Hacker News new | past | comments | ask | show | jobs | submit login
Signal and Giphy (whispersystems.org)
225 points by Spakman on Nov 2, 2016 | hide | past | favorite | 114 comments



This is a clever way to do this, but it still seems like someone caring about their privacy should just do without gifs.

Edit: I should rephrase - I mean someone with a larger-than-usual need for privacy, someone paranoid for a reason. This is great for the typical privacy concious user. But if I was sending documents to WikiLeaks, I would not sum them up with a cute GIF.


Except that history has shown us that theoretically secure but feature deficient systems lose out to less ideologically pure systems that provide what users want, leaving the sum total amount of security provided to be less.


History shows us that you can't compete by being a lesser version of something else. There's nothing wrong with trying to make the application more attractive, but at the same time trying to shoehorn in features rather than doing things where you have an advantage is less likely to be meaningful.


Surely missing features would make it the "lesser version of something else."


A feature like this doesn't really matter in the context of competing with mainstream messaging services because their value is to a large extent in things like brand and network effect. The notion that you're just one feature away from mainstream adaptation is often a misconception. In reality there's limited potential in living in the shadow of something else.


I absolutely agree. Instagram/Facebook/Soundcloud have lost my interest as they've added extra features which just clutter the UI and distract from the purpose you were using the site in the first place.

If your original product isn't working. Maybe try being a different company.


It would be more interesting if people could reply why they disagree. I'm not the first one to come to this conclusion, hemlis is a public example. You simply can't compete with large companies several years after the fact without differentiating.


EDIT: Deleted the comment because the of attacks in responses, which I can’t respond to due to "Submitting too fast".

@dang: If you want users to be able to actually discuss things, allow them to respond to comments attacking them. This is a retarded system.


Basically everything in your comment is wrong.

> The prebuilt Signal APK might in fact be completely malicious, you can’t verify anything.

https://whispersystems.org/blog/reproducible-android/

This is already more then for all other options.

> And as Signal only tries to copy the features WhatsApp and co already have

Thats simply not true. WhatsApp does not support gifs, for example. Signal also has some features that others don't.

> they’ll get exactly the same security with WhatsApp, Telegram or Threema, and exactly the same features.

Telegram is less secure by miles. Threema is less secure by yards. WhatApp is less secure by inches.

> "You can create your own federated server"

Signal has never claimed that you can "federate" the server. They only mentioned that this is a feature that they might work on in the future. Since they have publicly said that they are not gone do so.


> Telegram is less secure by miles. Threema is less secure by yards. WhatApp is less secure by inches.

Depends. For me closed-source is a no-go for security, that's why IMHO

Signal (open client and server) > Telegram (open client) > Threema (open NaCl lib) > WhatsApp


> you can’t compile your own client from source

According to the docs in the git repo, you can do a `./gradlew build` and there you have it.

> you can’t verify anything

They have docs on reproducible builds[0].

Anyway, I'd say Signal does have more security than WhatsApp because I trust OWS more than I trust WhatsApp/Facebook.

[0] https://github.com/WhisperSystems/Signal-Android/wiki/Reprod...


You keep repeating untrue claims in every thread about Signal, despite having been proven wrong before. At this point, I'll just have to assume that you're not interested in having a factual discussion. See, for example, https://news.ycombinator.com/item?id=12689390 and its descendant posts.


At what point has Signal ever indicated that they were targeting users that were trying to send documents to wikileaks (or require similar levels of privacy/security). They have consistently said they are trying to build a messaging app that normal people want to use over stopping targeted attacks. eg [0]

[0]: https://news.ycombinator.com/item?id=10665520


Well, than I guess I got the wrong idea about them. I thought WhatsApp was supposed to be "for the common people", and Signal was more targeted towards the paranoid.


Signal is suitable to the paranoid, while targeting "normal" people. Snowden uses it, so that's a good indicator for the paranoid.

Similar: If my mom uses it as well, that doesn't mean she's paranoid. (And I'm not saying that you said this.) And interestingly, knowing some paranoid people (by disease not profession), they usually don't care about this.


And what I was originally trying to say, is that people like Snowden, or more precisely, people requiring Snowden-like security, should probably not use this feature despite the very impressive way they made it more secure.


Why should those of us who care about privacy be required to limit the media we use to express ourselves? By including this functionality Open Whisper Systems is giving the privacy conscious a way (albeit experimental) to have our cake and eat it too.


I also think it's fine as long as they clearly communicate to the user that their search queries will be transmitted to a server not controlled by OWS.


Someone else made that media. They're the one expressing something. You, the consumer of that media, are just a distributor of their work.


You seem to think that those options are exclusive when in fact gif memes are a blatant example of how they aren't.

The original creator of (say) a video expresses something, a remixer expresses something when they cut it into a gif, and you're expressing something when you send someone the gif in a conversation. The thing that's expressed is almost necessarily different, and each step involves creative choices.


When Ben Franklin said "those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety", he was making the point that, in his eyes, it would be foolish for the government of Pennsylvania, seeking help from the Penn family, to give up their freedom to levy taxes on the Penn family. When someone uses the same quote today, are they making the same point?

Martin Luther King was a full-throated advocate of affirmative action, which is to say applying penalties to white people for being white. When someone today talks about "a nation where [people] will not be judged by the color of their skin, but by the content of their character", are they supporting the same idea?


https://twitter.com/isislovecruft/status/793796012506750977

"Lol dude, I don't know what kind of whistleblowers, dissidents, spies, and revolutionaries you're messaging but mine send all the best gifs."


So, I am an "HN bro" now... Because I don't think this feature can possibly be up to the highest standards of security, despite being very cool and clever? I guess there are worse things to be called.


Someone who wants gifs shouldn't have to compromise their privacy.


If your aim is to get more people to care about privacy, or to enable those who care about privacy to convince their friends to use a more private app, these things help.


<facepalm.gif>


This is Signal jumping the shark. Why is searching gifs their responsibility? Non-essential features should be skipped there is a single shred of security concern, which we can see there is.


Good

They know that for a bigger adoption they need those usability improvements, at the same time, they make sure additional features don't compromise the security expected from their app


I've been really impressed with Open Whisper's focus on usability and functionality. So many privacy products take the stance of "if you care about privacy, you won't want to do this", and it seriously harms uptake.


Meanwhile, people are accidentally leaking their phone numbers and their contacts' phone numbers because Signal replaced fingerprints that could safely be posted publicly with QR codes that can't, and didn't explain it: https://twitter.com/webster/status/793657469381713920


Shit, really? I hadn't published any QR codes, but I sure didn't realize that was part of the new system.

That's a pretty bad round of dropping the ball... Normally I respect that OWS explains security stuff in detail if you care, but also has a product that "just works" if you use defaults without much knowledge. This is pretty much the exact opposite of that, where they released a dangerous default with minimal explanation even for people who do read their stuff.


Is there a federated and/or self-hosted alternative to Signal with similar privacy and security properties? Even if it supports fewer platforms?

I've been getting more and more interested in running my own (and perhaps my friends') infrastructure, but I haven't found anything better than IRC for chat.


I run a Synapse server (http://matrix.org/) which is federated and works very well. There are many clients but the nicest at the moment is Riot. Full encryption is now available in the Riot webclient and it's coming to the app soon.


I'm just a Matrix (and Signal) user, I haven't yet had a look into its encryption implementation yet, but for those who are interested, I think these are the docs:

http://matrix.org/speculator/spec/drafts%2Fe2e/client_server...


There's also https://matrix.org/docs/guides/e2e_implementation.html for those interested in the guts of Matrix's E2E and https://matrix.org/docs/spec/olm.html and https://matrix.org/docs/spec/megolm.html itself. We're currently reviewing the PRs for E2E on the iOS & Android SDKs, and after they land apps like Riot will have (beta) E2E across all of Web/iOS/Android :)


Came in to suggest Matrix and its client http://riot.im. Otherwise XMPP with http://conversations.im is also a great option.


> "but I haven't found anything better than IRC for chat"

If IRC was your best bet so far, you might want to have a look at good ol' XMPP aka Jabber. If you're into Android, with Conversations [0] there's a suitable client which supports end-to-end encryption. For other OS there are many other choices with different encryption options. While OTR (Off-The-Record Messaging) might be the most popular one, it unfortunately makes multi-device-support kind of a bumpy experience.

[0] https://conversations.im/


Conversations is one of the highest-quality apps I've ever used. Buy it!

It's XMPP with everything you'd expect. Inline image, videos, presence, everything.

(if you cannot buy it, you can get it for free from FDroid but really, buy it!)


Run an IRC server on 127.0.0.1 on a dedicated server you control and allow access over SSH only. Connect to IRC through a command line client in a tmux session or similar.


What about XMPP / Jabber?


"For instance, if someone messages you with an invitation, you might want to write back with a message that says "I'm excited." With integrated GIF search, you could instead do a GIF search for "I'm excited" and send one of the results instead."

What? Why? Is it some kind of attempt to become a new "cool" app? Sounds totally useless function to me, but if it helps to get more users, well, maybe that's a good thing.


Why? Because lots of people like sending gifs and prefer to use messaging apps that support them. If it's totally useless to you then fine: don't use it.


It clutters the UI with unecessary stuff. Wire also provides such a misfeature. I would rather disable it, but cannot.


You have to specifically click a button to use it. That's a good compromise between jumping through hoops to enable it if opt-in.


In Signal is hidden under the post button, you can easily ignore it. In Wire it's on a toolbar and clutters the UI.


I think it would be acceptable if these types of things were on by default, and have the option to disable it or opt-out.


Yeah perhaps, but that would complicate the app development quite a bit. I'd rather see company invest developer time in other ways - maybe bringing desktop client support.


It would be interesting for services to publish a public encryption key, so the signal client could encrypt the payload with that.

However, that has very limited usefulness, so I don't see it happening soon.


That's more or less what TLS+pinning does. Also DNSSEC+DANE+TLS if you want to argue about that.


Yes, but it's done at a lower level, which enables a host of attacks, like the announcement says. What I'm talking about would just encrypt the payload, so none of the metadata would be encrypted (and thus preserved).

Although I guess you'd also need to specify a "reply" public key in the encrypted data, so this is becomes more of a protocol.


Can I, as a receiver, turn off this feature? Ex : get text messages instead of gifs.


I don't have an iPhone, but with the Android client at least, you can disable image auto downloading in the settings page. If you hate fun and are dead inside.


We do not always search for exact phrase so the text might not convey the emotion..


Unless the API can somehow place proper phrase instead of image. If text would be matching all images, this should work fine.


> The GIPHY service could use subtleties like TLS session resume or cache hits to try to correlate multiple requests as having come from the same client, even if they don't know the origin.

How would a cache hit mean same user tried to search? TLS session resume, I can understand but cache hit only means same resource was accessed not same user tried to access.


You cache a unique ID and then see if you get a hit.


Which unique id? I thought the point of sending it via Signal was to not include any user id or any other id.


I don't know which attack the Signal guys had in mind, but usually how this works is that the server serves a file with a unique ID to a person, sees that it gets requested, then serves the same thing again in a subsequent request to a suspect, sees that it's not requested, and treats that as evidence that the two accounts are actually the same person.

It's obviously easier when you can correlate this with a single account, but that's the gist of the attack.


Ah!

But this will correlate one file to that person and will not be able to correlate multiple file requests that they all belong to the exact same person.


Presumably the clients cache GIFs, maybe even search results, instead of re-fetching them every single time.


Great! Now that these easy, low-hanging-fruit features are taken care of, maybe we'll get some of the more involved security oriented ones, like, IDK, having an indication if I verified a contact or not so I can, you know, know whether I should verify or not when the opportunity presents itself.


Now if only my friends would use the service!


Reading this title I thought it was a word play on “Signal and Noise” and it’d be a post about how /giphy adds noise to Slack conversations.


It makes me sad so see that they waste time on decoration like gif search but they don't have a client I can use on my PC for example.


I honestly don't know if this comment is serious. My girlfriend won't use Signal because it doesn't let her send stickers.

This is only a first step in the right direction.


People underestimate a lot the power of "useless" features, if well designed, to attract new users.

Telegram's Stickers are probably one of the features that most people feel other messengers lack to make people enjoy using it. Lots of friends are actually communicating daily through GIF's.


The desktop client without having to have my phone around is useful too.


There is a desktop client. Even if you don't use chrome/chromium, keeping it open somewhere is not impossible task.


And when she has them, it'll be something different ridiculous. Seriously, this is what whatsapp is for. I don't see why we have to dump down EVERYTHING for those people.

From my own experience the biggest reason is that "my friends are elsewhere". I force my gf to use signal, her mother started to use it too because of that and because she wants to have PC problems solved by me. Same goes for other people that want to interact with me through an communication app like Signal. Other just have to call or write an SMS. Those functions are still there.


You call it 'dumb down', I call "useful way of communication". Gifs are a form of communication. You might not use it, but most people do.

Signal will not get traction because people want to have their PC problems fixed by Nerd friends. My IT club group chat are all nerds, yet we still do not use Signal, because things like gifs were missing.

The Strategy of Signal is to make a mass market chat client that is save. Not a nerd utopia chat client.

> EVERYTHING

Everything? Really?

I don't remember my mother asking for reproducible APK compilation. I don't remember her asking about the the forward security properties of the communication protocol.


> Gifs are a form of communication. You might not use it, but most people do.

Just like most people use whatsapp and I don't want to stop them at all. BUT there is a demand for a secure communication application that does just this. Secure communication.

I don't say they should never put in funny gifs or whatever is fancy or trendy aka "necessary" today when they are done with it and when it does not risk the main claim of the product at all.

But seeing that the priorities switch to really unnecessary stuff when there are so many important things that could be done with that, is sad and bringing in a bunch of trendy kids ideas in there won't help at all. You may be happy with your gifs then but if this is the case, and those are the features you consider important, you many be more of a problem for this product and the claim then a gain. And honestly, Signal survived without it, it wouldn't die not having it.

> My IT club group chat are all nerds, yet we still do not use Signal, because things like gifs were missing.

So what do you say? Would your "IT club" fall apart without it? Would you switch to unsecure messaging without it? If yes: Signal should not care about you at all because the marked is already covered with alternatives better suited for you. If no: why are you arguing with me?

Edit: my god...I misread that in your favour. You really don't use Signal because there is no gif search in it....this is...I don't even..

> The Strategy of Signal is to make a mass market chat client that is save. Not a nerd utopia chat client.

If their priorities are gif search and not an account without a number, secure contact sharing or all those other requests that have been out there, they will end up being not more then what WhatsApp is atm. If you think this is a viable marketing method, you should join a economics club instead.

> I don't remember my mother asking for reproducible APK compilation.

I was talking about the app in general. We have enough apps out there with fancy trending useless crap you miss so much. It even uses the same encryption. We don't need more of the same.


Encryption is only really useful when everybody participates. Otherwise you just have to arrest the people using it. So dumbing it down is actually pretty important.


If we reach a level where people get arrested for using an app, it doesn't really matter how many there are. See Turkey.


Or basic message reliability? There's no reason I should be getting "Bad encrypted message" so often. Or tons of repeats. And out of order messages. And random deliverability problems.

And it seems like it has a way of picking just the right time to fuck up. Right when there's a big question or when I need to say something important, bam, Signal will start being erratic. Plus the repeat messages has on at least one occasion ended up providing a totally different meaning.

I'd say with one particular contact, we exchange screenshots of Signal over MMS once a day to avoid misunderstandings.



I've given up on Signal (for now at least). Yes the encryption and privacy is great but without a decent desktop client it's hard to get others in my network to switch to it.

Two things bothered me about the desktop application - it runs as a Chrome application rather than in a tab (not sure if there is a technical reason for this?). If I care enough out privacy to run Signal then I probably don't want to broadcast to anyone watching my screen that I'm running it (like a boss walking past etc) and would rather bury it amongst my other open tabs. I also couldn't find any obvious way to sign out of or lock the desktop client - if this isn't just user error then it seems like a significant oversight for a secure messaging app to not allow the user to control access if someone else was able to access the computer.

It also really bothered me that signal doesn't give me better control over what contacts can see my phone number. When I signed in I could see phone numbers for a contractor I had used for remodelling my home. The desktop client had them listed as someone to message on the default page. It's not a huge deal in this situation but if the phone number was for someone I no longer wanted to be in touch with (a former partner etc) then there was no obvious way in either the Android app or desktop client to block them. I assume that the other user can also see my details - security should include having control over who can see your phone number.

Edit: Screenshots from the desktop app as a response to comment below:

http://imgur.com/5nK07ER - the default screen http://imgur.com/mmEyQWH - the settings UI

http://imgur.com/gjdyPsF - showing Signal in my dock for all to see.


There is a desktop client. It's packaged as a Chrome app. Some people downthread think a "decent" desktop app must be (more) standalone. You seem to think a "decent" desktop app should live inside a browser tab. It's hard to make everybody happy. People need to stop claiming there is no desktop app just because the very clearly existing one does not fulfill their own arbitrary set of criteria.

I don't know if you can sign out within Signal desktop (I assume you can, but I can't verify at the moment); you can sign out existing Signal sessions from within the mobile app.

The phone number is Signal's account identifier. You don't see somebody else's phone number because you've got them on Signal, you're seeing them on Signal because you've got their phone number. So you're worried about people having access to your phone number who already have access to your phone number. Signal using phone numbers as account identifiers has it's issues, this is not one of them.


I don't mean to be negative about Signal. I appreciate the work they have put into it and understand that the platform is maturing - as you said, they can't please everyone.

The chrome app vs tab is definitely a minor issue related to user preference. It's not a deal breaker for me personally but others in my network (who are less concerned about privacy) will not switch if it's not easy. Not being able to sign out is a possible deal breaker and seems like basic functionality that has security implications.

Thanks for the information about the phone numbers - I understand that they aren't a "contact" in the sense that we added each other. I do think the issue of having control over who can see my phone number is a valid one though. How would I block someone I no longer want to have contact with without changing my phone number? Again, this seems like basic functionality for a platform that is concerned about security and privacy.

Here are screenshots from the desktop app showing the only options I can see:

http://imgur.com/5nK07ER - the default screen (includes the contact that I mentioned in my first post as someone I can message right now.)

http://imgur.com/mmEyQWH - the settings UI


Okay, I checked now, and you're right, there does not seem to be a way to sign out (or, as they call it, unlink) the desktop app from within the desktop app. I agree, that's weird.

As a workaround, you can unlink using the phone app[1], and I assume (but have not checked) deleting the desktop app will also work.

[1] http://support.whispersystems.org/hc/en-us/articles/21645978...


On Android there's a button in the conversation settings to block the other party.


Thanks - I see it in there now. For anyone else looking for it, it's under options/conversation settings when you are in conversation view. Thanks again.


Because I know moxie comes here sometimes:

I can live with it being a Chrome app, but I'd really like it if I could use it to send messages to people who don't have Signal (like I can with the Android app). Signal mostly takes the path of being a drop-in replacement for my SMS app, so it seems a shame not to do the same here.


Wouldn't it then require a connection to the phone? Signal Desktop today doesn't need to connect to the phone.


Ah, I suppose that makes sense. I thought it worked via the phone.


[flagged]


It's just Javascript, you don't need Chrome to run it. eg[0]

[0]: https://timtaubert.de/blog/2016/01/build-your-own-signal-des...


Not sure if I should laugh or cry. I don't know what half of the stuff is I have to download there on a system I don't usually run.

It's nice to know that it is possible to somehow get this running without Chrome and thanks for that but, hell...this is what I'm talking about. Wasting time on decorations that are now available through one button vs. THIS or the PUP version of it.


1) We're moving from a mobile-first to mobile-only world. This prioritization shows that the signal team are fundamentally pragmatic.

2) Most people rely on cliche to communicate. It's obvious that gifs are another cheat that is being commonly integrated by most people. It's kind of silly to avoid acknowledging the reality of how younger people are commonly communicating.

3) Please don't be sad because a software team prioritized a feature you don't like. You deserve to have more control over your own emotions. Why would you let a software feature have such a drastic impact on your own happiness?


I think the key thing is not to sacrifice performance for form. Add all the stickers, GIFs, bots and other fancy features you want. But never let load time get under 200ms. Lots of people talking about how this makes it more broadly applicable but Facebook didn't just beat MySpace on simplicity of use and Farmville access, they also beat them on speed and reliability. Not mutually exclusive either. Keep up the good work.


I wish that they'd support secure contact sharing. And non-phone-number IDs.


Yes, exactly. You'd think those should be basics for a chat application that is so focused on security. You would expect that.

What you would not expect is gif search...


Telegram supports non-phone-number IDs btw.


Read this article yesterday (https://www.techinasia.com/line-dev-day), and the introduction was eye-opening. tl;dr people like that extra stuff in messaging apps.


Sure they do. But how this go together with security awareness? We are talking about a different market here and as I've posted somewhere else: sure we can have all that trendy crap in there at some point but please don't move that BEFORE the bigger issues out there. Let's not forget that we are talking about a free app here. If this app is being developed with an eye on monetizing at some point, chances are it will become insecure with that and just join the rows of chat apps out there already covering all that trending features. Which will lead to a different app covering the needs of people who use Signal today because they need secure messaging not another app with dancing puppies.


/// Wow. Woke up to not a single new comment but massive downvotes. Very mature guys.


This is what Canonical did with Amazon searches on Unity, they proxified them.


How is this the same? Canonical proxied every search term you've ever typed to Amazon. In Signal, you have to explicitly click on a button for anything to happen.


Still no desktop client?


The desktop app is available since almost 1 year (in closed beta at the beginning), and recently apparently it's also working with iOS

https://whispersystems.org/blog/signal-desktop/

It's also a real app[1], independent from the phone's: after the initial key exchange, you can send/receive messages even when your phone is off

[1] Compare with the Whatsapp webapp, which solves/sidesteps the E2E encryption among multiple devices conundrum by simply routing everything through the phone. The Signal app is also written with web technologies, so it might not be palatable for everyone, but it's a good compromise imho


Are you kidding me? Do you consider this Chrome extension as a 'real app' (sic!)?

I won't install Chrome just to host Signal extension.


Almost every modern desktop chat app is a web app, which is what a chrome app is. It's how something like franz is possible: http://meetfranz.com/


I all cases of 'modern desktop chat app' you are talking about, I can use it by opening its website with any modern browser.

Signal is the only one which requires me to install one particular browser.


If you open them in a browser when you're offline, you won't be able to load/read your messages (yes, I know about HTML5 manifests for offline data... but that's a mess), but with Signal you can.

Moreover, being able to vet/verify the updates (which you can apparently even block altogether) before running the app is of paramount importance for a secure app like Signal.

With a run-of-the-mill webapp that's also impossible.

Again: tradeoffs. I'd prefer if Signal desktop was built on something different, but I still happily use it as is everyday.


This is the main reason I've got some people on Wire instead.


Oh great, they are catching up with Wire (https://wire.com/).

Now if they would just resolve real bugs (like many people not being able to register to Signal), that would be maybe cool (but as they implemented Signal Protocol to WhatsApp and others (if we can trust code we can't see) I can't say I see any point in it).

Maybe I am wrong, but it lost that appeal it had some time in past.


Wire transmits your plaintext GIF search terms to the Wire server. Their privacy policy even allows those searches to be logged. Combined with Wire's already bad e2e encryption and metadata story, I don't see how you could consider this "catching up."


That fake video on top is interesting. If they can't even get that right what does it say about their Privacy and Security claims?


Empirically, absolutely nothing. You can't judge the security of a software based on its marketing material.


But you can determine that nobody at signal has used or even seen an android phone.


I'm not sure why you would say something like that. The original TextSecure and Redphone apps were exclusively on Android until it got bundled into a single app and released as Signal on both platforms. Android is still often ahead, and seems preferred much of the time.


What? Signal/OWS seems to develop new features on Android first, and that animation up top is an Android phone...


It's not an Android phone. Android has either on screen Navigation Bar or Physical Navigation Bar not both.


What are you on about? You can enable on-screen buttons while still having physical capacitive buttons.

http://m.imgur.com/u5hcJYQ

Many 3rd party custom ROMs have the feature, including CyanogenMod, the most widespread open-source build of AOSP.


Not on stock Samsung phones.


So they made a screencast and blended it with a video of a hand touching a phone to avoid shadows and improve image quality. Is that really your takeaway from the article?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: