[jwr]

Signal is in an impossible position. On one hand, it needs to appeal to the crowds currently using WhatsApp and happily syncing their entire contact list to Facebook/Meta, so that they can be profiled and a social graph can be built. That crowd needs it to be super simple and "just work". If it doesn't do that, people will criticize it for being difficult to use.

On the other hand, it needs to provide ultimate security, even though there is always a compromise between security and convenience. If it doesn't, geeks will criticize it for not being secure enough.

[jeroenhd]

I this case, Signal could give users the option to protect their privacy by giving users the option to disable/mask/randomize timings on delivery receipts. I think there's a way to do it.

Thanks to this leak, surveillance states don't need to work around sealed sender stuff, though. They can just mass collect the Signal data and figure out IP patterns over time. Without proxying your traffic through ever-changing proxy networks such as Tor, it's only a matter of gathering data. Especially if someone accidentally hits the call button, which arranges a peer to peer setup immediately identifying the two parties.

Signal is still the best general purpose messenger out there if you value privacy and security. My government uses it as a communication mechanism between people and embassies in places with terrorist presence.

It looks like SimpleX has some protocol advantages but reading the reviews, the app doesn't seem good enough for the general population. It's probably because they value privacy above usability, but with problems like "messages don't get delivered if the other party doesn't open their app for a few days", that app isn't going to work for the people I talk to. I also can't really find who's paying for SimpleX, all I can find is anonymous donation links and a company listing in the UK (the country known for forcing Apple's hand in disabling E2EE backups). Probably fine, but once again, no messenger is perfect.

[dijit]

Signal would have had a better time if it had opened the idea that they don't have to be the ultimate authority and intermediate message broker..

Messaging your friends? What about your family?

One of you a nerd? Have one of those people stand up a server and federate it.

If Signal remains the "authority" here, then there can be mechanisms for spam reports across federated lines, distributed blacklisting and an appeal process.

That would alleviate their burden significantly, it would retire the notion that they have to always have perfect security and it would be in-keeping with their idea that "we don't want to have the information that could expose users". The easiest way to not have information at all is to not even relay it.

[nik_ca]

That's actually done already in XMPP (Jabber). Federativity, voice calls, E2EE, direct and offline file exchange, no sms verification and other bs, max privacy and convenience.

[dijit]

Sure, XMPP could go a lot further with a central body which set a minimum set of XEPs to standardise and maintained a blacklist of bad hosts though.

Signal could have helped a lot here (so could others, to be honest).

[Vinnl]

IMHO it's a very feasible position to just let those geeks keep criticising while meaningfully raising the bar on privacy for the average user. There will always be geeks who complain, but also plenty of them that see that perfect doesn't have to be the enemy of the good.

[binary132]

Aren’t YOU the one saying perfect (“complaining geeks”) is the enemy of the good-enough (“raising the privacy bar for everyone, but not really that much”)?

I’d go as far as to say good-enough is the enemy of the better.

[Vinnl]

Yes, I am saying that perfect is the enemy of good enough. I think that if Signal were to keep chasing the complaining geeks, it would cease to be good enough. In the sense that it would be far less widely used, and thus not raise the privacy bar of society even a little bit. Which is why I advocate for not worrying about the complaints too much, i.e. to not let perfect be the enemy of good.

(Obviously there's always room for improvement, but even if there wasn't, the complaining still wouldn't stop.)

[fragmede]

This seems like a good place to drop Blue Sky's RFC on contact list sharing. Basically, they're got a way that you can share your contact list without sharing your contact list.

Through the magic of cryptography, there's now (maybe) a way to "encrypt" your contact list, upload it, the server can then find your contacts without decrypting it, and connect you with them.

That's not remotely technically accurate a way to describe what is happening under the hood, but the point is, you can share your contact list without sharing your contact list.

This magic is in RFC status from Blue Sky here: https://docs.bsky.app/blog/contact-import-rfc

[d1sxeyes]

Signal solved this years ago: https://signal.org/blog/private-contact-discovery/

[jwr]

Signal doesn't share your contact list. WhatsApp does, and this will not get "fixed", because it is done on purpose. It's the reason why Facebook paid $19 billion or so to buy WhatsApp, and from what I understand it's the main reason why Facebook/Meta keeps maintaining and developing the app.

That contact list is a huge deal if you consider how, connected to other data leaked by people using Facebook, Facebook Messenger, Instagram or other Facebook properties, it lets Meta know so much about you. For example, do some of your contacts use Messenger with location information? Do they often travel to the same location, which is a school? You likely have kid(s) in the same school as they do. It's scary if you consider the implications.

[bossyTeacher]

>there is always a compromise between security and convenience

This is the eternal struggle. You can only hope that Whatsapp will mess up bad enough to outweigh the gigantic convenience it offers to users

[dist-epoch]

Sounds like 2 apps to me, maybe they should split it into Signal and SignalUltraSafeTM, for the paranoid, but more inconvenient, with some interoperability between them.

[CrossVR]

What if people on SignalUltraSafeTM want to talk to people on regular Signal?

Telegram solved this already though, they allow users to register using either their phone number or a unique username. But Telegram has a huge spam problem. Which is likely the real reason Signal requires a phone number.

[nalekberov]

> But Telegram has a huge spam problem. Which is likely the real reason Signal requires a phone number.

I was able to register with fake number I got for free on the internet. That clearly doesn't solve SPAM problem. If I know that, Signal certainly knows that.

[CrossVR]

There's not an unlimited amount of fake numbers available, that's the difference. The point is to limit your ability to register thousands of accounts.

Spam filtering is a game of numbers, every limit you impose to the ability of spammers to amplify their message reduces the likelihood a particular individual receives a spam message.

[Sophira]

Did you have to supply your personal details to anybody in order to get that free number?

[nalekberov]

Not at all, but the downside is it works until someone takes over.

[Esophagus4]

And then you have to pay for premium to prevent unknown users from spamming you!

Booooo you telegram

[danelski]

The paranoid crowd already has decentralised apps that you might not have heard of because… well.

[udev4096]

Ultra paranoid group already despises Signal because of it's strict phone number requirement and moxie's stubborn and unreasonable stance on refusing anyone to self-host. Matrix is far better than Signal

[jeroenhd]

If you're looking to protect yourself from metadata analysis, Matrix is not the protocol for you.

Matrix and XMPP are excellent protocols for decentralisation, but their E2EE implementation leaves all kinds of metadata exposed outside of the E2EE envelope.

You need to trust the server to not expose any of this information to anyone else (which is difficult to do when the police comes in with a warrant). If you use your own Matrix server(s) this isn't a direct problem, but then the communication links between you and the people you talk to would stand out immediately, so protection fails in other ways.

I'm not saying you should drop Matrix or anything, its decentralized nature and clear finances do have some trust advantages over Signal's occasional behaviour, but on a protocol level, an ultra paranoid person would probably be better off using (an audited client for) Signal.

[udev4096]

What metadata exactly? Matrix only publishes the absolute required metadata for functioning of federation. Unless you can pin point exactly what metadata and how harmful that is, stop throwing that word around. Whoever is pushing this narrative of "metadata leak" in matrix needs to come up with actual facts

[Arathorn]

Speaking as project lead for Matrix, the protocol does currently expose more metadata to the server than it should. Specifically, the main issues are:

* no sealed-sender (but see the OP on why this is not a panacea)

* server can see which users are in which rooms

* plaintext room names & topics (so serverside search can work)

* aggregations (metadata around reactions, edits, replies, threads - ie who reacted to what and with what emoji)

We’ve been working away improving this - for instance MSC3414 defines a way to encrypt key/value events like the above, and an implementation landed this summer. Similarly per-room user ids are planned too. However, it’s not trivial to get right, and we are underresourced so the work is going slower than we’d like. Also, decentralisation at least means the metadata doesn’t pool in some centralised place (as signal’s traffic footprint does, for instance). If you run your own server, then the threat may be acceptable.

[jeroenhd]

You can see the metadata outside of the e2ee envelope in Element. Things like message IDs in replies, room information, room IDs, in some cases emoji reactions, and other data will regularly find itself as part of the plaintext message. Of course there's still a HTTPS wrapper around those components, but the point is about E2EE.

Because Matrix wasn't encrypted from day 1 and because Matrix wanted to improve the general UX, especially for people not sending their notifications through Google and Apple, this metadata is still readable by the server(s) you connect to, so that they can serve users better. None of this is new and all of it is actively being worked on, but the Matrix ecosystem isn't exactly overflowing with funds at the moment so things take time.

Whether or not this kind of metadata being available to a participating server is a problem is up to you to decide. I use Matrix, I believe the federation upsides outweigh the protocol privacy downsides, so I don't think it's a problem for me.

However, the article discusses a privacy risk in Signal that is extremely niche and hardly a problem for 99% of people. It's more false advertising than an actual privacy risk, I'd reckon. What I want to make clear is that if you are part of the 1% where even the slightest metadata analysis poses a risk, Matrix is probably not the protocol for you.

I don't think there is any mainstream protocol that does fit the bill for someone like that. I'd start looking in the direction of Threema or TorChat if Signal isn't private enough.

[pcthrowaway]

I think Moxie's issue is with using their server for custom clients, but I'm curious if you have a link to him stating opposition to self-hosting?

[udev4096]

Moxie thinks everyone in the world is a fucking normie and people shouldn't be running servers because he hates freedom and loves centralizing everything. It's rare when such a genius cryptographer has hatred towards decentralization

[sliken]

Wow, that's a pretty negative take.

Signals mission seems to be something along the lines of helping the most people increase their privacy. Better to help millions resist the dragnet of surveillance by ISPs, governments, and large organizations then to have perfect security for a few. This requires a very easy to use client (i.e. click on signal in the app store and launch), features users want (send receipts, typing notifications, emoji, video, calls, etc), and making wrong choices hard. Like say installing a random compatible with signal client from an untrustworthy source.

So Moxie is fine with people forking the open source client, but wants them to use their own servers.

Distributed/decentralization isn't some magic pixy dust that makes everything better.

So sure federation can work, but it's harder, and you run into things like XMPP. Are there secure XMPP servers out there, sure, but how do you tell? Which XMPP server supports which extension? How many people use XMPP for their chat/calls on a daily basis?

Seems kind of weird to pick on signal for doing things well and getting popular. Could it be more secure/private, sure. Could it do so AND be more popular, not so sure.

[udev4096]

> dragnet of surveillance by ISPs

Yet relying on them for even signing up. How ironic. Signal is good for normies seeking privacy but it's so bad if you look past that

[writebetterc]

Moxie doesn't want to federate, that's the main issue I believe.

[longitudinal93]

Unfortunately Matrix hasn't yet implemented any PQ encryption so you are subject to store and harvest attacks.

[baiac]

Signal have chosen to put themselves in an impossible position would be a better assessment of the situation. Their choices have made it impossible to appeal to either part of the aisle.

[hacker_homie]

I mean you could always see where a letter was addressed, so knowing who your talking too seems like a reasonable compromise.

Sealed sender feels like a get out subpoena feature.