I love Signal, and upsell it whenever I can. Signal has its ideosyncratic parts, some of which are being worked on, others not so much. Some of the more visible ones are IMO:
Signal forces users to use phone numbers; some people don't like this because they want to use multiple ephemeral usernames so they can be 'Joe' to friends, 'kleptoclown' to their github group, 'dungeonmaster42' to their DND group, 'joesolutioner' to anyone who browses their personal website or business card, etc. that way they are not having to give out the phone number to strangers which represents Sim-jacking and spam risks.
If you create a signal group and invite folks to it, you cannot remove members from the group (this is being worked on now) without them clicking the 'leave' button or creating an entire new group sans whoever needs to go, which causes loss of group history.
Signal cannot have multiple mobile clients, only one mobile client and a single desktop version. WhatsApp Riot etc. all support clients in as many spots as you can login from.
Again -> these are focused nitpicks, but in most cases Signal is much better for upholding the promise of 'you send someone a message and you have a reasonable sense that ONLY THEY will be able to read it' compared to the likes of Line/WhatsApp/FB messenger etc.
It's really an engine for revealing people's true preferences for messaging, which, for many people, tend to be that they want all the ergonomics of Slack a lot more than they want cryptographically sound secure messaging.
What's hopeful in all this is that Signal is, slowly, catching up. Slack can roll out new features just by assigning a couple developers to it, and Signal has to coordinate new cryptographic research --- not just new cryptographic research, but research that produces something deployable at scale within the resources of a project like Signal! --- so Slack (and Wire and Keybase) are at a permanent advantage here.
But over time, Signal gets more and more usable without having to consider tradeoffs.
It is, but there's another aspect besides convenience and ergonomics. You surely know better than me that privacy and security are non-binary, and everyone has their threat scenarios.
In some cases, an ability to have multiple independent accounts/identities (pseudonymity) would - unfortunately but practically - beat true cryptographic security that Signal offers. I mean, personally, I'm less concerned about platform (e.g. Wire or Whatsapp) or some government agency learning that I'm talking to my buddies at certain schedule, than mixing up my acquaintances from different groups together, having to maintain a single identity for them all. Some people I talked with didn't knew my name or phone number, and I would be uncomfortable if they would. For me, in my life I've said less things I wouldn't want governments to learn about, than times I've used a pseudonym/throwaway account to talk to people.
My biggest annoyance with Signal is that getting a new phone ends up wiping out all conversation history with apparently no way to transfer it.
This loss of user data is not advertised well enough up front, and leaves users feeling tricked. In many contexts loss of user data is an even bigger sin than weak security.
What's ironic here is that in the adversarial setting the application is designed for, unexpected retention of user data (on end-user devices) is a sin.
I like to think about messages being ephemeral. If a piece of information needs to be saved, I just store it outside the messaging app. This includes media files, too.
That’s fine. But Signal should then advertise itself as unsuitable for general-purpose communication, primarily relevant when someone is specifically worried about adversaries reading the communication.
I can see how this makes sense for journalists, dissidents, diplomats, criminals, corporate executives, etc., but if data is under threat of disappearance, regular people should be warned away and told to use something else for day-to-day communication.
Personally, I'm happy to lose the data. I found it odd that with both phones and the SIM on the desk in front of me, I couldn't figure out how/if I could vouch for my key changing in any way.
Needing to say I have a new phone just trust me largely defeats the purpose.
If you are on an Android device you can export an encrypted backup and scan a QR code / type in the password to the encrypted archive to transfer messages / group memberships with only a safety number change in most cases.
I think that's the opposite of what I want? I want to inform people of the new safety number using the old channel and purge all data like a good user.
In this respect a keybase like model makes more sense to me.
Two small corrections: Signal-Android's backup works with a passphrase only (no QR codes involved) and does not cause safety number changes on restore.
Why would a group communication tool be compared with another group communication tool? What's the part you're missing there?
I have some friends I talk to in Signal groups. I have others I talk to in Slack. In both cases, the goal is the same: communicate privately with a known group of friends.
I recently was selecting a messaging platform for my family, and we evaluated both Signal and Slack, and went with Slack. My wife did the same with her family, and went with Signal. From this, I gather they overlap in some features enough to compete for some use cases.
Which is number one reason why I'm not even considering it
"some people don't like this because they want to use multiple ephemeral usernames"
That's not my reason: I don't want people I don't know to get my phone number through other people I know and trust, but are used to share everything online. Of course that would be possible without any social application as well, though using one makes it much more natural.
Then this one from their site: "Multiple mobile devices and Android tablets are not currently supported"
Triple facepalm here: this makes it even worse than Whatsapp I use (read: am forced to use) on an old tablet. Whatsapp sucks badly just at everything (didn't I write I'm forced to use it?) but at least I can read what I write.
Downvotes welcome, though advice on secure+open alternatives that don't assume I have a smartphone (I haven't one and don't plan to) would be more informative.
The day I would be comfortable giving out my phone number to stranger is when it becomes mandatory to whitelist all callers, much like how just about any non-PSTN systems work.
Maybe this is because of the social expectations of that it will work without such overhead but I just simply can't notice how all the "countermeasures" phone industry (and governments as this is a heavily regulated industry) are ignorance to elephant in the room...
If you are a client for Signal, rubberhose cryptoanalysis is a much bigger issue.
Here is a story what has happened to Doubi (SSr developer.) He was a very well aware of anonymity risks, and he evaded police for years on end. China literally tried to do geolocate him by turning off the internet in entire cities, but to no result — he caught on to that, and started randomising his release timing, and avoiding releasing "hotfixes". So, the entire Chinese police and MSS been looking him for 4-5 years.
What has happened? A few month before his arrest, he registered a Twitter handle with a throwaway SIM card. Those are being usually sold by "grannies" in Chinese 2nd tier cities who peddle things like fake tax receipts, anonymous train tickets and such.
China either hacked Twitter, or had somebody bribed there, and they got the number. They then tracked down the granny who sold him the SIM card, and went on and checking every person door to door in that small town. Then, they found him.
He got 5 years prison, and 4 years of laogai (gulag)
That's super interesting, thanks for sharing! Would you mind posting a link or a two about the story of Doubi. I can't find much and would love to dig into this story.
Basically Twitter got pwned big time, and now denies it because GDPR will ruin them if breach is proven.
Here is what Doubi's online followers figured:
State security got all phone numbers used for Twitter phone verification up to May 2019 and possibly till July.
Twitter haphazardly closed the breach in complete secrecy.
API hole explanation is excluded as people with 100% private accs got police visits.
People with foreign SIM cards also got into trouble. So the explanation that China compromised Twitter's SMS providers is also excluded, as its improbable that they did it in 4+ countries.
2016 breach is also out of question.
The only explanation is that they got hold on a big piece of their user DB, or, worse, they have an active infiltrator in Twitter, or Twitter voluntarily cooperated.
Pardon my ignorance but I'm unable to find much about this story... and the links you posted are hard to piece together with this narrative.
Not even doubting it, just wondering if there's more of a source that's laid out (work/timeline/etc)? It's supremely interesting and should probably be more well known if it's not already.
Most of what I know was found by people on Doubi's forum which now went down. Near nothing about that in English besides stating the fact that he is gone now, that he got a term, and that his Twitter was the most likely source of his ID leak as deduced from public records about his case.
Early accounts explored the possibility of Chinese police exploiting SMS gateway, and password reset abuse, but it has since been confirmed that even users who lived for years in the West got deanonymised, and their relatives got harassed. MSS/police having fresh twitter user DB is the most probable explanation at this point.
But, in this story - had he used signal - if the police arrested anyone in contact with him, any one of those would be able to turn over his phone number? Which would be linked to the sim card in his phone?
Am I missing something? Or am I misinterpreting your story? You're saying that sign up bound to a Sim card is bad for Twitter and bad (worse) for signal?
> ”Signal cannot have multiple mobile clients, only one mobile client and a single desktop version”
This is wrong. You could always have multiple desktop clients. You can also add iPads as linked clients now. Personally, I have two desktops and an iPad linked to Signal.
WhatsApp doesn’t support linked devices at all, the web client connects through your phone. Signals linked devices function independently, you can power off your phone and they’ll still work.
> Signal cannot have multiple mobile clients, only one mobile client and a single desktop version
You are right about the mobile client, but that's not true of desktop. I have Signal installed and setup on every desktop/laptop that I use without any issue.
I wouldn't say I can't stand it (indeed, I am using it), but I've had problems with it. Disappearing messages and the like: being contacted via another medium by a person, asking why I hadn't responded, with no record of there ever being a message on my end.
It's OK in my books: a symptom of there being no server to step in and enforce a universal truth. You just have to understand what you're getting in exchange for the occasional inconveniences.
Signal forces users to use phone numbers; some people don't like this because they want to use multiple ephemeral usernames so they can be 'Joe' to friends, 'kleptoclown' to their github group, 'dungeonmaster42' to their DND group, 'joesolutioner' to anyone who browses their personal website or business card, etc. that way they are not having to give out the phone number to strangers which represents Sim-jacking and spam risks.
If you create a signal group and invite folks to it, you cannot remove members from the group (this is being worked on now) without them clicking the 'leave' button or creating an entire new group sans whoever needs to go, which causes loss of group history.
Signal cannot have multiple mobile clients, only one mobile client and a single desktop version. WhatsApp Riot etc. all support clients in as many spots as you can login from.
Again -> these are focused nitpicks, but in most cases Signal is much better for upholding the promise of 'you send someone a message and you have a reasonable sense that ONLY THEY will be able to read it' compared to the likes of Line/WhatsApp/FB messenger etc.