A more accurate title could be “Privacy is Priceless, but Centralization is Expensive”: with the era of cheap money coming to an end, grows a lot of uncertainty regarding the future of some large internet services. Signal is no exception and this emphasises the importance of federated alternatives (XMPP, fediverse, …) for the good health of the future internet.
Decentralization is expensive too judging by some of the sentiment I’ve seen around running Mastodon and Lemmy/Kbin instances.
Right? People simply expect someone else to pay the bills.
Yup, it has a cost, but there’s perhaps a one or two orders of magnitude cost difference between hosting instant messaging + calls with something like XMPP, and hosting mastodon/Lemmy/Kbin (or why I do the former but not the later, and why I’m ok to pay for the service, esp. considering that my instance’s business model isn’t, unlike Reddit, to re-sell influence and data).
deleted by creator
How does does decentralization avoid the costs that Signal laid out in the blog posts?
I laid it out elsewhere in this thread, but in short, costs grow non-linearly with scale: you can run thousands of users on a RPi, but a million users requires whole datacenters. Decentralization not only helps with not requiring “whole datacenters” in the first place, they also enable maximization of resources: if you have a NAS at home, or a RPi hanging around, a router idling somewhere, or an abandoned smartphone in a drawer, you can probably host enough accounts for all the people that you’ve ever met in your life. And there are hundred of thousands of such underused devices everywhere, which, put together, would be sufficient to host the whole world multiple times around.
The other issue is sustainability: with this centralization comes single point of failure. It’s no big deal witnessing the disappearance of one or few providers of a federated network. Accounts and data can be migrated easily. For most users, it’s invisible. Now compare this to Signal running into financial issues: you are contemplating million of users losing access to their account and their data, and having to re-bootstrap their whole social graph elsewhere. This is another level of “cost”, or price to pay, for centralization.
Who is maintaining all these “unused” devices that you will want working pretty consistently? Who is responsible for replacing hardware when it dies? Who is looking into it when someone stops receiving messages? What happens when the person hosting thousands of users just stops wanting to do it? Who migrates these accounts?
Frankly, your argument sounds more like wishful thinking than anything practical. You’ve basically described the plan as “Magically some devices in someone’s basement will suddenly start running a messaging service, maintenance free, from now until the end of time”.
This isn’t wishful thinking, this is in defense of a model where our digital needs would be distributed at a level lower than that of the tech majors, which was commonplace before everything on the internet was so consolidated.
I’m not saying that everyone should self-host, I’m saying that federated services could be hosted at family&friends/regional/national levels, simultaneously, and deliver a resilient service at a negligible cost. Hardware, which is very much a problem for Signal & al right now, wouldn’t be in a distributed model, and could be donated and repurposed easily. My example was perhaps a bit too extreme, but I think you get the gist of what I’m saying.
Step 1. Make it federative Step 2. Stop fucking hosting your shit on Amazon servers. Step 3. Profit
Even if they federated (which I doubt they will do), someone would have to foot the bill for those servers. Same thing on lemmy, someone’s eating the server costs here even if it isn’t a major corporation.
I kind of liked WhatsApp’s initial monetization model. It was free for the first year and then $1 per year after that. With 400 million users, that’s a good chunk of change. Assuming only 25% of people would pay, that’s still a good chunk of change. I think Signal should adopt something similar.
I think just like Proton provides free services for the greater good, Signal should do something similar. Even special emojis works well IMO. They give you a badge at least
Agreed. Not ideal vs. a federation, because Signal would still be in a position of total control over the network, but with less incentive to go against its users.
They should post a average price per user so we’ll know what’s the minimum to donate (probably 5$ which is the minimum in the app IIRC)
Divide 50 million by the number of users?
40 million active users, 50 million for 5 years. So I guess 1.25$ if everyone donates, or 5$ if just 25% do. I’ve done my part then
Ended my donations to Signal after discovering they choose Google Hosting Services over open source and privacy respecting alternatives.
What is a better alternative than signal?
XMPP
As I wrote elsewhere in this thread, XMPP would be my preference. It just works. In fact that’s what the other messengers (at facebook, Google, …) already use, but chose to put behind a walled-garden.
What matters is that whatever comes next (or, from the past in the case of XMPP) is federated, so no single organization has a single-handed control/monopoly over the network. Matrix and SimpleX are federated alternatives to XMPP, but I don’t see Matrix stabilizing any time soon, and SimpleX just isn’t ready yet. XMPP can offer you today an experience that’s comparable to WhatsApp/Signal/Telegram/…What’s the issue with Matrix? I’ve tried both Matrix and XMPP but stuck with Matrix because it just works. XMPP is also good but it lacks a good Android client (The available clients look very outdated, and honestly, pretty ugly). It’s also kinda hard to know if your client or server even supports all the extensions that are needed.
I’ve tried both Matrix and XMPP but stuck with Matrix
And so did I but ended up with XMPP instead of Matrix. Self hosting my messaging was important to me, and the cost of doing so is prohibitive with Matrix, the protocol and its implementations are just that inefficient, and there has been no progress in this area for as long as I’ve been keeping an eye on it. In my eyes, Matrix is broken by design.
Now, Element is indeed a decent client, and above the average of all XMPP clients, but what matters is for XMPP to have at least one great client per platform, which is undoubtedly the case. In practice, all my daily messaging happens over XMPP, the people I interact with are far from the nerdy type, and to them it’s pretty much equivalent to WhatsApp & al.
Back to Matrix, besides the fact that after a decade there hasn’t been any progress towards diversifying implementations (it’s so messy, complex and changing that it’s basically the same people implementing both client and server sides, and there is only one viable implementation to this day, by one entity), which is a big fat red herring, the entity who’s behind 95% of the code of Matrix is now facing severe financing challenges. The future of Matrix is all but certain because of that, and there are reasons for concern.
I don’t “hate” Matrix/Element/the Foundation, I just don’t understand why they painted themselves in the corner they are in today, and rode the pipe dream of their broken protocol for so long. Would they cease to exist, it would look like natural selection to me. They are just not competitive and sorry if it hurts.
I love XMPP, but I can’t recommend it as a reliable alternative to Signal. I find that encrypted communication is hit or miss with it. I had a problem just this week with it. I got a message delivered to a dormant Movim account I use, and I received it in my mobile xmpp app, Cheogram. I received it fine, I replied once fine. I went to send another message and it failed. I went to Movim in my browser, logged in to my account and was able to send. This is pretty typical in my experience-- some kind of mismatch or failure to negotiate between clients.
Sorry to hear. I’ve been using omemo (e2ee) without a single message lost since… perhaps 5 years ? I also don’t use movim (I don’t trust its model and level of stability/maturity, especially with regards to doing e2ee in the browser). I would not recommend “XMPP via Movim” either.
Edit: a word
I don’t really use Movim either. I set up an account some years ago while testing different federated social networks. However, I have had that same type of issue with more ‘normal’ xmpp chats. It seems to me that the development is a bit too fragmented. I am hoping for continued improvements though :)
Ehhhh
Signal lost a lot of my love when they removed SMS support
Lol, that was the worst feature ever. If you forgot disabling it at install, it was nearly impossible to see it’s going to be a sms or signal message. (Especially for people who aren’t tech savvy)
To dislike the feature is one thing, to not understand why ithers valued it is a whole pther ball game of ignorance
That is dumb that they’d remove a feature, but I tried it and switched back to a dedicated texting app. The feature wasn’t full featured enough for me to want to use it.
Not being able to copy my SMS message history into Signal kept me from switching… Well, I might have anyway if googie didn’t make it so their app only lets you see your message history if you make it the default
WDYM SMS support?
20M USD for 50 employees? ~400+k per employee is nuts!
There are European engineers working at private companies for less 20% (1/5th) of that - if even that! They aren’t worse than their American counterparts. Signal could increase their team sizes by at least 30%, maybe even 50% if they hired engineers and other employees from Europe.
If signal paid 100k for European engineers to work on opensource software, mate, they’d have absolute no problems retaining them. I personally don’t know a single engineer earning 100k on the European mainland. Not one.
Edit: seriously, wtf. I’m all for paying employees well and it’s great that Signal has a dedicated workforce, but 400k? I’m fine canceling my donation. My jaw is still on the floor.
Use Session instead. Open source, E2E encrypted, onion routed, no phone numbers. https://getsession.org/
Audited too. https://blog.quarkslab.com/resources/2021-05-04_audit-of-session-secure-messaging-application/20-08-Oxen-REP-v1.4.pdf
So, what would be the appeal compared to XMPP?
I will preface this with, I may be wrong, but as I understand it xmpp is just a protocol. One that, unless it’s been revised, imparts no encryption at all. Signal, and Session, are full architectures that enable all of the afrementioned features from my initial post including server and client.
Everything you might use relies on a protocol down the stack. XMPP happens to be the only one to date that is an internet standard (IETF), is extensible by design (past/present and future use-cases can be build into it, what makes it still relevant 25 years later), is federated (but not P2P, a good trade-off for mobile usage), has a diverse/multi-partite ecosystem of client and server implementers (sustainable and resilient), and is deployed successfully at scale (on billion of devices).
unless it’s been revised, imparts no encryption
Today’s XMPP uses the same E2EE as Signal/WhatsApp/Matrix/… XMPP had end-to-end encryption 10 years before Signal was invented
Sure, now which pre-existing piece of xmpp based software checks all the feature boxes as noted by both Signal adherents and myself regarding Session? Are you implying the lay user code their own? If that exists you could have just linked to it rather than engage in whatever this is.
Sure, now which pre-existing piece of xmpp based software checks all the feature boxes as noted by both Signal adherents and myself regarding Session?
All of those. Essentially you would have to go out of your way looking specifically for incompatible clients.
And “incompatible clients” is simply the natural state of any technology that’s been around long-enough. The only way Signal fends itself from this is by mandating its own client and version (and banning anything else, technically or from its ToS) which is terrible for a bunch of reasons (you must agree with Signal’s direction and whatever features they might decide to add and remove for your own good, you cannot use Signal on devices/platforms that Signal has no resources/interest to support, etc). If Session is in any way open, and assuming it ever becomes successful, it will face the same challenge (just like Matrix does).
waaahh centralizing millions of slightly-privacy-aware people’s metadata on Amazon’s servers costs a lot of money, waaah
Which metadata? Please elaborate
Which metadata? Please elaborate
- When you are online
- Where you are online from
- When you receive messages (and their size)
- When you send messages (and their size)
- Who you are communicating with (including individuals, and what groups you’re in).
Those last two are supposedly hidden by their “sealed sender” feature, but, that is a farce because you’re connecting to their servers from the same IP address to send and receive and you need to identify yourself (with your phone number) to receive your messages. So, the metadata-hiding property that “sealed sender” purports to provide cryptographically is actually relying on their (Amazon’s) network infrastructure not to correlate the information available to it.
Signal says that they don’t retain any of this metadata, and I think it is likely that Signal employees are sincere when they say that.
But if someone with the right access at Signal’s ISP (Amazon) wants the Signal metadata, they can get it, and if they can, then anybody who can coerce, compel, or otherwise compromise those people (or their computers) can get it too.
One can say that the adversaries they’re trying to protect against don’t have that kind of capability, but I think it isn’t reasonable to say that Signal’s no-logging policy (much less their “sealed sender” cryptographic feature) is protecting metadata without adding the caveat that routing all the traffic through Amazon does make the metadata of the protocol’s entire userbase available in a convenient single place for the kind of adversaries that do.
And if you’re completely confident that the adversaries you want to protect against are unable to compromise the server infrastructure, why would you need e2e encryption at all?
note to lemmy regulars, if this comment sounds familiar...
i copypasta’d bits of the second half of it from an earlier comment that I made on someone else’s now-deleted post
Motherfucker actually elaborated. Kudos
Signal is a lie.
