Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> the people who own Signal have opinions

This is not what the OP said. It's not just opinions. You are forced to use the only client and the only server. You are forced to not have backups, and so on. You are forced to use an Android or iOS phone (security? really?).



> You are forced to use the only client and the only server.

This is a fancy way of saying that the protocol is private and that their instance of the server has a ToS. There's also nothing stopping you running your own server instance (I know of a handful of private Signal server deployments).

> You are forced to not have backups

I literally juse restored my signal backup to a new device in the last 10 mins. ¯\_(ツ)_/¯

> You are forced to use an Android or iOS phone (security? really?).

I'm interested in hearing about what other client platforms they should invest in supporting that would increase the "security" of their users and service.

What's frustrating is that these sorts of rants can generally be summarised as "I want to use someone else's service on my own terms, even if the service owner explicitly doesn't want that".

No-one's forcing you to use Signal.


>> You are forced to use the only client and the only server.

> This is a fancy way of saying that the protocol is private and that their instance of the server has a ToS.

No, this is a "fancy" way of saying that they are actively fighting against decentralization. It makes me suspicious of their intentions, to be honest.

> I'm interested in hearing about what other client platforms they should invest in supporting that would increase the "security" of their users and service.

How about a normal desktop GNU/Linux client? Is Android more secure than Linux? It depends on what threats you want to defend from, and Signal developers think that Google/Apple are not my threats. They force their own threat model on me. It makes me suspicious, again.


> No, this is a "fancy" way of saying that they are actively fighting against decentralization. It makes me suspicious of their intentions, to be honest.

I don't really see them "fighting" anything? They've made a decision that they want to build a centralised service, and as far as I can see they've been pretty open about why they want that and quite happy running a centralised service. Are they going round trying to convince other people to choose against decentralization in their systems?>

If anything, the "fighting" here seems to be from people who really really care about decentralization and really wish Signal would just adopt their value system and do what they want, as though it's some sort of objective good.

> They force their own threat model on me. It makes me suspicious, again.

This is true for literally every company running any service you use. The people who pay for, design, engineer and run a service "forces" their threat modelling, feature prioritisation, colour scheme etc. on you. If you're suspicious about it or don't like it, simply stop using it.


> Are they going round trying to convince other people to choose against decentralization in their systems?

Yes? For a while moxie would show up in every matrix topic to talk about "But matrix is federated and federation is slow moving and therefore bad". The most commonly quoted argument against decentralisation is hosted on signal.org: https://signal.org/blog/the-ecosystem-is-moving/


Not having a horse in the the race, android is like orderS of magnitude more secure than your average linux distro.


Secure against what? How about protection from the Google's tracking?


Privacy != security. A random npm script can encrypt all your photos, while nothing close to that can happen on your phone.

Also, grapheneOS can be 100% google-free.


How about using Signal on Qubes OS? Will you also say that Android is more secure than that? I just want to take care of my security myself.


Qubes OS is cool, but the linux userspace as a whole doesn’t have a good solution to sandboxes with fine-grained permissions. On that front, Qubes OS is a radical “solution”, akin to using different devices for different things, which is good practice, but it is not as practical as the out-of-the box security of ios/android


> There's also nothing stopping you running your own server instance (I know of a handful of private Signal server deployments).

Since Signal doesn't federate, your own server instance is about as useful as a glass hammer.


.... to you.

To other people, it's quite useful.


No one's forcing you to use signal at all


Network effect (of people "caring about security") is.


Good, because I'd hate using it.


> You are forced to use an Android or iOS phone (security? really?)

I agree with your other points, but not this one. Mobile OSs are so ahead of the competition in security it is not even funny. Like, as much as I like my linux systems, they are a huge pile of vulnerability not even making the task of a hacker hard.


What if I want to protect myself against the Google's tracking? There is some tradeoff currently here. I'm fine with that. Also, I'm not going to use a regular Linux distro but Qubes OS.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: