Problems we are having with #Signal:
* It is and will remain centralized (clear strategy of *not* federating servers)
* It requires strong identifiers/selectors (phone#) to use
* Author disallows distribution by anyone but Google, although free/libre
* It keeps pushing away verification of fingerprint in interface
* It relies on Google+Amazon infrastructure
* Its funding is shady (OTF = Radio Free Asia = USG)

= clearly unethical choices, unjustifiable by accessibility or technological reasons.



The Better options all require advanced skills to use. Non-technical users deserve privacy too.

* Non-federation means users not giving up at server selector dialog and no one-off hostile servers.

* Phone numbers are mediocre IDs but hard for users to screw up.

* Google prevents third parties (e.g. abusive ex, corrupt local sherrif) from tampering with the apk.

* Funding is funding; the USG funds lots of stuff, some of it good.

Signal is imperfect but the perfect is the enemy of the good.

· · Web · 0 · 2 · 7

@suetanvil @jz my conclusions exactly. Where I can, I push people to use XMPP+OMEMO. Where the audience is non technical, like family, I use signal. It's a good stepping stone for privacy awareness.

@suetanvil I wish we stop attempting at justifying the ethically/morally unacceptable by "usability". this notion considers that "users" (not people eh!) are all idiots, incapable of doing what the person mentioning it is capable of.

It is by infantilizing people that they end up being subjugated, under control.

My own field experience of sec is that when u make people understand (activists, journalists doing real journalism, sources, etc.) they are capable of making efforts (tails, GPG, etc.)


Have you succeeded in training anyone without a secondary-school degree in the use of GPG? Because withholding quality education from the poor is one of the tactics in wide use against the US poor.

Would you get my mother to use something harder than signal?

I tried to make her use it but she said some of her contacts did not receive messages.

I mean she did not really care about privacy or crypting messages. So she went back to her standard app after switching phone.

Standards users will not make the effort to understand something more difficult than what Google teaches them.


Usability is important, yet not *crucial*. It is often in the hands of people with large resources. Most of the it time amounts to having software making choices instead of you.

Balancing techno-ethics and software freedom by "usability" is i think a fake dichotomy.

Like balancing freedom and security to justify anti-terror measures restricting freedoms and agency. One cannot pretend to trade one for the other.

(Jefferson mode: ON - "He who sacrifices freedom for usability...."?)


Given that the majority of security problems are due to user error, I would think it is obvious that UI is a significant aspect of software security. Describing usability and security as a trade-off is an astounding false dichotomy.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!