All first-level comments on this article are dead due to the scourge of downvoting - Quo Vadis, Hacker News? I understand that Signal has its loyal share of followers but this is just silly. I checked the dead comments and did not find them to be so egregious as to deserve execution. If you don't agree with a comment just respond or ignore instead of trying to cancel it.
Do I use Signal? No, I do not. I run my own XMPP server which has none of the downsides of Signal/Telegram/Matrix while sharing many of their upsides. Do I feel the urge to downvote anyone who uses something else? No, of course not, why would I?
It's absolutely vile seeing these comments all flagged. Using moderation tools to silence people feels extremely poisonous and I hate it.
I share some of the hackles of requiring phone number verification.
Still, I can't help but be a bit disappointed that none of the comments are really speaking to the architecture & change this article is talking about.
Shadow ban the comment for people abusing the "flag" button. Downvotes could only gray comments. I hope I am not suggesting morphing HN into old.reddit
- get rid of the default greying-out, make it something you need to opt-in to, i.e. more or less the reverse of the current 'show dead'
- get rid of 'downvote to disagree' as a policy since it reinforces group think
- Add 'reason for downvote' and make it mandatory to choose one, then add meta-moderation to combat downvoting abuse
- remove 'flag', its function can be incorporated in 'reason for downvote'
All this can be put behind the existing downvote button, the interface does not need to change except for the removal of the default greying-out of downvoted comments.
> It's how HN has always worked, and in my opinion needs to. A site that cares about discussion quality needs those white blood cells.
The first links reads:
pg on Feb 16, 2008 | parent | context | favorite | on: PG on trolls
I think it's ok to use the up and down arrows to express agreement.
Obviously the uparrows aren't only for applauding politeness, so it
seems reasonable that the downarrows aren't only for booing rudeness.
It only becomes abuse when people resort to karma bombing: downvoting
a lot of comments by one user without reading them in order to subtract
maximum karma. Fortunately we now have several levels of software to
protect against that.
The second link:
pg on Dec 10, 2008 | parent | context | favorite | on: News.YC Growth
Downvoting has always been used to express disagreement.
The third link:
pg on June 15, 2009 | parent | context | favorite | on: The default form of disagreement
IIRC we first had this conversation about a month after launch.
Downvotes have always been used to express disagreement. Or more
precisely, a negative score has: users seem not to downvote
something they disagree with if it already has a sufficiently
negative score.
You shouldn't make the perfect be the enemy of the good. You often don't know how much to trust someone. You may well want to chat with people you just met. People can also lose their phone or have it stolen.
This just provides an additional layer of protection, allowing you to chat with people without revealing what is increasingly linked to your actual identity in some countries.
In that case why not have an alternative where you pay $5 in cryptocurrency? It costs no more than that to get a phone number, meanwhile you now have more money in the development fund.
100% of the spam I’ve gotten over Signal in the past few years (two messages) has been from cryptocurrency scammers, exactly the sort of people who would have $5 in cryptocurrency many times over to create new accounts with.
Which is why rate limiting by phone numbers doesn't work against them either, as you've noticed. If they have $5 in assets to burn then they can buy a $5 prepaid SIM card.
Some countries require ID to get a phone number. Phone number verification means you now can't originate spam from those countries, which is very helpful for discouraging many spammers.
from TFA:
"Let me start by kind of explaining that with an example. In India recently, it has become a requirement, in order to obtain a SIM card, to submit to a biometric facial recognition scan.... Some, in some places like Taiwan, that is linked to government ID databases that often get breached and cause a lot of problems,”...
They explicitly mention, next, that this is not for US users. From what you, and they, say, Signal is not good if your threat includes the US government. It is good cover agaisnt India, Taiwan, Mexico. Probably not agaisnt UK or Israel, eg.
> Signal is not good if your threat includes the US government. It is good cover agaisnt India, Taiwan, Mexico. Probably not agaisnt UK or Israel, eg.
Signal is useless against anyone willing to do a deal with Cellebrite/NSO group and the like. Which is pretty much everyone, especially the countries you mentioned.
Nothing is 100% secure against the mossad or whatever, but what are you going to do, not use any electronics communications? Quit being a journalist? Given the constraints it's still the best choice, and using it raises the cost compared to any other alternative.
If your system isn't 100% secure against hacking, you can't really use the system for business.
The solution you're forced to use if you can't get genuinely secure equipment is of course to not use electronic communications. Genuinely sensitive meetings should be held outside, with no electronic equipment brought and at an unexpected place and time.
> If your system isn't 100% secure against hacking, you can't really use the system for business.
In a perfect world? Yeah sure. But in the real world that's simply untenable. Every major browser has critical CVEs every few months. Clearly they're not "100% secure against hacking". Are you suggesting that we "can't really use [them] for business"?
>Genuinely sensitive meetings should be held outside, with no electronic equipment brought and at an unexpected place and time.
The physical world is anything but secure, especially when you're up against the local security services with tens of thousands of agents. Parabolic microphones exist. Bugs can be installed. "unexpected place and time" might make those hard/expensive to pull off, but it doesn't make it "100% secure". Moreover, how are you supposed to coordinate all of this cloak and dagger stuff without electronic communications?
You don't coordinate this stuff. If you coordinate it people know where to set up their parabolic microphones.
You just go off into the woods randomly during lunch, or some other time that is unlikely to be anticipated.
Coordinating it would just destroy the security.
Also, isn't it better to be overheard by somebody with a parabolic microphone than to have everything collated and stuffed into an LLM without anybody having to do anything?
>You just go off into the woods randomly during lunch, or some other time that is unlikely to be anticipated.
That might work if you're planning to start an "insurrection with the boys", but how are you going to "go off into the woods randomly during lunch" if you're a journalist working with an anonymous tipper?
Ah, I was thinking more about 'Now, let's decide the direction of the company, which if it were something fully known by our competitors would likely ruin everything'.
But yes, it's not an approach that can help journalists at all.
>Signal is 0% secure because it is the main target of their attacks.
1. This is a non-sequitur. Just because they're trying hard to break it, doesn't necessarily mean it's broken right now. Moreover, even if we grant that they have 0days stockpiled, it doesn't necessarily mean they're going to burn those on any target.
2. What are you going to use instead of signal? Some off-brand messenger that's not "the main target of their attacks" but is also less well scrutinized? I'd rather not engage in security by obscurity.
Apps like signal are not intended to individually protect you from hostile states. They let normal people chat with reasonable assurance that their messages are not being read by other people. It also provides very good assurance against mass surveillance.
The cryptography is such that even nation states almost certainly can't crack it either. But then, if you were a specific target, they would just compromise your phone, not attack the crypto.
I'm always a little sceptical that the government agencies are anything like as capable as they are claimed to be. I've no doubt they have a load of zero days in their back pocket and various techniques to exploit them, but they also have a strong interest in their capabilities being perceived as both extensive and mysterious. The smoke and mirrors stuff they are excellent at.
There is a joke from XKCD about "cryptoanalysis" with a 5$ wrench. In the country where I come from there is a joke about another kind of "cryptoanalysis" - thermorectal one. A non-Superman person cannot withstand either. Should we stop using crypto?
It was the protocol to use at 38C3 and I was interested to compare it to the previous incarnation I tested briefly for 36C3 in 2019.
The experience without a doubt was the most miserable exercise in how NOT to design a messaging application or UI I've EVER seen. It's......wretched, it's somehow managed to get WORSE since 2019. The instructions for are opague, the implementations slow and needlessly complex and the UI has bouncing around the screen for no discernible reason.
It's ludicrous, that the modern IT / Hacker crowd insists on it and/or Telegram as the preferred messaging choices while all agreeing that they are unanimously horrible or insecure.
I often see similar sentiments expressed, and then I wonder if they come from a different Matrix world than mine. Matrix is my primary chat, using daily. I'm in 100's of chatrooms hosted on federated servers (to be fair many on matrix.org), and using Element web UI that only has few unnecessary bells and whistles, unlike Slack and Discord. The UX is good enough and effective. There are frequent updates, mostly improvement but, yes, sometimes something breaks. But for that I have an all-FOSS and decentralized open standards based network.
Notice how the piece you linked ties together facts in a way that implies an otherwise unsupported narrative: Signal received funding from .gov (true), that funding expired after some period (true), Signal is currently struggling financially (true). Missing is information such as: How much of Signal’s funding came from .gov? (Not mentioned.) When did the funding end? (Asked but not answered.) Any indication of causal link between loss of .gov funding and current financial trouble? (None mentioned.) Yet the clear implication is that Signal was created as a CIA psyop, and was only ever successful due to sinister government connections.
It’s a great story for someone who makes a living implying the CIA is behind everything. (Previous stories on his Substack: “Third 9/11 Hijacker May Have Been CIA Recruit,” “How CIA and NSA Created Google,” “RIP BuzzFeed News, Intelligence Agency Propaganda Conduit”)
But that’s rather ad hominem of me. So don’t just believe me—analyze the details of the story for yourself, and form a conclusion.
It may be, but that's not what the article said or implied.
> Among the resources developed under “Internet Freedom” were State Department-funded “stealth wireless networks,” enabling anti-regime activists “to communicate outside the reach of governments in countries like Iran, Syria and Libya.”
> A now-deleted entry on OTF’s website amply demonstrates Signal’s conception was precisely concerned with furthering this “agenda”. It notes the app was designed to counter “restrictive internet filtering by technical methods” and “repressive surveillance or monitoring of communication.”
> In other words, Signal gifted the CIA “well over a billion” potential insurrectionists, by providing them with a means to organize their activities away from the prying eyes of local authorities.
someone's vetted the code, right? I'm not just texting my drug dealer for the NSA to tell the DEA to then later parallel reconstruction me, to listen in on with this thing, am I?
Do I use Signal? No, I do not. I run my own XMPP server which has none of the downsides of Signal/Telegram/Matrix while sharing many of their upsides. Do I feel the urge to downvote anyone who uses something else? No, of course not, why would I?