This is a clever way to do this, but it still seems like someone caring about their privacy should just do without gifs.
Edit: I should rephrase - I mean someone with a larger-than-usual need for privacy, someone paranoid for a reason. This is great for the typical privacy concious user. But if I was sending documents to WikiLeaks, I would not sum them up with a cute GIF.
Except that history has shown us that theoretically secure but feature deficient systems lose out to less ideologically pure systems that provide what users want, leaving the sum total amount of security provided to be less.
At what point has Signal ever indicated that they were targeting users that were trying to send documents to wikileaks (or require similar levels of privacy/security). They have consistently said they are trying to build a messaging app that normal people want to use over stopping targeted attacks. eg [0]
Why should those of us who care about privacy be required to limit the media we use to express ourselves? By including this functionality Open Whisper Systems is giving the privacy conscious a way (albeit experimental) to have our cake and eat it too.
If your aim is to get more people to care about privacy, or to enable those who care about privacy to convince their friends to use a more private app, these things help.
This is Signal jumping the shark. Why is searching gifs their responsibility? Non-essential features should be skipped there is a single shred of security concern, which we can see there is.
They know that for a bigger adoption they need those usability improvements, at the same time, they make sure additional features don't compromise the security expected from their app
I've been really impressed with Open Whisper's focus on usability and functionality. So many privacy products take the stance of "if you care about privacy, you won't want to do this", and it seriously harms uptake.
Is there a federated and/or self-hosted alternative to Signal with similar privacy and security properties? Even if it supports fewer platforms?
I've been getting more and more interested in running my own (and perhaps my friends') infrastructure, but I haven't found anything better than IRC for chat.
I run a Synapse server (http://matrix.org/) which is federated and works very well. There are many clients but the nicest at the moment is Riot. Full encryption is now available in the Riot webclient and it's coming to the app soon.
> "but I haven't found anything better than IRC for chat"
If IRC was your best bet so far, you might want to have a look at good ol' XMPP aka Jabber. If you're into Android, with Conversations [0] there's a suitable client which supports end-to-end encryption. For other OS there are many other choices with different encryption options. While OTR (Off-The-Record Messaging) might be the most popular one, it unfortunately makes multi-device-support kind of a bumpy experience.
Run an IRC server on 127.0.0.1 on a dedicated server you control and allow access over SSH only. Connect to IRC through a command line client in a tmux session or similar.
"For instance, if someone messages you with an invitation, you might want to write back with a message that says "I'm excited." With integrated GIF search, you could instead do a GIF search for "I'm excited" and send one of the results instead."
What? Why? Is it some kind of attempt to become a new "cool" app? Sounds totally useless function to me, but if it helps to get more users, well, maybe that's a good thing.
Why? Because lots of people like sending gifs and prefer to use messaging apps that support them. If it's totally useless to you then fine: don't use it.
I don't have an iPhone, but with the Android client at least, you can disable image auto downloading in the settings page. If you hate fun and are dead inside.
> The GIPHY service could use subtleties like TLS session resume or cache hits to try to correlate multiple requests as having come from the same client, even if they don't know the origin.
How would a cache hit mean same user tried to search? TLS session resume, I can understand but cache hit only means same resource was accessed not same user tried to access.
Great! Now that these easy, low-hanging-fruit features are taken care of, maybe we'll get some of the more involved security oriented ones, like, IDK, having an indication if I verified a contact or not so I can, you know, know whether I should verify or not when the opportunity presents itself.
Or basic message reliability? There's no reason I should be getting "Bad encrypted message" so often. Or tons of repeats. And out of order messages. And random deliverability problems.
And it seems like it has a way of picking just the right time to fuck up. Right when there's a big question or when I need to say something important, bam, Signal will start being erratic. Plus the repeat messages has on at least one occasion ended up providing a totally different meaning.
I'd say with one particular contact, we exchange screenshots of Signal over MMS once a day to avoid misunderstandings.
1) We're moving from a mobile-first to mobile-only world. This prioritization shows that the signal team are fundamentally pragmatic.
2) Most people rely on cliche to communicate. It's obvious that gifs are another cheat that is being commonly integrated by most people. It's kind of silly to avoid acknowledging the reality of how younger people are commonly communicating.
3) Please don't be sad because a software team prioritized a feature you don't like. You deserve to have more control over your own emotions. Why would you let a software feature have such a drastic impact on your own happiness?
I think the key thing is not to sacrifice performance for form. Add all the stickers, GIFs, bots and other fancy features you want. But never let load time get under 200ms. Lots of people talking about how this makes it more broadly applicable but Facebook didn't just beat MySpace on simplicity of use and Farmville access, they also beat them on speed and reliability. Not mutually exclusive either. Keep up the good work.
Read this article yesterday (https://www.techinasia.com/line-dev-day), and the introduction was eye-opening. tl;dr people like that extra stuff in messaging apps.
It's also a real app[1], independent from the phone's: after the initial key exchange, you can send/receive messages even when your phone is off
[1] Compare with the Whatsapp webapp, which solves/sidesteps the E2E encryption among multiple devices conundrum by simply routing everything through the phone. The Signal app is also written with web technologies, so it might not be palatable for everyone, but it's a good compromise imho
Now if they would just resolve real bugs (like many people not being able to register to Signal), that would be maybe cool (but as they implemented Signal Protocol to WhatsApp and others (if we can trust code we can't see) I can't say I see any point in it).
Maybe I am wrong, but it lost that appeal it had some time in past.
[+] [-] mnx|9 years ago|reply
Edit: I should rephrase - I mean someone with a larger-than-usual need for privacy, someone paranoid for a reason. This is great for the typical privacy concious user. But if I was sending documents to WikiLeaks, I would not sum them up with a cute GIF.
[+] [-] shalmanese|9 years ago|reply
[+] [-] finnn|9 years ago|reply
[0]: https://news.ycombinator.com/item?id=10665520
[+] [-] nfrmatk|9 years ago|reply
[+] [-] dmvaldman|9 years ago|reply
"Lol dude, I don't know what kind of whistleblowers, dissidents, spies, and revolutionaries you're messaging but mine send all the best gifs."
[+] [-] StavrosK|9 years ago|reply
[+] [-] proaralyst|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] mobiuscog|9 years ago|reply
[+] [-] nilved|9 years ago|reply
[+] [-] raverbashing|9 years ago|reply
They know that for a bigger adoption they need those usability improvements, at the same time, they make sure additional features don't compromise the security expected from their app
[+] [-] Bartweiss|9 years ago|reply
[+] [-] cryptarch|9 years ago|reply
I've been getting more and more interested in running my own (and perhaps my friends') infrastructure, but I haven't found anything better than IRC for chat.
[+] [-] sschueller|9 years ago|reply
[+] [-] schlowmo|9 years ago|reply
If IRC was your best bet so far, you might want to have a look at good ol' XMPP aka Jabber. If you're into Android, with Conversations [0] there's a suitable client which supports end-to-end encryption. For other OS there are many other choices with different encryption options. While OTR (Off-The-Record Messaging) might be the most popular one, it unfortunately makes multi-device-support kind of a bumpy experience.
[0] https://conversations.im/
[+] [-] alltakendamned|9 years ago|reply
[+] [-] jhasse|9 years ago|reply
[+] [-] kbart|9 years ago|reply
What? Why? Is it some kind of attempt to become a new "cool" app? Sounds totally useless function to me, but if it helps to get more users, well, maybe that's a good thing.
[+] [-] ascorbic|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] StavrosK|9 years ago|reply
However, that has very limited usefulness, so I don't see it happening soon.
[+] [-] Arnt|9 years ago|reply
[+] [-] wst_|9 years ago|reply
[+] [-] pliu|9 years ago|reply
[+] [-] newsignup|9 years ago|reply
[+] [-] newsignup|9 years ago|reply
How would a cache hit mean same user tried to search? TLS session resume, I can understand but cache hit only means same resource was accessed not same user tried to access.
[+] [-] StavrosK|9 years ago|reply
[+] [-] detaro|9 years ago|reply
[+] [-] nzp|9 years ago|reply
[+] [-] biznickman|9 years ago|reply
[+] [-] hk__2|9 years ago|reply
[+] [-] aluhut|9 years ago|reply
[+] [-] verroq|9 years ago|reply
This is only a first step in the right direction.
[+] [-] MichaelGG|9 years ago|reply
And it seems like it has a way of picking just the right time to fuck up. Right when there's a big question or when I need to say something important, bam, Signal will start being erratic. Plus the repeat messages has on at least one occasion ended up providing a totally different meaning.
I'd say with one particular contact, we exchange screenshots of Signal over MMS once a day to avoid misunderstandings.
[+] [-] Vinnl|9 years ago|reply
[+] [-] droopybuns|9 years ago|reply
2) Most people rely on cliche to communicate. It's obvious that gifs are another cheat that is being commonly integrated by most people. It's kind of silly to avoid acknowledging the reality of how younger people are commonly communicating.
3) Please don't be sad because a software team prioritized a feature you don't like. You deserve to have more control over your own emotions. Why would you let a software feature have such a drastic impact on your own happiness?
[+] [-] nibs|9 years ago|reply
[+] [-] wtbob|9 years ago|reply
[+] [-] endemic|9 years ago|reply
[+] [-] aluhut|9 years ago|reply
[+] [-] laluluala|9 years ago|reply
[+] [-] toosmart4u12|9 years ago|reply
[deleted]
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] piotrjurkiewicz|9 years ago|reply
[+] [-] berdario|9 years ago|reply
https://whispersystems.org/blog/signal-desktop/
It's also a real app[1], independent from the phone's: after the initial key exchange, you can send/receive messages even when your phone is off
[1] Compare with the Whatsapp webapp, which solves/sidesteps the E2E encryption among multiple devices conundrum by simply routing everything through the phone. The Signal app is also written with web technologies, so it might not be palatable for everyone, but it's a good compromise imho
[+] [-] tdkl|9 years ago|reply
[+] [-] zlatan_todoric|9 years ago|reply
Now if they would just resolve real bugs (like many people not being able to register to Signal), that would be maybe cool (but as they implemented Signal Protocol to WhatsApp and others (if we can trust code we can't see) I can't say I see any point in it).
Maybe I am wrong, but it lost that appeal it had some time in past.
[+] [-] MikusR|9 years ago|reply
[+] [-] dsacco|9 years ago|reply