I'm really curious. I've been using Signal for years, and it's been much much better than the default app on my phone (not to mention more secure). What's so good about Telegram? I've avoided it because of its suspicious encryption.
To be clear, I'm not advocating for the use of Telegram. I keep posting this in hopes that moxie will understand just how important UX is and hire accordingly.
WhatsApp, Telegram etc. are going to eat Signal's lunch because of the UX and I would like that not to happen.
I think he understands UX is important; the majority of recent changes are to the UX since the crypto is more or less stable. OWS probably has much fewer developers contributing to Signal than either Telegram and WhatsApp, so that could be one of the reasons they have to play catch-up.
There are also features some consider good UX but Signal shuns because they create confusion regarding the security properties (i.e. self-destructing messages). Signal's number one priority is security while that is not nearly as important for Telegram in practice. A lot of the UX advantages the latter has can be traced back to this essential difference.
I agree though that something like messaging multiple people without creating a group first is more or less UX-only and would probably make sense (groups are anyway a client-side abstraction only in Signal, servers have no concept of them, so making anonymous or automatically named groups on the fly should be doable)
Also probably getting in touch with OWS on their mailing list is more effective than hoping they notice random posts on HN. It is not the most contributor-friendly project on the planet but clearly articulated and focused posts are usually answered and so are issues/pull-requests that conform to their stated guidelines (do not add extra options, do not put security second, etc.)
I'll use an example that has been confusing for me. The contact list alternately shows some people in gray text and others in black while having a separate phone icon.
1) It was not immediately obvious to me that I have to select the name to msg. iMessage deals with this by having a specific messaging icon that makes it clear.
2) I was able to guess that the grayed out names meant no messaging but then again I tried to call multiple of these contacts and it does not seem to work properly in that that I can't seem to reach those people. Not sure if this is broken... Part of this is the legacy of Redphone/Textsecure so as Signal spreads as a single app across platforms, I'm hoping this issue somewhat goes away. [1]
3) It would certainly be nice to have the whole contact list be visible instead of just the known contacts with Signal/Textsecure/Redphone along with the ability to easily share an invite to others to use Signal via iMessage, email etc. (use the standard iOS share dialog) I'm willing to bet this gets a lot more people to see/use/invite others.
4) I would argue that groups/multi-device is the same abstraction in this case (each device would be a hidden subcontact) hence it should be possible to get multi-device support in short order if group support is already there.
I don't believe any of the things I've listed above have security implications but I could always be wrong. Maybe I'll file some tickets this weekend if I have some time.
I did some digging and found the link below. Requiring people to understand and handle an issue around a bloom filter is a bit much. That part should just work.
lol, yeah the problem is that it just never occurred to us that UX is important!
Here's the situation: people hem and haw about Telegram's cryptography, but what we should really be talking about is that Telegram is not using end to end encryption by default. Telegram stores your entire plaintext message history server-side. There is nothing worse when it comes to privacy, but it's very easy to write slick clients when they're just views onto the server and all the logic happens there.
moxie, I hope you aren't taking this the wrong way.
I'm pretty sure that you are aware that UX is a problem. I'm saying this because I do think UX is a priority for users and hence for widespread adoption.
There are legitimate reasons why Telegram is more popular and as evidenced, security first is not a sufficiently valid sell for Joe User. Obviously, there are also fundamental reasons why Telegram should not be used as you have pointed out above.
I want to see Signal succeed which is why I've made the comments about.
While I have your attention, maybe you could clarify the protocols used between Signal and WhatsApp. Is there a scenario which there will be interoperability? I believe that you previously alluded to the implementation of e2e being separate in WhatsApp but it would be nice to get some clarity around this. Thanks.
This. When my wife first got an Android phone I installed Signal on there as the default SMS app (she values her privacy and was worried about Google Hangouts). This lasted for almost a day until she tried to send a group text to a few of her friends. When she found out she had to create a named group first, she asked me to install a different messaging app immediately.
Unlike Telegram, Signal is end-to-end encrypted, which means that Signal themselves cannot read your messages, and therefore could not be compelled to divulge them. Because of forward secrecy, even if recordings of an encrypted exchange are made (and as far as I can tell Signal does not record them), they cannot be later decrypted with a compromised key.
Yes. Signal has perfect forward secrecy. There's no way any government could compel them to release private chat information: they are literally unable to do so.
Even so, a government could still block them until they realized it's futile (or something). The end effect is in their favor: users to move to other platforms that are not as secure.
WhatsApp does/might (who knows, they are not transparent about it and it is closed source) employ the same end-to-end encrypted protocol as Signal does (for some users):
