60
JWZ weighs in on Signal again
(www.jwz.org)
Man, I haven't seen a goat.se in years
Is this a random thought or should I not click the link?!?
Edit: oeuf. There it is. Nice.
Not trying to be pedantic, but the original was goatse.cx
The fact that there are no interoperable third-party implementations, or even third-party builds/distributions of the Signal app
that's not true, Molly is perfectly fine
Hard to take them seriously, if they can't even use a search engine to realize most of this is complete bullshit. What is this? A Twitter post?
What is this? A Twitter post?
Just about. JWZ is known for his cynical hot takes on tech in general.
I don't think any of his complaints are invalid, though his conclusions are uncharitable at best. Making a communication tool that's both reasonably secure and sufficiently palatable to people who don't know how to use computers to achieve broad adoption is a hard problem with no perfect solutions. If he has a better idea, well... he's a skilled and somewhat famous programmer; he's better equipped than most to implement it.
~~most~~ some of the stuff on that list isn't even true (at least not anymore) lol
There are six bullet points. Which ones are no longer true?
The only one I know of is point 4, in that you can now choose not to share your phone number. But, IIUC, the app uses the dark pattern of forever nagging you to share it, hoping you’ll eventually accidentally click the wrong choice.
Point 2 is mostly not true, in that Molly exists and you can do reproducible builds with either implementation.
Unless Signal's policies recently changed, Molly is not interoperable, since Signal does not allow third-party clients to use their servers/network. That would make point 2 correct.
If that policy has changed, then someone please link the announcement so I can update my notes.
They've been allowing Molly to continue to function for multiple years. Notably, from Molly's readme:
Molly connects to Signal's servers, so you can chat with your Signal contacts seamlessly.
I looked over the terms of service linked there and don't see anything specifically calling out third party clients. Is that elsewhere in another terms page somewhere or is it just not being specifically mentioned?
It was a few years ago when I read Signal's statement about this, so I'm afraid I don't have a link for you.
I believe you when you say Molly functions, but it's important to note that without Signal's blessing, anyone using Molly can be locked out of the network (and their chats and contacts) at any moment. It's not the same as official interoperability.
I wonder if the Digital Markets Act will eventually force it.
load more comments
(2 replies)
To be fair, from Signal's attitude it seems that Molly is tolerated rather than welcomed. And that it may be shut off if it gets big enough.
I use the Signal a lot and have never been nagged to share my phone number.
4 and 5, from what I remember you have to opt into being discoverable by number even if you give it your contacts. that said I don't fw signal for the other reasons stated, it's basically just the easiest secure alternative to texting.
2 is probably wrong. Molly exists. Trademark cannot be used to prevent other implementations, just the use of the name or other dress. What may not be open is the server side code and federation is not supported.
What specifically isn't true?
4/5, and partially 1 bc mobcoin doesn't use pow or pos.
disclaimer: I don't fw signal or cryptocurrency of any kind
Is there a better alternative? I don't see anything conclusive in the link on that front
I sure don’t know. SimpleX is suggested, among others: https://dessalines.github.io/essays/why_not_signal.html#good-alternatives
That could work, it looks like it was a lot of features like reacts and video calls. How easy it is to setup and 'plug-and-play' will determine whether I'll be able to convince people to use it
Could you explain/elaborate to a know-nothing (me) on the following from your link?:
Caveats of federation: Metadata leaking
When using federation, Matrix’s room states (containing a lot of Metadata) get replicated and stored indefinitely on every homeserver any user connects with or connects to. While this is a feature for enabling distributed chat rooms, it comes at a serious privacy cost.
To avoid this, you can either disable federation, or make sure that your users signed up with no linkable identifiers other than their user names.
The author of that essay (@dessalines@lemmy.ml) is one of the main devs of lemmy, so you’re asking in the right place lmao
Matrix is not really a chat system, but rather a distributed database that pretends to be a chat system. As a result all servers participating in a room get a full copy of the room metadata all the way back to when the room was created, which is a serious privacy issue.
This is not a general problem of federated systems though, and XMPP for example basically only shares the metadata that other participating servers strictly need to function.
I’ve never looked into how Matrix works at all, so I can’t really speak to that.
- matrix if you want cloud storage for conversations
- jami or briar if you're okay with p2p
- simplex for the most secure cryptography and "just works" better than p2p
Last time I tried SimpleX, you had to scan a QR code to go from Desktop to mobile and vice versa, any chance of them changing that? Otherwise it did look promising.
yeah you can only use one device at a time because simplex doesn't have accounts, just devices. but you can make another account per device and add them to your chats
load more comments
(3 replies)
load more comments
(3 replies)
The big upside of signal is that it is better then SMS, and has more adoption then any of the other reasonable options. Adoption is still not enough to make it that useful when compared with Messenger and SMS and even with this addressbook thing your complaining about trying to drive it.
Big downsides abound too including needing a phone number, and being tied to a phone.
I thought they changed the phone number requirement? Or was that a fever dream I had?
No, it still requires a phone number, but you can hide your phone numbers from other users now.
Ah that’s what it is.
You can share a name or handle now but I think you still need the phone number otherwise though you no longer have to share it.
load more comments
(1 replies)
view more: next ›
this post was submitted on 08 Apr 2025
60 points (100.0% liked)
Privacy
39988 readers
350 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS