It will be open source, end to end encrypted using Signal’s double ratchet encryption protocol, and he plans to make it easy for fediverse platforms to integrate it. The beta will release later this month.
He’s also the creator of https://fedidb.org btw
I’ve been unhappy with the direction Signal has taken in recent months and Matrix always felt like it was trying to do too many things at once.
Happy to see something that would integrate directly into Fediverse platforms as it will greatly enhance interplatform communication.
Like a better FB messager.
personally love the direction Signal is heading but would be happy to not have “all my eggs in one basket”, as well as diversifying the open source E2EE communication options.
I felt that removing SMS while still having it tied to your phone number, stories, and that weird cryptocurrency were not what I was looking for in a messanger.
I agree. As soon as the update that disabled SMS was pushed to my phone, signal was effectively dead.
Integrating with SMS was so smart. The person who got me into it said “there is literally no reason not to do it” because it was seamless. And I used the same argument to get other people into it. But basically everyone stopped using it as soon as SMS was removed. I don’t have the brain space to remember who is on signal and who is not and go to the appropriate messenger.
I read the whole long thread on their website where the devs were arguing in favor of this and all the reasons were IMHO stupid. I think someone wanted to tank signal. Got tired of funding it probably. It was too good to be true with no obvious business model so always thought the day would come, and it did. Too bad, it was very good at what it did.
Makes a lot more sense when you realize they hired an ex-Google exec to run Signal.
Meredith Whittaker? Artificial Intelligence researcher
[0], not ex-Google exec, Meredith Whittaker who “led global walkouts”[1]against Google? Meredith Whittaker who “helped lead employee protests at Google over the search giant’s military work, artificial intelligence and policies”[2], Meredith Whittaker?If that’s who you’re talking about, they chose the right person to lead a project that goes completely against the silicon valley M.O. of selling your private data to the highest bidder or mining it to sell ads. Her actions have demonstrated she isn’t afraid of speaking up or pushing back against “the hand that feeds you”, even at risk of being retaliated.
[2]https://finance.yahoo.com/news/google-protest-leader-meredith-whittaker-015305645.htmlI like her politics and activism, I just don’t think Google and ex-Google people know the features people want out of a messenging app.
Yes I’m still very unhappy over Allo.
Yes I’m still very unhappy over Allo.
Same, it had so much potential, but seems to have been poorly managed.
I think someone wanted to tank signal. Got tired of funding it probably.
This take doesn’t make any sense. Signal is funded by a non-profit and has tons of money that allows them to not worry about funding in the near feature. There is nobody to “get tired of funding” them.
I also don’t like the fact that Signal needs your phone number and that the only way to connect to other people is by their phone number.
And that your phone number inevitably leads to being spammed
TIL Margot Robbie has strong opinions about encrypted messaging apps. My respect grows by the day.
Everybody just want to ask me about my opinion on work, nobody ever ask me about my opinion on tech.
But using an obvious AI generated profile picture and all of a sudden I can just express opinions on things now.
Wait. Is this the actually celebrity and not just someone using the name? Because honestly if this is the actual person it’s always kinda cool to see “famous people” doing normal people things like say having tech related or privacy related interests and hobbies (idk i just listed that because i can relate to it)
lol
SimpleX looks intriguing
Session too. Not a big fan of signal since it requires giving them your phone number.
I’ve posted this previously, but I’ll repost again because I think its important people are aware when making a decision on a secure messenger.
======== Original Post: https://lemmy.ml/comment/1615043
Sessions developers dropped Signal’s Perfect Forward Secrecy (PFS) and deniability
[0]security features. Personally I would not trust a product that drops an end-user security feature for the sake of making the developer’s life easier[1].Using existing long-term keypairs in place of the Signal protocol massively simplifies 1-1 messaging.
For those unaware, PFS protects your data/messages from future exploits and breaches. With PFS, each message’s encryption is isolated, preventing compromise of current and past interactions
[2].A simple example to illustrate why PFS is beneficial. Lets assume any 3 letter agency is collecting all Signal/Session messages - on top of the tons of data they’re already capturing. The great thing is that your messages are encrypted, they can’t see anything - YAY - but they’re storing them basically forever.
Two ways they may be able to compromise your privacy and view ALL your messages:
-
A flaw is discovered that allows them to crack/brute force the encryption in weeks instead of years/decades/eternity. If you were using Sessions, because you use the same key for every message, they now have access to everything you’ve ever said. If you were using Signal, they have access to that one message and need to spend considerable resources trying to crack every other message.
-
Your phone is compromised and they take your encryption keys. If you were using Sessions, this again gives them access to your entire message history. If you were using Signal, because the keys are always rotating (known as ephemeral) they can only use them to unlock the most recent received messages.
It’s important to state that both cases above only really matter if you delete your messages after a certain time. Otherwise, yes, all they have to do is take your phone and get access to your entire message history - which is why ephemeral messaging (i.e. auto deleting messages after a certain time) is crucial if you suspect you may be targeted.
[0]https://getsession.org/blog/session-protocol-explained[1]https://getsession.org/blog/session-protocol-technical-information-
It’s great, I’m migrating all my contacts to it. AGPL, no phone number or identifier, decentralized, official lemmy community, fast development pace, …
You should try Beeper too.
I’d never heard of that until now, looks amazing!
Beeper is truly fucking amazing.
deleted by creator
Discord is a centralised, proprietary service, sup would be a fediverse app. Discord is better than Sup just like Reddit is better than Lemmy.
I’d be so excited to see any fediverse do the discord server/channel setup, and as soon as I see it I can start convincing friends to join it.
Matrix has this. It’s federated but doesn’t communicate with Lemmy.
deleted by creator
You’re trying to derive meaning from a system that doesn’t have one established objectively
You got like 10 people that basically said “i disagree” in voting format, nbd. Sometimes we have unpopular opinions, other times bots, other times who cares internet points
I’m not disagreeing with you. You’re saying that the fediverse produces badly designed and branded services that mirror existing apps with massive user bases, that won’t be great until a lot of users migrate over. None of that is wrong! It’s why Lemmy is a mess that constantly breaks, and Reddit is still way more useful, even if most people here hate it.
It’s just that most Lemmy users care enough about decentralisation to ignore those product downsides, in the hope that they it can be overcome over time. With a messaging product, that’s even easier. You can just install it and wait until other users join - network effects are ’much more limited than with eg Lemmy.
I’m not leaving Signal until someone implements keeping data at rest encrypted on both ends and requires multi factor unlock (bio+pin is my choice).
So sick of E2E clients that leave the data in plaintext on the devices and then back it up in plaintext to the cloud.
Does Signal back up in plaintext in the cloud? (If so that doesn’t sound like E2E encryption… unless the ‘ends’ are uh… also constituted as the cloud itself which is… defeating the purpose).
Where do the pub/ private keys live, exactly, tbh. (Assuming it is asymmetric encryption that they use?)
Edit: ah, misread. I thought you said that you were not joining it due to it storing plain text in the cloud.
No, signal does not do cloud backups. The keys live on the end users devices.
Signal doesn’t store any of your chats at all. They’re all on-device by design
Hm… If they’re not being stored on the cloud, that means offline users would never receive messages, unless Signal is purely P2P. I haven’t looked at the project, or the source, but I find it hard to believe – you can’t really do user lookups without some sort of middleware in the cloud.
You’re right, Signal is not P2P. The way Signals messaging pipeline works is like this - note I’m oversimplifying it for accessibility.
Sending a message to
Bob- You press
Send. - The message is encrypted on your device with a key that can only be unlocked by
Bob. - The message is then “sealed” so that there’s only a “deliver to” field visible (not a “from”).
- The “deliver to” field is addressed with a hashed/salted label for
Bob- this means Signal’s server can see its a unique user, but not what their name is. - The message is finally sent to Signal’s servers.
- Your message sits on Signals servers until it can be delivered to the intended recipient.
you can’t really do user lookups without some sort of middleware in the cloud.
See their blog post about Private Contact Discovery, they’ve spent a long time figuring out how to engineer a method to know as little as possible about you.
Thanks for the explanation.
- You press
All the data they have on any specific user is the account creation date, and the last online timestamp. They’ve already done loops around this topic in the DOJ.
And I thought it should be obvious that an online service doesn’t work if you’re offline
Yeah, but messengers, such as WhatsApp for instance, will send you missed messages once you’re back online. That’s what I was referring to.
so this is basically fb messenger but it works with twitter, YouTube and reddit (their federated alternatives mastodon peertube lemmy) and is e2ee!
super cool!
How is this different than something like Matrix? I’m probably just not understanding something…
This is meant to work with the ActivityPub fediverse ie. Mastodon, Lemmy, Kbin, Pixelfed etc. and you would be able to use your current lemmy.world account for messaging.
But why is that such a great benefit? We already have a myriad accounts for different services/platforms; would this be merely a marginal improvement over the current situation?
I’m not a fan of Pixelfed, or instaclones. But the idea of a messenger e2ee that works with all the fedi is such a awesome idea.
Why are you not a fan? I’m genuinely curious, as I’m vaguely evaluating such software.
Not OP but personally I just don’t like picture centric social media. Just not my thing.
Nice. This sounds like a federated signal messanger? Why not using matrix or xmpp? 🤨
I have no idea what the fediverse brings to an E2EE IM app. They seem like contradictory concepts.
no walls?
All existing messengers have “no walls” if you consider they all transfer data via TCP/IP. Except the wall is the encryption/higher level protocol. Now just replace TCP/IP with federated servers. Different messengers will be unable to communicate with each other because they’d need to implement the same encryption.
If you’re able to standardize the encryption then things can interoperate if it’s fediverse based or not.
According to this post, Signal can federate, but chooses not to. In another post, it’s said that Matrix is based off Signal.
So, one way to look at it announcement is “you will be able send Signal/Matrix messages from your fediverse instance of choice”, I believe
Signal has been the basis of basically every private messenger since it’s inception. They may have since forked but they’re almost all based loosely on it’s concepts.
“you will be able send Signal/Matrix messages from your fediverse instance of choice”
While no details are clear, it’ll definitely not be this. Matrix has it’s own implementation which isn’t compatible with signal (megolm or something like that), and I really don’t think dansup will be making it matrix compatible. It’ll probably be its own thing.
Oh, that’s a shame. It’s one of the bummers of instant messaging, everything seems to be incompatible with everything
Kind of surreal seeing my own Mastodon post linked, damn.
If you’re curious about the details I refer to, there’s an indepth article on lwn.net regarding this from 2016 here: https://lwn.net/Articles/687294/
That article was very informative, thanks!
Huh. I wonder what they mean by “bad user UX”. I was expecting concerns about encryption or privacy, not UX. I already use Signal, so it would be a positive for me if they federate.
To be a bit more precise, Signal is against federation from two angles:
-
Innovation: Signal values absolute control over the protocol so that they can more rapidly implement UX experiences scene in other modern messaging apps. It also eliminates malicious or outdated servers changing the UX between users. Ultimately folks won’t blame the servers, they’ll blame the app, and stop using it.
-
No rope for users: They seem pretty confident that the Apple-style of software and UX is right— if a user can change stuff enough to break it, they will. For secure messaging, they’d rather users have fewer choices to be sure it is secure.
-
Yeah … I read it as well.
This announcement does not mean that the services (signal, matrix, etc) will be integrated. At one point there’ll be a bridge for matrix. But like google, all of them need to implements MLS at one point. Maybe then they’ll be able to communicate
Can you use matrix with a lemmy or mastodon account?
No, right now you need two separate accounts but you could combine them if you wanted to
Desktop fscking client, please. Not electron based would be nice, yes? QT is good.
ICQ-style or old Skype-style user directory would be wonderful too. VoIP is not something I’d care about, file transfers are.
This is cool.
Chill, you’re not the only one here.
VoIP in a mainstream messenger is something that most people use nowadays to avoid calling people from their SIM cards which costs them much.
Video calling too is something I personally use too especially on iMessage or Telegram.
I’m a software engineer, I appreciate some old school things that work perfectly well like ICQ or Vim or emacs or working only with shortcuts. But you know what’s also a shortcut? Not having to use 50 different messengers just because this one doesn’t have VoIP and I can’t bring my friends or my mom here but I can bring only my nerd friends”.
This is all business and target audience oriented. You are not the only target audience out there and especially when you don’t demand from a messenger to be able to have VoIP. Even Instagram has VoIP these days. A photo-video-media sharing app. Let alone a messenger.
Chill, you’re not the only one here.
I talked about various audiences not just myself. The person I replied to talked as if the app was made for him explicitly. “VoIP is not something I’d care about, file transfers are” like this kind of talking is like bruh, the app is not made only for you.
yeah, the app is made for you and him. So doing the math we have a -1 “VoIP is not something I’d care about” and a +1 “Video calling too is something I personally use…” which results in 0% significance. So let’s just talk, voice our opinions, and chill.
No, the app is made for everybody who wants to use a messenger. Not just you and him. It’s supposed to be under the standards of the feddiverse.
The comments here are not a poll. Providing especially personal comments about a nerdy user like me and the guy I replied about “I would like it like ICQ” and such shit, would not help the creator make a good choice. Most people nowadays, especially zoomers, dont even know what ICQ is or how it works or how to even login to it. Most people, proven by ehm … the success of messenger, discord, whatsapp, telegram, viber, signal everything … want a messenger that provides what the mainstream messenger wants with most of the features that everybody provides and are mainstream used while having ease of access.
We should try to help the creator. Not misguide him. Again, the comments are not a poll, they’re supposed to help to make a constructive conversation. And when you talk as if the app is made only about yourself, you’re not really helping.
We don’t take kindly to people who think they’re the only one here.
I don’t think this could convince the rest of the family to switch off Line, but I’m pulling for it.
switch off Line
I don’t think it would work if it was offline, would it? /s
Another messenger = another target for all who hate it. This is another way - let’s see them target that channel.
this rocks actually. I’ve kinda wanted this for a while
I am excited for this!
AP isn’t really meant for real-time communication
I think AP will just be used as account authentication/creation with Signal software as the backend, but this is speculation.
This seems highly sexual
Makes more sense as matrix client than ActivityPub
I’m still trying to figure out why this would be used over Matrix. It seems to be the same without bridges?
Oh god matrix is such a bitch to handle and deal with, laggy and just in need of so much work. I’ll be so happy to have an alternative.
I used it and hosted it for months with friends and family and we all got locked out due to bugs and had neighboring federated servers that wouldn’t connect.
What year? I’ve run a docker synapse for a couple years with no issues (other than iOS client encryption bugs). I was surprised I could run it without a restart for 6months+
just yesterday element literally gave up on joining the nix matrix space after staying at joining for hours on my selfhosted dendrite instance
a week or so ago the exact same thing happened with the arch matrix channel
This year. I gave it a VPS with plenty of cores and memory too. It’s like once I got it working it would work for awhile right, nbd. But then when I’d join a federated room over on matrix.org it would literally take days to add it. I even smoke tested it with their federation tester.
The lockout I’m describing is like an auth bug. The moment you sign in in a couple different places it has trouble unencrypting messages and even if you verify the other devices identity it will act like it’s still unrecognized, and delete messages. It happened to my girlfriend, then my friend, then me. Twice in two separate attempts to use it daily. I tried using it as a complete iMessage replacement across all platforms so I’m saying I was using it heavily.
And yeah I used docker too. It’s a neat concept it just falls apart at scale from what I’ve literally seen twice. Doesn’t matter what client I used either.
