this post was submitted on 07 Nov 2023
131 points (100.0% liked)
Technology
59374 readers
7834 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As a reminder, Signal is still awesome, is run by cool people who have been doing good stuff for your privacy for many many years, runs on your phone and your laptop and your dad's PC and your buddy's phone of that other brand ...
While I still use and sort of like Signal, I feel that dropping SMS support was the wrong choice and I don't like the direction they are going. They are also against federation which I also don't like. I've stopped recommending Signal to people.
I believe them when they say that one reason to drop SMS was that some vulnerable users were mistakenly sending SMS when they thought they were safe by using Signal. That's a serious problem where a person having Signal on their phone could cause them to expose themselves to attacks. That person's life is more important than my momentary inconvenience when my mom is using SMS and my friend is using Signal.
I really wish that there were better options; some sort of incrementally-built web-of-trust like the old PGP model. But right now, Signal is still in a sweet spot for me: yes, it's centralized, but it gets certain specific benefits of centralization while also credibly assuring that the server owners can't do evil with it even if they want to ... and they credibly don't. I can get my family and my housemates to use it, instead of something from Zuckerberg.
Those are definitely all valid points, though I feel a bit of UI work making it abundantly clear that it's not encrypted in case of SMS and an option perhaps to fully disable SMS in settings if you really don't want it would have helped further adoption. I feel like they are optimizing for a rather small subset of users and thereby hurting the rest.
I think it's a good idea from a security standpoint to have a UX space in which everyone can be confident that everyone's stuff is encrypted; with a very distinct and (yes) inconvenient barrier — in this case, a different app — between encrypted and unencrypted spaces.
Everyone is using lots of different messaging systems: SMS/MMS; specific systems like Signal, Telegram, or WhatsApp; email; maybe Facebook Messenger; etc. It's really important for some users' actual lives that it be totally clear when you're crossing from a secure space to an insecure space. Having the insecure space not be in the same app is one way to accomplish that.
When we need to move data between the secure space and the insecure space, we can do that through copy-and-paste, or even screenshots. It is inconvenient, but that's because it's explicit and intentional, which also means you can't move data from one to the other by accident. That's good.
As a privacy hobbyist, I want to notice what works for the people whose lives depend on privacy: the journalists, activists, sex workers, LSD dealers, etc. I don't have their risks, but I want to contribute to a world where they can be safe.
However, there are definitely lots of different needs and comfort levels. What's a sweet spot for me might be an uncanny valley for you.
You didn't have to enable SMS in Signal if you didn't want to.
It's a user-level decision, and again, it was very clear in Signal when it was going SMS already.
It certainly killed adoption. It was the only app I had any success converting people, because it was seamless.