Even Signal doesn't match the requirements set by this blog post.
It too has frequently prioritized features and usability over security. For example:
- Relying on SGX-based security for some of their features (e.g., gif search) while SGX has been thoroughly broken again and again
- Using phone numbers as account ids, which allows nation states to capture just one phone and immediately unmask the IRL identities of all other group chat members and contacts
Signal's authors have previously argued that it's better to give a some security to 100% of people than 100% of security to some people. Which is why they cooperated with WhatsApp on their encryption, or why they used phone numbers to ease adoption.
Matrix for example is doing exactly the same, just with a slightly different focus.
This narrow view of "Signal competitor" is more harmful than good.
>Using phone numbers as account ids, which allows nation states to capture just one phone and immediately unmask the IRL identities of all other group chat members and contacts
Incorrect. Accounts can be set to not make the registration phone number either visible or findable by (or both) contacts.
Signal uses phone numbers as identifiers. Due to KYC laws phone numbers are closely bound to real-world identities.
If the police is able to unlock one person's phone, even if that person used self-deleting messages, they immediately know the identity of every other person that person chatted with.
Signal might as well have used your SSN as your account ID, that would have been just as private.
Luckily Signal has finally started fixing that in the past few weeks.
I got most of my family and some friend groups on Signal, because of the simple fact that it is just like WhatsApp.
It should even be a little more like WA because all said family use it with that pincode pop-up open... None of them understand it, and all of them expect to loose all their conversations when they loose their phone so who cares. For some I turned it off, but that should be easier. That said, I wish WA would have Signal's way of sending Gifs (or Jifs as some people call them).
I fully agree with this article by the way. Got my brother on Matrix and it was pain (he lost access quickly). I Started a Matrix group on fosdem, within a day people were complaining that I should turn of encryption because they had issues (from their own server probably), I never managed to do that... I love Matrix and use it a lot for communities, but Signal just works.
> within a day people were complaining that I should turn of encryption because they had issues (from their own server probably), I never managed to do that
Obviously you weren't able to do that - contrary to what OOP's article wrote, in Matrix it's not possible to deactivate E2EE for a room after it has ever been enabled.
The closest thing to that you could do would probably be creating a new room without encryption and closing (tombstoning) the old room with a link to the new room.
I’ve been using and recommending Signal for years now. Recently I have learned that Signal relies on AWS. What are the implications from a security perspective?
They are missing an additional factor which is - who is running it, and how are they incentivized. This is really the reason I trust signal more than the alternatives, over and above any technical details.
Basically I want the ship to be steered by someone who is maximally inoculated against selling out. Spending a decade of your life publicly railing against capitalism and sellouts, building a big community of active crusty friends who will call you out for turning evil, that’s valuable. It’s not perfect but I believe that it works better than various alternatives
moxies “bad business models create evil companies” thing resonates a lot also
If you're going to say what is said under every submission about Signal you should I least mention that it is a choice they made and that they gave reasons why [1], whether you disagree with their arguments.
You can only trust E2EE if whoever controls the server does not also control the client. Otherwise they can just backdoor the client.
I wonder what'd happen if a three letter agency subpoena'd Signal and demanded Signal's app signing key so they can ship a backdoored update to a handful of targets.
Interesting how the issue there was both usage of their servers and the name.
Molly (https://github.com/mollyim) uses their servers but not their name and seems to be operating just fine. I've been using it for almost a year now.
I found it primarily because I wanted to run Signal on a tablet.
If they believe that uncontrolled 3rd-party clients would make it easier to breach their protocol (because they know their protocol's weaknesses), it would make sense to be openly hostile to 3rd-party clients.
If there's no third party client then the e2e is completely moot because Signal could be forced to push a backdoor to their customers and they would never know e2e has been removed.
How would a third party client make it easier to breach the protocol? You can still study the source of the client, the protocol, make a fork of it and modify it, etc. The official client is fully open source.
The argument for security for disallowing other clients would be being able to modify the protocol to patch out security issues without worrying about compatibility with other clients.
It's been about 4 years since I've used Briar, so take this with a grain of salt, but I found it extremely useful at an event where I was normally within WiFi distance of my friends, but we didn't have cell service. Like, we might be in the same conference room, just not actually near each other, and the site had shoddy internet service.
If we could connect to each other's phones as "hotspots," we could send messages over Briar that wouldn't get through any other way.
It also worked well with a local mesh net set up around the conference location for file sharing, but that didn't have internet access.
Not the intended use case from what I understand, but it worked surprisingly well, and better than the goTennas we tried the year before!
After a couple of years on Signal, I am starting to migrate back to WhatsApp for most usage, because Signal doesn't care about normal people who want to share family pictures with each other and expect those to be part of your photo stream.
I can link photo albums, but relatives will just continue to message photos. I can't save them easily and lose date/time stamps, so that the high quality pictures do not benefit me.
Again, this is my experience after 4 years of Signal use. My photo library is just missing so many memories because of this.
It too has frequently prioritized features and usability over security. For example:
- Relying on SGX-based security for some of their features (e.g., gif search) while SGX has been thoroughly broken again and again
- Using phone numbers as account ids, which allows nation states to capture just one phone and immediately unmask the IRL identities of all other group chat members and contacts
Signal's authors have previously argued that it's better to give a some security to 100% of people than 100% of security to some people. Which is why they cooperated with WhatsApp on their encryption, or why they used phone numbers to ease adoption.
Matrix for example is doing exactly the same, just with a slightly different focus.
This narrow view of "Signal competitor" is more harmful than good.