Comments

You must log in or register to comment.

avbeav wrote (edited )

I've been using Signal Desktop for the last half a year. I really wanted to like it but I'm finding it harder and harder to do.

For being an app to, well, send and receive messages, it does just about everything wrong:

  • Being an Electron app it's ridiculously resource heavy and uses a lot of disk space.
  • Scrolling in message history is jittery as the scrolling position jumps every time a message is loaded.
  • You can't see the name of the person writing, only their phone number. Nowhere to save names (except on smartphone).
  • Message delivery is extremely buggy, i.e. messages often not coming through, and sometimes receiving messages people didn't send.
  • No video or audio calls (That's only for smartphone because that's, like, difficult to enable on desktop, you know.)
  • No way of creating or editing groups. (That's also only for smartphone because ... dunno, I forgot.)
  • No way of starting a conversation with someone. (That's also smartphone only because, you know, people who use laptops don't need to start conversations anyway.)

They are probably not going to fix this because their focus is elsewhere:

In just the last three months, Signal has added support for iPad, [...] downloadable customizable "stickers," and emoji reactions.

And I find it so patronising that whenever issues are raised, the response from OWS is often that you're a nerd or not normal or hyperparanoid and not part of the mainstream audience. This is hinted at in the article,

The difference, today, is that Signal is finally reaching that mass audience it was always been intended for—not just the privacy diehards, activists, and cybersecurity nerds [...] "This is not just for hyperparanoid security researchers, but for the masses," says Acton. [...] making Signal friendlier to normal people

Also not a big fan of OWS's privacy washing (in lack of a better word) of surveillance giants like Microsoft, Facebook, etc. Yea, Moxie is so tightlipped that these reporters had to check the download stats on Google Play Store:

Today, he remains tightlipped about Signal's total user base, but it's had more than 10 million downloads on Android alone according to the Google Play Store's count.

I have never understood why end-to-end encryption would even matter in those non-free apps they're pushing, like Skype, which could just read the message at your end after it's decrypted because the code is non-free so there's nothing preventing them from doing that. Oh, but maybe I'm just a hyperparanoid nerd activist for even suggesting that.

5

celebratedrecluse wrote

I know. This shit is so fucking obnoxious, i developed a workaround.

What i do is grab a copy of androidx86, verify it then use the install media to setup a virtual machine. Even then, you have to fiddle a bit because androidx86 has its own issues, i have to boot "nomodeset" or it freezes on a startup command line.

At this point, upon boot i disable all the google bullshit i can from within the vm. Fortunately u dont need to do this everytime. I like to do this with the vm manager having blocked the internet, microphone, camera.

After this, you can use a usb stick to transfer the signal apk onto the guest OS and install/configure it, without having to trust the guest OS. I recommend enabling a really secure registration lock.

I then restart, enabling the vm's internet connection. You then register your # with signal. If you want a throwaway #, just get a burner phone and use it to register a google voice/onsip/some similar voip ahead of time over vpn, then log into the vpn and voip on your host OS once youve setup the vm, and use that to register the #. Give away the physical burner phone to someone who needs it, for example lots of houseless people need cell service so just ask around.

This gives you the actual signal app, plus a disposable #, for about $30. And it lasts for life if u keep your voip active (google is free, although obviously sketch)

4

avbeav wrote (edited )

If you want a throwaway #, just get a burner phone and use it to register a google voice/onsip/some similar voip ahead of time over vpn, then log into the vpn and voip on your host OS once youve setup the vm, and use that to register the #.

That's a clever way of dealing with not being able to access a SIM-card from the Android vm!

I used signal-cli with a burner phone for initial registration and that worked fine as well.

What i do is grab a copy of androidx86, verify it then use the install media to setup a virtual machine.

Sounds like a good hack! 🛠

Pros:

  • edit groups
  • initiate conversations

Cons:

  • attaching files? (They'd have to be transferred to the vm)
  • clicking on links? (They'd open in the Android browser, no?)
  • now Signal needs a full separate OS rather than "just" a full separate browser 😨

Edit: Just found this, Signal-curses. Looks promising.

2

celebratedrecluse wrote

Files can be transferred in and out of the vm thru a physical usb stick pretty easy, and you could theoretically force the vm to use vpn or tor if you want to be able to click on links, however both are clunky ur right. And yes, it's absurd to run a 2gb OS just to have one signal app lmao

2

celebratedrecluse wrote

Btw, i highly reccommend 2gb per vm for androidx86. Otherwise the interface will be p slow, ime

1

Hagels_Bagels wrote

For being an app to, well, send and receive messages, it does just about everything wrong:

I've tried signal desktop as well, but I couldn't get it to really work. I was originally expecting it to show up with the text threads from my phone with contacts, but neither of them are synced between the desktop and mobile after pairing it to your mobile number. And I think the app has to be running on the PC to detect new texts from your phone, or else it wont show up. Meaning if you are relying on it to check your texts, without it being run 24/7, there is a fairly good chance you will miss the texts. What's even the point of using it or even it's existence if it is such a hassle?

The mobile version I like though. Even though I've never came across anyone else who uses it, meaning none of my texts will be encrypted anyway. Oh well, maybe I will come across someone who uses it someday.

3

avbeav wrote

And I think the app has to be running on the PC to detect new texts from your phone, or else it wont show up.

Signal Desktop can receive texts on its own. That part works fine.

1

lautreamont wrote

Signal relies on a security model that is problematic, based on the claim that only end-to-end encryption is enough to provide with security.

There's three huge, well-known weaknesses to this system:

  • It relies on your cell phone number, and isn't "device agnostic"
  • It violates sandboxing principles by interacting with unsafe metadata and apps, such as your clear text Contacts.
  • it's not, afaik, forcing users to lock their Signal account, as it keeps it unlocked by default. Even tho there's the option to lock it down.

Signal is the Tails of cell phone comms. It's supposedly super-secure on the surface, but underneath lies a bunch of very tricky contradictions. Not sure how Moxie cares.

2