Signal is a secure messenger that is widely touted as one of the best options. This Signal review shows you the pros and cons.
"When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on."
This isn't an ad, I wasn't paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. ๐ ๐
I still don't understand why they did that, I used to use Signal for everything and while it was clear that it couldn't encrypt basic SMS I could at least do all my messaging in one place. Now, I can't communicate with 80% of my contacts via Signal even if I wanted to, forcing two separate messaging apps.
Just let me send unsecured messages. It's fine. As it stands now I don't think I've even opened Signal in nearly six months even though I'd much rather use it than the default messenger.
Basically, it makes the whole platform less secure because you could accidentally send a non-encrypted message at any time. With SMS-free Signal, at least mistaken sent messages are still E2E encrypted.
Is their goal to become the new de-facto messaging app? Or is their goal to become the most secure messaging app for whistle blowers, etc for whom a single mistake could mean losing their life or their freedom?
Sadly, I think they saw the writing on the wall with Google's RCS push, and the decided lack of RCS APIs for Android apps to implement an RCS interface outside of Google. SMS has a lot of staying power, so it won't happen overnight. But there's a good chance that third-party RCS apps on Android will never be a real thing, or will forever end up hobbled. I think the Signal product folks imagined they had a LOT more clout than they actually had in the community. Sort of a less disastrous version of the Twitter and Reddit changes this year, trying to lock folks in.
Cuz, it was about killing functionality in order to grow their market share. Just go listen to the new lame ass Signal CEO. It's capitalism that ruined Signal like it does everything
Yeah this same thing happened to me. I rarely get messages in signal anymore and can't reliably know who still has it installed. It's great for folks you are in regular communication with though.
Yupp. Had been working for a while on getting people to Signal, and then they dropped SMS, and they moved to other things and i couldn't realy recommend it anymore.
Not only that, it makes people less likely to move to something new. I had almost everyone moved to signal. Now there's one left, because it doesn't work for SMS. Great choice they made. I haven't even been able to convince one of my contacts to install simplex, and I doubt I'll ever be able to. I had one shot, and wasted it on signal. I'm kind of salty.
This was always the hardest part of these types of apps for me... getting people who just want something to work and already have a working thing are pretty impossible to get to swtich
I removed it immediately because of this. It's inconvenient to try and remember who I can communicate with through signal, and who I have to use a different app for. Signal jumped the shark.
Yup, I used Signal for years, it was my standard "messager" for everyone, people with Signal too or regular SMS. since they dropped SMS, I dropped Signal...
The worst part of using Signal is to try and convince all your friends/family to use Signal. Otherwise itโs a pretty great messaging app. You canโt edit messages once theyโre sent, but other than that itโs pretty great.
I used to donate to Signal, and they made the stupidest fucking decision I've ever seen.
You used to be able to use signal (at least on Android) as your default messenger app, sending encrypted Signals to other users, or SMS to non-signal users. Have a normie family member who doesn't know about computers? Easy, set it & forget it.
Now? They removed that functionality, so it only works for other signal users. Someone else had a good metaphor: imagine if http and https needed different web browsers & you couldn't see one on the other. How well do you think https uptake would have been?
I think that might be a narrow view though. Most of the world likely doesnโt use SMS anymore (for probably a decade). So removing SMS didnโt make much of a difference there, but increased security. Especially when people are used to use multiple apps anyways.
So the better analogy would be โimagine if gopher and http needed separate browsersโ. Except they do.
Lmao WHAT? They seriously did this? Yeah say goodbye to having my boomer parents understand anything else other than whatโs loaded on their shitty $50 android phone they got for free from their shitty CDMA providerโฆ
But you CAN delete messages for after they are sent if the chat is set up that way. You can also set chats up so that messages can't deleted. Or so that all messages expire and disappear after a period of time.
I wish they hadn't gotten rid of SMS though, that was the biggest sell for me over other options. I'm never going to get more than 2 or 3 people I regularly text to switch...
Yes lol same. And because of the verification code that needs to be typed in every so often, my messages never reach them. I have to text them, โhey go to signalโ, and then it finally goes through.
Fun fact: on Android after not using an app for more than three months (the exact time can vary by manufacturer) the OS will remove permissions including notifications (suppressing the app's ability to run in the background) to save battery. So the app will literally stop working.
For a seldom used app like Signal that's hurt from a lack network effect, this triggers a death spiral outside of the privacy enthusiast community. When it had SMS support this guaranteed some usage, but now that's gone.
Because they turned away from the original founder's philosophy, which is that 'perfect security' is a pie-in-the-sky novelty that isn't actually useful to anyone, and what's actually important is security that people actually use. Even if it's slightly less secure, it's still a net positive because people are actually using it.
When he left, a google CEO took over and frankly it's just been one terrible decision after another- cryptocurrencies, 'stories', stickers, removal of SMS, all kinds of stupid shit that drove people away.
I used to have nearly 50 people on my signal contacts list. Now there are 3.
Here in the Netherlands no one uses SMS, purely Whatsapp. So removing this functionality, though often complained about by people presumably from the US, did not hurt functionality at all here.
I also like the features like Stories, it's a direct competition with Instagram/Snapchat, though just like Whatsapp Stories, barely anyone will use it.
Yes I am in the US and I understand that this is a US centric problem though SMS is the feature that set signal apart from other secure messaging apps and made it slightly easier to get people to join. It was a nice alternative to imessage on android as opposed to yet another messaging app. Even in the US I have had to use SMS, WhatsApp, fb messenger, instagram's DMs, Line, Group me, Matrix, etc, to talk to different people and I was not going to convince many to switch to signal (I tried).
They tie themselves very closely with Google services, to the point that they refuse to be on FDroid by design
There was a long period when they stopped publishing server side code when they were bashing others like Telegram for not open sourcing their server side code
Their Linux desktop client is absolutely horrible.
They tie themselves very closely with Google services, to the point that they refuse to be on FDroid by design
While they do push the Play Store version, they also have an APK, and my understanding is that it does not rely on Google Play Services, though it might be buggier without them. If I recall correctly, the origin of Signal not being on F-Droid was related to the building and signature model that F-Droid used (builds by F-Droid, then signed by F-Droid's keys), as mentioned in, eg, this issue. With that said, it has been pointed out that there are alternatives, like a separate repository, than, eg, the Guardian Project uses, and F-Droid apparently does now have a process for developer-signed apks.
Their general hostility toward outside developers and forks, however, and that the awkward server side code availability seemed to be related to the brazenly problematic cryptocoin advertisement, are extremely disappointing, however.
Just to confirm what you said, I used Signal on LineageOS for over 6 months with no Google Play Services (installed through Aurora Store) -- definitely doesn't rely on them.
All fair complaints. I've managed to switch over all of my contacts to Signal (that I care to talk to, at least).
My biggest gripe is no back up support on iOS, meaning that if I lose my phone I lose everything. People have tried hand waving it away as a privacy feature, but I think backing up messages is a bare minimum for a messaging app - especially with the released of Advanced Data Protection for iCloud.
Signal is great for communicating with people you donโt mind sharing your identity with. Would love to see signal implement usernames. Iโm really into simpleX chat these days โreally cool project.
It was almost certainly to reduce operating costs, but I doubt they lost a significant number of users over it. The vast majority of their users are in countries where SMS isn't really used anymore.
This isnโt an ad, I wasnโt paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. ๐ ๐
I use Signal but it's on its own path to becoming enshittified too. Less like Reddit, more like Firefox, the people in charge are just clueless about the signal userbase.
It won't be long until there's a shift to an alternative because the current president of the signal foundation is one step away from turning it into Snapchat.
Instead of pumping money into increasing awareness or enhancing reliability of the service, the Signal team have wasted effort on features that nobody asked for, including its very own crypto shitcoin (a major red flag for any company). They also remove features people relied on, such as SMS support.
It's hard to trust the Signal team when they continually disappoint in such egregious ways.
I pretty much dropped Signal after they announced they were losing SMS support. It's hard enough to sell my peers on another messaging app as it is, and Signal's UI choices have been frustrating from the get go.
For what it's worth, Google has picked up the same or better end-to-end encryption as Signal for users of its default messenger but will likely never do away with SMS support.
That said I convinced a member of my family to join signal and we text on there for a bit and then the connection broke. Like we could not text anymore nothing would go from me to them it would just stay in limbo as sent.
I've switched to a dumb Nokia phone two years ago, so can't use signal but I've always liked the service, I'm so sad to hear that... I've always assumed that one day I'll be getting the Punkt Pigeon phone, but these news are making me reconsider.
Oh, no SMS support. Then there's zero reason to use signal, then. I'm never convincing all of my friends to switch, and I don't need another messaging app for the two that do.
I thought that they do know what they're doing, but crypto? Really? I wouldn't mind if they moved Signal to use smart contracts for messaging, but call they have to come up with is crypto? Lol.
I wouldnโt mind if they moved Signal to use smart contracts for messaging, but call they have to come up with is crypto? Lol.
You do not need crypto to call with it. It is simply a payment mechanism. I don't see anything wrong with it. If anyone is uninterested, they can simply turn it off or not use it. Conversely, burning up fees to interact with smart contracts to message is what seems more silly to me. There'd be no opting out of that.
I just wasn't budging. Refused to use WhatsApp and texted people instead. Slowly a lot of my friends switched and realised signal is better in every way. Even my parents find it the best as it is the easiest for them to use.
I don't know. People can't keep up with everything (like tech privacy news) in life and now out of their 100+ contacts this one person wants them to switch to this different app that nobody else seems to be using.
Welcome to life after 40 - Iโve been an early adopter all my life, but my network hasnโt moved with me.
As a result joining Snapchat has no value for me.
So I tend to use apps that are friend-agnostic like this and TIkTok.
Side note: my fave messaging app is Confide, it only reveals redacted words as you run your finger over them, and then deletes. So itโs impossible to screenshot.
It sounds like you'd still be able to take a video of it, then do a little bit of filtering and you'd have an image of the whole message. It'd take slightly more effort, but it's not "impossible to screenshot."
Yeah I really wanted to switch to Signal from Whatsapp but people don't want to try new messaging apps. Nowadays I use telegram but it's just bots and 2 or 3 friends.
I got rid of Signal after they added cryptocurrency to their app.
While I have no issues with cryptocurrency itself, it was a reminder that they have full control over the app. Now I happily use XMPP and Matrix for communication with friends and family.
Yup, this is also my problem with Signal; you're stuck with whatever boneheaded decisions the devs make and there's nothing you can do about it. Personally, my pet peeve is their refusal to add any kind of data export. As someone who likes backing up chat history, this is a dealbreaker for me.
Indeed. I opened the Signal app after a really long time last week and found that they had added a useless Stories feature like WhatsApp. I uninstalled the app since I never used it anyways.
Edit: Looks like Signal stories can be turned off unlike WhatsApp stories. That's a win I guess.
Exactly. I sometimes switch my SIM card between two different phones; Signal makes that process super confusing and awful because your Signal account, on a phone, doesn't just behave like an account, it has hooks built into your phone and messaging apps. Telegram, on the other hand, lets me set a password and use 2FA via email and then just... log in. Honestly it seems so much simpler I can't understand what the Signal devs are up to!
Random question as Im very interested in using XMPP:
Are public homeservers fine as long as you enable encryptions?
And is there a list of recommended homeservers?
Im aware you can self host, that just is not an option for me currently
It's certainly not a scam, and it is a reliable, private messaging app, don't get me wrong. It's just not decentralized/federated, and that's the issue for me.
Since we're all using Lemmy, an open source, decentralized, self hostable platform, wouldn't suggesting Matrix make much more sense?
I host a Matrix and Lemmy server. Even if Signal is completely trustworthy now, will it always be? It isn't my server and it's a single point of attack for anybody (including governments) to insert (or demand) a backdoor.
It is kinda slow, the clients it has are bad and also this https://news.ycombinator.com/item?id=32780665#:~:text=based on...-,If%20you're%20privacy%20focused%2C%20do%20not%20use%20matrix%E2%80%A6,metadata%20it%20leaks%20is%20astonishing.&text=The%20metadata%20that%20Matrix%20%E2%80%9Cleaks,email%2C%20or%20OMEMO%20encrypted%20XMPP.
It may not be perfect yet, but ill take the superior design approach (decentralized and self hostable) any day. The details can be improved over time. Matrix can improve its metadata handling, signal will never be decentralized and self hostable.
On top of that, if you get your friends and family on your instance like I have, the metadata isnt even a problem since everything is contained on my server anyway.
I found the hardest part was convincing people to move away from the incumbents such as WhatsApp / FBM etc as all their contacts / friends / family were already using those platforms.
Same, I tried to move to Signal a couple years ago, but I couldn't get anybody except one friend to follow, so I gave up on it. I would try again, but I know it wouldn't go any different, yet.
Depends on the use case. For one on one messaging or small group chats, Signal is great! If you need a Slack/Discord replacement, Matrix is your go to.
I gave up on Element. It was using more battery than any other app and I didn't know anyone else using it. Now I'm just using Session or Telegram for anonymous messaging. Yeah, I know Telegram is not ideal.
This is why it was so good that Signal supported SMS. It was much easier to get people to switch when they didn't have to think back who was on Signal and who was not before starting a conversation. Now people just default to text because they know everyone has that, and they don't have to waste time opening Signal, seeing yup, not on there before opening their SMS app, if they even bother.
I dropped signal when they dropped sms. I get why they did it but they removed their usefulness for most people. You could. Normally convince someone to use it foe sms and then start using the secure features with that person. Now without sms most people wont even consider it.
This only ever worked on Android so while helpful, it wasn't a panacea by any means as it didn't actually reach most people. Last time I had some numbers, the downloads across the App Store and Play Store were very similar so it probably ever reached about half the users. That's if we assume everyone on Android used it, which wasn't the case. ๐คท
I got my sister to install Signal so that we could more security send financial receipts back and forth, etc. But I have another friend that doesn't want to install it because, "...it's another app I have to deal with...".
When people make this statement I never understand it. My mother also keeps saying that she does want to deal with anymore apps than she has. What exactly does she mean by that. The app updates are automatic and the app just exists on the menu when not used. It is not like the app needs maintenance/tweaking to run
People in the comments saying others in my network wont install so its pointless for me.
All i want to say is Mate , dont be a sheep. I had 1000+ contacts and i installed signal then sent a message to everyone saying i am on signal and uninstalled whatsapp.
Around 200 contacts moved to signal just because they value me
Tl;DR know your worth
Mate its 2023, you should know why signal is better than whatsapp and other data harvesting apps.
Since you joined lemmy i think you support FOSS so why not support the apps that doesnt fuck you over.
I totally understand your point, but far from being a sheep, I live in a country where Whatsapp is the standard even for government, healthcare, college, private work. On the other hand showing people an app that only do better on privacy, which should be enough but it doesn't, but has no other appeals/features is a war lost before it's start. I'm happy many of you could do the switch. Best I could do, and I know I'll get ranted for this, was get as many people as I could to telegram. Please be gentle.
You did see this coming, but I don't understand why people associate Telegram with security in any way. It openly states that it's not end to end encrypted and everything is visible to the server! And if you enable end to end encryption for a particular chat, its functionality is severely restricted.
Maybe I'm just stubborn, but if someone really wants to talk to me, they should respect my sense of privacy. If not, I'm just not taking to them - read: I'm not translate
I personally prefer apps on the matrix network! Www.Matrix.org has a list of client apps, but I've found Element is great on windows, steam deck, and android! Call quality and chat stability can get weird sometimes, but overall it's very very secure and pretty feature rich! ๐
From the little bit I researched, it's kinda similar in the way that the fediverse works! It's decentralized, and one account works everywhere. Good stuff!
If it's decentralised, hosted by various unknown parties that can tamper with it as much as they like without thorough oversight, how can it be considered very secure? This is what worries me.
Well you still choose the instance your on. Don't use one from an uknown party. If you can, just host it yourself, it's not very demanding. But I find signal to be much simpler to introduce to your parents for example, just because it's like Whatsapp and just works.
Signal frustrates me, because Signal Foundation is clueless on what people actually want and it just feels like their product direction is so baffling it somehow turned into another failed Google messaging app without being a Google product(they even hired a former Google exec to run Signal!) I've never touched their crypto or stories, and I thought the SMS support removal makes zero sense and their justification is flimsy at best, it gave me Hangouts flashbacks.
The main problem with removing SMS support isn't that I can't convince my friends and family to switch any more(though very annoying), it's that since Signal has marketed itself as a highly private messaging app, it now has a certain reputation of being used for... particular things. Without SMS support, even having Signal installed on your phone looks suspicious, since you can't say that you're using it as a nicer SMS app anymore.
I'd love to switch to Signal but the lack of sms makes it a NO from me. Everyone I know uses sms on their phone, and there's no way I'll be able to convince them to use two messaging apps when sms is already universal and convenient. ๐ญ
It always baffles me that apparently in some places people still use sms. I mean besides the fact that it isn't encrypted at all, sms doesn't even give you group chats, the ability to send images and videos or many other of features basically every other messenger has, right? Where I live it's about (just guessing the numbers here tbh) 90 % WhatsApp, 7% telegram and 3 % signal. Is there any reason that in some places so many people stay with SMS? I don't think I've send or received one in the last 10 years or so (besides companies sending me a TAN or whatever)
I've never used group chats, so that was never an issue. Most people don't care if their messages are encrypted. And sms automatically swaps to mms when sending pictures and videos.
Donno why Whatsapp never took off on the U.S and tbh I'm glad since Meta owns it.
As an iPhone user who most of the people I message are also iPhone users. I need sms to communicate with the 3 or 4 people who use android and they donโt have any other app for messaging.
The idea isn't that I want to use SMS, the idea is to get people used to using one single app. Back when Signal had SMS support, it was my primary texting app. Anyone who had Signal I could talk to over Signal and anyone who didn't I talked to over SMS. This got me to convert several friends and family to Signal, and we were able to immediately switch from SMS to Signal chats.
Removing the barrier of juggling apps is paramount. No casual user wants to have to remember who they talked to on which app.
I want to use Signal. Not everyone else on my contacts list does.
It was much easier to convince people to switch to Signal when you could just say it takes the place of your SMS app. Now it's just another app to keep track of.
Been using Signal for a very long time now, with my SO, parents, brother and a few friends. But it's inevitable to also use WhatsApp side by side. Selling/Buying on the local marketplace? WhatsApp. Workplace colleagues? WhatsApp. That group of buddies where only 1 or 2 converted to Signal? WhatsApp.
WhatsApp has full E2EE and you can configure it to only store messages and backups on your device. Obviously others could save a cloud backup, but the backup is still fully encrypted as well. Messages aren't accessible by Meta and they can't be forced to turn them over to local governments, so it's really not a bad messaging app overall if you have to use it.
I've been trying to get my wife to use signal for ages and she won't budge. She won't budge because she doesn't want to install another app that from her perspective does the same thing as texting (she's not as privacy conscious as I am and doesn't really care that signal encrypts missages). Lately I've been trying to sell signal as mre reliable since my work office has shit cell reception and once in a while messages will git completely lost in the aether. Signal is more featurefull than sms/mms imho.
My sister, her husband, and one of my friends use signal so there's that.
Ultimately I'd probably prefer everyone use matrix but it's not as accesible as signal.
I laughed at your "...she doesn't want to install another app...". I have a close friend that told me the same thing.
I was able to convince my sister to install Signal so that we could more securely send financial receipts back and forth, etc.
More than one of you in this thread have mentioned Matrix. I realized I signed up for it during the Great Migration about 3 weeks ago, but I haven't spent any time there yet. How is it the same/different/better than whatever else? Curious. (I suppose Google might be my friend in this situation.)
It's federated like mastodon/lemmy (and might interoperate but idk). It doesn't require a phone number. I don't use it a ton but like that it's decentralized.
Maybe you could try to convince through other features, like sending sharper images, videos, audio messages or video calling etc.
If you get closer with her friend circle (or if she gets closer to your friend circle), you could propose to make a group chat, where you can keep each other up to date or plan future activities together. Your wife will probably not want to miss out on that.
Don't talk about encryption or security to normal people, who are not into tech. They do not care. Only talk about features, that they can actually use, and only in situations were this would be useful. Don't be preachy about your messenger use, don't make them feel stupid.
I've used Signal from the earliest days. It has its flaws, but for the average human, it's the best fucking end to end encryption message platform around.
My problem with Signal is that nobody I know uses it, which unfortunately makes it useless.
Other than that, I genuinely think it's pretty great. But you'll have to persuade people to leave Facebook and WhatsApp en masse before it becomes ubiquitous enough to be useful.
Funny how things can be different. In my circle everybody uses it, even my mom. We've also had a very active group chat with my friends for many years in Signal.
Question: in 2019 Australia passed an encryption law that requires every piece of software used in Australia to have a back door for law enforcement to access to โcounter terrorismโ, wank, wank.
Simply put, no. The signal protocol as well as the app is open source. Although I imagine signal would not be on the Australian app store for lack of compliance, which is why you can download the app directly from their website.
WhatsApp actually uses the signal protocol, but they close sourced it so there's no way to tell if FB put a backdoor into it
My understanding is that this doesn't actually require a backdoor be pre-built. It does require that, upon notice, a company or individual provide access to encrypted data (eg, via a backdoor) or assist in obtaining that access in some way, up to introducing a backdoor into their own software or compromising it. There is however a "systemic weakness" limitation, such that no one should be required to introduce a somewhat vaguely defined "systemic weakness" in their software in order to comply with demands. There's also no requirement that a backdoor be added before requests.
I expect that this means Signal would just stop offering software in Australia if they received a request, or make an argument about systemic weakness, though what Australia would likely ask for would be targeted replacement of the app with a signed but malicious version, to avoid that argument. There is also a question of enforceability against foreign companies: Australia is not the US, with the ability to extradite people who have no real connection to them, so Signal could quite possibly just ignore the Australian law.
If I recall correctly, the law also applies to individuals, and could compel them to maliciously act against other organizations; I remember there being the argument that the law meant that security-minded companies and projects should not allow Australians to contribute to their software at all.
I'm almost positive signal themselves cannot access the data. They couldn't comply even if they wanted to. Check out this fun little section of signals website: https://signal.org/bigbrother/
Itโs a running joke amongst us Aussies to visitors, manโฆ Donโt ask what you canโt do in Australia, ask what you can. Itโs an easier list to explain.
And they passed that bullshit encryption law over Christmas/NY 2018, by the way, when none of us were paying attention. We came back to work on January 2 and it was signed into law.
Personally, I thought it was our Governmentโs most sneaky and disgusting moment.
Do they require to have a backdoor into the actual app (on your phone) or into the servers.
I'm not sure how data is stored locally (probably encrypted tho), but some time ago the FBI demanded Signal to give them all of the data they had on a specific account. All they were able to get was the phone number of said account and the account creation date.
That was one of the original use cases. For whistleblower protection. Edward Snowden helped in the making of the signal protocol, because it's something he wished he had access to.
I've been using Telegram primarily and it's nice being able to logon to any device and have my chat history, but it doesn't seem secure at all. I imagine the NSA has direct access to it.
The CEO is Russian. He formerly owned VK and sold it off to the Russian govt iirc. Though, he didn't sell it off without destroying documents containing user info which the Russian govt wanted which in resulted in a warrant for his arrest. Telegram now operates in Dubai with teams working in several other countries like Ukraine. He chose Dubai mainly because of their laws that so far have been favorable to tech companies and not being so heavy handed on censorship.
There are 8 data centers none of which last I read operates in Russia. I think there used to be one until Russia banned Telegram as the company refused to allow access to their servers. The ban was lifted several years later but Telegram still hasn't opened a data center there. And the way these data centers work is chats are excepted and the encryption keys to those chats are never stored in the same location. For years governments like Germany and India have been finding Telegram for either not taking down content they don't like or not doing enough to suppress speech. I believe Germany is in the lead as every year they keep leveling millions of dollars worth of fines.
Of course, feel free to do your own research as a lot of this is off the top of my head what I read over the years and why I remain using Telegram as my primary "do everything" for light social media and messaging friends and family.
I do like the simplicity of Signal though but I always worry about losing my backup data like I did once and would hate to lose all that history and photos shared with text context somehow if my phone ever got lost (knock on wood never happened).
I look forward to Signal ditching the need to share phone numbers and instead use usernames. But for now, Telegram has a lot of flexibility and utility that Signal doesn't have or can ever match due to the focus of said app.
Telegram has no end to end encryption as default. You can enable it with secure chat but that is making the chats unaviable in other devices.
I can really recommend signal, been using it as my only messaging app for years and it just is so more secure. Most people installed it too after I asked them to do it to keep contact
Here in the US at least, Whatsapp is not nearly as prevalent as some other parts of the world. I got all my coworkers in my 6 person department to use it. I got my SO to use it. Somehow getting my family to start a group chat was one of the harder ones. I'll keep doing my part :)
I think Signal is trying too hard to be secure, and they are missing a lot of convenience features.
For example, you can't migrate from Android to iOS or vice versa. You'll lose all your messages and groups.
Or it's really hard to export all the photos someone sent you. I get that my iCloud library isn't as secure, but I really want to make sure I don't lose those photos if I lose my device. The photos aren't that sensitive.
The security notifications are also well-meaning, but hard to make sense of. You sometimes get notifications for changed security numbers, when people change their phone, sometimes folks show up twice in groups, etc. It's all a bit hard to understand and difficult to use.
And finally, it seems that messages are sometimes delivered a bit unreliably or with a long delay.
That's what I always said. Signal only does one thing right, encryption, and that's it. The rest isn't great, they kept the server side code hidden for 1 year to implement the shitty MoxieCoin (so Moxie and his friends could get rich) and removed SMS recently.
I moved to Telegram and the features are so great there's no way I'll ever use Signal. If you really need E2EE you can use it in personal chats. For regular chats, the fact that you have access to all your messages from everywhere is really convenient.
Small price to pay for security. Maybe some small features are worth giving Zuckerberg and friends access to the most intimate personal shit in your life. For me itโs not a problem.
"I don't want to give Zuckerberg all my information for free, or ever, at all" - is what I've said to people when they ask why I don't have Whatsapp. For the most part, they shrug as if to say "fair enough". By and large, it's become an acceptable reason.
Through the past few years, I've been communicating with my five best friends via Signal. They installed the app and started using it just to stay in touch with me. Like I said - best friends, they did that for me.
But their gesture have been rewarded...! ...with Twitter-thread-style text walls from Yours Truly! About whatever subject is on my mind that night.
From the 70s films of Robert Altman, to the impact of The Stone Roses on 90s British music, to the difference between Baroque and Rococo, to Major League Baseball rule changes, to Bitcoin miners in Xinjiang and Kazakhstan, to Neutrino Cosmic Background Radiation, to good ol' fashioned meme shitposting - surreal memes, recursive memes, dank memes, bone hurting juice... you name it, we got it.
So far, they don't seem to mind it too much. It doesn't happen every day and I gotta feel inspired, as opposed to bored texting.
I love Signal, but was unable to convince enough of my network to migrate. They are mostly stuck using Meta's spyware (Instagram and Whatsapp).
In the end, Telegram seemed like a good mid-way for enough of my friends and peers.
The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on."
Ahem, and a list of contacts, they've improved since, but it used to be that this was a simple hash of the phone number which is obviously vulnerable to a very easily generated rainbow table.
There's the rub. Unless privacy is your highest priority there isn't any advantage. I wish I could convince my main contacts to move but convenience is a higher priority for them.
Mostly privacy. Signal is completely encrypted end-to-end. Telegram is only encrypted when choosing private chat with one person. Group chats are not encrypted in telegram, they are in signal.
I have to say that some of the points on that site are outright ridiculous.
First off, they quote the privacy officer of the German protestant church, who has no technical background according to his own bio:
"โฆ when using Signal, data protection concerns remain, especially because this service processes personal data of its users outside the scope of the GDPR. The use of this messenger service can therefore not be recommended.โ
And he goes on to say that Threema (for profit, proprietary server code and (at the time) client code) and SIMSme (for profit, fully proprietary) are preferable over Signal because of the jurisdictions they're in. Not sure about anyone else, but I'm going to trust the open source software more, regardless of what jurisdiction the servers are in.
I do have to give him credit for recognising a "self-hosted messenger service based on established and freely available protocols on federated servers" as the best option, though.
negative: actual server software used does not have to match the version published on GitHub
Fair, but how many other messaging services publish server code at all?
negative: terms of use (external) as well as privacy policy in English only
I suspect there's very little overlap in the Venn diagram of people who use (or even know of) Signal and people who don't speak English.
negative: weaknesses in authentication for encryption
This boils down to users trusting Signal as a certificate authority and not verifying their contacts "security number". Fair point, but a user can still choose to use Signal in a way that removes those weaknesses.
Of course, since we're on a federated service, I expect people to jump on the chance to recommend Matrix/XMPP instead, but realistically, I've had much more success getting people to use Signal.
And apart from federated messengers, I'm not aware of anything better than Signal.
I am a fan of Signal but mine has been broken for like six months now. Anyone else getting this bug? I try to open it and get an error 'Couldn't open Signal, send a bug report to troubleshoot' etc. I sent the bug report to the developer team at the address provided but they couldn't really figure it out. I've tried deleting the app and reinstalling and all that to no avail.
Ran into the same kind of issue when I switched phones. Closest thing I could find to a solution since it seemed to have something to do with the size of my "backup" was to wipe everything and restart. sooo I just wiped everything and went to RCS
It's an iphone 8, almost six years old now, running iOS 16.4.1. I emailed the dev team at signal and corresponded a bit; basically they said they looked at it but can't spare the resources to do any real troubleshooting. Apparently it's a really small company which is fair enough. A new phone would probably fix the issue but I dropped a thousand bucks on this phone and I plan on using it until it dies or until I lose it, whichever comes first so..
My network is all on Signal and Signal has been good to us. Matrix may become the way of the future but for now Signal is a good place to be for this lot.
Its immensely difficult to convince your circle to download yet another app to message a handful of people. It is much easier to convince them to replace their SMS app.
I've been using signal for a few years. I'm now in a situation that I use two different phones but signal only allows you to be connected to a single device, and you only see the messages in your history for the particular device you received it on. You can't migrate messages, the UI is extremely basic and isn't a responsive design so you have no control over window size on larger screens. There's just so many annoying little things about it, but overall it's pretty solid. I'm looking for a better solution now though.
It really needs some more effort put in on UI design, data migration and linked devices. Development is very slow. I hoped it would improve but nothing has changed for years.
Signal is great. I wish more people used it because I trust it more than anything thatโs a product of Facebook. No matter what they claim, I always worry thereโs something they arenโt admitting to.
The WhatsApp creator left Facebook early, leaving $850 million behind, because he thought they were pure evil, and then he went to the signal creators and threw money at them to not sell or turn into a shit show. He is now the interim CEO of signal. He plans to keep it as a private foundation that is using a donation model to keep it going.
Also, if you work for an employer that asks you to download signal for work communication, make sure you record all conversations by screenshots or screen video. People can wipe signal communications remotely and this can give employers deniability while putting things on the employee. Practice CYA at all times.
He plans to keep it as a private foundation that is using a donation model to keep it going.
I abandoned Whatsapp several years ago and since then have used Signal nearly every day (to keep in touch with a handful of friends), have had a recurring monthly donation set up for a couple of years now.
One on the one hand there's the privacy, but what clinched it for me originally was the ability to seamlessly switch from my tablet to the cellphone to the desktop, all Apple. Signal was (and probably still is) better at this than Whatsapp.
Signal set the industry standard for encryption and privacy, and it's what I tend to point people towards. The one down-side is that it is still tied to your phone number, so solutions like Element/Matrix or XMPP with OMEMO might be a little better for some use cases. My wife, kids and I use Conversations(.)im for our intra-family chats and use Signal for talking to everybody else.
Personally, Telegram is my favourite one. Feature complete, a ton of convenience features as well, totally secure if you want it instead of cloud storage etc
I find telegram super odd. Especially the publicly searchable groups for something that's supposed to be secure and how the first things that come up when I search my city is groups selling heroin.
As many others have said already, I loved signal until they ended sms support. I'm not going to have two separate messaging apps. Especially when 90% of people I know won't use signal and don't care about encryption. I just use the Google messaging app, which in my opinion is way better than Samsung's app. I enjoy rcs support and as I understand it, there is still e2e encryption.
That being said, if I'm doing anything illegal I'm going to force the people to use signal or something safer. As much as I love Google, I'm not going to trust them to keep me out of jail. Nudes would probably be the most sensitive thing I'd trust Google with.
Oh and I dont mind the Facebook messenger app if you use the secure mode. Hate Facebook though, just the messenger is ok.
I use Signal as my main messenger and it works just fine. The only drawback is phone number requirement, but it is simpler for casual users. I'd really want them to add an alternative, more secure and private signup method.
Use Signal to talk to my gf. Had her get it so we didnโt have to use some shit like SMS or Snapchat, since Iโm on iPhone and sheโs on android.
Had a couple of issues with messages not going through but since she upgraded her old phone itโs been fine.
I see a lot of people here struggling to get contacts to drop sms and imessage. i have had success in getting a lot of friends on signal because cross platform group mms is dogshit.
Tell them more and more companies are moving to Whatsapp for marketing and Meta are doing more and more to make it easier and more annoying. Or maybe the spam will start and they will move themselves
I don't know the details, but, even though I appreciate the tech behind it, in my experience signal hasn't been that great (not even accounting for the need to ask people to install it). The calls always have a delay, the UI isn't as responsive as either Telegram or WhatsApp, no ability to edit sent messages, no history when logging in from a computer. Any of these aren't that big of a deal, but definitely a downgrade compared to the competition.
yeah but the info available to them was your phone number, when you registered, and when you last logged on. Not terrible but more than I'd like. Still way better than most other messenger apps.
On an andriod phone Signal replaces your messaging app, right?
Signal is NOT like Viber, Whatsapp, etc. right? No video chat, just text?
ETA: When I say "replaces your messaging app" above, I'm referring to "normal" texting on your phone, not whatsapp, viber, etc. Sorry I wasn't clear.
They used to have that functionality (and I loved it) but they removed it due to it "not being secure enough" for their standards
Signal can absolutely replace WhatsApp, Viber (although I never heard of it before), etc. It supports voice and video calls, and you can even screen share from desktop
Answering to 2 - signal is a bit like Viber, WhatsApp etc, but the message and metadata are encrypted from end to end, meaning signal servers canโt know exactly the content. WhatsApp included this few months ago, but not on the metadata only the content of a message
Yes and yes, It can replace Viber, Whatsapp, and etc if I am not mistaken. They also have end to end and whispers which are 24 messages if you and your recipient are both on signal.
The bridging capabilities of matrix make it unbeatable for me. I can't make everyone switch to it, but damn has a lot more been willing to do so when I show them they can have discord, telegram, whatsapp and more in one app.
Why is it so hard for people to care about what they use?
I want to keep using signal with my friends that use signal. If I get an SMS text, it currently goes to signal with no way to respond. If I were to use the native Android messenger or a third party app, would it only receive sms or would it also receive signal messages as well since it's linked to the same number?
Signal is shit, its a honeypot. It requires your Phone Number and that the persons chatting have each other in their contacts on device, even if you convince friends not to use WhatsApp, WhatsApp, Google, Apple and every other App, someone installed that can access your contacts knows your Name, Phone Number and People you are connected to.
Signal relies on NSA Cloud Servers and "security" features of Intel Processore that are going to be broken or probably there already is a backdoor.
You can't have it on multiple devices with multiple accounts, its a closed ecosystem and doesn't have a big community involved with checking the code. They get funded by US Gov. and tried to put obvious backdoors in their desktop apps.
Use Matrix.org , I also heard good things about SimpleX.
You don't even know what you're talking about. Security features of Intel chips? The encryption happens on each phone. Phones don't have Intel chips on them. The server is only a relay. The encryption algorithm is open source and security experts say it's good encryption. The code is right in the APK and anyone can look at it.
There is no way for me as a user to see who your contacts are by using Signal. Obviously, since it uses phone numbers and not accounts, the people operating the server know who you are messaging. But other users have no idea.
NSA Cloud Servers? I highly doubt that. Using a packet sniffer it's easy to see which IPs your phone is talking to. I doubt an of them are "NSA cloud servers". Once your encrypted packets are sent, though, it's impossible to know how they are routed before they go to your recipient. I assume the government knows exactly who I message, and I don't care about that. It's friends and family. If you care about that, then don't use it.
Get your facts right if you want to be an anti-Signal advocate because right now you just sound like a lunatic.
My friends and I tried Signal after the whole WhatsApp privacy issue thing arose.
Signal has been nothing but issues for us, plagued full of bugs. Images half the time would refuse to send. Videos would send but the audio would be slow even though the video itself was fine. Chat would load 200 messages prior then scroll down to the bottom on its own. The app doesn't have a good way of handling media so it'd grow to be 50GB in size, then if you backup Signal messages that'd double in size again.
Our group chat recently moved away from Signal, it's not perfect but at least are media is sending fine.
I'm not sure when and what you were trying to send but I use it since at least 7 years and never had anything like that, maybe you should give it another try someday ๐
Our group chat sends a lot of video memes. If they don't play correctly then they don't want to use Signal. We moved away from Signal 2 weeks ago. We're in no rush to try it again.
With a closed source server. Sure, your messages are encrypted from your device to their sever, but you have no way of knowing what's going on in-between.
Signal is a great secure private messenger app until you realize that the keyboard is a third-party piece of software and is thus easily compromised. This is doubly so for people in CJK space where third-party IMEs are absolutely essential; Signal doesn't provide its own keyboard under its control and it certainly doesn't provide IMEs. So any keyboard/IME can phone home with everything you type into your "secure" app.
Signal's duty never included input methods. Moreover, if you force a keyboard that doesn't cover everyone's keyboard tastes AND language AND typing methods, you suddenly are blocking people from using their own choices. Suddenly you are force-feeding a possibly bad keyboard implantation to many, and taking away interest from the app.
And, finally, there's already plenty of free open source and privacy-friendly keyboards. There's no need to reinvent the wheel for one single app. This is, all in all, a really poor idea.
Privacy isnโt an optional mode โ itโs just the way that Signal works. Every message, every call, every time.
Yes, there is in fact a duty to at least warn people that their very means of input is an attack vector. Yet the Signal App public-facing messaging says nothing of the sort. Instead it says:
State-of-the-art end-to-end encryption (powered by the open source Signal Protocol) keeps your conversations secure. We can't read your messages or listen to your calls, and no one else can either. Privacy isnโt an optional mode โ itโs just the way that Signal works. Every message, every call, every time.
You have to go pretty damned deep in the documentation before you finally get the tepid warning about keyboard apps. Like really deep. With no actual mitigation suggestions or recommendations. Almost as if, you know, they don't actually give a damn.
If your target market is security professionals, this is barely forgivable since they would presumably know about attack vectors like this. This, however, is what Signal seems to view their target market as:
And I, for one, think there's a responsibility when security pros market to normies. A responsibility which Signal App has been actively dodging (they've had their feet held to the fire for this from multiple sources!) for years now.
Almost as if, you know, they don't actually give a damn.
They are ignoring a lot of cryptographic best practices in their protocol to the degree where anyone taking a basic cryptography class will laught at it. The paper above shows that some cryptographic properties can be proven for telegram but those look more accidental than actually planed.
So yeah I'd say telegram is way more sketchy. The signal protocol is significantly better. Telegram's still probably better than WhatsApp tho.
Also, while I'm not familiar enough with cryptography to know how accurate that is, speaking to OP's point regarding the people behind the apps...Telegram's people are sketchy themselves. From what I gather it sounds like the lead person behind Telegram is more or less a tech bro but Russian instead of American or South African, and has some similar negative qualities.
It's a long article, but Wired's feature on Telegram is an interesting read. TL;DR though is that Telegram seems to be led by yet another eccentric libertarian who reportedly is very controlling over certain aspects of the platform.
As an aside, for anyone put off by Signal's foray into cryptocurrency BS, Telegram also tried to dive into crypto, so...Yeah.