> So to the question of replacing email: unless all your email is currently PGP encrypted, you don’t need to drop your email just yet.

You don't need to drop email at all. If you trade protocol openness for encryption, you are acquiring technical debt. How long are going to do this dance of switching between instant messenger protocols? ICQ -> AIM -> MS Messenger -> Hangouts -> WhatsApp -> Signal -> ???.

Open protocols (open in specs and federated in access) are the only way to stop this madness.

In the past Google and Facebook supported xmpp(jabber) protocol. That was real step in right direction. You could use your client and OTR plugin to encrypt all communications. It all ended in 2015.

Do you have an opinion on why that happened?

(I think a lot of useful Signal properties are much harder to do with federation, but that’s a subtle enough problem that it warrants a long form post, not a HN comment. I agree that ceteris paribus federation is better than not—but c.p. is doing a lot of work there :))

Is there some reason to believe it didn't happen (mostly) for the reasons stated by the respective parties at the time? 'federated' is often brought up as an unalloyed good so casually but as you point out yourself, there's a huge overhead, conceptually, operationally, etc.

IMHO, Matrix currently has the best shot at becoming the standard for the open internet.

Those who value the freedom of choice should push for Matrix before Signal becomes the de-facto standard and is acquired by one of the tech giants looking to lock down control of communication.

Matrix is too dependent on it's only vendor in existence, their only server in existence has performance issues. Also, a monolith standard is hardly viable for federated networks, where all nodes can't upgrade all at once.

> [...], their only server in existence has performance issues.

This is either misinformed or disingenuous: https://www.hello-matrix.net/public_servers.php

All these server instances use the same server software, provided by the same vendor.

Ah, I did not realize you were referring to the software. In that case, there is also Construct[^1]. There are other implementations in the works, though progress is somewhat slow.

Synapse is much better with regards to resource usage these days, though. The RSS of my instance is 355M right now and the CPU usage is hovering around 0-10% (15-min server load ~0.5).

[^1]: https://github.com/matrix-construct/construct

Fortunately Signal is a well funded non-profit which reduces the likelihood of its acquisition significantly.

Anybody using keybase? I think they have excellent security, Superior to telegram and signal in some ways.

I wouldn't use keybase where I need reliability due to their vague TOS (that came into effect around the beginning of this year): They can ban you from their service if they deem your actions outside their platform unacceptable.

Interesting, I had to check their ToS and found this which seems a bit vague:

"[...]use the Services to store or transmit any inappropriate content, such as content that: (i) contains unlawful, defamatory, threatening, abusive, libelous or otherwise objectionable material of any kind or nature" [1]

(My emphasis)

[1] https://keybase.io/docs/acceptable-use-policy

Lots of pros

1) we use it as a slack replacement 2) git integration 3) stellar Blockchain payments 4) encrypted file sharing 5) great system for key management

I'm still using ICQ...

> Signal is for secure, end to end encrypted communication. Ideally that would be all communication, but that isn’t realistic in today’s world.

Do you seriously believe that ALL communication working through a single proprietary non-federated service would be a good thing? !

I’m having a hard time believing just how polar opposite of my point people are taking me, I must be explaining myself very, very poorly.

Let go of the idea of “good”, nothing is currently good. Everything is terrible. The only thing that’s “good” is a federated, open, and secure in practice protocol (I.e. not just for people who use it properly, but for people who is it full stop. Like HTTPS, for example.) Today, we don’t have that. Let’s work towards that. Let’s make it happen tomorrow.

But today: federated or secure, pick one. (See TFA)

Meanwhile , there are people , today, with a real need for encryption. (See TFA) A need that transcends our long term plans. These people look at what “techies” do and say, and they imitate it. That’s the way of the world.

It is currently PGP. That is not secure, in practice when used by those people (see TFA). Therefore, we need to stop using PGP, use Signal for now, until we have an actually good solution that is better than Signal and PGP.

That’s the summary of the article.

Nobody is talking about replacing all email. Nobody says the status quo is good. Heck, nobody is really arguing for Signal, as much as arguing against PGP, and signal winning by default. That’s all.

We’re all on the same side here, guys. It’s just a matter of temporary compromise.

> We’re all on the same side here, guys. It’s just a matter of temporary compromise.

I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.

But if you rule out Signal there isn’t another choice for the users in question.

There is not a federated messenger that provides the same security as Signal.

Your argument reduces to (for the user segment under question) “don’t use electronic because I value federation”.

I value it too but that seems incredibly selfish.

> There is not a federated messenger that provides the same security as Signal.

Actually, there are federated messengers that provide better security and privacy than Signal. Yes, XMPP ones. They might not have the same convenience yet, yes, because they are not tied to phone numbers, but don't even get me started by trying to say that tie to phone numbers is a plus.

Name a federated message tool that is more secure than signal for a user who is not a tech expert and whose life is potentially on the line.

Conversations, Xabber, Chatsecure. Any of these is more secure than Signal: they are not tied to phone numbers (means: way more privacy), work with TOR easily, and starting a secure conversations is no more difficult than 'add contact' (enter contact XMPP id) -> 'press lock' -> you're ok, chat is private, and your phone number is not exposed.

Actually, this phone number thing is the main reason why I find it hard to suggest using Signal to anyone who's life is on the line.

Can you explain why any of this is more secure than signal with sealed sender? What is the privacy impact of tying to a phone number, beyond the one bit: I have signal?

As far as I can tell, sealed sender leaks less metadata than omemo currently does, which makes tor etc. Mostly irrelevant. Plus, I'm not going to fuck up signal, while I will misuse Tor.

Tying to phone numbers makes identities expensive.

What's the threat model that requires multiple identities?

From privacy point the standard is using separate identity for every action, if possible. - That's also a major bummer for Briar.

That's not a threat model, and not generally possible (or even desirable) with something like a messaging app. So again, what is the threat that you wish to address that you believe is only solvable with multiple identities?

This is an important question, because cryptographic repudiation and secured metadata prevent most of the dangers that I can think of, but I might be missing some.

If your life is actually on the line you are better off doing some research on how to use PGP properly. Otherwise you have no good way to know if you will end up with something strong enough to use against state actors. The simplicity and strength of PGP is hard to beat. Riseup.net has an entire section mostly about OpenPGP:

* https://riseup.net/en/security/message-security

The actual article were commenting on right now is literally about why this doesn’t work. That’s the whole point of the article.

One example (from the article) is other people accidentally replying to your encrypted messages in plain text, including the entire reply history.

This is what TFA is about. PGP is not safe for people who actually need encryption.

Here's the Signal version of the riseup.net article:

> Purchase a modern android or iOS device and install Signal. Your communications are now secure.

Given the security provided by signal, why do I need to understand the message authentication schemes, private key management, keyservers, versions, etc.

> The simplicity and strength of PGP is hard to beat. Riseup.net has an entire section mostly about OpenPGP:

Given that, in practice, basically no one's use of PGP provides security or privacy beyond what I get when using Gmail or Outlook, I beg to disagree.

How in god's name can you claim that a 6 page article describing the ~20-30 steps to correctly set up a keyring (oh and then keep up your opsec for the life of your communication because pgp doesn't provide forward secrecy and the protocol makes it possible to transfer plaintexts unencrypted) is simpler than "Install signal, and send messages"?

They're secure right up until the point someone with the ability to do so spoofs your phone number.

And yeah, Signal will detect that and inform the other side that "security number has changed". At which point they'll promptly confirm the new one, because they don't understand its purpose anymore so than private key management etc - because they simply installed the app from the store, and expect it to "just work".

> Signal will detect that and inform the other side that "security number has changed"

Specifically, it will say "Your safety number has changed...This could either mean that someone is trying to intercept your communication, or that <other party> reinstalled signal."

Even for a layperson, if they have reason to be concerned about a powerful attacker that's reason enough to stop.

I have switched quite a few casual users to Signal by now, and in my experience, none of them have paid any attention to those regardless. They don't even bother asking the person through some other channel - just confirm the new number.

Assuredly, but most people aren't actually that concerned about state sponsored attacks on their communications, and for those people Signal is still as good as (or better than) PGP email, but they can safely ignore these notifications because, well, the likelyhood (and the risk due to) a state sponsored attack is relatively low.

> Signal can't work on an air gapped system

If this is the kind of thing you're resorting to claiming, we're well beyond reasonable forms of argument, and so I think it's safe to say that you agree that signal is better.

No communication protocol works on an air gapped system, and a modern Android or iOS device is going to be secure enough that you really don't need to use a special device for your messaging.

The riseup article doesn't mention anything about using a special device for your secure messaging, so I'm not sure why you think it's so important all of a sudden.

You mean gmail?

> TFA merely says: if you were gonna use PGP, use Signal instead.

The article mentions Magic Wormhole, age, and Signal, IIRC.