Comment by Vinnl
2 years ago
> Note that even once these features reach everyone, both you and the people you are chatting with on Signal will need to be using the most updated version of the app to take advantage of them.
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
Which is also an example of a challenge for open ecosystems where everyone can create apps.
I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.
Is Signal considered to be (or attempting to be) an open ecosystem?
My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
The underlying protocol is open and could be used for an open ecosystem, but I didn't think Signal aspired to do that.
The apps and most of the backend are open source too, not just the protocol.
The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).
I see that it is a ton of wishful thinking and FUD on the side of Signal to claim that: XMPP is alive and kicking, has all the features one needs, runs everywhere, at scale, offers the same or better crypto, better privacy, better resilience and is more sustainable. When Signal will inevitably fail/turn against its users/enshittify itself or get acquired, all federated and P2P protocols will keep on going. For decades. That's the kind of communications systems we should be demanding in the present era, nothing less.
11 replies →
> My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
You are right about that. There used to be an open source build called LibreSignal
Moxie Marlinspike made clear [1]: You may inspect the code. You are even allowed to compile it. You are not allowed to connect your self compiled client to our message servers. We are not interested in a federated protocol. Make sure your fork creates its own bubble that does not overlap with Open Wisper Systems. Stop using the name Signal.
[1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
Both the app and the server is open source
https://github.com/signalapp/Signal-Android https://github.com/signalapp/Signal-Server
There are forks like Session which doesn't require a phone number to sign up
https://github.com/oxen-io/session-android
I understand this, but Signal doesn't attempt to tolerate third-party apps on their servers as far as I know. They don't support interoperability.
9 replies →
They've described what they're attempting to be here: https://signal.org/blog/the-ecosystem-is-moving/
Moxie's post looks solid, but there is a counter example: bitcoin nodes. They are a very loose federation of nodes that go through regular upgrades in the protocol. So it is possible.
But yes, it's also very hard. The bitcoin protocol didn't start out that way. It took a lot of knocks and bruises to get to the point they could upgrade all the servers in the federation.
Interestingly, the method bitcoin came up with allows protocol changes to fail, meaning the bulk of the federation never takes them up. Everyone gets a vote, and it only succeeds if the bulk of the federation upgrades. Perhaps from Moxie's point of view that's unacceptable, as it means he is no longer the dictator of the protocol.
Nonetheless, it is possible to design a protocol so it can be upgraded relatively quickly. Even if you don't do add "quick transition" features to a protocol transitions can still haven. IPv6 will replace IPv4. But as Moxie says, it's painfully slow.
The author is no longer CEO, though, and there are a lot of "I" statements in the post. Is it still accurate? Has the current CEO made any comment on it?
1 reply →
Matrix debunked these arguments: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom...
2 replies →
It's not [attempting to be an open ecosystem]. Their ToS used to forbid using third party clients. I don't think this has changed. They haven't banned anyone for using third party clients (to the best of my knowledge), but they're openly against an open ecosystem.
It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.
I wish it were more obvious that Signal expires its apps every 90 days.
My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.
When I visited, I opened the signal app and was told I had to update.
I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.
This has more sinister implications in some places. For example, Apple app store in Russia can get banned at any time. So if I understand this correctly, if that happens, Signal will stop working for all iPhone owners in Russia in 6 months. And guess where you really need something like Signal?
It's patently unforgivable that a message would not be delivered because the client is out of date.
The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.
In the US, cellular is often expensive and slow.
In underdeveloped countries where software like Signal could be really important, all this is even more true.
We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?
Delivering a message to a client which is known to be less secure than the sender expected it to be is unforgivable.
Refusing to deliver is inconvenient.
8 replies →
> In the US, cellular is often expensive and slow.
Mint will sell you a plan for 5GB of data for $15/mo. Its not that expensive to have a basic cellular plan. And that's assuming you're not poor enough to have your cellular plan almost entirely subsidized. And also assuming you're pretty much never anywhere with wifi.
In the vast majority of markets in the US it'll take a minute or less to download, it'll probably take more time unpacking on your device and installing.
2 replies →
We are talking about 85 MB four times a year to keep the application up to date and running smoothly. Don't be ridiculous.
[flagged]
Protocol ratcheting, but 90 days would be quick if there’s a lot of apps.
Does this mean the protocol still exposes your phone number and it's hidden only by the client side?
The answer is almost certainly no. It means the old APIs that expose phone numbers will stop working in 90 days. And old clients along with them.
I have not investigated this at all, but I have enough faith in Signal/Whisper Systems to be optimistic.
Found out the hard way that the old versions do stop working. You don't even get message notifications if your app is out of date.
4 replies →
The way they say "privacy settings will be honored by everyone using an official Signal app." kinda suggests they're gonna let third parties keep getting this info...
2 replies →
Hackers can always create apps.
This is a common, but terrible argument. Anyone can (mis)use, make, or weaponise technology given enough time and funding. Following this reasoning to its logical extreme, nobody should ever do anything.
The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.
Done right, that fraction will be significant.
It's not a big expensive task to look at what data an app is sending/receiving. Anyone with minimal reverse-engineering skill will know how to intercept HTTPS to/from their own phone in 5 minutes. Signal uses some other protocol, but it's also doable, also it's open source anyway.
The conclusion isn't that Signal should be closed-source, it's that Signal's servers should not trust the clients not to be tampered with. So after 90 days, they will remove phone numbers from the protocol for users who have hidden them, breaking old clients, which is fine. What is the alternative solution you're thinking of?
I mean, if WhatsApp said this about the privacy of messages, Signal would be running billboard ads about how they don't care about privacy and look at how much better Signal is, right? This is the company that goes out of their way to pile on advanced encryption and insists on using dangerous secure enclaves to get this kind of thing right... until they are asked the hide phone numbers, at which point they are selling people a false bill of goods that WILL confuse someone into giving their phone number to someone who they really shouldn't have. It isn't as if it is somehow impossible to hide anyone's number at the protocol level: hell... even Snapchat does this, right?