The lack of development-in-the-open on Signal-Server is a little concerning, in terms of not giving visibility on what's at least theoretically running serverside.
If you compare it with Matrix, the last commits to Synapse were ~32 hours ago, Dendrite was ~31 hours ago, and Conduit was 3 hours ago - so you can keep up with where development is at, and of course see what is meant to be running in production (and run it yourself if you're able to).
My assumption is that what's happening is that Signal-Server is going through contortions to switch everything to UUIDs, in order to avoid hardcoding phone numbers everywhere as identifiers, and this work is being done on a private branch. Meanwhile, there's presumably a private branch for the current live production deployment too. (For Matrix, we maintain a separate branch for the live matrix.org homeserver instance, to allow for hotfixes etc - although it's public, at https://github.com/matrix-org/synapse/tree/matrix-org-hotfix...)
I have given you flack over the Synapse migration path for server operators over the last few years, but this Signal outage brought home how important it is that Matrix is a more than suitable replacement for Signal among my family and friends, and how smooth it has been to run my Synapse server over the last year.
> and of course see what is meant to be running in production (and run it yourself if you're able to).
This comment of yours is only the second time I'm hearing of Matrix (the first time was several days ago, in a bunch of comments on an ASK HN discussing the WA policy announcement). And because of your comment (and the implication that Matrix is something one can run independently in production) I am now perusing matrix.org - thanks for sharing.
Also I enjoyed your insight with respect to the Signal dev team and what they're possibly currently frantically busy with.
Mind if I ask you, what your thoughts are on the Signal project long-term?
> It’s also true that decentralised systems are harder to evolve than centralised ones - you can’t just push out a given feature with a single app update, but you have to agree and publish a public spec, support incremental migration, and build governance processes and community dynamics which encourage everyone to implement and upgrade. This is hard, but not impossible: we’ve spent loads of time and money on Matrix’s governance model and spec process to get it right.
For me it seems to largely come down to a juxtaposition between the above risk (owed to Matrix) and the below risk (owed to Signal).
> you end up thoroughly putting all your eggs in one basket, trusting past, present & future Signal to retain its values, stay up and somehow dodge compromise & censorship… despite probably being the single highest value attack target on the ‘net.
Definitely something to think deeply about.
Might I add, as a complete Matrix newcomer, the description of its decentralised model in that article reminds me a bit of IRC in the 90s - except with solid encryption.
It certainly seems to make sense if liberty is one's priority.
A couple of days ago an old long forgotten friend popped up apparently using Telegram now. Looking at the profile picture it became very clear that friend must have abandoned this phone number a while ago.
Not really a privacy issue for the new user, since this is his public avatar, but a nice reminder for this issue that phone number are ill suited as identifiers
Yes and no.. I think a resource like a phone number is better than the yahoo/etc email reallocation situation. So far it seems to be rarer that someone tries to get allocated a number to impersonate a previous owner's identity.
1) a bahillion new signups, so they just needed to deploy a bajillion more instances of the server.
2) The clients basically DDoS'ing their servers.
If you look at the android client source, you can see all the commits they put in are about handling errors properly when the server(s) get overloaded.
Not that I speak for the project but this isn’t privileged information anyways: If you have TestFlight, you will see there have been several updates pushed to TestFlight over the last few days.
Honestly, the main lesson I wish developers (and especially Moxie) get to learn is the one that teaches them that centralized services are fragile, bound to fail and simply not worth the cost.
There is no "main" server. matrix.org is the biggest one, but it is circunstancial. Matrix and Element do not want be the biggest instances or keep things under their control. I can bet that people working on Matrix would be thrilled with the idea of helping people create more instances, and even it would be beneficial for their business.
> Matrix is also running on free and so far we have hosted server offerings but no single individual account offer.
> There is no "main" server. matrix.org is the biggest one, but it is circunstancial.
It's not circumstantial at all. You can't send off people to random server without telling them it might shut down because no one knows the owner or when he's going to stop paying for his experience. @matrix.org is the only place where I'd feel safe sending relatives if they want to onboard because it's the only place I know the matrix guys are going to keep running. Most posts I am seeing on HN these days stating registering a matrix account was easy did it on matrix.org.
I believe they should charge a fee. To avoid the GMail effect that got everyone a free email but trapped them in the end. And no, you can't jump as easily from one @something to @somethingelse because you lose your message history and attachments (that's where the often cited mail analogy fails us: with email you can take your email with you when switching). If this chat history doesn't matter BUT you have to find a way to export your contacts then I don't see why it's better than Signal for regular joes.
Two years ago I could run my own matrix instance on a small VPS. Now it requires too much resources, especially when it's federated. Also, the mail federation analogy falls short here because nothing prevents mail from circulating between @something and @somethingelse while matrix has it in its design to whitelist some federated servers.
Not what I mean. I am not looking to forward this to people asking me "hey, how do I get on matrix ?" "here, set up or buy your own server". Where can I send them when all they want and need is a matrix address ? Where can they pay a small fee to keep their matrix address longterm without going through the hassle of maintaining/renting a server ? Matrix.org But we don't see a rush of new users on Matrix. I wish there were though but I am convinced Matrix and Signal don't address the needs of the same people. And that's certainly why every signal thread seem to attract matrix supporters and we get into that federated/centralized debate. Which has been beaten to death.
> Where can I send them when all they want and need is a matrix address ? Where can they pay a small fee to keep their matrix address longterm without going through the hassle of maintaining/renting a server?
Have you seen communick? It's exactly that: a service that provides managed accounts for federated services such as Matrix/Mastodon/XMPP for a small fee. No server setup required.
Yes I did on mobile and thought it was some hosted solutions. When I got back to it to check it out again on the desktop the page is missing CSS (firefox) and from the text I thought it really was some server hosting.
I was wrong. I checked again and on Chrome you have the full site and if I am not mistaken, for $5 for three months you get a mastodon, a matrix (and a xmpp) identity which is pretty cool (or it's cumulative, I don't know. But $20/y for messaging should be okay, though it's still far away from whatsapp $1 subscription).
This page needs some love but it's exactly what I had in mind :).
Definitely needs a lot of love. Thanks for letting me know about Firefox not showing CSS. Seems like I have a SSL certificate issue.
Regarding pricing: It's $5 dollar/3 months for all three services and it gives you 10 accounts. So it's actually $2/user/year. Mind you, this is a "soft launch" pricing (as you could see, plenty of work to be done there) and my idea is to grandfather in the first 100 signups. Once I iron out the most critical bugs, I am working with the idea of charging $1/month ($10/year) for single users and $6/month ($60/year) for the 10-user package.
It hasn't been my first priority because there is already a good number of companies offering that for Mastodon, Matrix and XMPP - but I'd certainly want to get to this point as well.
Isn’t every startup, every service, every open source library an argumentum ad populum? Especially network goods like messaging services.
I don’t doubt there’s a lot of value in federated decentralized services, but there’s also a lot of value in confusion/configuration-free usability.
Thanks to comments endorsing matrix here, I will be installing it to try, but what Signal gets right is that it pretty much Just Works, and that’s the point GP is making. Frictionless UX coupled with cryptographic excellence make it compelling for lay people, and if it’s between Signal or nothing for the majority of nontechnical folk, then they’re better off using Signal.
> there’s also a lot of value in confusion/configuration-free usability
> it’s between Signal or nothing for the majority of nontechnical folk.
This is a false dichotomy. Nothing about federated services that make it intrinsically less usable.
> pretty much Just Works
Until it stopped working. And it failed spectacularly. For everyone.
I might have to repeat this until I go hoarse, but switching from one centralized service to another is not progress. It doesn't make us free. You are still at the mercy of an selected few to take things in the direction they want, everyone is still dependent on their success and the more people adopt it the more difficult it becomes to escape it case the leaders subvert their power to go against the will of the people.
> Until it stopped working. And it failed spectacularly. For everyone.
The outage wasn't global and didn't impact everyone ? It kept working for me and others in my contact list but some couldn't send messages.
Also, if @matrix.org fails or @something fails then it impact users who wants to interact with both those addresses. So in the end it's not that much different for users.
I think you comment about the will of the people is a bit off the rails. If anything the whatsapp exodus shows it's not true since we are seeing people moving from whatsapp to signal.
When I run my own matrix instance I am still dependent on the matrix guys and what they want to do with the protocol and the de facto only matrix server's code. I can't fix anything with my instance but basic proxy/ssl/dns errors. I can't get the ship to stir in any directions. There are no matrix board where I could voice my concerns about stickers or the default colourscheme. Just like Signal.
Your argument smells of the "I can't code or don't know Linux, so there is no benefit for me in adopting free software" BS excuse given by those that are to comfortable with Windows/Mac and do not want to give up that away.
I am not a "Matrix guy", don't work for Element or the foundation. Yet, I can provide Matrix hosting services for you.
If you and more of my customers start asking for changes/improvements (customizations to the clients, better solutions for storage, different kinds of integrations, etc) I can go and develop the changes myself AND DEPLOY THEM on a server for you to use, without needing to ask permission from any of the Matrix devs or Element or the Foundation.
Just a very, very real example: I started looking into how I could integrate Hub20 with a Matrix homeserver to allow people to send/receive payments by messaging. It's the kind of functionality that would be super interesting for some folks, it does not require change in functionality of the core protocol in any way and it is very aligned with the Hub20's principle of facilitating access to crypto for the masses that do not want to deal with the complexities of blockchain/wallet/etc.
Such an integration will never happen on Signal. Signal being centralized, there is no separate instance that could try out this integration, or make it work only for the accounts that it can manage. Telegram is the same, WhatsApp is the same.
Instead of looking simply what is given to you "for free" in the different offerings from the market, start looking at what we can build on them. Don't let your lack of imagination become everyone else's weight to carry.
Starting with an ad hominem, are we, now? Most people can't program and are comfortable with Mac/Windows.
> Don't let your lack of imagination become everyone else's weight to carry.
No one here is shackling you to Signal. You're free to use and customize Matrix, but your argument that people using Signal is no progress at all based solely on being a centralized service is zealotry that is blinding you to the experiences of laypeople.
Starting with your root comment - most people use centralized services that have gone down at some point. In many cases they are still using those services, not because they're foolish muggles who can't program, but because it's worth more to use than it is to switch to something else. Centralized or not, people don't really care. This entire thread has been an effort to convince you that most people don't have the same values you do, hence the argumentum ad populum that you so despise being actually a valid metric of success for a project. Popularity is a flawed argument if you're in a formal debate, but it is useful to nearly every other venture.
So is Signal the best possible messenger it could be? No, probably not. I, too, would like to see a decentralized, federated protocol take off. But is it measurably better than plaintext SMS or Facebook Messenger? Yes, probably.
> Most people can't program and are comfortable with Mac/Windows.
Yeah, being comfortable is not the point. The point is being free.
> No one here is shackling you to Signal.
No one forced me to use WhatsApp. I still use it and still have on my phone. I did manage to introduce some people to Matrix, setup their accounts and install their clients when they wanted to talk to me, but there is a whole lot more that I am just not close enough and that I know won't bother to switch just because I am asking them to.
If people ask me, I'd do the best case I can to get them to Matrix (or XMPP. I don't care as long as it is open and free) and I will help them whenever possible to switch away from centralized systems.
> I, too, would like to see a decentralized, federated protocol take off.
If you truly want to see a federated alternative grow, you have to help it. It's not going to happen if we just stand passively waiting for some big benefactor to show up and decide they don't want to control this space. Every big company will try to control this space and they will always have more resources and will use the advantages that centralized services (faster development, economies of scale) gives them.
Network effects matter. There is no better time to help people switch to a more free option than now with this massive WhatsApp diaspora. If people settle for Signal, it would be better than WhatsApp but it would still be a massive wasted opportunity. This is why I am arguing now so strongly.
(Lastly, do you know one software that I am somewhat forced to use? Slack. Do you know what can replace Slack with just a wee bit of training? Matrix. Two birds, one stone)
> Signal is no progress at all.
In the terms of freedom: no, it is not. The server is supposedly open source, yet the last commit in their repository is from April. If someone decided to fork Signal to run their own server, would they get a current version? Would existing clients be able to use the different server?
The answer is possibly, maybe it will require a lot of work on the people doing the fork. Which is fine from the legal perspective, but really far from the mark from Open Source ethics.
You simply can not compare the amount of work that will be required (collectively and individually) in either outcome. Improvements to Matrix are being made, and both Element and the Matrix foundation are supportive of further developments and getting more people onboard. Signal is actively working to get forks to do extra leg-work.
Please take a look at https://drewdevault.com/2018/08/08/Signal.html and tell me if you continue to believe that forking/replicating Signal to make it decentralized would be the same amount of work as improving the UX of a Matrix client.
I read it, but I suspect that am fundamentally uninterested in (or not as interested in) the values that you share with the blog author. And you haven't ceded an inch on "centralized services are useless" so I have no motivation to continue this conversation.
Sorry, I have been in many different threads with different people and I don't think ever said "centralized services are useless", have I?
What you will usually read from me is that centralized services restrict our freedom, concentrate too much power in one single entity and are not worth the convenience.
That’s the equivalent of saying, “new thread, who dis?” I know what you said, the problem is that you’re not interested in hearing what others say. Especially regarding your bias of deeming centralized services “not worth the convenience” despite popular consensus voting otherwise via installations and usage. By all means hold to your view - you just have to do a better job of convincing others of it.
> Nothing about federated services that make it intrinsically less usable.
I didn't say that. I would say that Signal is more usable than Element, though. While I was commenting, I installed Element and the UX is just not as smooth as Signal - even the quick start instructions aren't as simple: "go to matrix site, click through to Element, read instructions to return to site to configure, install app, register username/pwd, forget about configuration step because it's apparently not necessary after all (?)" vs "go to signal.org, install app, verify phone number." It's not terrible for technically capable folk, but the friction is why it's not as popular as Signal.
And while argumentum ad populum is a logical fallacy, practically speaking it is a boon to be popular in most things.
Judging by your last paragraph, it comes down to a matter of values - is decentralization important to you? Then hands down, Signal will lose. But for a large number of people who don't care about decentralization, they will do what's popular and easy. OWS, I presume, wants to make sure the easiest, most popular solution is also secure.
And what % of users are actually advertising their domain, running BGP, and operating their PBX? Now what % of users go through Gmail, Lumen, or AT&T and what happens when one of those go down? Which of these don't have centralized administration/regulation bodies? Which of these will a user say they haven't had hours of downtime with in the last year?
Even in the case you have a very well federated system with users very dispersed and the federation had 100% uptime and no bugs... how does it affect uptime for users? A central server going down 1% of the time for all users is the same as 1,000,000 decentralized servers being down 1% of the time for their 1/1,000,000 users. Nobody cares others can use the service during an outage they care they can use the service.
Federation capability at the protocol (even if it's not used in a truly federated way) provides a lot of great features, uptime for users isn't really one though. The most relevant is probably when Signal shuts down intentionally (tomorrow or 1,000 years from now, doesn't matter) you can't just migrate to a different Signal server without all of your contacts moving to the same one. This is akin to taking your /24 with you to your new ISP, porting your phone number to a new phone provider, or taking your custom domain email from Gmail to a different host and the ability to do that on those federated systems is probably why they remain in use today.
To point out that "the main lesson I wish developers (and especially Moxie) get to learn is the one that teaches them that centralized services are fragile, bound to fail and simply not worth the cost." has nothing to do with centralized or not. It's not a reason to do things one way or another. There has never been a large long running system, centralized or not, 500 page book or not, that hasn't had user downtime or didn't incur cost. This part is not a matter of theory nor what decentralized systems set out to solve.
There are other valid lessons for why choose decentralized but this is not a "ha, got'em" moment for that. There are also valid pros for centralized as well, hence their real world success and the reason most "decentralized" tech ends up being run in a very centralized fashion when it matures.
I more and more get a feeling that the server is a reference implementation but not the thing they run in production.
OTOH due to end to end encryption all the fancy features are implemented client-side so the server is very simple in scope. So maybe it's really feature-complete.
I would hope it’s due to infrastructure changes required to keep the lights on, not code changes. Concerning at first glance, but less so if I think about the problems they’re likely facing with regards to scaling.
This was a painful episode, but on the bright side, the team is sure to have learned a lot. Hopefully they won't have bled too many users. Looking forward to a more stable Signal in the future!
I have been following the changes on GitHub in the last 2 days, I wish they would actually add comments to the commits to explain the reasons of change or further info.
I think they have issues with message retrying and spamming the server.
- They added handling of HTTP 508 and do not retry jobs in this case
- There is a list of HTTP errors that are handled manually, including the new HTTP 508, but for example 503 is not handled and Jobs (e.g. messages) will be retried indefinitely and I have seen logs with many 503 entries and retries.
- They have increased the maximum backoff time from 30s to 60s (+ added jitter) and it can now also be changed remotely via server flag.
- Any HTTP error not handled explicitly is considered an IOException (strange?) and retried. List of handled HTTP exceptions (413, 401, 403, 409, 410, 411, 423, 499 and 508) is here: https://github.com/signalapp/Signal-Android/blob/2c1c6fab356... I personally would not repeat requests automatically by default on any HTTP error - unless handled manually (so reverse logic), only on connection error.
- They have just switched off OkHTTP automatic "silent" connection retries: https://square.github.io/okhttp/3.x/okhttp/okhttp3/OkHttpCli...
I don't think they have tested this enough, it's more of a blind try and I think it can decrease request delivery reliability.
The OkHttp implementation retries requests silently (with backoff and retry limit) in case of: Unreachable IP addresses, Stale pooled connections, Unreachable proxy servers. This is transparent to the application. In the past I have complained to the OkHttp team that POST requests should not be retried at all and they fixed it (your requests need to be idempotent anyway, regardless of this).
- I believe they may be also having issues with requests that are non idempotent and have been retried by OkHttp silently or in cases where application has sent something to the server and server received it, but the response has never made it back to the client. In this case client will retry request and this can cause trouble if requests are not deduplicated on server side and idempotent. But this is just my guess.
If you're still having delivery issues in any of your private conversations try "reset secure session" from the chat menu. It worked for me with a couple of my contacts.
Does performing a reset impact messages already in the conversation? I don't want to lose chat history but I do have one convo that has missing messages between my phone and my desktop app.
I would say one of the most important things they need to compete with WhatsApp is a better desktop client. WhatsApp's client is great because it works in the browser and is a joy to use. It would be nice if people didn't have to be burdened with downloading a big Electron app and then sit through the slow process where it syncs contacts etc. (kind of makes the user feel like it's broken)
What? Whatsapp's client is terrible - it not only requires a phone during signup, it requires an active connection to your phone, so if your battery is every running low - good luck with that. Additionally, it allows just 1 desktop client to be active at a time, which is just a hassle. Finally, in practice the connection to a well-charged phone is still subject to the vagaries of a phone app - it's very common for the desktop client to lose its connection temporarily, and require the user to "nudge" the phone app to wake it up.
Much as electron is ridiculously heavy, I'd pick that every single day over the joke that is the whatsapp web UI. I guess our experiences differ!
As a power user I find what you said to be strong points of WhatsApp Web. For instance, I want it to alert me as soon as there's a web connection and that's only possible with the current connection model and for security measures I think it's safer to have only one instance at a time.
The connection reliability is a hassle but usually when you're in the desktop you also have a good wifi connection and even though the web client loses connectivity temporarily it keeps working as good as it can.
On the other hand it's easy to forget that you have an active session in other apps such as Telegram unless you keep track of it in your app. Someone you share your laptop with can just open the Telegram app and they'll be able to see my chat conversations be default.
I know some of these things might be something you'd prefer but I choose the hassle instead.
Whatsapp web connections aren't reliable in my experience, no matter the wifi. The problem appears to be the android "server", not the connection (or perhaps android bundles its network traffic and turns off the modem periodically to save power?) Regardless, messages get delayed, frequently, especially if you haven't touched your phone for a while. The desktop client notifying me that my idle phone isn't actively using the internet at the moment (something that merely saves power and is otherwise completely harmless, and essentially unobservable) is useless. I don't mind it telling me that the computer has no connection, but that's not what happens.
As to the "only one client is a feature" thing - it isn't for me. And if I didn't quite trust any others using my devices, chats aren't near the top of my priority list - if they have access to all my browsers cookies, and apps, and can change system settings etc etc etc I'm much more worried they'll accidentally install malware than anything else. Don't share your account if you care for privacy, it's a losing game.
I use multiple devices at a time, merely locking them. I don't want to also have all my apps go into an pseudo shutdown; and it's annoying to not be able to read old stuff during a temporary network hiccup.
Telegram desktop client source code is huge. For sure it is possible, once I was tempted to but understanding telegram UI part is the hardest part. (I was attempting to make it matrix client)
Agreed. And not only that, in my case at least the Signal desktop app is randomly missing messages (and 100% of the images). I tried reinstalling it multiple times to no avail (Ubuntu).
I'd really love to see more 3rd party alternatives.
Can somebody explain their financial model? How are they paying for the servers and stuff.
The claim "No ads. No trackers." and that they are "free for everyone".
Brian Acton, co-founder of WhatsApp, who left Facebook post WhatsApp acquisition, infused 50M USD too. [2] I hear he lent another 50M with 0% interest, repayable by 2068. [3]
Take this with a grain of salt since it's not too clear how much money they got exactly from OTF, but they seem to have been partially seeded initially with the CIA spin-off Radio Free Asia money (https://pando.com/2015/03/01/internet-privacy-funded-by-spoo...).
Since the OTF's own spin-off from RFA, it seems to have continued being non-trivially involved in regime change while funding communication initiatives like TOR and Open Whisper Systems etc (https://en.wikipedia.org/wiki/Open_Technology_Fund).
Good. Let them put their "regime change" money into generally useful infrastructure like Signal instead of propaganda for their favorite rebel group or some other narrow political goal.
Signal runs on AWS with the excuse that if a state actor decided to block Signal by blocking IPs, they would have to block all of AWS.
It all sounds fine, until we are reminded that AWS itself blocked Parler, no chance of recourse and completely within the law. With that in mind, how confident are you to think that CIA's support of Signal goes as far as they can ensure they can control the network?
The threat model for prevention of censoring Signal was originally developed around China, Best Korea, etc.
The original reasoning why WhatsApp used the same crypto/messaging format as Signal was in large part (aside from it being Good Crypto) to make it harder to selectively block TextSecure/Signal based on message content.
So the threat model is now changing (if you're trying to avoid censorship by the US govt etc) and that's going to be interesting to watch unfold. Matrix is much less susceptible to this being an existential threat, of course.
And since the first in the thread asked about money, which is an important question, Amazon has a 600 million dollar CIA contract before counting the billions in IC contracts this year to big tech. That's more than double what Bezos paid for the whole Washington Post to put things into perspective.
Initially funded by a $50M loan from the co-founder of Whatsapp. In addition to consulting contracts they have received millions in grants and donations from Mark Shuttleworth, Radio Free Asia, the Freedom of the Press Foundation and others.
Downvoters, kindly explain what is so wrong about my statement. There are costs to run the operation, having generous benefactors writing big checks (a) do not change this, (b) makes Signal's operation dependent on the source of revenue and (c) hide these externalities long enough to hinder the development of cheaper/more efficient alternatives.
IOW, "depending on donations" is not a solution. Just like Socialism, it works until we run out of other people's money.
You're getting downvoted because your comment doesn't add anything to the conversation. To claim something isn't free to the user just because it has externalities is a cheap rhetorical trick that doesn't give any new information or perspective.
I think it does add something, but people here are too sold on certain narratives to approach opposing ones with an open mind.
There is a fine line between donation and payment laundering. The latter happens more often than people would like to believe. For the thousands of 501c3s out there, there's nowhere near enough grannies writing $25 checks to keep even half of them in the black.
Of course it does. OP asked "how do they manage to have a business". "Depend on donations" is not viable for a large-scale operation that has costs that grows with the customer base.
It's hard to live on donations, but as a user it is still better than Signal being a for-profit company, as their goal would then be to increase the YoY revenue and eventually making unsavoury decisions.
No, there is no such thing as free lunch: either the user is at future risk or the company is at future risk. This is the best arrangement for users.
Wikipedia's costs do not grow linearly with the amount of people accessing it. Signal has to run servers and store the data for every user it has.
Also, if the wikimedia foundation closed tomorrow, Wikipedia's content would live on mirrors and IPFS gateways. It would still be useful - perhaps even more efficient than it is. Signal's outage yesterday that this logic does not apply for them. If they run out of money or infra, everyone is out in the cold.
> This is the best arrangement for users.
I'd argue that the best arrangement would be to stop hiding the operational cost per user and charge them for it. Donations can come later to cover users who can't afford the service. WhatsApp was doing just that with their $1/year fee and subsidizing market growth markets before Facebook got them.
I'd also make the case that part of the reason that we (as users) should not accept a centralized solution is due to the fact that a distributed/federated system gives room for competition and diversity. Switching from WhatsApp to Telegram or Signal or iMessage brings us no real progress in the aspect that we are still at the mercy of one single monopolistic entity.
> Wikipedia's costs do not grow linearly with the amount of people accessing it. Signal has to run servers and store the data for every user it has.
Wikipedia also needs to run servers. Slope may be less steep and there is part for hosting of content but mandatory costs are also growing linearly with the amount of people accessing it.
(WMF problems and how money is spend is a bit related issue, but it is not mandatory spending)
If network/storage were really a key factor in the costs of running wikipedia, they should be pushing it hard to get a decentralized version of it. So far political (Turkey shutting down their access in the country) and not technical/operational/capital issues have pushed them in this direction.
Congrats to the team. I am sure it must have been a stressful one.
Some remaining issues:
The desktop app on first message in any conversation says: "Partially sent, click for details". When retried, the message goes through, but is not synced with the mobile client (never appears there).
PS: Happy Signal exists. It's easy to let inconvenience make you forget it sometimes.
It would be nice to have a self hosted server that you can use with some friends. example: Me and 2 other friends use our own server while with my parents use signal server.
I think we there is a much simpler explanation in this case: Signal just had an outage affecting millions of people, many of whom don't have HN accounts. Some of them have found this thread.
I had to search what you meant. What is wrong with having the possibility to use your own server to communicate with friends? I have the server, they pay me for electricity and hosting.
> What is wrong with having the possibility to use your own server to communicate with friends? I have the server, they pay me for electricity and hosting.
Glad that is back and happy to see Signal growing, but I really don't like the tongue in cheek tone of Signal on social media, I hope they don't take this route like Telegram (who is becoming a social media platform itself with feature bloat).
Hope Signal adapt a serious tone and keep the product thight adding features for privacy and security.
Just a personal preference, maybe the hip tone helps to grow.
Move from the cloud to k8s hosted on their own metal. The Signal server is simplistic (a compliment), it’s the bandwidth that you’re going to get raked over the coals for at cloud providers. Burst to the cloud for outlier events.
If I'm not mistaken, signal is specifically hosted on AWS to so that governments can't just blacklist their IPs without blacklisting all of AWS. So moving to bare metal isn't really an option.
You can't win every fight. In this case, they're (intentionally or not) making a trade-off between being easier for governments to censor, and easier for Amazon to censor. I guess in their case, the many governments in the world are a bigger threat than Amazon specifically.
They actually get around SNI blocks (or did, I'm not sure if anymore) with a technique called "domain fronting". If I recall correctly, AWS wasn't so happy about it when it was bought to their attention and they were asked to stop. There was even some discussion on HN about it. Not exactly sure what the current state is.
> Governments can easily block AWS as well and they have. Even simpler, they just go for the kill-switch and kill internet.
They can, but the collateral damage of doing that is high, which is a deterrent. The only regimes where that's realistically an option are ones where they've consciously developed an independent tech ecosystem (e.g. China) or where their power is so secure they couldn't care less about the damage.
Unless you are talking about very stable countries(where this is not even an issue to begin with), we have already seen a few(russia, india etc) doing this without a second thought, not just china. The damage can be attributed to someone else when you own the communication channels.
> we have already seen a few(russia, india etc) doing this without a second thought, not just china. The damage can be attributed to someone else when you own the communication channels.
Russia might fall under the category of "regimes...where their power is so secure they couldn't care less about the damage," and it appears they did in fact see a lot of collateral damage during the attempt. India's blocks look to be localized an temporary.
Key parts of the server (eg attestation that the running server code matches the public release) run in the CPU's secure enclave, which makes it non trivial to run on your own bare metal k8s. Also, I think Azure is the only cloud provider whose kubernetes implementation supports this. I know they open sourced their implementation but I don't know how hard it is to do on your own environment.
How many users does matrix have? I tried it last fall on 2 different servers. (Hosting an own server is not possible on a small root server you can get for 5 EUR/USD a month, it requires signifcant resources.) My experience was a bit disappointing. It seems pretty overloaded already, especially the irc bridge. And we are talking of thousands of users. I'm pretty convinced that with millions signing up it would collapse completely.
Yes, I'd hope federation of many servers is the way to go. But it seems so resource demanding that not many free servers are available and even running your own one is not cheap or easy. No idea whether it will ever scale.
It's difficult to say, as the French government [0], German armed forces [1], and several thousand independent users/corporations/groups run their own servers. What we can determine is that matrix.org on its own has >10 million accounts [2] (search for "global visible accounts" in the link).
> Hosting an own server is not possible on a small root server you can get for 5 EUR/USD a month, it requires signifcant [sic] resources
A direct example of setting up Matrix is shown here [3], using a $20USD/month Digital Ocean droplet. It's a reasonable approximation, though inexact, as we don't know how many users this server will be supporting. This example is thrown further off, as it's the Matrix project lead setting up the server. He's likely in many rooms with high user counts and, as high user counts dramatically increase resource needs, likely needs more RAM and CPU than someone setting up a server for a group of friends.
I think it's gotten much easier to stand up a matrix-synapse server than when you last tried, and suspect you left with a bad taste after joining popular rooms that (due to how many users they have) lag much more than you'd typically experience. Perhaps I'm wrong and you did everything right just last week and still don't like it, but I'd encourage more people to see for themselves :)
> It's difficult to say, as the French government [0], German armed forces [1]
I'd say those don't really count here because they run their own closed groups. Even if they technically could federate with everybody else, I don't think they do. I guess they are even heavily firewalled. And they don't care having to run beefy servers, they have budget for that.
> What we can determine is that matrix.org on its own has >10 million accounts [2] (search for "global visible accounts" in the link).
How many of them active every day?
They also claim 20.000 active servers, but I could not find more than 2 or 3 open for public registration. And they seemed all pretty loaded and were like suggesting if you can go elsewhere, please do.
> I think it's gotten much easier to stand up a matrix-synapse server than when you last tried, and suspect you left with a bad taste after joining popular rooms
Exactly that's the problem: If you join a popular room your server will need more resources than the 5 USD/month server typically has. I haven't tried whether 20 USD/month would be enough, but honestly that's a bit more than I am willing to spend for playing around.
But running something with the limitation you cannot join popular rooms didn't seem worth trying either.
I honestly don't know how many users matrix has. I think others have already given references to estimates. Though, I believe it is vastly more than just "thousands of users"...but much like email (another federated protocol), i suppose we can never truly know that absolute number, just like we can never know with absolute certainty how many smtp servers and associated mailboxes there are out there.
I'm no longer hosting my own homeserver (can;t spare admin time for it), but when i did, it was running nicely on a $10 USD/month on digital Ocean...and this was circa 2019...I'm not an expert but as i understand it, both synapse (the python-based reference homeserver), and the vastly more performant (though beta) Dendrite have significantly improved since back then. There is certainly something to be said if you're high profile folks (like @Arathorn) who are members of tons of rooms...one can imagine that it would require more resources to support such vastly high interactions (for room data history sync, etc.)...But, hey, its early days, if the experience is too raw for you, you can wait a little while until this becomes more mainstream; no harm, no foul. :-)
Hosting it on cheap vps is fine if you have private only instance.
What nobody talks about is that when you start to federate this becomes huge issue. One of your users join some old and active room on matrix original instance... it will kill your instance.
So yeah the idea of federation is nice but right now Matrix is no replacement to Signal for personal messaging. Its great for replacing slack and private community servers though. I use it for that a lot.
Matrix is not ready for the general public. I am a user who can (mostly) deal with the horrible user experience of pgp. With matrix I immediately run into trouble that some of my chats could not decrypted the second day any more. The documentation is confusing, the spec has been changed less than a year ago IIRC and different clients a at different stages of implementation. Nothing that a random user could handle.
Not sure when you had your experience, but they improved on e2ee a lot and as long as you backup your recovery key you should never see "unable to decrypt message" warnings.
> Not sure when you had your experience, but they improved on e2ee a lot
As I said last fall, so maybe October 2020.
I got the impression that the big improvement happened early 2020 and maybe the Web client I used first did not support it.
But if they say that the system has been running since 2014 and the improvement that makes it usable came in 2020 I would not yet call it a mature and proven system.
> you should never see "unable to decrypt message" warnings
Warning is an understatement here :) I could not at all decrypt the new messages other people were sending me and I had to communicate with them by an independent channel. One of them was an experienced Matrix evangelist running his own servers and he could not solve the problem and not tell what I might have done wrong.
I guess part of the problem was that I started with a Web client and later moved to my own element client installation.
The element client looked easier to use, although it still remained unclear to me what exactly is the secret key, what is stored locally inside the client (and not available once I switch clients or machines), what is in the server and what I have as a backup.
If I with some practical cryptography experience cannot understand the usage in 1 hour (and I was searching around for more than an hour in various sources) it's not ready for widespread use by people who have no idea what they are doing.
I keep advocating for a solution where the passphrase is not separate from the password (like what ProtonMail did). Otherwise it’s untenable for most users.
I'm sorry that your matrix-related experience was less than ideal. I have heard of smaller numbers of people encountering issues (no denying that), but yet a greater number are still active...so i don;t know what to say...and it certainly isn't my job to try and convince or convert to towards it if you're not really interested.
> ...documentation is confusing, the spec has been changed less than a year ago IIRC and different clients a at different stages of implementation.
An opinion on confusion around documentation is too subjective for me to comment on, and i'm not sure if you're referring to user doc or developer doc or sys admin doc. Regardless, many folks seem to be building plenty of clients, bots, bridges, services, etc. using the documentation. So i'd at least say the dev. docs seem to be sufficient for many devs. While i do wish there were many more examples used in the dev docs, i have found them to be quite helpful and informative...but again, this is subjective. As to the spec being changed, actually i believe there is quite some acceleration around this, and i feel that is good in these early days...I feel like we might want a dynamic spec at least to get things as best as possible...and then years later, slow things down to avoid breakage - but maybe that's just me. Finally as far as the numerous clients, i think this is a good thing too. Let there be plenty of creative attempts at "getting this right", i say! Diversity is a good thing, and for apps/clients too! ...and much like the presence of numerous email clients, many users might just have different preferences, so its great that the underlying protocol (and associated specs) allow (if not encourage) that. Yes, eventually, after dust settles we might all congregate aroiund a small number of clients that are the "best"...but until then, it is still early days! I for one am enjoying my journey in the matrix world! (Caveat: I am not at all affiliated with any matrix project nor corporate entity, nor client dev. team, etc...I'm really just some random fan boy of matrix.)
It's called Matrix and it already exists. The most popular client is element, you can host your own instance, it has e2e encryption on by default and it doesn't require identifying data like phone numbers.
Is there any way to send messages via Signal using an API to a previously approved number? i.e. someone accepts my chat, then I can send messages via an API?
I cant find much (good) documentation on it..?
I have a system that needs to send alerts from an enterprise system, and we need a more secure way than Telegram...
Is it technically possible to have end to end encryption with Signal if it evolved to first attempt to use direct connections via RTC or some other method?
If they're incurring serious costs to run, that tells me Signal's days are numbered until it has to start commercializing.
This came up on the forum and someone raised a good point - would direct connections require the sender and receiver to be online at the same time? I feel like the architecture has to be more clever than just a WebRTC connection between clients.
> would direct connections require the sender and receiver to be online at the same time?
Could always use 'indirect' connections to store-and-forward, and only relying on the central server when absolutely necessary.
You do risk some lost messages when you underestimate failures, but the same thing applies to any central store-and-forward facility.
Early Kazaa depended on some nodes becoming supernodes. Supposedly initial Skype was decentralized like this (particular to get around NATs), until it became exclusively client-server.
The Signal protocol can deal with offline messaging, but it requires a server to do it. That is because of how the forward secrecy works. Presumably the amount of traffic would be fairly negligible for what would just be keying information.
Has anyone found a publication around what they had to do on the technical side (code)?
Edit: Their server's repo hasn't been updated since April 2020. Why?
https://github.com/signalapp/Signal-Server