1/ In defense of #Signal. Yes, I'm a guy that just posted a roundup of distributed/mesh messengers https://changelog.complete.org/archives/10205-roundup-of-secure-messengers-with-off-the-grid-capabilities-distributed-mesh-messengers of which #Signal was obviously not part. I am really excited about the potential of those.
But to the general public, I still recommend Signal. Here's why.
2/ #Signal brings #encryption and #privacy to meet people where they're at, not the other way around. People don't have to choose a server, it can automatically recognize contacts that use Signal, it has emojis, attachments, secure voice and video calling, and they all just work (Musk aside). It feels, and is, a polished, modern experience with the bells and whistles they are used to.
3/ I am a huge fan of #Matrix/#Element and even run my own instance. It has huge promise. But it is Not. There. Yet. Some reasons:
#Synapse, the only currently viable Matrix server, is not ready. My Matrix instance hosts ONE person, me. Synapse uses many GB of RAM and 10+GB of disk space, with little tuning for either. It's caused OOMs more than once. And this is AFTER extensive tuning. It cannot be hosted on a Raspberry Pi or even one of the cheaper VPSs.
4/ Choosing a #Matrix instance. Well you could just tell a person to use matrix.org. But then it spent a good portion of last year unable to federate with other popular nodes due to Synapse limitations. Or you could pick a random node, but will it be up when someone needs to say "my car broke down?" Some are run from a dorm computer, some by a team in a datacenter, some by one person with EC2, and you can't really know. Will it be stable and long-lived? Hard to say.
6/ #Matrix is so hard to set up on a server that there is matrix-docker-ansible-deploy https://matrix.org/docs/projects/other/matrix-docker-ansible-deploy/ . This makes it much better but it is STILL terribly hard to deploy, and very simple things like "how do I delete a user" or "let me shrink down this 30GB database" are barely there yet, if at all.
7/ Encryption is not mandatory in #Matrix. E2EE has been getting DRAMATICALLY better in the last few releases, but it is still optional, especially for what people would call "group chats" (rooms). Signal is ALWAYS encrypted. Always. (Unless, I guess, you set it as your SMS provider on Android). You've got to take the responsibility off the user to verify encryption status and make it the one and only way to use the ecosystem.
8/ Again, I LOVE #Matrix. I use it every day to interact with Matrix, IRC, Slack, and Discord channels. It has a TON of promise. But would I count on it to carry a "my car's broken down and I'm stranded" message? No.
9/ What about some of the other options out there? #Briar is fantastic and its offline options are novel and promising. But in common usage, it can't deliver a message unless both devices are online simultaneously, and doesn't run on iOS (though both are being worked on). It also can't send photos or do voice or video calling.
10/ Some of those same limitations apply to most of the alternatives also. Either that, or they are encryption-optional, or terribly hard to set up and use. Just today, I boosted a post about #Status, which shows a ton of promise also. But it's got no voice or video calling capabilities. How about #Scuttlebutt? Fantastic protocol, extremely difficult onboarding (lengthy process, error-prone finding a sub, multi-GB initial download, etc)
11/ So #Signal gives people: dead-simple setup, store-and-forward delivery, encrypted everything, encrypted voice/video calls, ability to send photos/video encrypted. If you are going to tell someone "it's so EASY to get your texts away from Facebook and AT&T", THIS IS THE THING you've got to point them to. It may not be in 2 years, but for now, it is. Do not let the perfect be the enemy of the good. It advances the status quo without harming usability, which nothing else does yet.
@jgoerzen great exposition, most comprehensive address to my objections. still: i don't want to give my phone number to people i don't trust (that is moxie and openwhisper and all who can grab it from the discovery process, like the police, the state, fascists, etc). i don't want them to have my kid's phone number either, nor my friends and comrades. 1/
@jgoerzen fascism is here, all around us already, in various forms. those phone numbers will be in many databases comprising a graph of relations of everyone on signal. available to all future police and repressive regimes. unacceptable
@zeh I think you and I are pretty much in agreement about Signal's weaknesses. But for the vast majority of people, the choice is not "Signal or #Element", it's "Signal or SMS/Whatsapp". And the reason is that Signal is the only thing that they are going to be able to easily learn, use, and understand.
Give them Status or Element and it's going to get tried out for 10 minutes and then ignored or deleted, by the vast majority of people. Either that or they will stumble into plaintext.
@zeh 2/ As I reflect on this, I'm going to make a bold and possibly wrong assertion: #Signal is the first and only system the world has seen that makes strong cryptography easy to adopt correctly for everyone.
Signal isn't perfect but it's better than the alternatives people are used to, and that right there is huge.
@jgoerzen you are defending that we should compromise on metadata security. i refuse that. metadata is as important (or even more important than data, since it's analysis can be automated). they arrest, torture and kill based on metadata. i will not recommend a communication system that is an absolute dead end wrt metadata protection and will not say it is "more secure" when compared to whatsapp/sms - as that is deceptive and will put them in danger.
@zeh Not really. What I'm saying is if you take the "all or nothing" attitude, and "all" is hard to use correctly, is crypto-optional, or doesn't have features people want, they will go to "nothing" instead (or use "all" incorrectly), which is WORSE.
Fundamentally, every "instant" system is vulnerable to a timing analysis by sophisticated state actors anyway (whenever person A sends a packet, person B gets one).
@zeh There is absolutely a need for things like #Meshtastic that don't even use the Internet, and other things that tilt the balance further away from usability. But advocating their use in such strong terms now is counter-productive at lifting the global average level of privacy, because they are hard to use correctly and don't have the features people expect.
@jgoerzen my attitude is not "all or nothing". it's "this is not enough", it lacks metadata security. and if i recommend it people will not understand or remember that behind the veneer of easy to use, there are serious dangers that may expose come them in the future.
@jgoerzen and you know better than i do that timing attacks are targeted attacks, in a whole different class than the basic protections of data and metadata at rest that we are discussing here.
@zeh @jgoerzen Signal only knows users' phone number and date they last used Signal. https://signal.org/blog/looking-back-as-the-world-moves-forward/
@be @jgoerzen the user's phone number is pure gold for adversaries, as it is a stable identifier to link to other data and profiles. that number is advertised to the network in the discovery process and allows attackers to make a relationship graph. https://www.tu-darmstadt.de/universitaet/aktuelles_meldungen/einzelansicht_271872.en.jsp (and we can't change that because the only servers allowed are openwhispers', which is at odds with common expectations for foss code)
I don't know who *your* people are, and therefore won't contradict you.
But in very general terms, even with access to the Signal servers, Signal *is* more secure than SMS. The bits it does not cover may be crucial to you, of course, but within what "regular" users will put up with, Signal and Threema (you should have a look if that fits your bill better), are the best we have these days.
@jgoerzen @zeh It is a good evaluation of the 'secure-messengers' ecosystem. I think, prior, keybase also did a really good job in making it *easy* to have complete encrypted messaging - even connected to your existing gpg identity. Of course, with the zoom acquisition,
trust has been eroded by now and few people still consider it viable. The one issue I have with Signal is its continued refusal toward federation, but I realize it's a difficult topic to broach.
costs a little to install (via playstore, appstore or directly from their website), free to use. That price pays their bills. It's securely e2e-encrypted, has passed a few audits, source has been published too. My whole family, including several non-technical pensioners, are using it, never had issues.
It's not linked to phone number, runs without SIM.
I use both Signal and Threema, can recommend both.
@jgoerzen @zeh #Signal is so far from perfect that calling it merely "imperfect" is absurdly generous. For the grandma use-case, #Wire is a drop-in replacement for Signal. Grandma doesn't care if her metadata links her to her grandkids, but forcing grandma's network of friends & family to get GSM/CDMA subscriptions & share their ph# is a stupid move that's both exclusive & privacy-abusing
@zeh @jgoerzen Those who call #OWS #Signal merely "imperfect" have not read or fully absorbed this article on what a shit-pile it is, in terms of ethics, privacy, & security: https://github.com/privacytoolsIO/privacytools.io/issues/779
@resist1984 @zeh @jgoerzen My wife and I have been using our own self hosted service and experimenting with Session. It's curious that Session doesn't require phone numbers, even though it's a fork of Signal and used the Signal protocol until very recently. I haven't voiced that concern to my normie friends who use Signal because I'd rather them use anything other than Facebook and I don't want to confuse them, but I can't help but wonder.
@jgoerzen @zeh it seems the choice for most people has become #Signal or #Telegram, that’s how it’s shaping up in the UK anyway, both are high up in the top app lists and I’ve seen my friends and family split between the two as they leave #WhatsApp. Baring in mind SMS isn’t an option here, not even my grandma uses SMS, only the US still uses SMS for some strange reason. I guess we have to factor in #iMessage too, indeed my family are all iPhone users.
@jgoerzen @zeh ...all that fragmentation then causes problems of course, people don’t want to switch between many different apps to stay in contact. I think #iMessage gets a pass since it’s built into the OS it’s not treated as an “app”, but the battle in the UK is now going to be #Telegram vs #Signal. I can see average users liking Telegram more because it has more bells and whistles. Shame everyone thinks it’s “encrypted” when it isn’t.
@jgoerzen well, if they can't be bothered to invest more than 10 minutes, they are choosing this by themselves. hard problems don't have easy, comfortable solutions.
signal is big tech, they have more money than they could count, are more or less closed source (you don't know what the.server runs, 3rd party clients are verboten) and behave like all knowing assholes.
I totally agree with that!! But how about using a burner number from the internet for sign up? Then set a strong registration lock password. You won't need access to the number after that anymore. Of course, it would be nice to do that without a workaround, but still...
Btw, your phone number is sent to the server only in a hashed form. So I imagine plain text retrieval by a third party a very hard task to accomplish...
It may be worth reiterating at this point that although Signal uses your phone number as a user identifier, I'm not actually sure of they store it or just a hash of it, and they definitely don't transmit otjer numbers from your contacts for discovery:
They also announced they're trying to move away from using phone numbers at all (the recent intoduction of PINs is in preparation of that) -- but it may take some time
@Mr_Teatime @zeh @jgoerzen It occurs to me that they could theoretically store a hash, and then ask for the ph# again at acct recovery time, then compare the hashes. But I don't give OWS the benefit of the doubt considering how they push users into Google Playstore & claim it's safer than the APK download which they hide. It's hard to trust OWS anytime trust is needed.
As far as I can tell, they are pretty good at minimizing the amount of stored data, including profile, contact data, metadata etc:
As far as i can tell, they don't have more than the phone number (hashed or not, not sure, haven't found the info yet)
Also, the code is open source, so it is testable whether it does what OWS says it does -- no need to speculate.
Cryptoscam? Which news did I miss again? Do you have a link or something?
Also, they do have a reson for not federating -- I think there are more important counterarguments, but it's a valid one: Federating means the server will be operated by loads of different people, some of whom might not know what they're doing or be malevolent, and regular users can't (and shouldn't have to) make sure that their own and their contacts' providers do everything right.
@Mr_Teatime @jgoerzen @zeh zeh is likely referring to this: https://www.schneier.com/blog/archives/2021/04/wtf-signal-adds-cryptocurrency-support.html
oh wow... thanks for the hint!
I think I agree with Schneier on all points: Signal is currently (still ... so far) the best messenger "for the masses", and attaching a cryptocurrency to it is dangerous and smelly. Very smelly.
And it does reduce my esteem for Moxie Marlinspike, who has in the past walked away from large piles of money in favour of the common good.
Wonder if the recent success went to his head.
@Mr_Teatime @zeh @jgoerzen I've always considered #Signal trash (see https://github.com/privacytoolsIO/privacytools.io/issues/779). For #Schneier to endorse it for "grandma" neglects the fact that Signal is exclusive. It completely disservices grandmas who just want to reach everyone. Signal excludes those without mobile phones & those unwilling to share their number with OWS, which makes grandma exclusive.
Wire has taken venture capital, though, so it's effectively inevitable that they'll try to sell their users at some point.
With that funding model, the incentive to sell out grows proportionally with the size of their userbase...
I'm kinda hoping that Jami becomes sufficiently mature soon. Or maybe some miracle happens to XMPP, but that's not probable. Maybe someone picks up the Signal code if/when they continue like this?
»Without mobile phones«
So ... that grandma in your example has a PC/laptop but no smartphone, or has a smartphone but is unwilling to tell others her phone number?
I'd say there's a few orders of magnitude fewer people who fall into that category than the people who have nothing but a smartphone and don't know how to use it for anything but facebook and whatsapp.
*both* groups are important but for the second one, Signal is the best thing out there.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!