Hacker News new | past | comments | ask | show | jobs | submit | page 2 login
Signal community: Reminder: Please be nice (signalusers.org)
1149 points by decrypt on Jan 13, 2021 | hide | past | favorite | 431 comments



I think it's important to point out that "being nice" also involves making room for people that might come across as rude, or that have difficulty expressing themselves in a polite way, or that are just speaking directly. I often get accused of being rude in my writing because I am direct. I've known lots of people (especially devs) that don't really understand that their phrasing might be interpreted as rude. If someone is clearly just lobbing insults, that's one thing, but we also have obligations to be charitable when interpreting others, and that charity often involves couching their expression as an attempt at being "politely informative." I would also say: unless it's flagrant, learn to deal with it. It's important to be able to deal with people, and that involves dealing with unhappy people, people who are stressed or at wits end, and so on. It goes both ways.


> It's important to be able to deal with people, and that involves dealing with unhappy people, people who are stressed or at wits end, and so on. It goes both ways.

That's a good rule on thumb, provided that the initiator is willing to reflect, take responsibility and repair any damage caused when the receiver indicates that their communication wasn't received well. Or, if the initiator isn't willing to do that, then being able to disconnect peacefully without judgement and further harming the receiver. "I'm sorry for coming across that way" is a pretty simple way to acknowledge the receiver's experience without feeling like you need to change or that it was your fault. It's amazing how much damage to relationships comes not from the initial blow, but rather the insistence that no blow was delivered.

Many times I've seen "straight shooters" be received poorly and result to calling their receiver sensitive, etc., rather than accepting that the "straight talk" doesn't work for that person and that neither one of you has done anything wrong, it's just that the two styles aren't working for either of you. Or vice versa when an initiator tries really hard to "soften the blow" with slow, peaceful words when it ends up being more torture for the receiver than just spitting it out with whatever emotion comes with it.


So, I agree we should all be charitable, but we also shouldn't settle for "well, that's just how I am" because communication can be a practiced skill.

As one example, a direct-personality coworker of mine learned to compensate by asking others for feedback before sending emails (or at least important ones to others outside the team).

As another example, I've seen people with http://three.sentenc.es/ in their email signatures, and this makes it clear that the brevity comes from valuing the time of the reader.


I strongly recommend being kind and polite, avoiding personal attacks, in all spaces.

> “How can you write a piece of software that doesn’t do y?”. “It’s 2021 and you still can’t make a program do z, how pathetic”

Leaving aside the attack with “how pathetic”, I can understand these sentiments from people who have been following the developments (or lack of it) with Signal for several years. That the main developers brush aside requests that are important for most people or ignore them and don’t respond on those would make it quite frustrating for the users who care enough to write.

Signal could do a lot better in connecting with the community of users who care to connect. Remember that the users have a stake in this, so dismissing their feedback as “this is free, don’t ask for more” is actually condescending. Without users and users who evangelize the product in their circles, no such project can expand or thrive.

Signal team, you could also practice being nicer and more attentive.


Hi there, Signal Android developer here. I'm sorry if you've had any sort of negative interaction with Signal in the past. I would personally never dismiss anyone's feedback on the grounds that this is a free app (the linked post was written by a very kind community member, not a Signal employee, but I also don't believe they were being dismissive either). Given that Signal has no metrics, feedback provided online is one of the only tools we have to know if we're working on the right things.

That being said, we do have a lot of feedback to comb through every day, so if you don't get response (or get a short one), the intention is not malicious -- it's sometimes just a result of having too much to read and too little time. But we truly do read nearly everything (particularly on Github), even if we don't have a comment on everything. I hope you continue to provide feedback!


Hello, thank you for your comment and for your work on Signal.

I wrote a comment here outlining my frustration over the lack of export ability in iOS: https://news.ycombinator.com/item?id=25763997

I feel this goes beyond simply not providing a "feature", but rather it is actively harmful to users, especially in combination with unreliable mobile/desktop sync. It means that people get their memories destroyed, without warning and without recourse.

Would you be willing to have a conversation with me over email (address in profile)? I would like to discuss what can be done about this, and I would be open to compensating developers for their time.



Yes, unfortunately this is inadequate. Note that only transfers to other iOS devices are supported, and also “your old device will delete your message history after the transfer is complete”.


Hi. Thanks for your work. How can I leave UX feedback? Because honestly, it's pretty bad.


I've read similar sentiments before. After reading between the lines it's often clear that the developers have not brushed aside a concern or ignored a request. Sometimes they've actually explained their side, but a user has not bothered searching and reading forum history, they've simply sprayed their keyboard into a text box with unreasonable and rude remarks.

If I get a terse reply that says "We know this is a pain point, we're working on it!" then I take that in good faith and leave it be. But some find any reply an excuse to fuel their ranting.

There are definitely some areas, particularly those of principles, where the foundation makes a hard line clear. Even if this goes against what I think is best, I respect their clear message that this is their stance and it's staying.

Lastly I feel your remark that the team could be nicer is flagrantly unfounded. I have never come across any user being treated unkindly and without the attention one can expect from such a skewed user:resource ratio. I'm dismayed you've taken something I wrote for good and blemished it with an unfounded reprisal.


The two biggest issues with Signal have been

a) Using SGX (brushed aside) b) Inability to export and backup chats (ignored)


I also am extremely frustrated by the inability to export and backup chats. In combination with mobile/desktop sync problems, it means that I have lots of personal memories on one device, with no way to get them off and protect them.

There was no warning when I first installed Signal that the usual phone backup mechanism (via iTunes, in my case) would not backup this data, or that mobile/desktop syncing problems might mean that hundreds of messages just don't get synced to my other devices, and that this is expected behavior.

So I'm angry, and I can't recommend Signal to others for this reason. And the devs just don't seem to care.

I appreciate that it's an open-source project, and the developers have no obligation to develop new features. But this isn't really a feature request; certain sharp edges in a product are actively destructive if you don't warn the user about them. It's like someone handing out free food which turns out to be poisonous, and then saying, "What are you all complaining about? The food is free!"

If any Signal developer sees this, I would personally be happy to have a discussion about compensating you for your time to fix this problem for the community. My email address is in my profile.


> So I'm angry, and I can't recommend Signal to others for this reason. And the devs just don't seem to care.

Could have just been: "I can't recommend Signal to others for this reason."

I read the "Please be nice" post as a request to leave out the part about being angry or assuming that the devs don't care. It is understandable that you feel that way, but saying so doesn't fix your issue. It does make other people feel bad.


I guess I’m just saying I don’t think it’s a reasonable request, and this was my way of politely explaining why. It’s okay for users to express anger over something like this. The fact that devs are doing volunteer work is great, but it doesn’t exempt them from certain responsibilities (see my food analogy).


b/ https://support.signal.org/hc/en-us/articles/360007059752-Ba... Don't know to what extent you can export, but you can at least make backups


If you have an Android phone, yes, I suppose you can backup. But I don't.

There's no backup procedure for iOS. There's a migration, but the phone you're migrating from has to be working at the time. So if it's destroyed, you're SOL. Also, it's really buggy and has never worked every time I've seen it attempted.

The desktop instructions do not describe a backup. If you try to copy your old data over to a new machine in an attempt to preserve your chat history, you will break things. The procedure doesn't describe how to make things work, but rather how to unhose things once Signal has prevented you from doing what you want and blown up in your face to punish you. There is a way to export from the Desktop client, but it involves using sqlcipher and is an undocumented, unsupported, discouraged hack.


I often find myself thinking the same about other projects.

A good example is Nextcloud, who keeps growing its feature list, but never implements any of them properly. It's a fair line of questioning when your Nextcloud install borked itself for the third time in a year, and Android synchronisation doesn't work reliably.


> Signal could do a lot better in connecting with the community of users who care to connect. Remember that the users have a stake in this, so dismissing their feedback as “this is free, don’t ask for more” is actually condescending. Without users and users who evangelize the product in their circles, no such project can expand or thrive.

> Signal team, you could also practice being nicer and more attentive.

I've been interacting with Signal and observing Signal interacting with people for several years now and I have observed the opposite of what you're saying here. They are nice, they are attentive, and they do a great job of connecting with their community. They don't always do what I ask, and that's OK.

I will be a little provocative even, and say that you're deliberately misrepresenting what has been said in their post (dismissing their feedback as “this is free, don’t ask for more” is actually condescending) - that's bad faith, and maybe their post is aimed at you. It will be beneficial if you attempt to separate the emotion and try rereading what they have said.


I’m curious what the Hacker News crowd thinks of the IME* issue Naomi Wu has been trying to highlight lately.

https://twitter.com/realsexycyborg/status/134916717100428902...

Basically Signal doesn’t clarify to users that their keyboard is quite possibly spying on them, rendering all of Signals security moot if you’re trying to steer clear of spying governments. In practice this means that Signal is completely owned for most users in China if they use their phone as Chinese users normally do.

I keep hearing people say “use signal, it’s secure” and very few people also say “and the keyboard may render all of that security useless”. Thoughts? Naomi Wu has expressed recently that she feels totally ignored in this issue. Almost as if Signal doesn’t want to discuss it.

* Input Method Editor


This is interesting, thanks for posting it.

On the one hand, there is nothing on a technical level that Signal can do beyond what they’ve already done (linked in the twitter thread, set a flag that the installed keyboard may or may not respect). Anything beyond this is venturing into providing a general computer security 101 course and/or telling you how your mobile OS permissions work and/or region-specific opsec advice. I’m not sure they’re equipped to do that or if they are even the right people to do that. They are a small team and they most definitely do not have somebody embedded in activism of any kind in the sinosphere, which I think is what it would take for them to actually responsibly give region specific opsec advice.

On the other hand, I think it may be quite reasonable for them to say, very clearly, “use your system IME to input text”. It’s a very simple guideline with reasoning that I think can be understood easily by most people. They have a privacy/security section in the FAQ on their site; something like this could go there.

But of course if they did that, they would have to keep managing expectations around how much to delve into the security model of every platform they run on, and how many resources they can reasonably dedicate to usage scenario support. Their mission and product and user requirements are really unique; I’d love to be a fly on the wall of a signal product management meeting lol

I’m basic and use my iOS system IME to text in chinese, but also I’m a basic overseas chinese. Maybe I’ll have to survey my friends and family for what keyboard they use...


Yes. I think at this point Naomi is seeking official recognition from Moxie that this is a flaw in the overall system. I think she feels that she has been unfairly ignored, and she also knows people who she believes have been kidnapped by her government because of this flaw. So it’s a very real and visceral issue for her and she is also a very high profile person so it seems wrong to ignore her. I believe her recent Twitter frustrations started when she noticed that Signal responded to questions from some very small Twitter account, but still hasn’t responded directly to her.

If, due to factors outside of their control, Signal cannot actually guarantee that your conversations are secure, it may be irresponsible of Signal not to make that more clear. But one can understand why they might prefer to avoid the issue...


I think it's completely unrelated to Signal, to be frank.

> Naomi Wu has expressed recently that she feels totally ignored in this issue.

Yeah; I'd ignore it too if it was reported in a bug bounty programme. It'd obviously be out of scope.

It reminds me of the "but users might be running malicious WebExtensions!" argument (one of many!) I keep seeing in the Signal community for not implementing a proper web client (along with "but the PKI might be compromised and the JavaScript might be backdoored!"). They might be running a compromised OS too! Hell, their phone might have an entire ARM-based listening device inside the case. Security is always relative, and if someone reading "Use Signal, it's secure" doesn't understand that then they have bigger problems.


It basically boils down to "your fancy lock doesn't fix the person-sized hole in my door". She seems to be expecting the Signal devs to develop an entire Chinese IME. Why should the lock company have to also make doors?

Somewhere in the middle there she gets rather rude and starts accusing Signal devs of only caring about western users, as if there is a double standard. But there isn't: Signal doesn't provide a keyboard and keylogger detector for "western" users, why should it for Chinese?


I think this is the core part where Signal decides what it wants to really be:

* A messenger for activists, whistleblowers and other people that might be hunted by governments.

* A decently secure messenger for everyone that provides an alternative to WhatsApp, Facebook Messenger and other major corporate platforms.

Because in these cases those two goals are opposite - IME is the most fundamental way how people interact with a messaging app. Switchin it is very hard because users have muscle memory connected to an IME and IMEs vary wildly in their language support and typing experience,. Messing with it (blocking it, forcing people to use another) will make a lot of people refuse to use the app. Not messing with it will make activists mad and result in bunch of "Signal is crap for proper security" posts.

They need to choose. And sitting on both goalposts is the worst option here.


It doesn't have to force it. One of the proposed things has been making one of the on-boarding prompts give on-boarding prompts and point this out to the user - giving people who expect security of the first level based on how it has been presented to them the chance to realize they don't have it, and react.


> I’m curious what the Hacker News crowd thinks of the IME* issue Naomi Wu has been trying to highlight lately.

I think your comment should be consistently reposted on every single story related to Signal until they address this problem.


Seems more like a core OS issue than something Signal specific. iOS at least disables keyboard apps' network access by default, Android users seem to be screwed (as usual) unless they root the phone and install a firewall..


I think the issue is that Naomi is seeking official recognition of this system flaw but signal and moxie have not done so in response to her questions. I think “signal creator acknowledges that signal is not always secure” would be a headline that would help non technical people understand this system flaw.


It would also be grossly misleading and would put responsibility on Signal for components they have no business dealing with.

Non-technical people would just read "Signal isn't secure" which is BS.

iMessage isn't insecure either because you can connect a compromised USB keyboard to your Mac.


Why do you say that. You are free to block any app on Android from accessing the internet, including keyboards, from the standard Android settings, no root or anything.


Exactly. I made (an open source) keyboard app a while ago that logs everything you type into a file.

https://play.google.com/store/apps/details?id=com.abifog.lok...

Now my variant doesnt require internet access but some forks added "email keylogs to someone else" functionality.

If someone manages to install and enable that on a target's phone, then it renders Signal and all other secure apps useless.


> If someone manages to install and enable that on a target's phone, then it renders Signal and all other secure apps useless.

So does installing a compromised USB keyboard or a broken Logitech receiver. Why is that Signal's problem?


Because what GP points out is that in China everyone uses Baidu's third party keyboard. So Signal alone enough is not enough to ensure safe communication.

This isnt a signal problem, its an android problem. I don't see how Signal could fix it, short of developing their own keyboard for their own app only but that would break a shitton of android accessibility features.


I use this https://f-droid.org/en/packages/org.dslul.openboard.inputmet...

It isn't as good a others but at least it doesn't spy on you.


IME - Input Method Editor


Thank you! I have edited my post to add that.


I was the original architect (but no longer maintain) a fairly ambitious FOSS project that is the worldwide standard for a very particular demographic.

That demographic is notorious for a propensity to be “not nice.”

I kept it going for a decade, sometimes receiving rather...strident...”feedback.” I was called a tyrant (and worse) for refusing to deviate from its Core Mission, in order to make it easier for certain individuals to use in narrow contexts (that type of request is quite common, if you manage a general-purpose infrastructure project).

I learned (slowly) to be polite and respectful in my responses, even when approached in an abusive manner. The times I “hit back” (I’m good at that) were quite self-destructive, and did not do the project any favors.

My tyranny paid off, but it took a while. The project has been handed over to a team of really sharp folks that will, hopefully, never have to deal with the kind of crap I put up with. They will get a great deal of positive feedback, and very little of the asinine, juvenile garbage I got. That makes me happy. They don’t deserve it, and I’m grateful they took it over, making it much better than I ever could.

It was worth it. If I had to do it all over again, I would (but I’m glad I don’t have to). I’m a tough, stubborn old coot that can take it, and I knew what I was getting into, when I started (I’m quite familiar with the demographic). Even so, there were a number of times I wanted to bin the project and walk away. I’m glad I didn’t (and there’s many thousands of people that are glad I didn’t, but don’t know it).

Sometimes, we do stuff for reasons other than money, property, and prestige.


> That demographic is notorious for a propensity to be “not nice.”

FOSS for goblins?


The BMLT, I guess: https://bmlt.app/

The Basic Meeting List Toolbox (BMLT) is a full stack, open source solution for managing Narcotics Anonymous meetings.


My first guess would be any gaming community.


> FOSS for goblins?

More like Uruk-Hai


Usenet had killfiles, Wikipedia has IP bans for problem editors. Issue trackers need something similar.



Signal’s Eternal September?


It’s an old reference to Usenet and AOL. It used to be that many Usenet groups had problems every fall when new college students would discover Usenet after getting internet access for the first time at their university. In general this meant posts that went against the norms of many groups. It would usually straighten itself out after a few months, but in general, September was a rougher month.

Then, sometime in the mid 90’s (maybe 95?), AOL gave its users access to Usenet. This meant a steady flow of new users who didn’t adhere to norms of the newsgroups. Therefore, the Eternal September.

Same concern now as it seems like everyone is discovering Signal. I’m not sure how much I agree as signal is primarily small group chats where norms can be better enforced.


This is about tone on the Signal Community Forums, not within the Signal App. As Signal is an encrypted chat app, there is no Signal culture within the app that could Eternal September.


No i meant in the community forums - since there’s likely been a large addition of users in the past few days due to WhatsApp. I suspect a decent chunk of tech forward people have moved.

So I was wondering it if was Eternal September for the forums.

But I think I see where you are coming from = there is a finite number of people who will come to a coding forum, not an unbending wave, which would make Eternal September less of a good fit.


It's an old reference, sir, but it checks out. I was about to clear it.


Is this a typical outcome of an open-source project that gains widespread popularity? It's a trend that popular projects get criticism that is too personal. This is a tricky problem. The obvious answer is to be anonymous on GitHub and not care when complaints get too shrill. This hurts the professional value of being an open-source contributor. How to achieve a balance between this and the need to insulate oneself from haters in the (unlikely) case your open-source project hits the big time?

I recall a similar story, I think it was the guy who wrote the Python library for the Raspberry Pi GPIO pins. In his case, I think he used his main email for commits and that was included by the Debian package maintainers who refused to change it.


While people should be nice, maybe it's time for Signal to hire a professional community manager. If developers do support on such forums (who else would be disappointed by unilateral demands?), it is a productivity killer.

Telegram has such person for full time, I follow them on Twitter, and their responses are usually hilarious https://twitter.com/telegram/with_replies

For example, when people demand something from Telegram, their response is usually brainless "I'll pass that to developers" or something slightly more witty like "it's planned for 2301, watch for updates". Everybody's happy.


>twitter link

How do you look up an original post in twitter that they replied to? If I tap on “in reply to @“ link it just shows their entire feed. Thanks in advance!


Usually original tweets are just shown in the feed, but if you click on the tweet body, it will explicitly unfold the thread, if I got what you are asking.


Yes, this is it, thank you!


I'm in the unique position to interact with clients from the 3 digit to 8 digit ARR range, and it's so hard managing expectations across the group. All of these clients are massive, it's just a matter of what stage of adoption they're at with us. More 0s = all hands on deck, two 0s = "I can't give you any kind of timeline and may never be able to". All of this is to say please be kind, it's generally not up to the people you're yelling at, even if you're paying for it.


Ok just 2 points, primarily my own opinion.

First, I suspect a lot of new Signal users are the Reddit/Twitter terror assholes from thedonald.lose and other similar suddenly exposed rock bottoms that have been forced to relocate over the last week or so. Ignore them, ban them, etc. Don’t let ANY of that bit of animated shit pukes that mumble like they’re semi conscious bags of bird shit bother you.

2nd point. It’s ok to say no. Proof in point, I’ve been running jsonip.com for 11 years. Service supports many many millions of requests a month. Completely free.

I’m lucky, I don’t frequently get any hate mail or “add this new thing asshole” for the service. But any time I have over the last 11 years, I’ve directly told those people to shove it if they’ve been rude or demanding.

They’re using my service for free. I’m paying for this out of pocket. Fuck you if you think you can abuse me.

Just to round out, since I’m obviously very suave about language and what not, stop being nice. Stop letting a lot of free loaders ruin your day and kill your mood and passion by treating you badly.

There is an equivalent to the no shoes, no shirt, no mask policy and retail store has for online stores and OSS projects. If the user/customer can’t adhere to extremely basic human decency norms, they don’t get to play. You tell them to fuck off and go away, then move on with helping people that actually give a shit and are nice.


> Don’t let ANY of that bit of animated shit pukes that mumble like they’re semi conscious bags of bird shit bother you.

LOL. Appropriately eloquent. And I'm not being sarcastic!

The number of times I've gone to reply to a post somewhere to tell someone "You don't get candy if you're a bad boy, go back to your room" but ten other, nicer people have already tried to positively engage...

You'll be glad to hear I'm not the one being nice. I flag/report, or if a thread is turning sour tell them they're on their own if they try to mistreat me. This is why I don't mod any communities because too many people would get the same treatment the lamers did on IRC: I'd kick them out the door and get on with my day. Seems that's out of vogue these days.


Hah. I’m with you. Even used to do the same thing on IRC years ago.

I’m firmly of the opinion we (general collectively) of the mainstream have bent far enough back and tried too hard to accommodate the ignorant for too long. No time for that shit anymore.

Oh and I’m hell when I host an Among Us game. If the randos don’t catch on quick, boot put the hatch!


A good solution might be an "exponential back-off" temporary ban.

In this, an open-source project adopts a policy that the mental health and wellbeing of its developers is a priority, and in particular abusive language from end users is not accepted. Specifically, if a user communicates with such negativity (e.g. commenting this way on a github issue), two things happen:

1) That comment is deleted

2) That user is prohibited from posting on this project's issues for 30 days.

That's for the first offense. If, after 30 days, the user does something like this again, they are temporarily banned for 60 days. And then 120.

You get the idea.

If you don't like 30 days as a base, then it can be 24 hours, or 90 days, or whatever the project decides is appropriate. Regardless of these or other parameters, this strikes a balance between accepting needed feedback from the community, and "canceling" someone from contributing useful feedback in the future.

In fact, I bet you this will have a role in conditioning certain people to communicate in more nurturing and kind ways. A permaban would likely NOT do that, but a short temporary ban that increases on repeat offenses probably will.

I am not sure if Github supports this already, or provides some mechanism that could be used by the project maintainers to manually implement it...

But if you are developing on any platform where end users sometimes communicate toxically with volunteer developers just trying to make the world a better place, maybe this idea is worth considering.


> Just scroll past if something isn’t nice or offends you.

It's easy to dismiss this argument as it's obviously weak (it doesn't make any sense) but it sure seems to be a popular thing to say. Why do people think their right to act any way they want supercedes the right of others to not have to put up with trolls and jerks? Do these people have social problems, are they legitimately not smart enough to see the problem, or what is it?


> this argument as it's obviously weak (it doesn't make any sense)

It's the only mature and sane thing to do. Otherwise, what's the alternative?

> Do these people have social problems

I have a theory split in two parts:

1) Because it's online/remote and anonymous: I think that in 99% of the cases, when face-to-face, the toxic persons wouldn't even dare to say what they say online.

2) I learnt that most of the times toxic persons are in the 15-25 years olds range. They are just kids that do not know any better. If a 15 years old kid starts to insult me in the street, I'll just ignore him. It's just a kid.


> the right of others to not have to put up with trolls and jerks

This "right" does not exist. Scrolling past stupid or offensive stuff is an appropriate thing to do.


Then let's rewrite that without the word that bothers you:

"Why do people think their desire to act any way they want supersedes the desire of others to not have to put up with trolls and jerks?"

Because, y'know, that still seems like a reasonable question.


Maybe because trolls and jerks have no goals beyond heating the discussion? Most calm and constructive forums and mailing lists I’ve ever seen had an unwritten rule (written actually, but who reads ‘em, right?) to ignore “hot” messages or at least the hot tone in these. It doesn’t prove that it’s the only way, but once the reply is done, every other user feels urge to add to that, because it is in a human nature that something said repeatedly or upvoted has more weight than something stated once, but it is harder if you’re first (crowd psychology). It is a culture of a public place (a thing that supports healthy cooperation) and they have to learn it, no matter how strong is their desire to respond.


One forum I'm on has a very strong community standard of "This place is like a local pub. If you show up mouthing off you'll be called on it by the regulars who may all look like they're shit talking each other, but who have mostly spent time together in real life, and who as a group have each other's backs against outsiders. If you keep it up you'll be asked to leave, possibly if needed by the managers (forum mods) who'll ban you for a short or extended time."

It works remarkably well for that particular group of people. It's almost certainly turned a lot of people away who _may_ have pulled their head in and become contributing members of that community, but largely they don't care too much. The forum has stayed small (it was recently characterised only a bit unfairly as "12 cranky old cunts" by someone who wouldn't/couldn't live up to the community standards there.)


> "Why do people think their desire to act any way they want supersedes the desire of others to not have to put up with trolls and jerks?"

There are two answers to this question, a "not nice" answer and a "nice" answer.

Answer 1: Because it does. Freedom of speech is more important than "your desire of not putting up with things you dislike"; so yes, the rights of trolls do actually supersede the comfort of the trolled.

Answer 2: It doesn't really matter. Just ignore the stupid trolls and go on with your life.


Freedom of speech is genuinely important. Critical even.

But it certainly does not extend to my lounge room, Your right to freedom of speech does not mean you get to act like a troll or jerk in my house, or to expect to be able to behave in ways you think I should "just scroll past". You will be asked to "be nice", and asked to leave if you choose not to (and ejected of you continue and refuse to leave). Your "rights as a troll" do not superseded my comfort in my home.

Your (assuming you're in the US) "Freedom Of Speech 1st Amendment" rights mean your government may not pass laws to inhibit your free expression. It does not mean your choice to freely express yourself will be free of consequences (as the well known "yelling 'Fire!" in a theatre" example illustrates), nor does it mean that owners/managers of private spaces are required to put up with your free speech in their venues.

Whether an internet forum is closer to a private home or Speaker's Corner in a public park is a good question. But claiming the forum regulars and owners should "Just ignore the stupid trolls and go on with your life." is not the only possible answer to that.


Freedom of speech does not validate abuse, no matter how you spin it.


It doesn't validate it the slightest, but it is a common problem that people claim to be abused if they don't like the content, which results in obvious problems.

Minorities profit most significantly from freedom of speech.


I agree. But saying stupid or abhorrent things is not (necessarily) abuse.


I doubt the people making that argument and those that spam toxic messages are necessarily the same.

It is a coping mechanism because it makes no sense to be angry at a user that doesn't even care that much in the first place.

From that perspective it makes no sense to be angry at messages.

Doesn't always work, obviously, but it is the best way to deal with it.


I think the community forums will have to rapidly evolve to deal with the influx of new users.

If you look at successful, very large internet communities, almost none of them look like traditional forums.

I think wiki-like features could be important here, so that users can maintain high-quality references to point to during discourse. For example, reddit has subreddit wikis, and stack overflow allows questions to be repeatedly edited by the community.


I feel like this is more a sociological or even philosophical question but why are users like this, in particular for something that is free? Sometimes I wish we were more grateful for things instead of being so damn entitled (about a free service, nonetheless!).

That reply that is on the bug report (literally the post about being nice) which accusing the author of needing to "man up" is too on the nose.


Ironically I saw that dedicated, talented people who toil away for open source were being abused so badly that they left. I decided to put my head above the parapet and do something I don't like to do: preach. Figured I'd get some people shoot me down or start mouthing off at me but I manned up and posted it anyway.


I feel like this is a good starting point. It's bikesheds all the way down. https://en.wikipedia.org/wiki/Law_of_triviality


It works both ways. I'm not addressing the Signal project in particular, but maintainers of free software projects need to be polite and professional (in words and deeds) as well. Users who take the time to investigate bugs and get involved in fixing them don't have "infinite resources to pour down the drain" either. Maintainers presumably derive some value, even if not monetary, from their involvement in these projects. Having more users than they can handle is a problem that comes with the territory of a popular project--and needs a solution just like the more technical ones. (I translate the term "toxic users" as modern-speak for "people who aren't exactly aligned with me".) I often contribute to alpha status free software, so I don't always gain reciprocal benefit--but I do like to help others. How many times have you seen an open issue or pull request on a project that isn't addressed at all after years? Often, in my experience.

Last year, I was working on my free software project, and I heard repeated blasts of a car horn from my driveway. I have advanced arthritis, so it took me a while to get up and go to the door--I wasn't expecting anybody. The car drove off before I could get to the door. The next day the same car was in front of my mailbox. The door of the mail box was drooping down. The car stopped on the side of the road, so I had enough time to hobble out and approach it. It was pouring rain--I had my shirt up over my head to keep the water off. I found out it was my new neighbor. She was doing improvements on her home and needed my signature on an HOA document. She said, "I'm disabled, and I need a favor. Also, I broke your mail box putting the document in it." I said, "I'm disabled too". She laughed, "Oh, I see."

The moral of the story being, Signal, be glad you don't have to deal with people who want something from you IRL. :)


People say: man up. I’d say let’s ignore the toxicity and go about our way. If someone wants to be an asshole, fine by me, but I’m not letting them take my fun out of my life. Therefore it would be good to have a way of hiding stuff that you don’t feel like putting your energy into. Sort of shadow banning but only for yourself.


"Man up" is great advice, but it's from an era where socialized interaction happened mostly in person. In those times, the consequence of insults was almost always physical violence, sometimes to the death in a formally arranged way.

Perhaps somebody needs to invent that device that allows us to punch people over the internet.


Yes and that makes me think. What if we could un-anonimise the internet for things like these. I think the anonymity of the internet makes trolls, toxicity, bullying and such much easier. Where if it’s your actual name that’s next to it, it influences your real life as well. Recruiters will search for your name on the internet and if you come off as a toxic bully, it’ll have consequences


nah.

There is empirical evidence otherwise, e.g. toxicity on Facebook. On the contrary, it gets far more personal if people know each other too and petty infighting dominates.

Recruiters looking up your name on the internet is awful. It got better, but a few years ago they haunted you to your last refuges.

Some people have their real names attached to their profiles, but I assume most prefer it the other way around.


Yeah, that sounds like an excellent idea. I would also add punishments (social media bans to start with, perhaps fines and even prison time for extremely serious cases) for spreading obvious lies.


You have my fork!


It's difficult if you're seen as an authority figure, if you're one writing the code. Ignoring assholes could well simply inflame them further when they see other people receiving official replies, when their 42 posts have garnered nothing.

I certainly brush off the seething wastrels when they come my way, but I'm merely another member of the community and I have the luxury of ignoring them, flagging them, and letting someone else decide whether they should be kicked out or not. I really can imagine that if you cannot ignore these people (or have to add five people to your /ignore, every single day) it will wear most people down to a nub after a few years.


mute/block button?

of course the implementation varies from product to product but is usually not obvious to the other party


Developing a pleasant community, and developing the skills and environment to deal with angry people who use the project as their punchbag, is more valuable than the code. People who nice, pleasant and diplomatic are gold, and can help shape the community. They’re as valuable as your most skilled coder.


Maybe, there should be a Kickstarter for GitHub issues to prioritize them. You can prioritize them by money put in, and whoever wants their feature IMMEDIATELY, puts their money on it so, necessary resources can get allocated, and the rest can shut up about something not being done.



This looks like a great service. There doesn't look like there's a way to post a bounty for a repo that's not already signed up though.


There used to be a Signal project on Bountysource with a bunch of pledged money, but I can't find it anymore. I had pledged. Odd, I can even find the PayPal receipt for my pledge.

Edit, found it: https://www.bountysource.com/teams/whispersystems the old links did not work


One of the best parts of OSS is that if the maintainers don't have the time or the priorities to solve your problem you can fix it yourself and get your change upstream, or fork it. It blows my mind that some people can take OSS for granted.


Nice community users: do your part! Don't just be a silent majority.

Being nice doesn't mean being passive. If you see something wrong, make someone aware of it nicely and if they respond badly, flag or report them.

Be nice, be active.


There is a rising tide of hyper vigilance and explosive anger that cannot be escaped these days. I hope everyone can wake up and realize this - to stop it before it becomes the new normal.


I have had the opposite experience. Carefully filing a bug report, carefully getting data for it, only to get shouted at by the maintainers.

Be nice, yes. Both ways.


(high) time to start educating children in schools regarding differences in software. preferably as early as primary school. so that every person on this planet better understands what is free, what different types of software licenses do. software and we never ever have to talk again about the offenses taken by people spending free time on software that helps the world spin in a more consistent way...


You overestimate the importance of software development and licensing in the life of the average person. Most people never interact with a software developer or even understand what they do, much less submit bug reports and feature requests to open source projects.


Its why I am always extra nice/kind to those that report real issues.

While have a zero tolerance to anyone being even slightly annoying/belligerent.


I've come to the conclusion in the past couple years that the world would be a better place if adults were forced to watch Daniel Tiger episodes. So many things it covers (like, how to be kind, how not to over react to bad news, how to give a proper apology or show gratitude) seem like they ought to be simple but turn out to be rare.


What happened with the developer of Mastodon?


It doesn't seem to be the main developer of Mastodon, but some developer of some popular software Mastodon-related called Fedilab.

https://framagit.org/tom79/fedilab/-/issues/498

> Fedilab is a multifunctional Android client to access the distributed Fediverse, consisting of microblogging, photo sharing and video hosting


not with mastodon developer but developer of foss clients for mastodon, peertube and others. the toxic community forced him to quit all social media


FWIW I’m very grateful to all the people who work on FOSS software. I probably wouldn’t be a software developer if it wasn’t for these tools and libraries. I often wonder how they all find the energy do it, I know I wouldn’t be able to contribute more than the tiny PRs or issues I’ve submitted over the years.


Let's not pretend this just some guy's hobby project. They've received millions of dollars in funding, more than many small businesses make a year.


And that means it's OK to abuse them and their volunteer moderators? Getting a paycheck that big wouldn't make me feel better if I was having shit slung at me from all directions.

I'd have a more comfortable life but I'd still be getting up in the morning to go to work knowing I was going to open my inbox to weeping boils flinging their bile at me.


It means it's not okay to write poor-me post pretending you're some regular person who's sacrificing a pay check to work on a project simply because it's the right thing to do.

Life is full of "meanies". Cry me a river.


I don't work for the foundation so I'll accept your permission to write the piece. Thank you for your generosity. Perhaps I'll write a special section on why not to write comments on web sites while you're feeling extra-sensitive, preventing the need for you to bother commenting in this way?


Jesse, what the fuck are you talking about?


what if the competition is making these comments intentionally to fiddle with FOSS developers? People need to be strong and above internet comments



if someone starts being toxic to me, I'll just let them know they have access to the source code like everyone else and that they are free to open a pull request if they wish to and close the thread. And that's the end of that.

If someone asks why, just tell them you don't entertain any level of toxicity.


The entitlement those people have is ridiculous. They are literally not paying anything for the service and come in demanding things.

It's funny that all these people moving away from WhatsApp (for no good reason, IMO. Facebook can't read your private or group messages anyways thanks to e2e) and think the free app they downloaded will have the same level of features as the one funded by a multi-billion company.

Get real.


I think the word "kind" is more appropriate here than "nice". Being nice is shallow (surface-level, appearances, civility, tolerance...), whereas kindness is profound (empathy, connection, harmony, respect). The former is certainly better than nothing, but the latter is transformative and radically more powerful.


I agree but the article was written in a knee-jerk fashion and once I'd written the title I felt the need to repeat it a few times to help push the point :-)


Not sure what people see in Signal. Having the client be open source without having the infrastructure decentralized is pretty pointless and just sets it up for failing again when the organization controlling the central infrastructure starts acting poorly.

But that being said, if you don't like Signal, just don't use it.


For some of us, "the organization controlling the central infrastructure" is _way_ more trustworthy to not start "acting poorly" than any of the alternatives.

For me, Apple comes a close second maybe, but lack of interoperability between iMessage and Android makes it a non starter amongst my friends/family. Even assuming some self-hosted version of an E2EE messaging service exists and I could convince enough of my family/friends to use it, I then become "the organization controlling the central infrastructure" who risks "acting poorly" due to incompetence or lack of resources to keep that self hoisted infrastructure running and secured.

Signal is not perfect. I don't agree with all of Moxie's choices (I'd strongly prefer it not to need to be linked to a real world phone number) and I strongly disagree with some of his choices (I get angry every time a "$name (someone in my contact list) has just joined Signal" notification arrives.

But it's better than the alternatives for me. And for enough of my friends/family that it's my most commonly used comms channel outside work.


To me the end result of this shifting landscape is something which has the attributes of Matrix. Matrix may have issues, but it's architecture and implementation is very resistant to bad actors.

You can fork the server code and the server instances of matrix servers and have it work with existing servers and clients. Without this capability it is a matter of time until bad actors kill it and everyone moves to the next thing. The problem is that "trust" is not enough.

You trusting Signal operators more than Whatsapp operators does not fix the problem that we cannot run these services on trust.


Of course they can stop being nice at any moment and start doing nefarious things. But having the client open source means that when this happens, you can stop using it without data leaks, and until that happens, you can also be sure about the security of your data and exchanges. As a plus, you can run your own server for you and a group of friends/collaborators/whatever, if you wish. In my eyes that's a vastly better alternative than (I would say most, but it would be inaccurate) all the non-decentralized non-federative alternatives. Plus, their whole mission being secure messaging (as opposed to a nice-to-have side feature) will probably make it harder to do a full turn soon, I guess. Even if Signal is on to something eventually, I believe it does no harm to take full advantage of it while we can, as long as we are aware of a potential turn of events.


yeah. you are free to fork but if you do, dont use trademarked name which is fine but also not connect to official server because brand.


But also, if I fork the server, where central control can be applied, nobody else will be on my server. The client is only half the problem, and the most insignificant part in my view. I would rather have proprietary client with decentralized infrastructure than the other way round if I could only choose one of the two.


They way signal thinks is, you either are full first party or full ex communicado. You need to set up everything of your own


There appears to be a powerful force pushing signal right now.

WhatsApp had the same force behind it when it first hit mainstream. I think it signals something nefarious.


I noticed this too. Elon Musk and Jack Dorsey have both tweeted weird endorsements of Signal lately.


It makes sense if you look at the founders history: https://en.wikipedia.org/wiki/Moxie_Marlinspike#Biography

He co-founded WhatsApp with Brian Action. They both wanted cash but also felt bad for selling out WhatsApp.

So Moxie founded Signal and Brain contributed. A new clean room project under a non-profit with an endowment. Made as what WhatsApp should of been if they didn't sell out.

And to the commenter below he work for Jack Dorsey as the head of cyber security. And Jack supported this project from the get go. They probably like each other. Go figure.

I think this comment is low effort, malicious, and unreasoned.


There is a meta play at worst. Like, someone showering you with 1 million dollars, no obligations and no strings attached, but having an ulterior motive. But, as in that scenario, it's in our hands to make the best use of what we are given.


> WhatsApp had the same force behind it when it first hit mainstream.

I don't remember this, mind elaborating?


This is funny. Because WhatsApp seems to be slow to the party with most features.


I dunno, I could select multiple pictures to share in Whatsapp for years, Signal implemented this when, year or two ago?

I can chat online in browser with Whatsapp for years, you still can't even do that with Signal, so not sure what features are you talking, but Signal is for sure lacking more basic features than Whatsapp.


I wasn't comparing WA to Signal, but to a load of other IM apps. Compared to those, WA is super slow as well.


I completely agree, please behave politely


Just want to say thank you!


It is like codecademy forums. I am talking of UI I think creator is in hurry for launching website.


I wonder if there might be any connection between a sudden rise in narcissistic personalities who feel a great sense of entitlement arriving on Signal forums and Trump-supporting lunatics who are fleeing social media sites which are now closing the barn-door after their horse has bolted :)


Considering the second response I received to that post was a spittle-flecked rant on how being nice isn't mandatory, made by someone with literally zero post history, I wonder alongside you :-)


Nothing to do with the uptick of trump supports coming to the platform...


Well said.


excessive and unnecessary emotional


Is the exact demographic I was aiming for when I wrote the post, with the aim of making them stop for a moment to gather themselves, before being part of the problem.


It's not just "being nice to devs" -- open source communities are utter shit for everyone.

My experience working on open-source projects, from a Product Manger perspective, is it sucks too.

To get it right, modern software takes a team. Everything from BAs, UX designers, QA, DevOps, etc.

But the projects aren't treated like a real project. Often it's a dev doing something on their own... often again it's to get away from the "team organizational structure" and just do something on their own. They don't get paid for it, they're just out to "hobby build" so why not play a bit. Test out some ideas.

But inevitably it's shit. They don't make decisions based on what's good for the customer (and the customers don't pay), they make decisions based on, "Do I have 20 hours to put in to get this right, or do I want to ignore the edge cases and just do the quick and dirty 30 second solution so I can move on to the next task I find fun?"

And the quality suffers. And that's OK, except the expectations are all set so high. "This is the open-source version of Microsoft Office!" or "This is a peer-to-peer replacement for Facebook!" and when a user hears that, and then goes to use it... and finds their expectations were totally mis-set... oof. They're pissy. "I put in all this time thinking it would do whatever basic thing Microsoft Office has done for 20 years... and it didn't do it... and I wasted a day trying... wasted a day looking at obsolete / poorly done documentation... and now I'm mad too!" Expectations need to be set better, and they never are. Everyone over promises based on a vision, not based on actual capabilities.

And when a QA person, or a product manager, volunteers to help... then herding devs, who "own" the project into best practices or a team-based workflow becomes a nightmare. Everyone is working on their own version of "off hours" on the project -- no way to sync a 9 to 5 schedule of any sort. Team meetings never happen; maybe you get together on Slack or something, but like very rare anyone is able to be like, "Hey let's all go bond and get a beer..." As a "leader" you can't enforce best practices -- and that's frustrating for everyone as the devs started the project to get away from management, and management gets burnt out trying to manage devs who don't want managers... Corners are cut, opportunities to bring in other talent are squandered because it's all about ego.

Long enough rant, but like... TL;DR: Open Source sucks. If you're gonna build something, start with a business plan. Make enough money to hire BAs to gather requirements, UX designers to build good flows, devs to build it, QAs to test it, managers to wear chinos, and support staff to handle the onslaught of shitty annoyed customers. And guess what, to make all this work... you'll need some sales guys too. Make it a business, you'll be a lot happier in the end. Fundamentally, if you're good at something... why are you giving it away for free?

Be Nice, but you can't really un-ring this bell. Fire is hot. Water is wet. The internet is mean. And working on Open Source projects is pretty much universally horrible.


Elon stans blew up the spot.


Some Elon but also a huge amount of Indian users who are leaving whatsapp en masse and have a different culture of online conduct that many westerners aren't used. The replies on the signal Twitter account make this very apparent if you don't want to dig through the forums.


I'm up to 50 or 60 new Signal contacts since WhatsApp announced their latest privacy policy updates. (That's actual friend/acquaintances rather than just people I once added to my contact list like ex cow workers or clients/vendors - there's probably another 50 of those as well.) This is largely (but not exclusively) people in Australia.


Reminds me of the 2020 Hacktoberfest. Tons of users would submit spam PRs, when you'd close them and tell them to read the contribution guide they'd start personally attacking you.


In what way are the Indians different?


TLDR don't ask devs/managers to do anything, they are just small company living of 50M donation and other donations

I mean FFS Signal didn't even allowed until 2018 or 2019 to select more than one picture to share and people asked about it for years. How long it took Mozilla to implement pull down to refresh on mobile version until 2020, 5+ years?

These devs WANT their product to fail, they don't want success, they don't want users, they just wanna get their weekly money and play and implement useless features nobody asked for. This is what happens with horrible management in Mozilla with Firefox going now extinct, Signal (pretty much same as Firefox not growing ant user base, even the uptick in recent days in molecule (drop would be overestimate) in Whatsapp ocean) and Wikipedia which is also spending money on projects completely unrelated to Wikipedia site, yet they dare every year ask users for donations to keep Wikipedia running without ads, while reality is they have money for years to run and if they didn't waste them on stupid things even longer.


tl;dr: Don't make false assertions and throw insults in the exact way that you just have.


The guy who runs signal said that he believes science isn’t about discovering truth. I still can’t wrap my head around it.


"Social media made you all way too comfortable with disrespecting people and not getting punched in the face for it." – Mike Tyson

Feels very much like an aphorism for life these days


"Law enforcement made Mike Tyson all way too comfortable with punching people in the face and not getting shot for it." – Billy the Kid, apparently


It was his job to punch people in the face. He's been doing effectively since he was 13. This must be the lowest class comment Ive ever seen on HN.


Punching people in the face for disrespecting him was his job? I guess you can say shooting people was Billy the Kid's job, then.


> Punching people in the face for disrespecting him was his job?

It's called trash talk, a significant part of his sport/job before and after fights.

> I guess you can say shooting people was Billy the Kid's job, then.

No. That's law enforcements job after following the correct protocols. My good fellow are you alright?


What?


I guess yet another platform is censoring its users /s

JK please be nice y’all


I believe the Signal app should at least have a token fee. It can be donated to the open source community. That would immediately get rid of the freeloaders and their annoyances.


The Signal Project's greatest vulnerability isn't technical but social. Contributors probably work in clean environments and follow special security protocols. Yet, their policies and procedures haven't considered emotional compromise by hostile attackers. It's a social hack, essentially. If any group wants to shut down the Signal Project, all they need to do is agitate overworked contributors in message forums.


Bleh. I don't really appreciate this.

User entitlement and harassment are major problems in FOSS, and I don't endorse it, even for Signal. But, coming from Signal in particular, this seems pretty weak. It almost feels exploitative of the real problem - harassment in FOSS - as an excuse for Signal to make self-serving design decisions at the user's expense.

Remember that Signal touts itself as a secure communications tool, with endorsements from the likes of Edward Snowden and Bruce Schiener. We should hold them accountable for delivering on that promise, or we risk the real human lives who choose to rely on a flawed tool. Signal has made several design decisions which reduce its ability to address the problem of secure communications, which are conveniently self-serving. When their arguments for these decisions have been debunked, and yet the self-serving designs persist, this is a bad look for Signal. They have chosen to weigh their self-interests against the user's security, in a tool designed for securing vulnerable users.

Signal is unlike most FOSS projects. They have access to resources which put them among the most privelged projects in terms of ability to execute on changes. The Signal Foundation has a war chest of hundreds of millions of dollars.[0] With a hundred million dollars, a full-time dev team, and 10+ years of development, I think we can expect them to have addressed many of the complaints ten times over, especially when similar systems have been built by volunteer teams in a fraction of the time. Complaints, again, which address ways in which Signal's privacy guarantees are lacking, and which Signal conveneintly benefits from leaving unsolved.

I don't think anyone should be mean or rude to FOSS maintainers, including the Signal contributors. Entitlement and harassment are huge problems in FOSS. However, I do think we should hold Signal accountable for delivering on its privacy promise, being good stewards of vulnerable people, and not compromising on this to chase after their own self-interest.

[0] https://projects.propublica.org/nonprofits/display_990/82450...


I feel like this comment, and others like it, start from a baseline misunderstanding of Signal’s goal, and extrapolate from there into a narrative where the Signal team is plotting the downfall of all that’s good and right.

Signal has been pretty clear that their goal is to create a messaging platform that provides security against the threat model faced by the vast majority of humans in the world, in a form factor that makes it effortless for those people to use it for their communications.

Specific technical details, like federation, are not their goal, and their assessment is that the side effects of federation actively harm their goal. You’re welcome to disagree about whether it’s possible to federate and still solve the problem they’re targeting, but it’s not clear to me why they’d be expected to target their “war chest” at solving something that they’ve always acknowledged is not their actual goal, based on message board commenters demanding they do so.


Yeah, there's something fishy with Signal, though it's been obvious for years that HN is one of its propaganda hubs.

The other day I described one of my concerns with it here [0]. I made no demands or anything like that (this is HN after all) yet someone chose to basically label me "entitled"... that must address all concerns, right?

Anyway, today I woke up and it seems this global campaign to ditch Facebook works, because some contact of mine added me to a group of "friends", people who "forgot" about me for years (because I'm not on any social network) and who had no idea what Signal was until now, who never knew or cared about privacy, but apparently decided to start using it this week. Neither he nor Signal asked for my consent, and now I'm faced with the unpleasant task of leaving that group and possibly hurting people because I never wanted to receive hundreds of vacuous messages every day. Thus I'm one step closer in my mind to moving to set up Matrix on my own server.

[0] https://news.ycombinator.com/item?id=25692885


Sorry if this comes across as blunt, but what self-serving decisions has Signal made, how do they benefit Signal, and how do they compromise users' privacy?


The main concerns are: lack of federation, the persistent phone number disclosure requirement, and its absence on F-Droid, and its hostility to forks.


I've found the opposite more often than not: Users are nice, but the maintainers are arrogant, unwilling to listen to your issue, close the issue without explanation, disrespect you for bringing something that breaks their product or shows a major flaw, nitpicking until cows come home with PRs, rejecting PRs for no reason at all (screw you for putting all this effort in the PR, right?), god-forbid if you ever talk about any drawbacks or issues with the license. Users are usually nice and other users moderate them if a wild one appears.

Can maintainers please be nice?


I think it's reasonable to critique the fact that OWS has received $100mm and I can't even add all my devices to my account (they limit it to 4 or 5, iMessage permits at least 10), or add any other phones (only tablet and desktop can be linked).

Being an asshole is unwarranted, but oftentimes one wonders where the money is going with that group. Their production is certainly behind reasonable expectations. We have stickers but not backup, we have some SGX thing for safe server contacts but video calls on desktop are still basically broken/unusable.

For that kind of cash they should have a lot more to show.


How much of that $100mm came out of your pocket?

Have you got links to any complaints about how OWS is being run by the people donating money to them? (At least for non-troll sized donations. Sending them $5 by PayPal then claiming the right to define and prioritise their roadmap doesn't count.)

I'm not sure you are displaying "reasonable expectations" here, nor that your opinion on how much they should have "to show" carries much weight.

As always, you're welcome to 100% of your money back on your purchase of Signal and it's services if you don't like the product.


It's reasonable to criticize waste even if the waste isn't of my resources.

It's reasonable to criticize and editorialize even over squandered opportunity, something that is (in the case of such criticism) always someone else's, not your own.

I can reasonably think they're doing a mediocre job, given the circumstance that they received $100mm, even if it's not a dime of my money.

I think your response is perhaps a red herring.


I think this attitude reflects much more on your misplaced understanding of what OWS are doing and why, rather than anything meaningful about your critizisms.

It's a _really_ poor proxy for most things, but they're the ones with $100mm of somebody else money. I suspect your opinion that they're "wasting" any of that is much more likely to be that you don't understand the goals, rather than the people behind _that_ much money letting it be "wasted".

You've demonstrated very little understanding of the reasons behind the problems you cite. Do you know the tradeoffs behind the decision to limit linked devices? Do you think OWS's priority on desktop video call quality is the same as yours, and do you know the tradeoffs they're making by choosing not to prioritise that? You pretty much admit you have zero clue how or why they're using SGX - which is one of that most innovative privacy techniques in the entire space (it's not perfect, but it's about as diametrically opposed to how Facebook et al do contact discovery as it's possible to get).

[Edit: It's also possible _my_ understanding of what Moxie and OWS are trying to do is wrong, and I'm crediting them for or at least giving them a pass on a lot of stuff based on that. But I don't think so. I've been reading their blog since they worked on an Android app called TextSecure back in 2014 or so. Moxie is a friend of a friend, and I'd eaten and drunk with him. I think I have a reasonable understanding, for an outsider, of what is important to them and why they're doing the things they do.]


I am quite familiar with all of the things you asked about, including the SGX server attestation stuff. I glossed over it for the sake of comment brevity; I browse HN comments on mobile and reply with thumbs.

I know their tradeoffs well; I also know the SF rumors I hear about the fate of their money.

I think they should have quite a bit more to show for it.


> As always, you're welcome to 100% of your money back on your purchase of Signal and it's services if you don't like the product.

When it becomes possible to change this to “100% of your time back”, I’ll be able to agree with such sentiments. Users invest time that they cannot get back.


Maybe so.

But there's no way that "investment" makes Signal/OWS in any way beholden to them.

If you're going to get upset enough to rant about "all the time I invested in using a free app", you're going to lead a very unhappy life.


On an M1 macbook signal desktop video calls were pretty decent.

The limit is a single variable on their back end server, maybe poke them to up it to 10?


The problem with the directive "Please be nice" is that it's unclear what behaviour it prescribes.

"Nice" is self-assessed. Almost everybody thinks they are being nice, and fair. Even despots think that when they self assess.

It's more constructive to have guidelines that tell people specifically what to do and not do.

https://news.ycombinator.com/newsguidelines.html


This criticism seems misplaced, the article very clearly explains what is meant by "being nice".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: