Prepare for the UK requests for mandatory key escrow into the data. Which I have high confidence signal will refuse to do.
I merely observe that there's a duty cycle here across data which states and providers have to dance through each time.
XorNot · 2h ago
So is this going to be self-hostable? Because what I'd really like is backups to go to my own server and definitely things like the media offload.
godelski · 5h ago
This is pretty awesome and an exciting feature. But I want to make 2 critiques here.
1) I think Signal is really bad at communicating with its community. Especially being an open source project I think it is important to be open in communication. I wish they wrote more blog posts and were announcing these things through blog posts (I really miss those blog posts, even the non-Moxie ones. They made it feel more communal and like you understood Signal's vision. Ultimately, that builds trust, which is ironically necessary when building trustless systems). Creates a good way to succinctly explain what the feature is, the end goal, and so on. You can easily add a cross link to any forum discussions. But jesus fucking christ, I really hate these private communities. No one likes making random accounts just to submit bug reports and it is a little insulting to make devs do it when GitHub exists (I can get why they do this but there might just be no optimal solution...). But man, the Signal community is particularly bad and off-putting...
I'll add that this is an extra pain point being a security app. It should be expected that Signal users are suspicious of Signal. That should even be encouraged! But lack of communication often breeds conspiracies. People not knowing even a high level road map start believing that Signal is doing nothing while asking for money. It's a small team, so of course it is slower, but just a bit of transparency can do a lot to mitigate this. You don't need full blown PR, but PR to the tech nerds does seem necessary at this stage (can become general public when your average tech nerd is convinced Signal is more secure than Telegram and understand that Signal and Matrix are not solving the same problems). Right now it is the tech nerds that spread the conspiracies and the infighting just ends up making apps like WhatsApp more inviting. We're usually bickering over technical mostly non-issue things[0]
2) The post mentions
> The ability to dynamically offload media so that Signal takes up less space on your phone, while still letting you download that media on the fly if you scroll back.
I can tell you that the vast majority of my storage in Signal is created through dupes. As far as I can tell, every time you forward an image or other piece of media it creates a duplicate[1]. I'd get pretty good storage savings if these were soft links to one another or a COW system was used (think like BTRFS[2], but you could get the same effect without that filesystem[3]). Is there a security issue with this? If so, can someone explain? This kinda circles back to #1 because it is pretty hard to get answers to these types of things from the community as ultimately you frequently end up with results like asking on Reddit. Community answers are great for naive and unnuanced questions but the moment any technicality is brought in.
But my point here is kinda about trying to better reach out to the community. I get that listening to users is noisy, but truth is that Signal's lack of metadata means they have fewer insights into user desires and concerns. Fortunately, Signal has more technically minded users than most apps, but there's no real good communication path with them. Honestly, I think there are dozens of good ideas in their community forums that go missed. Big reason I hate these community forums is that they also use popularity as a proxy for user desire. But requiring login makes that noisy as well as many features are going to be things people want but don't know they want, especially when there's some technical aspect involved. Here's a few examples:
[4] "Airdrop": User presented an "Airdrop" like feature which benefits them, reduces Signal's bandwidth costs, and could ultimately create a pathway forward to decentralization if they decide to go that way.
[5] Link Sanitization: This is straight up a privacy feature! You know when you share a YouTube link? Strip everything after the "?" because that's just tracking data. (You could solve the false positive issue by a default setting to sanitize or not and long press to get unsanitized link. Plenty of solutions to that). But Firefox and other privacy preserving platforms already have some solution to this. Signal really does need this to meet its own goals, and even naive users benefit from just a more visually appealing link (shorter)
Both of these are things that I think most users would want or enjoy having, they both further Signal's main mission, YET no "average user" is really going to see these as things they want until they actually have them. Over the years I've seen plenty of ideas like this and even in a more technical space like Signal's community, these are going to be missed while things like Stickers and Social Media like features will rise to the top. It's good to get that information about the community but it's important to recognize how highly beneficial ideas can be missed. Hell, [5] isn't even too difficult to implement! (It's not trivial, but it's a very doable feature and imo has a large impact. Though I'm biased because I manually sanitize links before sending)
[0] Guarantee to see a reply doing this. Which is fine, this is HN, its a space where we can do technical bickering.
[1] When I export data, I get unique dupes and when I delete data my storage responds appropriately. Could be how storage is determined, but I strongly lean towards these being unique copies.
[3] If any Android or iOS engineers are reading this, please, for the love of god give us this. Should make security better too since you can do subvolumes and encrypt those. I'm sure Signal would love to get containerized and encrypted subvolumes. Hell, fucking containerize each app! Big security win. (I'm sure there are issues and I genuinely would love to hear what they are. Please educate me, this is not my domain but I'd like to know more)
> But jesus fucking christ, I really hate these private communities.
Also, I don't know if Discourse was dropped in its head as a baby but only through some determined use of the mouse wheel could one possibly discover that there are ... I don't even know ... unlimited additional pages of discussion hiding in that thread. Infinite scroll wasn't designed to be taken literally, holy shit
At least with "Page 1 of 8675309" one can know in advance that they should pull up a chair. I guess the UX pattern is "hover over the '1h ago' URL to see the page number, n00b"
But, back on topic:
> We chose not to exclude all disappearing messages because
uh-huh, so kind of defeats the purpose of disappearing if they're preserved, eh?
godelski · 3h ago
Discord is only marginally better than dedicated forums. Honestly, I'm not even sure it is... But boy am I annoyed at how frequently that is used too.
I don't know if misspelled on purpose, but I think the original name is a more accurate description than the typo (Discourse). Because it sure does create a lot of discord (disagreement and lack of harmony)
You might as well go to the Arch Linux forums or Stack Overflow. Where someone will berate you for bringing up an already discussed topic that is difficult to search for. And to rub salt into the wound, they almost never provide the cross-link...
Back on topic (kinda):
Man, I really do wish Signal would allow you to pin or bookmark messages. It sure beats the cluttered chaos of scrolling, searching, or forwarding to Notes To Self (which lacks a cross-link back but at least gives you precise search queries).
mdaniel · 3h ago
Yes, and only recently did I learn that Discord has a 100 join limit, so yea for everyone in the universe locking themselves in an anti-automation limited platform. As show-stoppingly annoying as joining every single Slack workspace in the universe is, at least they didn't ban my email after 100 workspaces
I actually sponsor Zulip because that's the world I want to live in: sane threading, public HTML views of the chats, Apache 2 licensed, and a "we host it for you" for Open Source communities
---
Back in the olden days, I actually would have submitted a PR to introduce that new behavior, but their "fuck you, it's our project" taught me that it's source available more than open source for any meaningful version of that
godelski · 3h ago
It makes me wish Keybase was still a thing. They had a slack like platform that was E2EE. It still exists but idk, do we trust Zoom? Maybe it is still a better option.
But thanks, I'll look into Zulip. Sounds like it has things I want
mdaniel · 2h ago
I used keybase for the longest time (one can still see the proofs on my various profiles) but eventually the app would hang so much I convinced my network to move to Signal. I still don't know why Zoom didn't cut the technology loose since they seemed to just have acquihired keybase and didn't try to fold it into Zoom or do anything except let it bitrot
akdev1l · 2h ago
That’s not a typo. They’re complaining about Discourse.
The signal forums that guy linked are from a Discourse instance/forum. Discourse is a platform to build forums.
Oh thanks for the correction, I didn't realize the underlying program was called Discourse. I think my joke still stands, but I do appreciate the correction.
zeckalpha · 4h ago
Back it up now so when the encryption is broken, it can be read!
gruez · 2h ago
If you think they've gone rogue and are working with the NSA or whatever, why can't they be doing the same thing with your e2e messages while in transit? What do they gain by getting it through backups?
The backup is secured with "a strong key", implying that all PFS guarantees go out the window regardless of the PFS algorithm used to send the messages in the first place. Signal had great guarantees by how they both enforced a single client and was limited largely to screenshots as backups, now you'll never know if the person you're talking to has a full backup in the cloud, with metadata to match the actual conversation times, destroying the repudiability (i.e. plausible deniability) feature.
gojomo · 1h ago
The post claims with regard to the cost of a cloud backup that "Local backups still exist" - but that's a lie, there's no local backup option on iOS.
I merely observe that there's a duty cycle here across data which states and providers have to dance through each time.
1) I think Signal is really bad at communicating with its community. Especially being an open source project I think it is important to be open in communication. I wish they wrote more blog posts and were announcing these things through blog posts (I really miss those blog posts, even the non-Moxie ones. They made it feel more communal and like you understood Signal's vision. Ultimately, that builds trust, which is ironically necessary when building trustless systems). Creates a good way to succinctly explain what the feature is, the end goal, and so on. You can easily add a cross link to any forum discussions. But jesus fucking christ, I really hate these private communities. No one likes making random accounts just to submit bug reports and it is a little insulting to make devs do it when GitHub exists (I can get why they do this but there might just be no optimal solution...). But man, the Signal community is particularly bad and off-putting...
I'll add that this is an extra pain point being a security app. It should be expected that Signal users are suspicious of Signal. That should even be encouraged! But lack of communication often breeds conspiracies. People not knowing even a high level road map start believing that Signal is doing nothing while asking for money. It's a small team, so of course it is slower, but just a bit of transparency can do a lot to mitigate this. You don't need full blown PR, but PR to the tech nerds does seem necessary at this stage (can become general public when your average tech nerd is convinced Signal is more secure than Telegram and understand that Signal and Matrix are not solving the same problems). Right now it is the tech nerds that spread the conspiracies and the infighting just ends up making apps like WhatsApp more inviting. We're usually bickering over technical mostly non-issue things[0]
2) The post mentions
I can tell you that the vast majority of my storage in Signal is created through dupes. As far as I can tell, every time you forward an image or other piece of media it creates a duplicate[1]. I'd get pretty good storage savings if these were soft links to one another or a COW system was used (think like BTRFS[2], but you could get the same effect without that filesystem[3]). Is there a security issue with this? If so, can someone explain? This kinda circles back to #1 because it is pretty hard to get answers to these types of things from the community as ultimately you frequently end up with results like asking on Reddit. Community answers are great for naive and unnuanced questions but the moment any technicality is brought in.But my point here is kinda about trying to better reach out to the community. I get that listening to users is noisy, but truth is that Signal's lack of metadata means they have fewer insights into user desires and concerns. Fortunately, Signal has more technically minded users than most apps, but there's no real good communication path with them. Honestly, I think there are dozens of good ideas in their community forums that go missed. Big reason I hate these community forums is that they also use popularity as a proxy for user desire. But requiring login makes that noisy as well as many features are going to be things people want but don't know they want, especially when there's some technical aspect involved. Here's a few examples:
Both of these are things that I think most users would want or enjoy having, they both further Signal's main mission, YET no "average user" is really going to see these as things they want until they actually have them. Over the years I've seen plenty of ideas like this and even in a more technical space like Signal's community, these are going to be missed while things like Stickers and Social Media like features will rise to the top. It's good to get that information about the community but it's important to recognize how highly beneficial ideas can be missed. Hell, [5] isn't even too difficult to implement! (It's not trivial, but it's a very doable feature and imo has a large impact. Though I'm biased because I manually sanitize links before sending)[0] Guarantee to see a reply doing this. Which is fine, this is HN, its a space where we can do technical bickering.
[1] When I export data, I get unique dupes and when I delete data my storage responds appropriately. Could be how storage is determined, but I strongly lean towards these being unique copies.
[2] https://btrfs.readthedocs.io/en/latest/Introduction.html
[3] If any Android or iOS engineers are reading this, please, for the love of god give us this. Should make security better too since you can do subvolumes and encrypt those. I'm sure Signal would love to get containerized and encrypted subvolumes. Hell, fucking containerize each app! Big security win. (I'm sure there are issues and I genuinely would love to hear what they are. Please educate me, this is not my domain but I'd like to know more)
[4] https://community.signalusers.org/t/signal-airdrop/37402
[5] https://community.signalusers.org/t/clean-sent-links-strip-t...
Also, I don't know if Discourse was dropped in its head as a baby but only through some determined use of the mouse wheel could one possibly discover that there are ... I don't even know ... unlimited additional pages of discussion hiding in that thread. Infinite scroll wasn't designed to be taken literally, holy shit
At least with "Page 1 of 8675309" one can know in advance that they should pull up a chair. I guess the UX pattern is "hover over the '1h ago' URL to see the page number, n00b"
But, back on topic:
> We chose not to exclude all disappearing messages because
uh-huh, so kind of defeats the purpose of disappearing if they're preserved, eh?
I don't know if misspelled on purpose, but I think the original name is a more accurate description than the typo (Discourse). Because it sure does create a lot of discord (disagreement and lack of harmony)
You might as well go to the Arch Linux forums or Stack Overflow. Where someone will berate you for bringing up an already discussed topic that is difficult to search for. And to rub salt into the wound, they almost never provide the cross-link...
Back on topic (kinda):
Man, I really do wish Signal would allow you to pin or bookmark messages. It sure beats the cluttered chaos of scrolling, searching, or forwarding to Notes To Self (which lacks a cross-link back but at least gives you precise search queries).
I actually sponsor Zulip because that's the world I want to live in: sane threading, public HTML views of the chats, Apache 2 licensed, and a "we host it for you" for Open Source communities
---
Back in the olden days, I actually would have submitted a PR to introduce that new behavior, but their "fuck you, it's our project" taught me that it's source available more than open source for any meaningful version of that
But thanks, I'll look into Zulip. Sounds like it has things I want
The signal forums that guy linked are from a Discourse instance/forum. Discourse is a platform to build forums.
https://www.discourse.org/
https://signal.org/docs/specifications/pqxdh/