Oh man, the basic usability of all chatting apps I saw is basically the same. Click on a person in chat list, write a message. The differences are so tiny.
After using WhatsApp for years my parents installed Signal. For some reason it was shown for them in English, which they both don't speak. And guess what, they could use it without any issues because all chat apps are the same.
The difference is tiny as long as you stay on similarly featured apps. I thought the same, but after trying Telegram i disagree.
* editing messages
* pinning messages
* small things like polls ( great for group chats ) and location sharing
* great API and bot framework ( awesome for public chats, and it can also be integrated for personal use ( e.g. i get a Telegram notification when someone enters home, and when my blog or VPN are down)
While the UX may not be as polished, you can conduct polls in Signal via the emoji reactions to messages. You could simply count the number of "thumbs up" vs. "thumbs down" reactions.
Telegram is leagues ahead of the rest in features and user experience. Leaving side its default chat storage (in plain text on its servers), I’ve seen that it’s the best choice to recommend to people and not have them complain about the platform. That it also hides phone numbers by default is a nice thing.
I hope Signal implements live location sharing, as it is quite useful when meeting up with friends. For anyone else interested in this feature, please show your support here:
No, not really. Extra PIN requirements make Signal unusable for lots of people. No proper chat backups makes Signal undesirable. That it mostly works the same might be true for you, but any minor difference is a problem for mom&pop.
You are so right, it hurts. There is nothing I would like more the to be an avid fan boy of Signal but it is just not ready for prime time.
I have used it for years, and the people and topics discussed there are specific. Just like they are even more specific in Threema. That is when you do (not) care for the lack of features since the return is worth it.
Not sure if I am (socially) capable of leaving WhatsApp.
I agree with the basics and also that Signal is pretty much designed like Whatsapp and so the switch is rather easy. The article however also includes the setup process which is important to many. Just take Element (aka Riot/RiotX) as an example for a long-winded and offputting setup process.
That being said, I still prefer Element over Signal.
It's good that we've converged on a standard approach for the core stuff - it's the associated functionality that's important and varies quite a lot.
Contact discovery and adding - Signal has gone with the WhatsApp approach here. There are downsides like needing a phone number but it makes it very easy and means that they can do things like sending you notifications when one of your pre-existing contacts joins Signal.
Backups - this is my main sore point with Signal, in terms of recommending it to my friends. Unless they're conscientious or put in extra work they're going to lose all their message history when they get a new phone. You need to do manual backup and restore to transfer messages, and if your phone is lost/stolen then you're screwed.
I've set up sync but it's quite a lot of work for what (e.g.) WhatsApp does for free.
> sending you notifications when one of your pre-existing contacts joins Signal
This was the main reason I didn't choose Signal a couple of years ago.
I don't want all the people who have me in their contact database or vice versa (I'm not sure which it is) to get that notification. It's none of their business that I've joined Signal or when I do. Especially not the commercial contacts.
I joined Telegram thinking it didn't do that notification, and was surprised and annoyed when just after joining someone in my phone contacts then started a surprise chat with me. Yet I've never received a notification about anyone joining Telegram, so I must be confused about this feature.
I completely agree about Signal conversation backup being the biggest issue. For my uses, a chat app that doesn't save non-secret conversations in a way I can keep and search long term is of little interest. The ability to transfer history between Android devices is no use if the reason for having a new device is the old one is lost or broken.
(I use a mix of Telegram "secret" chats (which aren't sync'd) and regular chats (which are) depending on the subject, generally preferring the latter if it's not sensitive. I often want to refer back to things or search them, especially things like photos, dates of events, agreements, etc.)
WhatsApp also loses all e2e guarantees in the process. WhatsApp backups are not encrypted.
Signal on Android does support encrypted backups, however they're not automatically synced with anything. I think on iOS there's a different way to migrate your data, but it seems to require a PC.
It depends what you mean by "end" in "e2e". It is encrypted all the way to my device. I do see the issue though.
Signal has all the capabilities to do this and have encryption. Why does the chat backup feature (with 30 character passphrase) not offer to store the data in GDrive so that Android can restore it? It's an encrypted bundle so that should be fine.
Signal on iOS allows direct transfer from one phone to another when they’re physically close by. There is no backup and restore if your phone is lost or broken. Messages also get deleted on the “source” phone once the direct transfer is completed to the “destination” phone.
> the basic usability of all chatting apps I saw is basically the same.
Are you sure? Something tells me if I have to be called to show how one needs to use Signal if it was just as easy to use as WhatsApp, then something is wrong there; usability-wise.
For example, chat backups in Signal is less usable than WhatsApp. All chats are lost once a user changes their device, phone number, factory resets or loses their phone.
As some pointed out, the extra PIN requirement is a trade off that favours security over usability, so there's the risk of putting people off from using Signal and it can't be turned off or avoided.
> When the hype around Signal dies down, and people are trying to get all their friends to migrate from WhatsApp to Signal, it’ll be the UX that makes all the difference.
Absolutely put. Small things like this make the difference between why someone will stay on Signal forever or for 1 month and it's back to WhatsApp for them.
The fact that the PIN is mandatory in Signal is annoying. I understand why it's there and the attacks it defends against, but most people just want Facebook to stop stalking them and don't worry about a dedicated, nation-state attacker targeting them, so the PIN here actually reduces overall security & privacy by introducing extra friction compared to malicious alternatives such as Facebook.
Same thing with backing up/restoring chat history. I guess there's a security argument to be made there, but it doesn't apply to most people. Are you leaking state secrets? By all means, crank all the security options to 11. Are you using it just to not have Zuck spy on your family conversations? Then bulletproof security doesn't matter that much and feel free to backup your chats.
Yeah I agree, they'd be better off warning people that they loose many things if they switch device (most people only care about their groups I think), but that there is a way around this. It will, in comparison to other apps, constantly bother you about it though. I heard from several people who used Signal who don't care about what they'll loose, they do care about the pin nagging though.
Why you can just export to file, import on new device is also a mystery to me, I think that would be acceptable to people (combined with phone number validation).
You can't have meaningful E2E encryption unless your private key is encrypted with a password that only you know. If the operator of the service has your un-encrypted private key then it is not clear in what way you have E2E encryption. And actually if you use a 4 digit pin it won't be of much use either.
Encrypted private key isn't the purpose of signal's PIN. Signal's private key is actually used, discarded and possibly recreated quite nonchalantly by the application on your phone. The only purpose of the PIN is securing data that is stored on Signal's servers.
"signal doesn't store anything server side" is false, plain and simple. Signal stores certain kinds of data server side, just not everything. And they do some SGX voodoo dance to maybe protect it: https://signal.org/blog/secure-value-recovery/
> - Lack of support for markdown (as in bold, italic etc.)
Interesting. I hadn't noticed the lack of it but I will eventually. To be fair, markdown is supposed to be readable and meaningful in plain text, so even if the symbols are displayed without formatting it's still useful.
> - Poor support on windows desktop
I have not used the Windows app, but the macOS app is infinitely better than WhatsApp's shoddy WebUI.
Not even full markdown, just bold, italic and strike through. I just had a friend move to Signal and that's exactly what he complained about too.
The kicker is that Signal does support that stuff if you paste them, and shows it properly, it just doesn't have buttons to let you use the styles when writing.
A native app for windows and linux would be nice, but the electron app that is currently used doesn't have any major flaws except the usual electron memory and performance problems.
It does perform a lot of disk IO on startup so if you store it on a rust platter it can take a _long_ time to start though.
Windows support is actually great. You can use it without draining your phone battery and mobile data. Besides, you can make an actual audio and video call directly from the application, without touching the phone.
I find desktop app no worse than whatsapp. Killer feature here is that desktop app after connection does not need a phone/mobile device to be constantly present online.
You don't have to be around computer with your phone, just connected to internet. I opened whatsapp webui on my Linux computer (via vnc) in the USA while sitting in Germany on my phone.
The Signal Windows Desktop app is unusable if you don't keep it running all the time.
During busy work periods, I'd close WhatsApp Desktop to help me focus, re-opening it when I'm done, and jumping back into the group conversations.
However on Signal, the app spends AGES downloading (and decrypting?) each message it's missed when you re-open it, and whats worse, is that you can't even use the app while it's doing it. Totally destroys any ad-hoc use of it.
As a primarily desktop based chat user, I found this issue to be a deal breaker, so back to WhatsApp I go.
IMHO the desktop client of Signal is far superior to Whatsapp: the Desktop & iPad client of Signal allows Video & Voice (group) calls. Whatapp desktop client allows neither, only Chat, neither does it have a client for the iPad.
Biggest UX challenge with Signal for a normal person is the backup and recovery step. Whatsapp has made the process so seamless and Signal by design just cannot do it.
Apple support has occasionally asked me to reset my phone due to some iCloud issue. How do I back up my data and restore it after that without buying a second iOS iPhone?
Agree, but then I think about how often I actually look back at my message history, and it's extremely rare (essentially never further back than a week). Not sure if I'm an outlier or not, and it's strange in that I'll regularly need to find emails from years back.
Well, seamless... on iOS they just lean on iCloud and dump/backup everything with no way of historicizing. It’s easy only until you’ve hit the iCloud free tier limit
I’m surprised by your answer. You’re literally reacting but ignoring the rhetorical aspects of my question and its implications. I guess it’s a way to drop the discussion
My main gripe with any non-WhatsApp chat app on Android is the same: notifications never "just work". I don't know if it's just my Samsung or what, but I can't get Telegram or Signal to reliably deliver notifications to me when they are closed or in the background, only when I open the app.
Yeah that's samsungs fault, check https://dontkillmyapp.com for explanation and workarounds (if they exist). I regularly want to bang my head against a wall because phone manufacturers seem to be really uncomfortable permitting anything with less than a billion users in the background while having their own bloat run restriction free.
Depending on the specific apps it is usually that it is not using GCM/FCM (something like Conversations) or that the battery manager is very aggressive and Whatsapp is whitelisted by default (because so many use it).
For Samsung I think it is the latter, since many apps have the same problem on Samsung.
I wonder why this is so it or why it could be so on Android. Notifications are/should be handled by the OS (mainly to conserve battery) and then handed over to a lean piece of the application for display and any immediate actions. I’ve never had issues with notifications on iOS, but would like to understand how the Android app model is different.
You should look at "Optimising battery usage" in the the application settings for Samsung. WhatsApp is likely whitelisted to prevent this behaviour, I imagine in time Signal will be as well.
I still try to find the advantage over Whatsapp in the long-term. I get that Signal is not Facebook, so it has that going for it, however beside that it leaks the same data (which Signal says it is not storing however). You could probably compare it to Whatsapp before it was sold to Facebook.
So I have to ask myself: What happens if Signal has financial issues?
edit: Signal is open-source and non-profit as commenters pointed out. That's indeed advantageous.
Signal is registered as a 501c3 nonprofit, there should be challenges to buy that. Granted, I have not investigated if someone else holds a trademark or so that maybe still allows for something to be sold.
Signal not only encrypts messages (Whatsapp does as well), but also seem to make sure there is as little meta data available as possible. This should make it less interesting for eg. Facebook to buy them.
I do not know about their attempts at minimizing meta-data however I guess the usual meta-data like who texted whom and when is still there. Maybe it is not stored, but I have to take their word for it (and I tend to believe them), but the data is still there.
This data is there at any rate however confederated chat apps can use different servers (so data is not congregated) and you can also change accounts easily (it's harder to change phone number).
I have not looked into how it works, other then reading the blog post, but it seems like they are trying to figure out that part as well: https://signal.org/blog/sealed-sender/
But yeah, as long as they own the servers I am sure they could puzzle it together if they wanted.
worth looking that the cwtch.im alpha chat app, that attempts to mitigate the metadata problem with TOR, and having untrusted servers that host group chats.
Similar philosophy to Signal of trying to really get usability right (looking at you, Element). Though still early in alpha development, wouldn't trust current alpha builds to be reliable.
I'm a big fan of Signal and have been encouraging friends and family to use it.
That said, I (like others) am a bit concerned about the lack of updates to Signal-Server (https://github.com/signalapp/Signal-Server/commits/master). Commits seemed to suddenly stop April last year, and I'd be very surprised if the actual Signal Server that's running in production hasn't been updated over such a long period. Would be very happy to be proven wrong here, or to be pointed in the direction of anything that might explain the lack of activity.
A bit for the worse in practice due to the non-federated server meaning you have to trust they run the server code they claim to run.
On the client side I find their interest on self-updating problematic (since they may silently push updates to specific users), but at least you do have the option to remove it.
How does "sealed sender" actually guarantee that without some type of bizarre onion-style routing?
At the end of the day they literally control the only in-pipe and the only out-pipe and can measure whatever the heck they want from it. Including from which address the message came from.
Having recently moved (trying to, at least) to Signal, there are a few UX issues indeed that I can see as show stoppers for greater adoption, especially in the older, non-tech-savvy population:
- get rid of the pin as a default option, it will confuse and put people off, keep that in the settings for people who care
- allow pictures/files to be sent to multiple targets (users or groups) - this one is SO annoying!
- save received media in the gallery automatically by default, most of the time they are precious memories and they need to be easily picked up by cloud uploaders, backup apps etc. Make this an option in the settings for people who care or do not want it.
- better error handling (as pointed out by the article)
- had friends who joined, but then quit/deleted the app, Signal still shows them.. this needs fixing, too
As mentioned in the article, WhatsApp UX is pretty world class, it's smooth, it's fast. Just copy it as much as you can.
I have tried to move some of my younger friends over and they appreciated the privacy angle, but I can see unless I actively push for it, they will "unknowingly" revert to WhatsApp.
I am holding off trying to migrate my older friends and family who are less flexible with tech stuff, I know I only probably have one shot at this and as it is Signal will fail. I will wait a couple more months and see if things have improved, if not, I'll just push for Telegram.
Telegram is not as good as WhatsApp either UX-wise, but it's much better than Signal.. and the fact they have some really nice apps for desktop without requiring the phone as a "source of truth" is actually a big usability advantage.
As others said, it's not that I'm paranoid about state actors and am not adamant on perfect e2e encryption, I just don't want Zuck to take a peak or my children's photos to be used in some FB deep learning face recognition DB or god knows what else.
So a new account called Signalvwhatsapp submits a UX "case study" regarding the usability of Signal vs. Whatsapp (it says so in the post title: "Is Signal as easy to use as WhatsApp? (a ~40 hour analysis)"). The study instead is 95% about the onboarding process and maybe 5% about the app itself. Nothing about the sharing workflow of images, videos, audio or group messages. Stuff most users are interested in the most probably.
Nothing fishy at all about this.
Furthermore: no app can access the iOS keyboard or modify it for obvious security reasons. Having a numpad up is as good as it gets. So the critique about the recommendation of pasting the numeric code from messages is hardly valid.
And dont forget the cryptic “safety number has changed” message you get in Signal when somebody else repaces their phone. It freaks out my parents every time. Yeah you can prevent that but most people don’t realize in time.
This is a feature. Otherwise MITM attacks would be silently possible -- in layman's terms, when someone replaces their phone, you no longer know who you're talking to; there's no way for Signal to tell the difference between that and someone intercepting your messages. The flip side of the "panic" is that when it doesn't happen, you still know you're talking privately with the same person.. which can't be said for whatsapp, which hides these messages by default.
Perhaps they could improve the phrasing of the message, but they absolutely should not remove it.
WhatsApp has the same kind of info messages, except that it calls them as “security code” and doesn’t force a verification or show a verification button unless you tap to see more info.
So we have gotten to actual communication and no one has checked the "safety numbers" ... which is perfectly fine. What isn't fine is that the user is left unaware that they are implicitly trusting Signal with their privacy.
I think that we need a sort of "truth in advertising" principle for these encrypted messaging things that claim end to end encryption. It is perfectly OK to trust an entity like Signal somewhat, particularly when the alternative is trusting an entity like Facebook. Just be honest enough to indicate that a major feature is not effective.
How is this different from literally every single messaging service out there? Having to verify safety numbers out-of-band is an inescapable physical truth, and one which doesn't really matter unless you're worried about active attacks against you.
Active attacks that are really trivial to perform in the case of something with a single server controlled by a single entity. Most of these things take that form.
>Having to verify safety numbers out-of-band is an inescapable physical truth...
The reasons for this are fairly opaque to most people. It is kind of dishonest to just assume that people will do the checks for no real reason. You have to at least allow the user to understand the tool.
Note that Signal made it easier to ignore the change of a safety number a few years back. So in a sense they are getting worse at addressing the problem.
40 hours and not a single mention of the fact that the chat interface on signal is far less condensed than WhatsApp (you get 3-4 messages+ a thumbnail per screen on signal to WhatsApp's 7-8). This compounds the difficulty of telling which user is commenting when the only identifying thing on the screen is the color of the message.
Signal does much better embeds though, and the call quality is pristine.
I tried to get people in my life to switch and failed. One person tried it out and quit in frustration because (a) messages dropped over the weekend (apparently during their downtime, and then (b) when they downloaded the desktop app they couldn't naturally continue the conversation that had started on mobile because the previous messages were not visible and so they could not be "replied to".
The first point isn't really an ease of use issue, but the second is definitely a tradeoff between usability and security.
So my friend left in frustration. Trivial inconveniences that would not deter someone who cares about using Signal can easily dissuade people who were not really motivated to switch in the first place.
And now I have my own frustration: once a user joins Signal once, the app shows them as having Signal even if they deleted the app and haven't used it in forever. So here I am sending messages to people who once tried the app and then quit and instead of those messages getting sent as SMS (which would happen had they never joined) they go nowhere.
Honestly I'm not really the target audience for a security-focused app. I'm interested in privacy and regaining autonomy in my digital life, not being beholden to the whims of a $BigTech ToS that changes every month and is my adversary. So I'm looking at Signal because it seems the best bet, but I'd prefer something that made fewer UX sacrifices for security.
After using WhatsApp for years my parents installed Signal. For some reason it was shown for them in English, which they both don't speak. And guess what, they could use it without any issues because all chat apps are the same.