1/ In defense of #Signal. Yes, I'm a guy that just posted a roundup of distributed/mesh messengers https://changelog.complete.org/archives/10205-roundup-of-secure-messengers-with-off-the-grid-capabilities-distributed-mesh-messengers of which #Signal was obviously not part. I am really excited about the potential of those.
But to the general public, I still recommend Signal. Here's why.
2/ #Signal brings #encryption and #privacy to meet people where they're at, not the other way around. People don't have to choose a server, it can automatically recognize contacts that use Signal, it has emojis, attachments, secure voice and video calling, and they all just work (Musk aside). It feels, and is, a polished, modern experience with the bells and whistles they are used to.
3/ I am a huge fan of #Matrix/#Element and even run my own instance. It has huge promise. But it is Not. There. Yet. Some reasons:
#Synapse, the only currently viable Matrix server, is not ready. My Matrix instance hosts ONE person, me. Synapse uses many GB of RAM and 10+GB of disk space, with little tuning for either. It's caused OOMs more than once. And this is AFTER extensive tuning. It cannot be hosted on a Raspberry Pi or even one of the cheaper VPSs.
4/ Choosing a #Matrix instance. Well you could just tell a person to use matrix.org. But then it spent a good portion of last year unable to federate with other popular nodes due to Synapse limitations. Or you could pick a random node, but will it be up when someone needs to say "my car broke down?" Some are run from a dorm computer, some by a team in a datacenter, some by one person with EC2, and you can't really know. Will it be stable and long-lived? Hard to say.
5/ Voice and video calling is not there yet. Matrix has two incompatible video calling methods (Jitsi and built-in), neither work consistently well, both are hard to manage, and both have NAT challenges.
6/ #Matrix is so hard to set up on a server that there is matrix-docker-ansible-deploy https://matrix.org/docs/projects/other/matrix-docker-ansible-deploy/ . This makes it much better but it is STILL terribly hard to deploy, and very simple things like "how do I delete a user" or "let me shrink down this 30GB database" are barely there yet, if at all.
7/ Encryption is not mandatory in #Matrix. E2EE has been getting DRAMATICALLY better in the last few releases, but it is still optional, especially for what people would call "group chats" (rooms). Signal is ALWAYS encrypted. Always. (Unless, I guess, you set it as your SMS provider on Android). You've got to take the responsibility off the user to verify encryption status and make it the one and only way to use the ecosystem.
9/ What about some of the other options out there? #Briar is fantastic and its offline options are novel and promising. But in common usage, it can't deliver a message unless both devices are online simultaneously, and doesn't run on iOS (though both are being worked on). It also can't send photos or do voice or video calling.
10/ Some of those same limitations apply to most of the alternatives also. Either that, or they are encryption-optional, or terribly hard to set up and use. Just today, I boosted a post about #Status, which shows a ton of promise also. But it's got no voice or video calling capabilities. How about #Scuttlebutt? Fantastic protocol, extremely difficult onboarding (lengthy process, error-prone finding a sub, multi-GB initial download, etc)
11/ So #Signal gives people: dead-simple setup, store-and-forward delivery, encrypted everything, encrypted voice/video calls, ability to send photos/video encrypted. If you are going to tell someone "it's so EASY to get your texts away from Facebook and AT&T", THIS IS THE THING you've got to point them to. It may not be in 2 years, but for now, it is. Do not let the perfect be the enemy of the good. It advances the status quo without harming usability, which nothing else does yet.
12/ I am aware of all of the very legitimate criticisms of #Signal. They are real and they are why I am excited that there are so many alternatives with promise, some of which I use actively. Let us technical people use, debug, contribute, and evangelize the alternatives.
And while we're doing that, tell Grandma to contact us on Signal.
@jgoerzen great exposition, most comprehensive address to my objections. still: i don't want to give my phone number to people i don't trust (that is moxie and openwhisper and all who can grab it from the discovery process, like the police, the state, fascists, etc). i don't want them to have my kid's phone number either, nor my friends and comrades. 1/
@jgoerzen fascism is here, all around us already, in various forms. those phone numbers will be in many databases comprising a graph of relations of everyone on signal. available to all future police and repressive regimes. unacceptable
@zeh I think you and I are pretty much in agreement about Signal's weaknesses. But for the vast majority of people, the choice is not "Signal or #Element", it's "Signal or SMS/Whatsapp". And the reason is that Signal is the only thing that they are going to be able to easily learn, use, and understand.
Give them Status or Element and it's going to get tried out for 10 minutes and then ignored or deleted, by the vast majority of people. Either that or they will stumble into plaintext.
@jgoerzen @zeh #Signal is so far from perfect that calling it merely "imperfect" is absurdly generous. For the grandma use-case, #Wire is a drop-in replacement for Signal. Grandma doesn't care if her metadata links her to her grandkids, but forcing grandma's network of friends & family to get GSM/CDMA subscriptions & share their ph# is a stupid move that's both exclusive & privacy-abusing
@zeh @jgoerzen Those who call #OWS #Signal merely "imperfect" have not read or fully absorbed this article on what a shit-pile it is, in terms of ethics, privacy, & security: https://github.com/privacytoolsIO/privacytools.io/issues/779
@resist1984 @zeh @jgoerzen My wife and I have been using our own self hosted service and experimenting with Session. It's curious that Session doesn't require phone numbers, even though it's a fork of Signal and used the Signal protocol until very recently. I haven't voiced that concern to my normie friends who use Signal because I'd rather them use anything other than Facebook and I don't want to confuse them, but I can't help but wonder.
@resist1984 doesn't wire use AWS?