Follow

is great and a good step forward, but a few problems remain that we (as a society) and Signal needs to solve. 🧵

· · mastodon-twitter-sync · 2 · 1 · 2

Notifications on phones are broken. Many Android vendors like Xiaomi or Oneplus use aggressive battery controls to stop apps in the background. This means you might get messages delay. Fix it here, they have a section on vendors support.signal.org/hc/en-us/ar

Photo and Video sharing wastes a lot of space. Signal does not shrink media file size automatically, wasting large amounts of bandwidth. Uploads and downloads are much slower than on WhatsApp.

Danger for activists: Signal markets itself as secure messenger, but uses whatever input method editor app (keyboard) is configured an Adroid. This got Chinese activists arrested

QT RealSexyCyborg: So @eff, @Signalapp says addressing the IME/keyboard leakage problem is not within its purview. We've had activists detained because if it, it's going to happen again if people don't know about it. If I or someone else does a write-up on the issue, will you publish it? DMs open.

Signal needs your phone number. This is a privacy issue because a phone number is linked to your Signal account and a security issue because if an attacker can get a SIM card with your number they can take over your account (if you don't have a PIN set up).

Server problems: due to the influx of new users Signal struggles to provide enough server resources. The non-profit organization relies on donors for its operations. How can they sustain that when we want secure messaging to become a part of normal internet infrastructure?

That leads us to the problem of Signal being a centralized single point of failure. If the Signal servers go down then all messaging stops working.

There is no distributed network like in Email, XMPP or Matrix where multiple organizations can provide servers. We rely on a single organization to provide secure messaging for us.

That also means that Signal could be compromised by a nation state actor (a US government agency like the NSA). Although messages are end-to-end encrypted there is metadata about who communicates with whom. The central Signal servers need that to deliver messages.

This can be solved with a distributed network for anonymization of metadata, like we have with Tor. This has already been done with Ricochet, which seems to have stalled? en.wikipedia.org/wiki/Ricochet

I'm sure there are a lot challenges with this, making video calls over an onion routing system is certainly not simple. Signal is great, but just the start. We can do better for secure and private messaging.

@klausi wait I was told a new app would be the answer </obiwan>

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!