Anyone else wondering?
Signal had something good when it could simply be your default messaging app on your phone, and it’d transparently send either encrypted messages, or plain-text SMS. Now that they’ve removed SMS, they’ve just turned into a worse Whatsapp (because nobody is on it). Network effects are important in messaging apps.
Trust me I know, having my whole family try it out and then have them pull that later was a punch in the face
Was that the punch in the face, or was it all the morons intentionally misinterpreting this argument and saying “but why would u want to send nonsecure messages are you aware SMS isn’t secure it’s like so insecure to send SMS bro it’s not secure it’s like literally a security risk bro SMS isn’t secure at all and also are you aware SMS security is poor”
Not doubting that pushy idiots are going to pushy idiot, but I think you’ve strawmanned the actual reason hard enough.
Most people who want it back don’t need, want, or understand why secure messaging exists.
Here’s the simple facts:
SMS is not secure, or private.
Signal is for secure, private comms.
As mildly inconvenient as it is, Signal explained their reasoning in great detail, and I happen to agree: There should never have been an insecure option on a secure messaging app.
This always struck me as strange thinking.
Are most people really unable to understand and use different messengers with different contexts and groups?
Honestly I use a few myself. My job has Tiger Connect. I use Signal with all my family and friends. Then I use SMS for some companies automatic notifications. It’s pretty simple and easy.
Well, yes. But when all your friends are already on Facebook Messenger, good luck getting them to install Signal only to talk with you. Network effects are important; a messaging app has no use when you have nobody to message on the app. Supporting SMS was taking advantage of its network effect, and I don’t think their network was big enough to be self-sustaining for most users (it wasn’t in my case, my only contact in there is my wife).
Convincing people to leave Facebook Messenger isn’t that hard. Just let them know Zukerberg and everyone at Facebook can see everything they send.
It is easier with a whole group of friends. If none of your friends known each other, you should work on that for other reasons. Groups of friends are better in general.
Only if the signal crew collectively fell down, hit their heads and forgot about their whole mission of protecting metadata privacy. Matrix is a privacy nightmare (compared to signal). It offers optional encryption for the actual text of the messages sent, but everything else from room membership lists to reactions are unencrypted and stored forever by the server. The end to end encrypted message feature was bolted on after the rest of the thing was built, and it shows.
We’ve seen https://signal.org/bigbrother/ where signal proudly shows that they don’t have any metadata about their users to turn over. There’s a reason we don’t see anything like this for matrix.
Matrix is good at federating, but fucking horrible at keeping your information safe.
I don’t think you understand why current servers operate the way they do.
Matrix server implementations function on the idea that your data lives in the server, so of course it needs that information (who is here, who is talking to whom) - or else, as an example, if you lost your devices you wouldn’t be able to recover your info (like on Signal).
I don’t want Signal’s Peer-to-Peer solution. I own my server, so I’m okay with keeping my own metadata. I want my communications with others to be encrypted, but recoverable if I lose access to my devices.
I think what you want is a Peer to Peer encrypted solution, which Matrix is working on, but isn’t available yet.
Follow this site for info on Matrix’s progress in that space: https://arewep2pyet.com/ What you’re looking for is info on Pinecone.
TLDR: poop wants a peer-to-peer encrypted network, Matrix is not that (yet).
Matrix’s architecture today means that the servers can see who their users are talking to, and when - but not what (assuming it’s end-to-end encrypted). Just like a PGP mail service like Protonmail. Because Matrix stores conversation history on the server (unlike Signal) so you can get at it when from multiple logins, you end up with that metadata stored on the server.
We’re fixing this by working on P2P Matrix (as per the blog post - it’s one of the main initiatives that the funding is going towards). https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix explains how P2P addresses the metadata problem.
(…)
Not sure why you think I don’t understand why matrix operates the way it does and I’m especially not sure why you think you know what I want. To help clear it up: I want a secure, decentralized encrypted messaging system that doesn’t let anyone but the participants access any information about their conversations, just like everyone else. What I DONT want is people misrepresenting the current landscape, as many in this thread are doing. End to end encryption of the actual text of the messages is not at all good enough, and Signal has made enormous strides in demonstrating alternative options. I’m not a fan of the usual things people don’t like about signal (phone numbers, centralized server architecture, mixed feelings on removing SMS from Android). Matrix addresses almost all of these, and does a lot of other cool things, but does so at the cost of a lot of privacy. I want people to stop acting like matrix and signal offer the same level of privacy. I get it, decentralization is good, but can we please not misrepresent the offerings of current decentralized solutions compared to current centralized ones just because we like the architecture of one more?
I’ve operated matrix servers and I’ve looked at the database to see what it knows. It knows a lot, and if a service provider was compelled to turn that over, it could be bad. We should be honest about what the server knows so people can make rational decisions.
Beeper is just matrix with a bunch of preconfigured bridges for you. I’ve deployed a few of their bridges (as they’re open source) for my own matrix server and can confirm they work perfectly.
Haven’t had whatsapp installed on my phone for over 2 years. I even support the devs via github sponsors, I’m that happy with their bridges.
If you’re not technical but want the benefits of bridging other networks into Matrix, Beeper is a great choice.
I’m not super familiar with matrix, is it end to end encrypted likesignall?
Though the fediverse is good for a lot of things, security is not one of them. Maybe this will change in the future, but right now there are just too many chances for bad actors.
Not a fan of giving my phone number to federate to every server.
Session is like Signal but decentralised (like Tor, not like Fedi) and without the phone no requirement. That sounds better to me.
https://www.securemessagingapps.com/
Session doesn’t have perfect forward secrecy. Session also depends on the oxen Blockchain not collapsing.
Session has its uses, just be aware.
Maybe, but if I want to privately talk to randos from the internet, then using my phone number like with Signal is a no-go from the start. Threema is paid and only partially open source.
Session is fully decentralised and while you can think of crypto whatever, at least it gives people the incentive to run nodes, unlike Tor where the incentives are all over the place, or centralised messengers which are fully reliant on one entity.
Matrix is the federated alternative to Signal.
However it would be cool to see Signal implementing their encryption into Matrix and turning Signal into a Matrix provider, becoming a federated messanger.
I believe Matrix already supports olm which is the same encryption technique used by Signal. The main issue with Signal becoming federated is that in order to make the federation work, a lot of metadata will leak and that could be a cause for concern when using Signal as a private messenger for important things like whistleblowing, etc.
