Comment by tptacek
6 years ago
I would make the opposite argument: that at pretty much every point along the way, Signal has chosen purity over pragmatism. Which is why they didn't even have user profiles until recently, why they're just now getting group access control for a Slack-y experience, and why it's taking a fairly spectacular amount of engineering to get them off of phone numbers. Signal has a track record of delaying features common to messenger applications in order to get them cryptographically right. No other mainstream messenger tool has a comparable track record.
I completely agree. Ironically, centralization has not helped them move faster.
They won’t have usable group messaging without proper “mentions only” notifications. I’ve tried to explain so many times on the forum that they don’t need usernames for this. Just allow us to configure our own list of keywords we want to be notified of.
It’s very frustrating to keep up with the development of the apps. I wouldn’t recommend it.
You can make this argument about anyone simply by changing the metrics you're judging them by. So if you judge Signal by usability and messaging features, of course centralization isn't paying off. But that's not what Signal is optimizing for. On privacy features, no mainstream messaging app is doing anything resembling what Signal is doing; Signal's "competitors"† obtain their messaging features by storing vast amounts of valuable metadata in plaintext on their servers. Signal gets those features, with privacy assurance and without accumulating the hazmat, by inventing and deploying new high-end cryptography.
Consider how long it's taken Matrix to get to a point where it's just E2E by default. That's table stakes, Matrix very much wants to get there, and if they're lucky (see downthread) they'll be able to flip that switch in Q1 2020.
If Signal invents some new feature based on Attribute Based Encryption or pairing curves or PQ exchanges or whatever, they'll have it deployed within a week of merging the code into master. You've seen them do things like that repeatedly. That's what centralization buys.
† I'm not sure I accept the premise that it has competitors; the companies you're thinking of are, to my mind, competing more with WhatsApp and Slack than Signal.
The slow bit of Matrix’s E2E by default isn’t the roll-out; we’ll also flip the switch when we get to that point. The problem instead was that we implemented way too many pre-E2E features (serverside search, etc) and have had to reimplement them to force everyone onto E2E.
So yeah, Signal’s approach to only roll out features if they’re privacy preserving is great. But it’s nothing to do with centralisation/decentralisation.
2 replies →