Hacker News new | ask | show | jobs
by miki123211 399 days ago
This is why Signal is so opposed to third-party apps (or forks) that connect to their service.

If you want to keep the branding of Signal being the secure app, you need to make sure that all Signal users are actually using a secure version of Signal.

If an insecure fork (like this one) becomes too popular, most groups will have at least one member using it, and then the security is gone.
3 comments
pchristensen 398 days ago
That was Apple's same reasoning for shutting down that iMessage client app. These leaks seem to justify their concerns.
link
xandrius 398 days ago
Nah, that was to keep their users hostage and force them to buy a iPhone.
link
fn-mote 398 days ago
This is a shallow dismissal of an argument that should be given more consideration.

Sure, this is HN, we know one of the effects of locking the ecosystem and coloring in-system messages differently is to encourage people to be in the ecosystem.

At the same time, you ALSO need to consider that obviously there will be leaks.

Malicious/advertising apps will target the new messaging interface to gain more data on their victims, etc.

link
smaudet 398 days ago
Safe encrypted group chat with stangers is an oxymoron.

Locking down a platform is not an acceptable solution to the above conundrum - it doesn't matter if the user is using an official device/app whatever if they are untrusted. They can always turn around and leak everything you say without any technical measures.

Should we have no security? No, if you want to color messages differently based on perceived platform, fine. This is just an illustration that no technical measures can replace the fundamental trust necessary in these types of situations.

link
aesh2Xa1 397 days ago
Hm, my understanding is that TeleMessage archival works with iMessage in the same way it does with Signal.

The third-party federation problem is real, but the vulnerability caused by TeleMessage isn't solved by removing federation.

link
xorcist 398 days ago
If your product is a strong brand then that would make total sense.

I believe the main criticism against Signal is that they should focus on getting widespread traction of secure messaging, and that perhaps the brand can be a relatively distant concern.

link
calvinmorrison 399 days ago
That doesn't seem to be a problem for protocols and having a single implementation can lead to bugs that defy spec yet cause no issues obviously.
link
ctxc 399 days ago
But you're not branding or selling implementations
link
ctxc 399 days ago
*protocols
link