… and I can’t even continue the chat from my phone.
Such is the state of Electron.
I’m slowly stopping to care about web apps, however the amount of shit Electron causes is through the roof. Discord, Element, Signal, even Steam is full of it, so you just end up having 8 different “programs” running with every single one using at least around 400MB of RAM.
Can’t wait to see something using Rust and Tauri. Graphite wink wink
Steam is close but actually not electron, they use CEF - Chromium Embedded Framework which is something Electron uses too under the hood (afair)
I use a whole bunch of Linux distros at work (CentOS, alpine, ubuntu, debian, opensuse) and a bunch on my devices at home (mint, fedora, nobara, and manjaro), and so far the only distro I’ve seen ship decoupled shared electron libs like you described is Manjaro (and presumably Arch).
I wouldn’t mind so much if they all just used the same bundle of stuff, and you could install that once, and then the apps were all like 2MB each.
But no, big fucking bundle of shit, every single time.
Eh, that’s not the joy you think it is.
That’s how software used to be distributed and that’s where the terms DLL / Dependency Hell come from and why programs used to not uninstall cleanly and break other programs, etc.
It’s more efficient, but it’s also brittler and a lot more complex to manage. Conversely, bundling everything together with all its dependencies is a lot easier to manage, and a lot more robust overall, but comes at the expense of storage capacity and network bandwidth.
Of the apps you mentioned, I can use Discord and Element in my browser. WhatsApp even installs as a PWA. And Steam games can be launched through Lutris afaik?
There is no such option with Signal though.
With Discord in browser, you lose Krisp, RPC ipc socket support (aRPC might work, no clue), and from what I remember screensharing only worked with browser tab capture.
Element will eat your RAM no matter where it’s running. You could add it as a Nextcloud app to triple your RAM usage! Woo
And you can’t run Steam games without the Steam client running. That’s how their DRM works. (Unless you use the goldberg steam emulator, which is a whole another thing to talk about)
Using an E2E chat app in your browser necessarily makes the keys and decrypted messages available to your browser. They would have the ability to read messages, impersonate users, alter messages, etc. It would defeat the purpose of a secure messaging platform.
I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?
410mb for chat app seems very unoptimized
It’s because it’s an electron app. So in addition to the chat app itself, it also includes a full Chromium runtime. Worse still, the Electron architecture doesn’t really lend itself towards reusing electron itself; this means you might have several copies of the same version of electron on your machine for various apps.
People complain about the sizes of things like flatpaks and snaps, but tbh the whole architecture of applications is like this these days. Ironically, flatpaks and snaps could help with this because their formats can work decently with filesystem level deduplication.
The inability to continue chat from phone is a feature.
New messages will show on all your devices, but yes, it is intentional that old messages are not available to new devices.
This is because they don’t retain your (encrypted) messages on their servers right? Is this for storage reasons, or more just security philosophy of not being able to access past chats when you login from elsewhere?
This is not entirely correct. Messages are stored on their servers temporarily (last I saw, for up to 30 days), so that even if your device is offline for a while, you still get all your messages.
In theory, you could have messages waiting in your queue for device A, when you add device B, but device B will still not get the messages, even though the encrypted message is still on their servers.
This is because messages are encrypted per device, rather than per user. So if you have a friend who uses a phone and computer, and you also use a phone and computer, the client sending the message encrypts it three times, and sends each encrypted copy to the server. Each client then pulls its copy, and decrypts it. If a device does not exist when the message is encrypted and sent, it is never encrypted for that device, so that new device cannot pull the message down and decrypt it.
For more details: https://signal.org/docs/specifications/sesame/
But if I reply on the phone will it populate the desktop chat and vice versa?
Yes, as long as you set up the desktop client before sending the message.
Messages sent with Signal are encrypted per device, not per user, so if your desktop client doesn’t exist when the message is sent, it is never encrypted and sent for that device.
When you set up a new client, you will only see new messages.
See https://signal.org/docs/specifications/sesame/ for details.
The chat continues on all linked devices from the point in time that they are linked.
Imagine two people having a face-to-face conversation, then a third person walks up and joins in. The third person doesn’t know what was said before they joined the conversation, but all three continue the conversation from that point on.
Linked devices are like the above example, if two of those people were married and tell each other every conversation they’ve had since their wedding.
Okay, but can’t it be an optional feature? I’d like it if a new device could download message history from an old device by having both online at the same time.
Optional how so? It’s a rotating key. Unless you have all of those keys to export into your computer, then you’ll be stuck with the current synced key.
You can still push old message history from your main device to your other devices, you can re-encrypt
What does this mean? I use my phone and computer, and they sync up in real-time without any issues.
Signal’s desktop app is as horrendously unusably bad as the project as a whole is good, tbh.
It’s no wonder people prefer stuff like Telegram. It has native apps and all. Or can be used in a browser. Meanwhile Signal is only used in a browser, but you have to download it and it fucks up font scaling and it shits the bed on font antialiasing and it can’t even get UI design consistent with the OS it’s running on and it won’t even use the OS emoji font.
Let’s not even mention how you still cannot use Signal on a tablet.
Yeah, I was going to say that I’ve used Signal on my Linux laptop and it’s janky af
Care to elaborate?
I use the app from the AUR and I don’t think I’ve had a single problem in 3 years.
telegram has an “advantage” of not having e2e encryption by default, which makes stuff like sync much easier as chats are fully stored on the server (encrypted with your user password).
and if you enable encryption (aka start a secret chat), the chat will only exist on the device you started it on and stop getting synced
And anytime you clicked on a link or image in the chat, you’ll have to click into the message field again (or press Ctrl+t) to be able to type a reply. I don’t understand how this absolutely infuriating thing hasn’t been fixed in years. Is nobody bothered by this? I want to be able to alt+tab into signal and just start typing ffs.
For the most part, I don’t care about App Size. Storage is cheap. What I miss with the Signal Desktop App is the option to save everything in an encrypted container.
Wouldn’t having full disk encryption achieve most of the benefits of that? In case of someone having access to your unlocked machine what is stopping them from launching the app and looking though it?
Yes, full disk encryption helps against intruders with device access, but not against the files being indexed by other application. My phone is encrypted, but I still use a signal client that is encrypted again.
Hm, but wouldn’t such an application be malicious by default? Having protection against attackers on your device seems of out scope for a messaging application, at that point I would consider something like Tails. Though this may be a rare case when moving to an appimage could help matters.
Am encrypted container doesn’t help if the directory is mounted and accessible or if the key is in plaintext. Also doesn’t help if the process isn’t isolated. You need a bunch of extra measures like using the OS keystore set to only allow the correct program to retrieve the key, keeping secrets only in process memory, etc.
Tldr it’s a lot of work to do it right. If you do it the simple way like throwing it all in SQLite with encryption active you still leak metadata.
