So what should self sentient person do, just lie down and accept the erosions of our blood won freedoms? No thanks. I have right now all my company talking to thousands of customers explaining this mess to them and helping those who need to switch to Signal. So yeah, fuck you FB!
Signal is no better. You fell into one marketing trap with WhatsApp and have now fallen for another.
Signal is another private entity with complete control of the servers and end client binaries. The fact they happen to open source the code is kind of moot since no services are allowed to write alternative implementations, no one can run their own servers or prove what code is running on Signals servers, nor can anyone even distribute reproducibly built binaries from said source code for accountability (e.g. f-droid).
There are so many better options. I suggest Element/Matrix which can even bridge to WhatsApp and Signal as needed thanks to community contributed bridges.
I thought Signal was open source, and the distributed binaries matched the source, and that is was allowed to run your own servers. Are the servers even open source?
Are there lirerature regarding the technical/conceptional bits Element/Matrix? What is the tradeoff there?
> I thought Signal was open source, and the distributed binaries matched the source
This is sort of true. The source is published and you can build your own binary. But given that you can't distribute Signal outside of official stores and can't pin the version in those official stores (unless you turn off updates on your phone entirely), it's not actually practical to run an audited version, yet alone to make your own changes to the code.
> and that is was allowed to run your own servers. Are the servers even open source?
EDIT: apparently there is now (purported) server source available, not that that means much when there's no way to even know which code a given server is running, yet alone run a server with different code. They claim that their E2E encryption means control of their servers doesn't matter, but their protocol analyses doesn't actually think about what an attacker might be able to do at the server level, IME.
> Are there lirerature regarding the technical/conceptional bits Element/Matrix? What is the tradeoff there?
It uses either the same ratchet protocol as Signal or a very similar one. E2E for group chats is more complicated but I don't think you're giving up anything.
I largely agree with you but I don't want to see misinformation spread even when it supports my view.
The signal server source code is open source now in theory, you are just not permitted to run your own server and have it join the Signal network. We have to take their word for it that they are running the code they publish.
We also only assume the published Signal binaries match the published source code. Moxie and team have exclusive control of the signing keys and Moxie said he will fight any third parties like F-droid doing from-source signed binaries outside the Google/apple ecosystems in spite of the accountability and removed SPOF it would offer.
If you choose to use a non Google/Apple platform or a freedom-respecting architecture like RISC-V or OpenPOWER you don't get to be on the Signal network.
This eliminates me from being able to use Signal. Talked to moxie at length about this but in the end he repeatedly admits he has no problem cutting off the few to enforce his vision for the many. He also frequently implies he sees himself as the only entity worthy of running the world's communications systems.
He is a smart guy and means well, but he is naive. Benevolent dictators are always replaced by less benevolent ones eventually. There is nothing stopping what happened to WhatsApp happening to Signal. You also have to trust the pinky swear offered by the Signal Foundation that they won't dump the keys from their SGX enclaves using any of a myriad of design flaws, and that they, their ISP, datacenters, and any three letter orgs tapping them will all throw away all the TVP/IP level metadata that centrally flows to their systems.
With Matrix OTOH, if those that host a given set of binaries/servers go evil or we simply want control of our metadata for sensitive channels, we can just use one of the alternative independent clients or a fork, switch to our own server or one run in a country or by an entity we trust more. We also still will be able to reach our social graph, just like switching an email provider.
Democratic control is messy, but I will take it over a benevolent dictator any day.
As for documentation, matrix.org documents the API and design choices of Matrix extensively and they welcome people making alternative clients and bridges to other networks because they believe the only safe and sustainable network services are open ones.
Element is really slow on mobile, Signal and WA show my list of conversations in fewer than 5 seconds. Element needs ~10 seconds just to load UI, then 10 more seconds to sync list of active conversations, then I enter into a conversation and it needs between 2 seconds and 2 days to synchronize e2e keys. I can literally leave the conversation open, phone in charger for night and it still can't sync message. How do I explain to my parents that their message from 2 days ago "call me when you're free" didn't arrive because Element couldn't read it? They changed name 3 times already, changing APP ID, forcing me to reinstall it on all devices, update all my bookmarks in browser, having to sync all keys between all devices, not only on my devices, but also my family members who were using it. Their initial-setup of the app is really bad experience. Sometime I can NOT have two devices online at the same time to login and send message from new third device. It's cool on browser, I had nothing bad experience on mobile + web.
Signal is simply best because it works as SMS client AND encrypted messages client. Best UI/UX, one app to rule them all, consistent behaviour, not owned by FAAMG.
Thanks for your insights, I’ll definitely look into Element/Mattix. I didn’t know Signal was just another scheme to collect private data. But I always knew that WhatsApp == FB yet I couldn’t do much due to network effects. Decentralizing the web has never been so important as now.
Signal is not another scheme to collect private data and anyone who makes such a claim has their own agenda to push (as you can see from the other comments in this thread made by this person.) Do a bit more research, get a wide variety of opinions, and then decide which factors are most important to you.
It’s the same as WhatsApp in some extent - always promised that they wouldn’t give up your data while they gained traction and then get acquired by Facebook and get forced to.
No, it is not the same. Signal is a registered 501.3(c) non-profit with a public board and cannot just decide to sell themselves and your metadata at some future point. Signal is also making ongoing improvements to protocols and apps to limit the amount of metadata that must be collected or that can be usefully held.
I don't think they -intentionally- exist to harvest user data. They just create a situation where they can be taken over by an entity that wishes to easily at any point, or maybe they are already tapped by an entity that has dumped their SGX keys and/or is tapping their network traffic to bulk harvest the metadata they helpfully centralize.
The founder of VK had good intentions and was willing to protect his users too. The Russian government replaced him with someone more ethically flexible.
The foundsrs of WhatsApp clearly never intended it to go in the direction it did post acquisition, but it was not their call.
Gathering all users to a single choke point on a single client on a single server infra is irresponsible and unsustainable. We have been here before.
