I don't trust Signal

Drew DeVault doesn&#x27;t trust Signal because its Android incarnation uses the Google Play Store --- the app market virtually all of its real users use --- and not F-Droid. DeVault would also like it if Signal would interoperate with other chat programs.<p>Instead, DeVault would prefer that you use Matrix, a system for which end-to-end encryption is (according to its own website) &quot;in late beta&quot;, offered on a select subset of clients, and &quot;not enabled by default&quot;†.<p>This argument is clownish and we should be embarrassed it&#x27;s on the front page.<p>There are people in the world that want to sysadmin their phones. It&#x27;s a life choice they are free to make and I don&#x27;t hold it against them. But the vast, overwhelming majority of users do not want to make the app market on their phone work more like Debian and less like the Play Store. Signal, to put it bluntly, does not care about the desires of the phone sysadmins. Even if they caved to the sysadmins, the application would, for virtually all its users, be no more secure. This bothers DeVault a lot, enough that he&#x27;s constructed an entire psychoanalysis of Moxie Marlinspike to explain to himself how it could possibly happen that someone else on the Internet doesn&#x27;t agree with him.<p>Also, just as a note to DeVault: the point of end-to-end encryption is that you don&#x27;t have to trust Signal&#x27;s server. All it does is arrange for the delivery of messages, which are secured client-to-client. Compare Signal&#x27;s server to Wire&#x27;s, which --- last I checked --- <i>retains a record of every pair of users who have communicated in the past</i>.<p>† <i>When this was pointed out downthread, DeVault responded: &quot;[o]ther alternatives (which I have not reviewed in depth) include Tox, Telegram, Wire, and Ring&quot;. Telegram is a particularly funny reference to make, because not only is E2E not the default there, but --- last I checked --- it can&#x27;t even do E2E group chat. Telegram&#x27;s owners are adamant that TLS is adequate for group secure chat.</i>

Some version of this post seems to circulate every few months or so. This one is more direct in its accusations of Moxie acting in bad faith. I think this is disingenuous. Moxie has been very clear[0] about the tradeoffs that Signal has made and the reasons for them. It&#x27;s fine to be dissatisfied with those choices. It&#x27;s another thing entirely to accuse Moxie of dissimulating.<p>Personally, I&#x27;d like to see Signal replace WhatsApp. That&#x27;s why I support the path Signal took, and why I also have a distaste for the author&#x27;s snarky dismissals of features like GIF search.<p>[0] <a href="https:&#x2F;&#x2F;signal.org&#x2F;blog&#x2F;the-ecosystem-is-moving&#x2F;" rel="nofollow">https:&#x2F;&#x2F;signal.org&#x2F;blog&#x2F;the-ecosystem-is-moving&#x2F;</a>

This is a really poor post. Lots of in-the-weeds long-running-feud grudge holding snark, but no real examination of the issues at hand. And his assertions don&#x27;t make sense in any case. You can&#x27;t trust the Google Play store because a malicious actor might have swapped out the trusted roots on you. But then why should we trust F-Droid&#x27;s signing infrastructure?<p>Then he gripes that the posted APK has to be manually checksummed to use it. If you are truly paranoid, trusting a checksum you get from the same page you get a binary is as secure as ignoring the checksum altogether. But why would you trust a hidden signature process you can&#x27;t see any more? How do you know your F-Droid binary was secure?<p>But worst of all is this pointless assertion: &quot;Truly secure systems don’t require trust.&quot;<p>There are no truly secure systems. Malicious actors could replace your Matrix app with a lookalike clone. Your phone could have a hidden keylogger built into the OS. Or the hardware. The person&#x27;s phone on the other end of your communication could have been compromised. You could be being monitored by all sorts of undetectable means.<p>Perfect security is an unattainable goal, but good security requires acknowledging and enabling trust to play a role in the protocols and systems we develop.

<i>But we have to trust that Moxie is running the server software he says he is. We have to trust that he isn’t writing down a list of people we’ve talked to, when, and how often. We have to trust not only that Moxie is trustworthy, but given that Open Whisper Systems is based in San Francisco we have to trust that he hasn’t received a national security letter, too (by the way, Signal doesn’t have a warrant canary). Moxie can tell us he doesn’t store these things, but he could. Truly secure systems don’t require trust.</i><p>We have at least one data point that says that Signal stores exactly two integers about you, or did when the subpoena was issued: <a href="https:&#x2F;&#x2F;www.aclu.org&#x2F;open-whisper-systems-subpoena-documents" rel="nofollow">https:&#x2F;&#x2F;www.aclu.org&#x2F;open-whisper-systems-subpoena-documents</a><p>things can always change, but that’s evidence submitted in court under the penalty of perjury, which is a fairly strong claim.

&gt; P.S. If you’re looking for good alternatives to Signal, I can recommend Matrix.<p>Yes, if you&#x27;re looking for alternatives to Signal, you should totally use a solution that hasn&#x27;t rolled out end-to-end encryption by default[0]. &#x2F;s<p>...and that only two clients have implemented so far, out of 50ish that they list on their website.<p>[0] <a href="https:&#x2F;&#x2F;matrix.org&#x2F;docs&#x2F;guides&#x2F;faq.html#what-is-the-status-of-e2e%3F" rel="nofollow">https:&#x2F;&#x2F;matrix.org&#x2F;docs&#x2F;guides&#x2F;faq.html#what-is-the-status-o...</a>

&gt; Off the bat, let me explain that I expect a tool which claims to be secure to actually be secure. I don’t view “but that makes it harder for the average person” as an acceptable excuse. If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries.<p>I&#x27;m not so sure about this. I don&#x27;t think Snowden and Schneier are praising it because it is the most secure application available that works for every threat model; I think they&#x27;re doing it because it&#x27;s the best attempt to up the security of the masses. In other words: there&#x27;s a limit to its threat model. Signal makes it harder to do mass-scale surveillance, and allows e.g. whistle-blowers to contact journalists without standing out because they&#x27;re using an encrypted messaging app.<p>Yes, it&#x27;s important to highlight those trade-offs, and one can always do better, but as far as I can see Moxie has always justified the trade-off with arguments that were not based on being self-serving. You might not agree with his conclusions, but I think it&#x27;s unfair to accuse him of being self-serving. (Unless you mean &quot;thinking about the consequences for the success of Signal&quot; by &quot;self-serving&quot;. It&#x27;s not really clear how it serves Moxie otherwise, and the author doesn&#x27;t go into detail about that.)<p>In the end, I think it comes down to the author expecting different goals from Signal than the project itself has - as implied by his disdain for GIF search. Obviously Signal isn&#x27;t only implementing features just to get more secure - it also wants to be widely adopted. It&#x27;s just that the author apparently doesn&#x27;t consider that as important.

Signal is not for state-proof encrypted communication. Not large states like the USA or Russia. If you think it is, you&#x27;ve been misinformed. For state actor proof communications you need to evaluate every action you take and think:<p>&quot;What are the assumptions that I&#x27;m making here?&quot;<p>One assumption is that you&#x27;re not currently on anyone&#x27;s radar. Are you willing to bet the entire enterprise on this assumption? How certain are you? Are you 99.999% certain?<p>Another assumption is that the operating system you are running the app in is not compromised <i>on either end of the communication</i>. 99.99%?<p>Another assumption is that the screen isn&#x27;t viewable by other devices. Another assumption is that the frequency of your key taps aren&#x27;t picked up by a mic and then turned into intelligible letters.<p>Another assumption is that the encryption algorithms you&#x27;re utilizing haven&#x27;t been subtly chosen to be intelligible to a single actor or that they&#x27;ll stay secure once we have quantum computers.<p>Etc. Etc. Etc.<p>Signal is good because it raises the bar. Stock traders buying black information probably won&#x27;t get your communications. They won&#x27;t be scooped up in a email server leak. They wont be visible to your wife when she enters your phone&#x27;s unlock code because they auto delete, and they don&#x27;t get pushed to your iPad, like FB messenger[0].<p>But if you want to go up against James Bond, and you&#x27;re already on his radar, you need to give up the illusion that anything computer related is fully trustable. Just pre-arrange some code words or OTPs and meet in person in an area without electronics or go even more old school and use dead drops with hand written communication.<p>[0] I personally know 3 people that were caught cheating this way.

&gt; Truly secure systems don’t require trust.<p>This is a chat app so, by definition, security requires trusting at least one other person. Also, I think experience shows that secrets can often be least trusted to those who have some interest in&#x2F;use for them, with the secret owner often being the least trustworthy of all. So I&#x27;d say that if you trust yourself you&#x27;re already probably trusting one of the weakest links in whatever chain of trust you would have.<p>But seriously, pretty much every secure system requires trust, and the more it relies on technology, the more trust is required. You need to trust there are no backdoors or holes in a long chain of hardware and software that no one person can possibly verify, and if they hypothetically could, they could only hypothetically do so with the help of verification software that they could not themselves verify, at least not without dedicating a lifetime to that goal. Trustless security does not exist, and attempting to achieve it by adding more technological layers and more complexity reduces rather than enhanced security. We should make it easy for us to choose whom to trust, not work on a futile attempt to take trust out of the system.

&quot;The APK direct download doesn’t even accomplish the stated goal of “harm reduction”. The user has to manually verify the checksum, and figure out how to do it on a phone, no less. A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want.&quot;<p>This is true for just about every single piece of software that one downloads. But nice job deflecting it onto Signal to solve for you. Installing an APK by hand is not difficult either, you transfer it to your phone and open it. I don&#x27;t see how Signal is doing any better or worse of a job from similar apps. Also, Signal&#x27;s checksum verification is SHA-256 which I&#x27;d say is &quot;good enough.&quot; It&#x27;s also being served from an HTTPS webpage. Is there something missing here?

&quot;If Edward Snowden and Bruce Schneier are going to spout the virtues of the app, I expect it to actually be secure when it matters - when vulnerable people using it to encrypt sensitive communications are targeted by smart and powerful adversaries.&quot;<p>Because if the adversary is, say, an abusive ex that happens to work for the telco, for example, then it doesn&#x27;t matter. Unless you&#x27;re actively hunted by a G7 country your problems are inconsequential.

I don&#x27;t know anything about Moxie derailing threads or anything like that but if we just listened to critics all the time then we just wouldn&#x27;t have anything. Signal is better than a lot of what is out there and being used as scale and that counts for something. More secure is always better than not secure at all.

AFAIK, Signal has an open source client, and an open source server. If you want federation, you can go ahead and build it, and find users, and you can start from a reasonably well working base. Moxie isn&#x27;t going to build it, because he doesn&#x27;t think federation works; to convince him, you&#x27;ll need to show him it works, not just tell him. Is there an example of a federated chat service which has end to end encryption that just works?<p>Peer to peer chat is interesting, but it means that IPs of communicating users are more widely exposed -- now anybody in the network path between two users can see they&#x27;re communicating with each other, not just that they&#x27;re both communicating with Signal. I may not want to share my IP with some (or most) people I communicate with. Additionally, there&#x27;s a lot of hard work around actually getting a peer to peer connection on today&#x27;s internet, for a large fraction of connections, you&#x27;re going to have to proxy packets for them anyway.

The article actually proposes an alternative: Matrix, and Matrix is, in fact, a good piece of software, with federation options.<p>I tend to agree with most parts of the article, especially the lack of federation options.<p>My real pain point with Signal is that there is no real desktop application for it - no, a connected web interface is not a desktop application. For example, XMPP with OMEMO can be used simultaneously from Android Conversations AND Pidgin - same account, same messages (yes, it needs XMPP Carbons on the server), e2e.

&gt;Google Play<p>use yalp store<p>&gt; Packages on F-Droid are reviewed by a human being and are cryptographically signed<p>&gt;The app has to update itself, using a similarly insecure mechanism. F-Droid handles updates and actually signs their packages<p>so are all android APKs. granted it&#x27;s trust on first use: it accepts any signature for the first install, and only enforces the signature if you try to install an update.<p>&gt;A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want<p>this is probably the only legitimate concern, to use f-droid so you have a permanent anchor of trust (f-droid, rather than whatever CAs you have installed) for the first install. this isn&#x27;t even that big of an issue when you can install using yalp store. google might be a rootkit or whatever, but at least you can be reasonably sure that the apks are the originals.

&gt; There’s an alternative to the Play Store for Android. F-Droid is an open source app “store” (repository would be a better term here) which only includes open source apps (which Signal thankfully is). By no means does Signal have to only be distributed through F-Droid - it’s certainly a compelling alternative. This has been proposed, <i>and Moxie has definitively shut the discussion down.</i><p>Adjunct to the rest of this discussion: just read through that GH issue and came away with markedly different conclusions than the author of the blog post.<p>It reads like someone who is trying hard to justify and prioritize dev time&#x2F;resourcing in the face of what is a demanding and vitriolic minority. No evidence of disingenuous intent or desire to push a particular agenda. I see nothing that would have prevented the old OSS adage: &quot;if you want to see it, do it&quot;.<p>Drew, I don&#x27;t know you, or the background for the argument you&#x27;re making, but it seems like you have something stuck in your craw here. Maybe take a little time and try to view the situation with fresh eyes? You&#x27;re obviously passionate about this subject -- and the unique perspective is appreciated -- but it devalues the rest of the info presented, and I don&#x27;t buy the precept you&#x27;re proposing.

People should just know by now, if you need to communicate something in private, you should just <i>never</i> use any electronic device that uses public networks. All of these &quot;secure&quot; tools that are being used must be understood in that context. They are &quot;secure&quot; against honest people.<p>What I mean by that is that it&#x27;s a lot like your home or apartment. Sure, you should lock your door and turn on your alarm system when you leave. At the same time, if you know there are three letter agencies surveilling you, it&#x27;s probably wise to go ahead and assume they broke into your home and placed bugs in it despite your security precautions.<p>Because they have.

This article is entirely about the Play store and F-droid.<p>As a user, when an app claims to be &#x27;secure&#x27;, I expect the app itself to have made reasonable security tradeoffs. I don&#x27;t however expect them to change my OS, my package manager, or anything else. The security of those other components isn&#x27;t their concern.

&gt; Truly secure systems don’t require trust.<p>Security is something which only makes sense in relation to an attacker model. Only after you specified that, then we can discuss if something is secure or not.<p>Signal is not secure if the NSA is after you. Signal is secure if your Chinese competitor is after your business data. Signal is secure if you are a journalist in Turkey.

The author is a delusional crank. He is very deliberately ignoring the very cogent arguments for the Signal architecture in favour of some specious moaning about how play store is subverted by the NSA.<p>If you want a federated &#x2F; onion-routed message transport, start coding. You can use the signal ratchet mechanism if you want, you just can&#x27;t call the resulting shibboleth Signal. Distribute only by obscure methods, easily subverted by users installing malware versions with higher search rankings. Then stand back and watch as hardly anyone used your app.

&gt; This is a strong accusation, I know. The thing which convinced me of its truth is Signal’s centralized design and hostile attitude towards forks.<p>The thing that convinced you that Moxie <i>feels</i> a certain way is that Signal has a &#x27;centralized design&#x27;.<p>Please, if you&#x27;re going to accuse someone of acting in bad faith with no evidence the least you can do is be honest about it. You have nothing but your feelings for proof of anything.

I agree that Tox is better but at the same time I know people who truly need to stay hidden and they use Signal on a burner phone with a cash sim-card. That way it doesn&#x27;t matter which medium the messages are transmitted over because it still can&#x27;t be traced back to them.<p>And as far as I know the encryption is solid.<p>Unlike some other alternatives like Wickr Signal actually open sources their app and their communication protocol.

If the consequences of sending messages are torture and death, I wouldn&#x27;t trust any form of electronic communication. That&#x27;s what face to face meetings are for and have always been for. I did not think signal is insecure, but either party could be compromised in other ways like a key logger or other local software that intercepts messages on the device they are composed on. I certainly wouldn&#x27;t trust any mobile os based app although desktop ones might not necessarily be better even if they both run on a Linux os that&#x27;s fully open source. Most people are not up against such threats, so in most cases it doesn&#x27;t matter. For the people that are, they are brave in using such software. I would never place my life in the hands of such software. I simply wouldn&#x27;t trust any such software with my life. By comparison, the software in my car or on a plane is a different matter but it&#x27;s also engineered to different standards and has proven itself in a verifiable manner--I haven&#x27;t died after much driving and many flights.

To be completely honest, Android should be considered as &quot;insecure&quot; for the same reasons. It&#x27;s binary blobs that are hacked around by distributors with limited support after a year or so (when phones stop being manufactured and widely sold).<p>Can we just get a proper Linux OS running on mobile devices already that&#x27;s properly open source and easily re-flash-able? It&#x27;s clear that ARM is here to stay and if Linux is to stay relevant, it needs to move towards support for one of the most popular computing devices on the planet. Desktops made their way into each home and mobile have made their may into each pocket.<p>That way, running something like Signal would be more trust-able coming from a package manager, especially with something like Debian&#x27;s reproducible builds.

I don&#x27;t prefer messaging apps that require phone numbers, they always feel less trustworthy to me because that one aspect of privacy isn&#x27;t there

« those are all really convenient excuses for an argument which allows him to design systems which serve his own interests. »<p>I wish the author would actually lay out what they think Moxie&#x27;s interests <i>are</i>.

As a Signal user, I just wish I could make my own personal fork of the desktop app and still talk to everyone without having to use the beta servers and fear of having access cut off, because the visual design and UX of the desktop app is absolutely atrocious. And the latest update that was pushed a few days ago was a massive step back; the bloated UI now looks like some iOS app from 2007. It&#x27;s just embarrassing. And don&#x27;t even get me started on the lack of a search function -- something the mobile client has.

I have recently switched to Riot (built atop Marix, which the author endorses at the end) for some family communications and yeah, I think I do prefer it to Signal.

I personally don&#x27;t distrust Signal.<p>I just refuse to use it. This comes up on HN a lot and everytime I have to admit that I am kinda unfair here: Signal is heralded as the nice and secure solution - but seems incomplete to me. I don&#x27;t doubt all the more clever persons that tell me that Signal is the best choice for encryption right now. But as long as it doesn&#x27;t support federation (I miss XMPP) and as long as it does require a phone number (None of anyone&#x27;s business, not required for my contacts, a baaaad way to handle identification) it is utterly broken for me.<p>I&#x27;ll continue to use Telegram for family, friends and casual business stuff. The applications are awesome across platforms, I can initiate conversations with people without using a phone number. Worse encryption? Probably. Likely. Just as centralized? Yes - hate it there as well.<p>But I hoped that Signal would be the solution. I&#x27;m unfair. Signal gets judged for NOT being open (federation, phone number). Telegram is just a random service that I use instead then - works better anyway.

Federation is not some sort of magic dust that would fix signal, you&#x27;d be just exchanging one problem (centralization) with another (spam).<p>Plus in all likelihood even if they did federate, it would just be like email with gmail that the Open Whisper Systems is the dominant player so most conversations have at least one party running on Moxie&#x27;s hardware.

The blog post states the following:<p><i>&gt; [Moxie] makes arguments which don’t hold up, derails threads, leans on logical fallacies, and loops back around to long-debunked positions when he runs out of ideas.</i><p>Can anyone provide examples of threads where Moxie is acting like this? The blog post didn&#x27;t give any.

You don&#x27;t need to have absolute trust in Signal, you just need to trust it more than WhatsApp.

The line about F-Droid doing no automated scanning is particularly troubling. Since he can&#x27;t possibly imply that a Signal compromise would be detected this way, Moxie is making a political argument against the way people are using F-Droid to install <i>other applications</i>. He refuses - on principle, no less - the right for users to control their hardware and have full control over the software they install, and thinks the walled garden approach should be forced on every Signal user.<p>Sorry, there is no excuse for Signal not to be available on F-Droid. I understand the automatic updates argument if it was valid at the time, but Signal has no right to impose what other applications I run and how I get them.

If you prefer obscure alternatives try:<p><a href="https:&#x2F;&#x2F;vsee.com&#x2F;messenger&#x2F;" rel="nofollow">https:&#x2F;&#x2F;vsee.com&#x2F;messenger&#x2F;</a><p><a href="https:&#x2F;&#x2F;zangi.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;zangi.com&#x2F;</a>

Where&#x27;s the &quot;This Post is Bullshit&quot; button?

I trust it more than unencrypted SMS or Facebook Messenger.<p>I trust it less than p2p chat over an encrypted network I control with layered defense in depth.<p>Security is not a boolean.

Seriously, why do they use the smartphone in the first place? The smartphone ecosystem, be it Android or iPhone, is not secure. It can not be trusted.<p>Even if we avoid Apple and Google&#x27;s software distribution platform, Your smartphone still has binary blob kernel module, baseband processor and the OS runs on top of that.<p>People who claims secure and trust on top of smartphone are all liar, idiot or both.<p>Don&#x27;t use the smartphone.

+1 I agree wholeheartedly wiht the concerns and complaints in this post. Even if you were to have the most trustworthy person leading a system like this, who is to say that this person&#x27;s mind won&#x27;t change. Or worse, a different successor could redefine the goals - this is created under a company after all. What&#x27;s the solution? Trust in design.

If signal was somehow federated(without a central server) and open source(which it is) then there&#x27;s not much to not to trust.<p>When they figure out a way to make signal serverless, then the only thing you would have to worry about is the OS of the phone and its underlying architecture...<p>I have no doubt we will reach that point but I wish we get there sooner rather than later.

What&#x27;s wrong with using Google Play Services?<p>Correct me if I&#x27;m wrong, but I assume it has to do with message notifications. So, by using GCM, Signal would be leaking some metadata about when and who, etc. I assume. But wouldn&#x27;t someone be able to get that same information from your ISP (with a little more work)?<p>You&#x27;re losing the benefits of longer battery life for basically nothing.<p>Security isn&#x27;t absolute. I don&#x27;t know why this blogger has the attitude that there is such a thing.

Slightly off topic: How do you convince your friends &amp; family to switch to Signal from WhatsApp?

For those looking for an open-source, private and secure messenger take a look at Adamant: <a href="https:&#x2F;&#x2F;adamant.im&#x2F;" rel="nofollow">https:&#x2F;&#x2F;adamant.im&#x2F;</a>

Is the .apk reproducible from the source?

Although signal has cash they need a lot more support. It’s a good time to remind people they are hiring

Signal is at least as good as all the other cloud messaging apps... (privacy wise)

Secure messaging on android seems like an oxymoron.

&quot;Google Play Services lets Google do silent background updates on apps on your phone and give them any permission they want. Having Google Play Services on your phone means your phone is not secure.&quot;<p>Yes, Google can install a backdoored version of Signal. This is bad. But if you can&#x27;t take that risk, you can install e.g. LineageOS without Google Apps, download the source code, reproducibly compile the apk, and install it on your android. If you have a better idea, maybe it can be implemented.<p>&quot;A checksum isn’t a signature, by the way - if your government- or workplace- or abusive-spouse-installed certificate authority gets in the way they can replace the APK and its checksum with whatever they want.&quot;<p>If they can add a certificate on your smartphone&#x2F;PC, why can&#x27;t they replace Signal with malicious one? Why can&#x27;t they replace F-Droid? There is no 100% method to solve this issue, unless perhaps if you can meet with F-Droid developers, obtain the authentic public key from them to verify the F-Droid client&#x27;s signature. Calling SHA256 cryptographic hash a checksum shows slight dishonesty on your side. The differences in connotations between the words are significant.<p>F-Droid doesn&#x27;t magically solve this problem. The root of trust comes from another SHA256 hash -- 61:DB:51:32:39:47:61:C4:D4:3F:8A:9B:AE:72:B0:2E:B0:8D:F3:B5:ED:F2:92:1C:7B:14:7E:2F:29:30:83:03 -- that authenticates the certificate of f-droid.org.<p>Or it comes from the hash F3:33:D2:E7:FA:A3:68:7F:B2:99:3E:6D:F6:9D:EE:1D:DA:77:36:11:DD:CA:B3:3A:B6:79:87:AA:40:56:94:22 that authenticates the MIT&#x27;s PGP key server that has the signature verification key for F-droid clients: <a href="https:&#x2F;&#x2F;pgp.mit.edu&#x2F;pks&#x2F;lookup?search=f-droid&amp;op=index" rel="nofollow">https:&#x2F;&#x2F;pgp.mit.edu&#x2F;pks&#x2F;lookup?search=f-droid&amp;op=index</a> All your suggestion does is, it adds a layer or two where we hope the NSA doesn&#x27;t compromise them in case you&#x27;d want to use that chain to install and validate Signal. And even if you personally verify the authenticity of public key, you haven&#x27;t solved the issue of private key exfiltration via hacking. You need expensive HW like HSMs to even start combatting exfiltration. And Google can afford those.<p>&quot;...centralized servers and trademarks.&quot;<p>Of course you can&#x27;t call a fork with the same or similar name as the original. You don&#x27;t want malicious entities to create projects with names like &quot;Signal Official Client&quot; etc. Having distinct name helps both the fork and the original one.<p>Centralized servers fix a crucial issue, shitty designs that linger forever. It also fixes the issue of having to deal with backwards compatibility indefinitely. Moxie can actually see what versions are still deployed, and push updates to most users. The idea here being, you don&#x27;t have to support older protocols (e.g. the group chat had a big issue that was or is currently being worked on), implement backwards compatilibity that risks downgrade attacks etc.<p>Let me give you an example. Riot decided to go with stupid, stupid base64 public key fingerprints. What happens here the only way to jump to smart choice of base10, is if all clients switch at the same time. If one client shows fingerprint in different base, it&#x27;s not compatible. Sure, you can add a feature that lets the clients negotiate which fingerprint to use but then you need to get that deployed to every client. This happens really slowly, and it must usually follow the waterfall model with first deciding about these things on future revisions of Matrix protocol. And if you want to know how that will turn out, take a good look at OpenPGP research group: since SHAppening, they haven&#x27;t even been able to agree on a new hash function for fingerprints. And once decided, that hash function will wait for years before the next revision of protocol is ready. Then you wait for it to be implemented in upcoming reference libraries and forks of those. And then you wait for them to be deployed in clients. Moxie changed all users&#x27; fingerprints from Base16 to Base10 -- my guess -- within a week by pushing the update. The advantage of agility is obvious.<p>&quot;But we have to trust that Moxie is running the server software he says he is.&quot;<p>For content encryption, we absolutely don&#x27;t have to trust him. For metadata, yes, we must trust the server runs the version that only collects registration date and some other minor detail, I forget. If you want to remove metadata, use Ricochet or Briar. Because Signal isn&#x27;t lying about being anonymous by design, the only thing I think we can agree is, it should be stated in clear on their front page: &quot;End-to-end encrypted, but not anonymous, we know your phone number and IP-address, and can see who you talk to, when and how much&quot;.<p>&quot;We can stop Signal from knowing when we’re talking to each other by using peer-to-peer chats.&quot;<p>Yes, but that doesn&#x27;t prevent global passive adversaries from seeing who we connect to directly. In some authoritarian country, the government could see Alice and Bob talk to each other. With centralized design, they only see connection to service providing domain fronting, or connection to Signal server at most. If you really wanted to solve this, you would run Ricochet or Briar.<p>Federation is a horrible idea. I trust they are not interested in my metadata personally. I won&#x27;t trust metadata of all my chats to a friend of mine who runs personal instance of Signal Server. He watches porn on that same computer. He downloads Russian game cracks to that computer. He has friends who are my enemies and vice versa. He has repressed personal grudges, reasons to fuck me over, or he doesn&#x27;t have 50M in foundation money (and he&#x27;d prefer $5k over our weekend hang-outs that admittedly are getting boring) or strong cypherpunk ideology to prevent corruption. He&#x27;s a chinese refugee who has relatives he loves in political prisons, waiting to hand out their organs to rich members of the political party, and he&#x27;s being extorted for my metadata on his computer. His computer isn&#x27;t patching itself automatically so there as RCE vulnerability that got him compromised by our common adversary. He clicked on wrong link, once. The number of threats is endless.<p>Federated system doesn&#x27;t distribute risks across hundreds of operators, it increases the attack surface tremendously, while dropping the number of targets the metadata of which is compromised at the moment. But I don&#x27;t care about others, I care about the fact my friend doesn&#x27;t have as good security as Google and Signal devs. Government agencies are really, really, really, really good at hacking and the trend is towards mass hacking. Having shitty servers makes that free because you can use exploits that should already be useless due to system updates.<p>&quot;Federation would also open the possibility for bridging the gap with several other open source secure chat platforms to all talk on the same federated network -&quot;<p>Yeah let&#x27;s talk about that. Currently many Matrix channels lack end-to-end encryption because there is a backdoor: an IRC-bridge bot that leaks all conversations to non-end-to-end encrypted environment. Like you said: &quot;Tradeoffs are necessary - but self-serving tradeoffs are not.&quot;, the possibility of having bots is extremely dangerous. The fact Matrix isn&#x27;t end-to-end encrypted by default is horrible. The E2EE is in beta, and the fingerprint verification in clients suck. For the past three years I&#x27;ve been complaining about this, every time there is a developer assuring this will be fixed. This bug should never have existed in the first place. Now the users have come to accustomed to having the possiblity for briges to insecure systems.<p>&quot;but those are all really convenient excuses for an argument which allows him to design systems which serve his own interests.&quot;<p>You should not make such generalized defamatory claims if you want to be taken seriously. I took this seriously at start but your arguments really lost their traction. It was another badly thought post that didn&#x27;t show understanding of design choices and that hurt more than in helped: People might now switch to less secure Matrix protocol. Or they might even go with unaudited Tox, designed by non-experts.

TL;DR he doesn’t trust Signal because he doesn’t trust the Android operating system, and something about federation.<p>&gt; No doubt these are non-trivial problems to solve. But I have personally been involved in open source projects which have collectively solved similarly difficult problems a thousand times over with a combined budget on the order of tens of thousands of dollars.<p>Shut up and code then. I’ll personally review your fully decentralized and secure chat app which nobody uses because it’s not available on any app store. Let me know when it’s done.

<a href="https:&#x2F;&#x2F;twitter.com&#x2F;matthew_d_green&#x2F;status&#x2F;1027566578559270912" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;matthew_d_green&#x2F;status&#x2F;10275665785592709...</a>

Is there a preference of Telegram over Signal or vice versa?

Google, APK ... if you&#x27;re concerned about security, you would use Apple iOS only.

[] deleted

Does Signal work in foreign countries? Like South America &amp; Middle East for example.

Signal immediately asks for your phone number. Dead giveaway that they are not about privacy. So I assumed its a honey trap.

most of these services aren&#x27;t allowed to grow (i.e. not heavily invested in by the people with actual money) if they dont have some form of data mining or things like &#x27;oops we facilitated key generatyion and kept all the keys&#x27; etc.<p>If you want to securely communicate, either be smart about it outside of the app you chose. (encrypted or encoded with your own keys &#x2F; tools where an app is just a medium of transfer) or create your own secure channels (not too difficult these days with good vetted open source implementations of crypto on multiple platforms...)<p>I would say anyone who fully trusts any of these apps, and is worried about their privacy, is contradicting their worries with their behaviour.<p>just google &#x27;signal vulnerabilities&#x27; or that for any other of these apps... even if they have some good form of archntecture it&#x27;s riddled with bugs... people can access your data. live with it, avoid it, or make the actual data incomprehensible for any &#x27;eve&#x27; yourself instead of trusting another to do it for you.

Want to lose all faith in signal, try filing a bug fix as pull request<p>- It probably will be ignored forever or shouted down - wanna notify the mailing list. Guess what you have to join rise up! Aka if you wanna file a patch to signal I hope you are ok with Joining an “anarchist” mailing list - Then when you are approved to make noises on the mailing list, it still gets ignored, no explainatiob<p>1 year later I removed the obvious bugs in the base64 implementation of signal

OWS&#x27;s staunch refusal to permit anything other than phone numbers as identifiers should tell you everything you need to know about Signal.<p>It is an <i>authenticated, nonrepudiable</i> communications platform using identifiers that are very difficult (possible, yes, but most people will get it wrong) to comprehensively anonymize.<p>The ability to present nonrepudiable communications to a judge is precisely the wet dream of law enforcement officers, ambitious prosecutors, and despotic regimes everywhere. All they need to do is flip the people you&#x27;re communicating with, and you&#x27;re done.

Seriously, if Signal become decentralized and doesn&#x27;t require a phone number to use, I&#x27;d switch to it without hesitate. Call me lunatic or whatever, all the court related news, security analysis only makes me feel Signal is just another honey trap or will become one eventually, because none of these positive reviews solves trust issues existed long ago. There are better models out there, they just don&#x27;t want apply, I can&#x27;t stop asking why. You&#x27;d think they&#x27;ll re-consider the options after so many users expressed their concerns, or at least provide multiple choices, but no, it&#x27;s been years, nothing has changed.<p>I&#x27;d keep using Riot until then, even it&#x27;s less secure and less user friendly, but it&#x27;s good enough for me.