Why I won't recommend Signal anymore

Like a lot of crypto-puritanism it is rather mixed up. He says he recommended Signal because it was easy to use (more consumer friendly I guess) and secure, then says he wouldn&#x27;t have gone in the direction of making it easier to use and criticises the things that make it user friendly, like using phone numbers instead of usernames.<p>He says he thinks the protocol is secure, then says he doesn&#x27;t want it to use GCM because it routes messages via Google who he doesn&#x27;t trust (fixing that is the point of the encryption) and then talks about an attack that&#x27;d apply to any app regardless of whether it used GCM or not.<p>He finishes with a call to action: <i>&quot;We as a community need to come up with a viable solution and alternative to Signal that is easy to use and that does in fact respect people’s choices ... this tool should not have dependencies on corporate infrastructure&quot;</i><p>But like a lot of armchair moralising, he isn&#x27;t willing to debate the hard choices that go into building successful software. He says it should &quot;respect people&#x27;s choices&quot; as if Signal is built by people who are disrespectful, he says it should not have dependencies on &quot;corporate infrastructure&quot; as if volunteer run datacenters actually exist, and then says his motivation is avoided paywalls, ignoring that both Signal and WhatsApp are free.<p>It reads like a collection of talking points rather than a coherent argument.<p>Signal is unusual because it combines cutting edge cryptography with consumer friendliness and is actually successful. It&#x27;s pragmatic, not ideological. Crypto-warriors have a long history of producing secure software that nobody uses and then blaming the general public for not getting it; this sort of blog post is just a continuation of this decades long trend.

The author of this post believes that by making a stand over Signal policies he doesn&#x27;t like (the superficial GCM dep, the OWS-only server policy, the contact list discovery system), something more like LibreSignal will grow to take Signal&#x27;s place.<p>The author is wrong. LibreSignal won&#x27;t replace Signal. Something like Telegram will: an &quot;open source&quot; messaging system with inferior cryptography, &quot;opt-in&quot; end-to-end messaging, a long-term dependency on the telephone system for authentication, and a far &quot;cuddlier&quot; personality with its users and, more importantly, with people from the app development community (like the author). Telegram will continue to gain adoption, because sexy beats sound in every end-user match up. Signal is the closest thing sound cryptography has to a palatable solution for end users.<p>Iran has already compromised Telegram users, because it systemically trades security off for user adoption. They&#x27;ll get more of them, and people will hang from cranes as a result.<p>It&#x27;s not wrong to criticize Signal. Signal does things I don&#x27;t love, too! But we should be clear-eyed about the market.

Unfortunately, Google has made it (almost) impossible to wake up the phone via some external event without using its proprietary GCM. Even though GCM is not part of AOSP, it has unique status on the platform that can&#x27;t easily be replicated (without recompiling the kernel, etc like the article mentions).<p>Before the days of doze mode &amp; other battery optimizations, you could just listen &amp; block on a socket, then let the phone go to sleep. Incoming 3G packets would wake up the phone, you grab a wakelock, then start doing things. From what I remember, at least a while ago Facebook Messenger did this using MQTT. But this is not possible any more.

I highly recommend Conversations (disclaimer: I&#x27;ve worked on it in the past, although I&#x27;m not a project &quot;member&quot; per say): <a href="https:&#x2F;&#x2F;conversations.im&#x2F;" rel="nofollow">https:&#x2F;&#x2F;conversations.im&#x2F;</a><p>It&#x27;s open source, uses a federated, open protocol, and can do multiple types of encryption including OTR and OMEMO (an XMPP wire format that uses the Axolotl ratched devised for signal). It does not do VoIP, so it would just be for chat (although there is a large bounty on Jingle-based voip support open). It has also had a public security audit, and is designed to be white labeled so you can tweak a few variables in the source and build your own hardended version or encrypted-only version, etc.

Essentially this guy is saying, Signal is secure, it&#x27;s mostly easy to use (with the exception of multiple phone numbers), and the only alternative he mentioned is a half broken clone. Is he seriously going to stop recommending it to people whose lives depend on secure communications because of some abstruse ideological point? In any case, Moxie&#x27;s position is a reasonable one even though there are some arguments for federation.<p>While my current phone doesn&#x27;t support Signal, once I get a new one I will continue to use it<i>.<p></i> You might opine that allowing Signal clones would allow me to use the app, but they would almost certainly be maintained by people who aren&#x27;t really crypto experts, and so it&#x27;s better to operate as though I am broadcasting in cleartext than to pretend that I&#x27;m not and get burned.

Signal may not transmit any payload via Google Cloud Messaging, but Signal&#x27;s requirement to run Google Play Services compromises the user&#x27;s privacy in ways that have nothing to do with Signal. If you run Play Services then you have a device which provides your communications metadata, whereabouts, and device usage habits to Google.<p>I don&#x27;t trust Google with this information and don&#x27;t want to carry such a device, but a handful of friends and family use Signal, so I must choose between easy&#x2F;secure communication with them, and reducing my exposure to corporate surveillance.<p>Signal may be &quot;pragmatic&quot; among the current choices (just like the project&#x27;s decision to use GCM is pragmatic), but OpenWhisperSystems absolutely deserves criticism for:<p>1. Tying secure communication to running what amounts to Google&#x27;s spyware on your device<p>2. Offering no alternative for privacy-conscious users<p>3. Showing hostility to those trying to introduce such an alternative to the project<p>I think those dismissing these concerns as &quot;crypto-puritanism&quot; will be on the wrong side of history.

This. I didn&#x27;t know much of the insides of Signal. But, When WhatsApp decide to go in bed with FB to share my contacts and usage, one of the alternatives I explored was Signal. Threw it out the moment it asked for ownership of my contacts (no way to opt out). I for one am not going to trust a guy&#x27;s pinky promise to be good with my contacts and meta-data.<p>If I&#x27;m going to give up the convenience of reaching anybody by WhatsApp, it is going to be at least worth it in the sense of privacy.<p>Still hoping for a GNU project that garners enough interest to be technically strong, and used universally. One can dream.

<p><pre><code> &quot;Also, there’s the issue of integrity. Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing.&quot; </code></pre> What&#x27;s this based on? Google immediately denied any association with the NSA and PRISM:<p><a href="https:&#x2F;&#x2F;googleblog.blogspot.com&#x2F;2013&#x2F;06&#x2F;what.html" rel="nofollow">https:&#x2F;&#x2F;googleblog.blogspot.com&#x2F;2013&#x2F;06&#x2F;what.html</a><p>Google’s chief legal officer claimed that collection was being done without Google&#x27;s consent:<p><a href="http:&#x2F;&#x2F;www.irishtimes.com&#x2F;news&#x2F;technology&#x2F;google-outraged-at-nsa-interception-claims-1.1579245" rel="nofollow">http:&#x2F;&#x2F;www.irishtimes.com&#x2F;news&#x2F;technology&#x2F;google-outraged-at...</a><p>Evidence leaked by Edward Snowden also points in the direction of illegal infiltration of Google&#x27;s private network without Google&#x27;s consent:<p><a href="https:&#x2F;&#x2F;www.washingtonpost.com&#x2F;world&#x2F;national-security&#x2F;nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say&#x2F;2013&#x2F;10&#x2F;30&#x2F;e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html" rel="nofollow">https:&#x2F;&#x2F;www.washingtonpost.com&#x2F;world&#x2F;national-security&#x2F;nsa-i...</a>

Any messenger, tied to phone number, is not safe. possible attacks are: 1) create copy of sim-card; 2) force mobile operator to intercept password-code, sent to your number, and &quot;restore&quot; password this way. It may sound ridiculous for you, but in Russia it&#x27;s reality (both vectors), it&#x27;s real cases from life. And when user really need safe messenger, all of them are too careless to implement really safe way of messaging. And if you think these vectors are not possible in your country - be sure, we were thinking the same way.

EDIT: this isn&#x27;t a response to most of the article, but specifically to the &quot;Moving Forward&quot; section, asking about alternative tools.<p>Come to the matrix!<p><a href="https:&#x2F;&#x2F;matrix.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;matrix.org&#x2F;</a><p>It&#x27;s free -- all FOSS, including the entirety of the server -- and yes, all of it: proof by existence: several of my friends run their own.<p>It federates. I regularly join channels hosted on several different servers, and exchange messages without issue.<p>It&#x27;s on every platform. I use it on the desktop, my android (cyanogen, without gapps, none the less!), and my ipad, every day.<p>It even has voice and video calling built in, using webRTC. This feature has been a little rough while it was in development, but I used it last week in a 1-on-1 call and had an effortless experience. The audio and video quality was on par with Google Hangouts.<p>Crypto is hard, but it&#x27;s coming. The Matrix developers have huge respect for the axolotl ratchet design used in Signal. They&#x27;ve worked on making another implementation (in C, for easier linking in various languages, ostensibly) here: <a href="https:&#x2F;&#x2F;matrix.org&#x2F;git&#x2F;olm&#x2F;" rel="nofollow">https:&#x2F;&#x2F;matrix.org&#x2F;git&#x2F;olm&#x2F;</a><p>The deployment of that code to give full End-to-End encryption is a work in progress, but the beta is roughly functional. It includes everything you&#x27;d expect: communication works by default, but in an encrypted room, messages are flagged yellow if you haven&#x27;t explicitly verified the sender&#x27;s key. There&#x27;s a key per device; it doesn&#x27;t leave the device; and as soon as you verify that device&#x2F;key, messages from it are green, and you&#x27;re E2E secure.<p>Disclaimer: I have no direct association -- I became a Matrix convert after trying to write some XMPP client code about a year ago. I&#x27;m just really enthusiastic about recommending it because the tech is solid, the sync is good, it solves a problem, and the team hasn&#x27;t stopped either: they been firing on all cylinders constantly since I started using Matrix.<p>I love Signal for their dedication to getting encryption right and the security of their users. But yes, I also share a lot of the concerns listed in this article. Most of all, I honestly believe federation is an imperative. So, while acknowledging Signal&#x27;s history of outstanding security work... Hey, let&#x27;s celebrate there&#x27;s more than one game in town working on alternatives.

There&#x27;s a fundamental assumption here: that there is a better way. I&#x27;m not saying there isn&#x27;t, but there&#x27;s a pretty good existence proof that Signal is the best combination of security &amp; simplicity we can put together.<p>I would agree with this statement from the article: &quot;there should be a tool that is fully free software (as defined by the GNU GPL), that respects users&#x27; freedoms to freely inspect, use, modify the software and distributed modified copies of the software. Also, this tool should not have dependencies on corporate infrastructure like Google’s (basically any partner in PRISM), that allows these parties to control the correct working of the software.&quot;<p>There are such tools. None of them are as easy to use as Signal. So for now, I recommend Signal. I can&#x27;t, in good conscience, recommend anything else... and given the author doesn&#x27;t speak to what they recommend, I&#x27;m curious about what their recommendation would be.

&quot;Also, there’s the issue of integrity. Google is still cooperating with the NSA and other intelligence agencies. PRISM is also still a thing. I’m pretty sure that Google could serve a specially modified update or version of Signal to specific targets for surveillance, and they would be none the wiser that they installed malware on their phones.&quot;<p>Isn&#x27;t part of the reason that Moxie went with the Google Store is that he gets to sign the god damned binaries, making it impossible for Google to modify the app.

Wire (<a href="http:&#x2F;&#x2F;wire.com" rel="nofollow">http:&#x2F;&#x2F;wire.com</a>) has worked well on iOS for encrypted text&#x2F;files&#x2F;audio&#x2F;video. Open-source client, no contact sharing neeeded. No phone number needed, you can register with email by using a desktop browser at <a href="http:&#x2F;&#x2F;app.wire.com" rel="nofollow">http:&#x2F;&#x2F;app.wire.com</a>, then logging into the mobile app. Group chat for text only. Timed&#x2F;ephemeral messages for 1:1 text&#x2F;files. Feature matrix, <a href="https:&#x2F;&#x2F;wire.com&#x2F;privacy&#x2F;" rel="nofollow">https:&#x2F;&#x2F;wire.com&#x2F;privacy&#x2F;</a>. Could use more documentation (e.g. on retention of encrypted data) but a lot of questions are answered on Twitter or Github issues.

From the post:<p>&quot;<i>The Google Cloud Messaging service basically handles message handling from&#x2F;to the user’s devices to the Signal servers. The GCM service then handles all the aspects of queueing all messages and delivery from&#x2F;to users.</i>&quot;<p>This is not true. Messages are delivered via Signal&#x27;s own servers only. GCM messages are empty; their only purpose is to wake up your device. [1]<p>&quot;<i>The phone component of Signal is called RedPhone. The server component of this is unfortunately not open source [...] this is also probably the reason why secure encrypted phone calls don’t work in e.g. LibreSignal</i>&quot;<p>No. The reason for that is that the signaling for RedPhone calls is currently still done via GCM and not via Signal&#x27;s own message transport.<p>Regarding microg: I&#x27;ve never heard of the need to re-compile kernels for that. I think most people use it with Xposed (admittedly, a giant hack, but it works).<p>[1] <a href="https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;goodbye-encrypted-sms&#x2F;" rel="nofollow">https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;goodbye-encrypted-sms&#x2F;</a>

Can&#x27;t wait for moxie to jump into the commentary. :)<p>&gt;Lack of federation<p>Moxie&#x27;s pissy because he trusted the kangbangers at Cyanogenmod to to keep in sync with his development. They didn&#x27;t. Someone will need to volunteer to run their own server that&#x27;s kept updated, then buy Moxie a Snickers and hope he stops being moody.<p>&gt;Dependency on Google Cloud Messaging<p>Fun fact: The iOS client doesn&#x27;t use GCM, it uses Pushkit. GCM was chosen for Android because what else is as robust and doesn&#x27;t eat battery? Moxie&#x27;s voiced support of Websockets if someone implements it correctly and he can merge it as a fallback option when Play Services are missing. If you can&#x27;t code and want it, contribute to the bounty on it:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;LibreSignal&#x2F;LibreSignal&#x2F;issues&#x2F;37" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;LibreSignal&#x2F;LibreSignal&#x2F;issues&#x2F;37</a><p><a href="https:&#x2F;&#x2F;github.com&#x2F;LibreSignal&#x2F;LibreSignal&#x2F;issues&#x2F;43" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;LibreSignal&#x2F;LibreSignal&#x2F;issues&#x2F;43</a><p>&gt; Your contact list is not private<p><a href="https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;contact-discovery&#x2F;" rel="nofollow">https:&#x2F;&#x2F;whispersystems.org&#x2F;blog&#x2F;contact-discovery&#x2F;</a><p>TL;DR, it&#x27;s a tradeoff because nobody has a better idea that works at scale and is usable. Redphone used to have a good way of blindly doing contact discovery but it would require too much data for their current userbase.

Nothing is stopping anyone from running their own servers, changing the username scheme, and implementing the voice signaling. Moxie doesn&#x27;t complain about such usage. But that&#x27;s more work than simply complaining and telling OWS what they should do.<p>As far as usernames go, that would require the signaling key to be remembered by the user. That doesn&#x27;t work well in practice. As far as contact sync goes, has anyone submitted a patch for the android client to add an advanced option to disable that? On IOS access to the address book is user controlled at runtime. destinations will be validated by the server at compose time. Regarding federation, let&#x27;s see some code. It&#x27;s ridiculous to demand the small team that is OWS solve every single problem.

I have started to read about matrix a lot.<p>- It now supports e2e encryption.<p>- It has a nice web and mobile client, called riot.im<p>- I has many other client options<p>- You don&#x27;t need to show any phone numbers.<p>- Federated, you can host your own server

Animated GIFS were the straw that broke the camels back?<p>Let&#x27;s throw the best available solution under the bus.<p>This post will be my go to example of the myopia of some members of the security community. We have very few examples of well executed, consumer friendly privacy soloutions. Signal is the best for all possible scenarios: Open source, user friendly, buy in from a major Internet service.<p>I like wickr, but it falls short due to the closed source nature of the project.<p>Consumer friendly, usable security needs to be the number one priority for security advocates. We need to stop burning down houses because they are short a door or are the wrong color. The foundation is the hard part. Wait till there is a real alternative that can be used by people who are not c.s. majors before you argue that people should stop using the best available solution.<p>I appreciate the authors perspective and I agree with some of their points. Then they fuck it up by demonstrating purist jackassery. Worth a read as a useful persuasion antipattern.

I&#x27;ve trained hundreds of human rights defenders and journalists over the last 10 years and I will continue to recommend Signal. For too long the community has placed perfect security over usability - there are slightly more secure ways to communicate than Signal but they are far too disruptive to peoples work flows to actually be implemented.

&gt; this tool should not have dependencies on corporate infrastructure like Google’s (basically any partner in PRISM)<p>Free yourself from the bonds of corporate infrastructure by installing this tool on your Google Android or Apple iPhone device (Microsoft Windows desktop version coming soon).

There are several projects moving toward this. Matrix is probably the most well-known project, but its crypto isn&#x27;t actually operational yet, AFAIK.<p>Tox works now, but for all their talk of trying to be user-friendly, asking users to exchange long alphanumeric sequences inherently isn&#x27;t.<p>Psyc, maybe?

If they are only using GCM as a queue (and the messages are themselves encrypted) I don&#x27;t understand what the problem is.<p>They could use anyone for that functionality. Even if the messages are given to an &quot;adversary&quot; what can they really get from that? Your phone app contacted the signal servers. That&#x27;s really it.

Redphone component.<p>I don&#x27;t know why it&#x27;s closed source. It&#x27;s been suggested elsewhere in this thread that it was potentially IP issues they kept it closed for. Is it possible loose US CALEA law interpretation influences the reasoning? Or a gag?<p>I honestly don&#x27;t know why they chose to do that but I wanted to comment in to see if a lawyer or someone from the project could hint at the reasoning.

I&#x27;m working on a completely open secure communications suite based on TweetNaCl. Proof-of-concept prototype is here:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;Spark-Innovations&#x2F;SC4" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Spark-Innovations&#x2F;SC4</a><p>Working on a better UI at the moment. Could really use help, especially beta testers.

I know the redphone is library is just a binary blob in the github repository:<p><pre><code> https:&#x2F;&#x2F;github.com&#x2F;WhisperSystems&#x2F;Signal-Android&#x2F;tree&#x2F;master&#x2F;libs&#x2F;armeabi </code></pre> But I always thought that .so was just a compiled version of this C++ source, which in the same github repository:<p><pre><code> https:&#x2F;&#x2F;github.com&#x2F;WhisperSystems&#x2F;Signal-Android&#x2F;tree&#x2F;master&#x2F;jni&#x2F;redphone </code></pre> I haven&#x27;t compiled it myself so I can&#x27;t be 100% sure, but the C++ entry points matches the API the Java code is using. I presume it&#x27;s written in C++ for speed. There isn&#x27;t much to the C++ bits. It just pumps data through an encrypted RTP connection - CPU intensive but not particularly complex.<p>The server code is up there too - in fact it&#x27;s all up there. AFAICT, Signal is completely open source.

I haven&#x27;t actually worked with GCM so please forgive me if this doesn&#x27;t make any sense. I suggest that, instead of routing all messages through GCM, what if Signal could send a &quot;wake up&quot; message via GCM, and then let the app pull the encrypted messages directly out of Signal&#x27;s servers? A wake up message would only be sent by the server if the message could not be received by the client via normal means (implying that the device is asleep).<p>An optional user preference could allow some dummy wake up messages to be sent at random moments during the day, to support plausible deniability, at the cost of slightly worse battery life performance. This would all happen silently and the user would only notice a message notification when the app successfully fetches a new incoming message.

I didn&#x27;t have to recompile my kernel to use microg...instead I used FakeGApps with Xposed framework. instructions: <a href="https:&#x2F;&#x2F;github.com&#x2F;thermatk&#x2F;FakeGApps" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;thermatk&#x2F;FakeGApps</a>

Signal is to get people from SMS and iMessage -&gt; Signal. This means that cross platform communication becomes secure in transit.<p>Once Signal and others have really wiped out all the insecure messaging people are doing, then we can start with the identity problem with phone numbers. GCM, Contacts, etc are all related to this &quot;phone number as identity&quot; problem.<p>RCS is an unfortunate grab in this space, and we need to move fast before RCS is the default, and we&#x27;re back to insecure messaging.<p>Email addresses are the best form of &quot;federated identification&quot; but are wildly insecure for communication. Here&#x27;s to hoping we can get some better ones.

For me I won&#x27;t recommend it because of the horrible lack of options when you replace your phone (let alone lose it). No encrypted migrate. No backup options. Unencrypted loses content (images).<p>Plus there&#x27;s no way to search old messages.

The truth which a lot of Moxie fans don&#x27;t want to admit is he thinks there is nobody better to be entrusted with this project. I don&#x27;t think this was ever meant to be a community project -- he just opened some parts so he could pretend it is. Also he is a limelight hogging security diva who always wants to be in the news and have people talk about him. If he allowed others to contribute and be recognised, he worries they might overshadow him.

The author offers no better alternative so I think that means the article speaks for itself: there&#x27;s not much to do but whine. These are problems, sure, but they&#x27;re minor when you consider that Signal is the most secure and user-friendly messenger we have on the market right now. If something takes its place, then great. Otherwise, we just will continue to use what is secure and actually works.

- Lack of federation<p>Use a federated secure protocol. Oh wait, there are none. Because if a problem appears you just can&#x27;t fix it without breaking all federated clients. And then they will whine.<p>- Dependency on Google Cloud Messaging<p>Fair enough<p>- Your contact list is not private<p>Fair enough<p>- The RedPhone server is not open-source<p>While it would be nice that it was Open sourced I can understand them not releasing it (might be for IP issues)<p>tl,dr: &quot;Signal does not work the way I wanted&quot;

&gt; Another issue, and a plus for using usernames, is that you may want to use Signal with people you don’t necessarily want to give your phone number to.<p>So, how do you know that the Edward.Snowden@signal you&#x27;re communicating with is the same Ed Snowden that we all know about, and not some TLA stooge?

funny enough, I was going to try out Signal today but stopped right after seeing the permissions they request: <a href="https:&#x2F;&#x2F;pbs.twimg.com&#x2F;media&#x2F;CwhFsLzXcAIDcMH.jpg:large" rel="nofollow">https:&#x2F;&#x2F;pbs.twimg.com&#x2F;media&#x2F;CwhFsLzXcAIDcMH.jpg:large</a>

How does Signal compare to Telegram? Would you recommend Telegram as better or worse then Signal.

Why is the author asking for GPL?<p>Wouldn&#x27;t a ISC&#x2F;BSD-like license be better for the federation aspect?

If you aren&#x27;t going to recommend anything else then sit down and shut up frankly. The world is made of compromises and saying I don&#x27;t like your choices is pointless if it&#x27;s effectively impossible to choose differently.

I am also very unhappy with the direction Signal has gone, but there&#x27;s currently no alternative. I&#x27;d be interested in contributing to work attempting to replicate it, though.

If wishes were fishes we&#x27;d all live by the sea.

Any service that owns valuable user data is going to get compromised eventually, whether they do it themselves, or are the victims of an attack. I feel like the only way to not get swept up in the surveillance state is to never put your data on one of these services at all.

The Signal app is stupid. It doesn&#x27;t work intuitively as WhatsApp. It&#x27;s incomprehensible that you need a phone number, it&#x27;s incomprehensible that you can&#x27;t compile it yourself.

What are your views about VoIP with ZRTP?

Add a lack of real desktop to this.

&gt;I’m pretty sure that Google could serve a specially modified update or version of Signal to specific targets for surveillance, and they would be none the wiser that they installed malware on their phones.<p>I&#x27;m not sure he understands how app signing works and why it would be impossible for Google to forge a developer&#x27;s signature. He also seems to have a problem with GCM and Google in general. Perhaps he should look into writing his own secure chat application.

Hmm... he mentions the Giphy thing at the beginning of the article, then never again.<p>The Giphy mention seemed really dangerous to me. Now I don&#x27;t use Signal but I imagine it&#x27;s 1) optional and 2) requests are proxified&#x2F;anonimised through an intermediary (the Signal servers in this case). And why is this dangerous? Because this &quot;don&#x27;t build cool stuff on this serious app&quot; is what makes people not use the app. It&#x27;s creating boring, dull apps what stops them from becoming mainstream successes. If we are trying to make the public using secure apps because we believe in privacy, we have to make them appealing.<p>This is similar to the case of how nobody uses PGP because how horribly bad it is, UX-wise.<p>That said the rest of points he brings up are good. I just didn&#x27;t like the Giphy mention, especially taking into account he didn&#x27;t say anything else about it, he just brought it up.

&quot;Otherwise, we’ll be in danger of ending up in an neo-90s Internet, with walled gardens and pay walls all over the place. You already see this trend happening in journalism.&quot;<p>The internet will never be less walled, more free, and more federated than it was in the 90&#x27;s. With such a poor understanding of the internet and its history, even if he did make a compelling argument (he doesn&#x27;t), it&#x27;d be hard to take seriously.

&gt; <i>The big question now... is what post-Signal tool we want to use. I don’t know the answer to that question yet</i><p>Oh.