While the kickstarter campaign hasn’t reached level necessary to support the development of a Signal messenger client for the Mudita Pure, the recent announcement of MuditaOS going open source has made me hopeful, that a community-driven effort might make this still possible in the not too distant future. This thread is about collecting thoughts about how the Messenger should act, how it should deal with stored data, how to deal with it as primary device vs secondary device etc. Any thoughts on the feasibility from a technical point of view are also welcome.
My first thoughts on this topic are:
Server-side data storage
Signal messenger prides itself as a service that is run by a non-profit that doesn’t collect data about users. It has nothing to sell, nothing to disclose to curious government agencies, even if they are forced to. This is on the server-side.
While in transit, messages are protected by the Signal protocol encryption scheme, with its revolutionary ratchet mechanism that makes every transaction unique in terms of encryption keys. Imagine this potential threat: someone is collecting all your encrypted messages by listening in on your traffic. In simple encryption schemes it is enough to get a single key to decrypt all messages at once (such as is the case in GPG, PGP, Threema and others). The cool thing about the Signal protocol lies in the fact that even if someone were to get access to your phone and extract the current encryption keys, your previously sent messages are still safe (as long as they are not stored on your phone anymore). This is because the encryption keys for sent messages are deleted as soon as they are not needed anymore to send or receive messages, while moving through the ratchet.
Data persistence on client-side
Users may want to keep the history of their messages on their device, just like they keep their SMS conversations. While I would argue that there should be an option to automatically delete messages after a certain time, the messages that are stored on the device should be somehow protected from intruding eyes by some level of encryption. Supporting encrypted backups through the companion app may also be an option, similar to how this done on Android.
If the client on the Mudita wants to be the primary device, it has one additional feature to handle in comparison to secondary device apps for Desktop and iPads: device authorization. Only the primary device can add, monitor and remove secondary devices. This may be tricky to implement, since the linking procedure requires the scanning of a QR security code, but the Pure doesn’t have a camera. There are workarounds, but it’s not easy to make this user-friendly.
Video call impossible
For obvious reasons it is not possible to implement video calling on the Pure. Text format should not be a problem, but what about voice calling. Is it technically feasible if all falls into place?
Mobile data access
Currently, the mobile data is planned to only be accessible on another device that uses the Pure as a modem. Is feasible to allow access to mobile data in the app while on the road?
What are your thoughts on this?
Obviously we can’t expect this app to be developed by someone for us, but if enough people are passionate about making this a reality, synergies can be found and in some months or years this could be welcome (opt-in) addition to the ecosystem. Also keep in mind that this is not a do-once-enjoy-forever task. The Signal messenger is in active development and this project would need to be maintained, ideally in cooperation with the Signal Foundation.
Thanks for starting this topic. The word on the street is that it’s hard to stay afloat on Signal servers as they’re not letting in any unofficial apps, so a close cooperation with the Signal Foundation might be crucial.
Last time I’ve seen, Signal wasn’t to keen to have third-party clients interact with their hosted server instances. I can kind of understand that point to be honest. Even if their software is opensource, it doesn’t mean that you are allowed to use their running instances for your product.
The opensource alternative for Signal, LibreSignal, has also ceased development due to this. Although they didn’t clarify that they would take legal actions or just ban the clients from their servers AFAIK, it just doesn’t make sense under these circumstances to put any kind of work hours into this.
Take this with a grain of salt and conduct your own research. It has been some time since I’ve kept track of this. Things might have changed, but I don’t know.
I know what you mean. I think the consensus boils down to that a close collaboration with the Signal foundation would be essential. On the other hand, Signal-cli for the raspberry pi doesn’t seem to experience the same amount of backlash. Which makes me think that the issues arise mostly as a means of quality control and to prevent unnecessary forks that may or may not be maintained.
I am currently wondering if the Pure has enough system resources to allow for an app with an encryption protocol as complex as Signal’s. What would be a good way to find out?
- Present the Pure’s physical dimensions in inches as well as millimeters?
- Present the Pure’s weight in ounces as well as grams?
- Present the Pure display’s diagonal width in millimeters as well as inches?
These additions would help to make the specs page “units-bilingual”!
I’m unsure how many people use dots/mm instead of pixels/inch, although here is an example of a converter for this.
@kirkmahoneyphd I don’t see why not. I will definitely pass it on to our team.
@kirkmahoneyphd The team responded & they will update the specs in the coming week
Out of curiosity, as I don’t use ANY messengers to communicate- what exactly do you guys find so appealing about Signal & Telegram. At one point in my life, I did use Whatsapp, but after they were sold to Facebook, the app lost its appeal. I understand both Signal & Telegram are quite privacy focused (stop me if I’m wrong), but why is one better than the other? Or are they both equally good.
Both are centralized and both require a phone number to sign up, Signal uses end-to-end encryption by default while Telegram defaults to cloud-based chats with server-side encryption (although you can use “secret chats” which use end-to-end encryption)
Both have free and open-source clients, Telegram server is closed source and Signal server is open source but can’t “federate” with other Signal servers.
Finally Telegram is more feature rich right now (bots, channels, public groups…) but for most people there’s no difference there.
I will suggest taking a look at some awesome alternatives for centralized and proprietary messaging platforms like Matrix, Jami, Briar, Session…these are actually good solutions: free and open source, private by default, secure and decentralized or even peer-to-peer…hopefully something like this gains traction some day, meanwhile we can just avoid instant messaging and use email with PGP encryption.
@anon50734617 Thanks for all the tips! You’re awesome! I really appreciate it. I will check out all the options.
What I find appealing about Signal:
Has all the features that people know from Whatsapp and is just as easy to use. The creators of Signal made end-to-end-encryption the norm for private communication, which prompted Whatsapp, Facebook and Skype to enable this on their own services as well. Much to the dismay of some government agencies that seem to believe that it is a basic right of the state to spy on the people they are supposed to serve.
Yes, Signal is not perfect, but they have gone a very far way to protect the privacy of their users and they are still innovating. The key to their success is the ease of use, which other decentralized options are now slowly catching up to, and maybe even more importantly that they don’t need the creation of yet another username, identity. For people that require absolute anonymity, other solutions are better suited, but I still believe that we should take pride for who we are when we talk to our loved ones and anonymity is not desirable.
For Telegram, I see absolute no use case for this, have only ever received links to conspiracy theories on this messenger, it doesn’t respect the user’s privacy. This app got deleted and won’t see me again…
Another noteworthy mention should go to Threema: this small-fee ($4 per identity only once) messenger prides itself for being used by Swiss government officials. They have recently published their client code on github (server code remains closed) and the app works pretty well. Their encryption protocol is not much better than GPG for email (Signal has made many many innovations which are important), but at least it is consistently encrypted.
@thinkround You’re not the FIRST person who has told me this. It’s one of the reason why I never really checked this app out myself because- and I’m not exaggerating here- I think you’re the 5th or 6th person who has uttered the same concerns.
However, when it comes to Signal, what don’t you like about the app? What would you improve?
Another cool project that I forgot to share in my previous post, Berty, private, secure, distributed and open source, using a protocol based in IPFS.
Would be really awesome to see something like this implemented in MuditaOS
That’s a very good question and I had to think a long time about it. To be honest, I believe that Signal is a nearly perfect, albeit centralized, messaging app. Of course it would be better to have something with the same features and the same ease of use, yet decentralized: like Berty and Briar are aiming to be. I am very impressed by these projects and really hope they’ll be as successful as Signal in finding enough users to make it an interesting communication tool for grandpa, colleagues at work and your kids. The hard fact is: communication always takes two people to share a common communication protocol and I’m not going to force all my friends to install yet another protocol, even if it is in theory better than everything else the world is using to communicate. GPG failed, because verifying identites through a web of trust is too complicated for the average Joe. And if not done correctly, it is pure snake oil, so it’s good that it failed!
What Signal could improve on in my humble opinion is
- support for Android tablets (and Mudita Pure )
- being able to notify all your recently contacted contacts of your new phone number when changing your number
There are many people lamenting that it is not possible to signup to Signal without a phone number, saying it forces people to identify themselves (somewhat). They wish to be able to signup anonymously. While I respect the need for this kind of communication, I don’t believe Signal has to fill that gap, there are better options for anonymous communication and Signal doesn’t have to be the best tool for the job for everything. Yet they are still working their way towards that goal, while taking great care of paving the way so that the user experience does not suffer when your device is run over by a car. This foresight for preserving usability is what Signal excels at.
Decentralization is hard to do well and trying to be good is just not enough. If Berty, or Briar or any other communication protocol can prove itself to be an excellent tool for communication, while avoiding all the pitfalls of what could go wrong, they’ll gain adoption and they might even one day eliminate the need for Signal’s technology stack. And anonymity as an option is great, but these decentralized networks shouldn’t make the same mistake that caused GPG to fail: the management of a web of trust is not easy. And what purpose does it have if I can be anonymous on any messenger app if I have to shout from the top of my roof: “find me on [insert messenger name], where you can talk to me in private!”. It doesn’t solve the chicken and egg problem. Having a discoverable entry in a phonebook linked to my identity is actually very useful for most people and very desirable to me, to be able to connect to people that I didn’t even think of…
Never heard of Berty, sounds really interesting! I did a lot of research on messangers and I do agree that, for the average consumer, GPG is way too hard to do.
I always really liked Matrix, which as of today, feels like the best alternative around to be honest. Berty seems to follow similar goals but makes it “easier” to setup as it doesn’t require an account. I guess it just generates a random ID somehow?
And you did mention a problem that I had as well: people have to download a new app if someone switches communication channels. I’d call myself tech-savvy so if one of my friends wants to move to another messaging app that embraces privacy compared to other popular ones around, I’d be happy to do that! But as of now, most of them don’t. “Why would I use something else if everyone uses X?”
Interesting ideas floating around here, looking forward to collaborate
Signal definitively has problems. It’s not gonna be a great fit for this project as @ilikeit correctly pointed out.
Berty might become cool in the future. It’s just a demo for now.
I like, and run servers for, both Delta Chat and XMPP (using OTR with some contacts and OMEMO with others). I use a dumbphone, though, so I don’t chat with people when I’m away from the computer.