I love Signal and use it as much as I can, but I'm thinking of switching to Matrix solely because the desktop client is pretty bad. It won't show me messages until it syncs everything (so I can't even see old messages while things sync), and, what's worse, it skips messages, and multi-device just doesn't work. My laptop just shows "Message could not be decrypted" until I delete everything and reset.
I'm not sure why it works so poorly after years of existence, but unfortunately I'm losing hope that it'll be fixed. I sometimes feel like the Signal team doesn't use their product, or they would have noticed this. Meanwhile, yes, Matrix took years to add encryption, but it works much better than Signal, even with quite a few small bugs.
> Meanwhile, yes, Matrix took years to add encryption, but it works much better than Signal, even with quite a few small bugs.
I'm not sure which Matrix client you use, but clients like Riot don't even let you opt out of sending read receipts unless you edit `/etc/riot/config.json` to enable experiments and then go into the settings to disable read receipts. Problems like this (and issues like this [0]) give me the impression that Riot isn't designed for people who need privacy.
(Yes, there are other Matrix clients [1], but my understanding is that Riot is the flagship interface.)
I'm a massive Matrix fan and have high hopes for it but in experiments we've done with activist and journalist partners we've found the Riot.im client often gets a bit complicated for people to use. I think the main issue people have is related to keys. As I techie I love the options but I find many don't like having all the options. Signal of course is a lot easier as it hides many of those issues in the UI/UX.
The root problem is the requirement to verify that you are talking to who you think you are talking to. If you skip the identity verification stuff then you are inherently trusting a 3rd party. So if you are not exchanging your key fingerprints (safety numbers in Signal terms) then you are kidding yourself.
Exactly. That's the root problem and it's a problem that won't easily go away UI/UX and useability vs Security. To be honest right now most people have voted with their useability thumbs.
Even without verifying safety numbers, you’re still better off on Signal then you would be on another platform that doesn’t even offer the option of verification. If you’re looking to MITM a conversation on Signal you can only guess whether or not the recipients have verified each other, whereas on a platform like iMessage you know they haven’t because it’s not an available option.
SS7 spoofing is not a hard thing to do. Who knows if you really are initiating to +14055551212 who you think they are. I guess using multiple techs in serial could obfuscate the initiation correctly (voice, IM, Social Media, etc)
PGPFone had a neat thing where it'd show each participant of a voice call a short string they'd read out loud, and then the crypto would use those for handshaking. MITM'ing voice, as part of a freeform conversation, especially between friends, is a lot harder.
Out of curiousity, did you ever try keybase? It always struck me that usability as well as security were their primary focus. And I think they did the whole key management / chain of trust thing really well.
Hopefully none of that changes now that they've been acquired by zoom.
It's gotten better - I'm dual-running Riot/Matrix and Signal. Cross-signing has fixed the main issues affecting encrypted chat usability but there's still plenty of UI improvements to make.
I just opened my Signal desktop app that I had synced previously. It asked me to resync again with my mobile device, which needs camera permissions to take a picture of a QR code. I had previously removed Signal from my mobile device. Low and behold, my account no longer existed and I had to sign back up with a phone number. I then clicked sync and most of my messages on my desktop are gone. I don't see how this is easy by any standard.
If I understand your description, you reset your account. They delete the messages for safety when you reset. An attacker could reset by getting ahold of your phone number by sim jacking or the govt getting your text. It's a safety method so no one can take you texts. Of course many people want to carry their texts along, but this is a safety risk if you lost control over your number. So that's what signal is doing. If I recall when I had to reset my own number they did say they were deleting my old messages.
Signal allows backing up messages (though the UI and workflow for it is still rather clunky), so you should be able to restore them even if you switch to a different phone number entirely.
No, I had removed the app from my mobile previously, not deleted my account. When I resynced, they had removed my account and the messages saved on my desktop disappeared.
That is the same thing. The messages were stored on your phone never on any "account". The desktop was only ever a mirror of the phone. This is explicitly how Signal works. WhatsApp works the same way.
If you did not delete the Signal directory on your phone then there should be some old backups with your messages there. These will be encrypted so you will need to original password to unencrypt them.
I, for one, have a bigger problem with it forcing the use of phone numbers as a sign-in method. They're an arbitrary identifier from a legacy system that there's not really a point in continuing to extend, because if your device is capable of anything more advanced than SMS it's also capable of... well, this.
Also KaiOS and the like are making chat feasible even on feature phones.
Don't get me wrong, RCS will be a fine enough fallback (once it's E2E), but standardized chat is the dream.
> Don't get me wrong, RCS will be a fine enough fallback (once it's E2E), but standardized chat is the dream.
Is there a plan for RCS to be E2E? Given that RCS went under the GSMA umbrella in 2008, and it's 2020 and adoption is minimal, I don't have any hopes for a future update that supports E2E to come out any time sooner than 2040, with handsets supporting it in 2050, and all endpoints supporting it in 2065; Google will have released about 30 more messangers by then, of course.
Tackling this point separately: the entire reason they do this is because they routinely experiment with side projects and then build the ideas that work well into the services that gain traction. As much as it comes with the drawback of being scattershot in general, it specifically creates a track record for failure with messaging because successful messaging products, as a rule, have network effect - something you can't build when you're playing with three different approaches simultaneously.
For an example of where this works really well, look at how all of their adaptive UI efforts feed into each other:
* The enhancements to multiwindow that were built for foldables became Android's desktop mode, to the point that it was built specifically as a test environment and now underpins DeX etc
* Desktop mode's only hardware requirement is a display output, suggesting in addition that Android apps as a whole are no longer bound to specific 1:1 relationships of UI and form factor. (This is, imo, a much bigger deal than we're making it out to be, and opens up possibilities ranging from hybrid game consoles to mobile content creation to better takes at mobile-powered VR.)
* The existence of a base OS implementation and the fact that it's controlled by the system launcher, a component the user can rip and replace, pretty much ensures that custom ROM communities are already toying with this
* Android supports PWAs - installable, natively-scalable webapps - meaning that when desktop mode inevitably stops being feature-flagged there will be examples of convergent apps that work on day 1
* Desktop support for Android apps enhances those same apps when used on ChromeOS
* Flutter, the toolkit built for Fuchsia - an OS designed from the ground up with this sort of scalability in mind - is capable of targeting all of the above
>As much as it comes with the drawback of being scattershot in general, it specifically creates a track record for failure with messaging because successful messaging products, as a rule, have network effect - something you can't build when you're playing with three different approaches simultaneously.
I think what Google needs to do is to seperate the messaging protocol from the messaging software. The protocol needs network effects. The software doesn't. That's why shutting down Google Inbox didn't kill email and it's why any new experiments with email software can benefit from the network effects that email protocols already have.
Hard agree. I'd also argue that any meaningful antitrust action we may eventually impose on big tech companies should force this.
If the one thing so far that's led the feds to threaten this is that they wanted to build a modern protocol for cross-service messaging, then there's no sane reason we couldn't have asked for that exact thing as a spec.
Not within the spec. Which was sort of the point I was (poorly) trying to make - that it's a huge caveat, but otherwise a decent fallback if and when that changes.
Google is adding an implementation into Messages, and it's honestly not a critical problem if OS vendors are supporting it at that level, but there's still too much we don't know about it imo. Will that be supported by iOS, if and when it supports RCS at all? Will it work for third-party clients, if and when Android gets APIs?
I'm not sure how much optimism I have that this will be anything other than a fragmented mess in the short term.
The only thing getting RCS any real traction is Google seems to be pushing it in their SMS application, and is now running an RCS server for everyone (or something).
Which basically means, instead of having a federated mess as designed to replace the federated mess of SMS and MMS, we'll get a Google mess, maybe. But if Google was any good at making messenger apps, maybe enough people would use one of them that it wouldn't be killed.
Which just sort of loops back to how if Web-based chat had a spec with meaningful user traction we wouldn't have any real use for RCS in the first place.
Also how XMPP could have been that spec, if Google hadn't decided when launching (the first version of) Hangouts to go full Ayn Rand while doing it.
"even on feature phones"? It was perfectly possible at least back in the early 2000's. Where I'm from, we've gone through a lot of different IMs over the years, including XMPP (which I was a big fan of, but started to despise because it had such terrible support for mobile clients). Many J2ME clients had pretty advanced features like group chats and file transfers.
I knew Signal was against federation but I hadn’t realized they had pretty much banned third party clients. That would otherwise have been a really easy win for people that actually care about the system integration, performance, and architecture of desktop clients enough to shun electron “clients.”
The Signal team has always been open about the reason why they reject third-party clients: they claim that XMPP adoption was hindered by the inability of a user’s software to know if the software on the other end supports the same feature set. XMPP had grown into a large set of features that some clients supported and others did not.
If Signal introduces a new feature, it knows that all users’ devices will support that feature, because its own software is the only game in town.
Cases where a client is completely broken are never the problem: users will be forced to switch to a different client. It sucks, but it's no worse than the current state of affairs. A security-mandated change in protocol/behavior would fairly fall under that category.
You can always define backwards compatibility that only goes to a certain lowest common denominator feature set, and no lower. For instance I have a number of httpd that support TLS1.2+ and specifically disallow SSLv3, TLS1.0 and TLS1.1. The population of browser user agents that don't understand TLS1.2 is infinitesimal at this point.
They also time bomb their own software, so if you don't take automatic updates from them it just stops working.
[Yes, you could manually compile it and update it... which is what I did for the first year I used signal, until it expired on me with no warning while I was away on a trip and had no way to update it.]
Beautifully mediocre, but yeah it mostly works. (Never been able to use Signal so I can't compare, but Riot's encryption was completely broken until a few weeks ago, and now there is only the occasional "hold on, gotta fetch keys for 10 seconds" and slow scrolling up, etc. It can't compete with something like Telegram in terms of UX; it is infinitely better for privacy but it doesn't "work beautifully".)
It was a non-stop shitfest of buggy encryption and broken UX last I tried. A group of us tried using it for a bit and gave up because we kept losing messages, couldn't figure out which messages were "secure" in various ways, and had confusing horizon effects where only some people could see some messages.
That was a couple months ago. Maybe it has improved massively since then? I guess I'll try it again later this year.
Definitely improved somewhere last month. Not bug-free by a long shot, but while I also gave up on it after trying it in February, I'm now using it in favor of Keybase that got bought by some shitcorp.
No idea what problems you have, but I have been using encryption heavily since it got enabled by default.
And I have never had any issue with it - even the transfer of encryption keys in the background to verified 3rd party clients worked like a charm.
But, also this experience may not have been possible before may (when they released a big update with e2ee by default).
I do get the occasional missing messages in the desktop client but what I notice most is that it gets unstable and weird when there is a update available (which I don't get notified about). Desktop and laptop with Ubuntu btw, signal installed via snap if I recall correctly.
The desktop was pretty terrible for me (on Linux) for until a few months ago, but now it works perfectly. The only thing missing is sms from the desktop but from what I understand Signal won't ever add that because sms isn't secure
I really hope this improves, I had to reset my laptop's Signal Desktop just last week because all the messages were "couldn't decrypt" and I was missing messages on my desktop just today.
I work on calling for Signal, and the last few months we have been working on desktop calling. It's nearly ready and will hopefully be in public beta in a matter of weeks, and (again, hopefully) fully available in a few months.
Riot and almost all of the other clients I tried all phone home to some kind of metadata/identity or push server that is run by some private company I’ve never heard of (which isn’t part of Matrix/Riot).
Riot only ever talks to identity servers (which simply maintain a directory of matrix users by phone number or email address) if you actually try to look up a user by one of those identifiers, and if you actually opt in to it. We used to do it without opt-in when you searched, but this was fixed at https://matrix.org/blog/2019/09/27/privacy-improvements-in-s....
For Push, whatever app you use needs to have a push server that talks through to Apple/Google if you use their push. For Riot, that server is run by the New Vector (vector.im), the outfit which makes Riot.
It does not appear that your statement is accurate.
I just fired up Riot 1.6.2, the latest available from the site.
It makes three connections, one each to matrix.org, vector.im, and riot.im on startup.
Even after removing application settings and preferences, it connects to all three of those on startup, just sitting at the login screen, not signed in to anything. I didn't opt in, and I didn't look anything up; it was automatic (and silent!) on a blank install.
That's completely unacceptable, and counts as telemetry to three separate parties, whether intentional or not.
The local app should not send any traffic whatsoever when launched and sitting at the login/signup screen. It should make a connection to the homeserver chosen to log in to, and that server alone.
This is semi-unrelated, but indicative: I posted a bug about photos taken in landscape showing up as portrait (ie sideways) if the screen is locked, and it was closed as "we'd like to have this fixed at some point".
How is rotating photos properly not a priority for a messaging app? It's really annoying to have half your photos rotated sideways, and it screams "buggy app" to both participants of the conversation.
I would understand the urgency if this issue would occur in the app when you open it normally but the lock screen? Really?
At this point I'd say you desperately look for something to complain about. Why don't you just not use it and check your PC? There is obviously something wrong with it.
I wasn't talking about desktop with your photo issue.
And I don't know what you mean by screen lock if it's not the lock screen. However, as I said: the photos are properly oriented within the app so whatever your issue is, it can't be that urgent...
Stickers are important for people like my sister and wife, who are put off if the messaging app doesn't support them. I wouldn't knock their importance, but yes, good syncing should come first.
My 6 year old son just discovered the augmented-reality tricks in the LINE app (adding a mustache, hair, glasses, sound effects etc). He got my mother (68) to install it and now they use it pretty much for all their video conversations. This replaced FaceTime, despite FaceTime having better sound and picture quality (edit: and even some effects).
He's in the age (and COVID-19 environment) where he starts speaking to cousins and friends online. So I imagine LINE spreading pretty quickly in similar circles based on those features alone. That's the stuff that drives adoption, as silly as it might be.
That said, yes, the plumbing needs to be in working order, or no silly feature can cover over the leaks (or smell, if we're going with the metaphor).
Favoring mustaches over security is always the choice you can make. I don't care about adoption unless it falls below levels to make signal worth developing.
> Favoring mustaches over security is always the choice you can make
Unfortunately not. If most of my friends and family favour mustaches and effects (which seems to be the case, I would imagine as a general rule), and I favour security (the minority, as a general rule?), then I won't be able to talk to them securely.
If they don't want to talk securely to you, then they don't want to, why do you want to force them to? They will spill secrets to other people all the time, using Signal or not. They will talk to other people about things you thought was a secret between you. They don't patch their computer. They use trivial passwords to their computer, they reuse passwords on all websites, they don't encrypt their drives or their Micro-SD on their mobile phones. Why should they care about things you want them to care about? They won't.
I use WhatsApp to people who don't care about security, and I can only be contacted by Signal for business stuff.
I'm not sure why it works so poorly after years of existence, but unfortunately I'm losing hope that it'll be fixed. I sometimes feel like the Signal team doesn't use their product, or they would have noticed this. Meanwhile, yes, Matrix took years to add encryption, but it works much better than Signal, even with quite a few small bugs.