It sometimes feels like the security community is a bucket of crabs where any time something starts getting traction due to ease of use a lot of others try to pick at it due to it not being perfect even if many of those things are trade offs
- phone numbers allow for signal to be a drop in replacement for other messaging apps with minimal to no registration required, I doubt I could have gotten my mother to use signal without switching from texting being so low-friction.
- lack of federation means ows can control spam better unlike in a federated environment where lazy/malicious operators can cause lots of problems. Take a look at the 2 big federated protocols email and irc where due to spam and other issues they are both increasingly centralized.
This isn't the security community. The security community is pretty much unanimous in supporting Signal over all other secure messengers. That's not to say that security people aren't critical of Signal, which isn't perfect for all the reasons this blog post points out --- Grugq is a pretty good source for these kinds of criticisms through the lens of an infosec person. But security people tend to deliver these criticisms as, you know, criticisms --- not angry appeals for people to abandon Signal.
The entities most harshly critical of Signal are supporters of other messaging applications and protocols.
I think the most important thing to understand about secure messengers is that messaging in general is a back-ally knife fight of a market, one of the most vicious I've seen in my career. Perhaps it's because of the WhatsApp outcome and a general belief that there's another such outcome for some other messaging app. Or it could just be the network affect. Messaging applications themselves are interesting UX challenges, but as programming challenges they're pretty close to socket projects. So there are a lot of entrants in the market. Whatever the reason, the knives are out for Signal.
I don't so much care what messaging system you use to talk to your friends or chat with your gaming guild. But if you have real adversaries, the security part of your messaging system has to work, even more than the messaging part. For that situation, Signal is the only messaging system I'd recommend unreservedly.
> It sometimes feels like the security community is a bucket of crabs where any time something starts getting traction due to ease of use a lot of others try to pick at it due to it not being perfect even if many of those things are trade offs
That's because when it comes to security often theoretical vulnerabilities end up being protocol-destroying vulnerabilities in practice. Security folks are notorious for saying, 'that won't work,' being ignored — and then everyone being surprised when indeed it doesn't work.
> phone numbers allow for signal to be a drop in replacement for other messaging apps with minimal to no registration required
The issue is not allowing phone numbers as identifiers: the issue is in not allowing other identifiers. There's already a URN scheme for telephone numbers, and there are URN schemes for many other identifiers, to include email addresses, and there are even ways to add additional schemes. If Signal used URNs rather than telephone numbers, then users could continue to use telephone numbers but advanced users could use other identifiers, as they wish.
> lack of federation means ows can control spam better unlike in a federated environment where lazy/malicious operators can cause lots of problems
A spammer cannot spam someone whose public key he does not know. If there is no central directory of identifiers to public keys, there's no way for a spammer to send spam. It is possible for someone who knows one's public key to spam one, but since the sender's public key is tied to a public identifier, one knows who sent the spam.
Does Signal perform any anti-spam activity anyway?
In the long run federated protocols and servers demonstrated their resilience regarding third parties and time, see irc for example.
Probably Signal is just a reference implementation, the big deal is implementing Signal protocol in different systems (whatsapp, allo, fb messenger..).
Having said that, I would be happier to not give my phone number for registration, and contact discovery but this is today a user interface well understood and accepted outside geek communities that's hard to eradicate.
I'm surprised to see that matrix.org / riot.im is not mentioned as an alternative to Signal. They have a federated, open protocol, usable open-source apps for web/Android/iOS, registration without a phone number (even email is optional), do not require Google Play, and support double-ratchet encryption (in beta, it's not activated by default yet, but it will be activated by default in private rooms in the future).
> the big deal is implementing Signal protocol in different systems (whatsapp, allo, fb messenger..)
Strongly disagree. The point of Signal is not just that it's encrypted. The point is that the source code is GPL and the service is free. Holding up a bunch of closed-source, proprietary, for-profit applications as examples of success only serves to obscure what should be the real goal: decentralized, anonymous, metadata-less, encrypted communication that anyone can easily use. Signal could be much closer to that goal but OWS & moxie refuse to allow decentralization or anonymity for bad reasons.
Given that we've seen exactly how little information Signal maintains about its users [0], this seems to me to be alarmist spreading of FUD, potentially to advance the author's agenda of dfederation in Signal, which the developers have already addressed at length already [1].
For example, their assertion that "... metadata is abundantly available here" appears to be patently false, given [0].
Regardless of the merits of Signal, much of the criticism voiced in that article is nonetheless valid. Signal and other chat platforms employing the protocol are run as data-silos by design, using strongly identifying codes (phone numbers) as the required identifier — i.e., it is nearly impossible to create a throw-away account, because getting an anonymous phone number is no longer a practical possibility in a lot of (Western!) countries.
Whether or not such metadata is available to adversaries (either through OWS or gathered elsewhere) depends on who your adversaries are and whether or not a corporate entity can be trusted to be completely transparent about what kind of data they retain.
As for [0]; even if no relevant metadata is collected today by whoever owns the servers, nothing stops the party providing the service from doing so tomorrow.
Centralization is a _huge_ privacy issue. Specially when combined with real world data, like a phone number.
Let's assume OWS is playing nice, and they really don't store any relevant metadata. How can we be sure that a third party is not eavesdropping their communications?
Even with end-to-end encryption, given enough time, an attacker can easily build a user relationship network, something _very_ dangerous in the wrong hands.
If you really care about privacy, you should consider options like BitMessage, Onion.chat, Ricochet, Tox or GNU Ring. Or, as a middle ground between those (which are quite mobile unfriendly, due to its P2P nature) and Signal/WhatsApp/Telegram, a federated service like XMPP (as the article suggest) or Matrix.
Even if it is claimed that the metadata miraculously wasn't collected (provided it really wasn't collected under some other publicly invisible arrangement, which is still technically doable) that doesn't prove it is impossible to do so, especially as the result of another secret request.
I don't see the "FUD" in the article. It seems very popular using labels instead of talking about issues, but please, please don't.
The phone number problems were known since long, and the Signal's explanation "it's easier for the average user this way" doesn't explain why other alternatives aren't even allowed.
It's obvious there are certain goals behind Signal, and those with different goals have to organize themselves. What they surely can't do is claiming to have right to decide what Signal (as a company) does. If those who have clear needs want to introduce their own solution, they surely have to demonstrate what the Signal doesn't solve, and that's surely not FUD.
Federation was only addressed insofar as Moxie Marlinspike the developer noted it would be hard to keep the protocol updated if the servers were shared (he compared his tech to Facebook and WhatsApp, and described federated email as "stuck in time").
There's nothing unduly alarmist about the article, but it makes appropriate claims about (among other things) the security limitations that Signal has resigned itself to by remaining unfederated. Read TFA.
I love Signal. I use it as the primary means of contact for several close friends and have contributed patches. However, it drives me nuts that OWS won't allow federation or LibreSignal and requires phone numbers as user IDs. In the past, their justification has been that their primary goal is thwarting dragnet surveillance and none of these proposals further that goal (which is debatable in itself). I wish they would move more in the direction of an actual open source standard like they sort of purport to be rather than just an open source library with a closed implementation.
There are always security trade-offs (especially when it comes to ease of use) but until you can show me a better app, which I can get my non-techy friends to use, Signal remains the best option for the mass market.
Phone-number as identifier is pretty terrible user-experience choice. I am traveling and my phone-number has changed half-a-dozen times in the past year alone, my email has been the same for over a decade.
I tend to use Whatsapp because other people already have it but I have absolutely no motivation to use encourage other people to use Signal.
Edit: Whoever down-voted this, want to explain how this isn't a huge user-experience regression from giving your email and using gchat?
That's fine for the mass market, but their lives don't typically depend on the security of their communications. For people who are targeted by bad guys (extortionists, kidnappers, terrorists) a considerably higher bar is appropriate. It is important that people should be aware of the risks they are exposing themselves to, and the fine article is a good step in that direction. Hopefully it can also help stimulate improvements in the landscape which ultimately save lives.
"After Donald Trump’s victory in the US presidential election in particular, many tweets recommended using hard disk encryption and the ostensibly secure messenger app Signal while discouraging the use of competitor apps Threema and Telegram."
Oh FFS. We've seen a continuation of invasive, Bush-era policies under Obama...but now Trump is terrifying?
Spoiler alert: it has been a problem for quite some time, and given the alternative to Trump it was going to still be a problem regardless of who won the election: freedom ponies and rainbows were never an option.
Get a damn grip, people. Can we end the partisan pity party?
> We've seen a continuation of invasive, Bush-era policies IRT the NSA under Obama...but now Trump is terrifying?
Uh, yeah. The Bush/Obama surveillance policies have largely been seen as dangerous not because of actual concrete harms that have materialized, but because if continued they raise the prospect of a much worse (because of the increased scope possible with modern tools) version of the kind of political targeting based on surveillance that was done by Nixon (prompting legal limits, notably the original FISA act.) And perhaps even beyond that, to the kind of retaliation for dissent seen in authoritarian regimes.
Trump is seen as the kind of figure that would be more likely than a more conventional candilate of either party to make those theoretical risks into concrete harms.
This is a fairly clear and level headed criticism, while I think the 'problem' of centralisation is over stated and the accusations about Signal's motivation are unfounded I do appreciate that the author(s?) understand why Signal is popular - "The success of OWS can also be attributed to elitist and bureaucratic positions in the open source community. "
I don't see the federation issue as being particularly relevant - at least not until someone else actually sets up a non-OWS server and gains some users for it.
The article also shows the problems with federation, although they do not acknowledge it:
> The drafted protocol is called OMEMO and combines the advantages of jabber and Signal. Even though the XEP Process will still take some time, the protocol is stable and can already be used today. On Android devices, users have the ‚Conversations‘ client [8], which offers an experience comparable to Signal, and on the desktop there is a plugin for ‚Gajim‘ [9, 10] under active development, which still has room for user experience improvements. Using one of the readily available tutorials, it is possible today to get started on Linux and Windows. iOS users will have to wait some time due to license issues.
Has anyone else noticed a huge uptick in their contacts signing up for Signal this month? I've added 12 contacts just in November bringing me to about 30 contacts subscribed to Signal total, which is a large increase. None of these new contacts know each other, and only 25% of them know how to write software.
I imagine it's maybe down to the new Investigatory Powers bill in the UK, and maybe Trump in the US. The former at least seems to have led to some journalistic recommendations for Signal.
I'm repeating myself on many of these points, so I've cut and pasted some of my previous responses:
> Signal uses servers controlled by OWS. Other organizations could conceivably operate their own servers because OWS open sources the software, but because OWS strictly opposes federation (meaning the interconnection of independently operated servers which the XMPP protocol (jabber) or e-mail allows), only the users connected to the OWS-run server can communicate with each other.
However, I would love it if someone proved me wrong. The Signal clients and server already support federation, so there shouldn't be any technical hurdles stopping the people who are really into federation from using our software to start their own federated network that demonstrates the viability of their ideas.
If anyone needs help doing that, let me know. I'd be happy to help.
> If a government does not approve of the use of Signal, it can simply block a single server farm, solving the problem for the state actor, and resulting in total loss of service to the users.
The authors of this article conflate a lot of things with federation. Federation = anonymity, federation = metadata protection, federation = censorship circumvention.
I don't think any of those are true. Email is federated, and I run my own mail server, but almost every single email I send or receive has GMail at the other end of it -- so running my own server does not provide me with any meaningful metadata protection, even though it is a federated protocol. The idea that everyone in the world is going to run their own mail server (or messaging server, or whatever) has not born out in practice, even in environments that natively support federation.
I think serious metadata protection is going to require new protocols and new techniques, so we're much more likely to see major progress in centralized environments that can change rather than federated environments that are stuck in time (in the same way that Signal Protocol is now on over two billion devices, but we're unlikely to ever see even basic large scale email end to end encryption).
In the case of censorship circumvention, I think it's much more common that people use censorship circumvention tools like VPNs or Tor rather than changing their entire federated identifier (and somehow re-discovering their entire social graph doing the same) every time a service gets blocked, particularly since censorship isn't just as simple as host-level filtering these days.
Again, I think we're more likely to see the incorporation of these types of censorship circumvention techniques into centralized rather than federated services.
> The community reacted to this by developing a version that does not rely on GCM, however, OWS refused to merge the changes into the Signal code.
I don't believe this is true. To clarify this for casual readers, no data at all is transmitted over GCM. GCM is only used as a push event to tell the Signal Android client to wake up and connect to the Signal server to retrieve messages from the queue if the app isn't in the foreground.
This is pretty fundamentally just how Android works. However, people who want to use Google's OS without any Google services flash custom ROMs onto their devices that are missing this dependency.
I have said many times that I have no problem with supporting these custom ROMs. But I would like someone from that community to submit the PR: "I would consider a clean, well written, and well tested PR for websocket-only support in Signal. I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services."
Nobody has done it.
> The final point of criticism is that OWS distributes the Signal app exclusively via Google Play while actively preventing the distribution of independent builds.
We'd love to distribute Signal outside of Play, and have written about what we would need to be able to do so. As of yet, nobody from the FOSS community has stepped in to help.
We'll get there eventually on our own, but we have a lot of work on our plate, and have to set our priorities according to what we think is important for Signal as a whole.
> The community’s demands for decentralized web services controlled by the users themselves, or by designated professionals elected by the users, seems like a burden to them.
I do not feel like the FOSS community is a "burden," however I do wish they recognized that many of their desires are unique to a very small minority of Signal users. I wish that they'd take more responsibility for manifesting those desires themselves.
This is the second time in two months that someone from the FOSS scene has written up a list of complaints, but as far as I know, in neither case have the authors ever contributed anything to Signal in an effort to meet their own needs.
I really like Signal, at least as far as I can tell from the UI and the single conversation I've managed to have using it.
The biggest problem that we (my whole friend group) seem to be having is that we can't find each other due to the fact that we don't use phone numbers for communication.
Are you thinking about ways to resolve this problem?
Is it any less secure to use email addresses for identification and discovery than phone numbers?
> I do not feel like the FOSS community is a "burden," however I do wish they recognized that many of their desires are unique to a very small minority of Signal users. I wish that they'd take more responsibility for manifesting those desires themselves.
> This is the second time in two months that someone from the FOSS scene has written up a list of complaints, but as far as I know, in neither case have the authors ever contributed anything to Signal in an effort to meet their own needs.
I think that the interest in the FOSS community is relatively low given the centralized format in which Signal is offered. I know many people who are deeply into FOSS who would love an alternative to IRC but cannot be found even using Signal. But "their own needs" are completely out of bounds for you, and it seems pretty clear that this isn't something that's going to be fixed in patches and code, so expecting them to come and fix it because you have an open code base is rather disingenuous.
If you started by promoting Signal as a generic protocol or backend to other projects, it would get much more traction in the FOSS community, as they are attracted to components on which other things can be built.
You can claim that this is a reason to ignore the criticism. But, you will always be right in dismissing critiques like this as you've set up the environment in a way which limits the kind of constructive collaboration that is the hallmark of FOSS.
You will probably say this is not true and cite existing public contribution to the project. But what I am saying is that the interest and contribution would be orders of magnitude larger if you really ran the project in a traditionally open way. One hallmark of this would be federation. Whether or not this makes sense practically (the gmail metaphor applies obviously), it is something that people want an need to order to feel they have ownership of their work on a messaging platform. You're simply not going to talk your way out of this.
For human and community reasons, the upside to federation is probably a lot higher than you appreciate. I hope you consider it. You have built a nice platform, but for your work to make a lasting impact you need to share it with others.
My main beef with signal is that they release their encryption libraries as GPLv3 not LGPLv3, preventing the use of them in any commercial product that doesn't want to open their source code.
Yet, they "worked with" Facebook and WhatsApp to incorporate their protocols presumably providing them with an alternative license. It sure would be nice if companies who wish to add encryption to their messaging products, but didn't have the pull of the bigger guys to warrant OWS's attention, could just use an LGPLed library to do so. If OWS's mission is to bring about widespread encrypted communications, playing favorites with a few larger messaging companies seems to send the wrong message.
(The points made in the article, while valid, seem to be splitting hairs relative to the overall net good Signal has provided.)
Have you tried to get a license from OWS for closed-source commercial use or know of anyone who has? You seem to be assuming that OWS is 'playing favourites'. The reality might be 'most alleged commercial users don't want to pay for this stuff'.
I do not see any comments to tackle the weakest link: exploits on the OS. Federated or not, the tunnel can be encrypted. On the servers static data can be encrypted. How can a regular user know his/her device's OS is not compromised? That is the problem to solve now and it seems that a formally verified OS code is the only long path.
That's not an argument for or against Signal, though, as it affects all messenger apps in the same way. While OS trustworthiness is an interesting topic, it's not really the one being discussed here.
[+] [-] cwmma|9 years ago|reply
- phone numbers allow for signal to be a drop in replacement for other messaging apps with minimal to no registration required, I doubt I could have gotten my mother to use signal without switching from texting being so low-friction.
- lack of federation means ows can control spam better unlike in a federated environment where lazy/malicious operators can cause lots of problems. Take a look at the 2 big federated protocols email and irc where due to spam and other issues they are both increasingly centralized.
[+] [-] tptacek|9 years ago|reply
The entities most harshly critical of Signal are supporters of other messaging applications and protocols.
I think the most important thing to understand about secure messengers is that messaging in general is a back-ally knife fight of a market, one of the most vicious I've seen in my career. Perhaps it's because of the WhatsApp outcome and a general belief that there's another such outcome for some other messaging app. Or it could just be the network affect. Messaging applications themselves are interesting UX challenges, but as programming challenges they're pretty close to socket projects. So there are a lot of entrants in the market. Whatever the reason, the knives are out for Signal.
I don't so much care what messaging system you use to talk to your friends or chat with your gaming guild. But if you have real adversaries, the security part of your messaging system has to work, even more than the messaging part. For that situation, Signal is the only messaging system I'd recommend unreservedly.
[+] [-] zeveb|9 years ago|reply
That's because when it comes to security often theoretical vulnerabilities end up being protocol-destroying vulnerabilities in practice. Security folks are notorious for saying, 'that won't work,' being ignored — and then everyone being surprised when indeed it doesn't work.
> phone numbers allow for signal to be a drop in replacement for other messaging apps with minimal to no registration required
The issue is not allowing phone numbers as identifiers: the issue is in not allowing other identifiers. There's already a URN scheme for telephone numbers, and there are URN schemes for many other identifiers, to include email addresses, and there are even ways to add additional schemes. If Signal used URNs rather than telephone numbers, then users could continue to use telephone numbers but advanced users could use other identifiers, as they wish.
> lack of federation means ows can control spam better unlike in a federated environment where lazy/malicious operators can cause lots of problems
A spammer cannot spam someone whose public key he does not know. If there is no central directory of identifiers to public keys, there's no way for a spammer to send spam. It is possible for someone who knows one's public key to spam one, but since the sender's public key is tied to a public identifier, one knows who sent the spam.
Does Signal perform any anti-spam activity anyway?
[+] [-] binaryanomaly|9 years ago|reply
I still have the biggest difficulties to persuade my "normal" friends and relatives to prefer signal over whatsapp.
Everybody thinks whatsapp is more user friendly and convenient. In the end this is the key to adoption we should not forget that.
[+] [-] jlg23|9 years ago|reply
The criticism of signal's closed ecosystem is not new, this is just another write-up of what has been criticized numerous times before.
[+] [-] burnbabyburn|9 years ago|reply
In the long run federated protocols and servers demonstrated their resilience regarding third parties and time, see irc for example.
Probably Signal is just a reference implementation, the big deal is implementing Signal protocol in different systems (whatsapp, allo, fb messenger..).
Having said that, I would be happier to not give my phone number for registration, and contact discovery but this is today a user interface well understood and accepted outside geek communities that's hard to eradicate.
[+] [-] mrbiber|9 years ago|reply
[+] [-] mi100hael|9 years ago|reply
Strongly disagree. The point of Signal is not just that it's encrypted. The point is that the source code is GPL and the service is free. Holding up a bunch of closed-source, proprietary, for-profit applications as examples of success only serves to obscure what should be the real goal: decentralized, anonymous, metadata-less, encrypted communication that anyone can easily use. Signal could be much closer to that goal but OWS & moxie refuse to allow decentralization or anonymity for bad reasons.
[+] [-] jfindley|9 years ago|reply
For example, their assertion that "... metadata is abundantly available here" appears to be patently false, given [0].
0: https://www.aclu.org/blog/free-future/new-documents-reveal-g...
1: https://whispersystems.org/blog/the-ecosystem-is-moving/
[+] [-] Freak_NL|9 years ago|reply
Whether or not such metadata is available to adversaries (either through OWS or gathered elsewhere) depends on who your adversaries are and whether or not a corporate entity can be trusted to be completely transparent about what kind of data they retain.
As for [0]; even if no relevant metadata is collected today by whoever owns the servers, nothing stops the party providing the service from doing so tomorrow.
[+] [-] sergiolp|9 years ago|reply
Let's assume OWS is playing nice, and they really don't store any relevant metadata. How can we be sure that a third party is not eavesdropping their communications?
Even with end-to-end encryption, given enough time, an attacker can easily build a user relationship network, something _very_ dangerous in the wrong hands.
If you really care about privacy, you should consider options like BitMessage, Onion.chat, Ricochet, Tox or GNU Ring. Or, as a middle ground between those (which are quite mobile unfriendly, due to its P2P nature) and Signal/WhatsApp/Telegram, a federated service like XMPP (as the article suggest) or Matrix.
[+] [-] acqq|9 years ago|reply
Even if it is claimed that the metadata miraculously wasn't collected (provided it really wasn't collected under some other publicly invisible arrangement, which is still technically doable) that doesn't prove it is impossible to do so, especially as the result of another secret request.
I don't see the "FUD" in the article. It seems very popular using labels instead of talking about issues, but please, please don't.
The phone number problems were known since long, and the Signal's explanation "it's easier for the average user this way" doesn't explain why other alternatives aren't even allowed.
It's obvious there are certain goals behind Signal, and those with different goals have to organize themselves. What they surely can't do is claiming to have right to decide what Signal (as a company) does. If those who have clear needs want to introduce their own solution, they surely have to demonstrate what the Signal doesn't solve, and that's surely not FUD.
[+] [-] throwaway98764|9 years ago|reply
There's nothing unduly alarmist about the article, but it makes appropriate claims about (among other things) the security limitations that Signal has resigned itself to by remaining unfederated. Read TFA.
[+] [-] mi100hael|9 years ago|reply
[+] [-] lorenzhs|9 years ago|reply
[+] [-] agd|9 years ago|reply
[+] [-] forgotpwtomain|9 years ago|reply
I tend to use Whatsapp because other people already have it but I have absolutely no motivation to use encourage other people to use Signal.
Edit: Whoever down-voted this, want to explain how this isn't a huge user-experience regression from giving your email and using gchat?
[+] [-] aminorex|9 years ago|reply
[+] [-] MrZongle2|9 years ago|reply
Oh FFS. We've seen a continuation of invasive, Bush-era policies under Obama...but now Trump is terrifying?
Spoiler alert: it has been a problem for quite some time, and given the alternative to Trump it was going to still be a problem regardless of who won the election: freedom ponies and rainbows were never an option.
Get a damn grip, people. Can we end the partisan pity party?
[+] [-] dragonwriter|9 years ago|reply
Uh, yeah. The Bush/Obama surveillance policies have largely been seen as dangerous not because of actual concrete harms that have materialized, but because if continued they raise the prospect of a much worse (because of the increased scope possible with modern tools) version of the kind of political targeting based on surveillance that was done by Nixon (prompting legal limits, notably the original FISA act.) And perhaps even beyond that, to the kind of retaliation for dissent seen in authoritarian regimes.
Trump is seen as the kind of figure that would be more likely than a more conventional candilate of either party to make those theoretical risks into concrete harms.
[+] [-] padraic7a|9 years ago|reply
I don't see the federation issue as being particularly relevant - at least not until someone else actually sets up a non-OWS server and gains some users for it.
[+] [-] qznc|9 years ago|reply
> The drafted protocol is called OMEMO and combines the advantages of jabber and Signal. Even though the XEP Process will still take some time, the protocol is stable and can already be used today. On Android devices, users have the ‚Conversations‘ client [8], which offers an experience comparable to Signal, and on the desktop there is a plugin for ‚Gajim‘ [9, 10] under active development, which still has room for user experience improvements. Using one of the readily available tutorials, it is possible today to get started on Linux and Windows. iOS users will have to wait some time due to license issues.
[+] [-] cypherpunks01|9 years ago|reply
Does Signal publish registration numbers?
[+] [-] Joeboy|9 years ago|reply
[+] [-] erelde|9 years ago|reply
I asked them if there had been something that prompted them to install it, they said it was my other contact (the first one) who told them about it.
I rarely do any proselytism.
[+] [-] moxie|9 years ago|reply
> Signal uses servers controlled by OWS. Other organizations could conceivably operate their own servers because OWS open sources the software, but because OWS strictly opposes federation (meaning the interconnection of independently operated servers which the XMPP protocol (jabber) or e-mail allows), only the users connected to the OWS-run server can communicate with each other.
I've tried to write about why I don't feel like this is going to be a part of our future here: https://whispersystems.org/blog/the-ecosystem-is-moving/
However, I would love it if someone proved me wrong. The Signal clients and server already support federation, so there shouldn't be any technical hurdles stopping the people who are really into federation from using our software to start their own federated network that demonstrates the viability of their ideas.
If anyone needs help doing that, let me know. I'd be happy to help.
> If a government does not approve of the use of Signal, it can simply block a single server farm, solving the problem for the state actor, and resulting in total loss of service to the users.
The authors of this article conflate a lot of things with federation. Federation = anonymity, federation = metadata protection, federation = censorship circumvention.
I don't think any of those are true. Email is federated, and I run my own mail server, but almost every single email I send or receive has GMail at the other end of it -- so running my own server does not provide me with any meaningful metadata protection, even though it is a federated protocol. The idea that everyone in the world is going to run their own mail server (or messaging server, or whatever) has not born out in practice, even in environments that natively support federation.
I think serious metadata protection is going to require new protocols and new techniques, so we're much more likely to see major progress in centralized environments that can change rather than federated environments that are stuck in time (in the same way that Signal Protocol is now on over two billion devices, but we're unlikely to ever see even basic large scale email end to end encryption).
In the case of censorship circumvention, I think it's much more common that people use censorship circumvention tools like VPNs or Tor rather than changing their entire federated identifier (and somehow re-discovering their entire social graph doing the same) every time a service gets blocked, particularly since censorship isn't just as simple as host-level filtering these days.
Again, I think we're more likely to see the incorporation of these types of censorship circumvention techniques into centralized rather than federated services.
> The community reacted to this by developing a version that does not rely on GCM, however, OWS refused to merge the changes into the Signal code.
I don't believe this is true. To clarify this for casual readers, no data at all is transmitted over GCM. GCM is only used as a push event to tell the Signal Android client to wake up and connect to the Signal server to retrieve messages from the queue if the app isn't in the foreground.
This is pretty fundamentally just how Android works. However, people who want to use Google's OS without any Google services flash custom ROMs onto their devices that are missing this dependency.
I have said many times that I have no problem with supporting these custom ROMs. But I would like someone from that community to submit the PR: "I would consider a clean, well written, and well tested PR for websocket-only support in Signal. I expect it to have high battery consumption and an unreliable user experience, but would be fine with it if it comes with a warning and only runs in the absence of play services."
Nobody has done it.
> The final point of criticism is that OWS distributes the Signal app exclusively via Google Play while actively preventing the distribution of independent builds.
We'd love to distribute Signal outside of Play, and have written about what we would need to be able to do so. As of yet, nobody from the FOSS community has stepped in to help.
We'll get there eventually on our own, but we have a lot of work on our plate, and have to set our priorities according to what we think is important for Signal as a whole.
> The community’s demands for decentralized web services controlled by the users themselves, or by designated professionals elected by the users, seems like a burden to them.
I do not feel like the FOSS community is a "burden," however I do wish they recognized that many of their desires are unique to a very small minority of Signal users. I wish that they'd take more responsibility for manifesting those desires themselves.
This is the second time in two months that someone from the FOSS scene has written up a list of complaints, but as far as I know, in neither case have the authors ever contributed anything to Signal in an effort to meet their own needs.
[+] [-] eggie|9 years ago|reply
The biggest problem that we (my whole friend group) seem to be having is that we can't find each other due to the fact that we don't use phone numbers for communication.
Are you thinking about ways to resolve this problem?
Is it any less secure to use email addresses for identification and discovery than phone numbers?
What about ways to share a unique user id?
[+] [-] eggie|9 years ago|reply
I think that the interest in the FOSS community is relatively low given the centralized format in which Signal is offered. I know many people who are deeply into FOSS who would love an alternative to IRC but cannot be found even using Signal. But "their own needs" are completely out of bounds for you, and it seems pretty clear that this isn't something that's going to be fixed in patches and code, so expecting them to come and fix it because you have an open code base is rather disingenuous.
If you started by promoting Signal as a generic protocol or backend to other projects, it would get much more traction in the FOSS community, as they are attracted to components on which other things can be built.
You can claim that this is a reason to ignore the criticism. But, you will always be right in dismissing critiques like this as you've set up the environment in a way which limits the kind of constructive collaboration that is the hallmark of FOSS.
You will probably say this is not true and cite existing public contribution to the project. But what I am saying is that the interest and contribution would be orders of magnitude larger if you really ran the project in a traditionally open way. One hallmark of this would be federation. Whether or not this makes sense practically (the gmail metaphor applies obviously), it is something that people want an need to order to feel they have ownership of their work on a messaging platform. You're simply not going to talk your way out of this.
For human and community reasons, the upside to federation is probably a lot higher than you appreciate. I hope you consider it. You have built a nice platform, but for your work to make a lasting impact you need to share it with others.
[+] [-] gfodor|9 years ago|reply
Yet, they "worked with" Facebook and WhatsApp to incorporate their protocols presumably providing them with an alternative license. It sure would be nice if companies who wish to add encryption to their messaging products, but didn't have the pull of the bigger guys to warrant OWS's attention, could just use an LGPLed library to do so. If OWS's mission is to bring about widespread encrypted communications, playing favorites with a few larger messaging companies seems to send the wrong message.
(The points made in the article, while valid, seem to be splitting hairs relative to the overall net good Signal has provided.)
[+] [-] pvg|9 years ago|reply
[+] [-] skndr|9 years ago|reply
[+] [-] bikamonki|9 years ago|reply
[+] [-] lorenzhs|9 years ago|reply
[+] [-] 45h34jh53k4j|9 years ago|reply
I don't believe this, as it would make programs like QUANTUM* unneeded. Why subvert global internet infrastructure if the providers do the dirty work?
This would be explosive if true
[+] [-] shadowban_me|9 years ago|reply
[deleted]
[+] [-] stevespang|9 years ago|reply
[deleted]
[+] [-] majewsky|9 years ago|reply
You mean like when they came a month or so ago and all user data that OWS could hand over for the accounts in question was two timestamps?