-20
submitted 1 year ago by gthutbwdy to c/technology@lemmy.world

Signal is a centralized app, run by a company. If they are offered enough money or legal threat they will sell out or close.

I am sure people will make an argument that its FOSS and people will just fork it if it goes bad, but a new fork will have 0 users and Signal will still have all of your old contacts. Why not make a switch now? Before it is even more popular and you have more reasons to stay? Why fork it if there are already decentralized apps that use same encryption, like XMPP apps?

Sure you can find flaws in every app, including XMPP implementations, but if we will have to write code for a new Signal fork, why not just fix whatever is that bugs you in XMPP clients?

If you want to use Matrix, that is fine as well, we can always bridge the two open protocols. But you cant bridge Signal if their company doesn't allow it.

you are viewing a single comment's thread
view the rest of the comments
[-] SirEDCaLot@lemmy.fmhy.ml 1 points 1 year ago* (last edited 1 year ago)

Personally I don't think it's likely that signal will close, or that they will sell out. I think the more likely problem is the sort of thing I mentioned, that having a single dev team will be a bottleneck or will reduce user choice. The iOS backup thing I mentioned is one example of that. Usernames rather than phone numbers is another one. Having only one code base does make it easier to audit. And having one foundation in charge does mean there's an easy path to pay for those audits. But it is still a single point of failure.

To be clear- as single point of failure go, I trust Signal more than the next 10 put together. What I don't trust is the whole using phone numbers and SMS verification for sign up. And I would prefer their architecture was a bit more open/federated.

[-] gthutbwdy 2 points 1 year ago

Why would you trust Signal more than XMPP that uses same encryption? I think people are just afraid of things they haven't heard of, even if they have been there for longer and have a better reputation. This is why marketing is the biggest business in the world, google and facebooks only revenue is selling ad space and they are richest companies in the world. Fight that marketing, learn a bit about XMPP and you will see it is far better than Signal.

[-] SirEDCaLot@lemmy.fmhy.ml 1 points 1 year ago

I tried hard to push XMPP back in its day. Little success sadly, that was when IM was going out of style in favor of SMS. I kept using Trillian and watching as more and more contacts went offline never to return. Then Google announced they were killing their XMPP gateway and that was a nail in the coffin.

The bigger problem with XMPP was varying support of various XEPs leading to an uneven user experience with mismatched clients. That in itself was fixable, and not a problem for people like us, but it became a problem when trying to get 'normies' interested. Tell someone like us 'you can't video chat that guy, his client doesn't have calling capability' and that makes perfect sense. Tell an average person that, and they hear 'this system sucks and I can't count on it to do what I want, I should stop using it'. Then they go on Discord or iMessage or whatever, and it works right the first time every time, and they stay.

And therein lies the real problem. You and I can wax poetic about the pros and cons of this or that system and its security, but if I can't get my non-cryptohead friends to use it, then it's worthless.
And THAT is why Signal succeeded and XMPP failed. Because it's dead fucking simple to set up. Download the app, punch in the SMS security code, and you're online. Questions like 'choose which client software you want' or 'pick which instance you want to sign up with' kill adoption for average non-techie people. They say 'I don't know what to choose, I don't want to choose wrong and cause a bigger problem, so I'll just not choose and close this'.

[-] gthutbwdy 2 points 1 year ago

I disagree. There are many FOSS decentralized projects that are still running today, including XMPP, that are doing fine and make even better and more secure software than Signal. All centralized privacy apps so far closed or started sharing data with governments. Statistically that is far more likely scenario then a popular FOSS app to lack devs.

[-] SirEDCaLot@lemmy.fmhy.ml 1 points 1 year ago

I agree that there's plenty of FOSS projects as good as or better than Signal from a crypto POV.

NONE of them are anywhere close to signal when it comes to number of users. And if your friends don't have it, then you can't talk to anyone on it.

And if your friend loses their phone and finds out they just lost all their chats too, they're gonna say 'fuck that, I'll just use iMessage so next time I don't lose anything'.

[-] gthutbwdy 1 points 10 months ago

Exactly, that is a problem with network effect. This is why it is so important to build a network effect on an open protocol, because we will get stuck otherwise on Signal or any other centralized apps. Only when a network is completely open and anyone can create a new network being bridged to the old one, will we have an actual solution to the problem. Switching people to Signal is counter-productive in the long run.

We should tell everyone that wants to listen, the importance of this and how much of a big deal it is to be available on a decentralized network, even if you are not using it. Because then we have a chance to fight the network effect until there is enough potential users to actually make a switch.

this post was submitted on 05 Jul 2023
-20 points (37.8% liked)

Technology

59674 readers
3227 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS