What he did with messaging... So he will centralize all of it with known broken SGX metadata protections, weak supply chain integrity, and a mandate everyone supply their phone numbers and agree to Apple or Google terms of service to use it?
It seems like Signal may be another example of "read-only" open source, where there is no expectation anyone will actually try to _use_ the source code. Instead, there is an expectation that everyone will use binaries distributed by a third party and allow remote code installation and RCE of software on their computers _at the third party's discretion_. In other words, all users will cede control to a third party
NB. This comment is not referring to the "Signal protocol". It pertains to _control_ over the software that implements it
The issue being there's not really a credible better option. Matrix is the next best, because they do avoid the tie-in to phone numbers and such, but their cryptographic design is not so great (or rather, makes more tradeoffs for usability and decentralisation), and it's a lot buggier and harder to use.
Full time matrix user and all my family and businesses use Matrix too. It works just fine, and with self hosting, I control the metadata on the servers I host for my orgs.
It actually is the least bad option available, and decentralization is always worth it even if development is slower and more complex as a consequence.
Do you know a better alternative that I can get my elderly parents and non-technical friends to use?
I haven’t come across one and from my amateur POV it seems much better than WhatsApp or Telegram.
XMPP, as Matrix is pretty much centralized, unless you're fortunate enough to register outside of matrix.org. Both xmpp.org and jabber.org is no longer open for registration.
remember when you agreed with me that it was maybe regretable that the Favorites space was removed in favor of a process that required multiple clicks? and now it's months later and Element still has this redesign shipped, with every single one of the original flaws mentioned, still present.
I think Matrix has a lot of smart people involved, and I can't believe I'm saying this, but dear god, are you hiring for a TPM, by chance?
Every, single, time I have to go "Home" -> "Expand" -> "Favorites" to do what used to take one click, I lose a bit more faith in Element/Matrix.
Though, y'all did finally fix the notification sound that made me want to kill myself every single time it violated my ear drums. Only took.... 4 years? for that?
What were meant to be fast-follow fixes to the new left panel after it shipped in September ended up getting starved out by deadlines for paying customers, frustratingly. The work is happening now however.
Not sure why you're gettimg downvoted. This is exactly what he did to instant messaging; extremely damaging to everyone and without solid arguments for such design.
Or, he took a barely niché messaging app plugin (OTR), improved it to provide forward secrecy for non-round trips, and deployed the current state-of-the art end-to-end encryption to over 3,000,000,000 users, as Signal isn't the only tool to use double-ratchet E2EE.
>broken SGX metadata protections
Citation needed. Also, SGX is just there to try to verify what the server is doing, including that the server isn't collecting metadata. The real talking is done by the responses to warrants https://signal.org/bigbrother/ where they've been able to hand over only two timestamps of when the user created their account and when they were last seen. If that's not good enough for you, you're better off using Tor-p2p messengers that don't have servers collecting your metadata at all, such as Cwtch or Quiet.
>weak supply chain integrity
You can download the app as an .apk from their website if you don't trust Google Play Store.
>a mandate everyone supply their phone numbers
That's how you combat spam. It sucks but there are very few options outside the corner of Zooko's triangle that has your username look like "4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad".
>and agree to Apple or Google terms of service to use it?
Yeah that's what happens when you create a phone app for the masses.
Moxie Marlinspike sounds like some 90s intelligence guy’s understanding of what an appealing name to hacker groups would sound like. Put a guy like that as so-called creator of some encryption protocol for messaging and promote the app like it’s for secret conversations and you think people won’t be suspicious? It screams honeypot like nothing else.
>Moxie Marlinspike sounds like some 90s intelligence guy’s understanding of what an appealing name to hacker groups would sound like. Put a guy like that as so-called creator of some encryption protocol for messaging and promote the app like it’s for secret conversations and you think people won’t be suspicious? It screams honeypot like nothing else.
This criticism has absolutely zero substance and honestly just reads like paranoid rambling. The Signal protocol has been independently formally analyzed [1] and has no known security issues.
The example you linked is about push notifications in general, nothing specific to the Signal app. If the concern is that your OS is compromised or spying on you, that's not something E2E encryption can protect against, whether it's Signal or any other app.
I don't think so, you could use the official Linux build as far as I know. I think it needs a phone number but not necessarily a mobile device. I might be wrong though.
> Are you against using an Android (or LineageOS) emulator to do so?
1. It's annoying and inconvenient.
2. It's the result of an artificial restriction by Moxie, for which I can't see any good reason, making me suspicious. In my opinion, this is basically an attack on true mobile freedom.
3. I do not believe in a good app isolation of Waydroid, so I would prefer to use as rare as possible. I also do not trust Android too much. And I will have to run two Signal apps simultaneously.
He IS a hacker from the 90s. It’s an assumed name. Plenty of hackers from the 90s have pseudonyms.
> so-called creator of some encryption protocol
All evidence points to him being one of the protocol’s designers, along with Trevor Perrin.
I’ve met both of them. The first time I met Moxie and talked about axolotl (as it was called back then) was in 2014. Moxie and Trevor strike me as having more integrity and conviction than most. There is no doubt in my mind that they are real and genuine.
Interestingly enough, some of the work Trevor did related to Signal’s cryptography was later used by Jason Donenfeld in the design of WireGuard.
> It screams honeypot like nothing else.
As you can see there is plenty of evidence suggesting otherwise.
So the argument against Signal is now "the creator's nickname sounds odd"? I mean, OK? Keep using WhatsApp, Telegram or Instagram if you think those are more private than Signal.
It's just people having zero product sense, or an idea of what it means to target more than 0.01% of the market. The last comment said that Signal's problem is that it's mobile-first, which, how does someone even think that a messaging app should be anything other than mobile-first?
There are no fully open/auditable android phones. All of them have privileged binary blobs. An end to end chat service where there are no options permitting full accountability of the client software and operating system is largely security theater.
Even if you do all that, it is not an official option, let alone a recommended one. The recommendation is to accept the google or apple terms of service.
Moxie even went as far as to say he would actively do anything in his power to discourage or stop the use of third party clients.
>> and agree to Apple or Google terms of service to use it?
> Yeah that's what happens when you create a phone app for the masses.
No, that's what happens when you actively forbid alternative clients and servers, prevent (secure) alternative methods of delivery for your app and force people to rely on the American megacorps known for helping governmental spying on users, https://news.ycombinator.com/item?id=38555810
> You can download the app as an .apk from their website if you don't trust Google Play Store.
I wish apple & google provided a way to verify that an app was actually compiled from some specific git SHA. Right now applications can claim they're opensource, and claim that you can read the source code yourself. But there's no way to check that the authors haven't added any extra nasties into the code before building and submitting the APK / ios application bundle.
It would be pretty easy to do. Just have a build process at apple / google which you can point to a git repo, and let them build the application. Or - even easier - just have a way to see the application's signature in the app store. Then opensource app developers could compile their APK / ios app using github actions. And 3rd parties could check the SHA matches the app binaries in the store.
This is what F-droid does (well, I suspect most apps don't have reproducable builds that would allow 3rd-party verification), but Signal does not want 3rd-party builds of their client anyhow.
