1. 22

  2. 40

    This take comes up every so often, e.g. in some of the linked articles. I’m sympathetic to many of the concerns raised, but I’ve yet to see serious engagement with some of the deeper issues raised. For example:

    • A significant number of security and privacy-enhancing technologies (PET) have received US military funding or other support. See: Tor from the Naval Research Lab, OpenBSD from DARPA. SELinux comes from the NSA. The Open Technology Fund has also support Ricochet, WireGuard, Delta.chat, and Briar (that the author recommends), etc. (link). Are all these tools suspect?
      • As an aside, the EU also funds a significant number of PETs. While not as egregious as the US, the EU is no enemy of mass surveillance, either.
    • One reason for Signal’s centralization is, in short, that it’s hard to update federated protocols, including their security features. E2E encryption in XMPP or email is still a pain, and far from usable for most people. I hope that e.g. Matrix can pull it off, but they face challenges that centralized services don’t. With a centralized service, you know that you can handle unforeseen security developments quickly. Shouldn’t this be a key priority for a security tool?
    • Using phone numbers as identifiers has its benefits: you don’t need to store users’ contacts on your servers. A service like Wire, that does allow you to sign up without a phone number, has to store your full social graph on their end. Avoiding this sort of metadata is a hard problem — Signal has opted for minimizing the amount they store.
    • It’s hard to overstate how much ease of use matters when it comes to gaining mass adoption for these tools. For a long time, privacy & security tools were super user-unfriendly, reserved only for a small technical elite (see PGP). If we want to combat mass surveillance, we need tools that the masses want to install (in my experience, it’s hard enough to convince activist groups to migrate off Discord or Slack — the alternatives need to be similarly easy to use).

    Not trying to shill for Signal — I share many frustrations with the author, e.g. on Signal’s approach to open source — but I’d like to see a little more nuance in articles like this one.

    1. 16

      Using phone numbers as identifiers has its benefits

      Indeed. This was WhatsApp’s big innovation, and is how WhatsApp basically took the ball away from the phone companies and made them into wireless Internet carriers. Signal is a WhatsApp alternative, and to be that it has to play in the same ballpark.

      1. 5

        And $50M of Signal’s funding (which is the majority of its funding) comes from one of WhatsApp’s founders. He probably has a lot more influence on the direction of Signal than the CIA and his motivation is to have something like WhatsApp that isn’t under Facebook’s control.

      2. 8

        A significant number of security and privacy-enhancing technologies (PET) have received US military funding [tor, OpenBSD, SELinux, etc]

        Not to mention the fact that the development of Internet itself was funded by the US military (DARPA).

        1. 5

          My take on the military-industrial-intelligence complex funding is that the NSA does it to provide communication security for US-backed dissidents in rival countries, to support “color revolutions” there. The fact that they may benefit activists and/or criminals in the US is considered an acceptable cost.

          I think that in principle, using phone numbers as identifiers is bad, and ignores realistic threat models for people like abused spouses. But in practice, it makes it much easier to get people to adopt it, because they don’t need to create a login and password, and you can use the Signal app as a simple drop-in replacement for your SMS app on Android, and get added security incrementally as your contacts adopt it. The frivolous stuff like stickers and gifs helps with this, and OWS have bent over backward to provide secure implementations that actually meet people’s needs.

          Centralized and federated protocols both have challenges (different ones) from security perspectives. In practice, Matrix is a little over-centralized right now, anyway.

          For me, adding a cryptocurrency for payments is Signal’s “jump the shark” moment, but I’m still using it for friends and family.

          1. 3

            A service like Wire, that does allow you to sign up without a phone number, has to store your full social graph on their end.

            There’s no need to do this. For example in Peergos you can sign up with just a username and password, but your server can’t see your social graph (short of doing timing + IP address attacks that also apply to Signal, even with sealed sender - and even these will go away once we have onion routing). You store your own social graph in your own encrypted data, without any visibility to the server. Of course this means that you can only add new friends by their username, but this becomes less of a problem when you allow discovering friends of friends via comments in your news feed.

            1. 2

              As an aside, the EU also funds a significant number of PETs. While not as egregious as the US, the EU is no enemy of mass surveillance, either.

              The OP also has articles called “list of US hate crimes” and “list of US atrocities”, and he praises the Chinese for not using signal. I think being anti-US is as important to him as being pro-privacy.

              1. 1

                Adding Tor to the list of government funded PETs.

              2. 8

                Does anyone else have the problem that Matrix is incredibly slow? I have a top of the line desktop PC and it takes 20-60 seconds from double clicking the icon until the Element client finishes with all the spinners and freezing and becomes usable. Also, how can I extract conversations in a usable format (e.g. SQLite)? These are my two biggest pain points with Matrix and the reason why I don’t use it.

                1. 9

                  You’re describing problems with Element, which is fair. It’s an electron app, and it’s memory hungry. So is Signal.

                  The difference is that you can use Matrix without using Element; there are 3rd-party clients out there that work great with much better performance footprints. If you don’t want to use the Signal electron app, or if Signal decides your platform isn’t worth supporting (like arm64) then your only option is to not use Signal.

                  1. 8

                    If Element is showing spinners for tens of seconds, that’s all time spent waiting for the server to respond.

                    Synapse is (at least was) slow. Back when I’ve tried running it, there even was a postgres query you had to run occasionally to clean up things that brought it to a complete halt. Thankfully it seems that Conduit is a server project that will actually be good.

                    1. 2

                      The server stack isn’t much better performance wise, sadly.

                      1. 1

                        It’s an electron app, and it’s memory hungry. So is Signal.

                        Signal Desktop on my laptop has been running for a couple of days. It is using 23.1 MB of RAM (between 3 processes, two using about 1 MB) and is responsive. Restarting it takes a few seconds and it’s usable as soon as it presents the UI.

                        1. 3

                          That experience is completely different from mine, but arguing about it is academic since I don’t even have the option of running it on my machine any more even if I wanted to.

                      2. 2

                        It seems fine as a Weechat plugin for me

                        1. 1

                          Which server do you use? I run my own with (usually nearly) the latest versions of Synapse, and I don’t see any such problem. Starting up the client on my iPhone just now took 4 seconds, on my Linux laptop it took 12 seconds (but normally it’s always running and available as a panel icon).

                          1. 3

                            Same here. A friend of mine chats with me over the Matrix “default” home server and I’ve seen his client freeze like that too, while for me it’s always been fast (I’m using a self-hosted home server). I think there need to be more alternative servers and awareness of how to use such alternatives.

                            1. 1

                              Yeah, I think Matrix.org is slow, because they haven’t been able to scale in proportion to their users. Synapse is overly resource-hungry, but it’s not actually slow unless it’s starved of resources. Small homeservers are pretty much always faster than Matrix.org.

                        2. 7

                          Similar criticisms apply to Telegram… funnily enough, down to a damn cryprocurrency integration attempt!

                          To avoid [federation related metadata stuff in Matrix], you can either disable federation

                          At that point you might as well use rocket chat or that new discord clone thing or whatever…

                          1. 6

                            I suggested the “rant” tag. While I share some of the concerns outlined (phone numbers, crypto currency crap, single-control), I can’t really imagine why this article strays from solid reasoning to accusations and name calling. If the author would read this, I’d recommend rewriting this to be taken more seriously.

                            1. 5

                              I agree. I find it incredibly disingenuous that the author does not mention Signal’s Sealed Sender. One of the only serious technical critiques in this article is that you leak your social graph to Signal, but Sealed Sender actually makes this false in most cases. Maybe that’s harsh, and maybe they just didn’t know, but I feel like if you’re going to make that one of your core arguments you should have done your homework.

                              To be clear, Signal isn’t perfect. E.g. in theory they’ve been making changes to lay the groundwork for username-only accounts for a while, but it’s been a long time - where is it? Patent has listed a lot of these issues. But it’s a lot better than this article implies.

                            2. 3

                              For me, disappearing messages is a crucial feature of private messaging apps: for most people, their threat model is primarily based around physical access – seizure by police, or theft, or shoulder-surfing – with government surveillance being secondary. And disappearing messages, unfortunately, requires central control of client software.

                              1. 2

                                Uh. Wow, all but accusing Signal of being a CIA honeypot? Shots fired.

                                Seems like throwing the baby out with the bathwater to me but I’m no security expert.