Old habits and mindsets never seem to change despite corporate pronouncements and PR puff pieces written by stenographers. The regulators (and legislators) are either the biggest dupes, or much more likely in on it.
Let’s not forget the FTC hookup for Netflix by Obama and the eventual payout when he left office.
Or Ajit Pai who came from Verizon to run the FTC and undid the Obama era changes favorable to Netflix and inimical to Verizon.
——-
I hardly see any of these events as triggers for the mass migration to apps like Signal. The network effects seem impregnable for now.
Earlier this year, when the change was announced and the media talked about it, I saw a ton of people starting to use signal (non-tech neighbours, my plumber, headhunters I still have in my contact list, etc). At this point I asked my mother to install it and to my surprise a lot of her friends where actually on Signal.
It's still not the majority but at this point there is a significant user base for signal, much more than one year earlier.
What does “move back” means? Almost nobody uninstalled Whatsapp (even I use it frequently) or stopped using it. But they have installed Signal and can now be reached this way. My mom uses it to chat with her friends who have it, and use Whatsapp for the rest. I don't know anyone who has actively uninstalled Signal so far, so I use it by default to connect with them. If you compare this to emails, none of my friends ever bothered to create a non gmail address, so I'm stuck with Google reading all my personal communication with nothing I can do. It used to be the same[1] for Whatsapp, but no more. This is a small victory, but a clear victory nonetheless.
[1]: not exactly the same, because AFAIK Whatsapp is E2E encrypted, but Facebook still has access to all the metadata, which are way more that what I want them to have.
Yes. But the whatsapp groups are impossible to move. I created the same group on signal. Nothing, two people move. Even in my office, a technocratic environment for sure... People won't move. We need a stronger motivator to move them or we need to make moving "seamless".
I joined a few orgs fighting for a systemic change, understanding the decisions process and be a part of it, more collective life in support of all the discriminated people and a more ecological way of life. Left-leaning stuff.
All the public communication happens on Facebook, Twitter and Instagram. Private comms are on whatever those platforms have, or Telegram and Discord. Only a minority have Signal and most don't want to hear about it.
When I tell them there's an internal issue because you can't change the world and give more power to the people by using anti-users tools like those, they look at me like I'm from another planet. There's a long road ahead.
> I joined a few orgs fighting for a systemic change, understanding the decisions process and be a part of it, more collective life in support of all the discriminated people and a more ecological way of life. Left-leaning stuff.
That's fascinating, because when I joined similar groups last year, they all emphasized using Signal for private comms. They were, in fact, the only people I talked to Singal on, because nobody else I knew really used the app back then.
Perhaps there's a stronger privacy culture in some activist groups versus others.
From my very little experience there are a few categories:
- groups where privacy is a matter of personal security will actively use Libre Software and their own services because it's just too important
- groups emerging from the technical world will naturally adopt Libre software and decentralized services because tech doesn't scare them
- everyone else comes from a world where FB/Twitter/Instagram is the norm, so when they group together on issues related to the physical world they will continue to use the digital tools they are used to
There is a real work of deconstructing our tools and the prevalence of big tech in our digital world, just like there was a necessity to deconstruct the position of white males in a patriarchal, occidental society.
I had that issue here too in an org here in the Netherlands.
I was working on the tech end, and a lot of our time was spent transferring events from Facebook to other platforms by hand. I asked, "Why are we on Facebook? These guys are completely against us!" and everyone looked patronizingly at the old guy and said, "We need to get our message across in every platform!"
They were completely clueless, and I loved them, but I had to leave.
In particular, there was one guy working with us who had spent their whole lives working for [large company directly opposed to this org].
I asked him once in passing when he left and he didn't answer. I thought nothing of it, but he started to refuse to answer other questions - not in a hostile way, just always changing the subject.
Then I talked to someone else, and this guy had tried to sneak himself in as a "superadministrator" in another project, even after he'd been explicitly told not to. They asked him about why he did that, and again, he just acted as though he had never been asked.
More of this stuff happened. Particularly, the whole "gaslighting and pretending you never answered the question" got to me.
Eventually I brought this up in a meeting with a few people in charge. Everyone thought I was crazy - but trying to hack into a system and then refusing to answer questions, and being thrown off that project?
I left.
The worst part was I liked the guy, and we never argued or anything.
That's an interesting point of view, and a paranoid person would question the true motives of such a person in that org: were they in for the collective ? For personal gains ? Working as an agent for a third-party ?
> I asked, "Why are we on Facebook? These guys are completely against us!" and everyone looked patronizingly at the old guy and said, "We need to get our message across in every platform!"
This is actually a point I totally agree with: you have to talk to people where they are, especially when they don't already agree with you. But in my opinion it sends a wrong image and such orgs should use Libre Software and decentralized networks first, and only on top of that use FB/Twitter as a copy-paste of the main platforms.
There's a very important step to do that is to categorize who your target is. Basically it's a bunch of concentric rings: those who agree with you, then those who are questioning and need a bit of information, then those who aren't thinking about the subject yet... you have to convince those around you, who will convince those around them, and on and on. In that vein, sticking to decentralized platforms first and gradually growing makes a lot of sense
Indymedia had a collection of global mailing lists, run using private mailservers with no logs, and a private (encrypted) IRC server (with a web interface, and also with no logs). Nearly everyone in Indymedia operated under a pseudonym. But over the course of the noughties, most activists moved over to Faceache.
I never understood why activists would adopt pseudonyms, but refuse to use the (relatively) secure communication channels we provided, in favour of Twat and Faceache. Being involved with Indymedia was risky - it was infiltrated by undercover cops, and some of the people posting to the newswire were probably involved in criminal acts (e.g. criminal damage).
In the Whatsapp group, you don't have to share anything about yourself or your child that you don't want to. The daycare might only post very generic info about opening times, events, etc, or it might be one used only for parents to communicate among themselves, at their option.
Facebook know who is in the group and what they post but none of it is necessarily confidential information.
On the other hand, the daycare as part of their operations know lots of details of your children's development, health issues, allergies, mental health, educational attainment and special needs. They know if you are getting divorced, who has custody, if there are dangerous people in the child's life and so on.
Is keeping this private really in the same ballpark as choosing to have a WA group or not?
The fact that the bar for data privacy should be very high for the daycare shouldn't diminish the need for data privacy in the daycare-recommended parent group.
I've broken contact with a reasonably tech-savvy part of my family. I have to decide between being informed about current events and hoping the next Meta leak doesn't have my full name, number, hometown, and possibly group memberships.
Let's turn your question on its head: if using an application fighting to keep users' privacy as high as possible, such as Signal, just as easy as using Whatsapp, why use the latter ?
The premise of your question is obviously flawed: it is not as easy. The precise reason why WA is used is that it's easier, because vastly more people already have it installed.
But anyway, it's just not a priority for a daycare.
Guaranteeing that for example staff don't respond to enquiries about children's health unless it's from the parents is a priority.
I sometimes wonder whether there is any purpose to it in the long term. If/when Signal becomes big enough to be used by a lot of people, they will want to monetize too and the governments will become interested in monitoring messages there too.
It just feels futile. As long as companies need to turn a profit and governments can surreptitiously surveil their citizens there's no long-term solution. We can move to the next platform until that becomes popular (and hence worth monetizing and surveilling), then the next, repeat.
I'm semi-conspiratorial, semi-fatalistic about society's ability to change politics politically / non-technically. There are too many who are too apathetic (and I might even be one of them by already being semi-fatalistic) that anchor the current system in perpetuity. My conspiratorial side says this is by design, whilst my fatalistic side says it's human nature (essentially Hanlon's razor).
Revolutionary change is often a case of "it" getting (a lot) worse before it gets better, but with the inevitability of returning to the previous status quo just with different bums on the same seats. (I've previously stated my desire to write a novel based on this concept in order to try and explore the inevitability, or otherwise, of this 'revolution for nothing' and the changing priorities of individuals as their levels of power increase from zero to monarch and how that may just be a limitation of civilisation).
> There are too many who are too apathetic. Revolutionary change is often a case of "it" getting (a lot) worse before it gets better, but with the inevitability of returning to the previous status quo just with different bums on the same seats.
The problem with this is that you have far too many keyboard warriors who read clickbait headlines and decide they want to change the system.
The people actually working in that system have decades of knowledge about how it works. That isn't always a bad thing. They may understand how to navigate a complex system to get the real change you want, to actually happen.
Imagine if people in this "decentralized, trustless future" saw a YouTube video of an aircraft landing and came to the conclusion that they didn't use enough rudder on landing, without understanding the nature of a 25 knot crosswind.
They'd vote, the pilots would be fired, and aviation safety would drop another notch because the people voting didn't understand the scope of what they were voting on, because they weren't trained pilots.
I was referring to a potential way that messaging could avoid the ongoing pendulum between small, independent and as-yet un-tainted by snooping platforms and the large, popular, privacy invasions they eventually turn into because of their centralised control.
I wholeheartedly do not believe in making aircraft safety a democratic process.
Horses for courses.
Winston Churchill's quote:
“…democracy is the worst form of Government except for all those other forms that have been tried from time to time…”
> I wholeheartedly do not believe in making aircraft safety a democratic process.
But if I read you correctly ("society's ability to change politics") ... this is how the US got things like January 6th.
It's completely destabilizing for a functioning democracy when relatively small groups of like-minded people can coordinate over private channels and rally themselves into something crazy.
The reason politics "works" (and I use that term lightly these days) in this country are because things are all done out in the open.
If you don't like "snooping" and would prefer our politics be done in the dark ... that isn't freedom, that's back-channel politics. We don't want that, I don't care if the left or the right is doing it.
I am actually in favor of E2E encrypted chats and the like. But we need to keep politics out in the light of day. If you want to change the system, run for office.
> I am actually in favor of E2E encrypted chats and the like. But we need to keep politics out in the light of day.
That aligns with my position. I fundamentally believe in the necessity of transparency in politics. What I don't believe in is the the necessity of government / law enforcement snooping on E2E encrypted chats.
I don't want back-channel politics, I want back-channel private conversations amongst the citizenry. If this enables some back-channel politics then that's a price I believe is worth paying partially due to the fact that the end results of political decisions and actions are, by necessity, public.
Politicians should, by policy, have their political communications recorded (not made public, but archived "just in case") since they're working for the public. Those who avoid such scrutiny should be named and shamed if it can be proven. Utopian, I'm aware.
I think we need a DNS-like service that simply hold small encrypted blobs, just big enough to contain an IPv6 address.
When you "add" someone to your list of contacts, you are giving them the key to decrypt the blob that you update with your IP.(Complications ahoy here but this is the basic idea.)
That way, people can message your phone/computer-of-choice direct with whatever E2E protocol you want. No middleman.
Then you need an app layer built on that to manage messaging, video calls, group chats etc. But that app layer could be open and free. People often like some XML based protocol from the 2000s, but as long as it is secure - whatever.
Signal is developed by a non-profit and is open source, they have a higher chance of staying independent. With the cost of cloud services dropping hopefully there is less of the back-pressure to monetise
I’ve always assumed signal was a honeypot. They publish some source code but obviously we can’t verify the actual code running on iOS or (I assume) Android devices am I right? It seems like publishing open source could be a smoke screen. When they push code to devices they could link in alternate libraries that do whatever they want. They may even be able to push special code to targeted phones, avoiding detection by security researchers.
If this is your threat model, you can sideload the app instead of installing from the app store. This way, you can verify that you have the same app as everyone else and have not fallen victim to a supply chain attack.
Ensuring you received an unmodified phone without a nefarious operating system or baseband is probably harder.
> They publish some source code but obviously we can’t verify the actual code running on iOS or (I assume) Android devices am I right?
No, they have reproducible builds.
Everything else you said apply even more to other apps, not sure why you think Signal is more suspicious in that regard. But with reproducible builds and the .apk they have on their website, you can check that the source matches it every time you update, which is not something you can do with most other apps.
Ah, I see on Android they do. Not iOS according to an open github issue since 2015.
I am suspicious of signal because everyone says "use Signal it is secure" and it is popularly known for this. Because of this reputation for security, users will get comfortable and talk about their illicit activity, which makes it an attractive target for power brokers the world over. Every app could have this problem, but Signal is the one everyone keeps saying is secure, so it's the place people will spill their secrets.
Reproducible builds on android look cool, but I wonder if there are other threat models on Android than dishonest builds of the program itself.
BTW I just learned that you can setup Amazon Smile to pay Signal - .5% of your purchases goes to them as a donation. https://smile.amazon.com/ch/82-4506840
>If/when Signal becomes big enough to be used by a lot of people
I think people (including the government) noticed it a long time ago.
From 2015:
'According to CNN, "[t]he same technology that keeps a conversation private between you and a family member also gives a safe haven to a terrorist in Syria and the person in the United States he's trying to recruit to commit an act of mass murder."'
Ajit also undid the new tariffs that were about to be implemented for jails and prisons to avoid some inmates paying $50 for a 15 minute call to their family. Fuck Ajit.
I'm all for hating on Ajit, but from a cursory look at the prison case, the FCC just never really had the jurisdiction to regulate intrastate calls and repeatedly lost in court on that question. There was already a 50 cent cap on interstate calls under Pai, and this year under Rosenworcel it's been lowered to 14-21 cents[1].
Last I checked signal still needs a phone number so that is an issue. Lots of people use smartphones with no sim hooked up and wifi only. I was using wire for a bit but my 2 contacts were forced signed out and the password and password reset does not work only option is to start a new account and now they too were asking for a phone number. So onto something else I guess.
You can have it seems a text to any number to verify so even a dumb mobile phone would work.
Though I totally agree linking an IM account with a mobile number is bad. There's benefits too like discoverability and ease of use but I prefer something where I could be anonymous and have multiple accounts.
yes, signal requiring a phone number is the problem, and the only reason why I am not using it. In the last 10 years I have lived in 4 different countries, each time switching phone numbers. It is stupid to use such an unstable number as identity. My e-mail address has remained constant during the whole time.
And I do like to have different addresses for different groups of people.
Let’s not forget the FTC hookup for Netflix by Obama and the eventual payout when he left office.
Or Ajit Pai who came from Verizon to run the FTC and undid the Obama era changes favorable to Netflix and inimical to Verizon.
——-
I hardly see any of these events as triggers for the mass migration to apps like Signal. The network effects seem impregnable for now.