Signal is a bit of a disappointment

Recently I was looking to try and use Signal on my PinePhone, and the more I got into it the more my love of Signal diminished.

One of my biggest uses for my cellphone is Signal Messenger. It’s been eye opening (in a disappointing way) trying to get it on my PinePhone. I’ve started thinking that a messaging app is like the “hello world” of deployment – send information cross-platform, sync it, handle failures etc. Whether that message is literally user text or driving an application seems less important. The baseline deployment aspects seem pretty similar. Anyways, a few disappointing things about Signal:

Signal will not federate (actively come out against it)

This one is I think the biggest disappointment. It feels a bit like you’re damned if you do, damned if you don’t, but a non-federated messaging platform doesn’t feel like “the future”. It’s depressing to think 20 years from now we’re still going to struggling with the same fragmentation and mega-corp “lure-and-lock” style of closed ecosystem shenanigans (Blackberry was bad for that, Apple is perhaps the most egregious in modern times). The number of high profile chat applications built off the Signal technology that cannot interact with one another is already sad.

It’s worth reading the blog post about it, as it’s definitely a tough decision to make: Reflections: The ecosystem is moving

That said, there are various projects that provide unofficial clients for Signal. As these are using the official Signal servers, I’m curious what the organization thinks of them – maybe custom clients can fill most of the gaps?

There appears to be no intention for a web client, due to security concerns

There are some good reasons for this, so it’s a bit of “reality is disappointing”

The fundamental problem with web interfaces is: there’s no way to version, sign and securely distribute a web page. Instead, you’re re-requesting the code you’ll run every single time you visit the site (making audits practically impossible).

This effectively reduces the security of your end-to-end encrypted communication to that of your SSL connection to the server, i.e. you’re only as secure as the CA system. Anyone able to intercept the client-server SSL connection (and the server itself) can silently change the code you receive and execute, with a very low risk of getting caught. This is why products which offer end-to-end encrypted communication through in-browser crypto are often considered snake oil, unless they use some form of a packaged & signed browser extension.

Limited device access

First of all, everything is linked to a mobile number, so there’s no desktop only client. The desktop client is linked to a cell phone that has a phone number associated with it. Increasingly, I don’t think I have any reason to have a cell number – it’s mostly an avenue for spam/scams to reach me at this point. Due to the terrible quality of cell reception around me, I make most of my calls via data (Signal calls and Hangouts Dialer). This implies there’s effectively a subscription price for Signal if you don’t have/don’t want a cell phone – pay your local telecom for a number, or lose access. If anyone knows how to get a free/extremely cheap cell phone number in Canada I’m all ears.

Adding on to that, each account has a max limit of 1 mobile device and 5 non-mobile devices. In a very real situation I’ve been in, where I have one phone with my SIM in it and another one on Wi-Fi, they can’t both use Signal. This feels like a really arbitrary and silly restriction that is a pain in the ass to work around. I’m really curious if there’s a technical reason for this – e.g. why not make it 6 cumulative devices?

What are the alternatives?

Presently, I think the most compelling “alternative” to Signal is Matrix. Alternative is in quotes because it’s dramatically different in a number of ways. The reason I think it’s viable is the number of high quality bridges that exist and work today. This breaks down the walls a bit when it comes to moving to Matrix without leaving contacts behind.

Noting that I’m extremely biased by working in IT, but Matrix feels like it could be a modern libpurple. I’ll be making a sincere effort to give Matrix a shot and see how it goes. That said, a worrying possibility is that Matrix steals libpurple users and doesn’t significantly grow the ecosystem of people interested in messengers that are compatible with one another. I guess we’ll see…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s