this post was submitted on 16 Jun 2023
121 points (100.0% liked)

Free and Open Source Software

17960 readers
37 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] alexland@beehaw.org 33 points 1 year ago (6 children)

I'm cautiously optimistic that this isn't a warning sign. I can imagine wanting to do something new after spending so long working on one project, but if he left because things were straying from his vision of Signal that could be a bad sign.

[–] seneca@kbin.social 12 points 1 year ago (2 children)

As I recall he was the one behind the decision (for the built in wallet) to go with a privacy coin he had a stake in and not the very obvious choice of monero. As far as I'm concerned he's tainted goods.

[–] alexland@beehaw.org 9 points 1 year ago (1 children)

To be honest, while crypto is probably the closest we have to an actually private payment option (Monero etc), I'm generally not a fan of it for this usage because unlike the rest of the app, it has a much steeper learning curve AND is a common target for scams, which makes it much less approachable for the average user. I love Signal because my mom can use it and I can trust that she's protected, but I would not recommend she tries using the payment option within it regardless of what coin they use because the rigamaroll of going to some exchange to buy it is already a dicey proposition.

[–] catacomb@beehaw.org 2 points 1 year ago

I never thought of that, that's a really good point. I disliked anyway it because it was for one random currency where it's easy to just send a wallet address over Signal for whichever cryptocurrency you like.

[–] Trebach@kbin.social 6 points 1 year ago* (last edited 1 year ago) (1 children)

He was also unwilling to allow other apps to interact with Signal servers, even if they supported a platform that he wasn't going to support. Good riddance to him.

[–] alexland@beehaw.org 9 points 1 year ago

I understand and value the idea of self-hosting or federation to decentralize services, but Signal is currently my most used chat app for the sole reason that I can tell a friend to go download it and it just works. Supporting self-hosted servers or federation doesn't necessarily mean that the UX has to be bad, but for small organizations I think the radical focus on a specific experience is the best way to make a good product, and if this is the sacrifice that was made so that we could have a simple, reliable, private messenger then I'm happy with that tradeoff.

As an example, chat protocols/implementations like Matrix have a lot of potential, but the foundational decisions around decentralization mean that it takes way more work to make it seamless to use. You can't download a client and start chatting immediately, you need to think about what server to connect to, and that's already enough of a barrier to make it a no-go for a lot of the folks I regularly chat with who just don't care enough about privacy/FOSS to put in the effort.

[–] verysoft@kbin.social 10 points 1 year ago (2 children)

Signal do have a habit of removing features people like and completely ignoring user feedback. It's still the best messaging app, but that could change quickly if they are not careful.

[–] Shareni@programming.dev 5 points 1 year ago

It's still the best messaging app

Not really, it's filled with random bugs. For example the call functionality is constantly breaking. You can watch the chat log, the other person calls you, waits untill the call times out, and then you get a message that you missed a call and nothing before that. Sometimes it doesn't even send that message, or the notification doesn't show up until you open the app.

I've never even heard of bugs that bad in other apps. Hell, even element works more consistently, and it's the current mascot of "it might become good in a few years".

[–] SkepticElliptic@beehaw.org 2 points 1 year ago

It's because it's main feature is privacy. It's constantly being looked at by threat actors. All of the major nation states are constantly trying to compromise it. That's why features keep getting removed.

[–] Ferk@kbin.social 7 points 1 year ago* (last edited 1 year ago)

Things straying from his vision could also be a good sign. Change doesn't necessarily equates to bad.

It's not like his vision was without flaws. He's had disagreements with the people from Matrix, for example.

[–] werni@kbin.social 3 points 1 year ago (1 children)

Any indication for this? Genuinely curious!

[–] alexland@beehaw.org 6 points 1 year ago

No specific indication, but as the organization matures and brings on new folks it's always a little uneasy to see the old guard leave. Only time will tell!

[–] communist@beehaw.org 2 points 1 year ago (2 children)

Meh, signal seems like a worse version of matrix to me, is there any reason to prefer it?

[–] Viktorian@beehaw.org 2 points 1 year ago (1 children)

It is just closer to WhatsApp. What Matrix does, especially with regards to enabling true multi-device support, is quite complex overall and sometimes causes issues with keys for decrypting messages not arriving on all devices. Signal is more limited but it just works a lot better. Small but important extra: Signal supports fully encrypted voice and video chats.

Full disclosure: I personally also prefer Matrix because I use it with multiple devices. I don't want to install desktop apps for these services and Element runs in the browser while Signal does not.

[–] communist@beehaw.org 4 points 1 year ago (1 children)

Ah, so, what it really seems to come down to is that since it's centralized, it's easier to make it work for everyone, no?

[–] Viktorian@beehaw.org 1 points 1 year ago (1 children)

Being centralized isn't the only reason, but basically yes. The concept behind the protocol is simpler because your decryption keys only ever live on one device. You don't really have the entire trust (and key sharing) model for devices that Matrix has. Signal's desktop app works very similarly to WhatsApp where your single main device needs to be connected at least intermittently for "guest" sessions to be able to send and receive messages. I haven't used Signal desktop though, that was just the impression I got from it. Would make sense though because WhatsApp is allegedly borrowing from Signal's protocol quite a bit.

[–] WeirdOrange@aussie.zone 1 points 1 year ago

You don't need your main device connected to send/receive on the Signal desktop app.

[–] MarionWheeler@beehaw.org 2 points 1 year ago

Well for one thing matrix clients on mobile are...not the best. Element X is looking promising, but it's currently still in beta. Element misorders messages and crashes often, and most other clients are not as feature complete. Whereas in my experience Signal tends to just work. Plus for the average person it makes for a dead simple drop in replacement to WhatsApp or iMessage. Yes, the phone number requirement has led to issues with governments just blocking the sign up SMSes, but that is a tradeoff they make for convenience.

Matrix also leaks more metadata in comparison to Signal (this is just how decentralization works). Not to mention that the recent vulnerabilities seem to suggest (in my opinion at least) that matrix cryptography is not as battle tested as the Signal protocol.

Besides the observed implementation and specification errors, these vulnerabilities highlight a lack of a unified and formal approach to security guarantees in Matrix. Rather, the specification and its implementations seem to have grown “organically” with new sub-protocols adding new functionalities and thus inadvertently subverting the security guarantees of the core protocol. This suggests that, besides fixing the specific vulnerabilities reported here, the Matrix/Megolm specification will need to receive a formal security analysis to establish confidence in the design.

Real world example: The university I study at promoted matrix as a way for students to chat at the start of the semester, and pushed them to use Element. Practically no one uses it, but I've met a few people who do chat with Signal.

[–] iorale@lemmy.fmhy.ml 1 points 1 year ago

I remember some news about he getting too buddy-buddy with Facebook, it wouldn't surprise me at all.

[–] syl@programming.dev 17 points 1 year ago (7 children)

I am eagerly waiting for usernames and for something to happen that makes people go to signal. The few people I had there ditched it when it lost sms support.

[–] Aawr@lemmy.ca 12 points 1 year ago

I loved it up until it ditched sms support. The people I could get to use it great, but I was still able to use one platform to message all my contacts and that was key to me.

[–] Habnab@kbin.social 7 points 1 year ago (1 children)

Signal and Telegram using phone numbers instead of usernames is the silliest shit

[–] lucasban@kbin.social 7 points 1 year ago

You can sign up for telegram with a throwaway phone number, and you can add people with only usernames without ever sharing or exchanging phone numbers.

[–] iByteABit@kbin.social 7 points 1 year ago (1 children)

I've convinced almost my entire friend group to switch over to Signal

It took a long time and some big fuckups by Messenger, but we even got a group chat going on Signal after all

[–] HeartyBeast@kbin.social 3 points 1 year ago (1 children)

That's really impressive. I live in the land of wall-to-wall WhatsApp

[–] alexland@beehaw.org 2 points 1 year ago

I've noticed for my North American friends it's easy to convince them to move to Signal (from SMS or Messenger), but my European friends are all pretty entrenched in WhatsApp. On one hand WhatsApp is certainly more secure, but on the other we can't really trust a closed source implementation (and they'll still collect metadata which makes me uncomfortable).

I'm just glad I don't have to use SMS anymore honestly

[–] ira@beehaw.org 3 points 1 year ago

Most of my family luckily is still finding signal okay. Dropping sms was confusing to some, but i also get the argument for it, as some other struggled with selection of what kind of a message to send. Either way, hard to find an acceptable alternative to move them to

[–] ddnomad@infosec.pub 2 points 1 year ago

But you get stories now! Yaaaay 🌚

load more comments (2 replies)
[–] TechnologyClassroom@partizle.com 10 points 1 year ago (1 children)

There are alternatives that provide more privacy. FSF India made an excellent visual chart comparing messaging applications. Signal stopped publishing their back end so they moved from the third bucket to the second bucket. The fourth and fifth categories are good.

[–] catacomb@beehaw.org 4 points 1 year ago

I love Briar for the Bluetooth chat functionality, I use it to chat with friends when we haven't paid for allocated seats on flights.

[–] projectmoon@lemm.ee 9 points 1 year ago (1 children)

I thought Moxie had already departed Signal some time ago. Or at least distanced himself? But apparently I must be wrong.

[–] ojmcelderry@lemmy.one 10 points 1 year ago* (last edited 1 year ago)

You weren't wrong. He stepped down as CEO, but remained on the board. Whereas now I guess he's leaving the board.

[–] eskuero@lemmy.fromshado.ws 9 points 1 year ago (2 children)

Honestly when I used Signal it felt like a middle compromise between not using Whatsapp without ditching a lot of people. Nowadays I don't have the patience for that. I just keep minimal usage of Whatsapp for some family and friends and moved to my own Matrix instance. You even have bridges so convenience is great.

Also I remember Moxie being totally against the redistribution of Signal outside their own channels (no Fdroid) and refusing some improvements for battery life where your phone didn't have GSF for notifications.

[–] arcticpiecitylights@beehaw.org 6 points 1 year ago (3 children)

Do you mind if I ask how you set up your own matrix instance? What software did you use? Are you hosted in the cloud or a home lab type setup? Sorry for so many questions but I've been wanting to do this for a while now

[–] eskuero@lemmy.fromshado.ws 6 points 1 year ago

I run on a rented VPS but I guess you could do it in a home lab just for your family too or whatever.

Personally I think is better to redirect you to the Synapse docs, they are pretty well written and if you have any sysadmin experience it should be pretty easy to setup, they are even packaged by many Linux distributions:

https://matrix-org.github.io/synapse/latest/setup/installation.html

[–] worfamerryman@beehaw.org 2 points 1 year ago

I followed an old and possibly outdated video guide.

I don’t very limited Holman stuff, but I was able to buy my first domain, vps, and host this all for the first time in about a solid day of work.

I’m guessing if I had to redo it I could possibly do it a bit faster.

Sorry in advance I don’t have a link to the video, but it was done by the guy who is the main guy behind it or the main guy behind element.

[–] russjr08@outpost.zeuslink.net 2 points 1 year ago

I would also recommend the Matrix-Docker-Ansible-Deploy playbook for setting up a Matrix server. It supports Synapse (the "mainline" server implementation), Conduit, and Dendrite as the actual homeserver backend.

It does take a while to go through the sheer number of options they have available, but it makes it incredibly easy to spin up a Matrix server, as well as update one. I haven't setup any bridges with it, but its nice to know that it also supports a great deal of them, and can just be toggled on through the playbook settings.

The documentation is also fantastic, and there's a massive community in case you run into any trouble with it.

[–] chris@l.roofo.cc 3 points 1 year ago (1 children)

Have you considered using a relay for whatsapp? I like that I have all my accounts in one app now.

load more comments (1 replies)
[–] xyguy@startrek.website 9 points 1 year ago (2 children)

I was devastated when Android Signal removed SMS support. Since then I'm down to just 3 people that I still use signal with.

Its been a shame to see the direction its gone since the huge influx after the last WhatsApp controversy.

[–] dlarge6510@lemm.ee 2 points 1 year ago (1 children)

I have in 10 years of being on Signal never managed to get a single person to be upgraded from SMS to a proper Signal contact.

Plenty of WhatsApp contacts.

I was using Signal to replace the default SMS app on my phone specifically because it was Free Software and I trusted it more as the SMS app. It had nothing to do with privacy, you don't get that on SMS, but to do with trusting the code.

Alas I'm now using the built in app and have uninstalled Signal.

[–] xyguy@startrek.website 3 points 1 year ago

I was only able to get my Android friends to convert. Now they aren't using it either. Truly a shame.

[–] Dusty@lemmy.dustybeer.com 1 points 1 year ago (1 children)

after the last WhatsApp controversy

What happened with WhatsApp?

[–] xyguy@startrek.website 5 points 1 year ago

Basically a privacy policy change that wove them tighter into facebooks's ecosystem and made it clear that Facebook would in no uncertain terms be collecting WhatsApp user data.

https://www.dw.com/en/whatsapp-controversy-highlights-growing-fears-about-data-privacy/a-56266093

[–] mim@lemmy.sdf.org 8 points 1 year ago (1 children)

Damn, that's big. Was there internal conflict, or amicable? What does it mean for signal?

Also, does anyone know what Moxie might get involved with? He's quite the interesting character (go watch his sailing documentary if you haven't already).

[–] LollerCorleone@kbin.social 2 points 1 year ago

It looks amicable. He just wants to move on to new projects it looks like.

[–] CrimsonOnoscopy@beehaw.org 6 points 1 year ago

That app became pointlessfore me when it was by internet instead of SMS

[–] ozoned@beehaw.org 5 points 1 year ago (1 children)

I used to be on Signal, then they made a firm stances of no alternate clients, that I could accept. Then they were going in on crypto. I'd just stay away from it. Then they inserted a proprietary shim into their stack that they wouldn't allow to be audited, because it was SUPPOSEDLY to fight spammers. That was my last straw. Moved the family to Matrix and haven't looked back. Element is quite good imo. Especially for my family who aren't technically savy.

[–] Snowcap7567@beehaw.org 1 points 1 year ago (1 children)

Do you have more info on the proprietary shim? I've never heard of it

[–] Lionir@beehaw.org 1 points 1 year ago

Huh.. wonder if that'll mean change for Signal and wonder what Moxie will be up to now

load more comments
view more: next ›