For me it would be a huge improvement if this happened in my country. It would mean that if I'm sitting in front of a keyboard and a screen as I am most of the day, I would be able to reply to my friends comfortably using them. With that joke of an application called Whatsapp, I have to choose between replying from a tiny smartphone screen and on-screen keyboard, or going through a ludicrous ritual of photographing a QR code (which works only if my phone has wifi signal and enough battery).
To be honest, privacy in a general-purpose messaging app is the least of my concerns, as I have other means of sending important messages to select people. What is really annoying about Whatsapp is its extreme device dependence* which forces me to depend on a single device for casual chat with friends, family and acquaintances (and not the most comfortable use one) when multi-device messenger apps have been around for more than a decade. Telegram is like a return to sanity in this respect, so any news about Telegram invading Whatsapp's space are great news to me.
*I say "extreme" because Whatsapp doesn't even like if you switch your SIM card from one phone to another. It's insane. I used to have two phones (one for regular use and a cheap old one for activities where it could get damaged easily) and I had to give that up because Whatsapp would force me to re-register every time I made the swap.
Signal, and in extension the other privacy-aware messengers (Threema etc), can not replace Telegram or iMessage because they lack basic features like multi-device sync.
The hard problem of messaging has not been solved yet, what people should build is a service like iMessage but with the public key pool per account publicly auditable and verifiable.
Signal has multi device sync now, and it's cryptographically secure. It works by sending Signal messages to the other linked devices. This enables Signal-Desktop (the Chrome app that is now in beta). Sync is only implemented in the Android client at the moment though.
This is false. I've tested this possibility by turning off phone and Signal Desktop still receives messages. Description of plan around which protocol was build is here [0].
That's slightly better but still cumbersome to set up and with the primary device as a SPOF. What does the recovery procedure look like if you lose the master?
From what I've read in docs posted above, identity key is copied from S-Android to S-Desktop. If you lose S-Android, there are two possibilities.
1) Your keys are safe (device was encrypted and/or you've wiped it remotely, whatever). In such situation you could be able to transfer keys from S-Desktop to new mobile. AFAIK there is no such functionality yet (remember, its Beta).
2) Your keys are not safe. In such case no recovery is possible. Notify all contacts about the fact that they should "reset secure session", forgetting your Signal identity and establish new Signal identity.
Anyway, this is the only solution on market with secure chats and multi-device sync.
No, your claim is false. This has been claimed about Signal multiple times now on HN and I've never understood how people came to this conclusion, because it's just not true and never was. All your messages arrive on all your devices, even if all of them are off at the time the message is sent. It's stored in an end-to-end encrypted fashion on Signal's servers until you switch on one of them, at which point the message will be delivered. When you switch on another one, the messages will be present at that device as well. The only thing missing right now is the sync of old messages when you link a new device, but that's only relevant in the first couple of days/weeks of use.
Since when was it possible to sync whatsapp over multiple devices?
That unnecessary limitation really disgusts me, since I am the type who deletes his whole chat history weekly because I don't want to carry it around with me in case of another targeted stealing attempt. I'd love to integrate my whatsapp xmpp account into pidgin.
Signal is currently beta testing "Signal Desktop" which introduces (somewhat limited) multi-device sync capability. I use it and I'm happy about experience.
I basically don't need other communicators right now for close family and part of my friends.
Occasional video call can be made using other platforms.
I've never used multi-device sync, ever. Not on iMessage, Viber, WhatsApp, ... The only one that I use across devices is Skype, but I don't use it except for video.
Not even Telegram supports multi-device sync for 'locked' chats. So if you really care about security, multi-device sync is not a feature, it's a bug anyway.
I know only 1 guy who uses Signal and he is an AT&T systems administrator and linux addict. He understands the difference. The rest, use either iMessage or Telegram and don't really care about the rest.
WhatsApp also lacks multi-device sync. The feature that made people adopt WhatsApp was saving money in contrast to using expensive SMS (which is the reason why it doesn’t have much adoption in countries with reasonable prices).
Multi-device sync and privacy-awareness both are maybe reasons for a few individuals to switch but they both have problem with the number one feature of messengers: actually reaching other people.
Why something gets adopted is way more dependent on soft factors than on technical factors, as long as the basic requirements are satisfied.
>(which is the reason why it doesn’t have much adoption in countries with reasonable prices).
Huh? I don't think this is correct. WhatsApp is huge in Europe, nearly everyone I meet prefers to use WhatsApp over SMS yet almost everybody has "unlimited SMS" plans.
The unlimited texting plans came after whatsapp in most countries. In Sweden seemingly nobody uses Whatsapp. Here in Germany there are many people with unlimited texting, but it's far from everybody.
What I want is a messenger which has all my friends in it.
Sadly at the moment that's only WhatsApp and Telegram to some extent.
If only there would be some protocol or standard that would allow me to communicate across different providers.
But unfortunately such a standard must be technologically impossible, otherwise it would be implemented and widespread already.
They might actively use it but not because they want to.
In fact, Brazil's most popular chatting app that is recently banned there doesn't have multi-device sync. Hangouts does. Everyone could use hangouts, but not nearly as many people do.
Using your phone number and address book to find contacts is what made it really easy for me. Also, iPhone users don't use Hangouts, but were somehow "forced" to use Whatsapp to talk to people on Android phones.
No, iMessage for example generates a unique key pair per device and submits your public key to the key pool for your account. Devices can then sync old history using each other's keys and new messages will be encrypted for all devices.
The problem is that the key pool is in Apple's hands. You cannot guarantee that they don't go and add a key do the pool and get all your messages anyways.
Marginal improvement in what sense? When considering privacy, Telegram is by far the worst option. They store the plaintext message history on the server of every message that every user has ever sent or received.
Even if WhatsApp weren't using end to end encryption by default, they would have no way of complying with government requests like this one, because they simply don't have the messages. Telegram, on the other hand, is a surveillance dream.
Only in the limited sense that Telegram appears to at least have an intention of really providing private messaging and one might hope that they one day drop the delusions of grandeur and start to take seriously constructive criticism about how to do it right, as you and others have presented in other threads here.
My understanding of the Whatsapp end-to-end-encryption is that the use of the term is completely misleading, as the "ends" they are referring to are the client and the Whatsapp server (https://www.whatsapp.com/faq/en/general/21864047). Unless you know otherwise, I take that to mean the communications are in the clear at Facebook, and in my estimation that's tantamount to piping them straight into the US surveillance machinery through whatever they call PRISM these days, or some more or less distant relative of it. (This arrangement would still offer protection from bad actors that don't have some form of easy access to Facebook's internal information).
Both seem like dreadful options in absolute terms, but if we're comparing I'd slightly rather have that user base in the hands of someone possibly sincere and incompetent than with someone competent but almost certainly treacherous. At least there is a sliver of hope for improvement and, who knows, maybe once they're off the paved road of Whatsapp they'll wobble their way though other alternatives to something like Signal eventually.
It's actually the exact opposite. Telegram has made design decisions that prevent them from ever being able to provide private messaging by default without radically altering their design and re-writing all of their clients. The Telegram "client" is really the server -- everything happens there, and the client you use is just a view onto the server.
That structure seems enlightening to understanding how Telegram has been able to create clients for so many operating systems in a relatively short time.
I like how the Signal app (at least on Android) also works for insecure SMS to give me one place for messaging... well apart from everyone who uses WhatsApp at least.
What I'd love is if they could also make it an email client too. Letting me send/receive insecure emails or (if the recipient has Signal) encrypted email using the same key management. I'd much prefur to give out an email address (totally in my control) than a phone number (could be taken away from me at any moment).
In principle, since both the Signal client and server are FLOSS, it should be possible to resist a block in some ways that might not be so easy with for example Whatsapp, but as far as I can tell, as things stand right now there is no built-in way to switch server, and asking millions of regular people to make changes to the source code of their cellphone software, recompile and manually reinstall does not seem like a recipe for success.
I wonder if one might sensibly work around these things by fallback/optional connection to the server through Tor if Tor is available on the device?
No it doesn't. If you're going to wave this flag, you should be complaining about the management controller inside of your CPU (presuming you are already running an open source OS).
>you should be complaining about the management controller inside of your CPU
And I am! I can't wait for Novena! Also notice a difference. Having a close-sourced CPU is different than having a close-source browser which has much more possibilities to compromise you. It can start camera, microphone, read disk files, locate you and transmit everything to "cloud".
To be honest, privacy in a general-purpose messaging app is the least of my concerns, as I have other means of sending important messages to select people. What is really annoying about Whatsapp is its extreme device dependence* which forces me to depend on a single device for casual chat with friends, family and acquaintances (and not the most comfortable use one) when multi-device messenger apps have been around for more than a decade. Telegram is like a return to sanity in this respect, so any news about Telegram invading Whatsapp's space are great news to me.
*I say "extreme" because Whatsapp doesn't even like if you switch your SIM card from one phone to another. It's insane. I used to have two phones (one for regular use and a cheap old one for activities where it could get damaged easily) and I had to give that up because Whatsapp would force me to re-register every time I made the swap.