Kind of weird posting the app as a submission like this, given that it's pretty well-known and HN search turns up hundreds of discussions about it. This is kind of like posting a link to slack.com.
I read HN fairly regularly and this is the first I’ve heard of it. Not hard to imagine missing something as I don’t read every article posted on HN.
Just speculation, but after reading about this app I would be kind of shocked if slack wasn’t at least an order of magnitude more popular, so not a very apt comparison I’d say.
So then it should refer to a press release, release announcement, github commit, or whatever. Just linking to the site and saying "Snowden supports it!" isn't really useful.
Yes, on Android at least the photo selection is better now, you can mark up photos and in general it's on par with other messengers.
In the past year or so it's definitely filled out, feature-wise. Audio message UI has been improved.
For how long though? Signal Android has repeatedly broken its backup functionality with no warning, it seems the Signal team is not testing this feature regularly.
iOS users are still out of luck on message backup too :c
I wish I could keep recommending Signal to my friends. For an app as famous as theirs, the applications and tooling don’t feel mature at all. Their MacOS desktop app insists on updating multiple times a day. Indeed, every time I have it open, it starts bugging me for updates. I can’t have conversations anymore because the app insists on restarting signal. These hourly demands for updates has caused me to ignore them entirely - devaluing the core value add in the process. Was the latest 5pm update a security update that I desperately need? Well, I don’t know and at this point no longer care because I’d like to use the app to talk to people instead.
The app also doesn’t work if you have multiple phones or a tablet. I can have signal either on my iPad or my phone. Not both. Why? I don’t know. But Signal insists that it is more secure.
It’s a problem with these security focused applications. They often sacrifice usability on the altar of best case security; making applications that are hard to use for anyone but the most ardent of folks.
I want to love this app, but their bad UX makes it really really hard.
I've been switching people to Matrix recently, mainly because they have a solution for losing your chat history (you don't, at least not with the new key backup system) and there's a lot of other features like bridging and federation. Matrix is far from perfect at the moment but I feel that it will end up being a much more complete solution than Signal (the new seven-word key verification system is really cool and much better than how verification works for Signal).
> Not both. Why? I don’t know. But Signal insists that it is more secure.
It's because the provisioning support is only implemented in the JavaScript "SDK" (in scare-quotes because we all know Moxie is very hostile to users using apps other than the one they publish).
Not only that, there were PRs that implemented the core functionality required and Moxie effectively said that the author was too inexperienced for the patch to even be worth reviewing[1]. There are third-party signal clients[2] which use that patch to allow for you to create "virtual devices" in your shell and thus (in theory) script signal chats or create Matrix bridges (I hope to do the latter at some point).
Keep in mind that some (though not all) of Signal's UX "weakness" is a deliberate consequence of tradeoffs Signal makes for end-user privacy. Signal didn't even have user profiles until relatively recently, when the team came up with a privacy-preserving way of implementing them. There are UX features that are relatively easy to build, and par for the course in chat applications, that are much harder in Signal's model because they don't keep server-readable directories of who's talking to who.
If you seriously care about privacy, when you look at chat app features, think "how would an ordinary developer be most likely to implement this feature, and what would that mean the application was tracking about me as a consequence?" One nice thing about Signal is that as a general rule, you can assume they're not trading privacy for convenience.
It is also reasonable not to care as much about privacy as Signal does. If you want something with more UX niceties, but something close to (and, in most cases, cribbed from) Signal's security model, Wire is a good bet. Just remember, Wire has a lot of metadata about who you're talking to that Signal would treat as hazmat.
Signal makes for a decent SMS replacement, IMO they have put little effort into being a group chat competitor. Some bots like https://git.callpipe.com/yosl/repost4privacy can make groups more user friendly, but group management is still poor.
Its seem much less development than pyre.chat, but it is a functional client (tho pictures all end up in a folder when sent your way, as images + ncurses doesn't really work).
Now try backing up your conversations and group memberships - I've rarely seen so convoluted and user hostile process which practically ensures people will lose their chat histories and just switch to FB Messenger in disgust.
I do admit the rest of the experience has improved, although the ban from binding more a single device to an account is still preventing me from using it more.
Check out my other comment about pyre.chat and signal-weechat, perhaps one of them will work for your use case?
Signal does need serious help on the backup/restore process, iOS users are left in the cold and Android backups often fail when one attempts to restore them.
I've followed up on issues on Signal Android about backups being borked (even getting Moxie to fix a bug at one point) but backups are obviously not a priority for the Signal Foundation. Very frustrating, and it has caused my friends and acquaintances to ragequit Signal in some cases.
WhatsApp uses the Signal Protocol and Wire uses a derivative of it (not the actual Signal Protocol). Both collect metadata that Signal doesn't (and I believe the last time I checked, WhatsApp stored unencrypted chat history to iCloud).
Matrix is designed such that all of your chat history is preserved (as long as at least one of the servers involved in the chat wants to keep the logs). And the new ephemeral key backup system allows you to really simply get set up on a new device and have all of your old chat history available (if you want, you have to opt-in to it).
Matrix is not a reasonable Signal alternative. If you want something in the vicinity of the security model of Signal, but with more UX polish (and less privacy), Wire is your best bet.
In which aspect is it not a reasonable Signal alternative? I know that you have expressed a dislike of Matrix before, but I'm not sure if your point here is that it isn't a Signal alternative or that it isn't reasonable (in a crypto sense).
> It’s a problem with these security focused applications. They often sacrifice usability on the altar of best case security; making applications that are hard to use for anyone but the most ardent of folks.
I actually feel like Signal has done a better job than most in this respect. The interface is attractive, they make things like key resetting reasonably parseable, and there are nice mainstream features like built-in gif searching.
That said I've fought with syncing problems at times, mostly surrounding the desktop app. Presumably it has to do with the authoritative copy being phones in peer to peer mode, instead of a server, but it's still pretty annoying sometimes.
I couldn't agree more with this, the constant requests to restart drive me nuts. It wouldn't have been so bad if it happened once a day, but 2-3 times make the usage as annoying as it can get.
What platform are you encountering this on? I have yet to see this behaviour, though Signal Desktop will throw away all its data if the checksum on the database fails (eg: dying SSD/hard drive).
Take a peek at my other comment perhaps, signal-weechat & pyre.chat might be of use
I recently got signal because some friends made me. Given how old it is, I was shocked by how poor some aspects are.
I liked using it as an android sms app, until I replied to one too many sms over signal because signal always defaults to signal, rather than whichever protocol the person sent you a message via. People uninstall the app, or use iOS. Signal constantly defaulting to a protocol the person on the other end isn't using was too much, so I stopped using signal as my sms app.
I hate that, now that I've stopped using signal as my sms app, it wasn't storing sms in android's common sms store. Now chunks of history are missing, trapped in signal.
The desktop client seems fundamentally broken, often taking 5-10 minutes to sync messages in.
I hate that I can only mute conversations for 1 or 2 hours, 1 or 7 days, 1 year, or forever.
I hate that I can't mute a group and still receive @s.
I hate that it is tied to my phone number.
I think signal offers a really bad experience. I prefer keybase, for many reasons. However when my mother and sister and grandmother needed a way to share pictures and videos (which mms would convert to garbage quality), I set them up with signal. Keybase's mobile client is, unfortunately, specifically bad at media. Signal is decent at it.
Although, the keybase devs as recently as yesterday said they'll be polishing the mobile experience in the coming weeks. Maybe soon I can in good conscience not recommend signal and start pushing keybase among my family. Keybase did also recently streamlined their onboarding process to not require a password- you can just download and go.
I wish they had a competent desktop client with feature parity to mobile and not just an Electron "app".
I could write more critique regarding the forced contact discovery, the use of phone numbers as identifiers, but at lest the underlying security of the app is good.
When I used Android, Signal doubled as a regular SMS app.
That meant you would only use Signal, and the recipient would receive the message via Signal if he too was a user. Basically it worked like iMessage on iOS, but was 100% OSS.
Which from what I can tell, is a thing people here on HN (not to mention /r/Android) are asking for all the time.
Using Signal on iOS though indeed feels weirder because you always need to “discover” who has what IM-service, and then start the corresponding app.
That’s a flaw of iOS though, and not Signal, and all non-iMessage services suffers for that.
This was the main reason I never started using Signal. When I tried it some years ago it wanted virtually all permissions on my phone and wanted to replace my SMS client. I also did not like that they wanted my phone number. The SMS replacement should be an optional feature, and they do not need any phone number unless I want to use that feature.
I registered my Signal account with a burner number not linked to any SIM card, and thus I didn't use it as my SMS app. Don't know if it's default behavior when you register it with the phone number attached to your SIM or not.
I agree the permissions (especially the forced contact discovery) is problematic.
I thought of doing the same until I realized that it's a silly workaround. If I ever need to restore my account or forget password or change device, I'd need the same burner phone... it's a burner anymore now is it?
And then I gave up because of the forced contact discovery... it's a pity.
I wish there was a popular chat service that worked more like Blackberry. Central network but just pseudonymns instead of the phone number.
If I disable Android "Messages" (Google LLC) app, Signal, which is configured as the default SMS app, stops receiving non-Signal text messages.
Occasionally, when an SMS arrives, the Messages app will crash, suggesting to me that Messages is still playing a roll in handling text messages on my Android phone.
Where is the line between Messages app and Signal?
The app could be better on desktop though. Launching it takes ages (sync messages), and after that if I receive a message on my phone it does not always propagate to the app. Messages I send via desktop are also missing on the phone.
But, I love the idea and signal is the only app I use for messaging, so obviously these things don't bother me that much :)
Signal's hostility towards third-party contributions and staunch refusal in federation makes it hard to recommend. Not to mention for an app that touts itself as both being secure and being easy to use, it has a rather crappy UX.
Because Moxie doesn't want it to be[1]. It should be noted though than you can download just the APK from their website[2] and it supports auto-updating.
I want to love Signal but is so hard to love at times:
1. The Signal backup restore process is ridiculous and kludgey. It took me quite some time to figure out how /Internal works on Android 9 devices using the files app for example. [1]
2. If your phone fails without a backup the only way to rejoin groups is having people post a message to each group. I wish there was a middle ground between full backup and dump my keys/group list.[2]
3. The Linux app will, at random, take minutes to load because it is loading 100s of messages. But, this happens even if I was running the app 5 minutes before. Watching the logs I see sqlite insertions happening no faster than 10 a second. The old web based Signal client worked great. I would love to have that brought back.
On my wishlist, which I haven't posted anywhere publicly, includes:
1. Clicking a contact circle _should not_ show me the Android contact, it should show me a list of actions I can take in Signal instead: call, message, video call
2. Video conferences are often used with families. Please create a full screen video call mode that is friendly for parents with kids. This means that I can let my kid touch the screen and not immediately drop a call or switch apps. A full screen mode with optional pin or swipe pattern to exit would make me love the app forever.
Also, for context, my experience comes from converting dozens of family members off of Whatsapp to Signal over the course of 6 weeks earlier this year. For the most part it has been fine but these sharp edges have caused me pain trying to support my family members. Whatapp lost my trust with the announcement of Fb messenger integration and the unencrypted backup to Google Drive.
I am hopeful that Signal will improve overtime. However, the web client deprecation and my recent experience with the backup/restore process has me concerned.
For those like me who aren’t used to the term federated...
“Federated architecture (FA) is a pattern in enterprise architecture that allows interoperability and information sharing between semi-autonomous de-centrally organized lines of business (LOBs), information technology systems and applications.“
riot/matrix is substantially worse in usability than Signal.
In addition, if you wanted something federated with decent crypto, an xmpp server with something as basic as TLS and OTR on the server and clients would be far more usable than matrix.
https://quicksy.im/ – a spin-off of the popular Jabber/XMPP client Conversations with automatic contact discovery.
> Even if you are not a Quicksy user you can enter your Jabber ID into the Quicksy Directory and give Quicksy users the ability to automatically discover you based on your phone number. This lets you enjoy the privacy-friendly, federated nature of Jabber/XMPP while giving your less tech-savvy friends a low barrier entry into that world
// not affiliated; saw this recently, like the idea.
Actually I find Signal to be among the easiest apps to use for secure communication. My 68 year old mother uses it. 50 year old brother uses it. Co-workers who aren't techies use it.
Now matrix on the other hand seems like the next step for us nerds, so far less available than Signal.
Well, my comment was not serious. By not encrypting by default they actually put your data at risk. Syncing and encryption is not exclusive and could be done in its simplest form by sharing the private key or working with subkeys. Not encrypting by default is the worst option, imho.
Once my phone is rebooted or ran out of battery, Signal would stop notifying me of any new messages unless I manually launch the app, sometimes I even had to tap on each individual conversation to check for new messages. I agree with some posters here that its UX badly needs a redesign too.
Those who depend on anonymity and security in any serious way should think carefully about using technology. Two whistle blowers in a row have been compromised in the last few months and are now in prison in their communication with theintercept.
Don't trust anything you read online, if you need guidance try to reach out to trusted and well regarded experts in privacy and security ecosystems and do it in the real world face to face, not online. Cryptome has a decent faq on this.
Signal is connected to your phone number. That's game over right there and then on any claims to security and anonymity. Things directly connected to your identity in an insecure OS as Android cannot deliver security or anonymity, and its dangerous to lull others into a false sense of security.
I love Signal and use it as my main communication platform, but the inherent metadata information disclosure doesn't make it the ideal secure communication platform.
Right now, that title belongs to Briar in my opinion - it has a far more satisfactory security model in my opinion.
How do people think about the relative trajectories of Signal and Keybase? It seems like Keybase wins in terms of features, but Signal has a much bigger network and is therefore perceived as more of a known entity, security wise?
Just posting for discussion. For me, the fact that Signal can only be downloaded via Google Play and not F-Droid. is a major blocker.
For that reason I run a Matrix/synapse instance and that's what I use for day to day text based communication. Matrix clients have some issues and aren't as user friendly as Signal's IMHO, but they're getting better and better.
That said, I don't think federation actually contributes to security. My instance is firewalled off from being discoverable by the larger Matrix community, mainly because my instance is for close friends and family.
I can't really comment on what he brings up about the Signal founder -- not very familiar with him..
I currently use Wire. Their apps are solid, not perfect thats for sure but good enough, but most importantly I am not required to use my phone number to register an account.
> Recommending a solution for a critical need without communicating the limitations doesn't seem like good engineering practice.
Good security advice is about harm reduction.
Security advice is not "bad" because it does not achieve perfect security.
Using Signal instead of an app the government can access through subpoenas (Facebook Messenger), that is closed source (iMessage) or transmits in the clear (traditional SMS) is good advice because it reduces harm and reduces risk.
We can't know all threat models and options of everyone who is the audience of such broadcast endorsements, such that we can engage in noble lies and confidently call it "harm reduction".
(Simple scenario: journalist was told by experts that such-and-such is secure, without qualification, so journalist uses it in some ways that they would not, had they been given a more accurate characterization.)
You can see my first comment in this thread, which you took exception to. This is a very important topic, and I'm not debating recreationally. There is a long and ongoing history of security advocates overstating security, to people who really need it, and that's the sort of thing that can get people killed, positive movements ended, etc. Anyone advocating right now should be aware of that, and not keep making the same mistakes.
I don’t know if this level of cynicism is helpful. If taken to its logical conclusion, one would just give up on electronic communication. That comes with some costs, either economically, or in being exposed to other safety risks associated with offline communication, or being less effective in whatever one wants to achieve with that communication.
Or, people will conclude that everything is compromised anyway, and therefore not take the reasonable steps because “why bother?”
I also don’t think the idea that all hardware is compromised should just be accepted as fact. There is more that speaks against that thesis than in its favor, including the high market value of iOS exploits and the length Apple and the FBI went to in their fight over that shooter’s iPhone.
Apple especially has taken some steps that seem to deserve some credit. After all, if we refuse to see the differences in their approach to others’, they (and everyone else) will just learn from it not to even try making privacy part of the value proposition.
This won't get the history of the conversation though. And if doing this on a new device, the security number will change, and others will be notified.
Has the experience improved much recently? I switched a couple of years ago to using Wire, since it seemed like a smoother experience (important for trying to convert people).
I think the experience has improved a lot recently, and it's grown much more popular than Wire, so you may find your friends already on Signal rather than needing to convert them. For comparison, Wire for iOS has 204 ratings (3.9 stars) in the App Store, while Signal for iOS has 190,000 ratings (4.7 stars).
It would be incredibly surprising for such a device to be created in secret. Moreover, there are versions of public key encryption that can not be broken by a quantum computer.
Makes sense. There would probably need to be a kind of intellectual hoarding and misdirection amongst leading academics in quantum computing research. Yet one would have to assume such research does take place in private by governments.
Does signal use the quantum-proof variety of encryption?
The problem is that the largest QCs that we know of in the public are so ridiculously weak that I find it incredibly improbable that any government is anywhere close to having large enough QCs to break anything.
The largest QCs are on the order of tens of qubits, but in order to run Shor's algorithm (to break RSA, or the discrete-log equivalent to break Diffie-Hellman) you need hundreds or thousands of stable qubits -- and the current generation of qubits are unstable. You can make stable qubits out of unstable ones by using error correction, but that requires you to have ~1000 unstable qubits to make one stable qubit. So there's at least 5-6 orders of magnitude separating the current state-of-the-art and when classic public-key crypto will be broken.
> Does signal use the quantum-proof variety of encryption?
No, there is currently no trusted post-quantum encryption (though the real issue is finding a replacement for public-key crypto because that seems to be the weakest link where quantum computers appear to have the most power). It's being worked on but is a very new field. In addition most post-quantum systems require keys that are kilobytes or even gigabytes in size (elliptic curve keys are tens of bytes). djb (a very well-known cryptographer) and his colleagues give quite a few talks about this[1].
Funnily enough it appears that elliptic curves (which are harder for classic computers to break, and can be easier for classic computers to compute safely) are actually easier for QCs to break because the key sizes are so much smaller (meaning that fewer qubits are required).
No, nobody uses quantum-proof encryption yet (usually called post-quantum encryption). Google and others have experimented with it for https and it worked fine, but nothing is deployed yet and standardization has barely began. So if someone records your traffic today, they will be able to decrypt it in a couple of decades.
> Google and others have experimented with it for https and it worked fine
To be clear, Google didn't experiment with actually using post-quantum crypto. Their experiment was to figure out what was the largest key sizes that browsers and networks would accept before you start degrading connections. Their "post-quantum keys" were just padding bytes. This was gone through in the Bernstein and Lange talk this year at 35C3[1]. This is a good thing, given the history of the security of post-quantum candidates[2].
Sorry, I must have left out private entities, which led to downvotes. Snowden is likely to have caused an exodus of hoarded intent of knowledge towards private global interests, away from governments. So the quantum race, then, would be going on behind the scenes with both private and public interests.
How hard will it be to switch to post quantum encryption globally once it’s clear publicly that there’s at least a proof of concept for a quantum decryption supercomputer? How do you differentiate between cloned 210 iq babies in massive underground communities (as an example) working on decades in the future tech, and safeguards amongst the destructive forces of the powerful hegemonic incumbency. There’s an applicable abstraction here, generally, about containing superior intelligence, whether artificial or biological. I do believe recent Star Trek movie touched upon this
> How hard will it be to switch to post quantum encryption globally once it’s clear publicly that there’s at least a proof of concept for a quantum decryption supercomputer?
In theory switching could be "simple" but depends very strongly on what post-quantum algorithms we end up with. If we have a good replacement for Diffie-Hellman (the current candidate appears to CSIDH[1]) then you could replace effectively everything with it because the protocols could be left unchanged. The keys might be a bit larger but who cares.
However, if there is no safe Diffie-Hellman replacement then we'll need to change our protocols to accommodate the new crypto. Symmetric-key crypto appears to be mostly safe (Grover's Algorithm can only provide a square-root improvement and so we can just double our key sizes to 256 or 512 bit) so we only need to fix the public-key part, and can work on replacing the rest later.
Anything that forces adversaries to have novel (let alone sci-fi) technology instead of a warrant is a huge win. Let's not let the perfect be the enemy of the good.
Amazing. Endorsed by Snowden makes me trust this so much
„Snowden didn’t just steal information about “domestic spying” operations. The truth is Snowden apparently stole many more files related to what most in the intelligence community and beyond see as legitimate, overseas spy operations — including anti-terror operations and those targeted against the U.S. by our enemies. He reportedly focused his theft on the most sensitive “Level 3” data that includes lists of sources and methods in China, Russia and Iran.
This is the type of information that “could invalidate America’s entire intelligence enterprise if it were placed in the hands of an adversary,” Esptein writes. He suggests Snowden would have known Booz-Allen Hamilton in Hawaii (his last contractor position) was one of the few contractor facilities that had the authority to hold “Level 3” data and former co-workers believe he took the lesser paying gig”
The data Snowden took relative to his access level does not support your theory.
The most amazing thing about Snowden case was his access to information. Normally NSA employees have a combination of clearances: TS (top secret) and then SI (signals intelligence), TK (talent keyhole), and Gamma (with subcompartments).
But then they gave some IT staff like Snowden special "root access like" clearance called PRIVAC (Privileged Access) where people had access to all data collected. Snowden had open list of live feeds from all active operations, drone feeds and other information regardless of classification all over the world.
PRIVAC didn't have two man rule, restricted access to contractors or compartmentalization until Snowden came out and Senate hearings happened. NSA clearly prioritized cost and data collecting over security.
If there was actual spy in the same position as Snowden, or if Snowden really had
the intention to spill everything to harm the US, the damage done would be catastrophic.
> The data Snowden took relative to his access level does not support your theory.
How do you know that? The only people who know what Snowden took are Snowden, the journalists, the NSA, and the foreign intelligence agencies who took the data from the journalists.
Nobody thinks Snowden had the intention to damage the US. He was just so stupid that he did it accidentally.
We know at the very least that he took lists of Chinese targets and when they were compromised and gave them to the SCMP, who reported in broad terms about the content of the lists. We know he gave a list of war zone and drug trafficking targets to Greenwald because he reported them. We know he gave a list of Western European political targets to Greenwald because he reported them as well. We have no idea what Russian target lists he took.
Spy vs recruited asset/“public interest” spokesperson/super bowl ring in human form. Not equivalent. Recruit could believe he’s helping global public.
Arrogant enough to leave breadcrumbs about how he didn’t take the “really damaging stuff” which would have increased the chance of a kinetic reaction. What can you get away with? Seem like you’re the good guy exposing weaknesses while attempting to claim no damage
Snowden handed over blueprints to global spying operations. It’s not an exaggeration to say that shtf since then. He’s a Russian operative at this point, if not premeditated
Honestly he could have just flown to “His” destination instead of HK she’ll game. He’s so careful yet he just goes public while still in HK? Haphazard disclosure like that doesn’t match his careful nature
Snowden committed treason. Act of war, full stop
You don’t credit the person who torched your imperfect building to the ground with forcing you to build a better building, placing you in some ways at a long term strategic disadvantage relative to your adversaries who are running with those blueprints
He did take potentially damaging information but he was very careful to hand it over to responsible journalists who then filtered out what was relevant.
Given his circumstances at the time he did the best he could in balancing peoples right to know against legitimate stuff I think.
Snowden successfully evaded notice and basically "got away with it" to the extent that he tried. Whether or not you think he was justified has no bearing on his obvious opsec competence.
Despite the unnecessary tone, nothing stated seems likely to be false. It seems likely that adversaries would have adjusted their methods based on Snowden’s disclosures. Which parts seem unlikely?
