I really wish the EU would put up funds for open source software, like signal, it seems to be something they could get behind for the greater good. My previous job involved creating a graphical programming language for the generation of GPU shaders, which the EU partly funded. I knew it was going nowhere, and it made me slightly sad tax payer money was being used on something I knew, despite my best efforts, would not work.
I just wonder about the process and the results. I mean, it doesn't look to me, as if there is a management behind this, that actually has a goal.
It looks more like they are giving funds to projects who apply for them. IMO, they should state 3 clear goals and sponsor specific projects which reach those goals. To give some example how those could look like:
- create a decentralized, federated instant messaging platform, that is build on public standards
- create an e-learning platform that is usable with already established devices
- establish a market for the created software with partners
Naturally, all result would have to be open-source products and the goals would need some details/numbers to measure them. They could even invest into already established projects, but please, with easy to understand goals.
I work in EU research funding programs. The process is very bureaucratic, making it difficult for any small company to apply. Not to mention projects without a company.
It's also quite ineffective at giving money to the projects that are meaningful.
Large companies and large university projects rake in plenty.
Yeh so true. One of fhe great things about the Open Tech Fund was that it makes it easier for people with open source ideas, like Signal or our own Umbrella security training app, to get funding. Doing that through European funds would be impossible.
Not just EU funds, but those are currently the largest funds at NLnet.
NLnet does 'funding as a service'. If you want to fund a particular area of FOSS, we (I work there) can administer that. We provide low overhead funding to FOSS projects and pay particular attention to how the ecosystem benefits from projects.
So 'boring' projects that improve adherence to standards, increase deployments of standards compliant software, test standards compliance are very welcome. Redecentralizing the web requires this work, but few people think that this work is fundable. It is and in our opinion is has a high ROI for society.
Can confirm, though I need to qualify that most of my experience is in the software related programs.
In each and every framework so far, the EU is touting 'reduced administrative overhead', 'simplification of participation' and 'focus on SME's', but has in practice done exactly the opposite.
Especially since Horizon 2020, there has been a 'coup' by the large enterprise and large academic research groups. You can see the same trends in national programs as well.
I hope it won’t become like Canada’s SRED credits where the consultant that helps you make it look like you’re eligible costs 1/3 of the credits you get. These credits in turn keep otherwise completely unprofitable and doomed startups funded while the product delivers no value whatsoever. It’s borderline a scam and the program’s spirit has been completely abused by now.
This is another real issue I've seen in some places, especially regions that are trying to "do" tech, but where it doesn't come naturally.
It hurts me to watch systems full of broken incentives emerge and have money thrown into them repeatedly - there's "tech startups" (which would be laughed out of the valley due to their head-count and lack of any product market fit) receiving large ongoing subsidies to their payrolls while they slowly pretend to iterate on a product, all because they have "created" an agreed number of jobs, and need to keep those chairs full.
Europe on the whole doesn't have a culture of taking the same level of risks with capital, and there's a real push to fund things that are "safe" and help cover up weaknesses in the market - funding a company to hire people into basic tech roles at below-market pay helps to reduce graduate unemployment, which covers up the fact their education isn't giving them the right skills. That's pleasing to government.
On the other hand, giving 1m EUR to a small company with low head-count but a great idea could be a game-changer, and lead to far greater longer-term gains, but any government funding like this would be accompanied by so much red tape that you'd spend half of the 1m EUR on satisfying the monitoring requirements of the grant, attending monthly external progress review meetings, defending your progress to agreed (and inflexible) milestones etc.
That last point is perhaps the killer for innovation - most of the innovation funding schemes I've seen require detailed project plans before receive a cent of funding, and then hold you rigorously to that plan. Need to pivot? Welcome to the multi-page "change request form", which must be approved by a panel of non-technical bureaucrats before you can dare to change direction. They'll get back to you within 3 months, until which time you should continue with your original plan, as you will still be judged by your previous milestone payment plan. Your idea not working? That's not an acceptable outcome - you simply must deliver what you said! Failure is not welcome, you must deliver exactly what you said, else they will complain you are causing them to under-spend by the end of the financial year (as they now won't pay you!)...
Part of the problem with the process is that, for various well-intentioned reasons, there's a major focus placed on delivering objective evaluation on any kind of funded research or work. Bureaucrats want to demonstrate the impact their funding had, so that next time around (in say 5 or 6 years) they can make the case for the same amount of money (or indeed more). This leads to a system where "safe pairs of hands" are favoured, due to their ability to "play the game" and deliver the right kinds of metrics. A larger organisation can deliver "more jobs created" as they have the operating capital in place to run hiring using the research funding money, and commit up-front to "creating" those jobs (which they would have needed anyway, but can now fund, in part or in whole, through the funded project).
That's why, in my view, the bigger companies and universities do well - they have a scale that helps them to deliver these kinds of outputs. As a small company, the "spend-and-claim-back" approach to most research funding can be a real issue, especially if the claims are delayed due to bureaucratic "checks and balances". These are necessary to prevent blatant outright fraud (i.e. people not doing the work they say they did, and pocketing the cash), but they tend to be applied across the board, rather than in a targeted way proprortional to the level of risk, and size of the organisation. The end result is smaller players spend more time (proportionately) handling bureaucracy if they do win funding.
RE selecting meaningful projects, this is arguably because EU research funding looks further ahead, at lower technology readiness levels. An open source project used by everyone is "high TRL" and therefore hard to fund. If they have an entity (as you point out, many don't, which makes them harder to fund),
If you don't have a company to pay yourself through an official payroll system, I believe there are rules in place which effectively define that you work a maximum of 8 hours per day, 5 days per week, and that you can't possibly earn more than 25 EUR per hour, which is of course completely out of line with the sector, and makes it really hard to work without creating a company. At which point you then become subject to state aid rules, and need to keep a handle on that.
And beyond the research programmes, any kind of "innovation funding" then drags you into the state aid system of partial funding, which is very difficult for a small company - getting 60% of full payroll costs funded sounds nice, but it requires you have the cashflow/capital in place to run payments through payroll, in order to claim back a percentage. Not ideal for the kinds of non-commercial "critical internet infrastructure" that need this kind of funding the most.
I disagree. I believe the governments should fund existing open source software that are considered to be "critical" infrastructure (as in lots and lots of people rely on it) instead of chasing some random goals and adding bureaucracy on top that would slow down lead developers.
Just give them money and trust them that they'll do whatever it is they've done so far that many people recognised and started relying on their solution to the problem.
Without looking them up, there's exactly three pieces of software in the list above your comment that I don't recognize: FLUX TL, WSO2, midPoint. I'm happy to see all the other names on it, and I'm pretty sure I'll feel the same way about these three after I look them up.
I am not so sure that we disagree. I would consider instant messaging services 'critical infrastructure'. The difference seems to be, that you want to support projects that are large already, while I would certainly put more focus on smaller projects as those are the ones which can initiate change.
I find it heartbreaking, that we still depend on WhatsApp and Zoom. Neither service owner is particular trustworthy. Communication is definitely critical infrastructure and yet, the open-source alternatives are very limited (in quality, not in quantity). So investing in this kind of functionality is key.
In terms of software, Signal and Jitsi are great alternatives to WhatsApp and Zoom. People don't use them because of network effects, not because the incumbents are inherently superior.
For many use-cases they are indeed proper alternatives, but Jitsi has a much lower limit when it comes to numbers of participants. So if someone wants to organize a group call (the typical use-case) you come a with a lot more scenarios into trouble using Jitsi. And it hurts me to write this, because I hate how much growth Zoom had in the last year while being dishonest about critical encryption features. I would love to promoted Jisti and have tried so in the past, but I can't recommend something when it doesn't fit the use-case.
Signal, on the other hand, probably comes close to the WhatsApp features (I use neither one) and while I encourage everyone to to switch, I am missing the federation aspect. IMO, communication should be federated by law (which would also solve the network effect problem). Imagine a world where you could not call someone who has a phone number from a different provider? The current state of instant messaging is exactly this.
XMPP solved these problems decades ago and just because the standard didn't catch up with the speed of the mobile revolution, we don't have to reinvent everything from scratch. Properly implemented modern clients work very well (including reliability and battery consumption), the big issue though is that many traditional clients don't support all features and all companies in the business try, to build walled gardens as those tend to driver stock prices.
Yeah,and they crumble to bits like Signal is doing right now, breaking the wave of mass adoption.
Cynical, profit driven and well funded operations have enough capital to weather these downpours, indeed they’re actually planning for them.
I hope Signal sorts their capacity quickly, I’m terrified that my circles switch back to WhatsApp. And then I’m fucked, I either surrender myself to Facebook or cut off from society
While better than nothing, I'd argue a bug bounty is perhaps the opposite of what's truly needed - incentivising the finding of vulnerabilities is good, but it needs people to fix those.
Alas, this is what happens when tech policy is written by people without tech experience, I suspect.
Signal isnt federated or self-hostable. As long as its not, I dont see it as completely open source software because we still have to depend on their servers to use Signal.
I feel public money should only be donated to them once people are able to setup their own signal instances, like Matrix.
France for example uses Matrix for their internal communications. They don't use the public homeserver, rather, they use their own.
I know you mean well, and I understand the feeling, but how can you say in the same breath that the EU funds useless software and that you wish they funded more software?
Why would the newly-funded software be the useful kind instead of the useless kind?
Because if they got more serious about it, they'd install committees to evaluate proposals, et cetera., like they do for scientific research proposals.
The funding should be in return for a chunk of profits (ie. The EU becomes a shareholder).
They should employ teams of investors to decide where EU money is best invested.
They should use their governmentness to investigate companies after a few years and where they find someone got rich, yet the company failed, put some people in prison. Being the EU they can say "using legal loopholes to suck the company dry is in itself illegal".
What you’re wishing for is to force your fellow man to donate to a cause you deem worthy. EU funds don’t come from nowhere - they are taken from citizens.
You go donate an hours wage a week instead; that’s virtuous.
Forcing others to fund wars is not moral. Neither is forcing others to fund mobile apps.
No one hinders you from donating to Signal if you wish, but if I am a Matrix user, do you want to use the violent force of the state to force me to fund Signal? It’s a moral absurdity.
Virtuos does not mean effective. I am of the opinion that we should have a democratic government that is able to spend some of their citizens money on projects deemed worthwile.
This is how public schools are funded in my country and I like that we fund them like this instead of private schools with fees that would exclude some families.
This model of funding works for a lot of public infrastructure and I doubt individual donations would make up for that.
I think it is critical for this public funding to be under democratic control. Otherwise it is definitely unjust.
In the end I think public funding / taxes is a way to bypass the tragedy of the commons (not sure if that is the right term here).
That's how taxes work, unfortunately you can't pick and choose to which causes they go.
That's why, in a democracy, you vote to elect your representative who will, hopefully, make sure your taxes contribute to causes you deem worthy. Be it open source, health services, education, ...
You are right - taxation is coercion and not virtuous. You are also right about representative democracy - the incentive is to have the state fleeze your neighbour as much as possible. For those working in the bureaucracy the incentive is to convince the boss you need a larger budget next year.
Certainly far from “love thy neighbour”.
Donate yourself, you can be a hundred times more efficient than EU bureaucracy, no exaggeration
Eh, but in reality no not really. The PyPy project is one example of a fantastic outcome for OSS (among others): they where heavily reliant on EU funding to get to the point they are now. VLC, glibc, Keepass, Kafka, tomcat and others have had EU funds for their security bounty programs.
My 10 EUR contribution to this via my taxes (simplistic and incorrect) is fine. Angry anti-tax anti-big-gov rhetoric involving wishful thinking whilst ignoring the reality we actually live in does little to advance your cause, and for lack of a better word makes you sound rather silly.
I wisth they do not put up funds to signal. It is closed ecosystem. Even traditional phone calls are more open (having federated independent operators and interoperable implementations).
In short, federation makes a lot of things more difficult, and Signal opted not to do that to get a polished product quickly. Still, it's not either-or. As I remember it, Moxie welcomes the Matrix developers to try their approach and would be glad if they can get it right, he was just worried that it'd basically never lift off.
I think it's not bad to donate to either project, it's a good thing that we have both.
I mean, isn't that sort of the fundamental problem with government funding? They're not very good at picking winners, and when they make winners by picking, sometimes it still turns out to be a mistake (e.g. diesel in Europe).
Still, it does seem something infrastructure/utility-ish like Signal would be a good candidate for at least some support.
Not as impactful as a realtime donation but I recently changed my Amazon Smile charity to the Signal Foundation after a few years with my previous selection. I was surprised to learn they were an available option.
I also installed a browser extension to automatically bring me to smile.amazon when buying anything on Amazon - so far it has had no weird glitchiness when not buying something and works exactly as advertised. Highly recommend looking into this option if you're forgetful like me - so far it has helped me donate 4 times that I would have otherwise forgotten.
I was jumping through similar hoops for a while to get Amazon smile donations, but then I looked at their numbers for how much gets donated and it was a pretty trivial amount. I don't remember what I found (anyone have any stats on Amazon smile donation percentages?) but I decided it wasn't worth my effort compared to adding an extra few dollars to my direct donations.
It's not bad if you connect it to an Amazon Business account. I give hundreds of dollars to the charity I select. Also it's a thing that's easy to opt-into with an extension and just goes on forever, so totally worth doing it.
All my friends are in Signal. One of my favorite group chats is in Signal. My mom is using Signal, I just sent her a message I might need to leave WhatsApp, so she immediately installed Signal all by herself. Now we have video chats that have been working really well.
I mean, this is the first time the mobile app gives trouble. I'd wish the desktop app would be better, like it's been the biggest problem between me and Signal. Otherwise it's an amazing tool and I'm happy to donate for it to be even better.
They could easily add an optional badge to avatars showing that you donated $1 that year via an optional in-app purchase. The subtle social pressure in a lot of group chats would be pretty effective, and it would help raise awareness that it is run by a non-profit foundation.
This sounds good on first pass, but consider the implication of allowing donations (and thus, payment method information) to be tied to a Signal users account. I specifically _wouldn't_ want this.
It's easy. You "gift" the badge to a user via the Signal homepage when making a connection. There's no required connection between the gift-giver and the receiver. Is the person who gifted the badge the same as the receiver? Could very well be, but there's no way to prove that.
All you need to store server-side is "this user has the badge until date X".
> Could very well be, but there's no way to prove that.
Sure, but espionage and surveillance are rarely about proving anything, they're about making good educated guesses. Besides, the receiver will very likely be among your friends and acquaintances, so the NSA would only have to look at your social circle to find them.
You could enable offsite donations that provide a receipt/hash that denotes (donation -> validated), without being tied to any individual. Then the user could copy/paste a generic, non-correlated code into Signal to authenticate activity.
One of my friends who just jumped ship to Signal this week said in his first Signal message to me that he wished he’d “bought some shares” in Signal when I first told him about it...
The first challenge is getting people to join the platform.
The second challenge is educating them on how it’s actually funded... (ie NOT by pimping out your personal data for shareholder benefit).
"...As of June 2020, Signal had more than 32.4 million total downloads, and the app had approximately 20 million monthly active users as of December 2020...." [0]
"...The initial $50M in funding was a loan, not a donation, from Brian Acton to the new nonprofit Signal Technology Foundation. By the end of 2018, the loan had increased to $105,000,400, which is due to be repaid on February 28, 2068. The loan is unsecured and at 0% interest..." [1]
What happens when they add 50M or 100M more users?
Why is this structured as a loan? It sounds like it's structured in such a way that he isn't interested in getting paid back. Is it so he can exercise control in a weird scenario like a buyout? Is it some weird tax thing?
I'm assuming so that if moxy gets hit by a bus and someone else tries to step in and monetize it, he gets his money back. If it remains free and open source I'm sure he'll forgive it.
Its just for books. Loan is still an asset, but donation is not. He will have this asset for abt 50 yrs in the book, that's useful if he want raise money for something else.
Pretty sure he don't intend to get it back.
If I give you a gift, it is income and you owe taxes on it. If I give you a loan, it is not income and no taxes are owed. But tax man will expect you to pay it off! If I forgive you a loan, that is also taxable income, in the amount that you have not yet paid off, so no loophole there.
It is possible that it avoids having the Signal Foundation fail the public support test, usually a requirement that a public charity receive at least 1/3 of their donation revenue from donors giving less than 2% of the nonprofit's overall receipts. Failing this would cause the foundation to be a private foundation.
There could be conflict of interest if it’s a gift considering Acton was involved with WhatsApp before Signal was formed.
And a donation would bring him deductions which he probably doesn’t want..
And there is a gift tax but since it’s a non profit, it gets different treatment. But having said that IRS scrutiny increases with such large donations.
Chances high for an IRS audit. Etc.
So many reasons why the loan aspect is a better idea.
I think there is a limit to the amount of gift in cash or other assets you can make without triggering a federal gift tax of around 40%. For an individual there is a limit of life time gift tax exemption around 11.5 million and 23 million if the gift is made as a couple.
1. A loan is a business transaction here. There is an expectation that it will be repaid. It can also be forgiven. A donation to a non profit can be ‘rewarded’ by way of tax deductions.
So Acton will profit from a similar tech he has already sold to Facebook as WhatsApp. His wealth likely came from WhatsApp sale to Facebook. It can be argued as conflict of interest.
Loan deals are very clean. Cut and dried. Any implied contract between the parties ends when the loan is repaid and the relationship is terminated.
2. I can’t speak for Acton. Or in any legal capacity, but if it were me, tax deductions to a non profit can be rife with complications because if he ever gets involved with signal as a board member or employee, it might rise questions.
3. Signal foundation is not a charity.
4. Even a billionaire ..and especially one..would prefer to keep books less complicated for IRS. Donations are often scrutinized for money laundering or tax evasion.
5. A gift invites taxes, iirc. Like..if I gifted you above 15k(and you are not my family or part of a trust/insurance beneficiary etc), you will have to pay taxes on the realized value of the gift.
6. This might have been an ideological instinct for Acton as there seems to have been some disagreement between Acton and FB on how they intended to take WhatsApp. Maybe this isn’t about money at all. Who knows. Hence the ‘Etc’.
Also I don’t know exactly what kind of non profit Signal is...
> I think there is a limit to the amount of gift in cash or other assets you can make without triggering a federal gift tax of around 40%.
AFAIK, this does not apply when giving to a charity.
> I can’t speak for Acton. Or in any legal capacity, but if it were me, tax deductions to a non profit can be rife with complications because if he ever gets involved with signal as a board member or employee, it might rise questions.
And the loan won't raise similar questions? Why?
> Signal foundation is not a charity.
> A gift invites taxes, iirc. Like..if I gifted you above 15k(and you are not my family or part of a trust/insurance beneficiary etc), you will have to pay taxes on the realized value of the gift.
> Also I don’t know exactly what kind of non profit Signal is...
Well, you CAN donate to your own company and claim it for a tax deduction, I do it all the time.
That being said, this basic point seems like it might explain the whole thing. I can believe that he cannot be the sole (or nearly sole) donor and have the company be a 501(c)(3) rather than a private foundation or similar.
This is one of the most frictionless donation buttons ever. I love it.
Patreon, Paypal, SEPA transfer, all those are a hassle, comparatively.
This donation thing used by Signal works exactly as it should be. Enter numbers, hit enter, done. No "please cookie us", no 20 times transfer to other domains, no account creation, and they also don't require stuff like MasterCard 3D secure (which IMNSHO really is useless for donations).
I don't think the problem is money, at least for now. They are either running in a datacenter and can't add capacity fast enough, or have a scale bottlenech in their design, and just weren't designed for this scale.
me too. just donated. please comment below if you also donated. let's keep this thing running! Its personal interest now, because I moved bunch of groups from whatsapp and its not working now! but at the same I love these guys for what they do.
Signal is being used by at least 10 well-paid medical professionals (group chat) that I know of, and one of them proclaimed today that Signal is owned by Elon Musk (probably because he tweeted about it). I did not care to educate them. And this is in a first world country with a rather wealthy population.
Why am I saying this? Users don't give a damn, they expect free things, and they expect things which work. They have been taught to use appstores on their phones where tapping on a button installs an app and everything just works with zero effort on their end, while completely ignoring the work that someone put into creating the very app they depend on. Majority will never, ever, even think about it, let alone click on the developers website to find out who created the miracle they use.
This practice needs to end. I believe that it is time to stop making free products. Developers should unite in this and finally start to value their hard work.
Your belief about Skype being owned by Bill Gates is kinda factually true. Not necessarily Bill Gates himself, but Microsoft acquired Skype back in 2011.
> Signal uses encryption protocols sponsored by Broadcasting Board of Governors, a sister federal agency to the State Department. In plain words, data easily accessible by CIA, NASA and FBI.
I wonder what NASA will do with my Signal messages, maybe use them for a giggle in between transmissions from Mars.
> I wonder what NASA will do with my Signal messages
They batch them up and send them to deep space through SETI. The aliens are the real ones behind surveillance operations which they use to create a reality TV show. And with this NASA prevents the world from being destroyed from said aliens.
Very good point. People will happily pay 50 pounds a month for an IPhone and thinking nothing of it. But then really struggle to pay a penny for an app that runs in that iPhone. There’s some funny psychology going on.
Paying for software vs phones is not really an apples to apples comparison.
A better comparison would be how people gladly pay ten bucks a month for spotify/netflix but would probably never pay that for messaging and IMHO that's where the industry should be going.
People in the past also thought music and movies should be free and pirated the shit out of them, but by making it simple and accessible, for ten bucks a month, most people with a job just won't bother with piracy anymore, even though they gladly pay for something they'll never actually own.
So, the billion dollar question is, how do we transfer that model to messaging?
I keep dreaming about a Pied Piper like decentralized internet.
What i don't like is that "everything" is 10$ a month. I would like to subscribe to some payment aggregator where they charge me X dollars a month in one transaction, then pays it out to developers/service providers. This way things could go down in price too, since the fees would be lower because of less transactions. This way cheaper services like messaging could be 1$ a month without being eaten up by fees.
Netflix and spotify give me quick access to lot of content and I value it. I don’t care what software gives me this content.
With messaging it’s different. Transferring messages is relatively simple topic to do as a software. But the cost of running and maintaining it is hard and that’s what users don’t care.
There is very little to no awareness of what it takes to create software. We, the developers who have released our work for free, have allowed this to happen. It feels like mobbing, heck, we keep reading about other devs mobbing others by opening GitHub issues and demanding new features or bugfixes for software they did not pay for. I really hope that we can do something about raising awareness.
I can’t remember if it was always that way. When the App Store opened I guess there was a standard price of 59p for an app. Before that, 59p would have been seen as a ridiculous price to pay for a copy of software. Imagine buying windows 95 on a CD for 59p. By setting the bar so low for app prices at the start, it’s possibly just become the way it is now.
This got worse with the introduction of GitHub. Obnoxious users were always a problem, but before centralized OSS warehouses at least they had to go to the project's web site and mailing list.
Where they'd be told to get lost if they misbehaved.
With GitHub, the branding of products is lost and most credit goes to GitHub. If a user isn't satisfied, he does the proverbial left-swipe and goes to the next project in a second.
If you tell a user to get lost, you violate the tenets of the new corporate sponsored cultural revolution: Newcomers are always right.
The last 10 years have been a coordinated attack on OSS to make developers obedient and silent cogs. It works, because at present they are showered with money in return.
One big hangup users have is a difference in expectations. They know what they're getting with the money they pay towards their iPhone. Heck - most users will gladly pay exorbitant prices for a cup of coffee as long as it meets their expectations. The same cannot be said for a given app they pull off the App Store. The quality experience can vary greatly from app to app. Even then, an app that fits your lifestyle may not fit mine, so a recommendation isn't necessarily a guarantee of value.
For me I think it is a question of ownership. It is easier to pay for something you actually own. Software already is intangible, but add in modern licensing, app stores, etc and you really do not have any ownership over your software. Even in the case of open source software like signal, Apple could chose to boot them off the app store tomorrow and I would lose my "investment".
There was a time in the 90s/00s where you bought software in a big box, and it came with all sorts of manuals and such. The tangible assets (manual, floppy, box, whatever) along with the licensing agreement made that software much more valuable than the software we use today.
I remember when some of them came with hardware dongles. Adobe After Effects had a dongle that you had to attach to your keyboard cable in order for the app to launch. The mental value I attributed to that dongle was immense. I think I still have it around here somewhere...
I'd venture to guess that speed/simplicity of installing an app is also something users subconsciously factor in. The faster/smoother the installation, the less appreciation they have for the app. I remember installing Windows 95 from floppy disks.. boy oh boy, I appreciated every file that was successfully installed and admired it every time it booted into desktop.
"Free" isn't a model you should pick if you're going to care you aren't guaranteed to get compensated it's a model you should pick when you want to give a cool idea a chance to take off for the good of everyone without risk of being turned into something else if it is successful.
Problem is that the largest of the free products aren't free. They are surveillanceware. "Free" is used as a gimmick to get them onto as many phones as possible to surveil people. Those players have zero incentive to change that, and will be more than happy to use "free" to edge out any paid competition. This is how paid apps became almost non-existent outside of professional niches.
What happens when a whistleblower or dissident wants to use Signal? Should they be forced to cough up a payment with a traceable credit card or app store account in order to use it?
For that reason alone I think it's important for the service to be free. Though I would perhaps support some reasonable free usage limits if needed to prevent abuse.
How sympathetic are the Signal developers to the concerns of dissidents, really? Signal has had a policy of many years to require a phone number – buying a SIM card now requires providing government ID in so many countries – and only now have they promised progress on this front someday. They also recommend that users install through the Play Store, and they only grudgingly provide a standalone APK. Anyone with the Play Store installed presumably has the full Google software suite that leaks location data, what one enters into the keyboard, etc. that the state can exploit. (And also Signal is based in the US where they are vulnerable to NSLs.)
This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.
> How sympathetic are the Signal developers to the concerns of dissidents, really?
There’s a known problem where the majority of Chinese Android users use a third-party IME to enter text. This is vulnerable to eavesdropping and easy for Signal to detect and warn the user about. Chinese people have been asking them to do this for over a year, telling them that they know of people who have been detained by the government after using Signal, thinking it was secure. Signal have constantly ignored and dodged this. Just lately, their attitude seems to be that somebody needs to prove it is being actively exploited before they will look into it.
Until I saw their behaviour on this, I was recommending Signal to people. Now I can’t help but feel it’s security cosplay. They pride themselves on strong encryption, but won’t lift a finger when people unwittingly use Signal in an insecure context and are being extraordinarily evasive about it.
I mean, technically it is not their responsibility to make sure everything surrounding the app is also secure. Someone could also be watching users over their backs, their device could be rootkitted. Where do you draw the line? I think it would be better to put resources into developing an open-source, non-compromised IME but that is out of scope.
Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).
I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.
NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.
Let's acknowledge and appreciate progress where it is being made.
It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...
Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.
You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.
Exactly, they have made arguments for the usefulness of the phone number as an identifier. But to the best of my knowledge, they have never specifically acknowledged in a blog post the state’s linkage of phone numbers to individual identities in many countries today, and the risks that this poses to dissidents.
Moxie is one of the best security researchers in the business, he was definitely aware of this before anyone ever brought it up on GitHub. Was it really so hard for the Signal devs to acknowledge this downside on the blog?
This is all probably correct, and should change in the long term. In the short term, I hope you've donated to Signal, and it would also help if you'd dispel the misinformation when you hear it.
The world would be better if the world were better, but until it is, would you mind helping out a bit?
Is Signal having a problem of not enough money? I'd heard rumors they'd burned through the $100mm USD donation already but didn't want to believe them.
Is there any indication that applying capital to the problems we're seeing will fix them?
I want to help, but only in a way that will be effective in improving the situation. If they already have enough money, giving them more will not. If they don't have enough money following a $100mm USD donation, it's possible that giving them more will not.
Havent heard about them using the entire $100mn unless you have a source. I cant imagine the current situation is making their spend rate go up however.
The problem is, this is not a sustainable model (Wikipedia is a whole other universe and can not be compared) and it bugs me so much to see developers pour their souls into projects which end up dying.
I think it is acceptable, in this day and age, for people to expect instant messaging apps that are gratis and "just work". Technology and society should be at a state where - assuming you have network connectivity at all - that should be the case.
At the same time, I agree that there is practically criminal negligence of the education of people about what makes those techno-social institutions which "just work", work:
* Commercial interests and the role and nature of large corporations in tech and elsewhere;
* The massive amount of hard work, expertise, and good will invested by people in public-benefit work (which could be writing FOSS or volunteering in retiree caregiving etc.)
* What the machinery of government - and its myriad branches and institutions - does, beyond the political horse race shown on the evening news;
and through that, the realization that free lunches get made by someone, and its very important who and how they get made.
> Majority will never, ever, even think about it
It is a challenge for us to educate people around us about this fact.
> I believe that it is time to stop making free products.
Software is free by its very nature. It is only state coercion via threats of incarceration and violence that we are deterred from copying software.
I'm always surprised anew how unworldly people here can be.
Are you even aware that most people are not your "well-paid" medical professionals? Where is this offensive ignorance coming from? How do you even dare to say something like that? We're talking about a non-profit who brings a good and secure messenger even to 3rd world countries. How about you shut your mouth about everybody on the planet and use it to convince your "well-paid professionals" to pay instead? The general population does already pay for too much. They don't need a arrogant Schweizer Goldjunge to drag even more money out of them.
Oh and, you're not getting enough recognition and praise from your customers? Maybe you should make something which would really justify it? I'd recommend a FREE APP which helps poor people! Jesus, you run a page which rips off content other people provided you for FREE...unbelievable...
You’re wrong on so many levels (I was born and raised in a 3rd world country and survived 4 years of war under siege). I am not a Schweizer Goldjunge, and even if I was, suggesting that developers should value their work more definitely does not warrant your tone.
It’s an interesting dichotomy: many say they want to make the world a better place but also (1) have a personal philosophy of “the regular user is always wrong”, and (2) will do their damndest to argue how developers and IT corporations are always right and virtuous (FB just wanted to connect people; people didn’t vote with their wallets so now they spy on people just to make ends meet).
I don't think the practice of people easily downloading/installing apps through app stores is going to end. In my network I'm not alone in paying for free apps to support development if they're value-added.
Governments probably shouldn't simply ban all free products, but it certainly might be reasonable to ban some economic activities that enable some business models for sustaining free products.
Of course not, but it wouldn't hurt if we all got better at valuing our work more. Heck, majority of developers I worked with are decent, loving people, who could simply never dare to ask to be compensated for the work they do...
for changing amazon smile: is it "Signal Technology Foundation - Location: Mountain View, CA"? no description available unfortunately. seem to be a bunch with the name signal and that was the closest in name to what seems to be the signal foundation
> I just donated to Signal after seeing the error banner in the app.
I've tried to donate, but none of my 3 cards worked, I got "card rejected error" without any info why and none of banking apps notified me about new transactions.
I use the Privacy app and generated a merchant specific credit card for Signal. This is the best way I have found to do online transactions. You don't even need to use your actual name or address when making a payment to a merchant since Privacy acts as a proxy for you. https://privacy.com
don't forget that you can use the Signal protocol in Skype with Skype Private Conversations and delete your own call metadata afterwards as well.
edit : which presumably drives licensing income from Microsoft to The Signal Foundation, which I am presuming is better than nothing and if like me you can start using Signal protocol for calling your family elders via Skype without friction, and I simultaneously create widespread adoption of the Signal protocol, I can't see any downside myself anyhow.
if you can please consider making a regular recurring payment of a few bucks every month rather than a one-shot lump sum. this is because it's easier for a company to budget and plan with recurring revenue than a one-off donation.
Recurring and steady incoming is certainly useful for any company, but I would advise against doing tiny monthly donations over a larger yearly one! Processing fees are going to take away a significant chunk of your total donation relatively speaking if your individual donations are small.
Let's do some math: In signal's case, since they use Donorbox, there is a 2.9% + 30¢ fee for credit card transactions going via Stripe (in addition to another percentage that goes to donor box). If you were to donate $24 once per year, Signal would end up with just over $23 after processing fees had been deducted. If you donated $2 per month, they would end up with $19.7 per year, an additional $3 being spent on fees!
Edit: unless they have some special lower cost stripe rate of course, in which case you can ignore my comment altogether ;)
I've been using Signal for a couple years now. Finally deleted WhatsApp this week. This is the first outage of Signal that I noticed. It's a shame, but growing pains do happen.
I don't really want to see a bill for e.g. £0.41 every month on my credit card statement, and at some point the transaction fees would become a bother for Signal.
I'd have ticked "recurring annually" if the option had existed.
I don't know what options show up depending on the route you use to donate, but the link on the Android app [0] takes you to a page that does allow recurring contributions.
Except you have to be careful so the monthly amounts don't end up so small that the credit card processing fees eat up the majority of your donation! The processing done via Stripe (which is used by Donorbox) has a fixed minimum fee of 30 cents per transaction.
Edit: unless they have some special lower cost stripe rate of course, in which case you can ignore my comment altogether ;)
Adding more servers to support more users, also means more bandwidth. Those are increasing costs at a rate that they had not planned. Their spend rate has to be insane now to keep things running on top of their rents, utlities, opex. They have to be needing more money than they planned for.
If you talk about Brian Acton, he sold WhatsApp to Facebook and btw made a big gift to the FreeBSD foundation and is the founder of the Signal Foundation.
We have no info as to how much money they need or how much they currently have. For all we know, this was just an area of oversight and not related to funding at all.
I’d prefer to pay yearly than to feel the spectre of guilt for using a “free” app.
$100 million given current growth wont last as long. Telegram 4 years had a run rate of $1 million per month for servers and dev costs. At that time they had about 200 million users.
Signal is using AWS & GCP ( for cloud fronting ), they could be approaching that spend level.
> $100 million given current growth wont last as long.
That is 100% their problem, though. I trust that they will develop a sustainable business model when it becomes necessary. Otherwise, look at their tax info shared above. Sporadic donations won't even make a small dent.
I mean, shoot, they won't even give us a hint at how much to donate to cover our own costs. That would be a start.
WhatsApp used to charge $1/ yr at 200 million users, which kept them well funded. A $1 donated by just the Android users at 50 million + would be $50 million per year.
TBF they havent had to think about this too much before the last 5 days, so give them some time to come up with a plan.
In the mean throw them whatever you are comfortable with.
Hell if I know. Give what feels right to you - imagine the service going away tomorrow, and someone saying "If only you'd paid $X/mo, this wouldn't be happening!" What's the value of X where you'd regret not having done so?
Not really worried about funding its existence for the sake of it just not freeloading my use while it's here and I decide it's worth it which is what the gp was referring to as well.
I'd still argue to give the amount the service is worth to you, but if you're not willing to do that, then I'd say bilal4hmed is probably right - $1/mo is probably sufficient. Facebook, Twitter, etc. all have ARPUs at or below $12/yr.
"We have been adding new servers and extra capacity at a record pace every single day this week nonstop, but today exceeded even our most optimistic projections. Millions upon millions of new users are sending a message that privacy matters. We appreciate your patience."
can't wait for the post mortem : o really wondering why there's an outage. I assume the SGX stuff quickly became a bottleneck, or the message forwarding server wasn't made to scale out very efficiently. In any case, they should have been able to have a very large queue in front of these components and just have a very slow system, probably something blew up due to the sudden peak of users.
Does anyone outside Signal Foundation know how's their architecture? There are a lot of references to AWS, GCP, and Azure in the source code hosted in GitHub so they probably use them all in one way or another. It would be super interesting know more details about the infrastructure.
interesting but doesn't really explain much. Is it really a single Signal server or can you spin many? What is stored on redis and postgresql? Maybe redis is used as cache, or as a queue, or as a store for sessions, and postgresql is used for accounts. Are these components distributed as well?
Despite recent events, I don’t see this happening. Signal has a strong reputation as a privacy-supporting app without any weird fringe Internet subculture attached to it. And I’m unaware of any public groups like you find on Facebook or WhatsApp.
De-platforming a private messenger like Signal would be a strong signal against an open, unmonitored Internet and raise too many eyebrows. Amazon would be seen as complicit with government for not allowing citizens to communicate freely and privately with each-other.
If Signal adds features to let users post extremist views publicly, that’s a whole different ballgame and the cards are off the table.
This is not good. I've moved so many people over in the last week. For purposes of getting them invested, this is a truly inopportune moment for an extended outage.
But it’s par for the course for newly popular services. Some don’t survive the popularity and some thrive in spite of the degraded service. Signal will figure it out. All the best to the engineering team at Signal right now!
>But it’s par for the course for newly popular services.
It is, but most consumers don't care, they just what their stuff to work 100% of the time as frictionless as possible, and, on top of all things, for free. Otherwise they just run back to the usual free surveilanceware.
I've tried and failed to convince some young, highly educated zoomer friends with good incomes to move away from WhatsApp and Facebook and even when I told them "Look, they're basically spying on you" they just brush it off and say "I don't care, it's fun, easy to use and all my friends are already there".
Ironically, it was easier to convince my boomer parents to move to Signal and they also understand and agree with the tradeoffs and extra friction for the sake of free privacy but younger people just want to be where their friends are and not feel left out (remember the blue vs green bubble stigma on iMessage).
Using Telegram is a rational decision if you want a service that's good at fun conversations. Signal's value proposition is _secure conversations_ and it does that much better than other services. "Fun" is not part of Signal's value proposition. More people want/need fun conversations than need secure ones. Regardless of what people "should" want, Telegram serves people's mundane everyday needs materially better than Signal does. "It's fun and the people I care about talking to already use it" is a compelling value proposition, not a frivolous one, given people's everyday needs.
The more someone cares about security and is willing to trade away other good things for security, the better a platform Signal is — but remember, this also flows the other way.
I'm a little confused because you brought up Telegram specifically.
WhatsApp and Facebook Messenger offer the same level of security as Telegram. In fact, I think WhastApp is more secure since it does E2E encryption by default.
It's true that Telegram is about "fun" and not security. I just wasn't sure if you tried to imply Telegram is like Signal with a focus on fun as well, or you just meant most people don't care about security and would rather have fun chats?
Now that you mention it, I _did_ fail to explain why I brought up Telegram. My bad, thank you for calling me on that. I mentioned Telegram particularly because in my social circles, Telegram is number one by a long shot in terms of "people just want to be where their friends are and not feel left out." I should have actually said that, rather than jumping to the next part of the idea.
(I am not here to defend Telegram's portrayal of itself as a secure messaging service — Telegram is grotesquely bad on that axis)
That’s interesting. Do you live in a country where Telegram is particularly popular? Here in the US I don’t think I’ve ever even heard of someone using it. I don’t even know what the app icon looks like. My social circles are on some mix of Messenger, iMessage, Signal, WhatsApp, and if you count coworkers as social contacts, Slack.
not op and aware this may not be representive, but i share the preference for telegram as a just-works, "fun" and high-penetration messenger with whatsapp as a first and sms as second compatability fallback. this beeing in germany.
tg is light on resources like phone storage and bandwidth (and hence money) and has excellent multidevice support.
apart from that i don't belive one can have a seriously private conversation involving a device running popular versions of android/ios.
> WhatsApp and Facebook Messenger offer the same level of security as Telegram.
If you look only at encryption, WhatsApp is even better.
Once you factor in the fact that all your metadata is vacuumed into Facebooks data lake and that it might very well end up in Google Cloud if either you or someone you chat with activate cloud backups.
Telegram has optional E2E encryption (as does WhatsApp) which puts it ahead of Facebook Messenger. Unlike FB Messenger and WhatsApp, the company behind Telegram so far doesn't have a history of selling your personal data. I'd say it's fairly competitive, though obviously not ahead of Signal
Thanks for setting the record straight. I actually thought you needed to opt in (was that maybe how it worked when they first added it?) but I'm glad to hear it's always on
Facebook Messenger also has optional E2E encryption in a feature called Secret Conversations which is very similar to Telegram's Secret Chats. A big difference though is that Facebook uses the Signal protocol while Telegram rolled their own.
I don’t believe fun conversations are mutually exclusive with secure communications. You can have fun conversations with them being secure from prying eyes.
(Even if I personally mostly use Telegram and hope for Matrix to "win", Signal is a fantastic piece of software as far as I can see, both as an extremely secure (I think) messaging client in its own right and also as an inspiration for other messaging platforms.)
Telegram is not a secure chat application though. It's more similar to Facebook Messenger. You're better off using WhatsApp over it if you care about security.
Or obviously Signal.
When it comes to Matrix, it's a little trickier. Riot, the most common Matrix client does E2E encryption on DMs and invite only rooms. What I'm not sure is what happens if you send a private message to someone who is using Matrix client that doesn't do E2E. Will it fail to send? Or will it like fallback to not encrypted?
> Telegram is not a secure chat application though.
Fun fact: I didn't even write that.
The rest is not so much for you personally as for a number Signal fans:
I get it, I get it: Signal is best. But seriously: do you Signal fans have to derail every conversation?
Do you have to take a jab at every other messenger at every given opportunity?
Or can we agree that there's room for more than one solution? Because physical mail, email, irc, Telegram etc are probably going to stay around for a long time, at least until Signal solves:
- large groups
- backups
- grows a stable messaging API
- creates a Bot api
- and starts teleporting physical goods
- etc
Until Signal solves all this we are going to have to deal with other mesaging solutions.
Deal with it. Seriously.
Yes: Signal is probably the most secure now IMO.
No: talking down other messengers doesn't make it better.
@dang: apologies in advance. I've tried hard to keep it polite.
> But seriously: do you Signal fans have to derail every conversation?
I don't really have a horse in this race, just a guy who was scrolling through these comments and was struck how rude and ridiculous this remark is.
You're in a discussion thread for an article about Signal. You're the one who brought up Telegram and now you're having a little fit and accusing Signal fans of "derail[ing] every conversation"? This conversation is about Signal. If you didn't want people comparing it to Telegram, why did you bring it up?
> You're in a discussion thread for an article about Signal. You're the one who brought up Telegram
This would be a good point, if it wasn't for the point that the only reason I brought up Telegram was to say I was a Telegram user cheering for the Signal team!
> do you Signal fans have to derail every conversation?
I know this happens a lot in other threads about other messengers, so it's probably a fair comment. But I find there is something ironic about someone commenting on a story about Signal that they use Telegram and then complaining that other users talking about Signal are derailing the conversation.
There is an already ecosystem on Telegram bots, channels and groups that lacks Signal, even if all my contacts move to Signal i would still keep Telegram only for those features and many more.
Thousands of people are joining Signal after hearing about the Whatsapp privacy policy changes, but the irony is that a significant portion of these people (if not the majority) still use Facebook, upload photos and stuff, chat on messenger, with that app, installed on their phones alongside Signal. Most people don't actually realize why should they be worried about corporations collecting their data. I wonder what fraction of these people will stick to Signal. Signal is adding new servers, lets hope they dont need to retire these in the coming days.
Yup, and it's not like Signal should be surprised with it. The influx has been happening for a while now and it seems like they were incapable of handling it. I have no idea how I'm going to defend them against all my family members I somehow managed to convert from WhatsApp to stay on this platform.
I'm not sure a 5x+ growth in under a week is really "for a while now". If anything I'm surprised they've kept it together this long. The growth looks more like an exponential function too, so that's even more difficult.
> We have been adding new servers and extra capacity at a record pace every single day this week nonstop, but today exceeded even our most optimistic projections. Millions upon millions of new users are sending a message that privacy matters. We appreciate your patience.
It's only FOSS by appearance really - it's still a team of well-paid engineers that operate like any other startup, with the difference that you can read the code of their apps and the bug-tracker is public.
They operate on their own schedules and priorities, and it's tricky to get your PR into any of the clients.
Well paid, but not lavishly paid by Silicon Valley standards. Salaries listed in their IRS form 990 have the CEO making ~$200k and other engineers in the ~$120k-$180k range.
I haven't moved any friends in the last week, but I've gotten lots of notifications in Signal of many friends joining this week. Hopefully it just requires some simple modifications of some parts of their infra that they didn't realize were scaling bottlenecks.
Based on my friends, mostly foreigners and English-speaking locals here in Hong Kong, Signal has grown about 20% in the past week.
Signal grew 5x in one day[1]. A week before Musk amplified the WhatsApp story with his "Use Signal"[2] tweet. It then did the rounds on MSM. WhatsApp shoots itself in the foot (though IMO it's a blip in their stats). Parler (thankfully) has been kicked off AWS. All good news for alternative messaging technology.
I'm a new Signal user myself (maybe six weeks or so). In the past week there's been a huge influx of my contacts joining Signal.
I will continue to use iMessages for my iOS contacts. For SMS people I will gently nudge (hey, have you tried Signal? and then let the convo go where it does) and then use Signal as the primary for those people.
Is SMS still popular in your part of the world? I literally haven't gotten an SMS from a human in the past 9 years. Here in Hong Kong, SMS is how your bank sends notifications, and for spam. The chat space is vastly dominated by Weixin/WeChat and WhatsApp.
99.9% of messaging (for me) occurs via iMessages or SMS. FB Messenger is occasionally used for people who are more acquaintances (don't have their phone number).
I don't really have a good reason to not use iMessages (blue bubbles). Reasonably secure and Just Works. SMS on the other hand.... my least favorite part of SMS (besides the complete lack of security) is that media messages are crippled in quality. Photos and videos are compressed and distorted beyond belief.
United States too. Same feeling that most messages are iMessage or SMS. But as one of two extended family members with Android against ~10 with iPhones, for me iMessages are pretty horrible. They mostly work most of the time, but frequently there are glitches on glitches. SMS between Android phones are rock solid. Just a single data point.
I"m not saying this is what happened this time, but I would suspect we'll see a lot more outages of encrypted centralized chat like this as nation states try to prevent general society from moving away from the social media websites almost solely designed for mass surveillance.
> The result was a mass migration that, if it lasts, could weaken the power of Facebook and other big tech companies. On Tuesday, Telegram said it added more than 25 million users over the previous three days, pushing it to over 500 million users. Signal added nearly 1.3 million users on Monday alone, after averaging just 50,000 downloads a day last year, according to estimates from Apptopia, an app-data firm.
> “We’ve had surges of downloads before,” said Pavel Durov, Telegram’s chief executive, in a message on the app on Tuesday. “But this time is different.”
As someone who semi-fondly remembers the Twitter failwhale, I really don't think a more conspiratorial theory than "a few million people suddenly tried to jump on" is required here.
This cannot be what they are running in production though right?
And this is also not open source for my understanding:
* Last commit was on 2020-04-22
* only a single committer (moxie-signal)
* only „bump version to xyz“ commits
* not a single PR is getting merged but all are just closed (one references „pr was created on wrong repository“)
* not a single code comment in what I saw so far
* there are also references to AWS and GCP but I could not find any reference to Microsoft/Azure (where their current IP is pointed to)
Is there some other place where the „real“ open source process is happening? Maybe some sources how their production architecture looks like?
I read the message differently. It looks like there have been so many people wanting to switch, that Signal was overwhelmed by the new demand.
I don't know if it is true, but for your peers it certainly is a different story to tell them about all the people who are switching than just about a service who had an outage. Hopefully, the next days will bring some light to the cause of the outage.
Same here. I moved a lot of my contacts and several groups over to Signal. And this happened. I'm fine with the down time, I don't have any urgent communication needs and if I did, there are other ways to contact people (SMS, email, WhatsApp, etc.). But I feel like I owe these people an explanation about this. An explanation where I say, "Hey look, there are no guarantees this won't happen in the future, but should still stick to this one". I'm not very good at writing and hoping to find something that I can use :)
Last night a friend from India popped up on signal. I told him "Welcome!" and he said "You finally wore me down, I've left WhatsApp and I'm trying to move my family off of it..."
Same here I had a group of about 15 ex colleagues I keep in touch with and managed quite easily to convince all of them to get Signal about 2 weeks ago. They’re all back chatting on Facebook and some are claiming that WhatsApp won’t be sharing data because of some European court case. AKA rationalising their negligent behaviour with regards to their private data.
These are all people who have completely abandoned Facebook for WhatsApp and Instagram.
I agree. This happened with Pokemon GO, at launch, but the reasoning is the same: "we didn't think there'd be that many users." Took almost a month to become stable. Hopefully Open Whisper Systems will get on it faster (I have confidence, for whatever that's worth).
It's great! Everyone I 'converted' is now thinking about the implications - from many different angles. Any outage for a few weeks is a win for humans and a huuuuge kick in the nuts for the twats.
Yeah it kinda pisses me off constantly reading about how decentralised messaging, or ad-hoc wireless mesh networks, or whatever it is, is the way to go.
That shit works on a small scale. Serving the entire planet needs hierarchy and co-ordination.
Doesn’t necessarily mean everything has to be completely centralised, but some of the woolly wishful thinking you come across is not based in the real world.
i have so much fun in public websites seeing americans fight over right and left. its good entertainment. keep it up.
anyways. It will be really difficult to convince my friends to remain on signal. At least they are technically sound. Thinking an excuse to come up with though. i donated money today too.
These users who are coming from these platforms (WhatsApp, Telegram) don't care about that. If Signal is still unable to stay online then the users will leave and they will try the second best option. (Even if it is less secure).
This has now become a usability and reliability issue for Signal.
Or that you can use that money for a Matrix server instead of supporting centralization.
Element is less polished than Signal app but they've been catching up quite fast. If you and your friends aren't locked into the Signal ecosystem yet, might be worth considering, especially if you're techies.
Matrix comes up a lot but even Signal is often called not polished enough. And for matrix onboarding is hard for techies and I've had zero chance for the general public. Fine to push it towards techies, but my grandma can't figure it out but she can Signal. Push matrix when it's more polished but right now it just feels silly to push it.
Exactly. I'm for decentralization, but the reality is that if "we" (we techies) tried to push Element on everyone today they would just fall back to WhatsApp. So better to go for Signal today and then switch everyone over to a Matrix (or similar) client in a couple of years. As the past week demonstrated, it's possible to switch masses out of a closed, network-effect-dominated system.
I wish the person that downvoted you would give an explanation. I'd love to know how to avoid the middle step of switching family to Signal before, once it's more usable, switching to Element. (Or perhaps they meant that decentralization isn't better and Signal is the final destination. Guess we'll never know.)
Element clients are very close to finishing their SSO implementations which will help immensely with the on boarding process.
Here’s the iOS pull request for example: https://github.com/vector-im/element-ios/pull/3890
One thing that would really help is basically making the server installs a few clicks. Granted it has been about 6 months since I tried but I remember the instructions not being great and I know that'd be zero hope for less technical people.
Unfortunately very true, so although I'm not a big fan of Signal's centralization and USA-based metadata processing (I'm not from the USA), I'll probably end up moving my family from (now) Telegram to Signal.
Alternatives would be Threema and Wire, but Wire has the same main issues as Signal and Threema doesn't have video calls nor a desktop client and an unusable web client (deal breaker for me: you need to navigate two menus on your phone to reconnect every time your phone connects to another wifi or you suspend your laptop or anything).
Do you mean that they have servers in the US? US based company? They don't leak metadata, that's the difference between Signal and Telegram/WhatsApp. If the encryption is good it shouldn't matter what country the company or servers is in. That's kinda the point of encryption...
You connect to AWS when you connect to Signal. That means the USA is the government with the most influence on Amazon to have taps placed or connection logs handed over.
They can do sealed sender stuff all they like, but when 10.0.1.1 sends a 17-byte message and the server then sends a 17-byte message to 10.0.2.1, and a minute later 10.0.2.1 submits something to the server of 48 bytes and then 48 bytes are forwarded to 10.0.1.1... traffic analysis based on a tap of a Signal server isn't rocket science.
Still, it's the best we've got for non-techies. Better than handing over more metadata to Facebook. Even if the jurisdiction is the same, the company (Signal Foundation) is better and is known to collect almost nothing historical by themselves. Other than, say, your real-life-identity-tied user ID of course. (In many countries, phone numbers are given out only after passport/ID verification.)
What makes you think that Signal doesn't have AWS instances in other regions? (I haven't checked but given their popularity, I'm sure their servers are not just in the US anymore.)
> They can do sealed sender stuff all they like, but when 10.0.1.1 sends a 17-byte message and the server then sends a 17-byte message to 10.0.2.1, and a minute later 10.0.2.1 submits something to the server of 48 bytes and then 48 bytes are forwarded to 10.0.1.1... traffic analysis based on a tap of a Signal server isn't rocket science.
True, though with a bazillion connections going in and out of Signal's AWS instances every minute and additional domain fronting by AWS, the NSA would probably have to be inside the AWS datacenter to carry out their traffic analysis and even then it doesn't seem like a triviality to me.
Compare this to someone hosting their own Matrix node (which you're mentioning further down): In this case, it is clear that every message sent to that node has something to do with the node's owner. More generally, reconstructing a social network in a p2p network (without onion routing or anything like that) is much easier than doing this in a centralized network where all messages get routed through a central location. There's a reason why the guys from GNUnet have so far spent two decades on getting p2p right. (Though, of course, anonymity is just one of their concerns and not their only one.)
Is still Amazon operating those locations, so I assume it's still the USA who's calling the shots. Please do prove me wrong if I am, this is somewhat of an assumption (even if I am fairly confident it works this way in practice).
Though perhaps I'm putting too much weight on this aspect, it's just that everything we do in Europe can be monitored through one USA organisation or another. It feels really weird when you think about the number of actually European services you use (very few) and how much money the ad machines are making with your data in the USA, how much that data is apparently worth. We're wholly dependent.
Domain fronting: didn't Amazon and Google say they were not going to do that anymore, because they didn't want to stand up for the organisations using it at the time? Some countries wanted to block certain services (was it sci-hub? TPB? Tor? I don't remember) and instead of standing up for them, they just banned domain fronting.
Therefore I'm assuming that one can see when a packet is actually intended for Signal and filter those out. From there, it should only be a very manageable number of packets, since we're only interested in the routing header and packet size.
One does need proper equipment to capture and filter multiple gigabits per second, but the attack scenario was more about legal interception (which you put in front of the server rather than in front of the datacenter) than about dragnet surveillance. The latter is indeed less applicable on non-USA soil, hence my saying Wire and Signal have the same issue but e.g. Threema does not, though centralization still makes it way easier (thus Matrix is king in this regard).
> reconstructing a social network in a p2p network (without onion routing or anything like that) is much easier than doing this in a centralized network
Hmm, you mention gnunet and I'm not up to date there, perhaps you know something I don't, but this doesn't seem quite right to me.
Sure, once you know who is running a server, you can install a tap and learn whom they are talking to. Way less traffic than doing surveillance on a Signal server, I'm with you there. But you do need to figure out who you're interested in first. The way that I understood these metadata targets work, is that you take a popular network (say, WhatsApp) and check who talks to whom. Anyone within 3 degrees of a suspect is now also a suspect if I remember and understood USA law correctly. But if there is no single central service, you need to install a lot of taps or capture the right internet backbones to get close to the same information.
And if you're serious about anonymity, if you're hiding from the police or an intelligence agency, then surely you'd host that server somewhere paid for without traces to your real name. Or use some public home server -- they still need to tap that specific home server rather than a centralized server.
> Is still Amazon operating those locations, so I assume it's still the USA who's calling the shots. Please do prove me wrong if I am, this is somewhat of an assumption (even if I am fairly confident it works this way in practice).
The whole point of Amazon operating datacenters in multiple regions is that, apart from improving availability of the stuff they host, datacenters outside the US get to be legally independent from US law. (At least at the consulting firm I work for we strongly advise clients to follow GDPR and use the European region only.) My guess would therefore be that European datacenters, for instance, are operated by Amazon EU S.à r.l.
> Domain fronting: didn't Amazon and Google say they were not going to do that anymore, because they didn't want to stand up for the organisations using it at the time? Some countries wanted to block certain services (was it sci-hub? TPB? Tor? I don't remember) and instead of standing up for them, they just banned domain fronting.
You might be right, I'm not sure what the state of domain fronting is, either. In any case, the fact alone that inside an AWS datacenter Signal can operate an almost arbitrary number of servers (as opposed to a single one) without anyone outside the datacenter being able to tell which machine a packet gets routed to or originates from, means that the Signal servers inside the datacenter can potentially handle millions of messages per second which would make correlating them with one another anything but easy. Remember that messages get padded anyway and that there might be additional random delays, depending on which server in a datacenter your message gets routed to. On top of that, judging from the Distributed Systems Developer position Signal advertizes on their website[0] I would assume that Signal's servers need to communicate with one another, too, i.e. your message might go to a European datacenter first and then, from there, go to one on the other side of the world – which would further complicate tracing it. Finally, message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent) which adds yet another layer of indirection, delays and mixing[1] and, thus, obfuscation.
All in all, I am not sure, therefore, if I agree with your assessment that
> it should only be a very manageable number of packets, since we're only interested in the routing header and packet size.
as the number and overall scenario don't seem that trivial to me.
> the attack scenario was more about legal interception (which you put in front of the server rather than in front of the datacenter)
Fair enough, if you tap every single server's network cable, it certainly seems more doable. But how do you, as the NSA, carry that out in practice? Knock at the door of that European datacenter and hope employees won't say anything to the press? I'm not saying it's impossible (it's certainly not) but Amazon EU S.à r.l. being a separate legal entity and employees not being bound to US law would certainly be big operational challenges. I'd say it's much more likely that the NSA's European intelligence agencies carry out such a task for them (or provide support) and even then it's not as easy as in the U.S. (no Patriot Act or anything similar).
Finally, don't forget that AWS instances can be deployed within a minute, meaning that "putting something in front of a specific server" becomes a lot less trivial if you don't really know which server it is or new servers get deployed every other day. (For once, an advantage of The Cloud™ haha.) You basically have no other choice than to put your wiretapping device in front of the entire datacenter.
> thus Matrix is king in this regard [legal interception]
I'm not sure it is. There are pros and cons to both centralized and federated networks here: A central big provider might have the legal power and sufficiently deep pockets to successfully fend off a "request" by an intelligence agency. Small ones like in the federated case do not. Sure, it takes longer to subvert a federated network. But once done, the traffic analysis is a lot easier compared to the centralized scenario (as we already agreed).
> Sure, once you know who is running a server
I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address. Almost everyone who operates a server for private purposes ties the server to a domain or at least a bank account. (Remember that the EU forwards financial data to US agencies.)
> But if there is no single central service, you need to install a lot of taps or capture the right internet backbones to get close to the same information.
The NSA already does that! (Compare what's been reported e.g. about NSA's Tailored Access Operations (TAO) team.) My general assumption, therefore, is always that the NSA and its partner agencies are sitting at every major internet backbone.
> And if you're serious about anonymity, if you're hiding from the police or an intelligence agency, then surely you'd host that server somewhere paid for without traces to your real name. Or use some public home server -- they still need to tap that specific home server rather than a centralized server.
I agree with the first sentence but I don't understand the second. Practically all traffic to and from a public server you're running at home gets routed through an internet backbone anyway. (Unless, maybe, your Matrix contacts are all in your neighborhood and are all with the same ISP.)
Regarding legal independence of USA law, you're legally right I'm sure because that's indeed how GDPR works. I just can't imagine Amazon Europe telling a USA judge "sorry your honor, we really can't tell our subsidiary to give you this data relevant to national security, it's protected by European laws." It's one company, not a separate entity.
Perhaps it would go this way and perhaps they would rather incur sanctions or take to the media when ordered to hand over data stored in Europe. But so we're trusting Amazon with our data.
I guess, if I'm being fair, I just don't really know enough about this. Perhaps a legal entity in the USA cannot be held liable for not complying with a judge's orders to tell its wholly owned subsidiary to do something, or either of them for the subsidiary not complying. It might work that way. I just expect that in practice, they might very well simply comply. Or, like you say, that a "European intelligence agencies carr[ies] out such a task for them".
> message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent)
When questioned about the privacy of using Google/Apple messaging stuff, what I've always heard as reply is that it only nudges the phone to fetch new messages. It still connects directly as well, as I have heard it (though it seems silly to me, why not just put the encrypted message right in there? Or is that a metadata thing then, revealing the message length to Google/Apple? Idk).
> Knock at the door of that European datacenter and hope employees won't say anything to the press?
That is very much how legal intercept works. And the NSA doesn't do those, it's a judge that gives the tap warrant and something like police (or a person of similar status) that executes it. I have never heard of it being leaked that some company is being tapped or in relation to which case (for all we'd know, it would be on European orders). That taps are happening is a well-known fact, just not on whom and especially not for what purpose. In a tour of an ISP data center, they pointed out now-decommissioned tap boxes to us that the police had put there. Distinctively blue in color if I remember correctly, and a hacker space later made a, um, tap out of one of them (beer tap).
> For once, an advantage of The Cloud™ haha
:D
> I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address.
Indeed; that's not what I meant, but I that sentence can indeed be read both ways (sorry). I meant to say that you don't know who's running servers, like, do you run one? Do I? Or the other way around: do I connect to a Matrix server? You have to actively check the server since the traffic is just TLS on tcp/443 (so much for passive tapping). More concretely, if a government (judge, secret service, ...) wants to find whom I talk to, instead of knocking on the door of a (few) central service(s) like Amazon or even Signal itself and telling them to send copies of TCP flow logs, you have to first tap my home IP, mobile data, see where I connect, then check those servers if any of them might be chat servers, then request a tap on those IPs in their respective countries, use that to check who else connects to those, if it's more than a handful of people you need to do traffic correlation there as well...
I see what you mean, though, with the centralized system requiring one to overcome scaling issues before any intercept can start, and potentially requiring cooperation of a party like Signal who will certainly make a ruckus. Which one will turn out to be easier might depend a lot on the situation.
> the NSA and its partner agencies are sitting at every major internet backbone.
They definitely have taps in many places, but all of them, in each country? And what about private peerings, can I not talk to anyone within one country without it being caught? Surely when ISPs A and B have a private peering in Germany, the BND doesn't automatically have a permanent tap installed there. It seems to me like there would be too many interconnects to really monitor all of them. But this is rather speculative, I don't really know. Also about the tier 1 backbones: sure it's a fair assumption that a random one of them is being tapped and so we need proper encryption, and also multiple strategic ones, but all of them all the time all across the world? I don't know.
> (Unless, maybe, your Matrix contacts are all in your neighborhood and are all with the same ISP.)
We here are Internet people, we talk to faraway people all the time. A good friend of mine lives on the second-furthest continent, latency-wise (Australia/NZ would be further), our traffic typically runs through the USA when we do a traceroute. Some of my friends moved to work in other countries. But an average mom, who does she talk to on WhatsApp? I think the furthest person my mom regularly talks to is me (~50km), and for faraway old friends maybe 150km across the country. The Matrix home server I use traceroutes through the nearest internet junction point (Frankfurt, 200km), I guess depending on how the physical interconnects go this might be on an easily tappable line, but it's not a given that it passes through a big backbone to make it onto another ISP's network within the country. In case you have some way to tell (I'm curious now), these seem like the most likely points in the trace:
6 bundle-ether2.0003.dbrx.02.fra.de.net.telefonica.de (62.53.28.149) 25.9 ms bundle-ether1.0003.dbrx.02.fra.de.net.telefonica.de (62.53.14.163) 21.5 ms
7 bundle-ether1.0005.prrx.02.fra.de.net.telefonica.de (62.53.10.51) 20.1 ms
8 ae3-1337.bbr02.anx25.fra.de.anexia-it.net (80.81.195.166) 24.3 ms
Anyway, what I was saying is that if you're hiding from the police or an intelligence agency, you'd probably avoid centralized servers, and that a random public home server is not as centralized as Signal. Not so much that this would definitely prevent a backbone capture, but that it would not make the traffic be caught in the same filter where they capture traffic going to/from a central chat service.
By the way, in general, I like your reasoning. I think the places we differ in opinion are mainly about how we weigh different risks or how prevalent we assume things are that neither of us can truly know. It's interesting to exchange thoughts and speculate about, though. There is no contact info in your profile but it might be fun to talk more about various topics - I see that you were asking in another thread about getting into cyber security. There are already good answers on that particular question, but as someone already in that field, perhaps I can be of help :). Since I keep this username loosely decoupled from chat accounts, you could shoot me an email at https://lucb1e.com/email-address/ with your matrix/signal/wire/... if you like!
> You connect to AWS when you connect to Signal. That means the USA is the government with the most influence on Amazon to have taps placed or connection logs handed over.
I'm not an networking guy but can you explain this more? I'm actually curious and what better place to get actual info than HN? If you have a sealed sender then shouldn't this be impossible? Shouldn't the size of the message be sealed as well and when the message is received you'd see that 1) it is signed by a different key and 2) the message size doesn't match? Shouldn't this be rejected? 3) Shouldn't this also apply to any app because traffic is going to bounce through some US based (or US company owned) server? My understanding is that sending data from San Francisco to Berkeley can route through Seattle or Tokyo depending on optimal routing, server configurations, and loads.
> Other than, say, your real-life-identity-tied user ID of course.
This is why I'm excited for the usernames. They are promising them this year.
Agreed about being optimistic about usernames. I'm hoping it'll be what we expect, I hear different things from different people but frankly I also have been too lazy to actually look into it (I feel like I'm always the one doing the digging).
> Shouldn't the size of the message be sealed as well
To hide the volume of data being sent, you need to limit how much data you can send. How would you hide from the relaying server how much data you're sending without adding dummy data? And if you add 0-500 bytes of dummy data every 5 minutes, then whenever you send >500 bytes or send a message more often than once per 5 minutes, the server still knows that it was an actual message and its size, and you can start to do traffic analysis.
> Shouldn't this also apply to any app because traffic is going to bounce through some US based (or US company owned) server?
Um, when I message my friend whose Matrix homeserver I'm using, the traffic involved is:
1. DNS lookup of a .de domain (does not reveal message size or anything else, even if I were to use Google DNS and reveal my home server to a USA company)
2. TCP connection to a German server
3. More traffic to his German server
And same on the receiving side. Unless one of us travels to the Americas, it's not likely to ever pass through the USA. That isn't to say that American agencies might not collaborate with European agencies or even tap European land-based connections, but it's harder and would not be an option available to criminal (or civil, for that matter) investigations due to the disproportionality of the method.
> can you explain this more?
I'm not quite sure what's unclear about it, but I'll give it another general shot. Imagine you see this traffic log, where A/B/C/D are different IP addresses. You see various people sending data of various sizes (you don't know who's who, but everyone connects from their own IP address, or in networking terms, a TCP tuple). Since the server is just pushing messages from one contact to another, like if Alice messages Bob, it will always forward a message as soon as possible.
00:00 A -> server: [17 encrypted bytes]
00:00 C -> server: [29 encrypted bytes]
00:00 server -> D: [17 encrypted bytes]
00:00 server -> B: [29 encrypted bytes]
00:01 D -> server: [48 encrypted bytes]
00:01 server -> A: [48 encrypted bytes]
From this, I would assume (without knowing any contents or anything else) that the subscriber behind IP address "A" is talking to the subscriber behind IP address "D", and that "C" is talking to "B". Now you can start building a social graph, which according to a paper I recently read (I could maybe dig it up again) needs only a few nodes before they can tell who you are, or they just ask the ISP (or in the case of the Netherlands, query the CIOT database[1]).
If you think that a "sealed sender" might hide your IP address, the answer is no because the packets somehow need to make it across the network to the right devices (or to the server for that matter) and then the receiver decrypts it.
[1] https://nl.wikipedia.org/wiki/CIOT only available in Dutch. TL;DR central mapping system of IP addr -> subscriber info, available at the police's discretion, updated daily.
There are opportunities that are rare or unique, and it doesn't matter that you're "catching up" - either you're good enough when the opportunity arises, or you've missed that window.
You might get a second chance later, but this opportunity is lost, and the options aren't "Signal or Matrix", the options are "Signal or frustrate people, get them to go back to Whatsapp, and be even more reluctant to switch later".
And even if through some magic Element was polished right now: Signal has been polished for years now, and as a result, has built up a brand and user base.
I'm not going to be able to switch all my already switch-reluctant friends to something they haven't heard about and that nobody uses; I am going to be able to switch them to Signal, because they've already been pestered about it by several people, have heard about it in the news, and (except for today, which is a huge problem for adoption/switching people over), it works.
At least on Android, Element is simply not suitable for end users. I'm not talking about some poorly formatted UI, I'm talking about confusing/broken UX and features that don't properly work.
So I put my tech elitism away and do what works, because otherwise we'll be stuck with Facebook.
Edit: Forgot the biggest problem: Matrix has no chance because it doesn't use phone numbers as a forced default. With Signal, if your friends have already installed it, you can just start using it with them. With Matrix, you can't. This is one of the hard choices that Moxie made that is a bit of a dick move but was absolutely necessary.
To be fair: I've been pleasantly impressed with Element actually from what I've seen of Mozilla's set-up. I can format my text, I can run it in my browser and it starts up very quickly.
You'll get disappointed once you actually start using it. Unfortunately. There are so many quirks, inconsistencies, poor UI/UX.
I've been using Matrix for maybe a year now with a group of techie friends and I would definitely not recommend it for my family members (who I just onboarded from Whatsapp to Signal the other day).
While I agree with the main point of your post ("so many quirks, inconsistencies, poor UI/UX ... not recommend it for my family members"), the availability of documentation doesn't mean it can't be intuitive. Aside from entering a custom home server on login (if applicable, that's something your family will not intuitively get with all the centralized services they're used to), after that one-time login I think most people should be able to find their way around if they try. And we definitely don't need phone numbers and SMS verification for usability: a username will do just fine, we don't have to spend 1.5 million USD from donations just on SMS codes in 2018 alone (source: tax filing).
> the availability of documentation doesn't mean it can't be intuitive
Sure, I'm not saying that either, and Matrix has been improving a lot since I first tried it maybe 2 years ago. But there's still a long way to go. I wasn't as focused on onboarding as I was on criticizing Element's UI/UX in general.
> And we definitely don't need phone numbers and SMS verification for usability: a username will do just fine
Phone number is just the easiest thing to do. No one is confused by the process and you immediately have access to all of your contacts, while with a username you somehow need to get all the usernames of all of your friends. Inviting new users to various channels kind of works, but it's not as personal as your own contact list.
Mind you I'm not saying it's the best option. Personally I'd rather register with a username, not only because I currently have three different phone numbers in use.
> we don't have to spend 1.5 million USD from donations just on SMS codes in 2018 alone (source: tax filing)
Yeah unfortunately they were. Income for that year (only year they filed so far) is 600k versus about 5M expenses, the largest single expense being sms verifications. Zero income from donations, perhaps they still ran that through the freedom of press foundation or what was it again that accepted donations on their behalf until they had the Foundation status? Either way, I wouldn't want to see the january 2021 bill.
> Either way, I wouldn't want to see the january 2021 bill.
Haha definitely not.
I would assume/hope that if Signal now starts going mainstream the donations will increase. I had donated sporadically in the past (have been using Signal since 2015) and now (since a couple of days ago) I'm doing monthly recurring donations. I'll recommend my friends to do the same, as I have been with Wikipedia and Archive.org.
I'm already having mild trouble to convince everyone to use signal, there is no chance I could get them to use and keep using Element. Element is terrible.
Well now, I wouldn't call it terrible, especially considering it's free and how much better it has gotten in the past years and how many volunteers have worked on it. It's quite decent really, even if not super smooth and polished.
It opens three messages - 2 of them modal and one annoyingly large - whenever I login, and I have to login every time I open it. I'd call that a quite terrible experience. Using the web app.
You pose this as centralization vs decentralization. This is actually Facebook vs Open Source, and for every feature that isn’t at parity with the existing solution, you lose users.
Is now the time to be dogmatic about decentralization?
E.g. OVH, Hetzner, TransIP... idk whatever kinda server you like. Or repurpose an old laptop at home, for a few Watts you get something that's usually more powerful per ¤ than a VPSes (or "cloud instances" in newspeak). Then install a Matrix server, add your domain, and you've got your own Signal alternative.
Or just use the standard matrix.org home server if you're just trying it out / don't mind a not-super-fast home server. Or one of a dozen public Matrix servers: https://www.hello-matrix.net/public_servers.php
I'm afraid Signal really dropped the ball on this one. I'd be surprised if any of the new 50M users stick around after this fiasco. Also, this doesn't seem to actually be a scaling/hardware issue like they claim. They're running on AWS so they should be able to throw more hardware at it in a matter of minutes, hours tops. As of now, they've been down for 14 hours! Not sure what's going on but it's the absolute worst time to have this happen :/
Edit: worth noting that I've been a Signal user since ~2015, and I've stood by them through multiple amateur-hour mistakes (including one where the iOS app would simply crash on boot for about a week, rendering it unusable to me and every other iOS user). The app was just starting to get into a non-insanely-buggy state that I was quite happy with, so it's upsetting to know that these sorts of mistakes are still being made.
I also would have expected a better communication of the outage at least a bit more regularly (at least 1h since it seems to be an extremely large outage).
Additionally, the status page, IMO, lacks of some information e.g. what services are up, historical view etc. Anyway, thrilled to see how it will change after this incident.
In the meantime, best of luck to the signal sre team.
The client entry point (api.directory.signal.org) seems to be pointing exclusively to Azure and IBM Cloud depending on geography. It looks like just DNS, the website, and maybe some backend stuff are on AWS.
> should be able to throw more hardware at it in a matter of minutes, hours tops
Who exactly is going to pay for the hundreds of thousands of dollars in cloud spend you propose they turn up?
Judging from their jobs page they are just hiring in US time zones, so it’s understandable that they might run out of steam after an incident going on into the middle of the night.
HugOps!
Hope they get it fully running soon. Maybe they’ll provide a good, public root cause analysis and I hope that they rethink hiring in order to get more TZ coverage.
At least they tell you about it - there's a banner on the top of the app. Last time WhatsApp was having issues, it didn't give any indication - messages just weren't being delivered (but as a user, there's no way to distinguish between "no messages" and "messages not being delivered").
I don't see a banner on the top of my app. I only found out when the desktop client kept timing out with 502 errors and after asking on Twitter, found other people were having issues too.
For me it's the other way around, haven't had any banners or anything on Android, whereas the desktop client has, and messages have been throwing 50x errors, while the mobile messages just seem to take ages to send.
The desktop app shows a yellow "DISCONNECTED - Check your network connection" warning. They probably should work on better error/status reporting in next version.
Last time WhatsApp was having issues, a “Connecting” banner was shown permanently on the app and all outgoing messages displayed a clock instead of a tick, showing that they weren’t reaching the server.
I'm not getting a banner on iOS either, however when I try to send a message it fails with a red exclamation mark in a circle saying "Request failed: service unavailable (503)"
Edit: A few minutes after the message failed to send I got a yellow banner stating that the service was experience interruptions.
However the banner disappeared shortly afterward, so it would have been easy to miss.
heavy user of whatsapp and I can't recall having any issues with whatsapp ever. I'm a heavy user of signal as well and... it's a bit crap honestly. I actually needed to transfer a file to a client today and was strongly relying on signal for that...
I use the Signal app as my default for everything because of this feature (secure communication with Signal users and insecure SMS with non-Signal users)
For all of you saying we should switch to Matrix, please outline the user sign up flow in your comment. Be detailed. Your audience is your 50 something aunt who calls her iPad her Facebook.
Wow I just had to reset my password and am stunned how broken this process is.
1. Click reset password
2. You enter your email and new password (already here!)
3. A password reset request has been received for your Matrix account. If this was you, please click the link below to confirm resetting your password: [link] If this was not you, do not click the link above and instead contact your server administrator. Thank you.
4. Text page with the sentence "You have requested to reset your Matrix account password" but a button saying "Confirm changing my password"
5. Button clicked, password is set to the one entered in step 2.
This just absolutely is waiting for abuse. Every other site asks you to enter the new password after you have clicked the link. Here it's before you have clicked and there is no option to see or confirm the password entered initially. There is no indication that that is what's happening. In addition the word 'reset' is confused with 'change'.
Super easy for anyone - even the most techie user - to be fooled by this workflow. Someone else initiates the request and enters a new password, grandma gets the reset link and clicks it, password is changed and the other party can login and change also the email.
Don’t worry. I already gave up on the sign-up flow when I entered my preferred username and password, then tapped register in the top right corner, only to be confronted with a prompt to —- again enter a username and password of my choice.
I would have to spend hours getting my family signed up for this thing.
> Anyone can host a server and talk to anyone on any Matrix server.
I host my web, my email, my XMPP, my TURN/STUN, etc, so I gave Matrix a try. In short: it's horrible. It's insanely resource hungry, both synapse and dendrite, plus dendrite is so not finished it hurts.
Stick to XMPP until Matrix is in an actually usable shape when one doesn't need a small power reactor to run it.
When was the last time you tried? My Synapse is stably hovering around 400M RSS with about 10-15% CPU usage. It has about 20 active users, each with 2-3 devices and is joined in hundreds of rooms on the federation.
https://app.element.io/ -> click "create account" -> create account. The default is for a matrix.org account which is totally fine for anyone who can't/won't dig deeper.
I tapped this link on my iPhone. There’s nothing that says create account. It says I have to download an app called Element. But you said it was called Matrix.
This is the level of technical ability that you need to be targeting.
If you install the Element app, its first-launch is quite simple and newbie-friendly. There are a couple more "options" than e.g. WhatsApp, but they're presented very clearly: "Join millions free on the largest public server" or "Premium hosting for organizations" or "Custom & advanced settings" -> tap the first + free one -> Sign up / Sign in with a totally-normal experience after that.
Re "you said it was called Matrix": fair, but I wouldn't send people to "matrix" / the protocol for any system with multiple implementations. I'd send them a link to one of the user-friendly apps (i.e. Element). Similarly, you wouldn't tell someone to join XMPP, you'd send them to the Google Hangouts or MSN Messenger or Playstation apps.
The first launch on iPhone asks me if I want to share my contacts, and then outlines a massive paragraph explaining something about identity servers that I’m expected to choose.
This is a friction-filled experience for someone coming from WhatsApp
This is the second opportunity Matrix has to win over users (the first one was when Signal decided to lock everyone out until they agree to their SGX-based cloud storage scheme), and I predict that they'll miss this one just like they missed their last one due to not being ready yet.
we’ve been working a lot on onboarding on Element, just as Signal have. it’s not perfect, but empirically it’s good enough for many non-technical users. comments like this are likely based on stale data (eg from when we forced e2ee setup during registration).
Compared to installing the Signal app and verifying your phone number over SMS, the difference is quite remarkable. Signal has had smooth and frictionless onboarding as part of the design.
But also, comparing Matrix to Signal is a bit like comparing apples to oranges IMO.
Why would I send my aunt to a page about how to join the mozilla community? Over half of that wiki page is mozilla specific information, and even most of the matrix info is irrelevant to most users if they just want to do a basic registration.
The real apples to oranges comparison is you thinking that this wiki page is somehow comparable to registering a signal account.
This is definitely the weakest point of Matrix. There are clients that have a nice setup flow (like FluffyChat) but the are missing some pretty important (to me) features such as sending images and video calling.
My mum is such an aunt, she makes no secret of often being baffled by her smart phone, she doesn't know all the right words, but she's curious, she tries, and really appreciates apps that are easy to use, with her in mind.
I'd estimate that Signal is a fair bit better than Keybase since the latter wasn't end to end encrypted in the first place. But since you're on Matrix now, of course that's self hosted and as stable as you make it yourself. Decentralization for the win, kudos for going with an even better solution (even if I disagree about Signal not being a stable choice)!
> after [installing the Keybase app] and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend.
> there is no way to display [the 'signature chain' of the person I'm chatting with], I have to trust the server to send me the right key. [Yet the client] displays a banner above the chat saying "end-to-end encrypted".
The whole point of Keybase is that you could verify the keys that the server sent you by looking at signed statements posted on third-party websites. That verification happens client side.
Read the post. I've had this discussion dozens of times now, everyone repeats the same arguments, all based on what Keybase puts out, never checking anything for themselves or even logically reasoning about how this could work (for those who bring up blockchain instead of third party proofs). There's a reason I link the information you're looking for, you don't even have to check it for yourself anymore.
> It was mentioned on hacker news that the app should check third party proofs by itself. This is not exactly what end to end encryption means since it still relies on third parties, but nevertheless, having to [compromise] 2 or more companies' servers before being able to MitM someone's keys (which are additionally TOFU'd) should give quite some confidence.
> However, when checking in Wireshark whether it actually does this (ask the Twitter API for the proof string and verify the signature with the the public key it received from Keybase), Keybase on my phone did not contact Twitter at all. (It did, however, proudly proclaim that the new chat was end to end encrypted.)
> The packet capture started before the username was typed into the search field on the test device and ended only after Keybase completely established the chat and claimed it was end to end encrypted.
> It is deemed implausible for the mobile Keybase client to simply have downloaded all signature chains from all users that exist on Keybase and to have checked all their proofs prior to starting the packet capture. This is the only way I can think of how the third party hosted proof could have been verified prior to the packet capture.
> after [installing the Keybase app] and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend. [...] How does this work with Keybase?
> there is no way to display [the 'signature chain' of the person I'm chatting with], I have to trust the server to send me the right key. [Yet the client] displays a banner above the chat saying "end-to-end encrypted".
It's all marketing department with a sprinkling of blockchain magic.
Not really, ive paid plenty of subscriptions to services that later shuttered and not paid for plenty of things long kicking. And vice versa of course.
Ambiguity goes away by understanding the total finance model not by knowing you paid 5 bucks.
That being said I'd like to at least cover my cost to them to see it better grow. A payment isnt the same thing as that though it only tells you you at least paid a portion e.g. buying a smart tv doesnt mean you now know the tv cost less than that to make.
Which is/was a lie - they always had more money than they could spend. (They reduced the aggressiveness of their wording over the past years in response to criticism.)
I fully expect to be downvoted to oblivion for this opinion but it needs to be said. Signal has been down for nine hours. the vast majority of people who turned to this platform today as an alternative to Whatsapp or Facebook probably quit looking into it after the first two minutes of that outage.
for a platform that bills itself after installation as a suitable drop in replacement for your SMS service (and encourages you to shill it to friends as such) this is completely unacceptable and could have easily been avoided with better leadership and architecture.
Cheerleading your users endorsement of privacy on twitter during an outage is insulting.
Most sites and apps monitor things like news sites, twitter and the like for instances where their namesake may be trending. This is done in order to quickly head off DDoS type outages due to things like the slashdot effect. Signal doesnt do this for the same reason Signal is centralized: Moxy writes code like he still lives in 2006.
- Nobody scrambled to bolster capacity after the electric car porn star (Elon Musk) gave a full throated endorsement?
- Nobody raced to improve capacity after Apple looked to be in a position to piss in Facebooks cheerios?
- Nobody even thought to reconsider capacity after Whatsapp showed up in the news JANUARY 6 with a bombshell announcement of privacy changes for users? we waited over a week?
It also needs to be said --yes im aware of my audience-- that centralized services DO NOT scale. Moxys response to this has been cantfix/wontfix, so in traditional dev fashion he throws more hardware at the problem to make it go away instead of looking into a better architecture.
Microservices do not scale. Yes, they scale across the cloud, but they do not scale across support channels. Microservices trade gaming cloud providers for precious pay-by-the-second service for an endless byzantine dumpster fire of almost impossible to diagnose failure conditions. A highly secure end to end encrypted service that expects to replace your SMS needs to be quick to diagnose and fix. Again: NINE HOURS.
A more callous review would suggest that Signal remains centralized because Moxies waiting for an IPO, or an offer from FAANG to buy him out. Im certainly not of that opinion, but FWIW this was a disaster for Signal and most of HN is about to break an arm patting the company on the back.
Whatsapp certainly took notice, and certainly used it as an opportunity to win back some of its detractors.
I don’t understand, so what? They’re doing their best and if users go somewhere else so be it. I’m sure if they could avoid the outage they would.
They’re not losing profits or anything. They’re hosting a free service. When they get the service back online users will have a secure messaging option that is even more battle-tested.
They are losing face. In oriental cultures, that's bad.
EDIT apologies for bad wording. In certain situations, losing face is worth, than losing money - in this very moment, in my opinion, this is rather bad for Signal.
> and encourages you to shill it to friends as such
Despite your deliberate conflation of them, shill and recommend are not synonyms
> Cheerleading your users endorsement of privacy on twitter during an outage is insulting.
How is a non-profit charity saying "we are having trouble right now but thanks for all the support" insulting? How did these folks insult you?
> Tesla, Apple, Facebook, WhatsApp
These are all corporations that ultimately only care about money. They have customers. Signal has supporters.
> because Moxies waiting for an IPO, or an offer from FAANG to buy him out
Just like all the other 501c3 IPOs and buyouts, right?
> this was a disaster for Signal and most of HN is about to break an arm patting the company on the back
A charity is having a temporary problem most HN readers would kill to have: They literally can't scale up fast enough to meet demand. Truly a disaster.
... and it doesn't matter if you know how to avoid those unless your friends also do so.
BTW, is there an authoritative source whether these cloud backups to Google Drive are unencrypted/encrypted with Google keys, or encrypted with keys held by Facebook?
I see no reason not to encrypt them the same as local backups (with a key that is held by Facebook, and provided to your phone once they verify your phone number).
The difference between these against the US government filing warrants is just one piece of paper, but against an attacker that compromises your Google account, it does make a significant difference.
Of course you got all the metadata going to FB, but it's still a good messenger feature-wise for now, so I'll keep it as a backup in case my favorite privacy-conscious messenger is down again for 10 hours.
What good is e2e encryption that is essentially becomes mere in transit encryption, since WhatsApp will filter your messages BEFORE they are sent to see if it needs to take any action? (Which action is of course phoning home, outside the precious Signal Protocol)
How is it in-transit encryption? How does Facebook decrypt it? Do you have any facts other than "it's Facebook, so it must be bad"?
There is no evidence that messages ever leak outside of WhatsApp via means other than potential unencrypted backups that you may or may not be using at a cloud provider not connected to Facebook or your IME.
If you're targeted by NSO or whatever nation state that would be interested enough in you to compromise you, you got other things to worry about.
I mean that argument applies equally to Signal since you have to use their client and the services are architected in the same way.
WhatsApp does filter messages on the client side but it’s stuff like submitting image hashes to the CP database. If Signal reaches the scale of WhatsApp they will be forced into doing this as well. And nothing in Signal’s architecture prevents this kind of data exfiltration the same as WhatsApp.
Unfortunately do you have anything to back your claim? Because there is a number of official sources pointing out that Whastapp uses the signal protocol to do both 1:1 and group chat
I lived in a age when sunday was holiday for postoffice & letters took forever. The false sense of urgency created by emails & instant messaging are human creation (if we agree on that) by organizations that have self-interests to protect. I fully understand availability of service. Most of package/mail carriers told us how deliveries will be delayed due to cyclone in Florida or increasing load due to holiday+covid in recent days? Let us translate all of this to internet traffic as well. Hell didnt break loose or sky didnt fall on our head when it happened. Hoping we are in agreement till now, what worries me is not messaging or availability of that service. But the commercial interests that will use such services for their data mining. As soon as one agrees to new terms & conditions, what if WhatsApp roles out updates that suck in more info about me from my phone to build their dark profile & strong social connectivity maps? I think some of us are opposing that. It comes at cost of, lets say half day of service outage once in a while. How did we spend our childhood days when there were lengthy blackouts?
Facebook, whatsapp, google have all messaging service that are centralized.
> Microservices trade gaming cloud providers for precious pay-by-the-second service for an endless byzantine dumpster fire of almost impossible to diagnose failure conditions.
Distributed systems design is hard, Signal team might not be equipped to deal with the sudden surge of users and this definitely is not a good look.
But federated/decentralized servers doesn't make this problem any easier, you still have to diagnose and fix your issue across a fleet of multiple servers. You can offload the problem to users, but then you will not have the adaption to begin with to create this problem.
Yup they're already under 99.9% reliability for the year. Never mind WhatsApp this makes them a questionable replacement for SMS. Not only "was" it a disaster for signal the disaster isn't over.
Reliability is more important than privacy for messaging most of the time. Some major balls are being dropped here.
> Reliability is more important than privacy for messaging most of the time. Some major balls are being dropped here.
Obviously, The Signal team should have done a better job of coordinating the mass user migration with the WhatsApp team at Facebook. Such a failure. /s
I don't get why some people see the need to bitch about Signal at every opportunity. The criticisms are usually unfair (like this one), missing the point, or a self-centered whine that Signal didn't decide to focus on catering to the whiner.
I have made one complaint about signal in my entire life after the outage hit 9 hours. They did fail. It's just an inconvenient truth thus the character assassination and apologism.
This is the first big outage I've felt affects me personally in any meaningful way as someone who has tried to stay away from overly depending on cloud services and SaaS like Gmail or slack. I first noticed that a couple of hours ago my messages seemed to be hanging and going through without the typical confirmation. The status page has no more information than the title at this point.
I think it’s because many people from India joined Signal after Dhruv Rathee published a video suggesting people uninstall WhatsApp and install Signal or Telegram. He’s got 1.7M views within a day, and I’m sure he’s bringing lot of new users to Signal [and NordVPN because of the paid promotion].
I am very interested in hearing the postmortem of this extended outage technology/architecture stand point.
Not to be cynical, but I wonder if this is caused by an attack by the company who is losing users!
I doubt we’ll get much info about it out of Signal / OWS. I’ve asked about their tech stack and ability to scale in AMAs before and got fairly vague responses.
The server code was published. Even if we don't know what services they use, you should be able to find quite easily what language the stuff is written in.
The Signal servers essentially pass around encrypted blobs from one device to another. Most of the development work is on extending the clients to pass around different types of messages, so there's not much work that needs to be done on the server.
9 months is a long time to go without updates though, especially if you just got a ton of extra users. While I definitely see your point, GP also has a point about development clearly not being open. It's "code available" software, not "open source server" software.
You said you asked them about their "tech stack and ability to scale". A tech stack consists of frameworks and languages used, which can be found on GitHub, so there's part of your answer.
Indeed I'd be interested in the post mortem here and I also don't expect anything from them (depending on how large this turns out to be, though, and so far it's actually a rather huge outage so maybe we'll get some info after all).
I'm using Signal from the early days on where a lot of stuff wasn't working properly. I try to comvince people for quite some time now and whenever there was like a privacy issue on WhatsApp or other messaging apps, I saw people discovering and moving to Signal.
Sadly, whenever there was such an opportunities to shine, they ran into technical difficulties.
As a result, many friends tell me on a different messaging app like telegram that they finally tried out signal but moved on because it wasn't working.
This makes me very sad and I hope that the Signal team is able to learn from that and plan ahead.
@Signal please take your opportunities and make a reminder like a big banner in your office reminding you to ask yourself "is there an opportunity?" Or more concrete "did WhatsApp messed up with privacy?"
For me, I will still try to convince more people to switch to signal :-)
I'd suggest that:
Whenever we, the hacker news guys who care for privacy, recognize that there is an opportunity for a privacy concerned development team like Signal
->
We send them an e-mail or similar.
Since often its really difficult to spot it yourself.
I just donated to let them know I'm interested in their continued existence. I feel bad - my wife and I have been a user of Signal 100% for the past 4+ years and we wouldn't want to use anything else.
For some Signal related education, listen to the Security Now! podcast from 2016 - Steve Gibson dives into the protocol underlying Signal, "Open Whisper Systems".
Time to jump ship! Use element / matrix an open, decentralized, end-to-end encrypted chat protocol with slick clients for Android, iOS, Desktop & Web: https://element.io/
Also easy to self-host a server, if you need full control:
When the lockdowns started I sent my relatively old parents to riot.io. They were able to get it working on their phones and tablets pretty well. The only thing we had trouble with was the riot.io-mediated jitsi multi-person video conference setup. But they handled the basic riot.io setup and 1-to-1 stuff fine.
The notifications transport for these on iOS is necessarily centralized as push notifications have to be sent from an apple developer client cert to Apple's APNS system.
There is no such thing as decentralized messaging on iOS for this reason.
The matrix developers run a push service, which all servers have to talk to to push notifications to their iOS app, even if you run your own instance.
[ EDIT: The following statement is false! Changes in APNS have rendered my previous understanding out of date. ] This means that both the push server operator, as well as Apple, can see the content of all of the push notification messages, thereby bypassing the e2e encryption as well.
> The matrix developers run a push service, which all servers have to talk to to push notifications to their iOS app, even if you run your own instance.
This isn't really true: there are lots of Matrix iOS clients out there, and each run their own separate push server. Only Element iOS's push server is run by the 'matrix developers', and if you are worried about that then (if you are an iOS developer) you can build your own copy of Element iOS pointed at your own push server.
> This means that both the push server operator, as well as Apple, can see the content of all of the push notification messages, thereby bypassing the e2e encryption as well.
This is completely incorrect. By definition, the server can't see the contents of end-to-end encrypted messages, and we don't send push contents (encrypted or otherwise) to the push gateway anyway. Instead, the push notification is a single flag sent to the client to tell it to wake up, which then runs a Push Extension (on iOS) to talk to the Matrix server and do E2EE in order to display the notification body (if desired). It's become particularly painful since iOS 13 thanks to https://appleinsider.com/articles/19/09/05/secure-messaging-....
Oh, okay, so just to confirm this means that push servers *AREN'T* getting any information about the messages being sent to users? The contents of the message, who sent it, etc?
They don't get the contents of the message, and I don't believe (off the top of my head) that they get told who sent the message. It's just a "you received a message" notification, that the phone then has to expand into the actual notification itself by talking direct to the server.
I stand corrected, this is a new feature. Still, the push message itself is centralized via a single dev account, and of course Apple, even if you are running your own homeserver.
I thought that it just sends push notifications without content which then wake up the app so that the app itself can fetch the message from your homeserver with encryption
Try talking with friends / groups on a few different servers (it's decentralised, remember) and you will soon see what scalability issues are. As you add n servers to grow Signal you need n^x for Matrix.
As a longish time Matrix user I've never experienced scalability issues due to federation. The federation actually works pretty well. Scalability from Matrix comes/came due to the fact that some servers were too popular. Though that is actively being worked on: https://matrix.org/blog/2020/11/03/how-we-fixed-synapses-sca...
You can use the public matrix server that offers an interface to it with the Element web client and is maintained by Element the company (used to be called New Vector):
https://app.element.io/
If you do want to set up your own server I wrote a guide when I learned how to do it with Google cloud instances:
https://munfred.com/matrix
Wow, at first I thought "they finally hit their limit with the new signups." but now they've been down for a couple of hours and I'm starting to worry that it might be more severe.
Same here. I had assumed there was an "oh crap!" moment, and the solution might be as simple as provisioning bigger/more boxes from AWS (or whatever provider they use), and this could be resolved in an hour. I'm a bit worried that maybe the problem is more architectural and it might require a more substantial code change. Then again, most "auto-scaling" algorithms aren't really expecting you to quintuple your active user-base in a week.
Obviously I'm not going to complain that a free service isn't working for me 100% of the time, and I'm not "angry" or anything, but I hope this is resolved soon; pretty much the only way I talk to my friends and family is via Signal.
What's the endgame with Signal? It is identical to whatsapp in how it works and what features it has/lacks. Whatsapp has big daddy FB to pay the bills (which would be massive for such an app). I doubt Signal can survive on donations from a few privacy conscious users.
For a free service, intended to survive with very small amounts of donated money, you need a fundamentally different architecture. Whatsapp was not built for this, and since Signal copied them, neither is Signal.
Even if Signal is able to survive on meagre donations, I would think it is a better use of that money to be spent on resilient, distributed architecture than AWS bills. A good architecture ensures sustainability, a large AWS bill just makes Bezos richer.
This is a positive sign - it means there've been so many more signups lately! I did just convert a whole bunch of close friends over to Signal this past week, so I hope they can ride out this temporary outage and not leave the service :'( It took too much 'social effort' to move them all over
No, it's a negative sign since half of the ~dozen people I got over to Signal are complaining and will probably go back to WA since Signal is still down after almost a whole day. The other half will probably go back if this takes much longer.
One thing on my wishlist for Signal that's curiously still missing is the lack of a Web app.
On desktop at least, I'm generally of the position that messaging apps should need no capability outside of what's available in my browser (i.e. sending notifications), so when the option is available that's the one I tend to go for (usually have my commonly used ones sitting around in a pinned tab).
Pretty much every chat app out there today (including WhatsApp) has a web app. Anyone know why Signal doesn't? Is it just a prioritization/lack of resources thing?
IIRC Signal doesn't have a web app for security reasons. With a iOS/Android/Desktop app, you can verify the checksum of the binary against what signal provides.
But with a web app you redownload the application everytime which means you'd have to recheck that checksum every time you use the app. I guess that WhatsApp, Discord, et al have decided that this is a reasonable risk. But the privacy oriented Signal team disagrees.
I don't think it's a prioritization issue, the desktop app is currently running via electron which means it's effectively a web app already.
Something being Electron doesn't mean it's ready to be a web app it means the UI is web and the rest of the app is somewhere between "the standard web sandbox" and "a native app" in terms of what it has access to do.
Wow... I was totally convinced by the security argument until I read through this thread, which completely obsoletes that premise. It's no different from a PWA (like WhatsApp) in its update behavior then.
They don’t store messages in the cloud. The desktop app benefits from being able to store them locally. The same could be said of a web app but I’m sure browsers impose some extra limitations.
The background here is that WhatsApp previously stated that they would never share user data for profit, i.e., not selling ads [1]. Reading that blog post leaves a sour taste in HN's collective mouth, because not 2 years later they would get acquired by the ad giant Facebook and now mandate that users agree to share their data with FB. The wording made it seem like accounts that didn't agree with the new policies would get terminated on February 8th.
A few days later, WhatsApp posted [2] that their update was misinterpreted by users and media, and that the clarifications to their policies were to increase transparency. They also pushed the ultimatum for a few months.
This is bad. I spent a lot of time and effort getting non-techie friends to switch from whatsapp, and now what is supposed to be the best alternative is having a massive downtime. I think I'll just give up.
I have given up too - people are complaining to me (via WhatsApp since it just works) because I recommended Signal and they signed up. Now I'm the guy whose recommendations are probably going to be ignored. Signal just isn't suitable as a replacement/daily chat app...
I'm a fan and daily user of Signal, but here is the harsh reality that this outage (going on for more than half a day now) exposes: Signal is not, today, suitable as a primary secure communication channel. Maybe one day when it scales, but not today. Countless critical conversations were disrupted today.
Signal has critically failed two times in the past year: now, and almost a year ago when they were forcing everyone to create a PIN (and subject their data to their weird SGX-based cloud storage thing) despite users yelling at them how bad of an idea this is. If you didn't want to do it, you were locked out.
That one pissed me off a lot more than today's outage, which is understandable, hopefully short, and unlikely to be repeated once they get scaling under control. It's also the reason why I'm not donating today.
Signal is totally centralized. The server is (if I recall correctly) open source, but if you were to run your own server, all of your contacts would have to be using your server too in order to communicate with them.
I assume that the hostname(s) of the central Signal servers are hardcoded in the app somewhere, since they're not meant to be replaced.
Server is open source but good luck setting it up. There is no documentation for it. Also, they have intentionally excluded the option for clients to connect to alternate servers. This stance really rubs me the wrong way. I love the Signal protocol, everything else is kinda meh.
> Also, they have intentionally excluded the option for clients to connect to alternate servers.
Since Signal doesn't federate, if you switched your client to an alternate server you would be unable to communicate with the 99.9% of people out there using the official Signal server. Signal isn't going to give a UI option that is certain to cause frustration and bafflement for the vast majority of users. Those wanting to use an alternate server are probably a small nerd niche who already know how to fork the client.
How does this change things for the user though. E.g. in email it doesn't matter if your email is down or everyones email is down, you're not switching to a new email host every time yours goes down and you don't particularly care if someone else can communicate while you cant.
That's true, even if only 1% of users are on each of 99 servers while the rest do something else, 1% of users will be frustrated when their server breaks, like with email.
For those unaware, the Signal protocol developed by Open Whisper (previous name) is what was adopted by WhatsApp / Facebook Messenger / Skype and possibly others. In a sense, Signal is the original reference implementation of the specification.
I remember years ago back when I still used WhatsApp when there would also be temporary outages due to huge increase in traffic/popularity. Growing pains. I would have hoped, though, that the engineers at Signal would have foreseen this and would have been prepared.
Just realized: Shouldn't actual message delivery be easily shardable in Signal, since the server side doesn't know the sender, i.e. you can put each user on a different shard without having much issues with cross-shard communication?
I glanced through very interesting discussions below(sorry, if this is repeated question) I was wondering if it is time to define basic rights of an individual in the internet.
- Free & fair access to information(not controlled by any corporation) for everyone [wikipedia?]
- Free communication (emails, messaging, calls) for everyone [signal?]
How do we structure this? Donations(private individuals, users, governments?), usage fees(annual subscriptions for a household?) or some other payment model we haven't discovered yet (like USPS stamps/postage fee - PAYG)
It's very poor on anyone to be so toxic about free, valued services and then at first fail jump to public media to scream outrage.
Signal is going to be better than ever by going through these moments and improving the platform. I don't mind the inconvenience and don't expect premium quality with five nines of availability. I'm not in a position to complain.
Is there any data on how many of these new users are WhatsApp refugees vs. Parler refugeees vs. some other category?
In principle it shouldn't matter. But I'm worried userbase demographics will determine from which quarter the next legislative threat to end-to-end encryption emerges.
I deleted the app after it deleted all of my texts and wouldn't open. I still think encrypted messaging is very important, but not sure signal has done a great job with their implementation. Compared to the default android app it's always been quite buggy
How does this happen? You can kind of see your usage quickly run to 100% right? I’d think this is one of those moments that someone is permanently observing the usage to increase capacity when necessary.
Also, why can’t I send a message any time, instead of just sometimes?
It would work like it works for email. Most users will pick the default server. Over time other large (popular) providers will emerge and people will start to recognize the choice. Clients with branding will make that choice easy for non-technical users.
We know already it works. Federation and choice is a win for everybody. For this to start though you need either a good client/server combo for people to individually adopt, or a GREAT/POPULAR client with a default server.
I'm sorry to say that Element/Riot fails flat on this. I've used Riot and then Element for a while, and it got worse in usability and features (I genuinely can't stand it). As the reference client, it doesn't support multiple server accounts, which kill the ability to have an independent server. Federation is nice, but what's nicer currently is to be able to use matrix a teams/slack replacement where tech users can drive adoption. The central matrix.org server is slow already, and even with federation you cannot tell your users to switch servers because of this, defeating the point.
The positive side is that on the client side there's already choice. On the user front I've found FluffyChat to be vastly superior. Using Jitsi for audio/video was weird at first, but it works much more reliably than signal (I gave up on signal for audio calls due to the time it takes to establish a connection and the horrible lag it randomly has - to the point I just hang up and call via GSM to finish the conversation, defeating the point).
If I was element I'd get FluffyChat and it's author onboard as _the_ default client. On desktop I can choose multiple clients, and I have none of the "Signal" phone number/pin/central server/electron BS. It works as intended, and it will only get better with time. It's great.
I keep seeing this argument, and we all know it's bs. 20 years ago there were many email providers, people simply picked one, or hired someone to set it up and run it for them.
The same principles should and could apply for decentralized one; pick conversations.im for XMPP, pick matrix.org for Matrix, pick Mastodon.social for fediverse - or something smaller. Or ask someone to do it for you. Or run your own.
It was, actually, when gtalk, facebook, and whatsapp (thought I'm not completely sure about this, just have a reasonable suspicion) was using it in the background.
Probably like email or all the other decentralized services the federated people talk about. Email didn't get mass adoption until centralized servers like Hotmail and Yahoo came online. People don't want to run their own servers and now a days it's a lot more work to do so.
As a "federated person", yes, an email sort of scenario is exactly what I'd like, or at least it would be many times better than what we currently have for im systems. The most important thing to me (and I suspect many other people in favor of decentralization/federation) is the ability to host my own service. I couldn't care less if 90% of email users are on gmail as long as I can run own email server or pay someone else to run one for me while still communicating with everyone.
I still get notifications about incoming messages, just can't read them because the app rejects my passphrase. This has been going on for more than an hour now. If they aim at picking up whatsapp refugees, this is pretty bad.
I use huawei p20 lite 2019 and the signal app is not as smooth and fluid as whatsapp. The animations frames are noticeable. I really want to love the app. I hope they improve the android experience for lower end smart phones
For example, I have never once received a "you should watch this as well" decent recommendation from Youtube, the sidebar is absolute garbage and cant even keep the concept of a topic-thread... Youtube is total trash.
Are you logged in? Because I don't think they tailor their recommendations much to non-logged in users. I get lots of recommendations that end up being good videos.
This is a good sign. Thanks to Zuckerberg's mistake, Signal reaps all the rewards. What can we learn from this?
Just because you own a platform doesn't mean you have an economic moat. The crowd's sentiment can change overnight and I think Zuck is honestly out of touch with public sentiments.
He probably thinks that he can run for US presidency using Facebook as a launchpad but all the money in the world won't fix myopia.
They do have a massive moat. It's just that if you keep piling up shit, your moat, no matter how deep, will eventually fill up and your users might escape.
I suspect this is related to all of the people getting kicked off of other social media platforms. Signal may be becoming the platform of choice for the far-right to share disinformation and organize.
I believe it's more to do with users abandoning WhatsApp due to the concerning privacy policy that Apple forced them to disclose to their users. Many high profile influencers are recommending people switch to Signal.
The centralized-infrastructure-Tower-of-Babel is about to collapse.
As much as I love Signal, we've got to move to things that are decentralized. I setup a prosody[1] server a while back, but have nobody to talk with. If anyone wants to try their system out, I'm bjt@2n3904.net on XMPP.
Hi, Prosody dev here. It looks like your server isn't reachable.
If you'd like help with that you can join the community support channel: https://prosody.im/discuss/
And herein lies the reason decentralized isnt about uptime, when the server you use is down its down regardless how many use it and it doesn't matter to you others still work. It'll probably get more downtime over the years than the mega important one as well.
That's not to say decentralized doesn't have a ton of benefits just uptime for the user isnt one.
I know they don't like third party implementations because then if you need to make a protocol change you'd have to wait 30 years for everyone else to update their clients. But if you're already requiring a single client that it makes it easier to do decentralized messaging for exactly the same reason.
Another option that works pretty well is to do both. So try decentralized (DHT / direct connection) first and fallback to a central server if that doesn't work. Then you're up as long as either one of them is working. And there is a lot less load on your central servers.
Of course there are protocols like XMPP and Matrix.
But there are also solutions that don’t require everyone to host their own server. Rather, people just host impersonal nodes on the network and everyone uses the whole network together.
Examples would be Status[1] (Ethereum) and Session[2] (Oxen neé Loki).
I’m sure there are others that use this architecture too. I just like it because I don’t have to be personally concerned with who is running my “home server”. Because there is no one single home server in this model.
How does that work, though? You need to have some central database of user IDs, or can you just never have a user ID and will you need to add people by full public key. As soon as you try to map big public keys to a phone number, username, or some other short ID, you need some registration system, probably on a FCFS basis. How does that work in this "you can run but not manage your own server" type decentralized system? And who prevents message spam / abuse handling?
It sounds like these must be centralized systems presented as decentralization, similar to how Keybase marketed themselves as end to end encrypted and nobody noticed that you can't actually verify peer's keys thus making it TOFU (similar to blindly accepting ssh keys). (And when you asked people about their claims about Keybase, they'd tell you to RTFM regardless of whether you already said you did that... A marketing department can be very powerful even on HN.)
Status uses public keys, but you can optionally link an Ethereum Domain Name (ENS). So it’s basically like license plates where you can buy a vanity plate if you want. Also, friends can just add their own nickname for you in their contacts.
Personally I think that’s the best way to do it. Public keys aren’t very different from phone numbers at this point. Nobody memorizes phone numbers anymore either. Each person just has their own Rolodex mapping of keys to names.
I thought signal was highly decentralized? What traffic does the server handle once two clients have "found" each other? Which I believe uses hashes of phone numbers.
Based on that, they use Google, Apple, Twilio and AWS in the backend. All who have shown they are willing to deplatform with little notice as the result of kneejerk public pressure.
How easily can Signal replace those dependencies if this comes for them?
As far as I know, Google and Apple are only used to send Push notifications to users. These are optional, and Signal on Android can be used without Google.
AWS S3 is/was used to share files with other users. It became a standardized API, with many alternatives supporting the protocol, so switching to a different provider or on-premises should not be difficult.
Signal intends to remove the dependency on phone numbers, and therefore Twilio, but this has not be done yet.
All IM apps rely on Google or Apple (on their respective platforms) for the push notifications. The alternative is polling in relatively small intervals, but that wakes up the app, which uses the battery without any real usage.
And if the OS decides to kill your app's process, your polling dies with it and you don't get notifications.
(I wrote this in a dupe of this story so I'm posting an extended version of the message here. Maybe it is useful.)
Maybe that's a good reason to open for federation and now I wonder if it would be possible to have an user migration between servers without cooperation from the origin server. This would allow users to move to a new one without losing track of existing conversations.
Seems crazy, but the reason we can't do this with email is the lack of a generally agreed identity for an user account that does not depend on the server itself. Signal accounts have a "master" key that can provide this and it's only stored in the device and backups (it's the most trusted of all keys, after all).
A sketch:
- User creates an initial account on server X (account: user@serverX.org), the procedure includes signing a message saying "I use server X since $TIMESTAMP and this is the 1st server that I use";
- Everything works as now.
- User wants to change server, so they signs a new message "I use server Y since $TIMESTAMP and this is the 2nd server that I use" (account: user@serverY.org); this message is sent to all chats/groups/contacts and to the old server (as an information only, it may be already down or be non-cooperative). Contacts update the server part of the account and start sending messages through the new one. Maybe the user can still try to contact the old server for a while, for the event it delivers a message from a account that didn't get the first, but at some moment all users will get the new address.
Notice: I have no idea of how this can work with sealed senders of other metadata-prevention measures that Signal uses and we all love.
Bonus: no more dependency on phone numbers.
Or if it goes to an more email-like architecture were users only speaks with their servers, it can adopt concepts from djb's Internet Mail 2000 [https://cr.yp.to/im2000.html]. This will *not* work for current email due to the need of keeping compatibility with the enormous existing user base, but this problem does not exist for a new protocol.
> The centralized-infrastructure-Tower-of-Babel is about to collapse.
Is there any decentralized protocol that's in widespread use? Email is the only one, and if hackers take out Gmail and 2-3 other major email providers 99% of the world's personal email is gone.
Do you need a static IP? (Xfinity appears alergic to allowing static IPs any more, and I am too lazy to setup my own router after 26 years setting up other peoples net infra..)
No, but you need access to a domain record to add the required entries for XMPP, and update them if your IP changes. One can do this for free (once you have a domain that points at their DNS records) with a provider like Digitalocean and their API to update the domains.
good for them to be open about it because it’s easy for internet weirdness to be suspicious these days, my buddy just about shat a brick when a message with the newly leaked video from Fulton GA suddenly vanished: https://www.bitchute.com/video/lep8A5YTQ0P3/
Did you read the rest of the comment? Without the link for context and given recent censorship of this kind of stuff I figured it might have seemed a little bit paranoid.
Guess who is not having technical difficulties, ever: Telegram
They are going to be the next Facebook. I don't understand why people underestimate them so much. When they rolled their own crypto in some areas, people made fun of them, yet no one could break it. When they published their source code openly, people say they aren't open source like signal. When FB bought WhatsApp, people seriously continued to choose it over Telegram, despite Telegram able to host much bigger chats, and so on. And being used all over the world, by the same government officials who were officially trying to get it offline LMAO.
Telegram isn’t bad. They are not E2E encrypted by default, and they don’t offer E2E encrypted group chats. If that’s not important to you by all means use it; it’s a solid service with good apps.
Well first off Telegram doesn't actually do end to end encryption unless you manually opt in. They don't allow end to end encrypted voice or video calls. They don't allow end to end encrypted group chats. Telegram is also a for-profit company that has no guarantees that they'll continue to not harvest your data because they're a pre-profit startup company.
1. e2e chats are not default, and they are clear on this fact. It is very easy to start one, though.
2. All voice and video calls are e2e encrypted. [1]
3. They do not harvest your data, and they are not for-profit. All of the money invested so far has been put up by the founder, Pavel Durov, [2], but they have outlined possible methods for financing. [3]
What are those random emojis in voice calls for, then? I assume (warning: assumption) the voice calls are actually encrypted, even if it's with keys received from the server and opportunistic unless you verify the emojis for a particular call. (Video I don't know, and group chats and most 1:1 chats are definitely plaintext yeah.)
WebRTC mandates end-to-end encryption, but that's for the web browsers. Can you please link me to evidence that Telegram does not have any way to encrypt video or audio calls?
You say Telegram is a for-profit company, but I am not sure how Telegram makes money, at all. It was approached by various government agencies looking for backdoors and claims to have rebuffed them all. Unless the whole thing with the founder of vkontakte having to give up his shares to mail.ru and run, was staged, I'm pretty sure he's an anarcho-capitalist who isn't very happy with states having data. So if that's the case, Telegram (unlike Moxie Marlinspike and Jan Koum) is much less likely to sell out their platform down the line.
I'm not familiar with encryption and how does either of services work on the backend, but shouldn't E2E happen on users devices? (like... end to end). And if that's the case - how does this impact Signal's infrastructure?
- You need to orchestrate key exchange between clients which is additional overhead (probs negligible).
- Messages can't be edited so any corrections made by users need to be entirely new transmission over the wire (probs negligible)
- Encrypted data can't be effectively compressed, and compression before encryption can lead to side-channel attacks. You can generally mitigate this by building your compression and encryption together (e.g. SSL does this), but not entirely sure this works for Signal with an E2EE arch. Either way I would assume that E2EE payload sizes transmitted over the wire are larger than stuff sent over the wire with GZIP/SSL (as Telegram is probably doing).
- MAIN REASON (my guess): group chats in the Signal protocol require sending a different encrypted message to each participant, rather than a single identical message to all participants. Honestly my algorithmic complexity chops aren't the best, but I think that would make Signal group chats O[2n] while Telegram group chats are more like O[log n], if they utilize clients sending the group chat to each other, which is a crazy level of difference in efficiency for what is effectively the same thing and a pretty common use case (group chats).
Long story short, secure things that are hard to mess with are less efficient than things that are easier to mess with. This is why blockchains like Bitcoin are much more lethargic than a normal database – there are some necessary performance trade-offs required when you want high levels of security in your system. There are a bunch of small little things that probably aren't a big deal, but every little bit adds up when you're trying to scale a service to millions of active users / billions of messages.
Didn't Signal just have a couple hundred percent gain in users, on TOP of the hundred+ percent gain in users that Telegram had? Signal is on top of both of the primary app stores.
They are (were?) hosted partially on Amazon, which should be able to scale quite nicely.
If the system is built for it, that is.
Though on 2018 there was some noise from Amazon about stopping their hosting due to practice called "Domain Fronting", no idea what came out of it. At least signal.org is hosted on Google.
People jumping to signal likely are looking for privacy. The only app that guarantees that right now, with minimal configuration, is Signal.
Jumping from Facebook or WhatsApp to Telegram doesn't make any sense from a privacy perspective. Well Telegram supports secret chats, It unfortunately defaults to non-secret chats, which are just to secure as any old Facebook post. In fact, if we're comparing WhatsApp to Telegram, from a privacy perspective, you would be giving up more data by switching to Telegram because WhatsApp is completely end to end encrypted by default.
I realised I was more than happy to pay WhatsApp's yearly charge back in the pre-Facebook days (think it was 70p or so?).
Figured I could give Signal a few quid every now and then, maybe keep a server up for a few seconds :)
Donation link should anyone be interested: https://signal.org/donate/