Hacker News new | past | comments | ask | show | jobs | submit login

>The main problem with projects like these is that I don't know (without manually checking myself) whether they are actually tracking the Signal source code effectively.

That's my main complaint with Signal - lots of widgets. More code to audit and keep an eye on.

More users is good, but stickers and stuff.. meh.

Maybe teach zoomers how to use emoticons ;-)




I understand where Moxie it coming from: user friendlyness (and candy) increases the user base in a demonstrable way. At the same time, adding code like this pretty clearly increases the attack surface unnecessarily. So there is a tradeoff they are making for everyone. I would much rather be able to disable that additional state space, even if I can't strip it out of the build entirely.

I also find it a bit crazy that the 'desktop' app is Electron, and they don't hint anywhere what a house of cards Electron is. I wouldn't run it except inside a VM, and even then I would have to accept that all the messages could be extracted remotely. They give no indication of their compliance with best practices (e.g. https://labs.bishopfox.com/tech-blog/reasonably-secure-elect...) with is disturbing.


Yeah, that's one reason I prefer verbal convos. Electron aside, how many people even keep their phone on the latest version? There's all sorts of ways to slip up with Signal, though now that I'm not violating COPPA by posting on the boards, I don't see a need to make a literal list of all of them.


people really do like those stickers though. You can just not use them, I find them annoying too, but I'd rather signal have them so people who want them don't have a reason not to use Signal




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: