A more accurate title could be “Privacy is Priceless, but Centralization is Expensive”: with the era of cheap money coming to an end, grows a lot of uncertainty regarding the future of some large internet services. Signal is no exception and this emphasises the importance of federated alternatives (XMPP, fediverse, …) for the good health of the future internet.
Threema is the oldest and most polished option. You do have to buy a license for a one-time fee though. It's entirely worth the play store credit I spent, but if I were to buy now, I'd use their website store so I could use the open source app instead.
If those “normies” aren’t turned away by the creation of an account (and if they can use Amazon, I doubt it’s an issue), they can certainly use XMPP :)
Except it is not free. My carrier does not include them in the main plans (because they’re not as commonplace anymore), and you either buy an additional package or pay per each SMS.
At some point society needs to figure out how we can subsidize the costs of data storage, remote servers, and provision of internet to people for free.
The only real way to do that is government subsidized servers, but that will fall in the same category as literally every other government service: right wing political entities try to privatize it and make it as shitty and parasitic as possible.
You pay for these things with your data. If the government is paying for privacy-respecting storage or safe internet access, then so are you with your taxes. I’d vote for that, but I’d guess the majority of people would not.
Yup, it has a cost, but there’s perhaps a one or two orders of magnitude cost difference between hosting instant messaging + calls with something like XMPP, and hosting mastodon/Lemmy/Kbin (or why I do the former but not the later, and why I’m ok to pay for the service, esp. considering that my instance’s business model isn’t, unlike Reddit, to re-sell influence and data).
And why wouldn’t they? 90% of the software people use daily is free (as in beer), so of course being told that’s going to change is going to cause upset. It takes a lot for people to want to pay money for something that, to those who don’t value free (as in freedom) software, is no different than the costless alternative.
I laid it out elsewhere in this thread, but in short, costs grow non-linearly with scale: you can run thousands of users on a RPi, but a million users requires whole datacenters. Decentralization not only helps with not requiring “whole datacenters” in the first place, they also enable maximization of resources: if you have a NAS at home, or a RPi hanging around, a router idling somewhere, or an abandoned smartphone in a drawer, you can probably host enough accounts for all the people that you’ve ever met in your life. And there are hundred of thousands of such underused devices everywhere, which, put together, would be sufficient to host the whole world multiple times around.
The other issue is sustainability: with this centralization comes single point of failure. It’s no big deal witnessing the disappearance of one or few providers of a federated network. Accounts and data can be migrated easily. For most users, it’s invisible. Now compare this to Signal running into financial issues: you are contemplating million of users losing access to their account and their data, and having to re-bootstrap their whole social graph elsewhere. This is another level of “cost”, or price to pay, for centralization.
Who is maintaining all these “unused” devices that you will want working pretty consistently? Who is responsible for replacing hardware when it dies? Who is looking into it when someone stops receiving messages? What happens when the person hosting thousands of users just stops wanting to do it? Who migrates these accounts?
Frankly, your argument sounds more like wishful thinking than anything practical. You’ve basically described the plan as “Magically some devices in someone’s basement will suddenly start running a messaging service, maintenance free, from now until the end of time”.
This isn’t wishful thinking, this is in defense of a model where our digital needs would be distributed at a level lower than that of the tech majors, which was commonplace before everything on the internet was so consolidated.
I’m not saying that everyone should self-host, I’m saying that federated services could be hosted at family&friends/regional/national levels, simultaneously, and deliver a resilient service at a negligible cost. Hardware, which is very much a problem for Signal & al right now, wouldn’t be in a distributed model, and could be donated and repurposed easily. My example was perhaps a bit too extreme, but I think you get the gist of what I’m saying.
Decentralisation would just spread the costs over more individuals. Those individuals would have to collect contributions from their respective communities. The total amount people who would have to chip in to make the system sustainable won’t change dramatically. Decentralisation isn’t some magic wand that makes infrastructure and labor costs disappear into thin air.
…the costs and the risks: let’s jump forward a few years into financing issues, at what point does Signal become a liability and start operating against their stated mission, if the alternative is that they cannot survive? We are witnessing enough contemporary examples of enshittification to know that it’s a real possibility, and that all centralized providers, but in particular the ones not charging for service, are at risk.
Some would even argue that this has already started in the case of Signal with their crypto payments and blocking of 3rd party clients which are clearly user-hostile.
Those individuals would have to collect contributions from their respective communities.
Perhaps, or perhaps not. Running costs get exponential with scale. You can host 1000 users on a shoebox computer/raspberry pi, but delivering a service for millions requires datacenter-level infrastructure and tons of engineering know-how.
Most people into self hosting or having a NAS at home can already accommodate their families, friends and more, which means millions of potential users, without the problem of trust from a single organization
both you and the people you are chatting with on Signal will need to be using the most updated version of the app to take advantage of them
If someone isn’t using the latest app, does this mean they will still be able to see any accounts phone number? I suppose if you don’t update, you can’t add anyone without knowing their beforehand anyway
Also from the article (clicking the dots in the text)
Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
Crazy how decentralization improves both, but they are vehemently against that. I trust them in terms of privacy, but their insistence on centralization, blocking third party apps, removing SMS, and refusal to support fdroid, I’m not a fan of the direction they’ve gone recently.
I haven’t been able to trust them since the get go, to be honest. Their whole stance against federation is… FUDdy to stay polite: gultsch.de/objection.html
Wait. Signal was an SMS client. It wouldn’t cost them anything for a user to send an SMS message. IIRC, they nixed the SMS feature for security reasons, not cost.
The Morman church is another US ‘non-profit organization’ yet somehow hordes billions.
Trusting blindly without doing research because something is presented as a non-profit is a good way to be taken for a fool and separated from your money.
When signal made their own cryptocurrency which they entirely premined was a huge red flag. Dropping SMS support was an annoyance that broke the camels back.
Yeah I think you are right. I too was really mad at Signal for ditching sms, and THEN having the audacity to ask for donations! This article shines a light on the reasons, wow.
Still, I would only donate if they kept sms in there. Not without sms because now it’s just one more isolated platform and no longer a one-stop solution at it used to be.
The sms cost is for account creation and verification on new devices, being an sms client didn’t cost anything aside from maintaining that portion of the app
Removing SMS support makes sense. The potential for a user sending something through SMS that they thought was going over Signal is high. Even for the savvier users who would install Signal in the first place.
It killed adoption, since now it’s just another messaging app. Most of my contacts still use SMS, and will stay on it, so being able to use Signal was a smooth all-in-one experience. Now I have no point in keeping it installed because like 3 of my contacts use it, so it has no use to me, thus killing potential adoption.
And if you had spent 3 minutes looking at r/Signal or the support forum before they disabled SMS you would have seen how many people were confused by the feature.
Perfect, that keeps you off signal and lowers their operating costs.
Because if you actually needed signal, you’d still be using it. Security and privacy is not about convenience or a “smooth all-in-one experience”. It’s about actual security and privacy. And that is what signal provides.
Exactly the opposite. Removing sms was the thing that finally made me recommend it to my friends and family. People understand sms replacements. People understand alternate messaging apps. People don’t understand encrypted sms.
If you have people who love whatsapp, it’s super easy to get them to use signal instead.
The cost of these registration services for verifying phone numbers when people first install Signal, or when they re-register on a new device, currently averages around $6 million dollars per year.
That’s pretty crazy. Wonder which third party providers they are using. Maybe the identity verification methods we have today is due for some significant changes?
No, I think they are merely working on user ids no longer mandating to be your phone number (so that it can be pseudonymous, e.g. tja@signal instead of +xx0123456@signal), I don’t believe they hope to drop SMS verification at this point because of the spam issue getting worse otherwise
SMS is dead, so they will need to move on eventually. Most carriers are moving towards high data plans now. I mainly use it for verification, although I’d rather use more secure methods.
Also Signal cannot add RCS support, because Google Jibe servers won’t allow other app than Google Messages… And you must use them because native RCS support for Android is halted for years… And you cannot install some module with RCS support yourself because of anti-Unix monolitic Android userspace architecture…
Without SMS verification, spam would be so much worse that they’ve been kind of obliged to keep it, even though it defeats/undoes most of the privacy features they like to advertise about
The article says it’s to limit spam. I don’t feel platforms like Lemmy (or the other platform) are particularly spammy though. On the other hand I get a lot more spam on Whatsapp, even though it’s phone number bound.
Signal is pretty good in terms of limited spam, but I’m curious about the impact if they A/B test the removal and see how much spam would arise. Obviously that could only be implemented after they remove the need to add contact via phone number.
If you go to Reddit which is more popular for bots certain subs are completely filled with spam and votebots. r/worldnews is like a giant circle of pro IDF bots jerking eachother off. LSF became a shitshow too.
If more people joined Lemmy you’d see the amount of spam this place would get. Now it’s only a bunch of nerds who will quickly report any spammy activity. It’s a small “friendly” community for now.
You are correct my friend, because Lemmy is for smart people like us. And a smart person like you could easily make 10k per month on the side.
With just a small initial investment you could create a huge passive income in no time.
Just go to shadyscamspam.com and become your own boss.
All of the people recommending matrix don’t understand why signal is secure. Matrix offers the same level of end to end encryption as Facebook Messenger, but it’s federated so people who care more about federation than privacy like to misrepresent its safety
That’s fair! If you’re on these type of forums, there are a lot of Signal haters and a lot of Matrix lovers, and sometimes they like to make confusing or just straight up inaccurate statements. The crux of the issue is not about the encryption of the text of messages themselves, which both platforms are capable of doing. Personally, I wish there was something like Signal but without the centralization, but the reality is such a thing doesn’t exist.
Signal (as in the Signal server and by extension the legal entity behind Signal) does not know what groups you’re in, does not know who’s in your contact list, does not know which groups you are sending messages to, doesn’t know which groups exist, and can’t tell the difference between a message, a reaction, a read receipt, a remote delete (“delete for everyone”), an edit… etc. Signal doesn’t have a way to send anything between two parties that the server can see. Signal has received a number of subpoenas which they typically fight, and if/when they lose they over all of the information they have about the subject of the subpoena, which tends to be whether or not they have a Signal account, when they registered the account and when they last used it. You can see these at signal.org/bigbrother/
Matrix (as in the Matrix server you’re registered on as well as the servers of whoever you’re talking to, for groups that means everyone in the group, notably this is not necessarily the same as the legal entity behind Matrix, but in practice a LOT of people use matrix.org for their home server so it frequently is) can see basically all of the things I listed above. The text of normal messages is encrypted. The group membership list isn’t encrypted. reactions aren’t encrypted. read receipts aren’t encrypted. Group membership lists are stored in plain text.
“theoretically” being the operative word here. Most people don’t. And if they did, they wouldn’t be able to talk to anyone else without the metadata getting copied to that person’s server. Probably okay if it’s between two information security experts who operate their secure own servers, but in reality most people don’t do that. This could be summarized as: Matrix offers a lot of easy ways to be less secure, Signal does not.
As for WhatsApp, I know they have paid or maybe still do pay Signal for their encryption. I believe Facebook Messenger did or does as well. I’m not sure what the actual implementation looks like and neither is anyone else, because it’s closed source.
On the other hand, matrix offers anonymous chat, while signal requires a phone number. What software is really executed on signal servers knows only signal’s team - so, it is still, a matter of trust.
But that’s not what’s being said here. In this post people op is asking for federated Signal. People are saying matrix is just as secure. This is wrong and I am pointing that out so people don’t go thinking this is correct. Making misleading statements about the security of this sort of thing is dangerous.
Facebook Messenger offers optional end to end encryption just like Matrix. Just like Matrix, the server knows who you’re talking to, what groups your in, who else is in those groups, how many messages you sent to which group, who’s messages you react to, etc. But the actual text of the message is technically encrypted so Facebook can’t respond to subpoenas for your messages. I use Facebook Messenger as an example because Facebook is (correctly) generally considered not private or safe.
Signal had something good when it could simply be your default messaging app on your phone, and it’d transparently send either encrypted messages, or plain-text SMS. Now that they’ve removed SMS, they’ve just turned into a worse Whatsapp (because nobody is on it). Network effects are important in messaging apps.
I don't see the issue? Just use your native messenger for SMS. Why does it need to be part of Signal? It just makes things convoluted and confusing to have an unsecure messaging service inside an otherwise secure messaging app.
Was that the punch in the face, or was it all the morons intentionally misinterpreting this argument and saying “but why would u want to send nonsecure messages are you aware SMS isn’t secure it’s like so insecure to send SMS bro it’s not secure it’s like literally a security risk bro SMS isn’t secure at all and also are you aware SMS security is poor”
Totally agree. Good opsec is all about building good habits. Having 1 app for secure and a different app for normal creates a healthy compartmentalization in the mind for ease of building and maintaining habits.
You literally made up an argument no one made in this thread.
The fact of the matter is that it is unwise to have both secure and insecure messaging side-by-side. Depending on where you live, this could translate to a simple mistake resulting in imprisonment or worse. It's very important that a "secure messaging app" only allow secure messaging.
You, like myself, probably live in an area where accidentally sending a message critical of the government over an insecure message would not have any tangible consequences, so perhaps you're weighing the convenience as more important due to lack of perspective.
By that logic tho, you can also accidentally open a different app and send an sms, because on Android all the apps need to look and behave basically exactly the same for some reason.
Strawman, one of those big words people use when they can’t make a decent argument.
Would it be that difficult to have two versions of the app then? One without sms for the more security conscious and easily distracted people, and one with sms, that I could install on any grandma’s phone?
Difficulty of implementation was never an argument, only ideological ones, with which Signal fucked over so many people. Literally all of my Signal contacts have gone offline soon after they axed the sms support, and so I have no use for Signal at all.
So, mission accomplished I guess. Secure messaging has won- oh wait, everyone is back on WhatsApp.
All my friends and familiy are still on signal.
This is a you problem not a signal problem.
Maybe you should have told your familiy why facebook is bad instead of being “look fancy chat”
I never needed the sms tool(who writes sms anyways?) what i need is more secure coms that I can use.
One thing that still bothers me is that with the phone number…. I am still waiting for uniq identifiers to uncouple my phone from my messenger!
I’m not here to do Signal’s marketing for them, especially since I never liked it in the first place (due to the phone number thing). They had a good thing going for being an acceptable alternative, and they fucked it up. Definitely not my problem.
You literally made up an argument no one made in this thread.
I literally was not confined to this thread, which is blatantly obvious if you know how context works.
The fact of the matter is that it is unwise to have both secure and insecure messaging side-by-side.
Skill issue. If it’s too hard for some people to pay attention to what they’re doing and use a tool correctly, they can buy a Vsmile. This is all ignoring the fact that no human being could possibly fuck it up on Signal unless they’re too illiterate to send text messages—or indeed use a cell phone—in the first place.
I literally was not confined to this thread, which is blatantly obvious if you know how context works.
Making up an argument no one in the discussion has made is called the "Strawman Fallacy". Why should anyone in this thread care that you talked to someone (allegedly) that was so dense that they made a bad argument that you got frustrated with?
If it’s too hard for some people to pay attention to what they’re doing and use a tool correctly
Ah, so much hyperbole. If I'm successfully stripping all of it away, is seems that your argument is that it is impossible (P=0) to accidentally send an SMS message in Signal, thinking it was a secure message. Is that really your stance? Admittedly, there was a lot of hyperbole so I might have missed the actual point. Please correct me if I'm wrong.
A fallacy is just pointing out that your argument isn't likely to arrive at the truth. As I explained, your "I met a dumb person and so all arguments against this are dumb" stance isn't useful, even if we agree you're not just making that all up.
I asked for clarification. Is that your stance? That it's fundamentally impossible that someone could accidentally send a SMS in Signal while thinking it is secured? I'm going to assume that you don't believe it's fundamentally impossible, so that mean your real stance is that if that happens and someone gets sent to jail or worse, that's a small price to pay for your convenience of not having to *checks notes* switch between two apps.
Do you see how your lack of perspective might be leading you to make a poor argument?
What's bad faith about my argument? There's only two options: You believe what you typed and that it's impossible to make this mistake, or that you were using hyperbole, and you acknowledge that it is possible to make this mistake. These two options are both mutually exclusive and binary-- there can be no other stances. (and notably you haven't actually clarified which one you believe.)
I didn't make you choose to defend a poorly thought out stance. That's on you.
Well, I happen to disagree. I’m a privacy-conscious person, but I’m not an activist. Most of my contacts in real life (i.e the people I need a messaging app to talk to) are non-technical, and not really privacy-conscious. They’re not going to install a different app just to talk to me. The big draw of TextSecure (before it became Signal) was that they could just set that as their default SMS app, and it’d magically start to send encrypted messages if the other end was also using TextSecure, and they had to change exactly 0 of their habits.
I guess it depends on how you view it:
Move as many people as possible over to encrypted comms with the least friction possible, or
Provide a niche secure messaging platform for niche activists with niche needs.
I thought the goal was 1, but turns out it was 2. All my contacts are now back to Facebook Messenger…
It sounds like you’re slightly mis-remembering this oft-cited Hacker News comment from Moxie from 2015. I’m going to quote the main bit here because honestly a lot of people in this thread could stand to think about it:
If we were going to rank our priorities, they would be in this order:
Make mass surveillance impossible.
Stop targeted attacks against crypto nerds.
It’s not that we don’t find #2 laudable, but optimizing for #1 takes precedence when we’re making decisions.
I wasn’t actually quoting this, but yeah, I think that’s the point. Supporting SMS was helping adoption by promoting a seamless transition for users. Dropping it feels like prioritizing #2 to me. (All this comment thread about opsec, compartimentalization, activism, etc is really about #2, IMO)
This always struck me as strange thinking.
Are most people really unable to understand and use different messengers with different contexts and groups?
Honestly I use a few myself. My job has Tiger Connect. I use Signal with all my family and friends. Then I use SMS for some companies automatic notifications. It’s pretty simple and easy.
Well, yes. But when all your friends are already on Facebook Messenger, good luck getting them to install Signal only to talk with you. Network effects are important; a messaging app has no use when you have nobody to message on the app. Supporting SMS was taking advantage of its network effect, and I don’t think their network was big enough to be self-sustaining for most users (it wasn’t in my case, my only contact in there is my wife).
Convincing people to leave Facebook Messenger isn’t that hard. Just let them know Zukerberg and everyone at Facebook can see everything they send.
It is easier with a whole group of friends. If none of your friends known each other, you should work on that for other reasons. Groups of friends are better in general.
My biggest frustration with this is that the Signal server can still be given a username and it can return your phone number as an ID.
As I understand it, the phone number is invisible to average users and isn’t transmitted between them when utilizing username-based messaging, but someone with access to Signal servers directly (read: government agents, signal employees) can get a phone number from an ID at a point in time.
La differenza principale rispetto a Telegram è che non ci sarà un indice pubblico degli username, quindi non saranno ricercabili persone estranee alla propria cerchia. Gli username andranno scambiati di persona oppure online con la pubblicazione del codice QR che rimanda al proprio profilo.
signal.org
Hot