HN Theater @HNTheaterMonth

Moxie's position on this is pretty strong, and on the side of platforms(centralization) vs standards/protocols(de-centralization), for product reasons.

blog: https://signal.org/blog/the-ecosystem-is-moving/

talk: https://www.youtube.com/watch?v=Nj3YFprqAr8

> I've been wondering lately why "new features are released regularly" is generally considered a boon when talking about software and specifically in a product that serves a relatively simple and clear-cut need like a bookmark stash

There's a very good talk by Moxie "the ecosystem is moving"[1][2] and the reason you need your software to be changing constantly, even when it's doing one thing well, is because all other software is changing, moving requirements, compatibility, and integrations.

Also, it's not like we have no progress in UX. I quite like the light/dark theme in apps changing according to the time of day. It only really started working well within the last two years after all apps adapted.

[1] https://signal.org/blog/the-ecosystem-is-moving/ [2] https://www.youtube.com/watch?v=Nj3YFprqAr8

> Moxie nailed it

His talk[0]/article[1] typically gets a lot of flack on HN whenever it is posted but it was really eye-opening to me.

[0] https://www.youtube.com/watch?v=Nj3YFprqAr8 [1] https://signal.org/blog/the-ecosystem-is-moving/

Related talk by Moxie on decentralization: https://www.youtube.com/watch?v=Nj3YFprqAr8

⬐ throw16489

Official link with english subtitles:

The Ecosystem is Moving (2019) https://www.youtube.com/watch?v=DdM-XTRyC9c

⬐ zaik

There are numerous responses to this talk, an outstanding one is the response of Daniel Gultsch: https://gultsch.de/objection.html

⬐ latte2021

But in none of the responses is any large scale sustainable solution. In an ideal world, yes, everyone will use federated solutions. But articles like these are not helpful unless a mass market solution is done or proven.

Even jitsi cannot federate with bigbluebutton.

Though I like email, mailing lists and matrix(element) etc but world is pragmatic: workplace use of slack to whatsapp to signal or google docs.

It has become a habit to post in hn

1. DIY mailserver 2. Photos hosting 3. K8S

but people need to know Infamous Dropbox comment: https://news.ycombinator.com/item?id=9224

⬐ simfree

Jitsi can connect with most SIP servers, there are even videos on YouTube of people doing this.

The ecosystem is moving, but Signal is falling behind as said ecosystem moves. Way more resources are flowing into making Matrix good than are funding Signal and XMPP, to their detriment.

⬐ latte2021

Ideally please bookmark your comment. Lets wait for a couple of years.

> he gave a scathing talk a year or two ago you can find a copy of, though he interestingly hadn't wanted it recorded

Do you mean the talk he gave at C3?

https://www.youtube.com/watch?v=Nj3YFprqAr8

Never heard anything about him not wanting it recorded, presenting at C3 means your talk will be recorded and distributed.

> Discussing Signal is somewhat unavoidable in this context though.

In which case I feel the need to share this very interesting talk from Moxie about the negatives of decentralization from the POV of product. I have no education or horse in this race, but I found this talk very interesting and dare I say brave.

https://www.youtube.com/watch?v=Nj3YFprqAr8

Would love to be pointed to the best counterarguments, but again the focus on product was the interesting take for me.

⬐ MattJ100

> Would love to be pointed to the best counterarguments, but again the focus on product was the interesting take for me.

I attempted to summarize the trade-offs in this post: https://snikket.org/blog/products-vs-protocols/

There are also a number of responses written by others, such as:

- An Objection to "The Ecosystem is Moving": https://gultsch.de/objection.html

- "Re. The Ecosystem is Moving": https://blog.jabberhead.tk/2019/12/29/re-the-ecosystem-is-mo...

- "Have you considered the alternative?" https://homebrewserver.club/have-you-considered-the-alternat...

⬐ wolverine876

> I attempted to summarize the trade-offs in this post: https://snikket.org/blog/products-vs-protocols/

What an intelligent, honest, balanced analysis, thank you. It's hard to believe I read that on the Internet!

> ... you can't necessarily update at will.

> When you include merge logic – really any code or rules that dictate what happens when the the data of 2 or more CRDTs are merged – and you have bugs in this code running on devices you can never update, this can be a huge mess.

This is a really important point, and its a problem with distributed systems in general. Moxie Marlinspike (the guy behind Signal) gave a great talk on this a few years ago thats well worth a watch. He argues that distributed systems will always be outcompeted by their centralised counterpart because they can't add features as quickly:

https://www.youtube.com/watch?v=Nj3YFprqAr8

We've seen this playing out in real time watching git slowly upgrade its hashing function. The migration is taking years.

I don't know a general solution, but a partial solution in my mind is that we need to knuckle up and make these base layers be correct. Model testing and fuzz testing can absolutely iron out bugs in this stuff, no matter how complex it seems. Bugs in application software usually aren't a big deal, but CRDTs fall in the same category as databases and compilers - we need to prioritise correctness so you can deploy this stuff and forget about it.

Its not as bad as it sounds. The models which underpin even complex list CRDTs are still are orders of magnitude simpler than what compiler authors deal with daily. Correctness in a CRDT is also very easy to test for because there just aren't that many edge cases to find. You can count on one hand the number of ways you can modify a list and the invariants are straightforward to validate.

We used fuzz testing for json-ot a few years ago and never ran into a single bug in production which was in the domain of things the fuzzer tested for. (Though the fuzzer was missing some obscure tests around updating cursor positions.)

> Add: and Signal's centralized server IPs banned. Signal is really weak here; shouldn't have been centralized to begin with.

Here is Moxie's talk about this very subject, and why he thinks that decentralized products can be much weaker products.

https://www.youtube.com/watch?v=Nj3YFprqAr8

They have good reasons for doing so. Watch this talk if you actually want to learn why https://www.youtube.com/watch?v=Nj3YFprqAr8

If you don't, use something else. But using Signal is for sure a lot better than using Facebook Messenger or WhatsApp.

I used to think the same, but I changed my mind after this talk : https://www.youtube.com/watch?v=Nj3YFprqAr8

There is a lot of very good point in this talk by Moxie, it's a bit long, but worth it.

⬐ consumer451

Thank you for sharing that talk! Very thought provoking for sure, and wow what a brave guy for giving that talk to that crowd.

I also learned a lot about why Signal does what it does.

I highly recommend this video to everybody, no matter your background or current work role.

This idea suffers from the same problem federation does. It's harder to move a whole ecosystem. Makes it harder to innovate. Leads to centralized platforms outperforming these BYOC/federated/open options. Basically how Reddit replaced Usenet with upvotes and basic spam filtering.

There's more on this from 'moxie

https://www.youtube.com/watch?v=Nj3YFprqAr8

https://signal.org/blog/the-ecosystem-is-moving/

⬐ cyberlab

> Reddit replaced Usenet

Many things replaced Usenet. Usenet is more of a protocol (that uses NNTP) than a social media platform. If you're any way a systems thinker, you would know that protocols are more resilient than services.

⬐ imwillofficial

“ If you're any way a systems thinker, you would know that protocols are more resilient than services.” This is not just a terrible saying, it’s also completely wrong. All things are not equal, so a crappy protocol may or may not be more resilient than a service. “Systems thinking” is not code for “Lazy thinking.”

⬐ hollerith

When making the point that protocols are more resilient than services, consider including an example of a protocol that has at least .0001 as many users as Reddit does.

⬐ texasbigdata

It's also not the _same_ users, which may not matter but probably does.

⬐ blfr

NNTP is basically dead, maybe abused* for piracy in some corner of the Internet, while Reddit ate half of the web that Facebook didn't eat.

* To be clear, I'm rather ok with piracy. NNTP is just really poorly suited for it.

⬐ platz

> Leads to centralized platforms outperforming these BYOC/federated/open options. Basically how Reddit replaced Usenet with upvotes and basic spam filtering.

That is a nice insight.

⬐ rapnie

> This idea suffers from the same problem federation does.

Yes, this is a problem you also see with the Fediverse (based on W3C ActivityPub). You get innovators and laggers, and the latter when they are popular can hold the former back (you see this with Mastodon, which as early adopter created their own client API's, but are now lagging to implement the Client-to-Server part of the AP specification).

At the same time standardization of federated protocols can also be an advantage in that it allows many different projects and applications [0] to be developed and mature independently. Innovation can come from unexpected corners here (heads up to openEngiadina with ERIS [1], DREAM [2] and Spritely [3] project).

[0] https://git.feneas.org/feneas/fediverse/-/wikis/watchlist-fo...

[1] https://gitlab.com/openengiadina/eris/-/blob/main/doc/eris.a...

[2] https://dream.public.cat/

[3] https://spritelyproject.org

⬐ grishka

The C2S part of ActivityPub isn't for everyone, and it's okay. It basically moves too much logic to the client. It prevents any semblance of a good UX because you have everything — posts you would display in the feed, interactions with your content, etc — in the same inbox. You have to connect to many different domains to render something to the user, and you also have to have a sophisticated caching system on the client. Also good luck loading those full-size images over an EDGE connection.

There are 2 kinds of ActivityPub servers.

- The "dumb" one, that does minimal processing and simply stores JSON objects. Someone POSTs an activity to its inbox, the server does minimal required verification, stores it, and the client then queries it with GET. And does the reverse for the outbox. That's it. That's where c2s would work fine.

- The "smart" one, that treats s2s ActivityPub like an API, comes with a built-in web interface, and stores everything in a way which makes sense for its particular presentation. That's the kind I'm making (Smithereen, it's on the list you linked, btw), and that's what Mastodon is. Implementing c2s in this kind of server is a major pain in the ass, and I won't. You'd have to throw away all your careful optimizations, synthesize ActivityPub objects out of things that never were ActivityPub objects in the first place, do horribly inefficient things to merge notifications and feed and other conceptually unrelated stuff from several different database tables just for the client to split them back apart... Doesn't make much sense. A domain-specific API is the only way to make a client for this kind of server.

⬐ dredmorbius

There can be considerable use-value to ecosystems which don't move as a whole, or do so with deliberation and in a component-wise manner.

As with, say, LaTeX, or Unix/Linux.

⬐ drjgk45839

>...Reddit replaced Usenet...

According to Wikipedia, Reddit was created the same year Usenet service was discontinued by AOL. Reddit "replaced" Usenet in the same sense that cell phones "replaced" telegrams.

⬐ Aeolun

Reddit also has tons of unofficial clients that interact with it. It’s not quite the same since you still don’t own the data, bit it comes close.

⬐ wizzwizz4

AOL's only contribution to Usenet was to fill it with people who didn't understand Usenet, all at once, almost completely eradicating the existing community.

They discontinued the service when Usenet was no longer a selling point, because they had destroyed it.

⬐ lifeisstillgood

tl;dr

>>> So while it’s nice that I’m able to host my own email, that’s also the reason why my email isn’t end-to-end encrypted, and probably never will be. By contrast, WhatsApp was able to introduce end-to-end encryption to over a billion users with a single software update.

⬐ nickez

Can you imagine a world where you could only use a specific phone model with a specific operator? or where you could only send text messages to people that is on the same network? If we can regulate phones we should be able to regulate social networks.

⬐ karatinversion

Wasn’t the iPhone originally tied to a specific carrier (can’t remember who, it’s been too long) in the U.S. until Apple obtained enough bargaining power over the carriers to get rid of this requirement?

Then again, this was never the case in the EU, where bundling handsets with a GSM subscription was banned.

⬐ lultimouomo

When the iPhone originally came out in the US it was locked together with a 2 year contract with AT&T.

⬐ grishka

And it took how long for people to figure out how to unlock it?

⬐ nemothekid

No amount of unlocking would have enabled you to use your iPhone in the second largest operator in the US; Verizon

⬐ grishka

Ah. Right. I always forget that the US is about the only country in the world where there still are widely used CDMA networks.

⬐ karatinversion

(Deleted my identical but less detailed comment)

Then again, this was never the case in the EU, where bundling handsets with a GSM subscription was banned.

But yes, we don’t have to imagine - and the change certainly didn’t come out of the goodness of the carrier’s hearts!

⬐ progval

> this was never the case in the EU, where bundling handsets with a GSM subscription was banned.

It is not: https://en.wikipedia.org/wiki/SIM_lock#European_Union

Last time I was looking for a phone (~8 years ago), in France, I had to check which ones were simlocked.

⬐ karatinversion

Huh, I lived in two EU countries so thought it was Union law, but turned out the national law in the two just coincided!

⬐ Too

Usually you had he option at least. Either fork up full price for unlocked phone, or take the subsidized monthly rental of phone with a locked SIM.

And while the second option does lock you into one operator for 12-24 months you still had the choice of which operator to tie yourself to, I don't think I ever saw a phone model only available on single provider.

Finally no matter which operator you chose you can still call people from other operators, even if they initially tried very hard to make this less pleasurable by allowing free texts and minutes within the operator.

> > signal is not censorship resistant by itself. And we should criticise them for that because it was a warning delivered in a timely manner and never heeded.

> I don’t believe Signal ever claimed to be censorship resistant to begin with. I just looked at their description on the App Store and nothing there mentions bypassing censorship.

Moxie's talk on Signal's centralisation and how (in his view) that makes it better than decentised systems explicitly claims that Signal is better at censorship resistance than "decentralised systems" (his comparison was basically limited to email and the argument was primarily that you cannot move email accounts easily -- in my view that's a pretty colossal strawman of distributed systems, but you can be the judge)[1].

This argument was based on the fact they do domain fronting (whoops) and that they can move their servers and update all clients simultaneously. I think it's more than fair to bring up that this argument is not true in practice and that other decentralised systems (such as Tor) are clearly far more censorship resistant than Signal. That doesn't mean you shouldn't help them solve the immediate problem though.

[1]: https://www.youtube.com/watch?v=Nj3YFprqAr8&t=1027

As if it was that simple; no it's not as simple as decentralization > centralisation. You might not agree with everything (I don't) but this video provides some good points https://www.youtube.com/watch?v=Nj3YFprqAr8

I trust Signal to try their hardest to solve communication, spitting on them is not the solution.

⬐ pseudalopex

I didn't watch the video but his article with the same title is almost entirely bad points.[1]

Email is end to end encrypted for people who make it a priority. It would be end to end encrypted for everyone if Google or Microsoft made it a priority.

The difference between XMPP and Signal is funding. Signal supports video on all platforms because Open Whisper Systems hired people to work on it. XMPP didn't because the popular clients are developed by volunteers.

People don't like using lots of messaging apps. So switching apps is much harder than changing your email address because you have to convince other people to switch.

Even Signal is moving away from using phone numbers.

[1] https://signal.org/blog/the-ecosystem-is-moving/

⬐ jampekka

Signal's been "moving away from using phone numbers" for almost as long as it's been developed. They've burned tens of millions of dollars and have nothing to show for it on that front.

Also they insist of making piece of shit bloatware clients and actively kill every attempt for someone to fix it. Because Moxie is always right apparently.

I really hope the situation is just due to incompetence and hubris.

⬐ baybal2

It's simple, very simple.

XMPP is by far more fluid, and "productive" when it comes adding new protocol features, or at least if you compare it with Signal.

Marlinspike is making up the problem.

A messaging client is as agile as its developers are, and in case of Signal, not that much.

Evolving a protocol, and developing new features is done by doing programming, and not by some philosophical discourses, and pooing over the competition on tech events.

A great talk by Moxie on this very topic: https://www.youtube.com/watch?v=Nj3YFprqAr8&

I have this to-watch talk marked as Signal & centralization, so it might provide part of the answer: https://www.youtube.com/watch?v=Nj3YFprqAr8

Moxie Marlinspike gave a talk at 36C3 about the issues of decentralized systems and why Signal decided to not go that direction.

In short, his argument was largely chat ecosystems are constantly evolving but decentralized protocols tend to ossify. Thus, decentralized protocols will ultimately not be able to keep up with the demands of the users.

https://www.youtube.com/watch?v=Nj3YFprqAr8

Lots of people point to email as an example. I'd like to also point out the phone system and its codecs as another example. Most phone calls behind the scenes are using SIP to handle connectivity. SIP is codec agnostic, you could technically use any kind of codec in the RTSP stream. Its a very decentralized protocol, and highly extensible. And yet it seems like almost every time you try and place a call, the only codec anyone else supports is G.711, a codec released in 1972 and hasn't had a major update since 2000. We're slowly seeing G.722 adoption now that the patents have run out (HD voice on cell phones) but even then this is spotty. Meanwhile every other chat platform out there has moved on to more efficient and higher quality codecs because all it took was the chat platform owner to push one version update out.

The decentralized communications network is only just now finally adopting and rolling out a _33 year old_ codec. Sure sounds like a win for decentralized systems!

⬐ cyphar

For the sake of balance [1] is the Matrix team's response. There are several other parts of Moxie's points I disagree with that are not addressed by the Matrix folks (and I previously wrote a 5 paragraph argument that addressed each of them), but I don't think it's helpful to just shout on the internet.

As for voice call codecs, when did the patents expire and why do you think that isn't a significant factor in adoption of different algorithms?

[1]: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom

Why he thinks centralisation is best: https://www.youtube.com/watch?v=Nj3YFprqAr8

(Title: 36C3 - The ecosystem is moving)

To me, it's a sound argument and he's convinced me. Fighting the status quo by constantly improving in a short amount of time is incompatible with decentralisation. It's the same reason e-mail hasn't been able to change and improve, or encrypted email still isn't practical, but I'll leave the meat of the argument to that video.

⬐ kixiQu

Well, if we're sharing their arguments, this was Matrix's response: https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom

I can only guess but it may relate to Moxie's at times somewhat brash behavior in Github issues and an ongoing debate over centralized vs decentralized protocols (with him advocating the former). He gave a talk addressing the (de-)centralization topic at the Chaos Communications Congress in 2019:

36C3 - The ecosystem is moving | https://www.youtube.com/watch?v=Nj3YFprqAr8

Moxie Marlinspike (the guy behind Signal) talked about his rationale for making signal centralized here:

https://www.youtube.com/watch?v=Nj3YFprqAr8

Its been a year and I'm still not sure if I agree with him - which is the sign of a very juicy talk!

⬐ godelski

I think it makes more sense to use federated protocols after you've reached a certain critical mass of features and usability. Look how much Signal has improved in the last 6 months. That would be harder with a federated system as people just don't update apps. I'll buy a push for Signal to become federated when it is fully featured (which may be pretty soon). Also at that point, what is to stop people from making a federated Signal? Or creating a fork that allows contact with the centralized server AND a federated space? Is it impossible to have a mixture?

⬐ josephg

> I think it makes more sense to use federated protocols after you've reached a certain critical mass of features and usability. Look how much Signal has improved in the last 6 months.

I agree with this, but I’m starting to worry if that time will ever come. I thought messaging apps had basically all the features they’d ever need years ago. But I was wrong. I use voice messages in signal and WhatsApp daily now. If it were up to me, we would have made a federation protocol years ago and these features would have to have been figured out through endless meetings in a standards process.

⬐ godelski

I don't think federation solves that, in fact I think it makes it more difficult. Signal is open source and we're constantly seeing people complain on here about its lack of features or whatever. If we can't convince the most populous location for programmers to help in that respect then how could we do it for a federated network? And even the server is open sources. So I don't see why you couldn't have a fork that is federated. Or an app that is able to talk to both the centralized server and federated servers. It seems more a will problem than anything else and I don't see why Moxie and the Signal team would focus on these features above other features that are actually helping get people on the platform (arguably more important than any aspect).

⬐ Triv888

You have to include an update mechanism in the core of distributed software?

⬐ lucideer

I watched that at the time. I found his insistence on comparing his 7-year-old centralised protocol to a 60-year-old federated protocol uncompelling: his point that "nothing changes with federated protocols" was slightly undermined by that gargantuan gap of inception.

Couple that with the highly conspicuous skipping over of XMPP (much more comparable, only the briefest of mentions, no mention of things like OMEMO), and ignoring of Matrix (the most comparable, and not a single mention). Overall it's a pretty ridiculous talk in this context.

He goes on to describe some challenges for federated protocols in their solutions to censorship, availability & control. On censorship, the challenges are real and it's QUITE EASY to reason about possible solutions. Many of which already exist or are in development. It's clear he hasn't spent much time thinking about this. On availability, his entire argument is "Yahoo mail exists"; his discussion here is just straight-up disingenuous. Finally, on control, he segues into unrelated areas around XMPP extensibility and seems to think extensions have no value without ubiquity (though fails to expand on his reasons for this conclusion). I'd agree XMPP's XEPs are highly flawed architecturally, but again... there's newer protocols, we've learned and evolved this already.

Leaving aside that the bulk of the middle of the talk is exclusively selling new features ("new techniques") of Signal that have no direct connection to the talk's stated topic ("distributed and decentralized technology"), there are a few salient points he made that I'd agree with:

1. Federated & decentralised protocols are by their nature harder to do, and harder/slower to change. This is true, but is by no means an absolute; it's a trade-off against other benefits.

2. E2E encrypted email is too hard and probably not worth doing. Yes, PGP is highly flawed, and in general layering encryption on top of a 60-year-old protocol is hard. (Though as above, his insistence on focusing only on email for comparison rather than Signal's direct viable competitors is telling).

3. Signal's E2E/crypto-specific innovations are cool, and current federated state-of-the-art is behind on many of them.

I'm curious why you value your phone number over your data.

I'm unsure if they will allow signups without phone numbers, but they don't store that information. Signal doesn't have it. [0][1] It is very possible they go around this though.

[0] https://signal.org/blog/looking-back-as-the-world-moves-forw...

[1] (time-stamped to only the important part) https://www.youtube.com/watch?t=894&v=Nj3YFprqAr8&feature=yo...

⬐ happymellon

Reasons:

> they usually mean that I have a substandard experience when I'm not on my phone

> I can't sign my children up so that we have a general chat tool.

This isn't a privacy thing, this is a general tool that is fundimentally broken if I'm not on my phone.

I'm not always on my phone, and my kids don't have phone numbers.

They are unusable.

⬐ godelski

I think these are fair points. I'll mention that I predominately use the desktop client and it works well since I frequently leave my phone somewhere else. But doesn't seem like a right fit for you until usernames and multiple device signup. Both are in the works though so maybe good for you in the future but not now.

⬐ Asraelite

> I predominately use the desktop client and it works well since I frequently leave my phone somewhere else.

In my experience the desktop client is slow, buggy, and takes eons to start up. There's also no web version, making it awkward to use on computers other than your own.

I would be more willing to switch over to Signal if it wasn't so lacking in this regard.

⬐ FalconSensei

If you don't have your phone with you, you can't sign in. Some services, like Whatsapp, will not work if your phone is turned off/broken

Moxie addressed the phone number issue[0].

To save time he mentions that owning a SIM card or a smartphone with a Contacts application that holds phone numbers is a portable social network by design.

Pushing his idea further it's much easier for anyone to learn the penetration of Signal by checking against existing phone numbers. I can't imagine someone with a 200+ phone numbers querying service to validate a phone number is registered with Signal.

And while nicknames sound perfect in theory they lack one specific thing — validation of authenticity of a speaker. By this i mean an impersonator can claim the username and pose as someone else. Given a lot of people use transparent nicknames on the internet, it can pose a threat. So even when the nicknames roll out as a feature of Signal, it's good to facilitate somehow that a party i'm in contact with is someone genuine. Checking against phone numbers can mitigate the risk of fraud.

[0] https://youtu.be/Nj3YFprqAr8

⬐ saurik

You are defending why phone numbers are useful, but are completely choosing to ignore the point I am making about the tradeoff of who you trust.

To be even more explicit about it, in the hope you understand: the vast majority of people trust large companies (which is bad but frankly not insane) but absolutely do not trust random assholes/creeps on the Internet. The security model of Signal is saying you don't have to trust Signal, but you weirdly do have to trust all of the random people you interact with with your phone number.

And so, in the context of this thread, that explains why someone would claim Telegram is actually better than Signal, because what people do with Telegram is join massive group chats that are either 1) public, 2) have so many people in them that if you think what you say isn't going to be logged you are fooling yourself. So the value of end-to-end encryption in this context is essentially zero; but, being able to join some large group chat with a ton of strangers to talk about some open source project or whatever you are doing without any of those people now knowing your phone number--an identifier which is tied to a large number of "real world" concerns and is ridiculously difficult to change--is actually extremely valuable.

Honestly, even if you aren't quite in those sets, the tradeoff still isn't an obvious win for Signal. As an example, let's say you are in a group of people talking about a protest. Are you more concerned that the company relaying your messages will be served a warrant to monitor your chat activity (which generally has some requirement of probable cause for a specific action, and likely requires knowing about the existence of a chat in the first place) or that one of the people in your group chat is actually a traitor or even an undercover cop (which can get in a number of groups and pretend to be an ally while passively monitoring for things they want to shut down)? The latter is actually a much more realistic attacker model, and with Signal now that person has your phone number, which means you are screwed. Using Signal correctly here requires getting a burner phone, which is way more effort than is reasonable.

The use cases for the privacy and security model of Signal are thereby inherently limited to people you trust with your phone number. Like, it is sometimes difficult enough to get people to want to use text messages sometimes as they don't want to give out their phone number: Signal doesn't solve that, and so is confined to the subset of communication that people currently do over SMS(/iMessage) and can't really ever begin to carve into the market share of Telegram, or even Facebook.

And so, realistically, Signal does not, can not, and should not manage to displace Telegram, which I say with sadness as I am someone who has not and likely never will forgive Telegram for claiming security properties their system didn't have (like, I am not Telegram fan, and while I have the app I only use it a few times a year; that said, this is more than I am willing to tolerate Signal, due to a number of reasons that are mostly unrelated to anything in this comment).

(And FWIW, I personally would not recommend usernames, and in fact would personally be much more angry about that than phone numbers for various reasons; if Signal decides to roll out unique choosable usernames I am honestly probably going to hate on it even stronger because of it: you are arguing a strawman here :/. But to claim that phone numbers are fundamentally better is awkward regardless, given how phone numbers aren't even a good security layer due to the prevalence of number porting. This is just one of the many devastating things that Moxie is wrong about.)

⬐ gdmka

>>You are defending why phone numbers are useful, but are completely choosing to ignore the point I am making about the tradeoff of who you trust.

You're swiftly jumping to conclusions on a comment that only describes a point of view. Not my own perception of how the trust model should be established and the capabilities current messaging services provide.

>>... but, being able to join some large group chat with a ton of strangers to talk about some open source project or whatever you are doing without any of those people now knowing your phone number--an identifier which is tied to a large number of "real world" concerns and is ridiculously difficult to change--is actually extremely valuable.

As someone who suffered harassment by getting the p/n exposed at Whatsapp and being followed by the same person almost everywhere where's it serves as an id (Signal, Telegram) i wholly share your concerns. But it's a privacy matter that almost none of the current messaging platforms really offers bundled with solid UX and data transparency.

What am i trying to convey by how i comprehend Moxie's rhetoric is that Signal tries to be a Whatsapp alternative (given the latter really can access messages in a group conversation when a participant reports contact) by not harvesting the user data (cheers Telegram) and providing little bit more control over the conversation on both ends (self destructing messages). Signal has bigger focus on security right now however the use case is to be accessible to a wider audience. From that point of view Signal really stands out. And it helps me personally to, sort of, separate communication spaces.

>>Honestly, even if you aren't quite in those sets, the trade off still isn't an obvious win for Signal. As an example, let's say you are in a group of people talking about a protest.

Look, if you propose Signal needs to accommodate guerillas, rioters and protesters organize and act with impunity it's a privacy issue and Signal isn't serving this purpose.

⬐ egberts1

Ummm, Moxie Marlinspike requested that this presentation not be recorded. We should delete this link as well.

⬐ erazemkokot

He linked to the video himself in the Looking back as the world moves forward (https://signal.org/blog/looking-back-as-the-world-moves-forw...) article.

⬐ GekkePrutser

That's quite contrary to the whole CCC philosophy though of freely sharing knowledge. But indeed he linked to it himself.

One thing I don't like about Signal though, is that he forbids third-party clients. It's a bit contrary to owning your information, which is one of the points he makes in the talk. One of the reasons I want this is to integrate all my chats into one single app - there's too many apps right now screaming for attention. That's why I'm more a fan of Matrix, which is truly open.

⬐ dang

https://news.ycombinator.com/item?id=21904041

See also https://news.ycombinator.com/item?id=11668912

I saw Moxie Marlinspike's talk when it was posted on CCC's official channel [1] and was disgusted by it. The talk has been now censored and video was made private. It was one of the most defeatist talks I've ever come across when it comes to messaging and privacy. His message was basically that anything you do is pointless and that his and WhatsApp/Facebook's way is the right one.

I've used Signal on few occasions in the past but his talk made me uninstall it. I simply do not trust him after hearing his opinions. I do not support centralization and other ideals he's now pushing (including the use of a phone number as Signal's primary ID).

The talk was mirrored on few channels on YT [2] and you can still see it.

[1] https://www.youtube.com/watch?v=DdM-XTRyC9c (it's a private video now)

[2] https://www.youtube.com/watch?v=Nj3YFprqAr8 (working link, who knows for how long so mirror it).

⬐ tptacek

You were "disgusted" by the talk? The controversial parts were spelled out in a post Moxie wrote 3.5 years ago, with the same title. The only deviations are new privacy-preserving features Signal is building, one of which is intended to address the most common objection to Signal (the use of phone numbers as identifiers).

The talk wasn't "censored"; the conference made a mistake by recording and posting it in the first place.

⬐ ATsch

I think if Moxie had framed this from a perspective of "centralization has some advantages, so how can we make a centralized service as safe as possible" the outcry would be much less. Because signal is genuinely doing some very great stuff in that area. But the framing as a dismissal of decentralized solutions as unworthwhile is very frustrating, especially when it so transparently overlaps with his business interests.

⬐ alerighi

Yea, how can we talk about privacy of a service that I need to register with a phone number (and in my country to register a phone number is obligatory to give your ID and signature, you can't activate a SIM card anonymously)

Centralized services should be avoided for a multitude of reason, the primary one is being dependent on some company that offers you the service and can and probably will shut down one day, with the result of loosing all the things you had on that service.

Look at the past, how many centralized services closed down and we lost all our data? Instead decentralized services are still up and running: email, usenet, IRC, even if unfortunately a bit forgotten these day (with the exception of email, even if most of people uses GMail anyway so it's in fact centralized...)

⬐ giancarlostoro

Wire seemed like a decent alternative where you're not required a number, I think only an email. Also you can delete your account.

⬐ cren

I read on a privacy-oriented website that Wire was purchased by an American company not trusted for its record on privacy (or perhaps it was that since the company is American, their data can be read by the US govt.). I can't find it now though. There isn't anything mentioning it on the website of `www.privacytools.io`: https://www.privacytools.io/software/real-time-communication...

⬐ tptacek

That seems unlikely, since they just raised 8MM a few weeks ago.

⬐ giancarlostoro

I never continued with Wire cause... nobody uses it, even less people use it than Signal. I think Keybase is the next best thing to some extent.

⬐ tptacek

It's fine, but you should know that pretty much everything Moxie and Signal talk about contrast sharply with Wire. For instance: last I checked, Wire stores your entire social graph on their servers in a database --- effectively forever, Wire stores a plaintext log of everyone you've communicated with.

⬐ giancarlostoro

On the other hand, Wire lets you look at their server code, I assume there's nothing stopping you from hosting your own server.

⬐ tptacek

What source code does Wire let you see that Signal doesn't?

⬐ xorcist

To be fair, since there is no remote attestation possible for the Signal servers, and you realistically can't run one yourself, you only have their word that they don't store any of that information.

This is similar guarantees that a lot of other chat and VPN companies offer. Personally I would consider any information given out to a company non-secret, especially to those operating outside my jurisdiction.

⬐ tptacek

The difference is that Signal's competitors are designed in such a way that they have to keep this information, and Signal has delayed key features, like user profiles, until they've managed to create designs that don't have these restrictions.

So the logic you're using here is essentially: "since we have to take Signal's word for some part of this, we might as well use services that promise the exact opposite". I don't find that argument persuasive, but you do you.

⬐ xorcist

There's no reason to caricature anyone's arguments here. Why the antagonism?

⬐ tptacek

Help me understand where I've lapsed into caricature?

⬐ dbrgn

Not all Signal alternatives store user information on servers. Threema for example has fully decentralized groups and even decentralized profiles (while Signal uses encrypted-but-centralized profiles, and their new Private Groups system moved from decentralized to encrypted-but-centralized as well).

⬐ haffenloher

Maybe I'm misunderstanding what you're trying to say, but remote attestation is in fact exactly what they're doing with their contact discovery: https://signal.org/blog/private-contact-discovery/

⬐ sudosysgen

SGX is crypto that is already exploited and broken, it offers no real use in this context.

Oh, and I forgot, you do need to essentially blindly trust Intel.

⬐ tptacek

I don't really care and think this is all a red herring, since every other mainstream messenger doesn't protect this information at all, but instead stores it in plaintext databases.

⬐ sudosysgen

Yes, but it's barely better when reconstructing the social graph is so easy.

Also, Matrix offers a possible alternative.

⬐ tptacek

What makes you believe that?

⬐ tialaramex

> You only have their word that they don't store any of that information.

No, we have the fact that they don't collect it in the first place. The whole point of the Signal design, reflected in the published source code, is that the server doesn't need this type of information and so it isn't sent to their server at all.

As Thomas explained this takes a bunch of extra effort in the Signal design, hoop jumping that normal users will never appreciate. Moxie believes this is worth doing, although I think people's constant cynicism is gradually wearing him down or maybe that's just the jetlag.

If you tell me and Alice and Bob your real name, and then it's leaked to the press, I guess I sympathise if you distrust me as a result even though Alice is a famous gossip.

But if you only gave Alice your name, and then you distrust me because she sold it to the press that makes you a crazy person. "It could have been anyone". No, it couldn't, it was Alice. She's the only person you gave it to.

⬐ inputmice

> I simply do not trust him after hearing his opinions.

Same. My stance towards Signal has always been very agnostic. I didn’t really see the benefits over the widely deployed WhatsApp but I was like yeah what ever. That talk has changed this. Now I think he is a fascist (In the original meaning of the word; not the gas all the jews.) and I wouldn’t recommend anyone to use Signal.

⬐ slipheen

I don't particularly like a centralized model either. Federation is much more difficult, but can create ecosystems which can survive longer/better than a single company can.

But on the specific issue of phone numbers as ID, they have been making some substantial progress on a technological solution to address this, specifically without running central servers.

https://signal.org/blog/secure-value-recovery/

Actually Moxies talk "36C3 - The ecosystem is moving" was recorded: https://www.youtube.com/watch?v=Nj3YFprqAr8

⬐ novok

It was mostly stuff he has said in previous blog articles, so you are not missing too much.

⬐ liamcardenas

He didn’t want it to be, though.

https://twitter.com/moxie/status/1211427007596154881?s=21