Problems we are having with #Signal:
* It is and will remain centralized (clear strategy of *not* federating servers)
* It requires strong identifiers/selectors (phone#) to use
* Author disallows distribution by anyone but Google, although free/libre
* It keeps pushing away verification of fingerprint in interface
* It relies on Google+Amazon infrastructure
* Its funding is shady (OTF = Radio Free Asia = USG)

= clearly unethical choices, unjustifiable by accessibility or technological reasons.


The Better options all require advanced skills to use. Non-technical users deserve privacy too.

* Non-federation means users not giving up at server selector dialog and no one-off hostile servers.

* Phone numbers are mediocre IDs but hard for users to screw up.

* Google prevents third parties (e.g. abusive ex, corrupt local sherrif) from tampering with the apk.

* Funding is funding; the USG funds lots of stuff, some of it good.

Signal is imperfect but the perfect is the enemy of the good.


Usability is important, yet not *crucial*. It is often in the hands of people with large resources. Most of the it time amounts to having software making choices instead of you.

Balancing techno-ethics and software freedom by "usability" is i think a fake dichotomy.

Like balancing freedom and security to justify anti-terror measures restricting freedoms and agency. One cannot pretend to trade one for the other.

(Jefferson mode: ON - "He who sacrifices freedom for usability...."?)



Given that the majority of security problems are due to user error, I would think it is obvious that UI is a significant aspect of software security. Describing usability and security as a trade-off is an astounding false dichotomy.

· · Web · 0 · 1 · 2
Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!