[dodgerdan]

Improving UI/UX around to clarify the SMS function is insecure is almost impossible. Google did research around SSL cert warnings a few years back, their conclusion was that people don’t read and just dismiss warnings, no mater what UI was. A frightening percentage of people also think the security padlock icon is actually a handbag.

Most people simply lack the technical basis to understand the security implications of sms. And for Signal to be a secure messaging system by default SMS needs to be removed.

[thomastjeffery]

That's assuming a lot of context. Your talking about a tiny icon next to the address bar in a browser. Of course people didn't always know what that was!

Signal's primary feature is encrypted messaging. You don't get it without at least seeing the word "encrypted" somewhere.

[dodgerdan]

Counter point most people think Telegram is e2ee secure messaging, but Telegram never said they were.

[thomastjeffery]

And that doesn't get clarified by UI that distinguishes between encrypted messages and SMS, because Telegram doesn't have such a thing to distinguish between.

My point is that all of this is orthogonal to whether Signal can successfully make UI show users when they are sending encrypted messages vs unencrypted SMS.

Most of the confusion you are citing is about whether an app does encryption or not, and that is a totally distinct problem domain.

[dodgerdan]

You’ve failed to make a distinction between e2e encryption and TLS encryption, how do you explain that in UI?

[lucideer]

The only similarity between these two UX scenarios is that they involve encrypted network protocols. From a user standpoint there's no similarities.

Firstly, the messaging decision is presented to the user before an action (send SMS/Signal). It's capable of blocking and takes place as part of an active use flow where the user is trying to complete a task. With browsers, the differentiation in UI is displayed after a user action. It doesn't block and the user doesn't require interaction to achieve any goal. Why on earth should they pay any attention to it?

Secondly, the UX for messaging is an equivalent paths binary decision: you're asking people to choose A or B. There isn't an inherent default so a user doesn't start out with a bias toward one or the other. They can easily be required to read to proceed.

With browsers it's a yes/no binary decision: the default (yes) is insecure (for an insecure website). It requires no action from the user. The secure option (no, leave) asks the user to do something. It's a choice between inaction (insecure) or action (secure). That's heavily stacked.

Lastly, even the context surrounding the apps themselves is incomparably different. One is a security upgrade of an application everyone's been using for decades (often unknowingly; "the icon for the internet"). The other is an app people consciously download and install explicitly for security reasons (regardless of whether they understand those security reasons it's at least the motivating factor).

[krater23]

The people you talk about see no sense to use signal at all. So why should they install it when they have SMS? And when Signal is installed, why should the change the app and use signal instead of SMS?