Signal is the best intersection of genuine security and ease-of-use that I’ve ever seen. No choosing a server, no making an account. Just install the app, get a confirmation SMS, and now you can communicate with future-proof encryption and authentication right away.

For more technical people, who aren’t going to be intimidated by things like making accounts and secure passwords and choosing servers, Signal is not the best. But when I need to communicate securely with non-technical people, it’s a wonderful quick go-to solution.

I’m not going to push anyone who uses a secure decentralized FOSS chat already to signal, but someone who uses telegram/viber/whatsapp is easier to get gradually on signal, which is super low effort compared to the ones you mentioned.

I’ve tried. I’m happy that I got friends and family to move from SMS and WhatsApp to Signal. Some I got to move to e.g. matrix but that’s only a few.

Just my two cents since you asked. I agree with you but I don’t want perfect to be the enemy of good.

There’s nothing wrong with Signal’s centralization model in a worrying sense. It acts only as a clueless message relay, and it has near-zero information on any of its users, even as it delivers messages from person to person. The only information Signal knows is if a phone number is registered and the last time it connected to the server. There is great care taken to make sure everything else is completely end-to-end encrypted and unknowable, even by subpoena.

The only real issue with Signal’s centralization is that if Signal the company goes down, then all clients can no longer work until someone stands up a new server to act as a relay again. Signal isn’t the endgame of privacy, but it’s the best we have right now for a lot of usecases, and it’s the only one I’ve had any luck converting normies to as it’s very polished and has a lot of features. IMO, by the time the central Signal server turns into an actual problem we’ll hopefully have excellent options available to migrate to.

Also TMK, the only reason you still need a phone number for Signal is to combat spam. You can disable your phone number being shown to anyone else in the app and only use temporary invite codes to connect with people, so I don’t count the phone number as a huge problem, though the requirement does still annoy me as it makes having multiple accounts more difficult and asserts a certain level of privilege.

I totally agree with you. But!

But Signal from what I’ve heard really wants us to use their server.

Signal doesn’t have their own servers. Instead, they rent servers from 4 companies, 3 of them is Google, Amazon, and Microsoft. So Signal is relying on Big Tech and if Big Tech decides that enough is enough, they can easily shut Signal down.

THAT is what I find most terrifying. And why not use their own server? Not enough money, but they are working on it (good).

And to make it a little bit worst: Signal depends on a third party company for sending out SMS. Your phone number is therefore handled by not Signal, but by yet another company, highly likey an American company. And they are against privacy invading companies at the same time they are one. Oh, the irony.

You want sources? Sure.

• https://signal.org/legal/ (below “Information we may share”)
• https://signal.org/blog/signal-is-expensive/

Don’t get me wrong, I absolutely love the idea of Signal. But there is flaws that makes Signal more privacy invading than privacy friendly.

I’ve used XMPP since shortly after it was developed. I still use it today.

HOWEVER, while the clients are relatively good, as long as they support the extensions you want to use, I’ve found maintaining the server to be a royal headache. Between protocol and extension improvements, security updates and general server instability, I find that it’s a constant struggle to have it running and compatible with whatever client someone is using, when someone actually uses it.

Signal, on the other hand, pretty much always works, has a single client, and nobody has to worry about managing the server except Signal. So as infrastructure, it makes a lot more sense.

Because it’s nearly impossible to convince friends and family to use anything other than iMessage or “the text app” on their phone. The process you’ve described is basically akin to swimming the English Channel for the general public. I’d do it. But expecting anyone else to is just a pipe dream.

I’m already a social outcast and second class citizen for not using imessage. Asking my friends and family to install a whole separate app just to communicate with me puts me firmly in weirdo territory.

Against XMPP+OMEMO

If I could get a single person to use Signal instead of Whatsapp… or even the nerds I know to use matrix instead of Discord…

I use Telegram. Eek? It’s just my wife and I though. All these things I’ve heard about Telegram? Never actually seen them in mine. I have looked at groups, but I’ve only seen memes, crypto crap, and what look like scams (“post this in 5 Reddit threads to get invited to the actual group”). There’s nothing of value out there that I’ve seen. So I just use it to message my wife, because texting wasn’t good enough when we started using it (both our phones have RCS now) and I don’t use Facebook, and she doesn’t have an iPhone (so, no iMessage).

I completely reject this notion that you have to pick one and stay with it. My messaging apps include iMessage, Session, Signal, and Telegram. I also have a fork of Telegram that lets me use it from my watch (as in, it has a watch companion; official Telegram does not). I also have Discord (need it for a couple things).

I used xmpp with otr encryption… maybe also omemo, it rings a bell. This was some years ago. But it was barely usable. Otr refused to connect at times and only unecrypted worked, messages were encrypted with wrong keys or something and history became unreadable. It worked on the desktop, but then not on the phone, only with this and that client, but not those. It was a confusing mess and I had to stop using it. If it works today, thats great.

Because the most useful communication apps are the ones that you can reach people on. XMPP’s lack of user friendly UX or long term support and commitment make it DOA for most normal people, which in turn makes it DOA for everyone who might want to talk to one of those normal people who are turned off by it.

Signal & Conversations (XMPP). Apparently the move from WA to Signal seems easier for most of my bubble. Can’t understand why.

XMPP also supports federation, or server-to-server communication, but it’s whitelist based from my cursory read

First of all, thank you for your recommendation. I was on the fence between Siskin IM and Monal, so I went with Monal to replace AstraChat.

I’ve used Signal before and it was fine but I prefer not to give a phone number to open an account; there are other services that don’t require it.

Speaking of services, I use Simple X, Session, Matrix and Delta Chat (occasionally). Most of my eccentric mix of family, friends and colleagues are happy to try something new or switch as long as it doesn’t require a phone number to sign up. They’re slowly leaving Signal, WhatsApp, Telegram and limiting access to their iMessage.

In my experience, Session syncs very well between my devices which makes it my favorite. I chose FluffyChat over Element because of the App Privacy in iOS.

Signal is really simple and has a sizable userbase now. I’ve worked with people in non-tech companies and they’ll have signal installed because theres someone in management that cares for security to a degree and does official nonofficial team communication with signal

Element/Matrix I think has a chance. The newest Element X app looks a lot better on the phone and on desktop. It’s progressing to good user experience