A truly better signal is one that’s not using a centralized service.
Yes and no. decentralization is great for a lot of reasons but it does come with downsides. I don’t know about you, but i convinced my family and friends to use and keep Signal for years now and i don’t think i would have had such luck with Matrix/Element, let alone a p2p app.
I’m glad decentralized options exist and think they deserve more funding and love, however.
My family uses Matrix, and if some don’t, I don’t talk to them online.
I don’t see an issue as signal is designed not to trust the server. Signal also uses sealed sender and Perfect Forward Secrecy, which is something almost all e2ee messengers lack. What it means in practice is signal leaks very little if any metadata, if you leak metadata you give away details about who your talking to and for how long, etc. Examples might include talking with a suicide hotline, or a doctor, maybe a customer service agent at a company and for how long. Those details will give a lot away about you, even if the messages or calls themselves are encrypted. Matrix is not recommended for communication because it fails to properly hide metadata and actively trusts the servers. When you make a call on signal, as long as both users have “Always Relay Calls” set to disabled, your calls will be peer to peer instead of trusting a central server to facilitate the connection and trusting a middle man. What this means is since the connection is peer to peer you can leak your IP address to the user you’re talking to, however a VPN fixes this issue.
Thanks for taking the time to reply. There are multiple issues with centralization.
-
A prime one is that the entity that you (have no choice but to) trust today will eventually turn against you at some point down the road. In the case of Signal, the writing is on the wall already: using a 3rd party client is against Signal’s ToS, and Signal has been seen pushing controversial features like crypto payments that, as a user of their captive ecosystem, you have no choice but to engage with.
-
Signal is an entity that’s incorporated in a jurisdiction and might be compelled by law not to provide service for certain users, or to degrade its encryption to comply with the local regulator. Using a centralized service like Signal makes you an easily identifiable/prime target in such a scenario.
-
No matter what Signal says, nobody but themselves can verify what code runs on their servers, and what amount of logging/data processing goes there. Because every account checks in through them, because every message is routed through them, there is no technical barrier to knowing who’s who, who’s talking to whom and when, with the nature of the communication (text, video, image, …) from which a lot can be inferred. As far as I understand the American law, any agency could tap into that, either directly, or via Amazon on which the whole thing is running. I am not paranoid enough to believe that 3 letter agencies belong to one’s typical threat model, but with SGX contact discovery from phone number and sealed senders, Signal kindah panders to those? Either way, those are unverifiable mitigations to problems that decentralized systems do not have.
I could go on and on, but the first one is the main one IMO: we are past the need to trust anybody with our instant messaging and put a fundamental aspect of our lives at the mercy of (geo)political and societal woes. That’s practically a solved problem in the opensource world, and we can make it ethical and sustainable by just opting out of the dominative model of monopolistic and centralized systems.
A prime one is that the entity that you (have no choice but to) trust today will eventually turn against you at some point down the road.
- How does that change with federation, you always trust someone. Why should I trust the shady person running software on their basement, even if you self host, you are trusting the developers not to ship bad or poorly written code.
using a 3rd party client is against Signal’s ToS
As far as it being against signals tos, molly exists and had not received any problems from the signal foundation to my knowledge, discord has the same clause and they don’t seem to give a rats ass. Sure they could enforce it but they don’t, and personally with how matrix clients are handled they have mixed security, fluffychat has security issues ranging from outdated SDK versions to quite literally ddosing homeservers because of a non-existent rate limit.
pushing controversial features like crypto payments
The crypto stuff wasn’t great but you know what’s cool? You don’t have to use it. Simple as that. You don’t have to engage with it and you and I both know that. It’s buried in settings and you have to find it yourself.
Signal is an entity that’s incorporated in a jurisdiction and might be compelled by law or to degrade its encryption to comply with the local regulator.
- I’ve always used integrity as a metric as to how trustworthy a service is, and in terms of signals e2ee, they’ve never lied about it, it’s been proven in court multiple times not having any data on their users, no government can compel anyone or any company for things they don’t have. Signal had everything to lose by lying about their encryption and nothing to gain, so why would they? Why would any company take a huge chance at a death blow just because? Signal is a non profit so they don’t have any incentive to degrade it, they would be dead tomorrow if they got caught.
Using a centralized service like Signal makes you an easily identifiable/prime target in such a scenario.
Signal is not an anonymity tool, and has never been advertised as such, if you need anonymity, signal is not a good choice. You can make it more anonymous by using a burner phone but that’s a different topic.
No matter what Signal says, nobody but themselves can verify what code runs on their servers
- You can’t really confirm what any software can or cannot do, even if it runs on your system. Open source software is bound to the same principals of code, it will do exactly what you tell it to do, even if it is not intended (a 0-day, bug, etc.). Thousands of people constantly are monitoring the Linux kernel and it is still found to have tons of 0 days baked in due to it running a fuck ton on ring zero. You can’t just inspect code and know exactly what it’s doing, unless it’s a hello world program it gets quite complicated. Verified safety numbers also make sure that no man-in-the-middle attacks can take place, making conversations even more trustworthy and still not trusting any server.
As far as I understand the American law, any agency could tap into that, either directly, or via Amazon on which the whole thing is running.
If everything is encrypted, what could Amazon tap? You do realize sealed sender and PFS take away any trust from the server correct? It’s all encrypted, your aren’t trusting the server at all, it’s completely trust-less, and unless you think Amazon or governments can at this very moment tap any encrypted data and decrypt it, I would recommend taking a walk outside and realize that no one, NO ONE can decrypt current encrypted standards.
Unless you can point me to a reputable article showing in great detail that signal is lying about their e2ee claims then I’ll rest my case. Signal has been proven time and time again to not have any data on their users except the minimum required for the service to work, that’s called integrity.
Also there will always be someone you trust on the internet, nothing will change that unless we completely rethink how the internet works.
Edit: added quotes Edit 2: added extra info
A prime one is that the entity that you (have no choice but to) trust today will eventually turn against you at some point down the road.
How does that change with federation, you always trust someone. Why should I trust the shady person running software on their basement, even if you self host, you are trusting the developers not to ship bad or poorly written code.
Federation is different in that:
-
you can chose amongst a very diverse pool of providers, including local ones that you actually have a chance to meet in person, those with shared ideals that enable long-lasting/mutually-beneficial relationships, some operating truly in the open and enabling a just and provable retribution for the offered service (i.e. “you are not the product”), etc
-
you can be your own provider, and with “turnkey” self-hosting options like https://snikket.org/ , it’s never been easier to do it safely at small/medium scale, and cheaply (e.g. for a family/neighbourhood/association on a shared instance/RPi/…)
-
choosing a provider never cuts you off from the rest of the network: you are not tied to anyone, and you can migrate with no drama nor loss of contacts/histories/data like is the case when the captive networks “flavour of the year” inevitably shut down.
using a 3rd party client is against Signal’s ToS
As far as it being against signals tos, molly exists and had not received any problems from the signal foundation to my knowledge, discord has the same clause and they don’t seem to give a rats ass.
You must be new on the internet to believe that this is a sustainable state of affairs. Google was letting you use GApps for free until it didn’t. Reddit used to be mostly usable and ads/clutter-free until it wasn’t. Recently Unity pulled a weird one against their users and customers for a quick buck. Examples are plenty, and more recently people have referred to this as “enshittification” or “the tyranny of the marginal user”. Such monopolistic networks are particularly prone to that phenomenon, by design. Personally I don’t want to live under the constant threat of a single entity potentially changing its mind/ToS, and I certainly don’t want to drag my family, friends and peers into the gamble.
pushing controversial features like crypto payments
The crypto stuff wasn’t great but you know what’s cool? You don’t have to use it. Simple as that. You don’t have to engage with it and you and I both know that. It’s buried in settings and you have to find it yourself.
fair but you missed the point: Signal already controls and enforce this aspect of your user experience, which only benefits themselves, in spite of the significant backlash. Sure you can feign blindness, but what’s next and what recourse will you have ?
Signal is an entity that’s incorporated in a jurisdiction and might be compelled by law or to degrade its encryption to comply with the local regulator.
I’ve always used integrity as a metric as to how trustworthy a service is, and in terms of signals e2ee, they’ve never lied about it, it’s been proven in court multiple times not having any data on their users, no government can compel anyone or any company for things they don’t have.
Integrity has nothing to do with that, Signal can absolutely be forced by law to suspend its service in some countries (e.g. to implement sanctions) and whole regions can disappear from the network overnight. In terms of resiliency, that’s pretty much how email (federated) just works from anywhere, but things like WhatsApp are blocked in e.g. China or allowed to work without E2EE (e.g. in some Gulf countries).
You can’t really confirm what any software can or cannot do
Sure, but you missed my point, in case of sealed senders and contacts discovery, we are not talking about zero-knowledge/E2EE but about Signal basically saying “trust us, bro, we ain’t looking at it” which can’t be proven one way or the other.
If everything is encrypted, what could Amazon tap? You do realize sealed sender and PFS take away any trust from the server correct?
I’m not sure that you understand what’s really going on. All your messages are routed through Signal. You can absolutely infer who’s talking to whom with enough frames by just matching packets popping out of X and being received by Y. Encryption plays no role in that because this takes place at a lower level. At least some protocols like XMPP let you host services entirely on Tor or to even skip the central server.
-
-
Look at https://simplex.im/ then. It’s work in progress but the design is good.
But I’m glad to have a better Signal client too.
The page isn’t loading currently… What protocol is it using? and if neither XMPP or Matrix, then why even bother?
The site is https://simplex.chat . It uses it’s own simplex protocol. There are no permanent user identifiers with SimpleX which gives a lot more privacy and independence. Here’s a comparison: https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SIMPLEX.md#comparison-with-other-protocols
It appears to be P2P, so, just like federated protocols, they are good in my book compared to centralized silos.
But I have yet to find a P2P chat protocol that works well in practice on mobile (energy efficiency/battery usage is a real concern, and mitigating it in practice means losing the benefits of P2P without the advantages of federated).SimpleX is not purely P2P as there are servers that forward the messages. The battery consumption is still too high with SimpleX, but that can and is being worked on
Yes. You’re right. When you make a post you probably should give a body to it rather than just a link to a project. Why do you think it’s a better signal? Otherwise people aren’t going to find it super useful
It has a F-droid repo and has a completely foss option.
I just assuming people would click the link
Most people are not going to click the link, they might click in to see what you’re talking about, but you just link to something else, so most people are just going to charitably just go away.
I don’t understand. What makes Molly more trustworthy than Signal, if they both use the same central sever? The website doesn’t really provide much data.
The database is encrypted
How does that work, though? It’s the same servers and protocols, right? So it would verify with an sms. Or is Molly not compatible with Signal (Molly users talking with Signal users), and I’m just completely misunderstanding the statement of being a hardened Signal?
I had mistaken molly for a different signal fork. Molly just uses an encrypted local db that doesn’t rely solely on the OS encryption method.
Ok, so besides being mostly FOSS (Molly) or all FOSS (Molly-FOSS), the only difference, is that Molly encrypts your db on top of the laughably easy to decrypt Signal db encryption and OS encryption? Wouldn’t that make push notifications impossible, though?
You get notifications but you don’t see the sender of the message or the content. At least I haven’t found an option to enable that.