← Back to context

Comment by SavantIdiot

4 years ago

Wait, why do we dislike Signal?

I'm always late to the secure comm party...

EDIT: Got it, Cwtch is decentralized p2p, Signal ain't. Thanks!

17 comments

SavantIdiot

Reply
lucb1e  4 years ago

Not merely centralized, but also openly hostile to decentralization. Going so far as to hold talks about why decentralization is a bad thing for a chat app. I also never heard a rebuttal to this claim of Wire's:

> Moxie et al have publicly stated that they want wide adoption of the Axolotl [Signal] protocol — but if you do an independent implementation, using the published reference documentation and background knowledge from having seen their code online, you can be accused of copyright infringement and asked to pay a “license fee.”

Or that fiasco with integrating a shitcoin in the application: https://www.stephendiehl.com/blog/signal.html

I'm on Signal because of the network effect and its reliability, and I actively invite people to use it over things like Telegram, but I do wish we had a better alternative. Matrix (Element) is buggy, Threema people need to pay for, Jami and this Tor-based chat app (I forget the name) don't have the features people expect, Wire is a good contestant but also not decentralized (nor does it have fancy things like sealed sender), and of course nobody has the network effect that Signal has... no good alternatives.

  • MattJ100  4 years ago

    You missed from your list of alternatives the whole XMPP network. It's a federated model (similar to email/Matrix), self-hostable and there are also public providers.

    The XMPP ecosystem is pretty diverse and predominantly open-source.

    Personally I'm working on Snikket, which is aiming to be the easiest way to get a group of people onto XMPP (often that's family groups, but also social).

    We published a blog post comparing the Signal approach with XMPP/Snikket: https://snikket.org/blog/products-vs-protocols/

    • lucb1e  4 years ago

      Looks like this Conversations app doesn't do video calling, which kinda makes it a non-competitor compared to all of the alternatives that already exist.

      I'm aware of XMPP and tried it out back in the MSN days along with IRC, but then Telegram came along which promised encryption and a much better user experience and until not so long ago I believed that Telegram would 'any day now' come around to implementing encryption proper (as everything ICT, from WhatsApp that sent plaintext messages over tcp/443 to websites around the world after LetsEncrypt, all turned on proper encryption, I didn't think that this self-proclaimed privacy-focused messenger would stay behind). And so I found myself in late 2018 starting to more and more doubt Telegram, but by then there were many competitors and Matrix seemed to be the hot thing that everyone was excited about (and it turned out that it didn't even work properly after you turned on encryption, only the unencrypted form seems to be somewhat reliable). XMPP didn't come to mind as potentially having evolved, perhaps because in the decade since MSN, I don't think I heard of a single person using XMPP for end-to-end encrypted calls. Perhaps it's great but... somehow I doubt that I never heard of a functional free decentralized/federated end-to-end encrypted multi-device user-friendly chat and (video) calling system.

      2 replies →

    • SahAssar  4 years ago

      I hope that XMPP or matrix wins out and becomes a de-facto standard that everyone uses (like email) over things like slack, signal, whatsapp, telegram, teams and all the rest.

      What I don't get about Snikket is why it tries to distance/hide itself from XMPP. The homepage does not mention it, the app page only mentions it by saying that Snikket is "Compatible" with Conversations which is also compatible with XMPP. The server page does not mention it at all. Is Snikket XMPP and a few XEPs? Is it something else? Can I use a XMPP client with Snikket? Can I use a Snikket client with a XMPP server?

      That makes me doubt that Snikket cares about interop with XMPP or the wider ecosystem.

      3 replies →

  • thaumasiotes  4 years ago

    DeltaChat?

    • lucb1e  4 years ago

      Their homepage explains why I never heard of it: it "uses the most massive and diverse open messaging system ever: the existing e-mail server network". That won't work for (video) calling; not an option for me. I might as well just send my mom an email at that point? (Since I self-host mail, it wouldn't even have to leave localhost. Also, guess what I'm debugging right now... what monster even created this thing called sendmail...)

      1 reply →

MarcelProust  4 years ago

Signal requires a phone number for contact discovery, which many people have given out about because it's tied to your meatspace identity, so it's harder to be anonymous with Signal.

drdaeman  4 years ago

My understanding is that Signal is centralized, and this is not. That's an important difference.

wyager  4 years ago

Signal is centralized, server is closed source last time I checked, smells like a fed op, one of the creators was trying to use it to pump some shitcoin, it requires you to give them your phone number.

  • rOOb85  4 years ago

    > server is closed source last time I checked

    Check again. It's been updated for a while now. It's always updated, just sometimes less frequently then some people expect. There's no obligation to publish code every x months.

    > smells like a fed op

    You clearly have no idea what your talking about if you believe this. Signal is open source, it has been audited, it provides deterministic builds, is using state of the art cryptography, it's protocol is now the defacto secure communication protocol all other serious communication apps use, and is recommended and used by all the leading experts in cryptography and infosec...

    > one of the creators was trying to use it to pump some shitcoin

    Except there is 0 evidence that any pump and dump is going on. Or that moxie even owns mobilcoin. And calling it a "shitcoin" makes you out to be some cryptobro who shouldn't be taken seriously. There are numerous reasons they used a coin that was designed and optimized for use on a mobile phone. No other coins met their criteria. They also built some cool tech on top of that as well.

    You're either seriously uninformed or are trying to spread fud.

ludamad  4 years ago

Signal is encrypted and likes to show off how little they store, but it is not decentralized. Not being decentralized has many advantages, but a paranoid enough approach does see it as a point of failure for security (I use and love Signal, fyi)