Skip Navigation
65 comments

  • What it ultimately comes down to is that truly secure systems cannot be based on trust. The article does a good job outlining all the ways the users have to trust Whisper Systems without any ability to do independent external verification regarding what the server is doing with the data available to it.

    Even if we assumed that Signal works as advertised the fact that it's tied to your phone number is incredibly dangerous. Obviously if this information was shared with the government it will disclose your identity as the article notes. This information can then be trivially correlated with all the other information the government has on you and your social network. Given that Signal is advertised as a tool for activists, that means it creates a way to do mass tracking of activists.

    Being centralized is another huge problem given that the service could simply be shut down at any time on government order. If you're at a protest and rely on Signal it could just stop working.

    edit: as people have pointed out, it turns out you can use third party clients

    Finally, since the client is a binary distributed by Whisper, it's not possible to verify that the client and server use the published protocol independently. Since alternative clients aren't allowed to connect to the server, we can't test the protocol and have to rely on trust.

    • Finally, since the client is a binary distributed by Whisper, it’s not possible to verify that the client and server use the published protocol independently

      you can use Signal-Foss and use their builds or build it yourself.

  • 4h ago

    40+ comments

    uh oh

    edit: seriously tho, 👌 writeup

    • Haha thanks. Its impossible for it not to be controversial, for some reason I've found signal fans to be more fanatical in their loyalty to it than most advocates of other privacy apps.

    • uh oh

      It's a good article :) hope you don't have to delete comments, but by the looks of it, they're very civil.

      • yeah, i didn't mean that anything bad is going on, just that it's a somewhat controversial topic and heated debate is taking place hehe

  • Signal’s use luckily never caught on by the general public of China ( or the Hong Kong Administrative region ), whose government prefers autonomy, rather than letting US tech control its communication platforms

    Pretty useless tangent. Even for the US of A, Signal isn't the best communications platform. And China has its own problems with WeChat/QQ, which is basically run by the state. At least they don't export it like the US does…

  • A quick rebuttal of some points you made. Not going too in depth as I just want to provide my perspective:

    • CIA Funding:
      • This is a non-issue. The OTF also funds: Briar, Tor, Wireguard, Delta Chat, Bind9, CGIProxy, CertBot, K-9 Mail, Tails, NoScript, QubesOS, The Guardian Project, and a host of other essential privacy tools/software. You're telling me they're all compromised just because they're getting funded? I don't buy it.
    • A Single, Centralized, US-based service
      • The Code is open source and Android has reproducible builds, iOS would have them too, but it's impossible based on the way Apple's build process works. Lastly, Signal's devs/infra exist in the US, they have to exist somewhere, why not the country of origin? With the code being open/reproducible, you don't have to trust them.
    • Phone # Identifiers
      • This is to make onboarding easier and minimize spam - I got my grandma to install it and find the rest of the family on Signal VERY easily. Trying to get her onboard with Matrix/Element or even Briar would have been a struggle. I like Briar, but its not ready for mainstream yet. I also like Element, but I don't believe it's quite a text/sms replacement like Signal is - in addition to leaking metadata.
    • Social network graphs
      • Here you mention metadata, so I'll ask which other provider goes to the lengths that Signal does to minimize the collection of metadata? And please read over how Sealed sender works before you claim its easy to circumvent. You deride their implementation and claim how easy this is to collect without understanding what's going on under the hood.
    • Abandonment of Open source
      • This is a stretch. Signal is a non-profit. They don't have the same funding or staffing as their competitors and all their code is current. Yeah, they let it get out of sync for a while, they're human, not robots. Don't let perfect be the enemy of good.
    • Bundling a Cryptocurrency
      • What does a messaging platform have to do with crypto/payments? I don't know, you should ask every other big player who is also trying to get in on the game hoping to siphon even more data from everyone's purchases.

    I do want to close by saying that Signal is definitely not the end-all-be-all of secure messaging platforms, but it is currently the best for mass adoption. I'm keeping my eyes on Matrix, Sessions, and Briar, but can't say they're ready to "go mainstream" yet.

    • The Code is open source

      the server code being not federated means you effectively can't (or won't) self host.

      Phone # Identifiers – This is to make onboarding easier and minimize spam

      Yeah but you could do that as verification and an additional means to find users, not the primary user ID. Threema has generated IDs, Matrix has usernames, Telegram has usernames. Why can't Signal?

      Yeah, they let it get out of sync for a while

      Why, though?

      What does a messaging platform have to do with crypto/payments?

      Good question. Signal obviously didn't ask about it and wants to become another WeChat/QQ clone where you can pay with your messaging application and circumvent taxes.

      Signal is definitely not the end-all-be-all of secure messaging platforms, but it is currently the best for mass adoption.

      I'd agree if you'd add "one of" between "currently" and "the".

      • Also, its not that signal just got lazy with letting their code get out of sync. They chose not to publish updates for their server for a whole year, until the open source community got really angry, and then they finally relented. If I or any open source maintainer did that, we'd rightly be abandoned. Some here are giving signal a pass for it tho.

      • the server code being not federated means you effectively can’t (or won’t) self host.

        Agreed. I hope they change their minds on this, although I'm not holding my breath.

        Yeah but you could do that as verification and an additional means to find users, not the primary user ID. Threema has generated IDs, Matrix has usernames, Telegram has usernames. Why can’t Signal?

        Agree. The devs have stated that this is coming this year. We'll see if they can roll it out before the year ends.

        Yeah, they let it get out of sync for a while

        Why, though?

        Honestly, don't know and don't care. I suspect because they didn't want to yet make public their crypto stuff, but I'm not going to assume malice here without evidence.

        Good question. Signal obviously didn’t ask about it and wants to become another WeChat/QQ clone where you can pay with your messaging application and circumvent taxes.

        Whatsapp also lets you pay - although I believe its only in India. Telegram also attempted to include crypto. Why wouldn't we want a private way to pay instead of letting Facebook/Google/etc, take over? I fully support them making sending money easier and more private.

        I’d agree if you’d add “one of” between “currently” and “the”.

        I'll agree that it's "one of" the best. Which one would you throw in your top 3?

    • "Signals database, which we must assume is compromised due to its centralized and US domiciled nature, has a few important pieces of data; 

       undefined
              Message dates and times
    Message senders and recipients (via phone number identifiers)"

      I have a problem with the article's claims on metadata too, hasn't there been too many transparency reports and subpeonas that prove that they literally have nothing to offer to the government except the last time someone used signal and the date of joining?

  • The same way you could (and in my opinion should) be wary of Briar too, not yet, perhaps, for technical reasons at least, but in regards to the sources of their funding (see the bottom section of https://briarproject.org/about-us) - OTF

    • That is definitely sus, and makes me scrutinize briar a little bit more. Its probably okay for now, because unlike signal, its decentralized, and the f droid builds are from source.

  • And what do you think of Molly? Do you recommend it to replace Signal or is it preferable not to use Signal or any of its forks?

    • Federated / P2P is a must IMO for any messaging service, so that rules out any signal or fork, even if its self hostable, which I assume molly is.

      • Okay, I will keep that in mind. I thought Molly was the ideal alternative to replace Signal. I will try to use more Element or Briar.

65 comments