It's really an engine for revealing people's true preferences for messaging, which, for many people, tend to be that they want all the ergonomics of Slack a lot more than they want cryptographically sound secure messaging.
What's hopeful in all this is that Signal is, slowly, catching up. Slack can roll out new features just by assigning a couple developers to it, and Signal has to coordinate new cryptographic research --- not just new cryptographic research, but research that produces something deployable at scale within the resources of a project like Signal! --- so Slack (and Wire and Keybase) are at a permanent advantage here.
But over time, Signal gets more and more usable without having to consider tradeoffs.
It is, but there's another aspect besides convenience and ergonomics. You surely know better than me that privacy and security are non-binary, and everyone has their threat scenarios.
In some cases, an ability to have multiple independent accounts/identities (pseudonymity) would - unfortunately but practically - beat true cryptographic security that Signal offers. I mean, personally, I'm less concerned about platform (e.g. Wire or Whatsapp) or some government agency learning that I'm talking to my buddies at certain schedule, than mixing up my acquaintances from different groups together, having to maintain a single identity for them all. Some people I talked with didn't knew my name or phone number, and I would be uncomfortable if they would. For me, in my life I've said less things I wouldn't want governments to learn about, than times I've used a pseudonym/throwaway account to talk to people.
My biggest annoyance with Signal is that getting a new phone ends up wiping out all conversation history with apparently no way to transfer it.
This loss of user data is not advertised well enough up front, and leaves users feeling tricked. In many contexts loss of user data is an even bigger sin than weak security.
What's ironic here is that in the adversarial setting the application is designed for, unexpected retention of user data (on end-user devices) is a sin.
I like to think about messages being ephemeral. If a piece of information needs to be saved, I just store it outside the messaging app. This includes media files, too.
That’s fine. But Signal should then advertise itself as unsuitable for general-purpose communication, primarily relevant when someone is specifically worried about adversaries reading the communication.
I can see how this makes sense for journalists, dissidents, diplomats, criminals, corporate executives, etc., but if data is under threat of disappearance, regular people should be warned away and told to use something else for day-to-day communication.
Personally, I'm happy to lose the data. I found it odd that with both phones and the SIM on the desk in front of me, I couldn't figure out how/if I could vouch for my key changing in any way.
Needing to say I have a new phone just trust me largely defeats the purpose.
If you are on an Android device you can export an encrypted backup and scan a QR code / type in the password to the encrypted archive to transfer messages / group memberships with only a safety number change in most cases.
I think that's the opposite of what I want? I want to inform people of the new safety number using the old channel and purge all data like a good user.
In this respect a keybase like model makes more sense to me.
Two small corrections: Signal-Android's backup works with a passphrase only (no QR codes involved) and does not cause safety number changes on restore.
Why would a group communication tool be compared with another group communication tool? What's the part you're missing there?
I have some friends I talk to in Signal groups. I have others I talk to in Slack. In both cases, the goal is the same: communicate privately with a known group of friends.
In the case of Slack though these are "private" communications only in the same way that say, email to colleagues at work is "private". Lots of people certainly could snoop this, and more probably would be able to if they really wanted to. You would not be told about that, it'd just happen and everybody involved would convince themselves that it's fine. Is it fine though?
Signal's rationale is that if we actually secure this type of conversation, we can tell people not to accept insecure conversations because they're trading something you might want (actual privacy) for... not very much.
We've been here before on the Internet, at least twice now. When I was still (barely) a teenager Tatu Ylönen invented SSH and connecting to another machine was now secure instead of hopelessly insecure. And at almost the same time a bunch of people at Netscape invented SSL (which became TLS) and made the World Wide Web secure. It only took a few years for ordinary (relatively) people to _expect_ SSH not telnet and it took a bit longer for HTTPS but in both cases we got to a place where secure was the default and expected condition.
Yes, thanks, I understand the technical difference. What I'm saying is that from a user perspective, many people don't care, or don't care very much. Otherwise they wouldn't be using SMS, telephones, or email.
If Signal wants to be broadly successful, they have to be as good from the perspective of the broad base of users.
Please recall that earlier in the thread, the following was posted:
"[Signal is] really an engine for revealing people's true preferences for messaging, which, for many people, tend to be that they want all the ergonomics of Slack a lot more than they want cryptographically sound secure messaging."
This comparison to Slack makes no sense - Signal replaces texts and makes them end-to-end encrypted. It's a straight upgrade to texting (except, apparently, on iphone, where apple won't let the app send plain old texts and the "drop-in replacement" quality is neutered). It requires a phone number to use, and is linked to that phone number.
Signal is right to be what it is, and if Apple got out of the way, I would insist on replacing all texts with Signal. Replacing my Slacks with Signal or my Signal messages with Slack fails to type-check.
For people like that, end-to-end cryptographic security is at best a nice-to-have. And I'd guess that's circa 90% of people.
Signal's true value comes when lots of people are using it. I never bother with secure email, because almost nobody I know has it set up. But I use Signal for the great bulk of my texting, because most of my friends are on it. If Signal wants that to be more and more true, they have to compete with the other tools people use for group communication.
I recently was selecting a messaging platform for my family, and we evaluated both Signal and Slack, and went with Slack. My wife did the same with her family, and went with Signal. From this, I gather they overlap in some features enough to compete for some use cases.
One (Signal) is a replacement for texts, and one isn't. "Overlap in features" wouldn't cover it, but rather how much you want it to be like texting.
Thomas Ptacek is a big Signal advocate, as am I, but he doesn't like to think of it as a drop-in replacement for texting, whereas I do (because that's what it is and where it shines). I move texting onto Signal whenever I can.
What's hopeful in all this is that Signal is, slowly, catching up. Slack can roll out new features just by assigning a couple developers to it, and Signal has to coordinate new cryptographic research --- not just new cryptographic research, but research that produces something deployable at scale within the resources of a project like Signal! --- so Slack (and Wire and Keybase) are at a permanent advantage here.
But over time, Signal gets more and more usable without having to consider tradeoffs.