Let me know when it's ready to use without a phone number.
As it is, I lose my identity if I switch phone numbers (say, I move to another country). Even worse, someone else might get my old identity when my old phone number is recycled.
You could register it with a voip number. This doesn't entirely mitigate the problem, but at least you'd have more digital control over what happens to that number (and can pretty much be sure you won't lose it unless you want to).
If you already have it registered to a "real" number on your cell phone, there are processes for porting that number to google voice.
Is there an actual technical limitation preventing Signal from offering a one-field signup, whereby one would simply enter a self generated public key?
Serious question: Is this the only way to invite users to a Signal group?
Couple of concerns here; you might use google to host your email for all I know and I’m not inclined to help google update my shadow profile. Also, giving my phone number to random dudes seems ridiculous given what we’re ultimately trying to achieve here.
BTW I’m not being snarky towards you, it just reads that way :P
> Enabling group administration was also a hard feat, as Signal has to give administrators the ability to add and remove members without its servers knowing who's part of the conversation.
I was chatting with Trevor Perrin about abstract crypto relating to this when he was presumably working on this, and never got the chance to ask him - even if the group crypto hides this information, the Signal server still has to physically deliver the messages to the correct people in the group, whose phone numbers are all known by the server, so isn't this exercise a bit pointless? Or are there long-term plans to drop the critical reliance on phone numbers?
Signal started lately (maybe it's AB tested and it happens at differet times to different oeople) doing the annoying "add your name" thing, where you get askedfor your name pretty much every time, and you can only caugh it up, or say "remind me later", not"no thanks".
How is this scummy dark pattern good for privacy is beyond me. If it werent for my obe privacy nut friend, I would have stoppped using it.
That’s because group chat in an encrypted messenger with good ux is an unsolved cryptographic research problem. Everyone else just punts on it.
I get why that’s unsatisfying from the user perspective, but it’s absolutely necessary from the perspective of maintaining user trust over time. Signal has a plan to fix it but we’ll have to see if they can actually implement their new groups solution.
I'm probably missing the point, I use groups in Signal but I never faced any issue. I'm probably not a power user. Can you provide more details please? I'm curious about it. Thanks :)
Eh, I want to like signal. I really do. But it does not play nice with Blokada ( though that is an easy fix ). My tech illiterate parent was unable to use it ( when compared to whatsapp ). I am kinda done with whatsapp so I finally broke down and added international plan.
Signal has MAJOR UX problems when you have several devices (which is fairly normal for mainstream users). Try using the same account multiple computers, smartphone, tablet / chromebook at the same time. It's painful.
Compared to Telegram (which is also privacy-focused and NOT owned by Facebook like WhatsApp is) that simply works, I'm not sure what Signal brings to the mainstream table.
The people behind the predecessor to Signal were somewhat successful in a disinformation / FUD campaign against Telegram's cryptography early on, but 0 POC exploits have ever been released. Telegram even upgraded their cryptography to alleviate some of the concerns - https://core.telegram.org/mtproto . They are now recognized as IND-CCA secure https://en.wikipedia.org/wiki/Ciphertext_indistinguishabilit....
To be mainstream, you have to have mainstream usability. Signal does not (at least not right now).
Telegram's cryptography isn't comparable to Signal's. Telegram provides end-to-end encryption only for private messages between two people, and, last I checked, that encryption was disabled by default. There is no group end-to-end encryption; rather, Telegram claims that TLS hop-by-hop encryption --- in which Telegram's own servers get to see message plaintext --- is sufficient.
Signal provides true end-to-end encryption, for groups, by default, always-on, in a privacy-preserving design that ensures that Signal's servers don't have to collect a log of who's talking to who. Signal won the Levchin Prize at Real World Crypto --- in fact, they won the first Levchin prize ever awarded, meaning that when Dan Boneh and Tom Ristenpart and Kenny Paterson and the other referees sat down to figure out who should get the inaugural Levchin Prize, Signal was the first thing that came to mind.
That cryptographers recoil from Telegram's bizarre IGE-based cryptography is besides the point. Nobody needed to "FUD" Telegram to show that it's inferior.
As much as I agree with your criticism of Signal (my main gripe is enforcing use and verification of phone numbers as identifiers), Telegram is not privacy-focused, despite their marketing and public perception.
* Messages are cleartext w.r.t. the server by default (I'd wager >99.9% of all Telegram chats are sent this way). E2E-encrypted conversations have to be enabled explicitly, are tied to a single device and only available on mobile.
* Encrypted group-chat not possible.
Hell, you might as well use Google or Facebook, the only difference is who's monitoring. Even WhatsApp has more privacy than Telegram.
Of what I tried so far, Keybase is really damn close. Their UX has been improving a lot, multi-device where all are first-class citizens, E2E by default, etc etc. The whole identity-graph thing, server-side being closed source and platform being run by a US-based business are the only things that keep me from trying to onboard everyone I keep in regular touch with. Too bad neither of those things are likely to change anytime soon.
You didn't list out any actual UX issues with Signal. I use it on my phone, desktop PC, and laptops without coming across any issues.
And you'd want to use a cipher agreed upon by the general cybersecurity community to be secure. You don't roll your own crypto, deploy it, then hope the security field vets it later.
Another user already commented that Telegram isn't E2E encrypted by default, so you have to trust both their servers _and_ MTProto. And one thing not yet mentioned is that both users have to be online to initiate this E2E-encrypted chat, so it's pretty useless.
Another huge issue with Signal (and telegram) is that it is tied to your phone number which effectively ties it to you as a person. Which is by default something that raises eyebrow.
"Compared to Telegram (which is also privacy-focused and NOT owned by Facebook like WhatsApp is) that simply works, I'm not sure what Signal brings to the mainstream table."
Firstly, with Telegram asynchronous chats are trivial to make, because all you're doing is managing data the server has using multiple clients. The moment you add E2EE for multiple clients, that's when things get hard, like really, really hard. Try enabling secret chats for desktop client with Telegram and you'll see how convenient Telegram is. See the thing is, Telegram doesn't even have cross-client E2EE. None of the official desktop clients support E2EE, and the 3rd party client that do, are not interoperable with other clients. You don't see the messages on multiple devices.
Telegram is snappier because the team is cheating with the star topology architecture. There's no way to have forward secret, future secret group chats with shared encryption key. There's three choices.
1. No E2EE for groups at all (The Telegram way \o/)
2. E2EE with static group chat key (no forward/future secrecy)
3. Individual encryption of messages to each peer (has both forward and future secrecy) -- the way Signal does it.
So to answer your question "I'm not sure what Signal brings to the mainstream table." Signal brings actual Privacy by Design that Telegram developers have been unable to implement at any point.
"0 POC exploits have ever been released."
That's not what security is about. It's not the researchers with capability to break the encryption, it's the intelligence agencies, and they're not very eager to share.
"They are now recognized as IND-CCA secure"
They sure are. I'm going to be honest with you. I think MTProto end-to-end encryption is fine. It might be even great. You have the fingerprints, you can check there's no MITM. Great. But there's a tiny problem:
1. This great E2EE protocol isn't enabled by default (unlike with Signal)
2. This great E2EE protocol isn't available for group chats on any client (unlike with Signal where all clients support it)
3. This great E2EE protocol isn't available for desktop clients (unlike with Signal)
"To be mainstream, you have to have mainstream usability. Signal does not (at least not right now)."
You might be right in that Telegram is more usable, now. But Signal is catching up and fast, and once the gap closes, every feature will also be an actual feature (one that works privately as opposed to one that has privacy tradeoff of private content having to be shared with the server). At that point Telegram has to implement everything from the ground up.
Also, as for what the Mark Zuckerberg of Russia does with the tens of billions of plaintext messages stored on their server, I have no idea. All I know is that's a really, really, really tempting target for nation state hackers. And I have serious concerns about whether Telegram team would admit their messages were compromised, given that they can't mitigate and promise it'll never happen again by deploying app-wide E2EE: if they had the know-how they'd already done it.
Given that majority of Fortune 500 companies have been hacked, what are the chances Pavel Durov and his team (who lack the capability to implement basic E2EE) have magically hardened their servers against NSA, GCHQ, the Israeli Unit 8200, the Chinese intelligence, the Russian intelligence. Don't make me laugh.
One more thing, AFAIK there's no audit of Telegram's code base, and it's some of the smelliest code I've ever seen: https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/... Look at that file size, the lack of comments, the amount of nesting, the shitty variable naming policy. It's an absolute shitshow. I have _nothing_ good to say about it.
I'm personally against using any instant messaging app, even more so if it's on a smartphone rather than on a desktop computer. I don't care how private they are. Why? Well, I think it's an inefficient communication tool, and thus a huge waste of time. Modern instant messaging applications work by interrupting people and being interrupted by them constantly throughout the day, since there's no way to turn it off—in contrast, MSN Messenger didn't allow for offline messaging until 2005; most of the time you found yourself in front of the computer with the program opened if somebody sent you a message, ready to engage in conversation instead of dealing with anything else.
Of course, you can turn the notifications off and check messages at a specific time every day, but good luck with that! If nested conversations without a subject attached to them, no character limit, and no formal way of telling when they either start or end aren't already put off enough and stretched out unnecessarily, imagine setting a time restriction to your responses. Imagine setting up a meeting or a date: as cumbersome and as long as it takes as it is, you'd spend a week trying to meet with somebody. Believe me, I've been there. I've tried it all: installing WhatsApp on a virtual machine with Android_x86 and only using it at night didn't solve a thing; still, a phone call was always faster and much more efficient in dealing with anything you can conceive. However, most people didn't want to pick up the phone; texting, on the other hand? I'd receive texts from people wanting to start full conversations there, to which they would respond every two or three hours. How can anyone do anything efficiently or be productive enough at work, or even enjoy hobbies, while doing that?
I know I'm alone on this one, but it's really frustrating seeing how something that isolates us and separates us from our own lives, immediate environments, and thoughts will probably never stop growing.
> How can anyone do anything efficiently or be productive enough at work, or even enjoy hobbies, while doing that?
by replying every 2 or 3 hours, when you're waiting in the elevator, or have some other idle time to fill
>you can turn the notifications off and check messages at a specific time every day, but good luck with that
some people simply ignore their notifications until they're ready to deal with them. they don't toggle some setting on their device, they simply choose to ignore the whole device. it varies from person-to-person and you might just not be personally suited to this kind of technology.
personally, i read every email i get as soon as i get it, but i realize this is not the norm.
The 50 million infusion happened in 2018. Why has it taken so long to scale up?
Anyway, I don't think it can take on WhatsApp. If you look at the history of when signal succeeds and gains many users, it's only when WhatsApp is down. Which is not for very long, as it's so important that it goes back up pretty quickly.
[+] [-] tptacek|6 years ago|reply
Extensively discussed already; this piece is literally just a summary of that one.
[+] [-] cyborch|6 years ago|reply
As it is, I lose my identity if I switch phone numbers (say, I move to another country). Even worse, someone else might get my old identity when my old phone number is recycled.
[+] [-] kome|6 years ago|reply
[+] [-] anarchodev|6 years ago|reply
If you already have it registered to a "real" number on your cell phone, there are processes for porting that number to google voice.
[+] [-] alpn|6 years ago|reply
Is there an actual technical limitation preventing Signal from offering a one-field signup, whereby one would simply enter a self generated public key?
[+] [-] revicon|6 years ago|reply
[+] [-] pixxel|6 years ago|reply
Couple of concerns here; you might use google to host your email for all I know and I’m not inclined to help google update my shadow profile. Also, giving my phone number to random dudes seems ridiculous given what we’re ultimately trying to achieve here.
BTW I’m not being snarky towards you, it just reads that way :P
[+] [-] infinity0|6 years ago|reply
I was chatting with Trevor Perrin about abstract crypto relating to this when he was presumably working on this, and never got the chance to ask him - even if the group crypto hides this information, the Signal server still has to physically deliver the messages to the correct people in the group, whose phone numbers are all known by the server, so isn't this exercise a bit pointless? Or are there long-term plans to drop the critical reliance on phone numbers?
[+] [-] maqp|6 years ago|reply
Yes
https://community.signalusers.org/t/signal-introducing-usern...
[+] [-] glogla|6 years ago|reply
How is this scummy dark pattern good for privacy is beyond me. If it werent for my obe privacy nut friend, I would have stoppped using it.
[+] [-] 6gvONxR4sf7o|6 years ago|reply
[+] [-] josh2600|6 years ago|reply
I get why that’s unsatisfying from the user perspective, but it’s absolutely necessary from the perspective of maintaining user trust over time. Signal has a plan to fix it but we’ll have to see if they can actually implement their new groups solution.
[+] [-] maxwellito|6 years ago|reply
[+] [-] bmarquez|6 years ago|reply
[+] [-] otachack|6 years ago|reply
[+] [-] A4ET8a8uTh0|6 years ago|reply
I am annoyed, but I can't really blame my parent.
[+] [-] skrowl|6 years ago|reply
Compared to Telegram (which is also privacy-focused and NOT owned by Facebook like WhatsApp is) that simply works, I'm not sure what Signal brings to the mainstream table.
The people behind the predecessor to Signal were somewhat successful in a disinformation / FUD campaign against Telegram's cryptography early on, but 0 POC exploits have ever been released. Telegram even upgraded their cryptography to alleviate some of the concerns - https://core.telegram.org/mtproto . They are now recognized as IND-CCA secure https://en.wikipedia.org/wiki/Ciphertext_indistinguishabilit....
To be mainstream, you have to have mainstream usability. Signal does not (at least not right now).
[+] [-] tptacek|6 years ago|reply
Signal provides true end-to-end encryption, for groups, by default, always-on, in a privacy-preserving design that ensures that Signal's servers don't have to collect a log of who's talking to who. Signal won the Levchin Prize at Real World Crypto --- in fact, they won the first Levchin prize ever awarded, meaning that when Dan Boneh and Tom Ristenpart and Kenny Paterson and the other referees sat down to figure out who should get the inaugural Levchin Prize, Signal was the first thing that came to mind.
That cryptographers recoil from Telegram's bizarre IGE-based cryptography is besides the point. Nobody needed to "FUD" Telegram to show that it's inferior.
[+] [-] Legogris|6 years ago|reply
* Messages are cleartext w.r.t. the server by default (I'd wager >99.9% of all Telegram chats are sent this way). E2E-encrypted conversations have to be enabled explicitly, are tied to a single device and only available on mobile.
* Encrypted group-chat not possible.
Hell, you might as well use Google or Facebook, the only difference is who's monitoring. Even WhatsApp has more privacy than Telegram.
Of what I tried so far, Keybase is really damn close. Their UX has been improving a lot, multi-device where all are first-class citizens, E2E by default, etc etc. The whole identity-graph thing, server-side being closed source and platform being run by a US-based business are the only things that keep me from trying to onboard everyone I keep in regular touch with. Too bad neither of those things are likely to change anytime soon.
[+] [-] prophesi|6 years ago|reply
And you'd want to use a cipher agreed upon by the general cybersecurity community to be secure. You don't roll your own crypto, deploy it, then hope the security field vets it later.
Another user already commented that Telegram isn't E2E encrypted by default, so you have to trust both their servers _and_ MTProto. And one thing not yet mentioned is that both users have to be online to initiate this E2E-encrypted chat, so it's pretty useless.
[+] [-] JensRex|6 years ago|reply
[+] [-] stiray|6 years ago|reply
[+] [-] throwaway123x2|6 years ago|reply
[+] [-] maqp|6 years ago|reply
Firstly, with Telegram asynchronous chats are trivial to make, because all you're doing is managing data the server has using multiple clients. The moment you add E2EE for multiple clients, that's when things get hard, like really, really hard. Try enabling secret chats for desktop client with Telegram and you'll see how convenient Telegram is. See the thing is, Telegram doesn't even have cross-client E2EE. None of the official desktop clients support E2EE, and the 3rd party client that do, are not interoperable with other clients. You don't see the messages on multiple devices.
Telegram is snappier because the team is cheating with the star topology architecture. There's no way to have forward secret, future secret group chats with shared encryption key. There's three choices.
1. No E2EE for groups at all (The Telegram way \o/)
2. E2EE with static group chat key (no forward/future secrecy)
3. Individual encryption of messages to each peer (has both forward and future secrecy) -- the way Signal does it.
So to answer your question "I'm not sure what Signal brings to the mainstream table." Signal brings actual Privacy by Design that Telegram developers have been unable to implement at any point.
"0 POC exploits have ever been released."
That's not what security is about. It's not the researchers with capability to break the encryption, it's the intelligence agencies, and they're not very eager to share.
"They are now recognized as IND-CCA secure"
They sure are. I'm going to be honest with you. I think MTProto end-to-end encryption is fine. It might be even great. You have the fingerprints, you can check there's no MITM. Great. But there's a tiny problem:
1. This great E2EE protocol isn't enabled by default (unlike with Signal)
2. This great E2EE protocol isn't available for group chats on any client (unlike with Signal where all clients support it)
3. This great E2EE protocol isn't available for desktop clients (unlike with Signal)
"To be mainstream, you have to have mainstream usability. Signal does not (at least not right now)."
You might be right in that Telegram is more usable, now. But Signal is catching up and fast, and once the gap closes, every feature will also be an actual feature (one that works privately as opposed to one that has privacy tradeoff of private content having to be shared with the server). At that point Telegram has to implement everything from the ground up.
Also, as for what the Mark Zuckerberg of Russia does with the tens of billions of plaintext messages stored on their server, I have no idea. All I know is that's a really, really, really tempting target for nation state hackers. And I have serious concerns about whether Telegram team would admit their messages were compromised, given that they can't mitigate and promise it'll never happen again by deploying app-wide E2EE: if they had the know-how they'd already done it.
Given that majority of Fortune 500 companies have been hacked, what are the chances Pavel Durov and his team (who lack the capability to implement basic E2EE) have magically hardened their servers against NSA, GCHQ, the Israeli Unit 8200, the Chinese intelligence, the Russian intelligence. Don't make me laugh.
One more thing, AFAIK there's no audit of Telegram's code base, and it's some of the smelliest code I've ever seen: https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/... Look at that file size, the lack of comments, the amount of nesting, the shitty variable naming policy. It's an absolute shitshow. I have _nothing_ good to say about it.
And someone's always posting the Durov's "Why Telegram isn't E2EE by default" propaganda flyer, so here's a refutal before anyone decides it's time to post it again https://telegra.ph/Why-you-should-stop-reading-Durovs-blog-p...
[+] [-] Funes-|6 years ago|reply
Of course, you can turn the notifications off and check messages at a specific time every day, but good luck with that! If nested conversations without a subject attached to them, no character limit, and no formal way of telling when they either start or end aren't already put off enough and stretched out unnecessarily, imagine setting a time restriction to your responses. Imagine setting up a meeting or a date: as cumbersome and as long as it takes as it is, you'd spend a week trying to meet with somebody. Believe me, I've been there. I've tried it all: installing WhatsApp on a virtual machine with Android_x86 and only using it at night didn't solve a thing; still, a phone call was always faster and much more efficient in dealing with anything you can conceive. However, most people didn't want to pick up the phone; texting, on the other hand? I'd receive texts from people wanting to start full conversations there, to which they would respond every two or three hours. How can anyone do anything efficiently or be productive enough at work, or even enjoy hobbies, while doing that?
I know I'm alone on this one, but it's really frustrating seeing how something that isolates us and separates us from our own lives, immediate environments, and thoughts will probably never stop growing.
End of the rant.
[+] [-] papreclip|6 years ago|reply
by replying every 2 or 3 hours, when you're waiting in the elevator, or have some other idle time to fill
>you can turn the notifications off and check messages at a specific time every day, but good luck with that
some people simply ignore their notifications until they're ready to deal with them. they don't toggle some setting on their device, they simply choose to ignore the whole device. it varies from person-to-person and you might just not be personally suited to this kind of technology.
personally, i read every email i get as soon as i get it, but i realize this is not the norm.
[+] [-] scalio|6 years ago|reply
[+] [-] wyxuan|6 years ago|reply