Problems we are having with :
* It is and will remain centralized (clear strategy of *not* federating servers)
* It requires strong identifiers/selectors (phone#) to use
* Author disallows distribution by anyone but Google, although free/libre
* It keeps pushing away verification of fingerprint in interface
* It relies on Google+Amazon infrastructure
* Its funding is shady (OTF = Radio Free Asia = USG)

= clearly unethical choices, unjustifiable by accessibility or technological reasons.


Hi Jérémie, Thank you for your work.
Is Wire better ?

@vendreditreize @jz you should look into XMPP+OMEMO. It uses the same encryption basis as the signal protocol but is truly libre and decentralised.

@jz what do you mean by "It keeps pushing away verification of fingerprint in interface"?

There is a feature to verify a conversation hash/QRCode when physically meeting the correspondant — so I suppose you are speaking of something else.

@turb The verify feature used to be within the conversation, starting with a healthy warning "your conversation has not been verified yet, do it". now it is not displayed, like if safety was assumed by default.. and you have to go into *4 (four!)* clicks before you can find this feature now "conversation settings, scroll down, etc." where it is called "view safety blah" not even "verify..."... If UI were to be used to discourage from doing it, it would exactly look like this.

very bad practice.

@jz Share your concerns + also that they have effectively helped whitewash Google/Facebook by working with them to add encryption that's not on by default.

At the same time, only one of two solutions right now that are fully open source + cross platform (the other being Wire). (Also, an apk is available for download but is discouraged/not easy to find - they do push people to Google.)

We definitely need decentralised alternatives that publicly oppose surveillance capitalism.

@aral Actually the download link to the APK on their website doesn't even work until you enable javascript coming from....


(guess who?...)





What a surprise... :/

Conversation is working well. Omemo gives hope that some flaws of XMPP/OTR could be compensated (offline messages, decent crypto...)

@jz @aral I've been thinking about widening my use of XMPP lately.

Last time I tried to use it as a daily driver for my friend's group communication (~6years), the notification sync between computers and phones was regularly failing. Don't clearly remember why, I think it was coming from diverging implementation of an obscure XMPP extension.

Are notifications more reliable nowadays?

@Ninjatrappeur @jz @aral yes, the XMPP(+OMEMO) combo is proving stable. Including notifications. An OOTB install of ejabberd gives a good set of XEP implementations.

See for a non exhaustive list of XMPP server and XEP compliances.

@aral @jz

I think things are slowly moving in a good direction. Certainly the situation today for secure chat looks a lot less hopeless than it did three or four years ago.

The lesson from XMPP is also that standardised server configurations are needed. This is where Matrix gets it right. There's so much diversity in the configuration of XMPP servers that this is often the cause of bad user experiences.

@aral @jz Have you tried Tox? I haven’t used it extensively, but it’s been very easy to setup and use.

@aral @jz I'm biased because I work on its design, but what do you think about Nextcloud Talk?

- fully open source, server as well as client
- self-hostable and only requires PHP
- app in F-Droid, apk available too
- uses WebRTC standard
- federation is planned, but using links to have calls with people not on Nextcloud is already possible - would love to get your feedback!

@jz Well it's nice to see the rest of the internet catching up. For a while I seemed to be the only Signal complainer, and that's because not long after it was first released I wanted to try running it myself (including the server side) and then encountered the problems you've listed. There was also a hostile reaction towards LibreSignal.

On the upside, Signal probably is better than WhatsApp or Telegram.

My original complaints:


when it demanded an sms capable number ALSO registered to a mobile provider i dropped signal like a radioactive rock spewing infected blood


@returntrip @jz

I havn't used it, but it looks like something to try out. I have a test installation of NextCloud I can try it with.

@returntrip @bob @jz

So far it's looking good. Doesn't depend on a single server, even as a default. End to end encryption. Server and client are open source. They have a good track record on security, at least since NextCloud has become a mature product. Other than having to enter a server URL as well as a user name and password, it's pretty friendly to non techs to install and set up (excluding the server). Client is on FDroid.

@bob @jz there is a downloadable apk for signal, but maybe you want to check out #DeltaChat – should not have any of the problems you mentioned. 😉

@mray @jz

I've seen deltachat, although havn't used it. My thoughts are that I'd prefer to keep GPG keys intended for email away from Android devices, and I expect the app will need to poll the mail server quite frequently which might not be good for battery.

@bob @jz battery consumption is very moderate. You only need to use the same GPG keys on mobile/desktop if you want to read chat messages inside your regular mail client.

@mray @bob @jz Delta chat seems creative but very silly... they make it sound like creating an account is this HUGE hurdle/problem. And like I guess? But it doesn’t stop most people. On one hand it’s clever to use encryption(pgp?) over email as the IM transport, but that also seems very convoluted and complex? Which leads to problems.

If I want a secure chat, I’d just use like Tox or Ricochet that’s been designed from the bottom up to be secure.

@Thepunkgeek @jz @mray

Also PGP chat has no forward secrecy or ratchet, but this may still be an improvement over what many people are using currently.

@bob @jz @mray It’s totally an improvement, but like why create software that’s only slightly better than something else when there’s software already out there that’s doing way more way better?

I’m not trying to attack this project, I think the idea is cool, just seems like there’s better solutions already and energy would be better spent improving those?? But that a FLOSS community problem.

@Thepunkgeek @mray @jz

At present I don't think there's any chat panacea and that the best we have is XMPP with the Conversations if the server is set up *just right* so that everything works.

Briar might be another possibility, but presently I'd regard that as being for traditional activism where you meet in a pub or at a festival and can do face-to-face key verification.

@bob @Thepunkgeek @mray @jz +1 for XMPP with the server and clientes supporting the latest Recommended set of XEPs + OMEMO (instead of OTR), and in the future: better Jingle audio/video calls support for mobile FLOSS.

@hinterwaeldler @adfeno @bob @Thepunkgeek @jz Ring eats your mobile data alive. Unfortunately. But I love how it is free, encrypted and serverless.

@mray @adfeno @bob @Thepunkgeek @jz Is this an inherent flaw or might battery consumption be fixed with a patch?

@hinterwaeldler @adfeno @bob @Thepunkgeek @jz it's part of the price you pay when nobody and everybody is the server.

@mray @adfeno @bob @Thepunkgeek @jz I'm still struggling to get the concept behind #ring. The calls / chats themselves are peer-to-peer, meaning I'm sending my message *directly* to the recipient, right? What is the necessary "server" / DHT part do?

@mray There is still a way to disable the local node and use another node to listen the network for you (a DHT proxy)

@hinterwaeldler The DHT is like a distributed mailbox. You send the encrypted message on the DHT network even the peer is disconnected. Then the peer has some minutes to read the DHT. So you don't send the message directly to the recipient, but let a message in a hash (like a mailbox). It's also used to init direct calls between you and your contact.

@mray @hinterwaeldler @adfeno @bob @Thepunkgeek @jz

In one month, ate 28GB of data. That was when I uninstalled it, real battery flattener!

@hinterwaeldler @mastodan Well, 28GB is insane and is not the result of a normal app behaviour IMO.

Otherwise, poorer data/battery perfs are the cost of a fully distributed network on mobile devices... but as said, we're working on the DHT proxy which is some kind of tradeoff between distributed network and battery/data footprint. It's still a bit experimental but you can already try it, it's kind of hidden in the settings :-)

@hle @hinterwaeldler To be frank, I could care less about the data usage, mobile data is not something that costs me additional moneh. My primary concern is battery life. Question for you, why not have volunteers run relay DHT nodes?

I use Ring android every day (and like a lot). Last moth: 371 Mb
28GB is not normal at all. Even on an old bugguy version

@mray @hinterwaeldler

@Jo @jz
I'm not being condescending, just pointing out what people I personally know have already built.

If you want alternative desktop clients written in your own language or integrating with your favorite messaging client, it isn't some impossible feat to build. Finn and a few other Seattlites have been working on bots and integrations like Weechat, I'd encourage you to poke around. Signald is pretty user friendly by the way!

@jz you can run your own signal server. Stop it.

@flash @jz Really? Last I checked Signal did not support federation?


The Better options all require advanced skills to use. Non-technical users deserve privacy too.

* Non-federation means users not giving up at server selector dialog and no one-off hostile servers.

* Phone numbers are mediocre IDs but hard for users to screw up.

* Google prevents third parties (e.g. abusive ex, corrupt local sherrif) from tampering with the apk.

* Funding is funding; the USG funds lots of stuff, some of it good.

Signal is imperfect but the perfect is the enemy of the good.

@suetanvil @jz my conclusions exactly. Where I can, I push people to use XMPP+OMEMO. Where the audience is non technical, like family, I use signal. It's a good stepping stone for privacy awareness.

@suetanvil I wish we stop attempting at justifying the ethically/morally unacceptable by "usability". this notion considers that "users" (not people eh!) are all idiots, incapable of doing what the person mentioning it is capable of.

It is by infantilizing people that they end up being subjugated, under control.

My own field experience of sec is that when u make people understand (activists, journalists doing real journalism, sources, etc.) they are capable of making efforts (tails, GPG, etc.)


Have you succeeded in training anyone without a secondary-school degree in the use of GPG? Because withholding quality education from the poor is one of the tactics in wide use against the US poor.

Would you get my mother to use something harder than signal?

I tried to make her use it but she said some of her contacts did not receive messages.

I mean she did not really care about privacy or crypting messages. So she went back to her standard app after switching phone.

Standards users will not make the effort to understand something more difficult than what Google teaches them.


Usability is important, yet not *crucial*. It is often in the hands of people with large resources. Most of the it time amounts to having software making choices instead of you.

Balancing techno-ethics and software freedom by "usability" is i think a fake dichotomy.

Like balancing freedom and security to justify anti-terror measures restricting freedoms and agency. One cannot pretend to trade one for the other.

(Jefferson mode: ON - "He who sacrifices freedom for usability...."?)


Given that the majority of security problems are due to user error, I would think it is obvious that UI is a significant aspect of software security. Describing usability and security as a trade-off is an astounding false dichotomy.

@jz How does Telegram compare? Their funding feels equally awkward, ℅ some Russian magnate, and based in Dubai.

@porsupah @jz I gather Telegram is almost universally considered less secure. It has much worse problems than Signal.

@jz While I agree with most of that, I disagree with:

> * Author disallows distribution by anyone but Google, although free/libre

They allow distribution through Apple's iOS store. For the desktop version you can compile it yourself (I think) from Github.

> * Its funding is shady (OTF = Radio Free Asia = USG)

The "USG" is not a single entity, and you cannot treat it as one. The USG funds many good projects, including, perhaps most famously, Tor.

@jz conversations for xmpp is using the same encryption algorithm as signal under the extension name OMEMO

@jz Other issues with #Signal:

* code quality is marginal - endless parade of small bugs, especially with the desktop client
* moxie is a jerk on github a little too frequently
* moxie is hostile to people running LineageOS

@jz That being said, I finally have the vast majority of my contacts including many non-technical people using a secure messenger for the first time in history. Change will be slow and many of the alternatives are not currently viable for non-technical users, partly due to usability and partly due to the network effect of "I'm not installing yet another app that runs yet another service just to talk to one person."

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré est une serveur Mastodon francophone, géré par La Quadrature du Net.