Signal is in a weird place where they can do no right by users. It's a team of like 25 developers building extremely complex software criticized by people that don't understand security and trivialize everything. Reddit has a lot of evangelists that can't even program. Their community forums are a dumpster fire where users act like "my way or the world is going to end" (see the current username discussion. Most people are fair but you see[0]). Anything they say on Twitter gets spammed with questions about usernames by people that can't be bothered to see that it is in alpha testing and available for custom builds. And on HN everyone criticizes Signal and compares it to Matrix which is always better for every single purpose.
I do like Signal and I think they have done a lot of good. I do think they have a lot of valid criticism against them but also I think a lot of people aren't providing useful criticism (it is a shame that's happening here, on a forum that should be filled with tech experts). People also aren't realistic. A 25 person team working at a non-profit aren't going to have the same development capacity as a 250 person team.
What do you "Matrix is always better for every single purpose"? Are you saying that you really believe that, or characterizing others as saying that wrongly?
I don't know much about either, but I thought both had somewhat new (less-tested) encryption algos (one is 'double-ratchet' or something? that recently has shown security vulnerabilities?)
I'm saying that people put Matrix/Element in competition with Signal. These used to be dominating voices here. I do think the Matrix == Slack and Signal == Text philosophy has become more prominent now (the philosophy I prescribe to). But there are also major discussions about decentralization and users would suggest Matrix was more secure because of that even though at the time group chats were not encrypted (they are now) and E2EE was not enabled by default.
These are purely my observations of the discourse around Signal and should not be taken as a universal truth. Only my subjective reality.
I'm not aware of any major vulnerabilities in Matrix (but I'm not following) closely. I'm also not aware of any in Signal, which I know is frequently audited. There is an SGX attack, but it is often blown out of proportion (highly technical attack that requires an unlocked phone to be in the physical hands of the attacker).
Pretending like Signal is the second coming of Christ and implying that Telegram and all else is insecure and for dumb idiots and may have had something to do with it
That's far from what is happening. Everyone is complaining about Signal, including me.
Telegram gets a lot of shit because they prop themselves up as a privacy app but aren't. The default is that things are not encrypted. They use a proprietary encryption scheme. They store user data on their servers. These are not the marks of a privacy app.
Thanks for letting me know what I think? And we're all aware of Telegram shortcomings here, it was an example and correct me if im wrong but this thread is about Signal?
I explained how imo Signal has burned the goodwill of a some of its early adopters. Meaning not recommending it to my friends and buying my mom an iPhone. Now there's an argument to be made that it's not very smart to dismiss the app, but that's what happened.
I'd be very surprised if they manage to salvage its image at this point
Doing so comes at a cost to privacy — by signal having a hosting server, even if the contents are E2EE, retrieving and storing these contents creates a metadata trail. I actually go over these drawbacks and tradeoffs in a recent blog post: https://cassieheart.substack.com/p/notes-on-e2ee
Who said anything about a hosting server? Why isn't there a simple option to export a conversation to local storage, encrypted or unencrypted, along with a warning that 'your conversation is now leaving the secure Signal zone.'
If you don't trust the other end then disappearing messages should be used, simple.
This is one of the problems with Signal having a bit of confusion about what exactly it's use-case is. There are plenty of cases where locking down the ability to save/view/export messages are valuable, and Signal provides tools to be able to do that. Making that the mandatory case though means that it's harder to adopt as a general-purpose communication platform.
The need to decide if the goal is still to get as many people off of SMS/facebook-messenger as possible, or if the goal is to provide extreme security to dissidents and protestors, or if they're going to spend the effort to be able to do both effectively and let you choose which conversations or messages get which level of protection.
But I could just screenshot all of it, and you'd never know. There's a setting to prevent screenshots, but no way to tell if other persons have it enabled or when their setting change.
It's like when Signal asks you to put in your PIN, but it's the same PIN you use to unlock your phone. There's a different Signal PIN, but that functions as a check for when you install Signal on a new device. Your regular PIN is just a repeat of your phone PIN, and thus adds exactly zero security.
For starters, signal retains a conversation for the length of time you grant. That can be indefinite. The way it is retained is in a local storage database. It is intentionally guarded against export (although this is somewhat unavoidable with backup features on phones), so as to avoid companies like Cellebrite making it easy for LE to overstep their bounds and pull the message database when they take your phone. If you want some kind of export interface, your best option is a screenshot — signal does not take any action that threatens the mutual security between parties as explicitly agreed.
I don't want to be handcuffed for my own security, thanks. An export facility has little bearing on the integrity of my communications since a counterparty could simply have their phone taken over if they forgot to set a PIN or gave the PIN up to law enforcement. A warning that the exported data can no longer be considered secure (just like when I save a file or photo) is sufficient.
Meanwhile if my counterparty and I have communications in Signal that we want to preserve at scale, it's impossible to do so. A simple example would be that I have years' worth of conversations with my wife that I can't easily back up any where. We could export every picture and video by hand and screenshot or copy the text of every message, but that would be extremely time-consuming and tedious.
That's the basic problem. The data is already only semi-secure in that it's subject to exfiltration without consent. It's just inconvenient. And where parties do consent, it's very inconvenient because it's many many hours of work; in the end, it's just more security theater.
