The developers of Signal are currently doing a user survey:

I told them that I really like the app but also that I would like:
a) Signal on @fdroidorg
b) a proper desktop client
c) no data stored in "secure enclaves"

Maybe you'd like to tell them, too?



@__h2__ @fdroidorg I told them about not enjoying having to disclose my phone number to everyone, I'd like federation, and that being suddenly forced to use a PIN which still hasn't been explained was a very jarring user experience.

@adam @__h2__ @fdroidorg yep they're world class at security but maybe 10th or worse when it comes to usability

@adam @fdroidorg I have mixed feelings about this. You can get Signal-like encryption on XMPP, but people are not buying it. They want contact-discovery via phone-numbers / address book.

I think that it is not ideal, but changing it means that Signal would need to store the entire contact-graph of the network, which is much worse from my POV. I think they want to go there which is why they are doing the SGX-thing.

@__h2__ @fdroidorg I'm not sure I follow. Why would using usernames for unique identifiers instead of phone numbers require server side storage of people's contact lists?

The only motivation I can think of for moving contact lists server side would be to make moving from one phone to another easier, but that's not required to implement easy migration.

@adam @fdroidorg You are right, this is not required, it is just how XMPP is implemented right now.

But not having this decreases usability even further. You wouldn't only need to discover all of your contact's usernames, but also need to rediscover them when you lose your phone. All these things are solvable, but I just don't see it happening.

The things I asked for are very straightforward and don't require coimplicated changes of the status quo.

@__h2__ @fdroidorg Signal protocol over XMPP sounds great to me. When people lose their phone, they can recover the XMPP usernames of the people they talk to the same way they would recover their address book (which for me is backups)

I do hear you about discoverability though. Usernames require two parts so it's clear which server should get the traffic. People accepted that paradigm for email though.

Do you know of any mobile apps that make e2ee XMPP easy?

@adam @fdroidorg Conversations has Signal-grade encryption (called OMEMO). It's fairly easy to use, but it relies on separate identifiers (regular XMPP).

I wrote a proposal some years ago to add phone-number bases client-side discovery, but the authors were not interested ;-)

@__h2__ @fdroidorg I read through your proposal and my concern is that it would allow a guess-and-check way to obtain a person's contact list. Just query a user with all possible phone numbers. This is bad in that I can't control if anyone ever puts my JID and phone/email in their contact list and this feature is the link that allows randos to query this info.

If I were an advertiser, or Facebook or whomever, I'd absolutely use this to suck up contact lists.

@__h2__ @fdroidorg The fact that the developer was so against the idea of phone numbers as a discovery mechanism and then later went on to implement phone numbers as a discovery mechanism is pretty disappointing, and in a centralized way at that. :-(

@__h2__ @fdroidorg I am going to give it a try though, just to see how it compares to Signal and Briar. If the UX is nice, then I'll dig into the crypto.

Sign in to participate in the conversation

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.