <thing I like>.” It’s really as simple as more people being comfortable with <thing I dislike>. From there it’s relatively easy to come up with reasons - an example in this case might be that people really enjoy sending messages / photos when on the move in situations where getting a laptop out is impractical.

1. Teases are always forgiven :)

2. But, I feel quite the opposite is the case here.

I fully comprehend that somebody may want to use phone as their primary communication device (my wife, for one:). More power to them and I would never get in their way. I will use it myself when on the move. On the other hand, so many people seem to get a "deer in headlights" look when trying to imagine my use case of using laptop to communicate.

App like Google Hangouts supports phone and laptop as equal first-class citizens. It makes EVERYbody happy. It's a great superset of all use-cases. You can share your pictures on the phone and type your long messages or parallelize conversations on a laptop. Everybody happy! :)

Signal and Whatsapp, I will counter, do not solve the problems or userss case that we on HN think it does. NOBODY I know using Whatsapp has a clue that it uses end-to-end encryption, nor do they care. I would venture that's the case for majority of the 2bil userbase. All they know is they never had to create an account or password, which makes it simple to use. It is actually the "lack" of security that's the biggest selling feature (though of course, at this point, the network effect is the single biggest selling feature over anything else; my family uses Whatsapp because everybody they know uses Whatsapp - QED).

I don't understand your point. You have full-size keyboard access through Signal's desktop app on your laptops paired to your phone so what's the problem?

The problem (my opinion, not necessarily the op's) is using the cell phone number as the public id. An alternative id would promote better privacy. If Signal scales to even a fraction of the user base of a Facebook or WhatsApp, it needs to reconsider using the cell phone number as a public id. I can see where a group invites you to join and there's a bad egg in the group. That bad egg (randomly or intentionally) uses your cell phone number for all sorts of nefarious intents. I like to keep my cell phone private and not have it out in the wild.

Isn't the desktop app a recent development? Or maybe I only recently discovered it.

It's been around since 2015, so pretty much from the start: https://signal.org/blog/signal-desktop/

Any idea about how the security posture changes? I would expect some significant tradeoffs are required to make all your messages appear in your browser

The Chrome app has been deprecated for some time - the current desktop version is independent of browser and available for Windows/macOS/Linux/iOS: https://signal.org/blog/standalone-signal-desktop/

I haven't used it in a while but I think it's probably similar to WhatsApp where it basically just tunnels it through your phone without actually running a Signal client on your machine.

It's not, once linked the desktop client can be used independently of your phone.

i'm not 100% sure how it works, but it seems to sync some messages. Not working perfectly as my desktop client does not have the full history from a chat, even though my phone does. It only has some of the messages from where the desktop client was first started.

It's quite odd to brand a web app as a "desktop" app, but it does fit with Moxie's unfortunate decision of trusting Google et al.

The Chrome app has been deprecated in favour of a true desktop app for several years: https://signal.org/blog/standalone-signal-desktop/

A true desktop app in so much as it bundles a standalone browser and uses that to render the web app part...

Can I use Signal from desktop only? Can I create an account from desktop? Is my account independent of any specific device? Can I use Signal on multiple computers at the same time with correct credentials?

> Can I use Signal from desktop only?

Yes, the desktop client functions independently from the phone client once linked (so not like whatsapp that proxies everything through your phone).

> Can I create an account from desktop?

Technically yes, but you either need to compile the desktop client yourself[0] and miss some features or use something like signal-cli[1] to act as the main client. So it's not supported (yet?).

> Is my account independent of any specific device?

The first client that registers acts as the main client, so no. But it might get easier to restore access on a different device without using backups with the secure value recovery[2] stuff they are working on.

> Can I use Signal on multiple computers at the same time with correct credentials?

It's possible to link and use several desktop clients at the same time.

[0] https://github.com/signalapp/Signal-Desktop/blob/development...

[1] https://github.com/AsamK/signal-cli

[2] https://signal.org/blog/secure-value-recovery/

You need a phone to create an account and register the desktop app but then you can then use it completely separately from the phone, even when the phone is not online. You can link multiple desktop apps to one account/phone (afaik).

You can definitely use multiple desktop clients with one account, I have it installed on my home laptop and desktop

The Signal desktop apps at least are independent in that they do not require the phone after the initial setup, but yeah, it's annoying. They were far from perfect, but the multi-chat-protocol clients from the ICQ&co days had a lot going for them...

Having signal be tethered to a real phone number does give you a point to root your account around, and allow recovery. It must reduce spam, and it's always a way to find other users. But I do find it irritating that you can't have a virtual account too. When my phone busted, because I hadn't saved off all my security recovery info, it didn't matter that I had signal running on my laptop, etc, I had to reset my signal account on my new phone. It would have been nice if I could have "added" a new root account on my new phone from a working device. keybase allowed this.

It is borderline trivial to steal someone else's phone number through social engineering and the systems underlying the world's GSM networks are very easy to spoof, MITM, and otherwise hijack with a minimum of equipment.

It's crazy to me that with all of Signal's emphasis on security (being designed by one of the top security researchers in the world, no less), they chose to make tying your account to a phone number a requirement.

I go very far out of my way to make sure that nothing important to me is tied to my phone number.

If you have and use Signal you can tell it not to let somebody else hijack Signal along with your phone number. You set a PIN, and then it pesters you for the PIN periodically to check you didn't go "Oh I'll just type some random digits and then moan later when I'm locked out, that'll be fine".

So long as you keep entering the correct PIN periodically, Signal won't let anybody register with your phone number without knowing the PIN you've shown you remember.

If you quit using Signal, after a while there haven't been any correct PIN entries for too long and anyone can claim that phone number again (and if they want, set a new PIN).

Anecdata: just set my mom's new iPhone up today, and re-registering Signal required she set up the registration lock PIN. I don't personally use that feature yet but interesting that it was mandatory.

That introduces the problem of someone getting a new phone number. If the previous user had it tied to pin+signal it means that the number is essentially blacklisted.

If you get a new phone number the week after a prolific phone user lost it, I'm guessing that would be super annoying already?

"Hello? No, this isn't Dave, he got a different number. No I don't know what it is. No this isn't a prank, please stop calling"

As a result I would imagine that unless the network is absolutely clean out of numbers (which they try hard to avoid) it will just never reuse numbers in such a short period. The only way somebody else has the number while the PIN is valid is that they're attacking you, which a PIN blocks.

So my guess would be that this ends up not being a problem in reality, it worried me right up until I read the expiry mechanism and then I went oh, that makes sense.

Ha! True. Well, a less prolific number may not get all the calls.

I've seen first hand how numbers can be reused fairly quickly (months). (This was in the Caribbean).

A 7 day pin expiry? I need to look at more details here because I can definitely go 7 days without using my phone. Or, I've travelled abroad and used a local SIM while my "home sim" was never in use for the duration of the stay. (But I kept the ID number on whatsapp/signal/telegram).

The PIN lock expires after 7 days unless you re-auth, so this is only a temporary inconvenience.

> It's crazy to me that with all of Signal's emphasis on security (being designed by one of the top security researchers in the world, no less), they chose to make tying your account to a phone number a requirement.

It isn't crazy. There's a tradeoff between convenience and security. Signal appears to trying to create the most secure system that's still usable by most people, and are advancing the state of the art in many areas to make that happen.

It's important to keep in mind that the best security in the world is of no use if you don't bother to use it.

In any case, Signal gives you optional actions you can take to solve some of the problems your concerned with.

> Having signal be tethered to a real phone number does give you a point to root your account around, and allow recovery.

It also makes it dead simple for most users, even nontechnical ones, to use and understand. They don't even have to do anything special, their Signal contact list is already bootstrapped when they install the app.

Eons ago I wondered why the IRC and NNTP protocols weren't being improved.

I still do.

The AIMs and MSNs and Skypes came and went. Now it's the WhatsApps and Discords. Every one of them trying to reinvent the wheel the should have just been fixed 20 years ago.

But why has nobody sat down and said, "Here's a better IRC, here's a reference client, here's the source code, knock yourself out."

It's still not too late you know. In fact, there has never been a better time (and need) to revamp those classic platforms for the modern era. With services like GitHub and AWS, it should be easier than ever to collaborate on building ever better clients and hosting servers etc.

Here's my wishlist for improvements over what I can remember of IRC:

• Mandatory encryption for client-to-server and direct peer-to-peer.

• Server-side chat history, spam filtering and DOS resistance.

• Ability to send binary data like images, audio, video and arbitrary files in public channels and private chats.

• Message deletion and temporary messages.

Basically a decentralized Discord (which is a centralized IRC to begin with.)

> Eons ago I wondered why the IRC and NNTP protocols weren't being improved.

For the same reason SMTP hasn’t meaningfully improved in the last 25 or so years. It’s an ossified protocol because of all the competing implementations. Moxie is right about that bit.

HTTP and HTML are slightly different because of the huge dollars backing implementers, but there are still significant features not in one or more if the major browsers, and adoption of HTML5 was actually pretty slow.

Basically, open standards sound awesome, but they quickly get frozen in time due to compatibility constraints.

So we really have no one to blame but ourselves.

It sounds like you are looking for Matrix.org (and Riot.im)

Doesn't answer your protocol question, but Textual is a really fantastic IRC client for macOS with various modern capabilities.

> Eons ago I wondered why the IRC and NNTP protocols weren't being improved.

Is being worked on now:


> I have half a dozen laptops, two phones, few tables at home alone; ...

I'm dreaming of a messaging system with end-points that consume a Plan9 style file-system. Each device mounts the file-system, et voila you can send and receive messages from any device that has the FS mounted.

Generally I want to hack the Android kernel so that it uses the Plan9 style FS so that I can not worry about the how-where-why of syncing docs-photos-music-etc between sundry devices.

I say "Plan9 style FS" because the Plan9 FS requires some host server, some single end-point for file storage. I'm dreaming of a FS that negotiates storage (perhaps using an LRU policy) between a network of devices (ie, my phone, my laptop, maybe a DO droplet or something on AWS).

Sharing could be encrypted blocks (to obscure discrete binaries), perhaps using the bit torrent protocol?

I know there are software packages that do what I'm talking about, but it isn't easy. I can't just scan a QR code (and then do the two-factor authentication) and have access to my files.

This is basically what Keybase does. You provision your Keybase and you have access to a shared file system that is e2e encrypted.

They don't do the messaging threw the file system, but I would argue that's an implementation detail.

At some point Chris Coyne implemented a terminal chat UI on top of KBFS and `tail -f`. I can't remember if he published it anywhere though.

One of the reasons you don't want a real chat app to be implemented like this is that KBFS has to be pretty conservative about conflict resolution. If you and I both edit `foo.txt` at the same time, then we're going to wind up with something like `foo.txt` and `foo.txt_CONFLICTING_COPY_2020_02_14`. (Basically the same as what Dropbox does.) But of course, that's not what we want to happen if you and I send a message to each other at the same time. There, we want the server to just tell us which one came first, and that's fine. There's no real conflict. (For larger gaps, where my phone has observed your message before I send mine, Keybase will indeed sign over that observed history, and the server won't be able to reorder the messages.)

What if we push the abstraction? Folders in the FS represent recipients and files are the messages? Then if you and I send a message we don't have to worry about who edited some file last, rather, we inspect the time stamps of the file IOT render the messages in the correct order. We could even do arbitrary nesting/threading a la reddit if we wanted (treating writable files as folder descriptors as well, like Scrivener).

If I send you a message for the first time, your FS (nodes connected together) gets a request/ invitation to mount a new FS/folder containing files where each is a message. Want to add someone? Invite to mount the collective FS. Instantly the new member can see the chat history and begin writing new files/messages to the FS.

That all seems possible, but this honestly just seems like tons of effort for very little benefits compared to a rest api and a nice little data-store.

You probably already know about Syncthing, which is a block-based peer-to-peer file synchronization solution.

There are some talks in the project to add a way to only download files when actually accessed and there's no real-time communication, but I imagine it would not be insanely hard to add. It already somewhat offers the adding-process you describe.

I had syncthing running on my phone and my laptop. I've had lots of issues with the sync actually working; ie it will hang on certain kinds of Jupyter notebook files, or it will ignore my images directory completely. I'm sure I've had other issues...

Anyway, I gave up trying to get it to work because sending myself emails or using GDrive has less friction.

I've been fascinated by usability for a long time. It seems that many high-brow projects (see plan9 and others) aren't very interested in usability by the general population. Not you and me, but Joe(lene)-Schmoe who doesn't have a clue about the innards of their phone. They just want their stuff here (on there phone) and there (on their computer).

I want that too. I guess I want to make neat and useful tech approachable to many.

I even have an idea to monetize the above FS: a single page application that automatically spins up VMs that provide encrypted nodes for your personal network. A byproduct of that is a web access point to your stuff that doesn't (shouldn't) go down. This is important because, if you're like me, all your nodes are wireless and run on battery and therefore could leave the network at any time.

The only things certain in life are death, taxes, and the top comment on HN being someone complaining about how the product doesn't fit their very specific use case.

It’s either that or attempting to trivialize the content of the link to let everyone know that they could do the same thing in 4hrs after work on a Wednesday.

I am pretty happy with whatever Google calls its chat/hangouts thing these days, as I can send SMS's from my browser or chat via either a browser or my phone, and it's all pretty transparent.

I want nothing to do with tech I can only use on my phone.

Hangouts is actually one of the best messaging apps to this day, I'll be sad when it disappears.

I love being able to send and receive messages from my PC and phone, seamlessly. And, probably the best part of all? All of my messages are searchable using Google's excellent search in my gmail inbox. I've been able to find specific messages I remember sending years ago. No other messaging platform does this (at least, not well).

I wish they would have added search to the mobile app. Too busy creating endless new mobile-only chat apps I guess.

I think if you search in the gmail app, they'll turn up.

But it's not encypted. And Google keeps threatening to kill it.

Yes, those are good points, but kind of tangential to mine.

I really don't understand where Google is going with its chat thing, as I find it just about perfect for what I need.

Are you referring to hangouts with the USA-only Google Voice service?

The desktop version of Signal works very similarly to Android Messenger. Although Signal doesn't require the phone to be turned on to send receive messages.

In what way is the dependency on the phone crippling? It's a one time sign-up with the phone. You don't have to use it after that.

I don't have a smartphone that can install apps. SMS would be one thing, requiring a smartphone is, indeed, crippling.

I guess you could install it in an emulator and enter the code you receive via SMS in it during the setup phase.

One could also install it on any non-phone device (iPod, tablet, etc.) that supports app installation.

Emulated phones get a phone number?

No. The emulated phone in this proposal is a way to run the Signal Android app.

During enrollment Signal uses SMS to close the loop on a claimed phone number. The OPs real phone doesn't run Android but it can receive SMS messages so it gets that SMS. The next screen in the emulated app says if the SMS code wasn't filled out automatically then please type it in, and that's what you do.

Tada, now your Signal account is linked to your quite real phone number for a dumb phone.

> it asks me to link my phone

It's because Signal chose to make the phone number their main identifier, not some random username or email.

(I can't immediately find their rationale for that decision, but I think it had to do with making the service available to those millions that have a cell phone but no email, and usernames make it hard to auto-populate contacts whereas phone numbers can be cross-referenced with your contact list)

The rationale is this: messaging platforms are social networks, all of them are based on contact lists, and all mainstream messengers besides Signal store contact lists on servers. Those contact lists are incredibly valuable metadata, probably the most valuable intelligence target outside of message contents themselves.

Signal uses phone numbers because Signal users already have contact lists outside of Signal. By piggybacking on phone contacts, Signal can avoid storing metadata about who's sending encrypted messages to whom.

Compare that with Wire, which is a fine system, but which also effectively stores a log of every pair of users that have spoken to each other on the platform, in a database, constantly available.

Not having that database is the win for phone number identifiers.

Meanwhile, while the loss from that decision is painfully felt by people who communicate on platforms like HN, it's hardly felt at all by ordinary users, who already communicate primarily on platforms that use phone numbers as identifiers. WhatsApp, the most popular messenger in the world, was created as a pin-compatible replacement for SMS.

Signal's decision here is not the decision I would have made, because I loathe phone numbers (and, for that matter, messaging people on my phone). But it was a smart, principled decision, and almost certainly the right one; I'd decide otherwise because protecting the most people in the most effective way might be my stated preference, but it wouldn't be the preference my own actions would reveal.

I don't see how account-based systems, or Wire in particular, must "effectively store[] a log of every pair of users that have spoken to each other on the platform, in a database, constantly available". As far as I can tell – and just like Signal – they just need to hold (destination-ID, blob) for all as-yet undelivered messages. And if the destination-ID isn't a phone-number, it's harder to correlated with other extant databases of (phone-number -> IMEI) or (phone-number -> person). That is, this undelivered-log has less metadata in an account-based system than a phone-number-based system.

I get that using the contact-lists, and the constant re-uploading of contact-lists, is great for Signal's bootstrapping. Anchoring IDs to phone numbers might also work as an abuse throttle.

But I don't see how it minimizes metadata. Can you clarify?

The contact graph isn't necessary to deliver messages, but it is necessary to make the system usable: when people open up the application, they expect to see a contact list. To make that feature work, most systems just store the contact list on the server; the aggregation of all those contact lists is the entire contact graph for the service. That's the thing Signal won't store.

Sure, it makes it more usable. (Though, I use Telegram & WhatsApp with many contacts just fine without sharing my contact list with them, neither once nor the repeated-uploads Signal wants.)

But Signal could still be keeping a database log of everyone who's actually ever sent a message to anyone else. (To the extent anyone's using 'sealed sender', it'd be harder – but apps like Wire could do something equivalent to 'sealed sender', too.) And that database is way more valuable to many attackers if it's keyed by the phone-numbers Signal has, compared to the aliases other systems have.

And to the extent the Signal client wants to keep re-uploading my entire contact-list, even a one-time, temporary compromise of their SGX-based system would reveal all my phone contacts.

The synchronized contact list feature of other messengers requires them to keep the contract graph stored. We don't have to wonder whether they're logging it; they have to be.

> The desktop app itself simply starts to a "Connect your phone" screen

Presumably that is because it is the only device with the requisite cryptographic keys?

It’s precisely because iMessage and Telegram don’t treat the desktop as a second class afterthought that I use them for messaging instead of Signal.

Has Telegram started providing encrypted chats to the desktop apps? Last I checked, you could only engage in encrypted chats from the mobile app.

I just checked. If it has, I can't see how to do it.

Click on the pencil & paper icon next to the search window. One of the options is "New Secret Chat".

I don't see it. I'm using Version 1.9.9

If you're using Mac you could find this feature in https://macos.telegram.org/ (v 5.9.1)

This is really confusing they have two official desktop clients for MacOs.

iMessage is riddled with security issues: https://news.ycombinator.com/item?id=21425897

Also, Telegram still

* Has no E2EE by default

* Has no E2EE for desktop clients

* Has no E2EE for groups.

When security is an afterthought, no convenience feature matters.

Can I create an iMessage account using a Windows or Linux desktop? Or are those second class desktop platforms?

You need a phone to set up Signal (mainly to prevent spam) but once you've done so you need never use it again if you choose not to. I use the desktop version most of the time. It does lag a few steps behind the phone version though, because most people aren't using a 1.5" screen, and want to have secure communication in the field as well as at home.

For me, the biggest problem lies in the fact that your messages are local. And phones will always have less capacity than dedicated storage servers.

What bothers me the most is when I have to resend a photo or file to a friend of mine on WhatsApp because he changed his phone and didn't want to install the WhatsApp backup from cloud. Or you simply had to delete things to free up space on your phone. Or I've lost something because I didn't want to have my phone's storage full of cat memes or something.

The way WhatsApp makes "backups" is totally dysfunctional. Instead of using a database with support for indexes and full-text search, it simply creates a kind of zip file with a proprietary protocol that forces you to download the entire backup again to search for a single file or message.

I hate having to use WhatsApp and I try to bring people to Telegram as much as I can.

It is as if we have gone back in time and gone back to MSN Messenger, only worse.

I used to feel this way too, but then was talking to family that was visiting from other parts of the world where no one they know owns a laptop or desktop computer, but everyone has a phone. For much of the next wave of computer users in rising countrues around the world, the phone is the first and only computing device that a person owns. They grew up on smaller screens and digital keyboards and have no care to move to what they consider a less convenient form factor. It really helped me better understand why some of these global messaging platforms are focused so much on phone based systems.

Your comment is a single reason I use Telegram. WhatsApp does the same, you can't even see web version without phone, and I'm probably the only one in the world, who doesn't have any apps on it... ;)

> I cannot fathom the proliferation of phone-only messaging apps.

Matrix/riot is the solution. Works wonderfully across platforms. https://riot.im/

I understand why people like Matrix and wish that project the best of luck, but it is not comparable to Signal as privacy technology. The last time Matrix was discussed here, just a few weeks ago, the network couldn't even require support for E2E encryption, apparently because too many of its clients didn't have it working.

How long have people been watching and discussing Matrix on HN? It feels like a long time. It's 2020 now. It has never been possible to send an unencrypted message on Signal.

People should use Matrix if they like Matrix. But they should not be suggesting to random strangers that Matrix is as safe as Signal.

> The last time Matrix was discussed here, just a few weeks ago, the network couldn't even require support for E2E encryption, apparently because too many of its clients didn't have it working.

Ironically, we turned on E2EE by default on the develop branches of Riot (the main client) 12 days ago at FOSDEM: https://fosdem.org/2020/schedule/event/matrix/. It will go live across the whole network in the next release, complete with cross-signing for key verification.

And in the last two weeks, two more independent E2E-capable client implementations popped up - one in Dart (https://gitlab.com/famedly/famedlysdk/) and one in Rust (https://github.com/poljar/nio-rust). Video of the Dart/Flutter one in action is pretty cool https://youtu.be/nm36pt2rHcI :)

So yes, we're not as monomaniacal about privacy at any cost as Signal, but we're catching up.

So what percentage of Matrix users will now be using E2EE chats? Is it both groups and one-on-one chats or will there exist disparity between the two? Does the app prompt enabling E2EE in rooms where it's not enabled?

The more important question is "at what point will it be impossible to use Matrix in an non-E2EE mode".

> It has never been possible to send an unencrypted message on Signal.

Irrelevant nitpick, but hold down on the send button and select "Insecure SMS"

A nitpick on that solution (that no longer applies to me, because I no longer use an Android device):

It isn't persistent. Signal always defaults to secure messaging, which caused me regular headaches when I used it. More than a few people I knew installed Signal, used it briefly (or not at all), and went back to sms. Signal would always default to sending securely, and I'd always send these people a message that they'd never see, because they were no longer using Signal.

After some time I'd realize they didn't get it and would have to resend as an insecure sms. Missed more than a few time-critical communications because of that.

I really, really wish they'd made it a per-contact default I could have set.

That's been fixed a few months ago. The setting now sticks until you manually change it back or your contact replies with a Signal message.

On Android, in the mode where Signal is replacing your SMS messaging app.

Presumably (I don't have one) iPhones lack this feature as Signal can't replace Apple's messaging app inside the Walled Garden.

I don't know about iPhones, but the option still appears in Signal for Android even if you don't use it as the default SMS app.

There is no button I seem to be able to long-press on iOS Signal that gives me that option. Can you be more specific?

They're talking about the Android app. In Android the application which sends messages can be replaced, and so Signal offers to replace it, as a result it needs to be able to send old-fashioned SMS messages when the correspondent doesn't seem to have Signal.

Your iPhone doesn't let anybody do that, just like it doesn't let Mozilla provide a different web browser and so on. This has upsides and downsides for security which I'm sure you've already thought about, for me it's a good reason not to own an iPhone, but the rationale for the opposite decision is sound.

+1 Matrix has made the best architectural trade-offs to achieve various goals.

There's a Flutter-based app in the works for the specific purpose of messaging for families: https://github.com/nileshtrivedi/family

I have tried to get my family & friends on Matrix. Setup a small server on Amazon instance and created the full system, "How to" guide on installing the app, etc.

I do not appear to have the persuasive skills, clout, or sheer dominance over my family members that some of the more Matrix-successful fellow geeks here do :-D

Well, My family (parents, siblings, cousins, etc) members keep asking me to join them on various chat solutions (mainly Watsapp). I won't, and I've explained them why. I've also mentioned that specific alternatives might soon be mature enough to be easily usable by them. I've hesitated onboarding them on Signal, but we do not need to be that paranoid, and Signal can prove difficult in the way it handles media and free space on the device. Moreover, I will likely get a Linux-based phone (I have my pinephone braveheart next to me) soon as my daily driver, and I bet that Signal doesn't have a nice compatible client.

I'm eying Matrix, together with Fluffychat. I guess that when reactions will be there (for feature parity between clients, I don't want to miss some important information someone sent as a reaction like "I arrive at 8 tomorrow, can you pick me up at the train station" -> thumbs up) plus a few nitpicks, I'll be able to consider it ready.

What happens next? I am not sure. I would like to onboard them on a different homeserver, but I might tinker a bit too much with my personal server for this, plus it would be unavailable when moving around, etc. So I guess I should set up a cloud-hosted homeserver, but I am afraid of the costs, especially if they start joining busy rooms.

The best answer would be to use decentralized identities[1] on my HS for now, and migrate them over to a backup one in case of an outage, but we're not there yet. That's the main reason I keep an eye on p2p Matrix work with Dendrite (then, because it's more generally awesome).

[1]: https://github.com/matrix-org/matrix-doc/issues/915

Signal is not a replacement for the sort of chat app you might use on a computer; it is a replacement for the unencrypted SMS you might otherwise be using on your phone.

That's a very artificial distinction. What's the difference between SMS and chat these days?

Not only that, but you have e.g. iMessage and Hangouts (especially on Google Fi, where the desktop client can send and receive SMS directly), which blurs the line even further.

>it asks me to link my phone. No option for any other signup. NOwhere in the download process or on main site does it warn me that this is a phone-only app.

It isn't a phone-only app. I think it wants a phone in the flow above to authorize your desktop install. They use the phone, and its E.164 address as the root of trust. But the app works just fine on Windows.

The younger generation does not own full fledged desktops or even laptops in many cases. Two thumbs are the only input method they know. The same applies to the developing world. If you use messengers with 10 fingers, you're probably a global 1%. All that matters in this space is user count, not quality of users, so I understand why they neglect the desktop apps.

I forsee comp sci students being unable to type, or atleast type very slowly, in 10 years

A big portion of WhatsApp users do not own any other device than a mobile phone, or do not actively use one.

Most of the time the computer I sit in front of is my company provided work computer. That is not a piece of hardware that I would use to access my (non work related) secure messaging platform.

This comment is misleading. You can use Signal through the desktop app, you just have to register through the phone app first. Maybe they will allow registration through desktop in the future, but this is how it works right now.

The only downside is that you can only message other signal users via the desktop app. At least last time I tried. This has caused me to use googles messages app via their web so that I can type on my keyboard :(

And oddly enough the "your phone" app on windows 10, which is frankly, quite good.

Wire works without a phone mostly because you don't have to use a phone number as login. I have an e-mail based account for instance, but I think you have to add contacts manually, pretty much like skype.

It’s not phone only. I use it all the time with my phone in a different room.

>Am I really the only person who prefers to type on a full-sized keyboard,

I pay for pushbullet just so I can use my keyboard when I'm sitting at my desk at home and have for 2ish years.

You can send SMS via Messages for web for free (after you link your Android phone): https://messages.google.com/web

Though, as you mention in your other replay, Pushbullet can do a lot of other stuff (including working with 3rd party SMS programs).

OK, that's useful... how's your experience in the real world? I'm eager to check it out :)

edit: Whopsie; unsurprisingly, no iOS app (background: iPhone is forced upon us by work; reason #2138 I don't like messaging / using the phone :P ). Might still be useful for my personal devices though...

If you're using MacOS as your desktop, you don't need Pushbullet, because iMessage can remote control your iPhone for sending and receiving SMS messages. You can also make and receive phone calls via Facetime too.

Add to that things like universal copy/paste or the ability to quickly resume some activity from your phone, like opening the active web page, or the usually seamless mirroring of your screen via Airplay, etc.

It does lock you into Apple's ecosystem but the experience is much better than Pushbullet, or anything else.

Yes I did use Pushbullet when I was an Android user. I was one of their first users. I don't miss it.

I stopped using Pushbullet even before I moved to iPhone b/c it's a potential privacy leak and security problem. It's bad enough that we have to trust the phone maker, with something like Pushbullet you give all control of your phone to a third party. Yes they claim the ability to do e2e encryption, but talk is cheap and I've never heard of an independent audit.

If you were using an Android device frequently I'd say it's worth it at the current price, I actually cancelled it a few months ago trying to save money and lasted about a half hour before I reactivated. When I first installed it they had it (they might still) so you could have a free tier for a small amount of SMS messages. I used it for 3 or 4 and then paid for it right then. My only other option at the time was to use Hangouts (gross). My Chromebox has had Google Messenger support for quite some time now but I don't want to use Messenger on my phone as I prefer Textra.

Aside from using it for SMS via my Chromebox (or less frequently my Win10 lapto, Chromebox is my daily driver) at my desk I also:

- use it to quickly send someone a photo from reddit/imgur just by saving it and attaching it instead of firing off the link (so I know they actually look at it)

- Use it to send YouTube videos and pages from my phone to my browser at home and it just opens it in a new tab there. I actually use this several times a week for when it's something I want to give my attention to but am out and about doing something.

- To mirror phone notifications in my Chromebox/laptop browser. You can select individual apps to do this. I mostly just use this to quickly scan messages if I'm watching something on YouTube or in a Reddit thread.

It also works fine with Grammarly on my Chromebox (Dunno about the Win10 machine) which isn't a big deal but I like getting anything I type on that machine counted in my weekly Grammarly stats because I'm a nerd.

My only complaint is sometimes SMS will just hang sending from your browser, if you unlock your phone they then send. I imagine I could fix this by changing the appropriate power saving features in Android but it's not a big deal, just a half second finger swipe on my phone.

It can be insignificantly buggy sometimes, it'll be blank in Chrome but maybe 90% of the time if I just click out of it and then click back into it, voila. The other 10% of the time switching tabs corrects it. That could just be my Chromebox though, I've never see it do it in Win10.

Have you looked at alternatives to Pushbullet?

Every time I've started investigating I've gotten mired in researching the various options and given up without trying anything.

Nope. It was the first thing I found and it works so there's no need for me to replace it.

Not only is it a phone only application but it literally requires a phone number which is your ID for the service.

Just in case you are seriously wondering why you have to connect your phone, it's because the web interface is basically a convenient interface for your phone. WhatsApp works exactly the same way. It works pretty well.

Presumably it is because synchronizing conversations across devices while using end to end encryption is really difficult. You could give up end to end encryption but I'm pretty sure you wouldn't like that either.

Nope. Once you sync your cryptographic keys with your desktop application, the phone is no longer needed.

WhatsApp sends messages through the phone. Signal Desktop does not.

Why do I hate to give up end to end encryption? My end is PC, encrypt that. If I want a shared message history, it's understandable that I have to perform some kind of synchronization between PC and phone to, but it should be optional feature. I don't even want it, personally.

If you get to use it just your personal computer (any modern OS) without a smartphone, than you would also get to choose your own identifier. For Facebook (WhatsApp) this is a non-starter, because your phone number is a way better identifier to link your profiles and sell your eyeballs to advertisers, so it will stay a requirement.

On a PC you could even have multiple accounts on the same device, which is not good value for advertisers either (one device per person makes it easier to correlate various data sources and track you).

No idea why Signal doesn't enable us to use their tool without a smartphone. It makes it look a bit dodgy from a software freedom perspective.

haptic feedback and swipe address all of those criticisms

for like, an entire decade

you just use a single thumb to type by playing connect the dots between the letters, and the device does provide physical feedback

regarding being out of touch, have you tried this? iOS only recently added native swipe

It works great on desktop! It doesn't even need to tunnel traffic via your phone like WhatsApp does.

same here. i just don't understand this obsession with cellphones.

and that's also why i use telegram.

You aren't alone. I would much prefer that desktop instant messaging experience, too.

What you want is Google Hangouts but, unfortunately, nobody uses that.

I'm 100% with you.

But the normies aren't.

And there's an awful lot of them.

keybase is your friend

Signal for desktop.

Requires a phone number.

Still it needs a phone number to be used, which is a huge privacy vulnerability, also by encouraging to be used on some of the most spyware ridden platforms out there: a malicious tap/key-logger is much much much easier to hide in a 90% closed source phone than in a FOSS oerating system install on a PC. FOSS phones hopefully might/will change this, but they're a few months away, and we should also assume most users would rather wait for them to be available than go the easy Android/iOS path.

> we should also assume most users would rather wait for them (FOSS phones) to be available than go the easy Android/iOS path

Why should we assume that? In my estimation, 99% of people in the world are never going to own a FOSS phone. 99% of people probably don't know what FOSS even means.

That was exactly my point (the average user not caring at all about privacy).

The Signal iPhone app has made huge improvements over the years and is just about as user-friendly as WhatsApp as far as I can tell. I would love to see it match the smoothness and responsiveness of the animations found in iMessage. It seems silly, but the visual experience of messaging in iMessage is such a delight.

What I don’t like is that messages take more vertical space in Signal due to the alignment of the time stamps.

Pity it crashes for me 100% of the time when opening on an older iPhone. Haven't been able to receive my messages for over 2 months - which is insane for a messaging app (I'm not even sure if I'll receive the messages if/when they ever fix it).

This is despite me contacting support and sending the crash logs to them when it happened.

As much as I'd love to support Signal and switch everything from WhatsApp - it doesn't seem like a wise choice if this kind of thing is a possibility.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact