Hacker News new | past | comments | ask | show | jobs | submit login

So you are going to move from one centralized, walled garden, privacy hostile platform that hard requires Google/Apple ecosystems to get signed updates... to another with identical drawbacks.

I suggest something that lets you use any client/platform you want, uses the same crypto primitives, and lets you choose what server/country your data is hosted in and change your mind any time, e.g Matrix.

How many times do centralized services like VK, WhatsApp, Instagram, Apple, etc need to get co-opted into enforcing the will of private entities or governments before we learn our lesson?

The only network services this won't become true of at some point in the future are those with decentralized clients and servers obeying a common documented protocol.




Matrix is riddled with bugs. While I agree with you that signal isn't all that great (they do some really good stuff and then make some really weird trade-offs), I've recently compared Signal, Wire, Threema, Jami, Briar, Element/Matrix, and Keybase.

The most mature app is Signal. It has the best usability to privacy trade-off.

Threema is the better choice if you don't mind not having a usable desktop client. For me that's a total deal breaker. It costs a one-time 5 bucks and it's totally worth that, if only it had so much as a usable web client (you need to open your phone and navigate two menus to enable the web client every time your phone changes WiFi or anything).

Wire is the better choice if you can sacrifice a tiny bit of usability for better privacy. It's sluggish is all, and (like Signal and most other services) uses AWS. Full disclosure: I was involved in a paid audit of Wire so I know more about the encryption protocol than I do about the other clients'.

Element/Matrix is the better choice if you'd rather make a trade-off towards privacy. Presumably the clients will mature, and between two years ago and one year ago they've made good progress. It's going less fast today but I still see things getting slowly better, and the decentralization works very well and fairly easy to setup.

If all you really want is a better privacy policy and want to ensure people stick around and don't uninstall it, Telegram is by far the usability winner and has a large network effect already. But it's a trade-off with the devil because there is zero encryption. They could ransom or sell our chat logs any time.

Briar and Jami have limitations that make it unusable for general purposes use with your mom. Facebook and Google's messengers I didn't look at for obvious reasons. Keybase was never end to end encrypted to begin with and now Zoom bought them so they'll probably shut down soon (also, bugs).

Rocket.chat seems only aimed at business users.

You can also do OTR over any platform you like, and I still have to try this overlay encryption system on Android (I forgot its name).

Pick your poison...


>> I was involved in a paid audit of Wire so I know more about the encryption protocol than I do about the other clients

Seeing as you mentioned Threema in the same post, I think I ought to step in here.

The encryption protocol for Threema is open source, using standard algorithms, not something they invented.

You, like I did for $my_org, can write your own software to send messages to devices running Threema using the Threema API.

Message contents are, of course, encrypted before submission to the API. Threema provide a number of SDKs to help you, but you are under no obligation to use it, you can write your own API submission client from scratch.

P.S. Not saying Wire is bad here. Wire is good. I use it alongside Threema myself for $other_uses. But I'm saying don't write off Threema under a false understanding that their encryption protocols are closed source.


That's a good point. Threema using standard libsodium cryptoboxes makes this easier to reimplement than these Axolotl-like protocols. Still, Wire has a bot API so you don't need to reinvent the wheel to integrate in a chat. Not sure that's any harder than using libsodium.

Afaik Signal doesn't have an API or SDK, there only seem to be third party implementations for bots.


Signal will by design likely be more stable than Matrix in the short term because it is a centralized dictatorship.

China can move fast for this reason too.

You have to decide if the long term consequences of a fast moving dictatorship are worth giving up the freedom of a sometimes messy democracy.

The internet is too important to herd all our services into control of dictators, no matter how benevolent.

We survived the dialup days for all the UX hell of many providers without giving AOL exclusive control in spite of them having the best UX.

I hope we can do the same with something as critically important as worldwide internet communications, but the marketing of dictators and their ability to move quickly is sometimes too hard to resist until it all backfires spectacularly.


That's what they want you to believe for some reason. Moxie went so far as to talk in the biggest hall at the last chaos communication congress about how important it is that we don't use decentralized services and clients.

I'm not buying it. Look at Matrix and tell me it's holding them back.

What's holding them back, perhaps, is not having a shitton of money in the bank like Signal, and they're actively supportive of decentralization which costs developer resources. Signal (or Matrix, for that matter) could not spend dev time on decentralization and just let the open source community do its thing. But that's not what Signal is doing, they're instead actively hostile towards it.

Or look at Telegram, they have an open network and third party clients. There also are unofficial clients that some people use. But what does the 99% use? The official clients. Signal's argument is that people might use insecure, unofficial clients. In practice, that's not what your average mom will do. (And it's not as if the official Signal app was audited either.)

I'm also not buying the "China can move faster" thing. They can be more oppressive without consequences, but is that really better? Does that "centralized dictatorship" allow them to be "more stable"? It's easy to say, and easy to see how indeed an oppressive government's decree can change things from one day to the next, but on that scale I think you need to consider more things than I am qualified to do before you can really say whether that is a superior system in a given situation.

I guess we conclude the same thing in the end, though, as you say "The internet is too important to herd all our services into control of dictators, no matter how benevolent."


> I'm not buying it. Look at Matrix and tell me it's holding them back.

The main argument against federated protocols playing well with security is that they have a harder time evolving. The example always given is email. Once Matrix has reached 500M users and several server implementations with less than 20% market share each, how can you be sure that it will keep improving contrary to email protocols? WhatsApp switched to E2EE in a matter of months, but most of our emails are still plaintext on the servers.

I like and use Matrix as a replacement for IRC, but I don't think they will catch up in terms of security with Signal in most practical situations (meaning, I want to send a message to a non-technical person). Both because of the fossilization associated with federated protocol (see above), and simply because developing a federated protocol is way harder and less forgiving than a centralized one.

Your argument about the "99% use" means that first that you don't need centralization if it's already centralized in practice, and second that it brings very little benefit (benefits only 1% of users). At that point, the (possibly low) costs of decentralization are not worth it.


Signal did not have a shit ton of money until a year or two ago. I like Matrix but it's main issue is still UI/UX on clients (especially around key management) - which is slowly getting better but still too complex for normal non-techie users.


> Wire is the better choice if you can sacrifice a tiny bit of usability for better privacy.

Do you mean better privacy than Signal? I was under the impression that Signal was significantly ahead of Wire in this regard with features like private groups and private contact discovery.


Private contact discovery and other metadata protection claims are largely security theatre. SGX is entirely broken and those with physical (and sometimes even remote) access can dump keys at any time.

They pinky swear they always patch and never dump keys when they have the chance though.


It's a security theater not only because someone broke it, but also because you can always just look at which IPs talk to which IPs. Even Tor has issues with preventing traffic analysis, except with Signal you can observe (or trust) a single party (instead of the guard and exit nodes) to get the data.

It's more of a trust thing than something you can technically solve while still having features like real-time calling. Hence Facebook being objectionable despite having encryption.


They're both hosted on USA-based services, they both have proper encryption on the client and apply it also to calls and video calls. There is no significant difference to me in terms of privacy.

Usability is slightly different, yes, and you might also trust Signal more because they do better PR (they say outright that they're from the USA and get money from Facebook, while Wire has devs in Berlin and claims to be a German company, while taking money from USA investors... which imo comes down to the same thing), or you might trust Wire more because they were actually audited at all.


For a family that are all on the same server, Nextcloud Talk is also nice and "relatively easy" to set up (and 0 effort when you already use Nextcloud). I am still desperately waiting on Talk being able to use the federation features of Nextcloud (so you can chat to users on other servers). That would increase my usage a lot, my parents are on another server (which admittedly also runs from my basement) and I have colleagues with their own server...

I do use Signal and Telegram with some friends, I really find the difference between WA and Signal to be small. Telegram though is a lot nicer as a platform, it has some channels I'm part of and the desktop client is much better. But this comes with privacy/security trade-offs as mentioned in this thread.

I also use Element.io for some channels and groups. I find it surprisingly nice. I may set up a server myself soon.


As someone who doesn't use WhatsApp, thanks for mentioning WA and Signal are not very different and that Telegram has better UX. That matches what I thought, but I didn't know and I was a bit worried what I'd be signing my family up for when asking them to switch away from Telegram.


Yeah, Signal used to handle changing phones pretty poorly but that is sort of solved now (you can store your groups and phonebook in the cloud behind a pin). Other than that it is really nice. The desktop client is arguably better than WA's web solution, although I have run into non-syncing messages, but, you can use the desktop client with your phone off, which is a major + imho.

Honestly, Signal is just super high quality when you take into account how privacy focused it is, I could easily replace WA with Signal, apart from "the network effect".


> you can use the desktop client with your phone off, which is a major + imho

Indeed, if it has to go through my phone it's nigh unusable in my opinion. Wire and Element/Matrix handle this properly since they don't depend on a phone number in the first place (so no need to tie it to your phone), only Signal and Threema are somewhat of a pain in this regard since you need to link it, and only Threema absolutely requires your phone to be online all the time.


I can recommend the FluffyChat Matrix client, it's quite pleasant to use, although still not perfect :)

https://fluffychat.im/


Why is Telegram not on your list?


They lie about encryption. They call themselves an encrypted messenger when they're not, at least not in the way that people expect nowadays. I volunteered for their support team a few years ago but was rejected because the first test question was about their encryption and I refused to lie (I said regular chats are encrypted but only to the server, i.e. that Telegram can read your messages which was true then and is still true today, and that you need to use secret chats for encryption.)

I ended up adding a paragraph about it anyhow but that's why, when starting to write the post, I didn't add Telegram to the list. There is also rocket.chat further down that I didn't mention on top, fwiw.


it is?


I should maybe have put it in the list on top. I initially listed only the encrypted messengers, but later decided to add a paragraph about Telegram anyway.


I don't like Signal's stance on forks (which is that they are allowed but may not use the official Signal network) but it hardly has identical drawbacks. Signal is open source, can be downloaded as an official APK and can be run on LineageOS without Google Play (notifications do require some emulation of Play Services calls, but that can be provided using MicroG).


"hardly has drawbacks" My notes on Signal contain the following:

+ It usually just works

+ Reasonable desktop experience (needs to re-link once a month or so, but otherwise independent and not terrible UX), good mobile experience

- Metadata handled by Amazon

- Phone number is a hard requirement, and changing your phone number means re-connecting to everyone

- Funding comes from Facebook from what I recall, and even with large amounts of their $100M invested, their expenses are 8 times larger than their income.

+ At least it's a foundation and their finances are not a black box!

~ With a build from an untrusted third party, you can make it work on Androids where Google Play Services are intentionally firewalled off.

~ No audit of the clients. The protocol, sure, but most bugs aren't introduced on a protocol level.

These are only things they could solve, i.e. that others do better. That their contact discovery solution (where you upload your phone book) is broken isn't a downside because nobody else has that figured out either.


> - Metadata handled by Amazon

That's rather broad, which metadata are you thinking about? Especially given the sealed sender feature. Assuming you have access to everything at Amazon, what can you deduce about Signal users?

I can think of:

- IP address (you can tell that this IP address sent some Signal message)

- size of messages

- timestamps of messages (when they were received by an Amazon server)

IP address leaks a lot of information but there are still workarounds, and it seems reasonable if you're in a no-trust model (meaning Signal's servers wouldn't be any better than Amazon's). In any case, that's way less information than other mainstream messengers.

On the other hand, one distinguishing feature regarding metadata is groups: group membership is not known by anyone outside of the group if I understand correctly, contrary to WhatsApp (and others).


"Funding comes from Facebook from what I recall."

Not really. Original funding came from NGO sources such as the Open Tech Fund.


The author is a toxic dictator who hates the idea of ceding power so that they can have a constructive and open protocol for everyone. That means the app should never be used, by anyone. If you're going to use software like this, you may as well stay with whatsapp - at least that has a lot of users.


I see mention of the toxic dictator stuff and non-reproducible builds mentioned through this thread - do you have info on that you can point me to? I am asking because a guy at work wanted me to install Signal as voice call quality on Duo was appallingly bad. Thanks in advance.


You can read about the stance in question on a lot of github issues, one of which is this one: https://github.com/LibreSignal/LibreSignal/issues/37 (not actually the signal repo, but moxie talks about the need for iron control over the platform). You can extrapolate consequences pretty far from what is said there, consequences which are well understood by moxie (if nothing else, you can see that time was spent thinking about environmental factors). To me this attitude is baldly toxic because it makes the world worse (in that it reinforces the opinion that centralised is better, which is at the heart of so many problematic digital services).


Thanks. Reading that thread, I think he is saying that he wants to remain centralised and federating third-party servers and traffic isn't his plan.

I know in theory that sounds "bad" but it's their service I guess? In the real world, centralised services seem to be the norm, eg. the postal service. They don't let random third parties take the mail and also mandate that you use their postage stamps to use their network, and only accept mail at their post boxes and mail offices. They don't let people inject mail into the vans along their postal routes, and don't forward mail that is from another delivery company, eg. DPD, DHL, FedEx.

I am not sure how else it'd work?? Surely it'd be like expecting the postal system to deliver FedEx's parcels, whilst not paying the postal system anything at all. That's unfeasible and unsustainable.


There's e-mail for one. A great good everyone uses, which is definitely decentralised (much to the chagrin of a few large providers, which continuously act in bad faith to centralise it as much as they can). Signal could have been that, but for (mainly) mobile messaging. Because they went the jaded route as you do it's now just another way for one person to apply his dictatorial view to the masses. I agree with you that in a mountain of shit you won't really notice a little bit more shit, but that doesn't make it anything but shit. It could have been better, it is not. That's something that deserves a little lamenting.


I can only guess but it may relate to Moxie's at times somewhat brash behavior in Github issues and an ongoing debate over centralized vs decentralized protocols (with him advocating the former). He gave a talk addressing the (de-)centralization topic at the Chaos Communications Congress in 2019:

36C3 - The ecosystem is moving | https://www.youtube.com/watch?v=Nj3YFprqAr8


There is nothing wrong with the protocol, the client software or the server software; the problem is entirely with the OWS server TOS.


How would we know? The signal app as most people understand it cannot be built in a reproducible manner. This means that most people will be using something that may as well be compromised. The author does not care. It doesn't matter what the source code behind it is, as an entity signal is hostile to everything a good messaging app should be.


The Java classes making up the application proper have had reproducible builds since 2016 [1]. The Play Services Signal relies on don't, but there are open source alternatives.

[1]: https://signal.org/blog/reproducible-android/


If you can't produce the app as you download it, it's not reproducible. Saying part of it is is disingenuous.


Another key difference would be the business model. Signal being a non-profit[0] does not provide any guarantees for the app to not become 'hostile' in the future, but any such development motivated by personal profits would at least require a change of organization type, which I assume wouldn't go unnoticed.

[0] https://en.wikipedia.org/wiki/Signal_Foundation


It was well noticed when WhatsApp changed hands to Facebook, and yet the vast majority of users didn't move to anything else because of network effects.

Once users are in an ecosystem it takes years to convince them to change and only after they hit a high discomfort tipping point.

If Signal ran short on funding and got bought by Google or Facebook all the tracking would kick in and most users would stay.

We must stop herding people into walled gardens. It is unethical and always backfires.


Moxie highly discourages using the APK because it means turning on untrusted sources which is highly unsafe and bypasses signature verification.

It is one BGP attack or compromised CDN admin way from compromising the masses.

This is one of the few points I agree with moxie on.

The only safe way to install software on an Android device requires you bootstrap trust via a system supplied package manager that enforces signature verification.

Lineage grabs unsigned binary blobs from a separate account with little accountability ( https://GitHub.com/themuppets ) to limit the blast radius of illegally distributing them and does not ship a package manager at all.

They expect degoogled users to do disable system signature verification to use an alternative app store like F-droid. Lineage is great if you want to turn an old device into a game system or something, but it should not be used on a device you need to be able to trust.

The only Google-free option to have a signed system-verified app supply chain on Android is use a ROM that bundles F-droid as a system trusted app manager like CalyxOS, RattlesnakeOS, or my projects, aosp-build, and #!os.

While F-Droid is far from perfect it is the only alternative path and Moxie refuses to allow apps to be distributed there because he openly admits he wants the usage metrics that come from Google/Apple distribution.

In effect, you either use Apple/Google ecosystems to run verified binaries, or compile yourself every week or two.


Moxie highly discourages using the APK because it means turning on untrusted sources which is highly unsafe and bypasses signature verification

That's nice, but why should Moxie decide whether the Google Play Store is a trusted source for me?


Right. They offer one option with signature verification and low privacy (Play store), and one option with higher privacy but low security (YOLO apk).

If neither of these work for you, you are not wanted on the Signal network.


> bypasses signature verification.

APKs do not bypass signature verification. Android still requires all apks to be signed, and only installs updates to apks that were signed by the same original key.

As for BGP attacks, the apk is distributed using TLS, so it needs more than that. That being said, CDN hacks are definitely an issue. But so is someone hacking their play store account or Google play itself.


Semantics, but worth clarifying.

You have to turn on untrusted sources to sideload an APK. It will verify a signature. The problem is the OS has no anchor to know if that signature is by the key of the party you expect, or that of a malicious adversary. Once you pin the wrong key it is like getting a bad HTTPs cert on first connection. All bets are off moving forward.


The OS has no anchor when you obtain it from the play store either. Google play can absolutely send you a hacked app with a different signing key if they want to. Signatures play no role in the first installation, they only play a role in subsequent installations.

If you have downloaded the apk using http, you can still verify the signature before installing through other means, e.g. by comparing it to your friend's installed APK, using multiple ways to download the apk, etc. Can you do this with Google play?


As much as I loathe Google I do have a fairly high expectation that the HSM rooted key pinning infra of Google Play itself is less vulnerable to MITM than the standalone signing key embedded in an APK hosted on a CDN somewhere.

You also can directly download APKs from Google Play using Aurora Store and compare them to the standalone APK in theory, though both points of verification are against the same entity so it only rules out MITM on a CDN etc.

Problem is, who has time to do this for every single update? How many would even do it for the initial install? Most technical sysadmins don't even verify ssh host fingerprints unless automated CA infra does it for them.

Even if someone does do this religiously, in practice I suspect they will put off valuable security patches until they can manually verify every new binary corresponds with the published source code to rule out supply chain attacks etc.

If two totally independent entities compiled and published signed binaries and their hashes matched (when signatures are stripped) then there is some automated consensus there are currently no obvious supply chain attacks in play to protect users at large who don't have the time or experience to compile and verify against the published apk by hand or manually compare fingerprints. F-droid could keep the Signal Foundation honest if they let them but instead they say "trust us, or compile your own binaries" as if no middle ground exists.

Meanwhile I can hand my wife a phone with F-Droid and Matrix and know she can update reasonably safely without any manual key verification steps by me or her. Even when the signing key of matrix.org on Google Play gets compromised the blast radius does not extend to F-droid.

The more reputable independent package managers building, signing, and distributing protocol compatible binaries the better. Makes it impractical for even a sophisticated adversary to gain control. Also lets users to have the freedom to choose an easy automated install)update path for apps that respects their privacy by not requiring proprietary Google services.


> who has time to do this for every single update?

Again, you only have to do this for the first install. After that, the local OS takes over and rejects any apk signed with a different key. It's a TOFU system.


Fair. My SSH host key example stands.

Systems that expect humans to be key pinning anchors are always a bad plan.


>and Moxie refuses to allow apps to be distributed there because he openly admits he wants the usage metrics that come from Google/Apple distribution.

So he admits he cares about usage metrics more than privacy. which makes trusting signal a bit hard


Directly installing APKs by hand is something that is only for people who know what they are doing. However, providing the APK for download is something that is helpful for 3rd party package managers, which can verify the hash.


> forks ... may not use the official Signal network

Is it technically prevented or just frowned upon? The former would be strange, because fixing a bug in your own private fork would also exclude you from the network.


There are forks of the Signal client that do use the OWS servers [1], but IIUC they are in violation of the OWS TOS. Certainly moxie has threatened to block forked clients, which is why F-droid won't host any of these forks [2].

[1]: https://github.com/tw-hx/Signal-Android

[2]: https://forum.f-droid.org/t/we-can-include-signal-in-f-droid...


I actually do not find this unreasonable, maintaining and providing backwards support everyone's custom version with their own quirks would be a big technical burden.


Moxie openly admits he centralized because it is easier and that decentralizing is too hard. We should all just give up and pick the least bad centralized service.

With that thinking we would all be using AOL.

Making a robust flexible protocol that can support a bunch of different client and service implementations is hard, but that is how we ended up avoiding email and web browsing being controlled by a single entity.

Matrix is solving the hard problem of providing the core functionality of tools like Slack and Whatsapp without sacrificing user freedom or asking you to trust any one entity.

This is what ethical engineering looks like, and I don't mind tolerating occasional growing pains in exchange for freedom.


Then no support should be provided for these forks. Caveat emptor unless you use the official client.


Allowing modding and forks does not mean you have to provide support for them.


Exactly this. You don't have to prohibit homosexuality just because you don't want to deal with adding support to your database of married citizens / prohibit forks because you don't want to support them.

The argument makes no sense. I can't decide if Moxie is a double agent with street cred or honestly trying to do good here.


I am generally a pretty decent read of people and in my observations and interactions with him I genuinely believe he believes a benevolent dictator building a centralized system is the only way to bring non-profit-motivated secure messaging to the masses, and that if one accepts this seemingly irrefutable truth, then the best candidate for the job is himself.

He is charismatic, highly intelligent, and lives by his own moral compass, rejecting FOSS ethos and silicon valley capitalist ethos alike.

This makes him especially dangerous.


> I suggest something that lets you use any client/platform you want, uses the same crypto primitives, and lets you choose what server/country your data is hosted in and change your mind any time, e.g Matrix.

I'll bite.

Who's paying for my johnchristopher@whatever.tld and for the data (avatar pictures, transfered files, chat logs) associated with it ?

Will the Matrix foundation let me use their services forever and for free ?

Will there be discussion on HN in ten years about getting your own custom domain and own federated server ? For one account only ? Like we have for mail regularly ?


You can think of it like email.

Maybe you started on AOL and later realized AOL is terrible. You could export your address book and move to a client/server you trust more and notify all your contacts from the new location.

This is the same story on Matrix and what I mean when I say it is a freedom respecting decentralized service.

You are also free to run your own DNS to a dedicated EMS instance then later point to your own self hosted server later much like the freedom you have using your own domain and MX records on Google Apps allowing you to later move to a new email provider without having to update your social graph to change your address.

On Signal, there is no such option. You use their clients and servers forever, or GTFO.


> Maybe you started on AOL and later realized AOL is terrible. You could export your address book and move to a client/server you trust more and notify all your contacts from the new location.

The whole point is in avoiding starting with an AOL like service. So far only big matrix provider are reliable and performant enough to be usable. This is @gmail.com all over again but with @matrix.org tld.

Except you won't be able to carry your messages from a tld to another when you decide to rely on another domain name (your own or someone else's).

How long before Matrix foundation send messages telling users they are going to delete their rooms and messages if they don't log in once a year ? Or that they are now restricted your account to matrix.org rooms to "save operating costs" ?

The whole tech stack is free but operating costs are not.


> So far only big matrix provider are reliable and performant enough to be usable.

I've been running a Matrix homeserver on a 1/1 VM for years without any issues. There is no downside to choosing a small server, you can still federate with everyone else. That's the entire point.


Same here. Except joining rooms on federated instance need something beefier than my $5/month VPS SSD. And much more storage for data (pet peeve of mine: 4K avatars pics that are not resized and stored as is on my end of the federation).


Following the e-mail analogy: Inevitably, there will be contacts of yours who didn't get or read your notification, or contacts of yours who aren't in your contacts list.


As I wrote in another comment, portable identities are a matrix spec change I'm quite excited about: https://github.com/matrix-org/matrix-doc/blob/neilalexander/...

Start on a server, but your real identity is attached to a cryptographic key, not an e-mail-like identifier. That would allow you to move around, and maybe one day get rid of domain names altogether (using something like yggdrasil or tor to host and connect servers, for instance).


True. It is up to you to point your own domain day one with either email or matrix if you wish to avoid this discomfort.

Signal offers no such choice.

Even if you don't do this, you can still reach contacts on the old server and middle through.

If you switch from walled garden to walled garden like WhatsApp to signal there is no migration path at all.


> The only network services this won't become true of at some point in the future are those with decentralized clients and servers obeying a common documented protocol.

You mean like SMS?


I didn't say all decentralized services are good. Just that decentralization is a prerequisite for something to avoid complete control by a single party long term.

A better example would be HTTP/HTML/JS. Sure it is not perfect and protocol updates are hard and slow due to endless implementations but we got a working decentralized internet out of the deal that is very hard for any single party to take over now, so I call that worth it over a single party enforcing proprietary protocols like AOL having a total monopoly.


> I suggest something that lets you use any client/platform you want

I lost about half of my contacts when migrating to Signal, do you really think I can make them install some random app that may or may not work?

They already complain that Signal isn't as polished as Whatsapp.


Those that won't respect your ethics are not your friends.

I lost many of my contacts moving to Matrix but earned a lot of new high value ones that share my worldview to continue building a decentralized censorship resistant internet.


> Those that won't respect your ethics are not your friends.

This is kind of an unreasonable, one sided, stance. You exact everyone to simply follow you and your preferences with no regard for their preferences. Maybe you not respecting them and their worldview makes you the bad friend, not the other way around.

> I lost many of my contacts moving to Matrix but earned a lot of new high value ones that share my worldview

I don’t know if isolating yourself from anyone that doesn’t’ think and act the exact same way is a good thing.


If someone believe something is legitimately toxic to themselves or society, like being around smoke, consuming certain substances, eating meat, using walled garden internet services etc... They should not be peer pressured into giving up those views.

I for one avoid Google products for personal communications. A lot of long term friends decided they only want to socialize online with Google products fully knowing it excludes me, in spite of easily accessible alternatives like Matrix and Jitsi.

They are not using Google products because it makes the world better, they are using it because they don't like change, and changing to maintain a friendship with me was not worth trying to use less privacy hostile communication mediums.

Fair enough.

I for one would not exclusively socialize at a Brazilian steakhouse if I had a vegan friend in a given social circle.

I will go to great lengths to accommodate people that are acting on authentic ethical convictions but if someone is only doing something that conflicts with my ethical convictions because they can't be bothered to try something new, then they obviously don't value me, and I'll invest more time with people who do.

You should live your convictions and find people that either share them, or at least respect you enough to accommodate them.

I don't expect others to think or act like me, but I would expect that my legitimate desire to maintain privacy in personal communication to be respected by anyone worth my time.

Plenty of friends that don't share my views put up with using some open tools to keep in touch with me. I likewise accommodate some of their preferences that don't make any sense to me. Everyone has a mix of deal breakers and things they can be flexible on in any type of human relationship.


I would also add that Matrix, unlike any of the other networks discussed, offers the ability to bridge to all other networks being discussed so if you so desire you can have your open network cake and communicate with people on walled garden networks too.

Not worth the trouble for me and I don't even want to have accounts in these platforms or let them collect my conversations, but the path at least exists.


> Those that won't respect your ethics are not your friends.

Yeah right. I am not RMS, with lock-downs, curfews, social distancing etc I'm already isolated enough so I'm not losing my remaining contacts for some moral high-ground.


> So you are going to move from one centralized, walled garden, privacy hostile platform that hard requires Google/Apple ecosystems to get signed updates... to another with identical drawbacks.

Ideally we'd have a polished, decentralized app. Signal is a compromise. I don't think the drawbacks are identical:

Facebook's business model depends on violatings the privacy of the users. The Signal Foundation has no such need.

The client is open source. I see no reason to call Signal "privacy hostile".


* There is no OS verified path to install Signal or updates without being in Google/Apple proprietary ecosystems and submitting some usage metrics to them.

* You can't use signal on minority market share platforms even if they offer higher assurances of freedom, privacy, and security (RISC-V, OpenPOWER, etc.)

* Getting a phone number requires KYC in over 200 countries and carriers will happily sell you out as extensively documented and demonstrated by journalists buying owner info and GPS coordinates for any given phone numbers. Any service that hard requires a phone number is not prioritizing privacy.

* All metadata and TCP/IP metadata flows to a SPOF where signal employees, the ISP, or another entity inline could use network heuristics to deanonymize users, of dump the weak keys in SGX and get actual contact lists directly.

* If you want to use a privacy respecting signature verifying app store solution like F-Droid you are SOL. Moxie threatened to fight F-Droid or any other parties compiling/signing binaries from source code or doing forks or alternative implementations. He wishes to have complete control and the ability to rapidly push updates to all users quickly, be they benign or malicious. If someone coerces the signing key out of them, all signal conversations globally could be decrypted likely before anyone noticed.

I call all of this behaviour very privacy hostile. Published source code is moot if you are not allowed to use it or empower third parties like f-droid to hold it accountable.


Signal provides a SHA256 checksum on their download page at https://signal.org/android/apk/

Signal works on platforms such as GrapheneOS without the Google ecosystem.

You're right regarding the phone number. I consider it a necessary compromise. Look at the spam problem that email has.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: