Not only is Signal a sketchy-as-fuck privacy-violating social network wearing "security" cosplay, now it also has a climate-incinerating Ponzi scheme bundled in.
Cool, cool.
Do they think we don't see through the thinly veiled pump and dump scheme that's proposed? It's an old scam with a new face.
Allegedly the controlling entity prints 250 million units of some artificially scarce trashcoin called MOB (coincidence?) of which the issuing organization controls 85% of the supply. This token then floats on a shady offshore cryptocurrency exchange hiding in the Cayman Islands or the Bahamas, where users can buy and exchange the token. The token is wash traded back and forth by insiders and the exchange itself to artificially pump up the price before it's dumped on users in the UK to buy to allegedly use as "payments". All of this while insiders are free to silently use information asymmetry to cash out on the influx of pumped hype-driven buys before the token crashes in value. Did I mention that the exchange that floats the token is the primary investor in the company itself, does anyone else see a major conflict of interest here? [...]
The whole Libra/Diem token (or whatever they're calling its remains this week) was a failed Facebook initiative exploiting the gaping regulatory loophole where if you simply call yourself a cryptocurrency platform (regardless of any technology) you can effectively function as a shadow bank and money transmistter with no license, all while performing roughly the same function as a bank but with magic monopoly money that you can print with no oversight while your customers assume full counterparty risk. If that sounds like a terrible idea, it's because it is. [...]
The larger trend is of activist investors trying to turn every app with a large userbase into a coin operated slot machine which forces users to buy from a supply of penny-stock-like tokens that are thinly traded and which investors and market makers collude on to manipulate prices for their own gain.
Yes, all that. But also, he began his post with:
This time [the exploitation and betrayal] felt much deeper because it introduced a conflict of interest from our fellow technologists that we truly believed were advancing a cause many of us also believed in. So many of us have spent significant time and social capital moving our friends and family away from the exploitative data siphon platforms that Facebook et al offer, and on to Signal in the hopes of breaking the cycle of commercial exploitation of our online relationships. And some of us feel used.
Well, I'm sorry, but if you felt that way about Signal, you were a damned fool.
It is clear from its design and behavior that Signal's priority is to be a social network first and an encryption tool second. Growth at any cost.
Signal immediately spams all of your contacts with your phone number as soon as you sign up, proving conclusively that they value "expand the social network" more than privacy. That shows where their priorities lie, and from that alone, you know that they're sketchy as fuck.
But beyond that, Signal pretends to be open, but very much is not. If you compile and distribute your own copy of Signal, you are legally prohibited from calling it Signal -- and if it's not called Signal, it cannot connect to the Signal network of servers, meaning your fork cannot talk to Signal users.
Which means that the only way to use Signal to talk to other people using Signal is to use the official app. And you have no way of knowing what's actually going on inside it. Maybe it's running the same code as what they publish. Or, you know, maybe not.
Abusing Trademark law to circumvent the checks and balances that open source development normally provides is just appalling. They get to pretend that it is open source, get that bullet item on the pitch sheet, get the good press associated with that, get credulous nerds to call them "fellow technologists" (whatever-the-fuck that means) while still maintaining absolute control.
Signal is no less a vertically-integrated, untrustworthy data silo than any product from Facebook or Google.
And now it is also roping you in to the global suicide pact known as "proof of work".
Cool, cool.
Previously, previously, previously, previously, previously, previously, previously, previously, previously.
A lot of your gripes are true AND frustrating.
However, you can build your own version of the client FWIW. Here's the info for Andriod (for instance):
https://signal.org/blog/reproducible-android/
I didn't say you couldn't build your own version, I said you are legally prohibited from distributing it.
The fact that it's possible to verify that the app that they publish is built from the code that they publish is good. But it doesn't excuse their abuse of trademark law by which they pretend to be open source, when in fact they are not.
> I said you are legally prohibited from distributing it.
You said:
> If you compile and distribute your own copy of Signal, you are legally prohibited from calling it Signal -- and if it's not called Signal, it cannot connect to the Signal network of servers, meaning your fork cannot talk to Signal users.
Moving on:
> But it doesn't excuse their abuse of trademark law by which they pretend to be open source, when in fact they are not.
Yeah, just like those evil folks at the Tor Project! https://www.torproject.org/about/trademark/ (And almost every open source project whose name is a registered trademark.)
Your comments are so stupid they don't even deserve a reply, but I'm going to leave them undeleted for your shame.
This also misses the fact that until just a couple days ago, their 'open-source' server implementation hadn't been updated in a year. So even if you wanted to roll your own server/client one or both of them would be whoafully out of date.
That decision, apparently, what’s the they could integrate all this dodgy payment stuff on the quiet. I fully expect them to do the same thing again.
This crypto idea is HORRIFIC. The fact that you can't use the same Signal account on two phones (or really any two Android devices) is also a major usability issue, as is the lack of federation, the sketchy "closed development in the open", the banlisting (or whatever we're calling it now) on Android for Chromebooks, tying accounts to phone numbers, etc. etc. Also the lack of taking community feedback seriously-- (bug reports and feature requests alike routinely redirected to a forum black hole from which no feedback-- not even light itself-- can ever return.
But anyway-- the builds are supposedly reproducable.
Oh I forgot-- I love the fact that to contribute to Signal, the champions of anonymity and Internet safety, you have to sign a CLA that asks for your real name, email address, mailing address, and phone #.
https://signal.org/cla/
We all know "Moxie Marlinspike" is real, right?
«And now it is also roping you in to the global suicide pact known as "proof of work".»
Currently "proof of work" is burning up quite a chunk of the coal reserves of China.
It is pretty much the equivalent of the story in the "Hitchhiker's guide to the galaxy" series where on arriving on Earth the exiled Golgafrinchans adopted leaves as currency and burned down the forest they lived in to make leaves scarce to prevent leaf inflation.
I agree directionally with the post, however
MobileCoin isn't a proof-of-work, running a transaction on it doesn't kill the planet the way it would on something like Bitcoin or Ethereum. IIRC it's modeled after Stellar, which is more like how Facebook's Libra did things: a bunch of trusted nodes (presumably picked by the MobileCoin team; in Libra it was FB and their partner banks) do a big consensus check on transactions, and if they can't reach agreement, the transaction didn't happen.
IMO it's still awful, and to your point, it's frustrating to see all these people be like "uwu but Moxie, I thought we were friends!!"; but I take the tiniest bit of solace that this isn't a planet-boiler.
Translation: this isn't really crypto, this is camel cash with extra steps.
Huh... having never heard of Signal, I was gonna make a joke about Ello, which I thought was defunct.
To my surprise, Ello still exists and has 1M active users (which is exactly 1M less than Parler), so I guess the joke is on... I dunno, Pinterest-users?
Also, I wouldn't be surprised if it was somehow revealed that Parler's only still around because they're doing some crypto-Ponzi bullshit.
No other social network lets you expire messages? it’s the least worst of a shitty pile of keep-your-data-for-marketing slime. Happy to change if there’s better, though.
There is no such thing as an expiring message. Only the illusion thereof.
"What's better?" That depends on your threat model.
I use iMessage and SMS, as my threat model does not currently include state actors.
If it did, I would not communicate digitally.
Very true.
But I'm not a government operative or anybody important. Just keeping my kids from snooping years of conversations and sexting. Yeah, I have my phone locked and all that, but there are cases where it doesn't work.
There is also the "abused wife" case where fuckface will beat the shit out of her if he doesn't have the PIN or finds the phone locked, I have dear friends in this situation.
I guess it's the difference between privacy and secrecy, and an imperfect solution is better than nothing. Or worse: Facebook.
I post this here since I am very open to real solutions, but don't really know what works in the abused wife case.
SMS is bad here. Husband has access to the cell phone records, after all, he controls all the finances, and metadata is enough to raise suspicion.
I think iMessage would work, except for she doesn't have an iPhone.
So, the abused wife case. Husband thinks that wife may be trying to talk to people who will help her get away from him. Buys burner phone whose number she does not know. Adds her as a contact on this phone. Installs Signal. Signal's contact discovery now tells him if and when she installs Signal, and doesn't tell her that he knows. Husband beats wife to death.
And the Signal people know it works like this because they designed it to work like this. And the solution to this problem is simple (use IDs which are randomly generated and definitely not phone numbers). But they don't care, because, well, why the fuck would they care? Having lots of users of your cargo-cult social network is so much more important than keeping those users safe, after all.
Just don't recommend Signal in cases like this: it's a way of getting someone killed. There are systems which have randomly-generated IDs and which have good cryptography. I won't recommend one because I haven't done the research and you also don't want to be taking a recommendation from some pseudonymous idiot on the internet. Just not Signal.
If the husband looking for confirmation and initiates some sort of scheme, there's many other less complicated avenues than what you say, since he has physical access. Drop a GPS in her car, put a keylogger on computer, etc.
The problem is nobody seems to know what actually IS better in this case.
I do not purport to solve this problem myself. As above, it's because I'm interested in mild privacy and just need auto-delete. I am, however suggesting that protocol designers should consider this use case, and, users should as well when signing up.
Error #1, as I see it, for ANYONE, is using your physical phone number into a computer the first place. That's a huge strategy error: entering existing identifying personal information into a computer. I'm not sure why this isn't obvious, we use spamtrap emails, right? Do you trust the system you are entering it into? If you don't know then the answer is no.
I know it sounds like I'm "blaming the victim" here and hate their policy as much as anyone. Signal's actions ARE creepy.
Because there are other mechanisms for an abusive partner to be abusive does not make what Signal does any less unacceptable. If you install Signal on your phone for 5 minutes while your abusive partner is not looking in order to cry for help, and then remove it completely, they know that.
As you say, using a phone number as an ID for any kind of supposedly secure communication tool is a bad idea. But it kind of might be an honest mistake made by people who just weren't very good about thinking about communications security. Writing an app which tells anyone who has your easy-to-find ID in their list of contacts that you've installed it isn't an honest mistake: it's intentionally compromising security for some other purpose (which likely is money).
For the "abused wife" scenario, deniability will be just as important as encryption. Installing any new apps is out, so I think only the "incognito" feature of the web browser can be used. Simply register a completely seperate account on, say, gmail, and only use it from an incognito tab.
I would recommend using a popular email service that the wife has a non-secret account for as well, so that when the abuser checks the network logs, all connections can be accounted for. (I.e. connections for the secret account can be explained away as connections for the non-secret one, which is used for, say, PTA meetings, etc. mundane things.)
Obviously real-time notifications and chat-like features will be a problem, but I think the deniability aspect will preclude anything that is not delay-tolerant like email is.
Maintaining good op-sec discipline will be vital, since one single login from a non-incognito tab can give the game away.
In addition to all that, I think it is approaching suicidal for Signal.
Now, instead of "just" being an encrypted comms app, it is also a value-transfer tool using a sketchy medium everyone understands even more poorly than Bitcoin. This will not endear them to various nation states who are already giving them some side-eye.
So now add FinCEN, the IRS, et al, and script-kiddie thieves to the list of those with professional interests in attacking and/or crippling them.
That's some smart growth hacking right there.
How many times does this need to happen in order for people to learn? XMPP is federated so there's no need to centralize our communications around these clients. More recently, there has been a bigger push for good open source clients so we are no longer stuck exclusively with Pidgin. Several clients have OMEMO encryption. Zero reason to be using Signal, Telegram, or any other garbage client that popped up in the wake of AIM and MSN Messenger.
XMPP is federated, which is nice. But speaking as someone who got paid to (among other things) administer both private and public-facing XMPP server networks in the aughts, there are good reasons why XMPP cratered (multiple incompatible groupchat implementations, competing incompatible reference server implementations, a presence model that simply never worked on mobile, and of course XML, XML everywhere) and I would not claim with a straight face that it's a viable replacement for Signal, iMessage, Whatsapp or any other actually-working chat network today.
As someone who has spent decades keeping stuff working using the X11 API -- including reimplementing most of it from scratch on two different platforms -- I have little sympathy for people who complain, "But the protocol is baaaaaad and the implementations are inconsistent and baaaaaaaad".
Life is hard. You put on your big boy pants and get it done.
I mean sure, but people still use X11. For better or worse it's stood the test of time and then some, and the world is littered with the corpses of its would-be replacements.
XMPP has been functionally dead for a over a decade now and if this were still a battle I was interested in fighting and I wanted to try to implement an open competitor to Signal/iMessage/whatever, XMPP would be a terrible place to start from.
Hey, my logs say I was still using Adium as recently as ... uh ... 2016...
WebRTC implementations frequently implement XMPP as a signaling protocol, notably in Jitsi for example.
XMPP is robust and in wide use, even if it's not obvious to you.
XML in general is also still in wide use. I know all those angle brackets are scary, but it works.
Oh c'mon. My recollection of the conversations on the various jabber.org mailing lists is admittedly a little faded by this point, but I'm pretty sure that "hey if we work really hard for 20 years, this thing might become one of three or four possible out-of-band signaling protocols for an in-browser media streaming API!" was not at any point the generally understood goal of the project.
The goal was an open, federated chat/presence network modeled on the then-popular AOL/Yahoo/MSN messenger products, which is why we're even talking about it in the context of a blog post about Signal. And for a while it even looked like we were gonna get there: Google adopted XMPP for gChat, Apple supported it in iChat, and AOL was circling the drain. I think even Facebook had some rudimentary support for a while, built on top of WhatsApp's usage?
But Google and Facebook both decided that the real money was in walled gardens and knifed the products and here we are: it's nice that there's still something that XMPP can be used for, but let's not kid ourselves that this was some kind of success.
Facebook Messenger began with XMPP support. They dropped that support long before the WhatsApp acquisition, and before Messenger was split out into its own app. This was a brief few years when if you used Adium, you could transparently speak to pretty much anybody anywhere, including AIM and IRC.
Ah, thanks. Back at the time, I tried once or twice to connect to facebooks' XMPP endpoint but quickly found that "all of my facebook contacts are now also my IM contacts and they can all see my online status and vice versa" was 100% the opposite of what I wanted out of an IM product, so I didn't spend a lot of time playing with it.
So, Signal is a tool which allows encrypted communication with disappearing (or, perhaps, 'disappearing') messages, and is soon going to be a tool which does all that but with an anonymous payment mechanism bolted on to it. That's pretty much a machine designed for people who want to buy and sell illegal things, right? That's so obviously who it's for it's not funny.
Except, except that, by design, anyone who knows your phone number can know if you are a Signal user while you will get no hint that they know. Which would be very convenient for some law-enforcement person who wanted to find out if you were likely to be trading in illegal things. And perhaps it will turn out that the 'anonymous' payment mechanism is also tied to your Signal identity and hence to your phone number.
Now obviously in real life the Signal developers are just, well the sort of people you would expect them to be: cult disciples. But in an only-slightly-alternative world, they would, in fact, be an agency of the government, because this whole thing is so precisely targeted at the sort of people they might want to entrap.
I'm not sure which world would be better.
I've been so saddened in the last decade or so by how many friends are so easily wooed by superficial marketing claims about Signal, crypto, etc.
So much is fashion.
It does not do that. They have a FAQ page specifically about this. Signal immediately spams everyone who has you on their contacts as soon as you sign up. There's a difference. Only people who already know your phone number will find out that you signed up for Signal.
Maybe you don't like that either, idunno. But it's an important difference. You imply that people who don't have your number will get it, but that's not true.
Put another way: Signal reads your contacts to say, "let me know if any of these people get Signal" and not "tell all these people that I got Signal". It's listening for them, not sending to them.
Yeah, well, who am I to believe, their FAQ, or my lying eyes.
I can't speak for how it worked in 2017 (or, hell, how it really works today) but that's what they're saying now.
Makes me want to run an experiment: Alice has Signal. Bob does not. Bob has Alice in his contact list. Alice does not have Bob in her contact list. Does Alice become aware, at all, of Bob once he installs Signal?
Now I wonder if I have an Android phone I can wipe, and a spare working Ting SIM lying around for "Bob"...
That would be a good test.
I think the point here is that even if Signal really did what they said they do-- and that's questionable -- the effect is the same because of the dark pattern specifically encoded into the service.
Even taking your word that everything you and their FAQ say is true, does it matter? I sign up for Signal, and everyone who has me in my contacts list, from my good friend to the woman I bought a chair from off of Craigslist 15 years ago, gets a big notification about it, and I don't even have a choice in the matter. I click a button, and without my even knowing it, the app bothers a whole group of people by interrupting them with a thing with my name on it.
That's the sort of hostile growth hacking shit beloved by Chief Growth Officers who are convinced that achieving the right hockey stick graph will make them god's gift to humanity, but anyone remotely familiar with the basics of normal human behavior knows that the proper way to act when you enter a building is not to run around interrupting every single person inside who has ever heard of you merely to announce your presence, and merely transporting the interaction to the internet doesn't change that.
First, I just want to make clear, apart from being a Signal user, I have no affiliation with them and don't really care if Signal dies or thrives.
Second, yes the truth matters. You can say "Foo sucks because of reasons A, B, C, D, and E" but if reason D is obviously false, then that calls into question the other reasons listed.
Maybe you don't like the user discovery pattern they're using, and I can understand that, but exaggerating it by saying it does something that it really doesn't is being dishonest.
It's been a while since someone new has shown up on my Signal contacts list, so I don't recall what happens, but I find it hard to believe that it pops up a notification and interrupts the user when someone they know signs up for Signal. Maybe it does, in which case yeah that's super dumb, but it's so ridiculous I have trouble believing it.
Yeah, that would be crazy, right? And (as of 2017) it absolutely literally did that. Probably there's a way to turn it off. Probably you did that. What I did, was uninstall it.
GROWTH HACKING!!
I installed Signal at the insistence of a cryptogeek friend in 2017 and kind of forgot about it.
Since then, and certainly in the past month, I have gotten a notification when someone in my contacts list installed the app.
It is horrible, but when parler shut down a number of right wing conspiracy theorists decided to use Signal instead. I have been morbidly curious to see which of my relatives and old acquaintances are in this group.
Sure, it's important to accurately describe the way in which they're being disgusting, and there is a slight distinction between notifying people who already have your number and notifying your contacts, but the fact remains that an app which is supposed to be about "privacy" insists on forcing its brand new users to involuntarily become the sorts of assholes who burst into rooms and announce "behold my presence! I am here!" to people they haven't talked to in two decades because someone decided it would be better for growth metrics.
As far as I know, yes, it pops up a notification unless you go into settings to disable it (and only the recipient can disable it; I can't disable this as a new user who signs up for Signal).
"Growth hacking" has become VC speak for "I'm going to behave in a way that's super dumb and so ridiculous I have trouble believing it but it's ok because it's good for the KPIs." If Signal is going to put "behave with basic human decency" behind growth in their priorities list, why should I believe anything else they say?
Wow, yeah looks like they default to popping up a notification when someone on your contacts list becomes a new Signal user. I found a setting to disable that at the bottom of the notifications settings page in the app. (And, as you say, the new user cannot opt out of firing the notifications on everyone's phone, only the receiver can opt out of getting notifications of other new users.)
I shouldn't be surprised, notifications are a common (ugly) way to keep eyeballs on your app nowadays. Oh well.
I have some acquaintances who are not particularly computer people. I think they were WhatsApp users until early this year when the whole WhatsApp fuckage happened. I have Signal on my phone still although I've not used it for a year or so. And I got notifications when they installed Signal. I know this because I got quite a lot of alerts, and it prompted me to turn off notifications at the phone level for Signal.
If you are feeling compelled to do UAT on a published app to verify it does what it says it does, time for a new app.