Comment by unethical_ban
2 years ago
I wish it were more obvious that Signal expires its apps every 90 days.
My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.
When I visited, I opened the signal app and was told I had to update.
I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.
This has more sinister implications in some places. For example, Apple app store in Russia can get banned at any time. So if I understand this correctly, if that happens, Signal will stop working for all iPhone owners in Russia in 6 months. And guess where you really need something like Signal?
It's patently unforgivable that a message would not be delivered because the client is out of date.
The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.
In the US, cellular is often expensive and slow.
In underdeveloped countries where software like Signal could be really important, all this is even more true.
We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?
Delivering a message to a client which is known to be less secure than the sender expected it to be is unforgivable.
Refusing to deliver is inconvenient.
> Delivering a message to a client which is known to be less secure than the sender expected it to be is unforgivable.
That is inconsistent with the threat model of a messaging system!
Inherently, a messaging system will deliver a plaintext copy of the message to the recipient(s). Wouldn't be much of a messaging system otherwise.
Once you sent something and it was delivered in plaintext to the recipient, the information disclosure risk is completely out of your control (and out of control of the application in use). The recipient is free to leak it however they wish.
If you don't trust the recipient to keep it private, don't send it.
5 replies →
If the app has to be updated on a 90 day schedule, then it's likely that most of those updates aren't making anything more secure. So it's not "known" that someone running last quarter's version is less secure than the sender expects.
I think this is the tradeoff that Signal makes versus the messenger most similar to it, WhatsApp. Though of course everyone in a group chat must pick one or the other, so it's not much of a free choice. (My friend group in the bay area is entirely on Signal, for example, though I also have a WhatsApp account.)
> In the US, cellular is often expensive and slow.
Mint will sell you a plan for 5GB of data for $15/mo. Its not that expensive to have a basic cellular plan. And that's assuming you're not poor enough to have your cellular plan almost entirely subsidized. And also assuming you're pretty much never anywhere with wifi.
In the vast majority of markets in the US it'll take a minute or less to download, it'll probably take more time unpacking on your device and installing.
5gb for $15USD/mo is expensive relative to other areas of the world. in aus, for example, my phone plan is $30AUD/mo for 55gb
1 reply →
We are talking about 85 MB four times a year to keep the application up to date and running smoothly. Don't be ridiculous.
[flagged]