A small rant on Signal

As a digital self-defense trainer for activists, I’m often asked what app should we use for instant messaging. The easy answer is Signal. Signal is very good at what it does, but I’m afraid activists think about it as “the perfect solution” or “a secure messaging platform”, without taking the time to understand why it is not, and what are the issues in Signal.

And that makes me a little angry sometimes, especially when some friends are giving them money while activism scenes already have a hard time funding their own projects and Signal has not.

So here is an undetailed list of things I don’t like about Signal:

• they require a phone number (they’ve been saying for at least 5 years that they are working on a username system, but now that just sounds like an empty promise) They did it in the end!! They still require a phone number, but by default it is not visible to others. By default the phone number is still “searchable” so that someone with my number can find me on signal, but this can be disabled (it could be abused by people trying specific numbers they want to check somehow)
• they spit on decentralisation (see moxie’s article, that has real questions but conclusions are shit)
• they added cryptobro shit with their cryptofreakincoin embedded in their app
• they have so much money in their hands, but do so little efforts to listen to radical left needs
• the server code has seen long times without public releases and is thus less easy to trust
• they hate forks using their servers (Molly and Langis are still working though, but these forks use 90+% of the signal codebase and don’t touch how the app talks to the server so i don’t know it they can block it)
• they don’t want Signal to be in F-droid
• they have no good dekstop client (only an electron app that requires a Signal account on a phone to be linked to, link that is lost after 1 week of inactivity)

I have to say that I really like that signal has really strong crypto and invents new and good ways to keep metadata safe. And that it is the least worse we have when we are ok to share our phone number (or have a way to use a number not related to our civil identity).

But well, they wanna be a social network, and I think it’s so dangerous… It looks like they want customers, not users… I’ve been a Signal for many years now (probably around 10, it was not called Signal then but there was Textsecure and Redphone), and i’m so grateful of the work they did and still do, but they missed it at some point and turned into a “wannabe better social network IM” instead of “a very good IM platform for activists”. And Moxie has left Signal so the original strong connexion that existed between anarchist and activist scenes and Signal is wearing out (does it still exist? i don’t know).
Someone else recently wrote “I don’t inherently trust Signal”, which has a lot in common with what I wrote here (french version here).

I still recommend Signal over of pretty much anything else currently though. But I think we are currently in an hera of IM tries and attempts, and I hope soonish something will come out of all the work done in the past years and surpass them all!

I’m keeping an eye on these apps, hopefully one will be very good at some point:

• Berty (https://berty.tech)
  • IPFS-based
  • not using blockchain
• Briar (https://briarproject.org)
  • Nice but UI is still a little rough. Don’t know how it scales
• Cwtch (https://cwtch.im)
  • Not mature enough
• Databag (https://github.com/balzack/databag)
  • No groups
• Jami (https://jami.net)
  • So many cool features: https://docs.jami.net/user/all-features-by-client.html
  • Fully decentralized (based on DHT)
  • Groups are limited to 8 members, but should change in the future
  • No automatic message removal
  • Edited messages don’t remove the old version (see https://git.jami.net/savoirfairelinux/jami-project/-/issues/780#note_25260)
  • Users feedbacks: it’s not really usable, it’s full of bugs
  • Apparently working at the compagny is complicated and many workers don’t stay long because of bad work environment
  • It’s been there for ages but it seems it’s still not stable or even “working properly” so i’d personally avoid it
• Matrix (https://matrix.org)
  • Founders and parent company love cops (unrelated to them giving user data to cops, as we have no sign of that yet), also here
  • So many critics. A summary could be:
    • Shitty metadata handling (leaaaaks all the way)
    • No disappearing messages
    • Server hard to maintain and scale
    • « when sharing media, the media isn’t encrypted, and available to anyone with the url, and can’t be deleted » regarding this document
  • https://brendan.abolivier.bzh/enter-the-matrix/
  • https://anarc.at/blog/2022-06-17-matrix-notes/
  • https://telegra.ph/why-not-matrix-08-07
  • https://hackea.org/notas/matrix.html
  • https://disroot.org/en/blog/time-to-switch-some-lights-off
  • https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/
• Olvid (https://olvid.io/en/)
  • Developped by french gov
  • Backend is closed-source: https://github.com/olvid-io/olvid-android/issues/1#issuecomment-1848410038
• Qaul (https://qaul.net/)
  • Uses the Noise Protocol
• Quiet (https://tryquiet.org)
  • Nice comparison with other apps: https://github.com/TryQuiet/quiet/wiki/Quiet-FAQ#how-quiet-compares-to-similar-apps
• Session (https://getsession.org)
  • Depends on blockchain (aka no way i ever use it)
  • They removed forward secrecy in one of their protocol updates (https://getsession.org/blog/session-protocol-technical-information)
  • Interesting discussion here: https://news.ycombinator.com/item?id=28715627
  • People say it’s connected to the alt-right. Couldn’t fact-check yet though
• SimpleX (https://simplex.chat)
  • Depth threat modeling
  • Decentralized with ability to easily run tiny nodes
  • No need for phone number
  • Venture Capital funded (aka very dependent on stakeholders wishes) notes
  • Apparently doesn’t scale well for groups bigger than ~300 people, but might go better in the future
  • “SimpleX is not the program you want to use”: https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-right/19256/29
  • Toxic job offer (2024-12-11): https://web.archive.org/web/20241128165938/https://simplex.chat/jobs/
• Snikket (https://snikket.org)
  • XMPP with good client and provided server config
  • XMPP leaks a lot of metadata so might not be good for activism
• Tox

More about Signal in Signal Fails(en)(fr)

A note about technology

I think we should try to use the least tech messaging systems as we can and (re)learn face-to-face communication as much as possible. Technology is inherently bad as it requires human exploitation. See Aurore Stephant from SystExt work (fr), see the conference « Nabil Hassein - Computing, Climate Change, and All Our Relationships » (en), and see other work about how technologies are built and (not) recycled at all. Plus all the bad with surveillance that we can only dodge a little…

Notes

Simplex

(SimpleX dev message are in italic)

Groups aren’t really limited, I’m just limiting them not to create too much traffic for senders. It’ll be hugely improved this year.

Can you provide some example of a VC-funded project that has gone wrong?

Owncloud? But yeah my point was rather that if investors invest on a product, they expect a gain. At some point SimpleX will have to find a way to make money for these investors. Donation aren’t gonna be enough. So what will happen then? A nonprofit like signal cannot turn bad like that. (But signal has other issues iknow, its just an example)

Non-profits certainly can turn bad, and quite a few people believe it did. From not sharing server code for some years, to refusing decentralise the network, to adding closed-source components, to creating some smoke and mirrors instead of real protections for connections graph…
Non-profits, in my view, have as big if not bigger chances to turn bad. Ultimately, any organisation needs funds. There are only two sources - customers and either investors for commercial companies and sponsors for non-profits. The terms of investment and the influence that investors have on the company is quite limited, in comparison with non-profits. Investors can ask for some degree of control, and founders can agree or disagree, but this control is executed via a board, within rather strict parameters of the law. It doesn’t mean it can’t go bad. But non-profit sponsors, unlike investors, can request the same control mechanisms plus attach other conditions of providing the grant - if anything, it seems less regulated than investment.
So it seems to be a misconception that non-profits give any better guarantees to the users than companies without considering other factors. It’s conventionally believed to be the case, but I see lots of examples to the contrary.
In any case, we will be splitting the structure to use both commercial entity and several non-profits to achieve what we want to achieve. Organisation form is a tool, nothing more.
One more example of non-profit going bad - Linux foundation claiming that SSPL is not a real open-source license. Even though it benefits literally everybody - from license owners to users communities. And the only entities that don’t benefit from it are large big tech companies that offer cloud services - that are coincidentally the largest sponsors of Linux foundation.