Hacker News new | ask | show | jobs
by nothrabannosir 2308 days ago
Two replies about email replacement; I feel like we’re getting off track. Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.

TFA merely says: if you were gonna use PGP, use Signal instead. It’s a trade off. While we target these open and federated protocols, let’s not throw people who actually need encryption today under the bus.

So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.
3 comments
sergiosgc 2308 days ago
> So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.

You don't need to drop email at all. If you trade protocol openness for encryption, you are acquiring technical debt. How long are going to do this dance of switching between instant messenger protocols? ICQ -> AIM -> MS Messenger -> Hangouts -> WhatsApp -> Signal -> ???.

Open protocols (open in specs and federated in access) are the only way to stop this madness.

link
Dolores12 2308 days ago
In the past Google and Facebook supported xmpp(jabber) protocol. That was real step in right direction. You could use your client and OTR plugin to encrypt all communications. It all ended in 2015.
link
lvh 2308 days ago
Do you have an opinion on why that happened?

(I think a lot of useful Signal properties are much harder to do with federation, but that’s a subtle enough problem that it warrants a long form post, not a HN comment. I agree that ceteris paribus federation is better than not—but c.p. is doing a lot of work there :))

link
pvg 2307 days ago
Is there some reason to believe it didn't happen (mostly) for the reasons stated by the respective parties at the time? 'federated' is often brought up as an unalloyed good so casually but as you point out yourself, there's a huge overhead, conceptually, operationally, etc.
link
loudmax 2308 days ago
IMHO, Matrix currently has the best shot at becoming the standard for the open internet.

Those who value the freedom of choice should push for Matrix before Signal becomes the de-facto standard and is acquired by one of the tech giants looking to lock down control of communication.

link
Andrew_nenakhov 2308 days ago
Matrix is too dependent on it's only vendor in existence, their only server in existence has performance issues. Also, a monolith standard is hardly viable for federated networks, where all nodes can't upgrade all at once.
link
feanaro 2307 days ago
> [...], their only server in existence has performance issues.

This is either misinformed or disingenuous: https://www.hello-matrix.net/public_servers.php

link
Andrew_nenakhov 2307 days ago
All these server instances use the same server software, provided by the same vendor.
link
feanaro 2306 days ago
Ah, I did not realize you were referring to the software. In that case, there is also Construct[^1]. There are other implementations in the works, though progress is somewhat slow.

Synapse is much better with regards to resource usage these days, though. The RSS of my instance is 355M right now and the CPU usage is hovering around 0-10% (15-min server load ~0.5).

[^1]: https://github.com/matrix-construct/construct

link
amdavidson 2308 days ago
Fortunately Signal is a well funded non-profit which reduces the likelihood of its acquisition significantly.
link
pnutjam 2307 days ago
Anybody using keybase? I think they have excellent security, Superior to telegram and signal in some ways.
link
guug 2306 days ago
I wouldn't use keybase where I need reliability due to their vague TOS (that came into effect around the beginning of this year): They can ban you from their service if they deem your actions outside their platform unacceptable.
link
anon4242 2305 days ago
Interesting, I had to check their ToS and found this which seems a bit vague:

"[...]use the Services to store or transmit any inappropriate content, such as content that: (i) contains unlawful, defamatory, threatening, abusive, libelous or otherwise objectionable material of any kind or nature" [1]

(My emphasis)

[1] https://keybase.io/docs/acceptable-use-policy

link
anthony_barker 2306 days ago
Lots of pros

1) we use it as a slack replacement 2) git integration 3) stellar Blockchain payments 4) encrypted file sharing 5) great system for key management

link
robertony 2307 days ago
I'm still using ICQ...
link
Andrew_nenakhov 2308 days ago
> Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.

Do you seriously believe that ALL communication working through a single proprietary non-federated service would be a good thing? !

link
nothrabannosir 2308 days ago
I’m having a hard time believing just how polar opposite of my point people are taking me, I must be explaining myself very, very poorly.

Let go of the idea of “good”, nothing is currently good. Everything is terrible. The only thing that’s “good” is a federated, open, and secure in practice protocol (I.e. not just for people who use it properly, but for people who is it full stop. Like HTTPS, for example.) Today, we don’t have that. Let’s work towards that. Let’s make it happen tomorrow.

But today: federated or secure, pick one. (See TFA)

Meanwhile , there are people , today, with a real need for encryption. (See TFA) A need that transcends our long term plans. These people look at what “techies” do and say, and they imitate it. That’s the way of the world.

It is currently PGP. That is not secure, in practice when used by those people (see TFA). Therefore, we need to stop using PGP, use Signal for now, until we have an actually good solution that is better than Signal and PGP.

That’s the summary of the article.

Nobody is talking about replacing all email. Nobody says the status quo is good. Heck, nobody is really arguing for Signal, as much as arguing against PGP, and signal winning by default. That’s all.

We’re all on the same side here, guys. It’s just a matter of temporary compromise.

link
sergiosgc 2307 days ago
> We’re all on the same side here, guys. It’s just a matter of temporary compromise.

I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.

link
kasey_junk 2307 days ago
But if you rule out Signal there isn’t another choice for the users in question.

There is not a federated messenger that provides the same security as Signal.

Your argument reduces to (for the user segment under question) “don’t use electronic because I value federation”.

I value it too but that seems incredibly selfish.

link
Andrew_nenakhov 2307 days ago
> There is not a federated messenger that provides the same security as Signal.

Actually, there are federated messengers that provide better security and privacy than Signal. Yes, XMPP ones. They might not have the same convenience yet, yes, because they are not tied to phone numbers, but don't even get me started by trying to say that tie to phone numbers is a plus.

link
joshuamorton 2307 days ago
Name a federated message tool that is more secure than signal for a user who is not a tech expert and whose life is potentially on the line.
link
Quiark 2307 days ago
You mean gmail?
link
FabHK 2308 days ago
> TFA merely says: if you were gonna use PGP, use Signal instead.

The article mentions Magic Wormhole, age, and Signal, IIRC.

link