[HN Gopher] Signal is having technical difficulties
___________________________________________________________________
Signal is having technical difficulties
Author : tonymet
Score : 554 points
Date : 2021-01-15 17:33 UTC (5 hours ago)
(HTM) web link (status.signal.org)
(TXT) w3m dump (status.signal.org)
| luxuryballs wrote:
| good for them to be open about it because it's easy for internet
| weirdness to be suspicious these days, my buddy just about shat a
| brick when a message with the newly leaked video from Fulton GA
| suddenly vanished: https://www.bitchute.com/video/lep8A5YTQ0P3/
| dmcbrayer wrote:
| I'm curious how a link to a Fulton County board of elections
| surveillance video has anything to do with Signal's
| availability issues.
| mahdyarhp wrote:
| They are not Telegram. They can't handle millions of users in a
| short period of time, although it's not on them, it's Telegram's
| magic.
| _flux wrote:
| They are (were?) hosted partially on Amazon, which should be
| able to scale quite nicely.
|
| If the system is built for it, that is.
|
| Though on 2018 there was some noise from Amazon about stopping
| their hosting due to practice called "Domain Fronting", no idea
| what came out of it. At least signal.org is hosted on Google.
| fastball wrote:
| I think it's less magic and more the lack of E2EE.
| konart wrote:
| I'm not familiar with encryption and how does either of
| services work on the backend, but shouldn't E2E happen on
| users devices? (like... end to end). And if that's the case -
| how does this impact Signal's infrastructure?
| fastball wrote:
| - You need to orchestrate key exchange between clients
| which is additional overhead (probs negligible).
|
| - Messages can't be edited so any corrections made by users
| need to be entirely new transmission over the wire (probs
| negligible)
|
| - Encrypted data can't be effectively compressed, and
| compression before encryption can lead to side-channel
| attacks. You can generally mitigate this by building your
| compression and encryption together (e.g. SSL does this),
| but not entirely sure this works for Signal with an E2EE
| arch. Either way I would _assume_ that E2EE payload sizes
| transmitted over the wire are larger than stuff sent over
| the wire with GZIP /SSL (as Telegram is probably doing).
|
| - MAIN REASON (my guess): group chats in the Signal
| protocol require sending a different encrypted message to
| each participant, rather than a single identical message to
| all participants. Honestly my algorithmic complexity chops
| aren't the best, but I think that would make Signal group
| chats O[2n] while Telegram group chats are more like O[log
| n], if they utilize clients sending the group chat to each
| other, which is a crazy level of difference in efficiency
| for what is effectively the same thing and a pretty common
| use case (group chats).
|
| Long story short, secure things that are hard to mess with
| are less efficient than things that are easier to mess
| with. This is why blockchains like Bitcoin are much more
| lethargic than a normal database - there are some necessary
| performance trade-offs required when you want high levels
| of security in your system. There are a bunch of small
| little things that probably aren't a big deal, but every
| little bit adds up when you're trying to scale a service to
| millions of active users / billions of messages.
| entropea wrote:
| Didn't Signal just have a couple hundred percent gain in users,
| on TOP of the hundred+ percent gain in users that Telegram had?
| Signal is on top of both of the primary app stores.
| [deleted]
| bjt2n3904 wrote:
| The centralized-infrastructure-Tower-of-Babel is about to
| collapse.
|
| As much as I love Signal, we've got to move to things that are
| decentralized. I setup a prosody[1] server a while back, but have
| nobody to talk with. If anyone wants to try their system out, I'm
| bjt@2n3904.net on XMPP.
|
| 1 - https://prosody.im/
| oblio wrote:
| > The centralized-infrastructure-Tower-of-Babel is about to
| collapse.
|
| Is there _any_ decentralized protocol that 's in widespread
| use? Email is the only one, and if hackers take out Gmail and
| 2-3 other major email providers 99% of the world's personal
| email is gone.
| olah_1 wrote:
| Of course there are protocols like XMPP and Matrix.
|
| But there are also solutions that don't require everyone to
| host their own server. Rather, people just host impersonal
| nodes on the network and everyone uses the whole network
| together.
|
| Examples would be Status[1] (Ethereum) and Session[2] (Oxen nee
| Loki).
|
| I'm sure there are others that use this architecture too. I
| just like it because I don't have to be personally concerned
| with who is running my "home server". Because there is no one
| single home server in this model.
|
| [1]: https://status.im/
|
| [2]: https://getsession.org/
| lucb1e wrote:
| How does that work, though? You need to have some central
| database of user IDs, or can you just never have a user ID
| and will you need to add people by full public key. As soon
| as you try to map big public keys to a phone number,
| username, or some other short ID, you need some registration
| system, probably on a FCFS basis. How does that work in this
| "you can run but not manage your own server" type
| decentralized system? And who prevents message spam / abuse
| handling?
|
| It sounds like these must be centralized systems presented as
| decentralization, similar to how Keybase marketed themselves
| as end to end encrypted and nobody noticed that you can't
| actually verify peer's keys thus making it TOFU (similar to
| blindly accepting ssh keys). (And when you asked people about
| their claims about Keybase, they'd tell you to RTFM
| regardless of whether you already said you did that... A
| marketing department can be very powerful even on HN.)
| olah_1 wrote:
| Status uses public keys, but you can optionally link an
| Ethereum Domain Name (ENS). So it's basically like license
| plates where you can buy a vanity plate if you want. Also,
| friends can just add their own nickname for you in their
| contacts.
|
| Personally I think that's the best way to do it. Public
| keys aren't very different from phone numbers at this
| point. Nobody memorizes phone numbers anymore either. Each
| person just has their own Rolodex mapping of keys to names.
| samstave wrote:
| Can you run a Prosody server on a rasPI?
|
| Do you need a static IP? (Xfinity appears alergic to allowing
| static IPs any more, and I am too lazy to setup my own router
| after 26 years setting up other peoples net infra..)
|
| Id love to chat with you...
| bjt2n3904 wrote:
| I'm sure you can... but I think one of the big hiccups is
| that you need DNS to point to your server if you want it to
| be externally available.
|
| I've used XMPP servers for intra-organization chatservers
| before though, and it worked great!
| upofadown wrote:
| >Can you run a Prosody server on a rasPI?
|
| Sure.
|
| >Do you need a static IP?
|
| Well you need a domain name to identify your server. It's the
| same thing as with email. So however you can do that...
|
| It might be less work to just use a preexisting public
| server:
|
| * https://list.jabber.at/
| shrimp_emoji wrote:
| I can't figure out how to use it. xD
| bjt2n3904 wrote:
| It's not the easiest thing to setup. There's a few places I'm
| sure which let you get free XMPP accounts, and a handful of
| good clients.
|
| I'm using Conversations for Android. If you have a server
| that will allow self service registration, you can make an
| account right from the app.
| Zash wrote:
| Hi, Prosody dev here. It looks like your server isn't
| reachable. If you'd like help with that you can join the
| community support channel: https://prosody.im/discuss/
| bjt2n3904 wrote:
| Aww beans. I looked at the IM observatory, and it seemed to
| check out fine...
| Zash wrote:
| Tried the server-to-server test?
| bjt2n3904 wrote:
| Ahh cripes, I had port 5269 blocked. Whoop! Running the
| test now, thanks for the help!
|
| Edit: Aaand I'm up! Got my first message. Thank you for
| your help, and for your work on Prosody!
| zamadatix wrote:
| And herein lies the reason decentralized isnt about
| uptime, when the server you use is down its down
| regardless how many use it and it doesn't matter to you
| others still work. It'll probably get more downtime over
| the years than the mega important one as well.
|
| That's not to say decentralized doesn't have a ton of
| benefits just uptime for the user isnt one.
| secondcoming wrote:
| Out of interest, why was the Windows download deprecated?
| It's a bit much to expect mom & pop to be playing with WSL?
| kortex wrote:
| I thought signal was highly decentralized? What traffic does
| the server handle once two clients have "found" each other?
| Which I believe uses hashes of phone numbers.
| okso wrote:
| This article from 2018 illustrates the architecture of
| Signal: https://sorincocorada.ro/signal-messanger-
| architecture/
| Reedx wrote:
| Based on that, they use Google, Apple, Twilio and AWS in
| the backend. All who have shown they are willing to
| deplatform with little notice as the result of kneejerk
| public pressure.
|
| How easily can Signal replace those dependencies if this
| comes for them?
|
| "Extremists move to secret online channels":
| https://www.nbcnews.com/politics/congress/extremists-move-
| se...
| okso wrote:
| As far as I know, Google and Apple are only used to send
| Push notifications to users. These are optional, and
| Signal on Android can be used without Google.
|
| AWS S3 is/was used to share files with other users. It
| became a standardized API, with many alternatives
| supporting the protocol, so switching to a different
| provider or on-premises should not be difficult.
|
| Signal intends to remove the dependency on phone numbers,
| and therefore Twilio, but this has not be done yet.
| scambier wrote:
| All IM apps rely on Google or Apple (on their respective
| platforms) for the push notifications. The alternative is
| polling in relatively small intervals, but that wakes up
| the app, which uses the battery without any real usage.
|
| And if the OS decides to kill your app's process, your
| polling dies with it and you don't get notifications.
| sneak wrote:
| You are incorrect. Signal is a centralized client-server
| model.
| lucb1e wrote:
| Completely wrong, it's a service as centralized as Facebook.
|
| Maybe you're mixing it up with Matrix, Briar, or some other
| decentralized chat system.
| gaius_baltar wrote:
| _(I wrote this in a dupe of this story so I 'm posting an
| extended version of the message here. Maybe it is useful.)_
|
| Maybe that's a good reason to open for federation and now I
| wonder if it would be possible to have an user migration
| between servers without cooperation from the _origin_ server.
| This would allow users to move to a new one without losing
| track of existing conversations.
|
| Seems crazy, but the reason we can't do this with email is
| the lack of a generally agreed identity for an user account
| that does not depend on the server itself. Signal accounts
| have a "master" key that can provide this and it's only
| stored in the device and backups (it's the most trusted of
| all keys, after all).
|
| A sketch:
|
| - User creates an initial account on server X (account:
| user@serverX.org), the procedure includes signing a message
| saying "I use server X since $TIMESTAMP and this is the 1st
| server that I use";
|
| - Everything works as now.
|
| - User wants to change server, so they signs a new message "I
| use server Y since $TIMESTAMP and this is the 2nd server that
| I use" (account: user@serverY.org); this message is sent to
| all chats/groups/contacts and to the old server (as an
| information only, it may be already down or be non-
| cooperative). Contacts update the server part of the account
| and start sending messages through the new one. Maybe the
| user can still try to contact the old server for a while, for
| the event it delivers a message from a account that didn't
| get the first, but at some moment all users will get the new
| address.
|
| Notice: I have no idea of how this can work with sealed
| senders of other metadata-prevention measures that Signal
| uses and we all love.
|
| Bonus: no more dependency on phone numbers.
|
| Or if it goes to an more email-like architecture were users
| only speaks with their servers, it can adopt concepts from
| djb's Internet Mail 2000 [https://cr.yp.to/im2000.html]. This
| will *not* work for current email due to the need of keeping
| compatibility with the enormous existing user base, but this
| problem does not exist for a new protocol.
| zrm wrote:
| I wonder if Signal would be open to doing that.
|
| I know they don't like third party implementations because then
| if you need to make a protocol change you'd have to wait 30
| years for everyone else to update their clients. But if you're
| already requiring a single client that it makes it _easier_ to
| do decentralized messaging for exactly the same reason.
|
| Another option that works pretty well is to do both. So try
| decentralized (DHT / direct connection) first and fallback to a
| central server if that doesn't work. Then you're up as long as
| either one of them is working. And there is a lot less load on
| your central servers.
| robotbikes wrote:
| This is the first big outage I've felt affects me personally in
| any meaningful way as someone who has tried to stay away from
| overly depending on cloud services and SaaS like Gmail or slack.
| I first noticed that a couple of hours ago my messages seemed to
| be hanging and going through without the typical confirmation.
| The status page has no more information than the title at this
| point.
| chopin24 wrote:
| For all of you saying we should switch to Matrix, please outline
| the user sign up flow in your comment. Be detailed. Your audience
| is your 50 something aunt who calls her iPad her Facebook.
| Arathorn wrote:
| we've been working a lot on onboarding on Element, just as
| Signal have. it's not perfect, but empirically it's good enough
| for many non-technical users. comments like this are likely
| based on stale data (eg from when we forced e2ee setup during
| registration).
| spurgu wrote:
| Well if you think about sending this to your aunt:
| https://wiki.mozilla.org/Matrix
|
| Compared to installing the Signal app and verifying your
| phone number over SMS, the difference is quite remarkable.
| Signal has had smooth and frictionless onboarding as part of
| the design.
|
| But also, comparing Matrix to Signal is a bit like comparing
| apples to oranges IMO.
| eredengrin wrote:
| Why would I send my aunt to a page about how to join the
| mozilla community? Over half of that wiki page is mozilla
| specific information, and even most of the matrix info is
| irrelevant to most users if they just want to do a basic
| registration.
|
| The real apples to oranges comparison is you thinking that
| this wiki page is somehow comparable to registering a
| signal account.
| Groxx wrote:
| https://app.element.io/ -> click "create account" -> create
| account. The default is for a matrix.org account which is
| totally fine for anyone who can't/won't dig deeper.
| Niten wrote:
| Does that create an account with end-to-end encryption? If
| not, it's not a replacement for Signal at all.
| eredengrin wrote:
| yes
| Niten wrote:
| Oh, well nice, then
| thepasswordis wrote:
| Can we _please_ stop it with the sexist /ageist "old lady as a
| standin for incompetent" tech bro stereotype here? Not really
| befitting of this place.
| dxdm wrote:
| My mum is such an aunt, she makes no secret of often being
| baffled by her smart phone, she doesn't know all the right
| words, but she's curious, she tries, and really appreciates
| apps that are easy to use, with her in mind.
| shsbdhx wrote:
| Why? For all you know, the OP had specifically his/her aunt
| in mind.
|
| If I wrote that, I'd have my 93 year old grandma who got
| Signal years in mind. She's i it because because I refuse to
| share pictures of my kids otherwise.
|
| Or maybe I'd have my sister in mind. The older one of the
| two, who has zero interest in this stuff. My youngest sister,
| OTOH would just as likely advice me to adopt some technology.
|
| All this ranging about fake (and it is fake) politeness is
| oppressive to the thought process. And it's very irksome and
| tiring. When I speak, I want to say something. Not stop and
| figure out which real an imagined person with a disadvantage
| might perceive a slight where none is intended.
|
| If I mean to insult you, you'll know.
|
| When you write instructions to others, by all means, make the
| "idiot" a young white man from the Midwest. I don't care.
| But, just so you know, my grandma is an inspiration of fierce
| independence (she lives alone in a bad neighborhood in a
| third world country ). My sister who doesn't care about tech
| is brilliant. They just don't care about apps. And it's ok.
| arnoooooo wrote:
| If you don't intend to use a specific server, it's the same as
| creating an account on any online service.
| kevincox wrote:
| This is definitely the weakest point of Matrix. There are
| clients that have a nice setup flow (like FluffyChat) but the
| are missing some pretty important (to me) features such as
| sending images and video calling.
| lerax wrote:
| Simple, they are not resilient as Telegram is. They are not
| Russian.
| sschueller wrote:
| The best hackers do appear to all live in Russia...
| gre wrote:
| Centralized servers for the lose
| oblio wrote:
| How would things work in practice for a decentralized network?
| Regular people won't host their own servers.
| sschueller wrote:
| Take a look at https://jami.net/
| godelski wrote:
| Probably like email or all the other decentralized services
| the federated people talk about. Email didn't get mass
| adoption until centralized servers like Hotmail and Yahoo
| came online. People don't want to run their own servers and
| now a days it's a lot more work to do so.
| rcMgD2BwE72F wrote:
| Nice workaround for Android users: tap and hold the send button
| to switch to SMS (insecure but still)
|
| https://support.signal.org/hc/en-us/articles/360007321171-Ca...
|
| You'll keep all your message history in Signal that way. Good to
| know when your contact don't have an Internet connection, too.
| bzb6 wrote:
| What a workaround. SMS are not encrypted, cost money, have a
| length limit, don't support images or groups...
| xeromal wrote:
| I didn't know some places still charge for SMS
| sgt wrote:
| I think they charge for SMS pretty much anywhere outside
| the US.
| philjohn wrote:
| My plan comes with unlimited SMS (Three in the UK).
| xeromal wrote:
| Wow, thanks for the info. That stinks!
| [deleted]
| rcMgD2BwE72F wrote:
| No one pays for SMS in France. And probably in most
| European countries.
| angry_octet wrote:
| No its the other way around. Americans were still paying
| to receive phone calls when most other places were on
| unlimited SMS.
| blankton wrote:
| Germany still pays for SMS, nobody here uses MMS because
| its so expensive.
| IshKebab wrote:
| I wouldn't call that a nice workaround. Doesn't work for group
| messages or people that don't use signal for SMS.
| manesioz wrote:
| I use the Signal app as my default for everything because of
| this feature (secure communication with Signal users and
| insecure SMS with non-Signal users)
| [deleted]
| [deleted]
| sean_pedersen wrote:
| Time to jump ship! Use element / matrix an open, decentralized,
| end-to-end encrypted chat protocol with slick clients for
| Android, iOS, Desktop & Web: https://element.io/
|
| Also easy to self-host a server, if you need full control:
|
| $ mkdir -p ~/synapse
|
| $ pip3.6 install --user jinja2 matrix-synapse
|
| $ cd ~/synapse
|
| $ python3.6 -m synapse.app.homeserver \ --server-name
| my.domain.name \ --config-path homeserver.yaml \ --generate-
| config \ --report-stats=no
| sneak wrote:
| The notifications transport for these on iOS is necessarily
| centralized as push notifications have to be sent from an apple
| developer client cert to Apple's APNS system.
|
| There is no such thing as decentralized messaging on iOS for
| this reason.
|
| The matrix developers run a push service, which all servers
| have to talk to to push notifications to their iOS app, even if
| you run your own instance.
|
| [ EDIT: The following statement is false! Changes in APNS have
| rendered my previous understanding out of date. ] This means
| that both the push server operator, as well as Apple, can see
| the content of all of the push notification messages, thereby
| bypassing the e2e encryption as well.
| 0x76 wrote:
| I thought that it just sends push notifications without
| content which then wake up the app so that the app itself can
| fetch the message from your homeserver with encryption
| Daniel_sk wrote:
| No. You can send a data push notification type with an
| encrypted payload, decrypt it on device and display it. Same
| on Android.
| sneak wrote:
| I stand corrected, this is a new feature. Still, the push
| message itself is centralized via a single dev account, and
| of course Apple, even if you are running your own
| homeserver.
| Arathorn wrote:
| > The matrix developers run a push service, which all servers
| have to talk to to push notifications to their iOS app, even
| if you run your own instance.
|
| This isn't really true: there are lots of Matrix iOS clients
| out there, and each run their own separate push server. Only
| Element iOS's push server is run by the 'matrix developers',
| and if you are worried about that then (if you are an iOS
| developer) you can build your own copy of Element iOS pointed
| at your own push server.
|
| > This means that both the push server operator, as well as
| Apple, can see the content of all of the push notification
| messages, thereby bypassing the e2e encryption as well.
|
| This is completely incorrect. By definition, the server can't
| see the contents of end-to-end encrypted messages, and we
| don't send push contents (encrypted or otherwise) to the push
| gateway anyway. Instead, the push notification is a single
| flag sent to the client to tell it to wake up, which then
| runs a Push Extension (on iOS) to talk to the Matrix server
| and do E2EE in order to display the notification body (if
| desired). It's become particularly painful since iOS 13
| thanks to https://appleinsider.com/articles/19/09/05/secure-
| messaging-....
| t-writescode wrote:
| Oh, okay, so just to confirm this means that push servers
| *AREN'T* getting any information about the messages being
| sent to users? The contents of the message, who sent it,
| etc?
| t-writescode wrote:
| Could you explain this further? Or at least where it's
| documented?
| corndoge wrote:
| Thanks, I'll send this guide to my mom!
| Arathorn wrote:
| send your mom to https://element.io. nobody is asking her to
| run her own server(!)
| philshem wrote:
| my mom uses at least python3.8
| helmholtz wrote:
| Exactly. GP's comment is the most HN thing I've every seen.
| oblio wrote:
| Can I use it if I don't want to host a server? Are there any
| trustworthy public servers?
| iknowstuff wrote:
| chat.mozilla.org and matrix.org.
| [deleted]
| munfred wrote:
| You can use the public matrix server that offers an interface
| to it with the Element web client and is maintained by
| Element the company (used to be called New Vector):
| https://app.element.io/
|
| If you do want to set up your own server I wrote a guide when
| I learned how to do it with Google cloud instances:
| https://munfred.com/matrix
| exabrial wrote:
| How to fix: https://signal.org/donate/
| Daniel_sk wrote:
| "We have been adding new servers and extra capacity at a record
| pace every single day this week nonstop, but today exceeded even
| our most optimistic projections. Millions upon millions of new
| users are sending a message that privacy matters. We appreciate
| your patience."
|
| https://twitter.com/signalapp/status/1350165610936766464
| Daniel_sk wrote:
| "We are making progress towards getting the service back
| online. Privacy is our top priority, but adding capacity is a
| close second right now."
|
| https://twitter.com/signalapp/status/1350185818527211521
| ibejoeb wrote:
| > Millions upon millions of new users are sending a message
| that privacy matters
|
| Awesome
| topkeks wrote:
| Does anyone outside Signal Foundation know how's their
| architecture? There are a lot of references to AWS, GCP, and
| Azure in the source code hosted in GitHub so they probably use
| them all in one way or another. It would be super interesting
| know more details about the infrastructure.
| dboreham wrote:
| Demand a refund!
| Cyclone_ wrote:
| I deleted the app after it deleted all of my texts and wouldn't
| open. I still think encrypted messaging is very important, but
| not sure signal has done a great job with their implementation.
| Compared to the default android app it's always been quite buggy
| afrcnc wrote:
| As with most sudden expansions, this was to be expected, tbh
| Triv888 wrote:
| having issues implementing NSA's new code? /s
| stonesweep wrote:
| For those unaware, the Signal protocol developed by Open Whisper
| (previous name) is what was adopted by WhatsApp / Facebook
| Messenger / Skype and possibly others. In a sense, Signal is the
| original reference implementation of the specification.
|
| https://en.wikipedia.org/wiki/Signal_Protocol
| z77dj3kl wrote:
| Facebook Messenger at least does not use the protocol by
| default, maybe for secret conversations.
|
| But the Signal folks did indeed help WhatsApp implement the
| Signal protocol, which is kind of ironic.
| lerax wrote:
| Forget Signal. Use Telegram, I use since 2013 without any
| regrets. WhatsApp it was always inferior anyway.
| frEdmbx wrote:
| As long as we tolerate the world reserve fiat global enslavement
| system, everything that can be corrupted will be corrupted.
| muunbo wrote:
| This is a positive sign - it means there've been so many more
| signups lately! I did just convert a whole bunch of close friends
| over to Signal this past week, so I hope they can ride out this
| temporary outage and not leave the service :'( It took too much
| 'social effort' to move them all over
| tomp wrote:
| At least they tell you about it - there's a banner on the top of
| the app. Last time WhatsApp was having issues, it didn't give any
| indication - messages just weren't being delivered (but as a
| user, there's no way to distinguish between "no messages" and
| "messages not being delivered").
| bzb6 wrote:
| Last time WhatsApp was having issues, a "Connecting" banner was
| shown permanently on the app and all outgoing messages
| displayed a clock instead of a tick, showing that they weren't
| reaching the server.
| rd11235 wrote:
| I've personally had (many) more signal issues than WhatsApp
| issues, and not one of the signal issues was accompanied by a
| banner.
|
| I am not vouching for WhatsApp. I just don't think we should
| pretend that Signal is more reliable than it is.
| LordAtlas wrote:
| I don't see a banner on the top of my app. I only found out
| when the desktop client kept timing out with 502 errors and
| after asking on Twitter, found other people were having issues
| too.
|
| It's there on https://status.signal.org/ though.
| avhon1 wrote:
| I didn't see the banner in the Android app until I tried to
| send a message.
| vecio wrote:
| There is a banner in the Android app, not on the desktop.
| spurgu wrote:
| For me it's the other way around, haven't had any banners
| or anything on Android, whereas the desktop client has, and
| messages have been throwing 50x errors, while the mobile
| messages just seem to take ages to send.
| LordAtlas wrote:
| Yeah, I'm using Android but not seeing a banner in the app.
| Daniel_sk wrote:
| The desktop app shows a yellow "DISCONNECTED - Check your
| network connection" warning. They probably should work on
| better error/status reporting in next version.
| zamadatix wrote:
| Desktop app is still behind the mobile in a few things
| but they are getting closer these days
| spurgu wrote:
| Yeah I was very positively surprised to find that the
| desktop app has a large number of useful keyboard
| shortcuts: https://support.signal.org/hc/en-
| us/articles/360036517511-Si...
| wumms wrote:
| Thanks! They're listed in the menu of the desktop app as
| well: _Help | Show Keyboard Shortcuts_
| graeme wrote:
| You on android? No such banner on my ios client.
| _mitch wrote:
| I see the banner in Android.
| hawkice wrote:
| fwiw I do not see the banner on android. That being said,
| things break. Breaking in a way you can notice it's broken
| is good, but pobody's nerfect.
| jandrese wrote:
| I'm not getting a banner on iOS either, however when I try to
| send a message it fails with a red exclamation mark in a
| circle saying "Request failed: service unavailable (503)"
|
| Edit: A few minutes after the message failed to send I got a
| yellow banner stating that the service was experience
| interruptions.
|
| However the banner disappeared shortly afterward, so it would
| have been easy to miss.
| dep_b wrote:
| I did see it on iOS
| circularfoyers wrote:
| Not sure if it's only showing on Android but I had to attempt
| to send a message first before it showed.
| tomp wrote:
| iOS
| jandrese wrote:
| Wow, at first I thought "they finally hit their limit with the
| new signups." but now they've been down for a couple of hours and
| I'm starting to worry that it might be more severe.
| tombert wrote:
| Same here. I had assumed there was an "oh crap!" moment, and
| the solution might be as simple as provisioning bigger/more
| boxes from AWS (or whatever provider they use), and this could
| be resolved in an hour. I'm a bit worried that maybe the
| problem is more architectural and it might require a more
| substantial code change. Then again, most "auto-scaling"
| algorithms aren't really expecting you to quintuple your active
| user-base in a week.
|
| Obviously I'm not going to complain that a free service isn't
| working for me 100% of the time, and I'm not "angry" or
| anything, but I hope this is resolved soon; pretty much the
| only way I talk to my friends and family is via Signal.
| drummer wrote:
| I remember years ago back when I still used WhatsApp when there
| would also be temporary outages due to huge increase in
| traffic/popularity. Growing pains. I would have hoped, though,
| that the engineers at Signal would have foreseen this and would
| have been prepared.
| Datagenerator wrote:
| Quite feasible no competition is allowed and they resorted to
| DDoS the new neighbor. Support government backdoors or get
| hammered.
| NanoWar wrote:
| I donated 10$, hope that helps a bit in the long run! Happy
| switcher from WhatsApp, dragging all family members with me ;)
| fallingfrog wrote:
| Yeah, I'll bet they are
| markhalonen wrote:
| After getting burned by Keybase, I didn't even look at Signal. I
| am curious to see how Signal works in the long term without a
| revenue model.
|
| I paid for Matrix and got my team on it, working great.
|
| The nice thing about paying for something is you know what it
| costs.
| sjaak wrote:
| Burned by Keybase how? It's still online and functional afaik.
| Do you mean the cryptocurrency shenanigans, the acquisition,
| ..?
| markhalonen wrote:
| the acquisition https://news.ycombinator.com/item?id=23102430
| olah_1 wrote:
| How did you get burned by Keybase? An outage or something else?
|
| I know in their own terms they basically say "we can delete
| your account, but we won't". I chuckled and never bothered.
| rvz wrote:
| "Ultimately, Keybase's 'future' is in Zoom's hands." [0] That
| is what the parent comment is talking about.
|
| [0] https://keybase.io/blog/keybase-joins-zoom
| lucb1e wrote:
| I'd estimate that Signal is a fair bit better than Keybase
| since the latter wasn't end to end encrypted in the first
| place. But since you're on Matrix now, of course that's self
| hosted and as stable as you make it yourself. Decentralization
| for the win, kudos for going with an even better solution (even
| if I disagree about Signal not being a stable choice)!
| markhalonen wrote:
| I was tempted to self-host, but went with
| https://element.io/matrix-services
|
| If I had an IT department and a secure server center I would
| for sure self-host. In the mean time I will get used to the
| tech and support the cause
| glerk wrote:
| > since the latter wasn't end to end encrypted in the first
| place
|
| I'm pretty sure keybase is end-to-end encrypted, at least
| that's what they are claiming. What makes you think it isn't?
| lucb1e wrote:
| This makes me think it isn't:
| https://security.stackexchange.com/q/222055/10863
|
| > after [installing the Keybase app] and starting a chat
| with your friend, you still need to verify that the server
| sent you the right encryption key. Since you can't host
| your own server, it has to be the Keybase, Inc's server
| that sends you the encryption key of your friend.
|
| > there is no way to display [the 'signature chain' of the
| person I'm chatting with], I have to trust the server to
| send me the right key. [Yet the client] displays a banner
| above the chat saying "end-to-end encrypted".
| pbronez wrote:
| The whole point of Keybase is that you could verify the
| keys that the server sent you by looking at signed
| statements posted on third-party websites. That
| verification happens client side.
| lucb1e wrote:
| Read the post. I've had this discussion dozens of times
| now, everyone repeats the same arguments, all based on
| what Keybase puts out, never checking anything for
| themselves or even logically reasoning about how this
| could work (for those who bring up blockchain instead of
| third party proofs). There's a reason I link the
| information you're looking for, you don't even have to
| check it for yourself anymore.
|
| > It was mentioned on hacker news that the app should
| check third party proofs by itself. This is not exactly
| what end to end encryption means since it still relies on
| third parties, but nevertheless, having to [compromise] 2
| or more companies' servers before being able to MitM
| someone's keys (which are additionally TOFU'd) should
| give quite some confidence.
|
| > However, when checking in Wireshark whether it actually
| does this (ask the Twitter API for the proof string and
| verify the signature with the the public key it received
| from Keybase), Keybase on my phone did not contact
| Twitter at all. (It did, however, proudly proclaim that
| the new chat was end to end encrypted.)
|
| > The packet capture started before the username was
| typed into the search field on the test device and ended
| only after Keybase completely established the chat and
| claimed it was end to end encrypted.
|
| > It is deemed implausible for the mobile Keybase client
| to simply have downloaded all signature chains from all
| users that exist on Keybase and to have checked all their
| proofs prior to starting the packet capture. This is the
| only way I can think of how the third party hosted proof
| could have been verified prior to the packet capture.
| apeace wrote:
| I'm curious, are there any apps out there that you don't
| have to host yourself that you do consider to be end-to-
| end encrypted?
| lucb1e wrote:
| What kind of a question is that? Of course there are, and
| self-hosting does _not_ replace key verification.
|
| - Wire
|
| - Signal
|
| - Jami
|
| - Matrix/Element with central servers
|
| - Threema
|
| - Briar
|
| - WhatsApp if you turn on key change notifications
|
| - even Telegram secret 1:1 chats on a client that
| supports these kinds of chats
|
| - anything you add OTR or PGP to... and the list goes on
|
| You just need to do key verification, since key
| distribution is an unsolved problem in cryptography.
| KAMSPioneer wrote:
| Uhm, Keybase is totally E2EE. Were you thinking of forward-
| secret (which Keybase chats are not by default)?
| lucb1e wrote:
| No, that's not what I was thinking of.
|
| > after [installing the Keybase app] and starting a chat
| with your friend, you still need to verify that the server
| sent you the right encryption key. Since you can't host
| your own server, it has to be the Keybase, Inc's server
| that sends you the encryption key of your friend. [...] How
| does this work with Keybase?
|
| > there is no way to display [the 'signature chain' of the
| person I'm chatting with], I have to trust the server to
| send me the right key. [Yet the client] displays a banner
| above the chat saying "end-to-end encrypted".
|
| It's all marketing department with a sprinkling of
| blockchain magic.
|
| https://security.stackexchange.com/q/222055/10863
| stmw wrote:
| Keybase is now owned by Zoom.
| zamadatix wrote:
| Paying for something doesn't really tell you anything.
| olah_1 wrote:
| It tells you that there's a sustainable business model. Less
| ambiguity often translates to more comfort.
| mayneack wrote:
| Non-profit 501c3 is a sustainable model. Plenty of non-
| profits span decades.
| zamadatix wrote:
| Not really, ive paid plenty of subscriptions to services
| that later shuttered and not paid for plenty of things long
| kicking. And vice versa of course.
|
| Ambiguity goes away by understanding the total finance
| model not by knowing you paid 5 bucks.
|
| That being said I'd like to at least cover my cost to them
| to see it better grow. A payment isnt the same thing as
| that though it only tells you you at least paid a portion
| e.g. buying a smart tv doesnt mean you now know the tv cost
| less than that to make.
| Niten wrote:
| Is there any data on how many of these new users are WhatsApp
| refugees vs. Parler refugeees vs. some other category?
|
| In principle it shouldn't matter. But I'm worried userbase
| demographics will determine from which quarter the next
| legislative threat to end-to-end encryption emerges.
| afroisalreadyin wrote:
| This is bad. I spent a lot of time and effort getting non-techie
| friends to switch from whatsapp, and now what is supposed to be
| the best alternative is having a massive downtime. I think I'll
| just give up.
| mackrevinack wrote:
| has whatsapp never had an outrage?
| njsubedi wrote:
| Please don't give up so fast.
| dbg31415 wrote:
| Totally agree, but looks like they just got Slashdotted. Hard
| to imagine it'll be down much longer.
|
| Shame they couldn't anticipate this, or scale better. Curious
| what their postmortem will have in it.
| zamadatix wrote:
| If there was ever a time it was going to go down its preciously
| after qulck exponential growth in the 10s of millions of users.
| shafyy wrote:
| Just a friendly reminder that Signal runs on donations and that
| if you can go and give them some money:
| https://signal.org/donate/
| lucb1e wrote:
| Or that you can use that money for a Matrix server instead of
| supporting centralization.
|
| Element is less polished than Signal app but they've been
| catching up quite fast. If you and your friends aren't locked
| into the Signal ecosystem yet, might be worth considering,
| especially if you're techies.
| pmlnr wrote:
| If anything, they are better off with conversations.im,
| blabber.im, etc for now, given how rough matrix can get.
| mschuetz wrote:
| I'm already having mild trouble to convince everyone to use
| signal, there is no chance I could get them to use and keep
| using Element. Element is terrible.
| lucb1e wrote:
| Well now, I wouldn't call it terrible, especially
| considering it's free and how much better it has gotten in
| the past years and how many volunteers have worked on it.
| It's quite decent really, even if not super smooth and
| polished.
| m-p-3 wrote:
| > Element is less polished than Signal app
|
| Once nice thing about the Matrix protocol is that you can
| build your own client following the specs (unlike Signal).
|
| If you want something closing to the average instant
| messaging client, you can look here
| https://matrix.org/clients/
|
| I personally find FluffyChat a great casual client.
| https://fluffychat.im
| godelski wrote:
| Matrix comes up a lot but even Signal is often called not
| polished enough. And for matrix onboarding is hard for
| techies and I've had zero chance for the general public. Fine
| to push it towards techies, but my grandma can't figure it
| out but she can Signal. Push matrix when it's more polished
| but right now it just feels silly to push it.
| BeetleB wrote:
| Would that not be even a better reason to donate to
| them...?
|
| (Not a Matrix user, BTW - looked into it some months ago
| and ran away)
| shafyy wrote:
| Exactly. I'm for decentralization, but the reality is that
| if "we" (we techies) tried to push Element on everyone
| today they would just fall back to WhatsApp. So better to
| go for Signal today and then switch everyone over to a
| Matrix (or similar) client in a couple of years. As the
| past week demonstrated, it's possible to switch masses out
| of a closed, network-effect-dominated system.
| lucb1e wrote:
| I wish the person that downvoted you would give an
| explanation. I'd love to know how to avoid the middle
| step of switching family to Signal before, once it's more
| usable, switching to Element. (Or perhaps they meant that
| decentralization isn't better and Signal is the final
| destination. Guess we'll never know.)
| [deleted]
| lucb1e wrote:
| Unfortunately very true, so although I'm not a big fan of
| Signal's centralization and USA-based metadata processing
| (I'm not from the USA), I'll probably end up moving my
| family from (now) Telegram to Signal.
|
| Alternatives would be Threema and Wire, but Wire has the
| same main issues as Signal and Threema doesn't have video
| calls nor a desktop client and an unusable web client (deal
| breaker for me: you need to navigate two menus on your
| phone to reconnect every time your phone connects to
| another wifi or you suspend your laptop or _anything_ ).
| godelski wrote:
| > USA-based metadata processing
|
| Do you mean that they have servers in the US? US based
| company? They don't leak metadata, that's the difference
| between Signal and Telegram/WhatsApp. If the encryption
| is good it shouldn't matter what country the company or
| servers is in. That's kinda the point of encryption...
| lucb1e wrote:
| You connect to AWS when you connect to Signal. That means
| the USA is the government with the most influence on
| Amazon to have taps placed or connection logs handed
| over.
|
| They can do sealed sender stuff all they like, but when
| 10.0.1.1 sends a 17-byte message and the server then
| sends a 17-byte message to 10.0.2.1, and a minute later
| 10.0.2.1 submits something to the server of 48 bytes and
| then 48 bytes are forwarded to 10.0.1.1... traffic
| analysis based on a tap of a Signal server isn't rocket
| science.
|
| Still, it's the best we've got for non-techies. Better
| than handing over _more_ metadata to Facebook. Even if
| the jurisdiction is the same, the company (Signal
| Foundation) is better and is known to collect almost
| nothing historical by themselves. Other than, say, your
| real-life-identity-tied user ID of course. (In many
| countries, phone numbers are given out only after
| passport /ID verification.)
| godelski wrote:
| > You connect to AWS when you connect to Signal. That
| means the USA is the government with the most influence
| on Amazon to have taps placed or connection logs handed
| over.
|
| I'm not an networking guy but can you explain this more?
| I'm actually curious and what better place to get actual
| info than HN? If you have a sealed sender then shouldn't
| this be impossible? Shouldn't the size of the message be
| sealed as well and when the message is received you'd see
| that 1) it is signed by a different key and 2) the
| message size doesn't match? Shouldn't this be rejected?
| 3) Shouldn't this also apply to any app because traffic
| is going to bounce through some US based (or US company
| owned) server? My understanding is that sending data from
| San Francisco to Berkeley can route through Seattle or
| Tokyo depending on optimal routing, server
| configurations, and loads.
|
| > Other than, say, your real-life-identity-tied user ID
| of course.
|
| This is why I'm excited for the usernames. They are
| promising them this year.
| lucb1e wrote:
| Agreed about being optimistic about usernames. I'm hoping
| it'll be what we expect, I hear different things from
| different people but frankly I also have been too lazy to
| actually look into it (I feel like I'm always the one
| doing the digging).
|
| > Shouldn't the size of the message be sealed as well
|
| To hide the volume of data being sent, you need to limit
| how much data you _can_ send. How would you hide from the
| relaying server how much data you 're sending without
| adding dummy data? And if you add 0-500 bytes of dummy
| data every 5 minutes, then whenever you send >500 bytes
| _or_ send a message more often than once per 5 minutes,
| the server still knows that it was an actual message and
| its size, and you can start to do traffic analysis.
|
| > Shouldn't this also apply to any app because traffic is
| going to bounce through some US based (or US company
| owned) server?
|
| Um, when I message my friend whose Matrix homeserver I'm
| using, the traffic involved is:
|
| 1. DNS lookup of a .de domain (does not reveal message
| size or anything else, even if I were to use Google DNS
| and reveal my home server to a USA company)
|
| 2. TCP connection to a German server
|
| 3. More traffic to his German server
|
| And same on the receiving side. Unless one of us travels
| to the Americas, it's not likely to ever pass through the
| USA. That isn't to say that American agencies might not
| collaborate with European agencies or even tap European
| land-based connections, but it's harder and would not be
| an option available to criminal (or civil, for that
| matter) investigations due to the disproportionality of
| the method.
|
| > can you explain this more?
|
| I'm not quite sure what's unclear about it, but I'll give
| it another general shot. Imagine you see this traffic
| log, where A/B/C/D are different IP addresses. You see
| various people sending data of various sizes (you don't
| know who's who, but everyone connects from their own IP
| address, or in networking terms, a TCP tuple). Since the
| server is just pushing messages from one contact to
| another, like if Alice messages Bob, it will always
| forward a message as soon as possible.
| 00:00 A -> server: [17 encrypted bytes] 00:00 C
| -> server: [29 encrypted bytes] 00:00 server ->
| D: [17 encrypted bytes] 00:00 server -> B: [29
| encrypted bytes] 00:01 D -> server: [48 encrypted
| bytes] 00:01 server -> A: [48 encrypted bytes]
|
| From this, I would assume (without knowing any contents
| or anything else) that the subscriber behind IP address
| "A" is talking to the subscriber behind IP address "D",
| and that "C" is talking to "B". Now you can start
| building a social graph, which according to a paper I
| recently read (I could maybe dig it up again) needs only
| a few nodes before they can tell who you are, or they
| just ask the ISP (or in the case of the Netherlands,
| query the CIOT database[1]).
|
| If you think that a "sealed sender" might hide your IP
| address, the answer is no because the packets somehow
| need to make it across the network to the right devices
| (or to the server for that matter) and then the receiver
| decrypts it.
|
| [1] https://nl.wikipedia.org/wiki/CIOT only available in
| Dutch. TL;DR central mapping system of IP addr ->
| subscriber info, available at the police's discretion,
| updated daily.
| codethief wrote:
| What makes you think that Signal doesn't have AWS
| instances in other regions? (I haven't checked but given
| their popularity, I'm sure their servers are not just in
| the US anymore.)
|
| > They can do sealed sender stuff all they like, but when
| 10.0.1.1 sends a 17-byte message and the server then
| sends a 17-byte message to 10.0.2.1, and a minute later
| 10.0.2.1 submits something to the server of 48 bytes and
| then 48 bytes are forwarded to 10.0.1.1... traffic
| analysis based on a tap of a Signal server isn't rocket
| science.
|
| True, though with a bazillion connections going in and
| out of Signal's AWS instances every minute and additional
| domain fronting by AWS, the NSA would probably have to be
| inside the AWS datacenter to carry out their traffic
| analysis and even _then_ it doesn 't seem like a
| triviality to me.
|
| Compare this to someone hosting their own Matrix node
| (which you're mentioning further down): In this case, it
| is clear that _every_ message sent to that node has
| something to do with the node 's owner. More generally,
| reconstructing a social network in a p2p network (without
| onion routing or anything like that) is much easier than
| doing this in a centralized network where all messages
| get routed through a central location. There's a reason
| why the guys from GNUnet have so far spent two decades on
| getting p2p right. (Though, of course, anonymity is just
| one of their concerns and not their only one.)
| lucb1e wrote:
| > AWS instances in other regions
|
| Is still Amazon operating those locations, so I assume
| it's still the USA who's calling the shots. Please do
| prove me wrong if I am, this is somewhat of an assumption
| (even if I am fairly confident it works this way in
| practice).
|
| Though perhaps I'm putting too much weight on this
| aspect, it's just that _everything_ we do in Europe can
| be monitored through one USA organisation or another. It
| feels really weird when you think about the number of
| actually European services you use (very few) and how
| much money the ad machines are making with your data in
| the USA, how much that data is apparently worth. We 're
| wholly dependent.
|
| Domain fronting: didn't Amazon and Google say they were
| not going to do that anymore, because they didn't want to
| stand up for the organisations using it at the time? Some
| countries wanted to block certain services (was it sci-
| hub? TPB? Tor? I don't remember) and instead of standing
| up for them, they just banned domain fronting.
|
| Therefore I'm assuming that one can see when a packet is
| actually intended for Signal and filter those out. From
| there, it should only be a very manageable number of
| packets, since we're only interested in the routing
| header and packet size.
|
| One does need proper equipment to capture and filter
| multiple gigabits per second, but the attack scenario was
| more about legal interception (which you put in front of
| the server rather than in front of the datacenter) than
| about dragnet surveillance. The latter is indeed less
| applicable on non-USA soil, hence my saying Wire and
| Signal have the same issue but e.g. Threema does not,
| though centralization still makes it way easier (thus
| Matrix is king in this regard).
|
| > reconstructing a social network in a p2p network
| (without onion routing or anything like that) is much
| easier than doing this in a centralized network
|
| Hmm, you mention gnunet and I'm not up to date there,
| perhaps you know something I don't, but this doesn't seem
| quite right to me.
|
| Sure, once you know who is running a server, you can
| install a tap and learn whom they are talking to. Way
| less traffic than doing surveillance on a Signal server,
| I'm with you there. But you do need to figure out who
| you're interested in first. The way that I understood
| these metadata targets work, is that you take a popular
| network (say, WhatsApp) and check who talks to whom.
| Anyone within 3 degrees of a suspect is now also a
| suspect if I remember and understood USA law correctly.
| But if there is no single central service, you need to
| install a _lot_ of taps or capture the right internet
| backbones to get close to the same information.
|
| And if you're serious about anonymity, if you're hiding
| from the police or an intelligence agency, then surely
| you'd host that server somewhere paid for without traces
| to your real name. Or use some public home server -- they
| still need to tap that specific home server rather than a
| centralized server.
| Avi0n wrote:
| Element clients are very close to finishing their SSO
| implementations which will help immensely with the on
| boarding process. Here's the iOS pull request for example:
| https://github.com/vector-im/element-ios/pull/3890
| godelski wrote:
| One thing that would really help is basically making the
| server installs a few clicks. Granted it has been about 6
| months since I tried but I remember the instructions not
| being great and I know that'd be zero hope for less
| technical people.
| feanaro wrote:
| You don't _have_ to host your own server to use it
| though. It 's also not something recommended for an
| average user.
|
| However, if you want a server, installing it using
| Synapse's docker image is very easy. You literally have
| to run two commands.
| lol768 wrote:
| > Element is less polished than Signal app
|
| To be fair: I've been pleasantly impressed with Element
| actually from what I've seen of Mozilla's set-up. I can
| format my text, I can run it in my browser and it starts up
| very quickly.
| spurgu wrote:
| You'll get disappointed once you actually start using it.
| Unfortunately. There are so many quirks, inconsistencies,
| poor UI/UX.
|
| I've been using Matrix for maybe a year now with a group of
| techie friends and I would definitely not recommend it for
| my family members (who I just onboarded from Whatsapp to
| Signal the other day).
|
| Just look at this: https://wiki.mozilla.org/Matrix
|
| And compare it to installing the Signal app and verifying
| your phone number with an SMS code. Frictionless.
| lucb1e wrote:
| While I agree with the main point of your post ("so many
| quirks, inconsistencies, poor UI/UX ... not recommend it
| for my family members"), the availability of
| documentation doesn't mean it can't be intuitive. Aside
| from entering a custom home server on login (if
| applicable, that's something your family will not
| intuitively get with all the centralized services they're
| used to), after that one-time login I think most people
| should be able to find their way around if they try. And
| we definitely don't need phone numbers and SMS
| verification for usability: a username will do just fine,
| we don't have to spend 1.5 _million_ USD from donations
| just on SMS codes in 2018 alone (source: tax filing).
| spurgu wrote:
| > the availability of documentation doesn't mean it can't
| be intuitive
|
| Sure, I'm not saying that either, and Matrix has been
| improving a lot since I first tried it maybe 2 years ago.
| But there's still a long way to go. I wasn't as focused
| on onboarding as I was on criticizing Element's UI/UX in
| general.
|
| > And we definitely don't need phone numbers and SMS
| verification for usability: a username will do just fine
|
| Phone number is just the _easiest_ thing to do. No one is
| confused by the process and you immediately have access
| to all of your contacts, while with a username you
| somehow need to get all the usernames of all of your
| friends. Inviting new users to various channels kind of
| works, but it 's not as personal as your own contact
| list.
|
| Mind you I'm not saying it's the _best_ option.
| _Personally_ I 'd rather register with a username, not
| only because I currently have three different phone
| numbers in use.
|
| > we don't have to spend 1.5 million USD from donations
| just on SMS codes in 2018 alone (source: tax filing)
|
| Signal was paying that much? That's crazy.
| lucb1e wrote:
| Agreed on all points.
|
| > Signal was paying that much? That's crazy.
|
| Yeah unfortunately they were. Income for that year (only
| year they filed so far) is 600k versus about 5M expenses,
| the largest single expense being sms verifications. Zero
| income from donations, perhaps they still ran that
| through the freedom of press foundation or what was it
| again that accepted donations on their behalf until they
| had the Foundation status? Either way, I wouldn't want to
| see the january 2021 bill.
| spurgu wrote:
| > Either way, I wouldn't want to see the january 2021
| bill.
|
| Haha definitely not.
|
| I would assume/hope that if Signal now starts going
| mainstream the donations will increase. I had donated
| sporadically in the past (have been using Signal since
| 2015) and now (since a couple of days ago) I'm doing
| monthly recurring donations. I'll recommend my friends to
| do the same, as I have been with Wikipedia and
| Archive.org.
| stjohnswarts wrote:
| why not both?
| oblio wrote:
| Which Matrix server?
| lucb1e wrote:
| E.g. OVH, Hetzner, TransIP... idk whatever kinda server you
| like. Or repurpose an old laptop at home, for a few Watts
| you get something that's usually more powerful per $? than
| a VPSes (or "cloud instances" in newspeak). Then install a
| Matrix server, add your domain, and you've got your own
| Signal alternative.
|
| Or just use the standard matrix.org home server if you're
| just trying it out / don't mind a not-super-fast home
| server. Or one of a dozen public Matrix servers:
| https://www.hello-matrix.net/public_servers.php
| oblio wrote:
| IRC all over again. I don't see this taking over until
| someone comes up with its Gmail.
| ripdog wrote:
| 'its gmail' is matrix.org. It is the default server when
| you start up Element.
| spurgu wrote:
| Exactly. There's no reason to run your own server aside
| from supporting the decentralized nature of it (or
| wanting to be 100% in control).
| fsflover wrote:
| Your own.
| oblio wrote:
| Then it's dead on arrival.
| foobandit wrote:
| I suspect this is related to all of the people getting kicked off
| of other social media platforms. Signal may be becoming the
| platform of choice for the far-right to share disinformation and
| organize.
| DataSceince123 wrote:
| yes, this is why we need to get signal banned
| Steltek wrote:
| I believe it's more to do with users abandoning WhatsApp due to
| the concerning privacy policy that Apple forced them to
| disclose to their users. Many high profile influencers are
| recommending people switch to Signal.
| samstave wrote:
| FYI - check the JRE ep with Moxy Marlinspike:
|
| https://www.youtube.com/watch?v=OZ0NkT6gbP0
|
| https://open.spotify.com/episode/2uVHiMqqJxy8iR2YB63aeP
|
| ===
|
| (Clearly downvoted by idiots who didnt even watch the short edit
| about signal...
|
| HN has an arrogance problem... Moxy Marlinspike is the founder of
| signal - and he talks about why he did so...
|
| Listen to him...)
| mackrevinack wrote:
| a lot of people are pissed about the podcast moving to spotify
| as well
| samstave wrote:
| Why? Youtube is trash now...
|
| For example, I have never once received a "you should watch
| this as well" decent recommendation from Youtube, the sidebar
| is absolute garbage and cant even keep the concept of a
| topic-thread... Youtube is total trash.
| jjeaff wrote:
| Are you logged in? Because I don't think they tailor their
| recommendations much to non-logged in users. I get lots of
| recommendations that end up being good videos.
| vecio wrote:
| I'm working on another open source Messenger on Signal protocol.
| https://mixin.one/messenger
| mlindner wrote:
| Signal is having difficulties because of load. Does your
| messenger have ways of reducing load?
| [deleted]
| may4m wrote:
| I use huawei p20 lite 2019 and the signal app is not as smooth
| and fluid as whatsapp. The animations frames are noticeable. I
| really want to love the app. I hope they improve the android
| experience for lower end smart phones
| 458aperta wrote:
| This is a good sign. Thanks to Zuckerberg's mistake, Signal reaps
| all the rewards. What can we learn from this?
|
| Just because you own a platform doesn't mean you have an economic
| moat. The crowd's sentiment can change overnight and I think Zuck
| is honestly out of touch with public sentiments.
|
| He probably thinks that he can run for US presidency using
| Facebook as a launchpad but all the money in the world won't fix
| myopia.
| alan5 wrote:
| I just donated to Signal after seeing the error banner in the
| app.
|
| I realised I was more than happy to pay WhatsApp's yearly charge
| back in the pre-Facebook days (think it was 70p or so?).
|
| Figured I could give Signal a few quid every now and then, maybe
| keep a server up for a few seconds :)
|
| Donation link should anyone be interested:
| https://signal.org/donate/
| atoav wrote:
| I set up an monthly donation just now, thanks for the reminder.
|
| Remember: regular donations are better because they help with
| long term planning.
| Marsymars wrote:
| Although monthly donations presumably get more siphoned off
| in processing fees than an equivalently large donation
| annually.
| bilal4hmed wrote:
| I dont know if Paypal allows for monthly donations but they
| dont have any processing fees
|
| https://www.paypal.com/fundraiser/charity/3675786
| Marsymars wrote:
| Good to know!
|
| But your link now leads to a "The charity you're looking
| for isn't available right now" page?
| eurg wrote:
| Now this is unexpected, and amazing.
|
| This is one of _the_ most frictionless donation buttons ever. I
| love it.
|
| Patreon, Paypal, SEPA transfer, all those are a hassle,
| comparatively.
|
| This donation thing used by Signal works exactly as it should
| be. Enter numbers, hit enter, done. No "please cookie us", no
| 20 times transfer to other domains, no account creation, and
| they also don't require stuff like MasterCard 3D secure (which
| IMNSHO really is useless for donations).
|
| Zero hassle, 100% great, and with a nice UX.
| olah_1 wrote:
| We have no info as to how much money they need or how much they
| currently have. For all we know, this was just an area of
| oversight and not related to funding at all.
|
| I'd prefer to pay yearly than to feel the spectre of guilt for
| using a "free" app.
| roughly wrote:
| Good news, then! They have a monthly recurring donation
| option.
| zamadatix wrote:
| So how much covers my use?
| bilal4hmed wrote:
| WhatsApp used to do a $1 per year when they had 300
| million users and it was profitable. So whatever you are
| comfortable with.
| roughly wrote:
| Hell if I know. Give what feels right to you - imagine
| the service going away tomorrow, and someone saying "If
| only you'd paid $X/mo, this wouldn't be happening!"
| What's the value of X where you'd regret not having done
| so?
| zamadatix wrote:
| Not really worried about funding its existence for the
| sake of it just not freeloading my use while it's here
| and I decide it's worth it which is what the gp was
| referring to as well.
| roughly wrote:
| I'd still argue to give the amount the service is worth
| to you, but if you're not willing to do that, then I'd
| say bilal4hmed is probably right - $1/mo is probably
| sufficient. Facebook, Twitter, etc. all have ARPUs at or
| below $12/yr.
| bilal4hmed wrote:
| also check if your employer does a matching donation. Its
| an easy way to double your donation. I do a single yearly
| donation for that reason
| too_pricey wrote:
| They're a non-profit, so their financials are publicly
| disclosed. ProPublica only has it as recently as 2018, but
| here was the financials then: https://projects.propublica.org
| /nonprofits/display_990/82450...
| olah_1 wrote:
| That's helpful, thanks.
|
| So they're 4mil in the hole? How is it possible that
| they're still running?
| bilal4hmed wrote:
| They have $100 mn in donation from Acton
| RedComet wrote:
| You're not allowed to mention that, we have to pretend
| it's a charity.
| olah_1 wrote:
| Weird that it isn't listed in the data in that document.
|
| I have no idea why anyone would donate $20 when they're
| sipping on $100m ...
| bilal4hmed wrote:
| $100 million given current growth wont last as long.
| Telegram 4 years had a run rate of $1 million per month
| for servers and dev costs. At that time they had about
| 200 million users.
|
| Signal is using AWS & GCP ( for cloud fronting ), they
| could be approaching that spend level.
| olah_1 wrote:
| > $100 million given current growth wont last as long.
|
| That is 100% their problem, though. I trust that they
| will develop a sustainable business model when it becomes
| necessary. Otherwise, look at their tax info shared
| above. Sporadic donations won't even make a small dent.
|
| I mean, shoot, they won't even give us a hint at how much
| to donate to cover our own costs. That would be a start.
| bilal4hmed wrote:
| WhatsApp used to charge $1/ yr at 200 million users,
| which kept them well funded. A $1 donated by just the
| Android users at 50 million + would be $50 million per
| year.
|
| TBF they havent had to think about this too much before
| the last 5 days, so give them some time to come up with a
| plan.
|
| In the mean throw them whatever you are comfortable with.
| nostromo wrote:
| That wasn't a donation, it was a loan.
| caturopath wrote:
| (A zero-interest 50-year loan, not a bona fide "I want my
| money back" loan.)
| taejo wrote:
| A fifty-year, interest-free loan is functionally a
| donation, IMO
| [deleted]
| rbjorklin wrote:
| Thanks for sharing that link, you removed enough friction that
| I now donate monthly :)
| pimeys wrote:
| I just set a monthly 10 dollar donation for them.
|
| All my friends are in Signal. One of my favorite group chats is
| in Signal. My mom is using Signal, I just sent her a message I
| might need to leave WhatsApp, so she immediately installed
| Signal all by herself. Now we have video chats that have been
| working really well.
|
| I mean, this is the first time the mobile app gives trouble.
| I'd wish the desktop app would be better, like it's been the
| biggest problem between me and Signal. Otherwise it's an
| amazing tool and I'm happy to donate for it to be even better.
| DyslexicAtheist wrote:
| if you can please consider making a regular recurring payment
| of a few bucks every month rather than a one-shot lump sum.
| this is because it's easier for a company to budget and plan
| with recurring revenue than a one-off donation.
| probst wrote:
| Recurring and steady incoming is certainly useful for any
| company, but I would advise against doing tiny monthly
| donations over a larger yearly one! Processing fees are going
| to take away a significant chunk of your total donation
| relatively speaking if your individual donations are small.
|
| Let's do some math: In signal's case, since they use
| Donorbox, there is a 2.9% + 30C/ fee for credit card
| transactions going via Stripe (in addition to another
| percentage that goes to donor box). If you were to donate $24
| once per year, Signal would end up with just over $23 after
| processing fees had been deducted. If you donated $2 per
| month, they would end up with $19.7 per year, an additional
| $3 being spent on fees!
|
| Edit: unless they have some special lower cost stripe rate of
| course, in which case you can ignore my comment altogether ;)
| earth2mars wrote:
| me too. just donated. please comment below if you also donated.
| let's keep this thing running! Its personal interest now,
| because I moved bunch of groups from whatsapp and its not
| working now! but at the same I love these guys for what they
| do.
| patriksvensson wrote:
| I donated!
| coandco wrote:
| I donated as well. I've gotten a lot of good use out of
| Signal over the years.
| anon776 wrote:
| Donated.
| hakeldama wrote:
| I donated
| Daniel_sk wrote:
| Just donated.
| CodeGlitch wrote:
| I really wish the EU would put up funds for open source
| software, like signal, it seems to be something they could get
| behind for the greater good. My previous job involved creating
| a graphical programming language for the generation of GPU
| shaders, which the EU partly funded. I knew it was going
| nowhere, and it made me slightly sad tax payer money was being
| used on something I knew, despite my best efforts, would not
| work.
|
| Oh well...
| sneeuwpopsneeuw wrote:
| that sounds interesting do you have any links? or insights to
| why it did not work out?
| agilob wrote:
| >I really wish the EU would put up funds for open source
| software, like signal, it seems to be something they could
| get behind for the greater good.
|
| They do https://hexus.net/tech/news/software/125747-14-open-
| source-p...
| arendtio wrote:
| I just wonder about the process and the results. I mean, it
| doesn't look to me, as if there is a management behind
| this, that actually has a goal.
|
| It looks more like they are giving funds to projects who
| apply for them. IMO, they should state 3 clear goals and
| sponsor specific projects which reach those goals. To give
| some example how those could look like:
|
| - create a decentralized, federated instant messaging
| platform, that is build on public standards
|
| - create an e-learning platform that is usable with already
| established devices
|
| - establish a market for the created software with partners
|
| Naturally, all result would have to be open-source products
| and the goals would need some details/numbers to measure
| them. They could even invest into already established
| projects, but please, with easy to understand goals.
| throwaway098237 wrote:
| I work in EU research funding programs. The process is
| very bureaucratic, making it difficult for any small
| company to apply. Not to mention projects without a
| company.
|
| It's also quite ineffective at giving money to the
| projects that are meaningful.
|
| Large companies and large university projects rake in
| plenty.
| input_sh wrote:
| I disagree. I believe the governments should fund
| existing open source software that are considered to be
| "critical" infrastructure (as in lots and lots of people
| rely on it) instead of chasing some random goals and
| adding bureaucracy on top that would slow down lead
| developers.
|
| Just give them money and trust them that they'll do
| whatever it is they've done so far that many people
| recognised and started relying on their solution to the
| problem.
|
| Without looking them up, there's exactly three pieces of
| software in the list above your comment that I don't
| recognize: FLUX TL, WSO2, midPoint. I'm happy to see all
| the other names on it, and I'm pretty sure I'll feel the
| same way about these three after I look them up.
| MrPatan wrote:
| I know you mean well, and I understand the feeling, but how
| can you say in the same breath that the EU funds useless
| software and that you wish they funded more software?
|
| Why would the newly-funded software be the useful kind
| instead of the useless kind?
| zajio1am wrote:
| I wisth they do not put up funds to signal. It is closed
| ecosystem. Even traditional phone calls are more open (having
| federated independent operators and interoperable
| implementations).
| medstrom wrote:
| This is the old Signal-Matrix debate.
| https://matrix.org/blog/2020/01/02/on-privacy-versus-
| freedom
|
| In short, federation makes a lot of things more difficult,
| and Signal opted not to do that to get a polished product
| quickly. Still, it's not either-or. As I remember it, Moxie
| welcomes the Matrix developers to try their approach and
| would be glad if they can get it right, he was just worried
| that it'd basically never lift off.
|
| I think it's not bad to donate to either project, it's a
| good thing that we have both.
| dpaint wrote:
| Thank you for the link, I didn't even know they took donations.
| aendruk wrote:
| I'd choose an annual recurring donation if the platform offered
| it.
| philshem wrote:
| The platform offers a recurring monthly donation. Divide by
| 12?
| Symbiote wrote:
| I don't really want to see a bill for e.g. PS0.41 every
| month on my credit card statement, and at some point the
| transaction fees would become a bother for Signal.
|
| I'd have ticked "recurring annually" if the option had
| existed.
| alias_neo wrote:
| Set up a recurring calendar reminder. Maybe boxing day or
| new years day and give yourself a fresh start to the year
| with some donations.
| aendruk wrote:
| $1/mo is prevented by a hard minimum, and likely for good
| reason as the credit card processor imposes a flat base
| fee.
| godelski wrote:
| They do monthly so you could divide your yearly contribution
| by 12.
| probst wrote:
| Except you have to be careful so the monthly amounts don't
| end up so small that the credit card processing fees eat up
| the majority of your donation! The processing done via
| Stripe (which is used by Donorbox) has a fixed minimum fee
| of 30 cents per transaction.
|
| Edit: unless they have some special lower cost stripe rate
| of course, in which case you can ignore my comment
| altogether ;)
| [deleted]
| senux wrote:
| I don't know what options show up depending on the route you
| use to donate, but the link on the Android app [0] takes you
| to a page that does allow recurring contributions.
|
| [0](https://signal.org/donate/)
| somehnguy wrote:
| Not as impactful as a realtime donation but I recently changed
| my Amazon Smile charity to the Signal Foundation after a few
| years with my previous selection. I was surprised to learn they
| were an available option.
|
| I also installed a browser extension to automatically bring me
| to smile.amazon when buying anything on Amazon - so far it has
| had no weird glitchiness when _not_ buying something and works
| exactly as advertised. Highly recommend looking into this
| option if you 're forgetful like me - so far it has helped me
| donate 4 times that I would have otherwise forgotten.
| mawise wrote:
| I was jumping through similar hoops for a while to get Amazon
| smile donations, but then I looked at their numbers for how
| much gets donated and it was a pretty trivial amount. I don't
| remember what I found (anyone have any stats on Amazon smile
| donation percentages?) but I decided it wasn't worth my
| effort compared to adding an extra few dollars to my direct
| donations.
| bilal4hmed wrote:
| Saw this on reddit, so copying here
|
| Donate to them so they can buy more servers
| https://signal.org/donate/
|
| * If you work in the US, many corporations will match your
| donation. Easy double of your donation
|
| * Set https://smile.amazon.com to Signal, so your purchases on
| Amazon go to Signal
|
| * Use services like Paypal to donate, that sends 100% of the
| money to the foundation
| windthrown wrote:
| Would you mind expanding on the PayPal point? Is that
| referring to donating outside the Signal website which
| appears to use "DonorBox" rather than PayPal?
| heisenbergs wrote:
| for changing amazon smile: is it "Signal Technology
| Foundation - Location: Mountain View, CA"? no description
| available unfortunately. seem to be a bunch with the name
| signal and that was the closest in name to what seems to be
| the signal foundation
| bilal4hmed wrote:
| Signal Technology Foundation is the right one
| JUjFJE2I9Y wrote:
| "...As of June 2020, Signal had more than 32.4 million total
| downloads, and the app had approximately 20 million monthly
| active users as of December 2020...." [0]
|
| "...The initial $50M in funding was a loan, not a donation,
| from Brian Acton to the new nonprofit Signal Technology
| Foundation. By the end of 2018, the loan had increased to
| $105,000,400, which is due to be repaid on February 28, 2068.
| The loan is unsecured and at 0% interest..." [1]
|
| What happens when they add 50M or 100M more users?
|
| [0] https://en.wikipedia.org/wiki/Signal_%28software%29 [1]
| https://en.wikipedia.org/wiki/Signal_Foundation
| some_random wrote:
| 0% interest repaid in 48 years... I'm sure they'll figure
| something out
| alg0 wrote:
| The loan seems to be more a techinical stand-point than a
| real loan.
| bilal4hmed wrote:
| The loan is not a loan, its a gift. There was some tax
| reason it was done this way
| caturopath wrote:
| Do you understand what the tax play is?
| dmitrygr wrote:
| If I give you a gift, it is income and you owe taxes on
| it. If I give you a loan, it is not income and no taxes
| are owed. But tax man will expect you to pay it off! If I
| forgive you a loan, that is also taxable income, in the
| amount that you have not yet paid off, so no loophole
| there.
| coolspot wrote:
| It may be different between an individual and a business,
| but for gift between individuals it is the donor who pays
| the tax:
|
| https://www.irs.gov/businesses/small-businesses-self-
| employe...
| caturopath wrote:
| This is between an individual and a charity, though,
| right?
| caturopath wrote:
| But the Signal Foundation is a 501(c)(3), so their donors
| don't owe taxes on the donations, right?
| cge wrote:
| It is possible that it avoids having the Signal
| Foundation fail the public support test, usually a
| requirement that a public charity receive at least 1/3 of
| their donation revenue from donors giving less than 2% of
| the nonprofit's overall receipts. Failing this would
| cause the foundation to be a private foundation.
| jelliclesfarm wrote:
| There could be conflict of interest if it's a gift
| considering Acton was involved with WhatsApp before
| Signal was formed.
|
| And a donation would bring him deductions which he
| probably doesn't want..
|
| And there is a gift tax but since it's a non profit, it
| gets different treatment. But having said that IRS
| scrutiny increases with such large donations.
|
| Chances high for an IRS audit. Etc.
|
| So many reasons why the loan aspect is a better idea.
| caturopath wrote:
| I don't understand practically any of this very well.
|
| > There could be conflict of interest if it's a gift
| considering Acton was involved with WhatsApp before
| Signal was formed.
|
| Why is this conflict of interest less significant by
| structuring as a loan?
|
| > And a donation would bring him deductions which he
| probably doesn't want..
|
| Why wouldn't he want them?
|
| Is he time-shifting them or forgoing them?
|
| > And there is a gift tax but since it's a non profit, it
| gets different treatment.
|
| A charitable donation isn't subject to gift tax.
|
| > But having said that IRS scrutiny increases with such
| large donations.
|
| > Chances high for an IRS audit. Etc.
|
| Acton is a billionaire, his returns will receive scrutiny
| every year.
|
| What's the etc? How is it better with a loan and why?
| jelliclesfarm wrote:
| Let me try. I am not a legal person.
|
| I think there is a limit to the amount of gift in cash or
| other assets you can make without triggering a federal
| gift tax of around 40%. For an individual there is a
| limit of life time gift tax exemption around 11.5 million
| and 23 million if the gift is made as a couple.
|
| 1. A loan is a business transaction here. There is an
| expectation that it will be repaid. It can also be
| forgiven. A donation to a non profit can be 'rewarded' by
| way of tax deductions.
|
| So Acton will profit from a similar tech he has already
| sold to Facebook as WhatsApp. His wealth likely came from
| WhatsApp sale to Facebook. It can be argued as conflict
| of interest.
|
| Loan deals are very clean. Cut and dried. Any implied
| contract between the parties ends when the loan is repaid
| and the relationship is terminated.
|
| 2. I can't speak for Acton. Or in any legal capacity, but
| if it were _me_ , tax deductions to a non profit can be
| rife with complications because if he ever gets involved
| with signal as a board member or employee, it might rise
| questions.
|
| 3. Signal foundation is not a charity.
|
| 4. Even a billionaire ..and especially one..would prefer
| to keep books less complicated for IRS. Donations are
| often scrutinized for money laundering or tax evasion.
|
| 5. A gift invites taxes, iirc. Like..if I gifted you
| above 15k(and you are not my family or part of a
| trust/insurance beneficiary etc), you will have to pay
| taxes on the realized value of the gift.
|
| 6. This might have been an ideological instinct for Acton
| as there seems to have been some disagreement between
| Acton and FB on how they intended to take WhatsApp. Maybe
| this isn't about money at all. Who knows. Hence the
| 'Etc'.
|
| Also I don't know exactly what kind of non profit Signal
| is...
| caturopath wrote:
| > I think there is a limit to the amount of gift in cash
| or other assets you can make without triggering a federal
| gift tax of around 40%.
|
| AFAIK, this does not apply when giving to a charity.
|
| > I can't speak for Acton. Or in any legal capacity, but
| if it were me, tax deductions to a non profit can be rife
| with complications because if he ever gets involved with
| signal as a board member or employee, it might rise
| questions.
|
| And the loan won't raise similar questions? Why?
|
| > Signal foundation is not a charity.
|
| > A gift invites taxes, iirc. Like..if I gifted you above
| 15k(and you are not my family or part of a
| trust/insurance beneficiary etc), you will have to pay
| taxes on the realized value of the gift.
|
| > Also I don't know exactly what kind of non profit
| Signal is...
|
| It's a 501(c)(3) https://signalfoundation.org/
| IG_Semmelweiss wrote:
| Ianal.
|
| Generally speaking, noncompete agreements prevent you
| from taking equity / ownership or active role in
| competitors
|
| They say nothing about loans. Thats from the many
| agreements i have come across between businesses and
| partners/employees
| caturopath wrote:
| You're hypothesizing he was contractually obligated not
| to GIVE them money, but not also to LOAN them money?
| bilal4hmed wrote:
| https://aronsonllc.com/nonprofit-organizations-
| accounting-fo...
|
| I dont understand it much, but its to make Signals life
| easier during tax time since its such a large gift.
| caturopath wrote:
| Why is this structured as a loan? It sounds like it's
| structured in such a way that he isn't interested in getting
| paid back. Is it so he can exercise control in a weird
| scenario like a buyout? Is it some weird tax thing?
| jandrese wrote:
| My first thought is it must be a tax thing, although I
| guess it could be a hedge against them selling out
| depending on how the agreement is worded.
| tw04 wrote:
| I'm assuming so that if moxy gets hit by a bus and someone
| else tries to step in and monetize it, he gets his money
| back. If it remains free and open source I'm sure he'll
| forgive it.
| colechristensen wrote:
| Something like an unusual sort of ownership. If signal was
| sold, the buyer would be on the hook for all of the debt.
|
| Startup funding that looks more like debt than stockholding
| isn't all that weird, and has various implications for exit
| scenarios.
|
| If you wanted to create something similar to a nonprofit,
| this is a way you could do it while protecting it from
| vultures.
| bgentry wrote:
| Thanks for the idea, I also took the opportunity to donate a
| nice chunk in support of a service I use often and want to
| continue to exist.
| krrrh wrote:
| They could easily add an optional badge to avatars showing that
| you donated $1 that year via an optional in-app purchase. The
| subtle social pressure in a lot of group chats would be pretty
| effective, and it would help raise awareness that it is run by
| a non-profit foundation.
| tailspin2019 wrote:
| This is a great idea.
|
| One of my friends who just jumped ship to Signal this week
| said in his first Signal message to me that he wished he'd
| "bought some shares" in Signal when I first told him about
| it...
|
| The first challenge is getting people to join the platform.
|
| The second challenge is educating them on how it's actually
| funded... (ie NOT by pimping out your personal data for
| shareholder benefit).
| Daniel_sk wrote:
| Stock with ticker SIGL surged 6000% on Jan 11 - investors
| thought it's the Signal Messenger. Same like the wrong Zoom
| company.
| bt1a wrote:
| What's even more wild is that the executives/directors
| didn't sell any of their stock on the massive increase.
| corford wrote:
| "Its market value surged from about $US55 million to over
| $US6 billion [...]" Pretty bonkers:
| https://www.abc.net.au/news/2021-01-16/signal-telegram-
| faceb...
| nilsbunger wrote:
| Really undercuts the argument for the efficient market,
| at least in the short term!
| thsowers wrote:
| This sounds good on first pass, but consider the implication
| of allowing donations (and thus, payment method information)
| to be tied to a Signal users account. I specifically
| _wouldn't_ want this.
| pxeboot wrote:
| How much data is sent to the developer after somebody makes
| an in-app purchase?
| xorcist wrote:
| They already have your phone number, closely tied to your
| real identity. What could they possibly do with some
| payment information?
| BurningFrog wrote:
| Linking a donation to an account would be optional in any
| sane implementation.
| mercurialshark wrote:
| You could enable offsite donations that provide a
| receipt/hash that denotes (donation -> validated), without
| being tied to any individual. Then the user could
| copy/paste a generic, non-correlated code into Signal to
| authenticate activity.
| chucky wrote:
| It's easy. You "gift" the badge to a user via the Signal
| homepage when making a connection. There's no required
| connection between the gift-giver and the receiver. Is the
| person who gifted the badge the same as the receiver? Could
| very well be, but there's no way to prove that.
|
| All you need to store server-side is "this user has the
| badge until date X".
| codethief wrote:
| > Could very well be, but there's no way to prove that.
|
| Sure, but espionage and surveillance are rarely about
| proving anything, they're about making good educated
| guesses. Besides, the receiver will very likely be among
| your friends and acquaintances, so the NSA would only
| have to look at your social circle to find them.
| echelon wrote:
| Database has one column on the user table:
|
| display_badge_until
|
| Store no payment info.
| buro9 wrote:
| Like a star? On the belly?
|
| https://www.youtube.com/watch?v=PdLPe7XjdKc
| I_am_tiberius wrote:
| Would love to donate via the Bitcoin Lightning network.
| bilal4hmed wrote:
| Do not forget to check if your employer does matching
| donations. Its an easy way to double your donation.
| philshem wrote:
| Thanks for the reminder. I donated.
|
| I've been using Signal for a couple years now. Finally deleted
| WhatsApp this week. This is the first outage of Signal that I
| noticed. It's a shame, but growing pains do happen.
| etrautmann wrote:
| Thanks! Just donated too
| slenk wrote:
| I like how you put it. You convinced me to throw a donation at
| them :)
| ossusermivami wrote:
| Thanks I just gave 50 bucks, well worth it, that makes me
| happy!
| AareyBaba wrote:
| Did so myself. Gotta support such organisations.
| topkeks wrote:
| Just threw $10 to them. I'll gladly pay for a quality service.
| jedevc wrote:
| Thanks for your comment, I've just donated too.
| bigcohoneypot wrote:
| What's the evidence that they are short on dough vs can't hire?
| bilal4hmed wrote:
| Adding more servers to support more users, also means more
| bandwidth. Those are increasing costs at a rate that they had
| not planned. Their spend rate has to be insane now to keep
| things running on top of their rents, utlities, opex. They
| have to be needing more money than they planned for.
| rubenbe wrote:
| Another donation.
|
| Everyone around me starts switching suddenly and I want to keep
| them on Signal.
| Mc91 wrote:
| A good thought, I just did as well.
| kop316 wrote:
| Good call! I gave them some money too.
| dt3ft wrote:
| Signal is being used by at least 10 well-paid medical
| professionals (group chat) that I know of, and one of them
| proclaimed today that Signal is owned by Elon Musk (probably
| because he tweeted about it). I did not care to educate them.
| And this is in a first world country with a rather wealthy
| population.
|
| Why am I saying this? Users don't give a damn, they expect free
| things, and they expect things which work. They have been
| taught to use appstores on their phones where tapping on a
| button installs an app and everything just works with zero
| effort on their end, while completely ignoring the work that
| someone put into creating the very app they depend on. Majority
| will never, ever, even think about it, let alone click on the
| developers website to find out who created the miracle they
| use.
|
| This practice needs to end. I believe that it is time to stop
| making free products. Developers should unite in this and
| finally start to value their hard work.
| DyslexicAtheist wrote:
| > one of them proclaimed today that Signal is owned by Elon
| Musk (probably because he tweeted about it)
|
| here is another one (with an insane amount of likes/retweets
| for something so wrong):
|
| _" Signal is owned by Twitter and monitored. While open
| source it is not as secure as they say. Use telegram."_ -- ht
| tps://twitter.com/RebelOutlaw1990/status/13471653380777000...
| mtgx wrote:
| Sounds more like a Telegram bot.
| breiti wrote:
| Just a few tweet below in that thread:
|
| > Telegram is owned by Google if not mistaken!?
|
| sigh.
| joshxyz wrote:
| To be fair i grew up thinking bill gates owned skype
| filoleg wrote:
| Your belief about Skype being owned by Bill Gates is
| kinda factually true. Not necessarily Bill Gates himself,
| but Microsoft acquired Skype back in 2011.
| brewdad wrote:
| Microsoft does own Skype now, so in a way he does.
| raarts wrote:
| That might have been true depending on your age.
| dawnerd wrote:
| Gesh the amount of bad information in those replies.
| xenocratus wrote:
| First comment that I saw:
|
| > Telegram uses custom cryptography.
|
| > Signal uses encryption protocols sponsored by
| Broadcasting Board of Governors, a sister federal agency to
| the State Department. In plain words, data easily
| accessible by CIA, NASA and FBI.
|
| I wonder what NASA will do with my Signal messages, maybe
| use them for a giggle in between transmissions from Mars.
|
| Also, recent blog post about Telegram and its crypto:
| https://buttondown.email/cryptography-
| dispatches/archive/cry...
| Sudophysics wrote:
| It's Russian owned actually, moved HQ to Germany.
| Krasnol wrote:
| I'm always surprised anew how unworldly people here can be.
| Are you even aware that most people are not your "well-paid"
| medical professionals? Where is this offensive ignorance
| coming from? How do you even dare to say something like that?
| We're talking about a non-profit who brings a good and secure
| messenger even to 3rd world countries. How about you shut
| your mouth about everybody on the planet and use it to
| convince your "well-paid professionals" to pay instead? The
| general population does already pay for too much. They don't
| need a arrogant Schweizer Goldjunge to drag even more money
| out of them.
|
| Oh and, you're not getting enough recognition and praise from
| your customers? Maybe you should make something which would
| really justify it? I'd recommend a FREE APP which helps poor
| people! Jesus, you run a page which rips off content other
| people provided you for FREE...unbelievable...
| dt3ft wrote:
| You're wrong on so many levels (I was born and raised in a
| 3rd world country and survived 4 years of war under siege).
| I am not a Schweizer Goldjunge, and even if I was,
| suggesting that developers should value their work more
| definitely does not warrant your tone.
| einpoklum wrote:
| I think it is acceptable, in this day and age, for people to
| expect instant messaging apps that are gratis and "just
| work". Technology and society should be at a state where -
| assuming you have network connectivity at all - that should
| be the case.
|
| At the same time, I agree that there is practically criminal
| negligence of the education of people about what makes those
| techno-social institutions which "just work", work:
|
| * Commercial interests and the role and nature of large
| corporations in tech and elsewhere;
|
| * The massive amount of hard work, expertise, and good will
| invested by people in public-benefit work (which could be
| writing FOSS or volunteering in retiree caregiving etc.)
|
| * What the machinery of government - and its myriad branches
| and institutions - does, beyond the political horse race
| shown on the evening news;
|
| and through that, the realization that free lunches get made
| by someone, and its very important who and how they get made.
|
| > Majority will never, ever, even think about it
|
| It is a challenge for us to educate people around us about
| this fact.
|
| > I believe that it is time to stop making free products.
|
| Software is free by its very nature. It is only state
| coercion via threats of incarceration and violence that we
| are deterred from copying software.
| teekert wrote:
| I agree but this would just hand the world to WhatsApp. I'd
| rather donate enough to pay for my whole network of
| friends/family and keep it free.
| easytiger wrote:
| > I believe that it is time to stop making free products.
| Developers should unite in this and finally start to value
| their hard work.
|
| You can't stop someone trying to make a free to use product
| dt3ft wrote:
| Of course not, but it wouldn't hurt if we all got better at
| valuing our work more. Heck, majority of developers I
| worked with are decent, loving people, who could simply
| never dare to ask to be compensated for the work they do...
| tshaddox wrote:
| Governments probably shouldn't simply ban all free
| products, but it certainly might be reasonable to ban some
| economic activities that enable some business models for
| sustaining free products.
| a1369209993 wrote:
| _Cough_ advertising _cough cough_.
| zamadatix wrote:
| "Free" isn't a model you should pick if you're going to care
| you aren't guaranteed to get compensated it's a model you
| should pick when you want to give a cool idea a chance to
| take off for the good of everyone without risk of being
| turned into something else if it is successful.
| bgentry wrote:
| What happens when a whistleblower or dissident wants to use
| Signal? Should they be forced to cough up a payment with a
| traceable credit card or app store account in order to use
| it?
|
| For that reason alone I think it's important for the service
| to be free. Though I would perhaps support some reasonable
| free usage limits if needed to prevent abuse.
| Mediterraneo10 wrote:
| How sympathetic are the Signal developers to the concerns
| of dissidents, really? Signal has had a policy of many
| years to require a phone number - buying a SIM card now
| requires providing government ID in so many countries - and
| only now have they promised progress on this front someday.
| They also recommend that users install through the Play
| Store, and they only grudgingly provide a standalone APK.
| Anyone with the Play Store installed presumably has the
| full Google software suite that leaks location data, what
| one enters into the keyboard, etc. that the state can
| exploit. (And also Signal is based in the US where they are
| vulnerable to NSLs.)
|
| This all makes me assume that Signal's security is meant to
| shield phone owners against advertisers and ordinary
| criminals, not the state.
| bgentry wrote:
| They've actually said publicly that they're working on
| making it possible to use Signal without a phone number,
| via usernames. Here's a recent hint at that:
| https://twitter.com/signalapp/status/1347248608660185089
| Mediterraneo10 wrote:
| Yes, and I acknowledged that in my own post. But it took
| years to get to the point where they are even talking
| about upcoming support for this, let alone actually
| providing it. In the interim, this aspect of great
| importance to people living in authoritarian regimes was
| ignored.
| Krasnol wrote:
| It did not "take years".
|
| They haven't seriously considered that for long. I don't
| think it's even been a year when they announced this
| switch for the first time.
|
| Please don't spread this kind of false information.
| Signal gets enough of that already.
| Mediterraneo10 wrote:
| It has taken years: one of the major GitHub issues
| requesting alternate identifiers than a phone number for
| privacy's sake dates from 2014. [0] The devs last year
| started to speak publicly about making the change, but
| they were aware of the privacy concerns among users for
| much, much longer.
|
| [0] https://github.com/signalapp/Signal-
| Android/issues/1085
| Krasnol wrote:
| > The devs last year started to speak publicly about
| making the change, but they were aware of the privacy
| concerns among users for much, much longer.
|
| You realise that this is something completely different
| than what you wanted to imply are you? Up until they
| introduced the PIN, they've been defending the phone
| number. Just because someone had a issue on github,
| doesn't mean they've been working on it...
| Mediterraneo10 wrote:
| Whether they were working on the Github issue or not, is
| irrelevant. Those Github issues (if not their own
| intuition already) would have already made them aware
| that by requiring a phone number, they were compromising
| user privacy. Of course they had their arguments for
| requiring a phone number.
|
| You think I'm knocking the app. I'm not, I think it is
| the best option available. I just feel that as long as
| the phone number was required, they could have been
| clearer to ordinary users about the threats that Signal
| aimed to protect users from: advertisers and ordinary
| criminals, sure, but not necessarily the state
| authorities, and so it might not be suitable for
| dissidents for the time being.
| Krasnol wrote:
| Of course it's relevant.
|
| One is some guy posting someone in the issue tracker
| where 1000s of other ideas are. The other is "them
| working on it".
|
| https://signal.org/blog/contact-discovery/ (2014)
| Mediterraneo10 wrote:
| Exactly, they have made arguments for the usefulness of
| the phone number as an identifier. But to the best of my
| knowledge, they have never specifically acknowledged in a
| blog post the state's linkage of phone numbers to
| individual identities in many countries today, and the
| risks that this poses to dissidents.
|
| Moxie is one of the best security researchers in the
| business, he was definitely aware of this before anyone
| ever brought it up on GitHub. Was it really so hard for
| the Signal devs to acknowledge this downside on the blog?
| bgentry wrote:
| I agree that it's unfortunate that the initial attachment
| to phone numbers has thus far made Signal harder to use
| for dissidents in many countries. But I can also
| understand that there are legitimate constraints that led
| them to go this route initially (abuse & spam prevention
| come to mind).
|
| I can also acknowledge that it's a universally good thing
| that they are moving in a positive direction here, and I
| do not hold it against them for being unable to solve all
| problems for all people at the same time.
|
| NSLs are a problem generally, but I have a lot less
| concern in Signal's case because they have no data, and
| they'd have to be forced to make significant software
| modifications to enable targeted interception of
| messages. This is something I expect they would be
| motivated to fight, more so than any for-profit company
| might.
|
| Let's acknowledge and appreciate progress where it is
| being made.
| markdown wrote:
| > This practice needs to end. > I did not care to educate
| them.
|
| It's always someone else's job to change the world, eh?
| okprod wrote:
| I don't think the practice of people easily
| downloading/installing apps through app stores is going to
| end. In my network I'm not alone in paying for free apps to
| support development if they're value-added.
| dave_sid wrote:
| Very good point. People will happily pay 50 pounds a month
| for an IPhone and thinking nothing of it. But then really
| struggle to pay a penny for an app that runs in that iPhone.
| There's some funny psychology going on.
| MontagFTB wrote:
| One big hangup users have is a difference in expectations.
| They know what they're getting with the money they pay
| towards their iPhone. Heck - most users will gladly pay
| exorbitant prices for a cup of coffee as long as it meets
| their expectations. The same cannot be said for a given app
| they pull off the App Store. The quality experience can
| vary greatly from app to app. Even then, an app that fits
| your lifestyle may not fit mine, so a recommendation isn't
| necessarily a guarantee of value.
| dt3ft wrote:
| I'd venture to guess that speed/simplicity of installing
| an app is also something users subconsciously factor in.
| The faster/smoother the installation, the less
| appreciation they have for the app. I remember installing
| Windows 95 from floppy disks.. boy oh boy, I appreciated
| every file that was successfully installed and admired it
| every time it booted into desktop.
| Skunkleton wrote:
| For me I think it is a question of ownership. It is
| easier to pay for something you actually own. Software
| already is intangible, but add in modern licensing, app
| stores, etc and you really do not have any ownership over
| your software. Even in the case of open source software
| like signal, Apple could chose to boot them off the app
| store tomorrow and I would lose my "investment".
|
| There was a time in the 90s/00s where you bought software
| in a big box, and it came with all sorts of manuals and
| such. The tangible assets (manual, floppy, box, whatever)
| along with the licensing agreement made that software
| much more valuable than the software we use today.
| MontagFTB wrote:
| I remember when some of them came with hardware dongles.
| Adobe After Effects had a dongle that you had to attach
| to your keyboard cable in order for the app to launch.
| The mental value I attributed to that dongle was immense.
| I think I still have it around here somewhere...
| ChuckNorris89 wrote:
| Paying for software vs phones is not really an apples to
| apples comparison.
|
| A better comparison would be how people gladly pay ten
| bucks a month for spotify/netflix but would probably never
| pay that for messaging and IMHO that's where the industry
| should be going.
|
| People in the past also thought music and movies should be
| free and pirated the shit out of them, but by making it
| simple and accessible, for ten bucks a month, most people
| with a job just won't bother with piracy anymore, even
| though they gladly pay for something they'll never actually
| own.
|
| So, the billion dollar question is, how do we transfer that
| model to messaging?
|
| I keep dreaming about a Pied Piper like decentralized
| internet.
| barell wrote:
| Netflix and spotify give me quick access to lot of
| content and I value it. I don't care what software gives
| me this content.
|
| With messaging it's different. Transferring messages is
| relatively simple topic to do as a software. But the cost
| of running and maintaining it is hard and that's what
| users don't care.
| bdamm wrote:
| Paying for avatars and stickers.
| dave_sid wrote:
| Paying for coins in a game.
| carlhjerpe wrote:
| What i don't like is that "everything" is 10$ a month. I
| would like to subscribe to some payment aggregator where
| they charge me X dollars a month in one transaction, then
| pays it out to developers/service providers. This way
| things could go down in price too, since the fees would
| be lower because of less transactions. This way cheaper
| services like messaging could be 1$ a month without being
| eaten up by fees.
| prostoalex wrote:
| Free messaging apps are a scroll away.
|
| Free iPhones not so much.
| dt3ft wrote:
| There is very little to no awareness of what it takes to
| create software. We, the developers who have released our
| work for free, have allowed this to happen. It feels like
| mobbing, heck, we keep reading about other devs mobbing
| others by opening GitHub issues and demanding new features
| or bugfixes for software they did not pay for. I really
| hope that we can do something about raising awareness.
| benhurmarcel wrote:
| If there's one thing to raise awareness about in software
| development, it's probably not low pay.
| dave_sid wrote:
| I can't remember if it was always that way. When the App
| Store opened I guess there was a standard price of 59p
| for an app. Before that, 59p would have been seen as a
| ridiculous price to pay for a copy of software. Imagine
| buying windows 95 on a CD for 59p. By setting the bar so
| low for app prices at the start, it's possibly just
| become the way it is now.
| api wrote:
| Problem is that the largest of the free products aren't free.
| They are surveillanceware. "Free" is used as a gimmick to get
| them onto as many phones as possible to surveil people. Those
| players have zero incentive to change that, and will be more
| than happy to use "free" to edge out any paid competition.
| This is how paid apps became almost non-existent outside of
| professional niches.
| roughly wrote:
| This is all probably correct, and should change in the long
| term. In the short term, I hope you've donated to Signal, and
| it would also help if you'd dispel the misinformation when
| you hear it.
|
| The world would be better if the world were better, but until
| it is, would you mind helping out a bit?
| [deleted]
| dt3ft wrote:
| I just donated:
| https://media.20-things.com/BbhxZmPSyygP29ZtfCM46q.png
|
| The problem is, this is not a sustainable model (Wikipedia
| is a whole other universe and can not be compared) and it
| bugs me so much to see developers pour their souls into
| projects which end up dying.
| sneak wrote:
| Is Signal having a problem of not enough money? I'd heard
| rumors they'd burned through the $100mm USD donation
| already but didn't want to believe them.
|
| Is there any indication that applying capital to the
| problems we're seeing will fix them?
|
| I want to help, but only in a way that will be effective in
| improving the situation. If they already have enough money,
| giving them more will not. If they don't have enough money
| following a $100mm USD donation, it's possible that giving
| them more will not.
| bilal4hmed wrote:
| Havent heard about them using the entire $100mn unless
| you have a source. I cant imagine the current situation
| is making their spend rate go up however.
| SomeHacker44 wrote:
| Donated, and submitted for employer match!
| sgloutnikov wrote:
| Does anyone know if donating to Signal is considered a
| qualified donation under the CARES Act. The $300 deduction was
| extended for 2021 [0].
|
| [0] https://www.forbes.com/sites/ashleaebeling/2020/12/22/new-
| bi...
| waitwhatwhoa wrote:
| I am not an accountant or tax attorney, however Signal is a
| 501c3 so this deduction almost certainly qualifies.
| agilob wrote:
| > I just donated to Signal after seeing the error banner in the
| app.
|
| I've tried to donate, but none of my 3 cards worked, I got
| "card rejected error" without any info why and none of banking
| apps notified me about new transactions.
| mickotron wrote:
| Same issue here, and I don't use PayPal after they asked me
| to provide info to Equifax to continue using it.
|
| They aren't on liberapay as far as I can see.
| AareyBaba wrote:
| I had no issue donating to Signal.
|
| I use the Privacy app and generated a merchant specific
| credit card for Signal. This is the best way I have found
| to do online transactions. You don't even need to use your
| actual name or address when making a payment to a merchant
| since Privacy acts as a proxy for you. https://privacy.com
| cameronperot wrote:
| Just donated as well :)
| jrochkind1 wrote:
| your comment led me to do same!
| [deleted]
| ramboldio wrote:
| Good call. Donated
| codinghorror wrote:
| thank you for that link -- just donated $50!
| Cullinet wrote:
| don't forget that you can use the Signal protocol in Skype with
| Skype Private Conversations and delete your own call metadata
| afterwards as well.
|
| edit : which presumably drives licensing income from Microsoft
| to The Signal Foundation, which I am presuming is better than
| nothing and if like me you can start using Signal protocol for
| calling your family elders via Skype without friction, and I
| simultaneously create widespread adoption of the Signal
| protocol, I can't see any downside myself anyhow.
|
| https://az705183.vo.msecnd.net/onlinesupportmedia/onlinesupp...
| dmitrygr wrote:
| Good idea. Just did too!
| rammy1234 wrote:
| Thanks for this link. I donated seeing this link. Should
| encourage signal to do more
| danbruder wrote:
| Thanks for posting, I just donated too. Signal is doing
| important work and I hope they can continue under this new load
| :)
| tailspin2019 wrote:
| Thanks for posting the link.
|
| Donated.
| tonymet wrote:
| Anyone know what their backend is? Is it an erlang stack like
| Whatsapp?
| 01acheru wrote:
| It's written in Java using the Dropwizard framework.
|
| I've skimmed through the code and found references to Protobuf,
| GCM and Redis
|
| It's open source so you can check the code here:
| https://github.com/signalapp/Signal-Server
| superdisk wrote:
| Java. https://github.com/signalapp/Signal-Server
| tonymet wrote:
| Is it possible to switch to backup Signal server within app? i'm
| researching running my own in emergencies.
| robrtsql wrote:
| Signal is totally centralized. The server is (if I recall
| correctly) open source, but if you were to run your own server,
| all of your contacts would have to be using your server too in
| order to communicate with them.
|
| I assume that the hostname(s) of the central Signal servers are
| hardcoded in the app somewhere, since they're not meant to be
| replaced.
| schoolornot wrote:
| Server is open source but good luck setting it up. There is
| no documentation for it. Also, they have intentionally
| excluded the option for clients to connect to alternate
| servers. This stance really rubs me the wrong way. I love the
| Signal protocol, everything else is kinda meh.
| Mediterraneo10 wrote:
| > Also, they have intentionally excluded the option for
| clients to connect to alternate servers.
|
| Since Signal doesn't federate, if you switched your client
| to an alternate server you would be unable to communicate
| with the 99.9% of people out there using the official
| Signal server. Signal isn't going to give a UI option that
| is certain to cause frustration and bafflement for the vast
| majority of users. Those wanting to use an alternate server
| are probably a small nerd niche who already know how to
| fork the client.
| z77dj3kl wrote:
| That's right https://github.com/signalapp/Signal-
| iOS/blob/bac01d739403afc...
| neltnerb wrote:
| This is a perfect time to learn about using matrix... which is
| how I told my friends that I usually talk to on signal that
| signal was broken.
|
| It's actually decentralized so like email only one server goes
| out at a time.
| zamadatix wrote:
| How does this change things for the user though. E.g. in
| email it doesn't matter if your email is down or everyones
| email is down, you're not switching to a new email host every
| time yours goes down and you don't particularly care if
| someone else can communicate while you cant.
| neltnerb wrote:
| That's true, even if only 1% of users are on each of 99
| servers while the rest do something else, 1% of users will
| be frustrated when their server breaks, like with email.
|
| Good point.
| tinyhouse wrote:
| Hopefully it'd teach them a lesson to stay humble after their
| stupid recent tweets laughing at whatsapp indirectly.
| JuliusMars wrote:
| I don't believe in coincidences
| arunc wrote:
| Why not do a some kind of lazy P2P instead of proactive P2P?
|
| IIRC, Signal calls are P2P.
| sschueller wrote:
| https://jami.net/ decentralized, encrypted, p2p, no phone
| number required.
|
| I'm not sure why nobody uses it.
| RIMR wrote:
| Wait, so I can geolocate someone and figure out their ISP by
| starting a Signal call? Great feature, I love it!
| spiznnx wrote:
| Yes, if they pick up, but you can disable p2p in the
| settings.
| aarchi wrote:
| Calls can be relayed through Signal servers:
|
| > Always relay calls:
|
| > Relay all calls through the Signal server to avoid
| revealing your IP address to your contact. Enabling will
| reduce call quality.
| barbs wrote:
| I believe the calls still require the server to bootstrap to
| connection but I could be wrong.
| lvs wrote:
| DNS is resolving correctly again to AWS, but the servers are 504
| timeout.
| sschueller wrote:
| So technically if amazon didn't like signal they could kick
| them off and the whole network goes to shit.
|
| Where do people think all these parlor users are going?
| mlaretallack wrote:
| We need a Open Inferstructure Foundation...
| tonymet wrote:
| Snowden showed that Signal went from 10mil to 50mil downloads in
| 1 week (since competitor TOS changes & Tech-industry censorship)
| lucb1e wrote:
| Signal themselves posted that screenshot, Snowden retweeted.
| tonymet wrote:
| https://twitter.com/Snowden/status/1350123606601322496
| frakkingcylons wrote:
| Happy user for the last three years, donated $20
| mlindner wrote:
| Signal is having problems because of how "successful" they are
| being right now. This is a good problem not a bad problem.
| They'll adapt.
| bilal4hmed wrote:
| Just saw this on Reddit, another easy to way to increase
| donations
|
| For AMEX Platinum cardholders there's a promotion for a $30
| credit per month for things paid via PayPal, make AMEX donate
| tonymet wrote:
| I noticed this in messages taking about 30s to confirm sending.
| But the service has been reliable and clear feedback when
| messages are failing
| hcurtiss wrote:
| This is not good. I've moved so many people over in the last
| week. For purposes of getting them invested, this is a truly
| inopportune moment for an extended outage.
| arendtio wrote:
| I read the message differently. It looks like there have been
| so many people wanting to switch, that Signal was overwhelmed
| by the new demand.
|
| I don't know if it is true, but for your peers it certainly is
| a different story to tell them about all the people who are
| switching than just about a service who had an outage.
| Hopefully, the next days will bring some light to the cause of
| the outage.
| entropea wrote:
| I"m not saying this is what happened this time, but I would
| suspect we'll see a lot more outages of encrypted centralized
| chat like this as nation states try to prevent general society
| from moving away from the social media websites almost solely
| designed for mass surveillance.
| ceejayoz wrote:
| https://www.nytimes.com/2021/01/13/technology/telegram-
| signa...
|
| > The result was a mass migration that, if it lasts, could
| weaken the power of Facebook and other big tech companies. On
| Tuesday, Telegram said it added more than 25 million users
| over the previous three days, pushing it to over 500 million
| users. Signal added nearly 1.3 million users on Monday alone,
| after averaging just 50,000 downloads a day last year,
| according to estimates from Apptopia, an app-data firm.
|
| > "We've had surges of downloads before," said Pavel Durov,
| Telegram's chief executive, in a message on the app on
| Tuesday. "But this time is different."
|
| As someone who semi-fondly remembers the Twitter failwhale, I
| really don't think a more conspiratorial theory than "a few
| million people suddenly tried to jump on" is required here.
| entropea wrote:
| Agreed, there is a simple & likely explanation for this
| outage, being a huge increase in user base worldwide.
| oblio wrote:
| Hey, who let the Signal devs write their backend in Ruby on
| Rails? :-p
| vinay_ys wrote:
| Where can I read about the signal server-side
| architecture? Is it open-source as well?
| HugoDF wrote:
| The server is open source
| https://github.com/signalapp/Signal-Server
|
| Java/DropWizard app
| [deleted]
| m-p-3 wrote:
| They managed to jump from 10M installs to 50M in a matter of
| days, and that's just on Android.
| lerax wrote:
| You should considered Telegram instead.
| chopin24 wrote:
| Telegram is insecure and also being swamped with right
| wingers. Doesn't seem promising.
| himujjal wrote:
| i have so much fun in public websites seeing americans
| fight over right and left. its good entertainment. keep it
| up.
|
| anyways. It will be really difficult to convince my friends
| to remain on signal. At least they are technically sound.
| Thinking an excuse to come up with though. i donated money
| today too.
| rvz wrote:
| > also being swamped with right wingers
|
| So is Signal. 'right wingers' are everywhere.
| chopin24 wrote:
| Right. But one of these is secure and the other isn't.
| State action against telegram is eminent.
| rvz wrote:
| These users who are coming from these platforms
| (WhatsApp, Telegram) don't care about that. If Signal is
| _still_ unable to stay online then the users will leave
| and they will try the second best option. (Even if it is
| less secure).
|
| This has now become a usability and reliability issue for
| Signal.
| frEdmbx wrote:
| We had better hope that those who are silenced always
| have some sort of forum to go to, lest violence become
| inevitable.
|
| It's almost as if that's what the fascistic censors want.
|
| Eventually, those who aren't considered desirable will
| seek out decentralized, permissionless, alternatives.
| Kind of like how 99.999999% of crime is funded by FRN
| cash, rather than AMEX.
|
| The censorship will lead to permissionless, anti-fragile,
| forums.
| SoSoRoCoCo wrote:
| Same here!
|
| Last night a friend from India popped up on signal. I told him
| "Welcome!" and he said "You finally wore me down, I've left
| WhatsApp and I'm trying to move my family off of it..."
| joseph_grobbles wrote:
| pr2
| erikbye wrote:
| I think Elon moved more users than the user you quoted.
|
| EDIT: We know it was a joke. Maybe you are downvoted because
| of your username.
| [deleted]
| rakoo wrote:
| You're not stuck in the traffic jam, you _are_ the traffic
| jam
| KMag wrote:
| I haven't moved any friends in the last week, but I've gotten
| lots of notifications in Signal of many friends joining this
| week. Hopefully it just requires some simple modifications of
| some parts of their infra that they didn't realize were scaling
| bottlenecks.
|
| Based on my friends, mostly foreigners and English-speaking
| locals here in Hong Kong, Signal has grown about 20% in the
| past week.
| interestica wrote:
| It's an interesting anecdotal-metric. I've seen Telegram to
| Signal signups at about 5:1 for my contacts.
| hnrodey wrote:
| I'm a new Signal user myself (maybe six weeks or so). In the
| past week there's been a huge influx of my contacts joining
| Signal.
|
| I will continue to use iMessages for my iOS contacts. For SMS
| people I will gently nudge (hey, have you tried Signal? and
| then let the convo go where it does) and then use Signal as
| the primary for those people.
| KMag wrote:
| Is SMS still popular in your part of the world? I literally
| haven't gotten an SMS from a human in the past 9 years.
| Here in Hong Kong, SMS is how your bank sends
| notifications, and for spam. The chat space is vastly
| dominated by Weixin/WeChat and WhatsApp.
| macintux wrote:
| In the U.S. I've never had anyone suggest messaging other
| than SMS, FB, or (long ago) Twitter.
| hnrodey wrote:
| United States. I'm 37.
|
| 99.9% of messaging (for me) occurs via iMessages or SMS.
| FB Messenger is occasionally used for people who are more
| acquaintances (don't have their phone number).
|
| I don't really have a good reason to _not_ use iMessages
| (blue bubbles). Reasonably secure and Just Works. SMS on
| the other hand.... my least favorite part of SMS (besides
| the complete lack of security) is that media messages are
| crippled in quality. Photos and videos are compressed and
| distorted beyond belief.
| ptero wrote:
| United States too. Same feeling that most messages are
| iMessage or SMS. But as one of two extended family
| members with Android against ~10 with iPhones, for me
| iMessages are pretty horrible. They mostly work most of
| the time, but frequently there are glitches on glitches.
| SMS between Android phones are rock solid. Just a single
| data point.
| DyslexicAtheist wrote:
| Signal grew 5x in one day[1]. A week before Musk amplified
| the WhatsApp story with his "Use Signal"[2] tweet. It then
| did the rounds on MSM. WhatsApp shoots itself in the foot
| (though IMO it's a blip in their stats). Parler (thankfully)
| has been kicked off AWS. All good news for alternative
| messaging technology.
|
| https://twitter.com/signalapp/status/1349577579091566592
|
| https://twitter.com/elonmusk/status/1347165127036977153
|
| edit: as daniel_sk points out this is not a x5 increase but
| crossing the threshold from 10+ to the next 50+ mm downloads.
| Daniel_sk wrote:
| Google Play has 10m+ and then 50m+ step. So if you have 40m
| users then you still are in the 10m+ bracket.
| DyslexicAtheist wrote:
| thanks I didn't know this, so it's most probably not a x5
| increase but just a cross of this threshold.
| rex_lupi wrote:
| Thousands of people are joining Signal after hearing about the
| Whatsapp privacy policy changes, but the irony is that a
| significant portion of these people (if not the majority) still
| use Facebook, upload photos and stuff, chat on messenger, with
| that app, installed on their phones alongside Signal. Most
| people don't actually realize why should they be worried about
| corporations collecting their data. I wonder what fraction of
| these people will stick to Signal. Signal is adding new
| servers, lets hope they dont need to retire these in the coming
| days.
| bitcharmer wrote:
| Yup, and it's not like Signal should be surprised with it. The
| influx has been happening for a while now and it seems like
| they were incapable of handling it. I have no idea how I'm
| going to defend them against all my family members I somehow
| managed to convert from WhatsApp to stay on this platform.
| godelski wrote:
| I'm not sure a 5x+ growth in under a week is really "for a
| while now". If anything I'm surprised they've kept it
| together this long. The growth looks more like an exponential
| function too, so that's even more difficult.
|
| Good luck Signal team!
| bitcharmer wrote:
| As much as I'm cheering for Signal, yes this was absolutely
| foreseeable.
| input_sh wrote:
| From their tweet:
|
| > We have been adding new servers and extra capacity at a
| record pace every single day this week nonstop, _but
| today exceeded even our most optimistic projections_.
| Millions upon millions of new users are sending a message
| that privacy matters. We appreciate your patience.
|
| https://twitter.com/signalapp/status/1350165610936766464
|
| They've seen it coming, just never expected this much new
| traffic.
| tamiral wrote:
| It's an FOSS teaM working around the clock to support...
| let's not be mean I'm sure they are doing all they can to get
| this resolved
| meibo wrote:
| It's only FOSS by appearance really - it's still a team of
| well-paid engineers that operate like any other startup,
| with the difference that you can read the code of their
| apps and the bug-tracker is public.
|
| They operate on their own schedules and priorities, and
| it's tricky to get your PR into any of the clients.
| centimeter wrote:
| Whatever reasonable excuses the signal team has are
| completely irrelevant from the perspective of casual users.
| [deleted]
| spurgu wrote:
| Yeah I've been grinding my teeth thinking about exactly this
| all day. :(
| faitswulff wrote:
| But it's par for the course for newly popular services. Some
| don't survive the popularity and some thrive in spite of the
| degraded service. Signal will figure it out. All the best to
| the engineering team at Signal right now!
| ChuckNorris89 wrote:
| _> But it's par for the course for newly popular services._
|
| It is, but most consumers don't care, they just what their
| stuff to work 100% of the time as frictionless as possible,
| and, on top of all things, for free. Otherwise they just run
| back to the usual _free_ surveilanceware.
|
| I've tried and failed to convince some young, highly educated
| zoomer friends with good incomes to move away from WhatsApp
| and Facebook and even when I told them "Look, they're
| basically spying on you" they just brush it off and say "I
| don't care, it's fun, easy to use and all my friends are
| already there".
|
| Ironically, it was easier to convince my boomer parents to
| move to Signal and they also understand and agree with the
| tradeoffs and extra friction for the sake of free privacy but
| younger people just want to be where their friends are and
| not feel left out (remember the blue vs green bubble stigma
| on iMessage).
| notsureaboutpg wrote:
| Young people are (generally) fans of corporate governance
| and government overreach. It's older "boomer" types who
| feel threatened by the new religion of sensitivity and
| cancel culture who worry about corporate governance and
| government overreach.
|
| Please don't be pedantic on my comment and try to
| understand the general picture I am painting, you'll find
| the gist of the comment to be true even if I didn't
| articulate it super well. Thanks.
| sedev wrote:
| Using Telegram is a rational decision if you want a service
| that's good at fun conversations. Signal's value
| proposition is _secure conversations_ and it does that much
| better than other services. "Fun" is not part of Signal's
| value proposition. More people want/need fun conversations
| than need secure ones. Regardless of what people "should"
| want, Telegram serves people's mundane everyday needs
| materially better than Signal does. "It's fun and the
| people I care about talking to already use it" is a
| compelling value proposition, not a frivolous one, given
| people's everyday needs.
|
| The more someone cares about security and is willing to
| trade away other good things for security, the better a
| platform Signal is -- but remember, this also flows the
| other way.
| didibus wrote:
| I'm a little confused because you brought up Telegram
| specifically.
|
| WhatsApp and Facebook Messenger offer the same level of
| security as Telegram. In fact, I think WhastApp is more
| secure since it does E2E encryption by default.
|
| It's true that Telegram is about "fun" and not security.
| I just wasn't sure if you tried to imply Telegram is like
| Signal with a focus on fun as well, or you just meant
| most people don't care about security and would rather
| have fun chats?
| eitland wrote:
| > WhatsApp and Facebook Messenger offer the same level of
| security as Telegram.
|
| If you look only at encryption, WhatsApp is even better.
|
| Once you factor in the fact that all your metadata is
| vacuumed into Facebooks data lake and that it might very
| well end up in Google Cloud if either you or someone you
| chat with activate cloud backups.
| m12k wrote:
| Telegram has optional E2E encryption (as does WhatsApp)
| which puts it ahead of Facebook Messenger. Unlike FB
| Messenger and WhatsApp, the company behind Telegram so
| far doesn't have a history of selling your personal data.
| I'd say it's fairly competitive, though obviously not
| ahead of Signal
| eitland wrote:
| > Telegram has optional E2E encryption (as does WhatsApp)
|
| WhatsApp, for all its faults is E2E-encrypted by default
| and all the time.
|
| Not that it helps much unless you avoid activating
| backups and convince all your contacts to avoid backups.
|
| I don't like WhatsApp (anymore), but we should stick to
| the facts.
| m12k wrote:
| Thanks for setting the record straight. I actually
| thought you needed to opt in (was that maybe how it
| worked when they first added it?) but I'm glad to hear
| it's always on
| whichquestion wrote:
| I don't believe fun conversations are mutually exclusive
| with secure communications. You can have fun
| conversations with them being secure from prying eyes.
| mlindner wrote:
| Why are there so many Telegram fanboys astroturfing in
| this thread? This thread has nothing to do with Telegram.
| IG_Semmelweiss wrote:
| Loved ones. Especially seniors. Are the easiest to convince
|
| You carrot them with a unique way to ping you, over tech no
| one else has, and they see it like an intimate connection
| with you
|
| I had my elder parents and SO use it for years before
| friends i consider privacy aware and tech savvy... For
| years
|
| Added benefit: its a lot harder to share memes over a young
| network with no traffic.
|
| I guess that may change now....
| teekert wrote:
| Actually all the non switchers now see that there are
| really a lot of switchers. It's even on mainstream news
| websites here. I see this as a win.
| eitland wrote:
| One of those annoying Telegram users here.
|
| I too wish Signal engineers good luck!
|
| (Even if I personally mostly use Telegram and hope for Matrix
| to "win", Signal is a fantastic piece of software as far as I
| can see, both as an extremely secure (I think) messaging
| client in its own right and also as an inspiration for other
| messaging platforms.)
| didibus wrote:
| Telegram is not a secure chat application though. It's more
| similar to Facebook Messenger. You're better off using
| WhatsApp over it if you care about security.
|
| Or obviously Signal.
|
| When it comes to Matrix, it's a little trickier. Riot, the
| most common Matrix client does E2E encryption on DMs and
| invite only rooms. What I'm not sure is what happens if you
| send a private message to someone who is using Matrix
| client that doesn't do E2E. Will it fail to send? Or will
| it like fallback to not encrypted?
| eitland wrote:
| > Telegram is not a secure chat application though.
|
| Fun fact: I didn't even write that.
|
| The rest is not so much for you personally as for a
| number Signal fans:
|
| I get it, I get it: Signal is _best_. But seriously: do
| you Signal fans have to derail every conversation?
|
| Do you have to take a jab at every other messenger at
| every given opportunity?
|
| Or can we agree that there's room for more than one
| solution? Because physical mail, email, irc, Telegram etc
| are probably going to stay around for a long time, at
| least until Signal solves:
|
| - large groups
|
| - backups
|
| - grows a stable messaging API
|
| - creates a Bot api
|
| - and starts teleporting physical goods
|
| - etc
|
| Until Signal solves all this we are going to have to deal
| with other mesaging solutions.
|
| Deal with it. Seriously.
|
| Yes: Signal is probably the most secure now IMO.
|
| No: talking down other messengers doesn't make it better.
|
| @dang: apologies in advance. I've tried hard to keep it
| polite.
| stiltzkin wrote:
| There is an already ecosystem on Telegram bots, channels
| and groups that lacks Signal, even if all my contacts
| move to Signal i would still keep Telegram only for those
| features and many more.
| eitland wrote:
| Exactly my point.
|
| We are going to have to live with various systems for a
| long time, IMO hopefully "forever" since competition
| typically often does wonderful things.
| Arathorn wrote:
| It will be sent encrypted, and the receiver will only be
| able to view it if they are on an encryption-capable
| Matrix client.
| kypro wrote:
| My friends have been switching to signal this last week and I'm
| really happy I made the switch so far.
|
| I just wish it was as easy to switch from Amazon and Google.
| earth2mars wrote:
| I am very interested in hearing the postmortem of this extended
| outage technology/architecture stand point. Not to be cynical,
| but I wonder if this is caused by an attack by the company who is
| losing users!
| [deleted]
| faitswulff wrote:
| I doubt we'll get much info about it out of Signal / OWS. I've
| asked about their tech stack and ability to scale in AMAs
| before and got fairly vague responses.
| lucb1e wrote:
| The server code was published. Even if we don't know what
| services they use, you should be able to find quite easily
| what language the stuff is written in.
| faitswulff wrote:
| Server code may not tell you what the server is deployed
| on.
| lucb1e wrote:
| Hence my writing of
|
| > Even if we don't know what services they use
|
| and it merely helping to find
|
| > what language the [server] stuff is written in
| faitswulff wrote:
| I don't understand how that will help you figure out the
| equivalent of a post mortem for a service outage.
| lucb1e wrote:
| You said you asked them about their "tech stack and
| ability to scale". A tech stack consists of frameworks
| and languages used, which can be found on GitHub, so
| there's part of your answer.
|
| Indeed I'd be interested in the post mortem here and I
| also don't expect anything from them (depending on how
| large this turns out to be, though, and so far it's
| actually a rather huge outage so maybe we'll get some
| info after all).
| faitswulff wrote:
| Ah, I meant their infrastructure as well.
| vinay_ys wrote:
| The signal server project in GitHub isn't updated in 9
| months. Have they talked about why they don't do server
| development in the open?
| z77dj3kl wrote:
| The Signal servers essentially pass around encrypted
| blobs from one device to another. Most of the development
| work is on extending the clients to pass around different
| types of messages, so there's not much work that needs to
| be done on the server.
| lucb1e wrote:
| 9 months is a long time to go without updates though,
| especially if you just got a ton of extra users. While I
| definitely see your point, GP also has a point about
| development clearly not being open. It's "code available"
| software, not "open source server" software.
| corford wrote:
| Sounds like simple resource starvation:
| https://twitter.com/signalapp/status/1350165610936766464 (which
| is kinda understandable if they're experiencing off the charts
| turbo growth)
| njsubedi wrote:
| I think it's because many people from India joined Signal after
| Dhruv Rathee published a video suggesting people uninstall
| WhatsApp and install Signal or Telegram. He's got 1.7M views
| within a day, and I'm sure he's bringing lot of new users to
| Signal [and NordVPN because of the paid promotion].
| iphorde wrote:
| I am betting it is the Feds. They want visibility into everyone's
| conversations. They want power.
|
| Welcome to your dystopian future.
| bitcharmer wrote:
| I still get notifications about incoming messages, just can't
| read them because the app rejects my passphrase. This has been
| going on for more than an hour now. If they aim at picking up
| whatsapp refugees, this is pretty bad.
| EGreg wrote:
| Guess who is not having technical difficulties, ever: Telegram
|
| They are going to be the next Facebook. I don't understand why
| people underestimate them so much. When they rolled their own
| crypto in some areas, people made fun of them, yet no one could
| break it. When they published their source code openly, people
| say they aren't open source like signal. When FB bought WhatsApp,
| people seriously continued to choose it over Telegram, despite
| Telegram able to host much bigger chats, and so on. And being
| used all over the world, by the same government officials who
| were officially trying to get it offline LMAO.
|
| I just don't get what's so bad about Telegram.
| scubbo wrote:
| > They are going to be the next Facebook
|
| > I just don't get what's so bad about Telegram.
|
| Pick one.
| mlindner wrote:
| Well first off Telegram doesn't actually do end to end
| encryption unless you manually opt in. They don't allow end to
| end encrypted voice or video calls. They don't allow end to end
| encrypted group chats. Telegram is also a for-profit company
| that has no guarantees that they'll continue to not harvest
| your data because they're a pre-profit startup company.
| EGreg wrote:
| WebRTC mandates end-to-end encryption, but that's for the web
| browsers. Can you please link me to evidence that Telegram
| does not have any way to encrypt video or audio calls?
|
| You say Telegram is a for-profit company, but I am not sure
| how Telegram makes money, at all. It was approached by
| various government agencies looking for backdoors and claims
| to have rebuffed them all. Unless the whole thing with the
| founder of vkontakte having to give up his shares to mail.ru
| and run, was staged, I'm pretty sure he's an anarcho-
| capitalist who isn't very happy with states having data. So
| if that's the case, Telegram (unlike Moxie Marlinspike and
| Jan Koum) is much less likely to sell out their platform down
| the line.
| fullstop wrote:
| Let's clear a few things up.
|
| 1. e2e chats are not default, and they are clear on this
| fact. It is very easy to start one, though.
|
| 2. All voice and video calls are e2e encrypted. [1]
|
| 3. They do not harvest your data, and they are not for-
| profit. All of the money invested so far has been put up by
| the founder, Pavel Durov, [2], but they have outlined
| possible methods for financing. [3]
|
| [1] https://core.telegram.org/api/end-to-end/video-calls
|
| [2] https://telegram.org/privacy
|
| [3] https://t.me/durov/142
| lucb1e wrote:
| What are those random emojis in voice calls for, then? I
| assume (warning: assumption) the voice calls are actually
| encrypted, even if it's with keys received from the server
| and opportunistic unless you verify the emojis for a
| particular call. (Video I don't know, and group chats and
| most 1:1 chats are definitely plaintext yeah.)
| spiznnx wrote:
| It's not e2ee by default. If you exclusively use e2ee (secret
| chats), it becomes less featureful than
| signal/whatsapp/iMessage. No group chats!
| rvz wrote:
| They (WhatsApp users) don't care. They just want it to 'just
| work' and stay online.
|
| Signal has just encountered the worst usability issue today
| (Which is by going down) which is costing them users to look
| elsewhere.
| leokennis wrote:
| Telegram isn't bad. They are not E2E encrypted by default, and
| they don't offer E2E encrypted group chats. If that's not
| important to you by all means use it; it's a solid service with
| good apps.
| zamadatix wrote:
| How big was the bounty for disclosing the encryption was
| broken?
| dan_linder wrote:
| I just donated to let them know I'm interested in their continued
| existence. I feel bad - my wife and I have been a user of Signal
| 100% for the past 4+ years and we wouldn't want to use anything
| else.
|
| For some Signal related education, listen to the Security Now!
| podcast from 2016 - Steve Gibson dives into the protocol
| underlying Signal, "Open Whisper Systems".
| de11 wrote:
| It's ok
| tsjq wrote:
| Is this being caused by the tons of WhatsApp users joining Signal
| ?
| rantwasp wrote:
| or parler users, or twitter users, or disgruntled telegram
| users. could be multiple issues
| beervirus wrote:
| My wife out of the blue just started asking if she should
| switch from WhatsApp to signal. What's causing the exodus?
| momothereal wrote:
| WhatsApp updated/clarified their Privacy Policy, which states
| they share PII with Facebook (their parent company).
| mxxx wrote:
| Surely it's not this alone. Most of the people who seem to
| be switching that I know still use Facebook itself anyway?
| momothereal wrote:
| If you want more context/discussion:
| https://news.ycombinator.com/item?id=25662215
|
| The background here is that WhatsApp previously stated
| that they would never share user data for profit, i.e.,
| not selling ads [1]. Reading that blog post leaves a sour
| taste in HN's collective mouth, because not 2 years later
| they would get acquired by the ad giant Facebook and now
| mandate that users agree to share their data with FB. The
| wording made it seem like accounts that didn't agree with
| the new policies would get terminated on February 8th.
|
| A few days later, WhatsApp posted [2] that their update
| was misinterpreted by users and media, and that the
| clarifications to their policies were to increase
| transparency. They also pushed the ultimatum for a few
| months.
|
| [1] https://blog.whatsapp.com/why-we-don-t-sell-ads
|
| [2] https://blog.whatsapp.com/giving-more-time-for-our-
| recent-up...
___________________________________________________________________
(page generated 2021-01-15 23:00 UTC)