The comment from the article echos my own sentiments:
> Speaking solely as a person who is really into encrypted messaging, it terrifies me that they're going to take this really clean story of an encrypted messenger and mix it up with the nightmare of laws and regulations and vulnerability that is cryptocurrency.
Moreover, there are three other points I'd add:
1. I don't like "do everything" apps like WeChat or Line. One of Signals strengths was UX that focused on it's core competency. Early in Signal's development they would add privacy features. Lately they have been adding social features. This, however, feels especially out of left field and likely to hurt the UX.
2. This smells like dev resources will be spent building and maintaining something not related to messaging.
3. I've always had a "don't let perfect be the enemy of good" rationalization that gives Signal autonomy to grow a privacy centric messaging app despite the deficits (e.g lack of federation). In contrast, I personally associate "crypto" with "scam". There have been so many shady ICOs and pump-dump schemes around crypto. This will taint the product for those of us who don't think of crypto currency as being anything more than pump-and-dump schemes and a way to buy dab rigs online.
> Early in Signal's development they would add privacy features. Lately they have been adding social features.
This is intentional and relates to Signal's growth in the past few years. It's not "a hacker tool for nerds" it's "a friendly, easy to use chat app with stickers & voice messages (also strong encryption)."
IRC does one thing and does it well, and barely anyone uses it. The "clean technical vision" story isn't enough on its own.
I love IRC but saying the IRC protocol does anything well (or is even a documented and agreed-upon protocol) is a bit of a stretch.
Otherwise, agree with the thrust of your statement. I believe getting Signal into the hands of more users is an overall net good and if stickers are the answer then get to making some stickers.
> a friendly, easy to use chat app with stickers & voice messages (also strong encryption).
Except it's not, strong encryption and privacy emphasis goes against easy to use. I recently got my family to switch to Telegram (because I like the interface) - my sister works in an environment where she has to have a separate work phone without a camera and everything synced up out of the box, history, etc. Brother lost his phone - same thing, has chat histories and everything is back to normal. I use Telegram on desktop and mobile and it synces instantly.
Compare that to Signal, you don't even sync between active devices and you can forget about having old conversations on a new device. And just to give you a scope of how important messaging history to people is (I've seen people say nobody cares about IM history) - designer from work is lugging around her Android phone year after switching to iPhone just for WhatsApp history (it doesn't sync between OS-es).
And what on earth does cryptocurrency have to do with mass appeal then?
The whole "not available in the US" messaging around MobileCoin, no doubt to avoid regulatory attention, gives this particular ponzi scheme a very nice ring.
That and a handful of early WhatsApp employees now work at Signal. WhatsApp, back in the day when they were just 30+ people, accomplished amazing feats of product and engineering given the scale and growth. I sense Signal has the ambition to outright compete with WhatsApp on most if not all fronts.
I, for one, welcome this; the larger market is asking for a privacy-focused WhatsApp alternative, and Signal could be it.
Amen to all your points. I find this really disappointing. The "yeah, but they are a non-profit so you can be assured they are good custodians of the product" no longer goes for me.
Crypto integration was one of the things that arguably killed Keybase for a lot of users, and damaged trust. Given that trust is the selling point for these type of services, I really hope Signal don't lose it.
Yeah, it was a disaster for Keybase IMO. My messaging tools are already valuable enough to me, the last thing I wanted was a reward on hacking it. When keybase did their Stellar drop, I didn't activate it and it was just a nagging option in the UI forever.
I don't like using SMS for 2FA because it encourages people to social engineer the phone company to port the victim's phone numbers. I wouldn't want crypto in my messaging app for a similar reason.
Right now hacking a user's Signal account means you get some txt messages. Big deal. With payments there is now real reason to try to hack Signal accounts because some percentage of them will contain money.
The counter argument would be seeing the success of WeChat in China and wanting to reproduce that success AND expecting that if they don't do it someone else will do it and take their market.
Whether that's true or not I don't know but if I believed it was true then your arguments wouldn't matter since I'd believe not doing it is an existential risk.
If that is their thinking, then they are quite naive. Comparing WeChat's success in tackling payments with a crypto-based attempt is laughable. WeChat is using real money, and it has explicit official endorsement by the state - an extremely powerful state at that in terms of internal control.
In contrast, any crypto-currency based solution will be inherently distrusted, and few if any states will endorse it. It is more likely to be actively discouraged by many states, and the crypto support may well end up as a pretext to ban Signal on economic rather than censorship grounds.
> the transfer of cryptocurrency is the same as the transfer of generic messages
Technically, yes. Legally and sociopolitically, no.
And if you intentionally muddle the data streams, that brings the full force of anti-money laundering, tax evasion and terrorist financing law against you. It gives almost any government a free pass to do what it wants.
Freedom to speak privately is, in most democracies, popularly recognised as a right. Freedom to pay using dark money is not. Attaching the second to the first weakens both.
I'll tell you one way it's not, is as soon as someone commits a crime who happens to use Signal and the media gets ahold of this. It'll be a circus with terms like "dark webv and wha not thrown arohnd. GPs point #3 is kind of important for their reputation and if we want to onboard more people into crypto messaging.
Transferring cryptocurrency between different people (with the exception of spouses) is an asset disposal that is subject to capital gains tax in the UK. It doesn't matter what, if anything, you get in return.
I don't know how will it play out for Signal in countries which have banned or are planning to ban crypto as a currency. RBI had issued policy to banks to stop providing banking services to people/organizations holding/trading in crypto. Though the blanket ban was invalidated by the supreme court after two years, but using it as currency is against Indian Law and the government is working on a new law to further restrict it (read legalizing RBI policy to a great extent as I understood) .
In such cases, Signal could easily be banned in such countries outright.
The "scam" is using payment systems that allow their owners, controllers, or just hackers to spy on every single transaction on earth, accessing all your past present and future economical activity on demand. Not even the worst dictatorships of centuries past ever dreamt of such awareness and control.
The promotion of pseudonymous and anonymous digital payment systems such as cryptocurrencies is vital to a healthy and functioning society.
I can't really see how a craptocurrency attached to a messenger provides any sort of pseudonymity. If I can send money to you, I can later identify you in a ledger, which simply means I need to find some reason to converse with you and it's game over. If the ledger isn't public, you're back under corporate or Government control.
What about using Wickr as an alternative to Signal.
What all these "tech" companies tend to do is to exploit a captured audience. They are generally not focused on doing one thing well (producing a product or providing a service), they are more focused on building a following and then doing with those users whatever they like. One of the most blatent examples of this line of thinking is Microsoft's acquisitions. They acquire companies in order to get access to users. The "technology" is secondary. Another example is WeWork. They started introducing WeEverything. The product or service being offered is what is important. It could be anything. Instead the focus is on building an audience and exploiting that captured audience. One can apply this analysis to almost any "tech" company. "Growth" is the number one focus. No one really cares about what it is the company purports to be selling.
## Linux
### Linux Requirements
- CMake 3.1 or higher
- Clang
- OpenSSL => 1.0.2 (Optional)
### Linux CMake Configuration
The linux build can be configured using the standard CMake flow with a few options
```
mkdir build
cd build
cmake -DBUILD_OPENSSL=true \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=USER_INSTALL_LOCATION ../
I can accept a definition of scam that includes fiat. Though it definitely doesn't track the same way with cryptocurrency.
I associate nootropics with scams but I definitely don't think all nootropics are scams. If someone said, here buy this pill that will make you smarter I'd be incredulous.
My point was cryptocurrency has a deserved bad reputation (for the reasons I mentioned).
I love the lofty ideals but the reality is the altcoin world especially is a minefield of scams. That reputation will hurt a messaging app that has done a pretty good job of building good will.
There are 250 million units of mobilecoin, and majority of them are owned by the founders. Only 37.5 million have been distributed. With current price ($65), they're worth $14B already. This makes the project a scam and impossible for it to work as a reliable money that holds value. Bitcoin had no pre-mine and has been fairly distributed from the start.
The founding organization owns 85% of the total market cap of a coin? That should be raising red flags for everyone involved.
There is no valid reason for the vast majority of what is supposedly a currency to be owned by the company that created it. Imagine if PayPal launched but required everyone to transact in fractional shares of PayPal to get anything done. Oh and by the way, those shares are majority owned by the founders, but they’ll sell you some so you can send them to your friends.
Of course, it's totally centralized. The 'cryptocurrency' marketing just exists as a regulatory dodge.
So far this scheme has worked out fine for the original creators of Ripple-- who've extracted hundreds of million selling their massive premine to an ignorant public, then abandoned the original and did it again. What we're seeing from signal now is just a third generation of the same scheme, preempting the ripple founders from doing it again (or maybe they're involved behind the scenes, who knows?).
So long as there seems to be no consequence except a massive windfall (SEC fines against ICO/premines have tended to be a fraction of 1% of the funds raised), it's unsurprising to see them continue.
The fact that it may kill one of the more useful secure messaging apps as a side effect? Welp. This is why we can't have nice things: Collectively, we're better at funding borderline scams than public goods.
Can you spell out why is that fundamentally bad? I'm asking in good faith not to be oppositional, apologies if its a stupid question.
But if you were buying shares in a company it would not matter if most the shares were held by the company (as long as there is enough liquidity to sell your shares in future).
Why is it different with the currency? I get that its making the founders rich so perhaps they have greedy intentions, but why does this inherently undermine the validity of the currency?
Agreed. I was half expecting this was going to be using Monero, one of the more popular privacy-oriented cryptocurrencies I know of that's already being used.
E.g. the only cryptos I've seen people accepting on dark web markets are Bitcoin and Monero.
All calculations of this sort are fatally flawed because they assume all the coins in one address are owned by one person. That would be like calculating the US Gini coefficient assuming that all bank accounts are owned by the CEO of the bank.
A system which is 12 years old, of which many people have not heard about, don't understand, or may not even care to understand. In some countries its illegal to use. Most countries have unfriendly tax treatment (capital gains on your coffee purchase). Can't be paid in it. Can't yet pay your federal taxes in it. Uncertain if the government will one day ban it.
No “pre-mine” doesn't mean fairly distributed. Bitcoin is a multi-level marketing pyramid scheme as well. Early adopters mine or buy large proportions at negligible prices while late adopters mine or buy negligible proportions at large prices.
By this definition, every company stock is a multi-level marketing pyramid scheme.
In fact, company stock is WAY worse, because the majority of people are legally prohibited from investing in private companies unless they're an accredited investor (already rich). So, only rich people (other than founders and early employees) are allowed to buy in at super low prices before handing off the bag to the public.
The gold and oil rushes weren't "fair" either. Fortune favors the bold, I guess. I was salty for a long time about bitcoin early buyers being filthy rich now. My saltiness clouded my vision of the real value there. Granted, I think there are better solutions than bitcoin now, but I respect it.
By that definition, any stock or collectible is a "multi-level marketing pyramid scheme". A multi-level marketing or pyramid scheme is not defined as anything where early adopters might have purchased it at a lower price than later adopters.
the integration with signal made the valuation of mobilecoint jump from around zero to 65$. I hope the signal team got some mobilecoins in return for the favor.
It's in the whitepaper. There are 250 million coins in total, and 37.5 million were sold in the ICO. I couldn't find any information on further distribution or monetary policy, so I assume the founders still hold them.
That's not what pre-mine means. As for "fairly", that's debatable because it's unclear what "fair" means. Should everyone on earth get the same amount? That would be the most "fair". How would the logistics of that work, for a cryptocurrency? What about all the people born after 2009?
Long-time Signal user here, with a number of technical and non-technical friends, colleagues and acquaintances who also use it. I don't know who was asking for this. And I think it really dilutes Signal's message.
I believe that everyone has a fundamental right to secure, private communication. Some people may hold the same belief for the right to transfer funds. I don't agree and I suspect many others feel the same. That tension alone makes this look like a bad decision to me.
This kind of anti-feature is not what I signed up for. I just wanted a secure messenger normal users could understand! It seems like a simple enough problem that Signal solved well (apart from the phone number requirement).
Sadly, now it feels like Signal was just a long game trojan for Marlinspike to onboard users to a cryptocurrency pyramid scheme. This has nothing to do with its core functionality and it makes me question the developers' motives.
I've wasted my influence with my non-technical friends convincing them to adopt Signal, and I don't forsee convincing them to switch yet again to something different.
The state of secure messaging is really bleak. I wish Matrix had an IM-style client that was decent enough for non-technical users to adopt.
> I've wasted my influence with my non-technical friends convincing them to adopt Signal, and I don't forsee convincing them to switch yet again to something different.
This has bitten me before. Now I'm thinking that every recommendation and suggestion to adopt must come with a "for now this is the best way to do it, but it will probably change again". And somehow try to prepare the non-technical people for that.
> The state of secure messaging is really bleak. I wish Matrix had an IM-style client that was decent enough for non-technical users to adopt.
See Element [1] which uses Matrix [2]. It feels like IM, and is super simple to onboard new users. I'm not involved with it, but I'm a huge fan of the Matrix ecosystem.
If you want group chats to be mixed in with 1-1 chats, try SchildiChat [3], a fork of Element.
> This kind of anti-feature is not what I signed up for.
At the risk of sounding like a Signal simp: don’t use this feature if you’d don’t like it? I have no idea whether this is a good or bad idea, I figure the proof of the pudding is in the tasting and I haven’t had a chance to try the signal payments feature, but I’m willing to extend the benefit of the doubt here at least as far as “I’ll withhold judgement til I can try it for myself.”
I really don’t get the ire on this. I think it’s good that whisper systems is forward looking and trying to be innovative and dynamic and go where users are rather than just sit around waiting to become irrelevant. Not all experiments or risks will pay off but that doesn’t mean risks and bets are bad.
How does the ability to transfer "points" from one number to another, remove from the messaging features?
Is it really that hard to imagine unobtrusive UI that makes this as optional as sending GIFs, stickers or location data? Or did the later features already kill Signal for you?
I don't know what who was asking for this either, especially when what I consider to be core features are still missing.
Signal for iOS still doesn't support message backup like the Android version.
And Telegram introduced a feature to import old Whatsapp chats into new Telegram conversations, a form of "backup". This was great when I was migrating away from Whatsapp, and made the decision between Signal and Telegram easy for casual conversations where encryption wasn't a priority.
> I believe that everyone has a fundamental right to secure, private communication. Some people may hold the same belief for the right to transfer funds. I don't agree and I suspect many others feel the same.
What are the arguments?
Don't you think that as data becomes more and more valuable, "freedom of transaction" is a natural evolution of "freedom of communication"?
In an environment where only "legally valueless" data circulates freely, the few entities that are actually able to monetize this data become gigantic monopolies (Google, FB, ...), while most individual parties are either forced to play by their rules (Youtube, Patreon, ...) or filtered out by startup costs.
My view is that the public in general has a right to universal services that can realistically only be delivered through taxation. That right needs to be balanced against the right to transaction privacy. It's one thing to say that friends should be able to send money to each other privately; it's another to think about bank settlements and international flows of large sums of money not being visible or auditable.
The whole issue is a real minefield and I don't have a firm stance. And obviously the fiat money system has gaps and flaws there too. I'm sure much of the HN audience would disagree with me here from a libertarian point of view. But I think it's safe to say that the issue of transaction privacy & freedom is not as straightforward as that of speech (which itself is really not that simple).
This is rather terrible news. On the other hand; there's no technical reason someone (like, say the EFF) couldn't fork the client and server - and establish a new signal network - maybe drop the need for phone number registration as well?
Communication platforms like Signal live or die by network effects. If payment is incorporated as a first class citizen into other platforms, Signal would need it as well to maintain its network - just like it would need the capability to transfer photos or other non-textual items.
Signal is still centrally controlled and compiled by a single entity and distributed only in an unsigned insecure form or in a signed/verified manner only if you give up your privacy to install with Google Play or the Apple store.
Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical. Moxie has stated he will not support anyone but his team compiling or distributing Signal binaries so third party signed builds via privacy focused app stores like F-Droid are out. All builds must also use Signal centralized servers even though that centralizes TCP/IP metadata, etc.
Not to mention you need to show government ID to get a SIM to use the Signal wallet for said private currency/messenger in 200 countries.
Secondly having a decentralized currency whose servers can only run on Intel machines with Intel SGX is a very centralized supply chain as well.
A single supply chain attack on Intel microcode or related SGX updates could run malicious code and game over for the currency globally? A government that sees MobileCoin as a threat could make Intel do this.
With a SPOF on the supply chain of the only client people are expected to use and another SPOF on the only hardware enclave people are supposed to use for servers... decentralized is technically true but not used in the same way as most other projects that use that word.
I will keep an eye on this experiment though, because there are some unique ideas here which could have value should your trust anchors expand beyond Intel and Signal.
> distributed only in an unsigned insecure form or in a signed/verified manner only if you give up your privacy to install with Google Play or the Apple store.
> Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical.
You may be missing the subtle point - the APK provided is the same one from Google Play, which includes the Google SDK encumbered libraries (links? hooks? features?). If you run a libre device without the Google Play store (non-Google android build) then the software cannot function. The code for the client is open source, but the act of compiling it against the required Play store libraries encumbers the final binary. F-Droid requires that all code compile without the Google SDKs in order to be hosted (IIRC).
> Not to mention you need to show government ID to get a SIM to use the Signal wallet for said private currency/messenger in 200 countries.
There are less than 200 countries in total, unless you get very creative with states that are arent recognized more more than a handful of other countries, like Abkhazia or Transnistria.
You also dont need ID to buy SIM cards in the US, so I'm curious on how valid this assertion is.
The OP is broadly right. You now need to show ID to buy a SIM in many EU countries and beyond (e.g. Chile, Russia or Senegal). A copy of the ID is given to the state in order to link your identity to the SIM card. Even if you bought a prepaid SIM before this policy or law came in, when you top up the mobile provider may pressure you into paying online or by card instead of cash, so that your identity can be linked to the SIM through your payment.
I do wonder how long the US (or, for example, Finland) will remain a holdout in this regard.
To get counts, I also analyzed the table in the annex; it lists exactly 200 countries (checking each of them, that's because in addition to 193 UN members, it includes two non-member countries: Kosovo and Taiwan, and five other non-countries: French Guiana, Greenland, Hong Kong, Macao, Svalbard).
Of these, 34 are listed as "SIM registration not mandated" and further 7 are listed as "SIM registration under consideration", the rest are "SIM registration mandated", i.e. 159 countries.
Basically the whole world requires it except for North America/UK and a few smaller countries mostly in Europe. Also notable that countries without ID requirement mostly happen to be the ones with very low prepaid SIM penetration (see the map on page 6 [page 8 of the PDF]) so their unidentified SIM usage is presumably low anyway, though it remains a possibility in those countries.
Edit: Sorry, 6 are listed as "State of SIM registration inconclusive" which I have missed, so "SIM registration mandated" count should be 153.
In the past two countries I lived, it’s currently impossible for an individual to get a SIM card that can do voice or SMS without government ID and being a resident. Data-only SIMs can be bought for cash easily, but that doesn’t help you with Signal.
The same goes for virtual/VoIP numbers. No skypein etc.
Even in the US, the identity of most subscribers are known to the mobile operator.
It's a regulated market, so should the need arise to keep the identity of all subscribers in the future, it is likely not much more than a counter-terrorism-related law away.
> Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical.
Particularly because the software is timebombed and stops working after a while (and also blocked on the server side if you bypass the client side timebomb).
The problem is: Signal already relies on SGX for lots of other features (Signal PINs & Secure Value Recovery, contact discovery etc. etc.) and these depend on SGX working as advertized.
Feature bloat is one of the worst things for a security conscious product. The more features, the more attack vectors. Nobody asked for payments in Signal. Where did this idea come from? It was never put forward prior to this, it was never on the road map. That only makes me even more suspicious of this decision, which leads to my second point...
MobileCoin has all the appearances of a scam. 85% of the coin is owned by the creators. The price rapidly shot up at the end of March. The social media of the developers was posting rubbish for a long period of time. There was no mention of this collaboration beforehand. This has all the hallmarks of a pump and dump. Have the Signal devs been duped? Or are they wanting to cash in on Signal's rising popularity?
Anybody at all with an interest in Signal needs to let the foundation know that this Beta needs to be scrapped, and that payments should never be added.
The UK already has faster payments in all major banks. I can send and receive money instantly from app or Web. Will yours be as fast as that?
The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
There's no cost to sending payments on most mainstream banks. How much do you charge?
Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
This was my question too. I don’t really understand why the U.K. was chosen as the initial market. At least in the U.S. people are used to venmo and suchlike being services they might use. My guess is that either the cryptocurrency people are based in the U.K. or that whoever is in charge is viewing the country as something like America but easier to get started (anglophone but smaller market for testing or easier regulations or less competition) however I don’t think the U.K. is a good substitute for America in this case.
The one venmo-like thing people do use a lot in the U.K. is probably something like revolut for dealing with different currencies and international transfers (either for travel in Europe or for migrant workers sending earnings abroad for family or retirement). But a service that’s only available in the U.K. isn’t much use for that.
I also personally don’t really see the privacy use. I think I’m willing to give up a reasonably large amount of private information about the people on either side of a transaction if it is effective at reducing fraud and making transactions reversible.
America has AML and KYC and running an exchange that allows trades which dodge those requirements is a great path to men in black suits knocking on your door.
Not really. Someone steals money, sends them to you, your are having lots of trouble proving you are not an accomplice. If you are a government official, you can be framed as receiving a bribe.
In russia government can send your organisation money from abroad via an agent and then shut you down as a 'foreign agent'.
Accepting unwanted money from someone can have serious consequences in many cases. In some cases it is illegal - for example, accepting certain types of political donations.
In cases where you've been sent unwanted money your obligation is typically to return it, but that specific type of use-case is often not considered when people design things. If you end up in a situation where anyone can send you money and you can't return it, you're in big trouble because the sender might be causing you to unintentionally get involved in a violation of the law and leave you without any method to undo it.
> Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
First time I read about that, how does this work in practice? A person regularly sends you small amounts such that all you see is their name whenever you log into your bank account?
Amongst other things it's a way to set up a narrative regarding some other fraudulent activity.
If you were regularly recieving money from someone, then it looks like you're in business with them - and you'd have a hard time pricing you're not if they then staged some other activities (i.e. shipping you stolen goods, which they then have stolen from your doorstep by an associate).
>>The UK already has faster payments in all major banks. I can send and receive money instantly from app or Web. Will yours be as fast as that?
A: MobileCoin is as fast (or faster in some cases) than a bank payment in the UK with greater privacy. As far as settling back to Fiat, if that's what you're asking about, the velocity of that depends on on-ramp and off-ramp integrations which will come over time (but it looks like there's no reason MobileCoin can't help developers deliver payments at the same speed as banks).
>>The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
A: Payments on MobileCoin cannot be reversed at the protocol level. If you want escrow and reversibility, you should use a wallet or payment service that supports those primitives. We believe that developers will build such services on top of the foundation of the MobileCoin protocol.
>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.
>>There's no cost to sending payments on most mainstream banks. How much do you charge?
A: Fees are set by the foundation (which has a stated goal of keeping transaction fees to around $.04 when the network isn't congested). Currently fees are higher as they need to be adjusted by a foundation vote.
>>Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
A: Signal doesn't allow people you haven't keypaired with to send you funds. If you have accepted a message request from someone, they can send you money.
Heads up, it would be useful on HN if you were to disclose your affiliations / interests when posting, especially about something like a cryptocurrency you helped design.
It gives readers a better sense of your ability to answer the questions accurately, in addition to letting people make assessments based on the potential conflict of interest.
Also, responding here and inviting discussion on a technical level is possibly the best thing you can do for perception of Mob, because this is a forum where those questions are likely to get asked.
Edit: I see you've done that in another post on this thread. Since we don't have anything like flair it would also help people who don't read the whole thread.
Who is in the foundation and what does the governance look like? Is there a plan to expand governance to the community?
I know the next question is signal specific but do you have any details on how they'll maintain privacy for pegging which is likely just to require an on/off ramp. Surely this is just no better if the majority of transactions have an associated log on an exchange?
I haven't made up my mind regarding the payments feature yet but yeah, what's up with the server code? Why hasn't it been updated in over a year?[0]
Also, why do the Signal developers trust SGX so much and have stayed completely silent about SGX vulnerabilities – even when the cryptographers whose quotes they used to put on the signal.org home page[1] are increasingly critical?[2]
Finally, why is there no open communication about major events like the Signal PIN UI fuckup last year or the server issues earlier this year? Foundation or not, if no communication is happening and they're not demonstrating that they're capable of openly admitting mistakes and learning, they're not gaining the trust of anyone.
Don't get me wrong, I've been a die-hard fan of Signal since the early TextSecure days and have convinced > 100 people to switch but I'm starting to have a bad aftertaste and some of my friends (equally big Signal fans) are, too.
EDIT: Looks like the Signal server repo[3] was updated today, as this article[4] (in German) attests to. I had last checked the repo this past weekend. I suppose the repo hadn't been updated to keep the MobileCoin thing secret but I do wonder: Why not simply create a private branch instead of risking one's reputation for openness?
the usage of SGX here is to protect against a fairly benign adversary: Signal themselves. The alternative to using SGX in these situations is to hand over the data in the clear to Signal servers.
I regret finding out Signal uses recaptcha in its welcome screen, and sets the Google PREF cookie permanently in the App's Cache.
Traceable by Google every time you open the App... and using Google's Backup service to store the private keys unencrypted. Well, so much for E2EE.
This combined with what went on with LibreSignal and legal threats from moxie made me realize it's just a company selling privacy claims without proof.
(if you don't think this is true, use AppWarden or decompile the APK. Play Services, Firebase and Recaptcha are still integrated years after LibreSignal was forked.)
You're making very strong claims here. Signal regularly goes the extra mile to protect their users from 3rd-party tracking (by Giphy[0, 1] etc.) and, as they noted on GitHub at some point, they also consciously decided against UI/UX tracking and error reporting because they did not want to give off the impression that they themselves are surveilling their users. And now you're telling us that they deliberately included tracking by Google? That doesn't seem likely.
> Google PREF cookie
The PREF cookie is for Google's safe browsing feature. How on Earth would that find its way into Signal? (I doubt the link preview feature uses that, given how much effort they put into making sure they get it right[2].)
> Traceable by Google every time you open the App...
How so? AFAIK the Signal app doesn't connect to the Google servers directly (reCAPTCHA aside – I have yet to see it in Signal but even then it would be a one-time thing), so even if the cookie existed, it wouldn't get transferred anywhere. The Firebase Cloud Messaging library / Google Play Services on your phone do connect to Google but they carry unique identifiers, anyway (or otherwise push notifications would not work). If you don't want that, use a phone without all the Google stuff – Signal works fine without it (though it might need more battery).
> and using Google's Backup service to store the private keys unencrypted
Could you provide a source that's more accurate than "decompile the APK" or "read the source code"? AFAIR the app's database is encrypted at rest by a key in the phone's hardware key store precisely because the Signal developers did not want Google Backup to get access to the app's data. (Which is why they ended up rolling their own backup solution.)
> This combined with what went on with LibreSignal and legal threats from moxie made me realize it's just a company selling privacy claims without proof.
What legal threats? (I'm familiar with the discussion but I have yet to see Moxie threatening anyone.)
I didn't understand the hysteria about Whatsapp to begin with. Yes, Facebook doesn't exactly have great brand recognition but by all indications the TOC change didn't even actually change anything for individual end users but people kept bugging me about switching to Signal.
Compared to the ICO crypto shenanigans of Telegram and now this I don't see a reason to switch. People also kept trying to get me to use Brave instead of Chrome, and the first time I opened it there was crypto advertisement everywhere.
That's how I felt the moment they insisted on storing user's personal data (contacts, name, photo, phone number) in the cloud with no way to opt out of the data collection while also being very vague and elusive about it all in their communications. I'm feeling more and more justified in moving off Signal as time goes on. Jami had better stay good.
That would only compromise metadata as signal is e2e encrypted and the client has always been opensource and up to date.
All the SGX stuff is about making metadata more private for features that absolutely must be done serverside. So a compromise in SGX is more an issue if Signal itself becomes adversarial or gets compromised. Most services only rely on this for security and don't use things like SGX to hide things from themselves.
I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
Hi,
I still have to read the docs more thoroughly, but given that these HN threads die out quickly, I'd rather ask now that I have the chance, so forgive me if some of these are answered in the docs:
1. how does MobileCoin make money?
2. how many coins do you / does MobileCoin own?
3. related to that, are there mechanisms in place to prove that this is not a pump and dump? Or simply, how do I know it's not one and it's here for the long-term?
4. what's the threat model of the blockchain you're using? E.g. for Bitcoin, the chain is compromised once 51% of the hashing rate belongs to collaborative evil miners (as a rough approximation). What about MobileCoin? When would something bad happen? How is it prevented?
5. how does MobileCoin compare with privacy-oriented cryptocurrencies such as Monero?
P.S.: you might wanna add a F.A.Q. section somewhere for the questions I've mentioned and the others in this HN thread, right now we either have to blindly trust the claims on https://www.mobilecoin.com/ or going through the 133 pages of https://github.com/UkoeHB/Mechanics-of-MobileCoin, there should be some intermediate tech documentation (or does it exist already?)
1) MobileCoin will build a payments ecosystem around the protocol.
2) I have to check with the lawyers on whether we can disclose exact amounts, but our intention is to own a small minority of coins over the long term. We want the supply to circulate.
3) I don’t know how to prove this other than to tell you that MobileCoin is here to stay. You’ll know us by our deeds.
4) the threat model is 100% of nodes being compromised with an active attack against SGX. If there is even a single honest machine, the network will scream on any fault.
5) MobileCoin is fast and privacy-protecting (and it works on mobile without consuming tons of energy). There aren’t any other cryptocurrencies that presently fit that bill.
Can late MobileCoin adopters buy the same amount of coin for the same price as early adopters or is it a multi-level marketing pyramid scheme like the rest of the crypto“currency” greed and spam inducing cesspool?
MobileCoin is already liquid on multiple exchanges so the coins would just be purchased at whatever the market price is. It also doesn't make sense for late adopters to get the same price because there's a lot more risk associated with being an early adopter than a late adopter. This works both ways — if something bad happens to MobileCoin that tanks the price late adopters would be able to buy at a cheaper price because the new information gets priced in.
My question, to both you and (especially) Moxie: Why do you trust Intel SGX so much (for Signal but now also MobileCoin)? Why are you not worried about vulnerabilities? As you're surely aware, even Matt Green who is/used to be(?) the biggest fan of Signal[0] is very concerned[1] about SGX. I don't question your intentions but the fact that Signal as an organization has stayed completely silent about this is… worrisome and at the very least taints its reputation of openness and trustworthiness. With MobileCoin now relying on it, too (more or less), this only seems to be getting worse.
Elsewhere[1] in the thread it's been claimed your organization owns 85% of the total market cap of this coin. Can you speak to this? Is it true or not? If not true, what is the correct percentage? How much is left?
Thanks for answering questions, it's nice to see that MobileCoin shares so many similarities with Monero with changes that seems to make decent tradeoffs for usability. I have a few questions:
What is the identity and distribution behind the current mobilecoin nodes? What are the requirements for running a node? Since there is no node rewards how will nodes funded in the long term (10+ years)?
Does mobilecoin employ something similar to Dandelion++? What prevents nodes or those running fog from performing timing based attacks? Is mobilecoin suseptable to any other attacks (e.g. Poisoned output, subaddress association)?
How will the mobilecoin foundation and continued development be funded in the long term (10+ years)?
If SGX is found to be vulnerable/no longer fit for purpose is there a mitigation plan?
I don't run anything related to the protocol. The protocol governed by the MobileCoin Foundation, an independent board of directors. The foundation makes recommendations about how the network might behave, but ultimately it's up to the node operators to decide what code they run.
Assuming an attacker fully compromises SGX for machines under his physical control (e.g. can execute arbitrary code inside an attested enclave), what can the attacker do/what security properties of MobileCoin break?
I know Moxie seems to put near-complete trust in SGX, but many security professionals don't.
Hi Josh! Why does nothing, in plain English, explain why MobileCoin should be used over another decentralized digital currency that exists? For example, if I look at your GitHub [0], the first FAQ item is about Intel SGX, and the overview is just...a blockchain overview.
Why does it make sense to integrate MobileCoin into anything? Why not use Monero or zCash? Sure, you can definitely explain this to me, but nothing explains that to general people on your GitHub page. Same thing on your foundation page, which simply has logos and "Private Payments for everyone" [1].
I've spent a lot of time working on blockchain and perceptually, it feels like you're trying to sell snake oil here. For example, the mechanics paper [2] starts with "Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic." Cryptography is a tool. What's obscure about it? People are using it right this second. Why is it esoteric?
The paper then continues with a brief overview of 'blockchains' (why the scare quotes?). In the same paragraph, it states that the purpose of blockchains is that "no piece of money can be duplicated or created at will" but this is only one of many points of the entire point of a blockchain. Why does it not explore other facets of blockchains if the goal is to be introductory?
Then, in the fifth paragraph, the paper remembers that people may not be reading this for the first time with no experience, and suddenly jumps up to 11, with this paragraph. Note, this paragraph is one single 91-word jargon-filled sentence:
> MobileCoin is a standard one-dimensional directed acyclic graph (DAG) cryptocurrency blockchain, where blocks are consensuated with an implementation of the Stellar Consensus Protocol, transactions are validated in SGX secure enclaves and are based on elliptic curve cryptography using the Ristretto abstraction on curve E25519, transaction inputs are shown to exist in the blockchain with Merkle proofs of membership and are signed with Schnorr-style multilayered linkable spontaneous anonymous group signatures (MLSAG), and output amounts (communicated to recipients via ECDH) are concealed with Pedersen commitments and proven in a legitimate range with Bulletproofs.
While I want to assume good faith here, I find that the blockchain community often has a history of attempting to "smooth over problems" with lots of jargon and hoping for the best. This sentence, when run through Hemingway [3], gives it a post-graduate reading level. But that's not anything about the cryptography: the paragraph/sentence is simply unreadable to most people. It serves no purpose in the middle of this section.
While I'm sure you'll mention that this is a preview document, you're pointing people to it as the primary resource for people to learn "how the whole thing fits together."
Other warning signs that make me wary are everywhere.
The foundation about page has the Intel, Azure, and IBM logos under a "powered by" footer [4]. The meaning is ambiguous, and the intent is clear: you want to use these big tech company logos, because they're recognized. Yet, this is the exact same thing companies do when they're sponsored by other companies. To the untrained eye, these are indistinguishable things. Is MobileCoin sponsored by Intel, IBM, or Azure? If not, you should remove the logos. It feels like a "trust play." You're not linking to any sites or providing any information as to your relationships with these companies, but it seems like you just have cloud services with Azure and IBM, and use Intel SGX.
There's a typo on the "Foundation Trusted Nodes" page (two words slammed together): "MobileCoin Consensus is built on trust relationships between individuals and organizations who are running MobileCoin Consensus Validator Nodes.Determining" [5].
So, I suppose, if I had a question, it's: why, in all of this documentation and all of the websites that you've linked to, is there not a single "you should use MobileCoin over Monero and zCash because of ..." comparison? Why does it seem more like it's interested in propping itself up and being trustworthy, rather than conveying details about how it's superior to its competition for mobile payments?
Readit News
> Speaking solely as a person who is really into encrypted messaging, it terrifies me that they're going to take this really clean story of an encrypted messenger and mix it up with the nightmare of laws and regulations and vulnerability that is cryptocurrency.
Moreover, there are three other points I'd add:
1. I don't like "do everything" apps like WeChat or Line. One of Signals strengths was UX that focused on it's core competency. Early in Signal's development they would add privacy features. Lately they have been adding social features. This, however, feels especially out of left field and likely to hurt the UX.
2. This smells like dev resources will be spent building and maintaining something not related to messaging.
3. I've always had a "don't let perfect be the enemy of good" rationalization that gives Signal autonomy to grow a privacy centric messaging app despite the deficits (e.g lack of federation). In contrast, I personally associate "crypto" with "scam". There have been so many shady ICOs and pump-dump schemes around crypto. This will taint the product for those of us who don't think of crypto currency as being anything more than pump-and-dump schemes and a way to buy dab rigs online.
This is intentional and relates to Signal's growth in the past few years. It's not "a hacker tool for nerds" it's "a friendly, easy to use chat app with stickers & voice messages (also strong encryption)."
IRC does one thing and does it well, and barely anyone uses it. The "clean technical vision" story isn't enough on its own.
Otherwise, agree with the thrust of your statement. I believe getting Signal into the hands of more users is an overall net good and if stickers are the answer then get to making some stickers.
Except it's not, strong encryption and privacy emphasis goes against easy to use. I recently got my family to switch to Telegram (because I like the interface) - my sister works in an environment where she has to have a separate work phone without a camera and everything synced up out of the box, history, etc. Brother lost his phone - same thing, has chat histories and everything is back to normal. I use Telegram on desktop and mobile and it synces instantly.
Compare that to Signal, you don't even sync between active devices and you can forget about having old conversations on a new device. And just to give you a scope of how important messaging history to people is (I've seen people say nobody cares about IM history) - designer from work is lugging around her Android phone year after switching to iPhone just for WhatsApp history (it doesn't sync between OS-es).
The whole "not available in the US" messaging around MobileCoin, no doubt to avoid regulatory attention, gives this particular ponzi scheme a very nice ring.
I, for one, welcome this; the larger market is asking for a privacy-focused WhatsApp alternative, and Signal could be it.
I don't like using SMS for 2FA because it encourages people to social engineer the phone company to port the victim's phone numbers. I wouldn't want crypto in my messaging app for a similar reason.
Right now hacking a user's Signal account means you get some txt messages. Big deal. With payments there is now real reason to try to hack Signal accounts because some percentage of them will contain money.
The counter argument would be seeing the success of WeChat in China and wanting to reproduce that success AND expecting that if they don't do it someone else will do it and take their market.
Whether that's true or not I don't know but if I believed it was true then your arguments wouldn't matter since I'd believe not doing it is an existential risk.
In contrast, any crypto-currency based solution will be inherently distrusted, and few if any states will endorse it. It is more likely to be actively discouraged by many states, and the crypto support may well end up as a pretext to ban Signal on economic rather than censorship grounds.
It is overall a disaster of an idea.
It's only when you're transferring them back to dollars/yuan/yen/etc. that it's suddenly currency from a government.
Technically, yes. Legally and sociopolitically, no.
And if you intentionally muddle the data streams, that brings the full force of anti-money laundering, tax evasion and terrorist financing law against you. It gives almost any government a free pass to do what it wants.
Freedom to speak privately is, in most democracies, popularly recognised as a right. Freedom to pay using dark money is not. Attaching the second to the first weakens both.
In such cases, Signal could easily be banned in such countries outright.
The promotion of pseudonymous and anonymous digital payment systems such as cryptocurrencies is vital to a healthy and functioning society.
What all these "tech" companies tend to do is to exploit a captured audience. They are generally not focused on doing one thing well (producing a product or providing a service), they are more focused on building a following and then doing with those users whatever they like. One of the most blatent examples of this line of thinking is Microsoft's acquisitions. They acquire companies in order to get access to users. The "technology" is secondary. Another example is WeWork. They started introducing WeEverything. The product or service being offered is what is important. It could be anything. Instead the focus is on building an audience and exploiting that captured audience. One can apply this analysis to almost any "tech" company. "Growth" is the number one focus. No one really cares about what it is the company purports to be selling.
I associate nootropics with scams but I definitely don't think all nootropics are scams. If someone said, here buy this pill that will make you smarter I'd be incredulous.
My point was cryptocurrency has a deserved bad reputation (for the reasons I mentioned).
I love the lofty ideals but the reality is the altcoin world especially is a minefield of scams. That reputation will hurt a messaging app that has done a pretty good job of building good will.
There is no valid reason for the vast majority of what is supposedly a currency to be owned by the company that created it. Imagine if PayPal launched but required everyone to transact in fractional shares of PayPal to get anything done. Oh and by the way, those shares are majority owned by the founders, but they’ll sell you some so you can send them to your friends.
This is ridiculous.
So far this scheme has worked out fine for the original creators of Ripple-- who've extracted hundreds of million selling their massive premine to an ignorant public, then abandoned the original and did it again. What we're seeing from signal now is just a third generation of the same scheme, preempting the ripple founders from doing it again (or maybe they're involved behind the scenes, who knows?).
So long as there seems to be no consequence except a massive windfall (SEC fines against ICO/premines have tended to be a fraction of 1% of the funds raised), it's unsurprising to see them continue.
The fact that it may kill one of the more useful secure messaging apps as a side effect? Welp. This is why we can't have nice things: Collectively, we're better at funding borderline scams than public goods.
more of the same cryptocurrency themes:
1. decentralization for Thee and not for Me
2. regulated by math.... aaand the developers' / founders enormous, unaccountable and unilateral leverage over liquidity.
E.g. the only cryptos I've seen people accepting on dark web markets are Bitcoin and Monero.
[1] https://blog.dshr.org/2018/10/gini-coefficients-of-cryptocur...
In fact, company stock is WAY worse, because the majority of people are legally prohibited from investing in private companies unless they're an accredited investor (already rich). So, only rich people (other than founders and early employees) are allowed to buy in at super low prices before handing off the bag to the public.
the integration with signal made the valuation of mobilecoint jump from around zero to 65$. I hope the signal team got some mobilecoins in return for the favor.
except for that giant cache of untouched (so far) bitcoins from the start.
> Blockchain analysts estimate that Nakamoto had mined about one million bitcoins before disappearing in 2010
https://en.wikipedia.org/wiki/Bitcoin#Creation
https://mixin.one/assets/MobileCoin-Whitepaper-EN_FINAL.pdf
Deleted Comment
Deleted Comment
/me glances at the great big pile of Satoshi coins...
Except for that small initial 1 million that stayed with Adam
Deleted Comment
I believe that everyone has a fundamental right to secure, private communication. Some people may hold the same belief for the right to transfer funds. I don't agree and I suspect many others feel the same. That tension alone makes this look like a bad decision to me.
Sadly, now it feels like Signal was just a long game trojan for Marlinspike to onboard users to a cryptocurrency pyramid scheme. This has nothing to do with its core functionality and it makes me question the developers' motives.
I've wasted my influence with my non-technical friends convincing them to adopt Signal, and I don't forsee convincing them to switch yet again to something different.
The state of secure messaging is really bleak. I wish Matrix had an IM-style client that was decent enough for non-technical users to adopt.
This has bitten me before. Now I'm thinking that every recommendation and suggestion to adopt must come with a "for now this is the best way to do it, but it will probably change again". And somehow try to prepare the non-technical people for that.
See Element [1] which uses Matrix [2]. It feels like IM, and is super simple to onboard new users. I'm not involved with it, but I'm a huge fan of the Matrix ecosystem.
If you want group chats to be mixed in with 1-1 chats, try SchildiChat [3], a fork of Element.
[1]: https://element.io/
[2]: https://matrix.org/
[3]: https://schildi.chat/
At the risk of sounding like a Signal simp: don’t use this feature if you’d don’t like it? I have no idea whether this is a good or bad idea, I figure the proof of the pudding is in the tasting and I haven’t had a chance to try the signal payments feature, but I’m willing to extend the benefit of the doubt here at least as far as “I’ll withhold judgement til I can try it for myself.”
I really don’t get the ire on this. I think it’s good that whisper systems is forward looking and trying to be innovative and dynamic and go where users are rather than just sit around waiting to become irrelevant. Not all experiments or risks will pay off but that doesn’t mean risks and bets are bad.
Is it really that hard to imagine unobtrusive UI that makes this as optional as sending GIFs, stickers or location data? Or did the later features already kill Signal for you?
Signal for iOS still doesn't support message backup like the Android version.
And Telegram introduced a feature to import old Whatsapp chats into new Telegram conversations, a form of "backup". This was great when I was migrating away from Whatsapp, and made the decision between Signal and Telegram easy for casual conversations where encryption wasn't a priority.
What are the arguments?
Don't you think that as data becomes more and more valuable, "freedom of transaction" is a natural evolution of "freedom of communication"?
In an environment where only "legally valueless" data circulates freely, the few entities that are actually able to monetize this data become gigantic monopolies (Google, FB, ...), while most individual parties are either forced to play by their rules (Youtube, Patreon, ...) or filtered out by startup costs.
The whole issue is a real minefield and I don't have a firm stance. And obviously the fiat money system has gaps and flaws there too. I'm sure much of the HN audience would disagree with me here from a libertarian point of view. But I think it's safe to say that the issue of transaction privacy & freedom is not as straightforward as that of speech (which itself is really not that simple).
Dead Comment
Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical. Moxie has stated he will not support anyone but his team compiling or distributing Signal binaries so third party signed builds via privacy focused app stores like F-Droid are out. All builds must also use Signal centralized servers even though that centralizes TCP/IP metadata, etc.
Not to mention you need to show government ID to get a SIM to use the Signal wallet for said private currency/messenger in 200 countries.
Secondly having a decentralized currency whose servers can only run on Intel machines with Intel SGX is a very centralized supply chain as well.
A single supply chain attack on Intel microcode or related SGX updates could run malicious code and game over for the currency globally? A government that sees MobileCoin as a threat could make Intel do this.
With a SPOF on the supply chain of the only client people are expected to use and another SPOF on the only hardware enclave people are supposed to use for servers... decentralized is technically true but not used in the same way as most other projects that use that word.
I will keep an eye on this experiment though, because there are some unique ideas here which could have value should your trust anchors expand beyond Intel and Signal.
> Those that only run open source software like myself have no secure way to run Signal short of compiling every release by hand which is impractical.
Nope: https://signal.org/android/apk/
There are less than 200 countries in total, unless you get very creative with states that are arent recognized more more than a handful of other countries, like Abkhazia or Transnistria.
You also dont need ID to buy SIM cards in the US, so I'm curious on how valid this assertion is.
I do wonder how long the US (or, for example, Finland) will remain a holdout in this regard.
To get counts, I also analyzed the table in the annex; it lists exactly 200 countries (checking each of them, that's because in addition to 193 UN members, it includes two non-member countries: Kosovo and Taiwan, and five other non-countries: French Guiana, Greenland, Hong Kong, Macao, Svalbard).
Of these, 34 are listed as "SIM registration not mandated" and further 7 are listed as "SIM registration under consideration", the rest are "SIM registration mandated", i.e. 159 countries.
Basically the whole world requires it except for North America/UK and a few smaller countries mostly in Europe. Also notable that countries without ID requirement mostly happen to be the ones with very low prepaid SIM penetration (see the map on page 6 [page 8 of the PDF]) so their unidentified SIM usage is presumably low anyway, though it remains a possibility in those countries.
Edit: Sorry, 6 are listed as "State of SIM registration inconclusive" which I have missed, so "SIM registration mandated" count should be 153.
The same goes for virtual/VoIP numbers. No skypein etc.
It's a regulated market, so should the need arise to keep the identity of all subscribers in the future, it is likely not much more than a counter-terrorism-related law away.
Particularly because the software is timebombed and stops working after a while (and also blocked on the server side if you bypass the client side timebomb).
Clicking build in Android Studio?
here too about 11mins in - https://www.youtube.com/watch?v=e9afDQ_M5CU
Feature bloat is one of the worst things for a security conscious product. The more features, the more attack vectors. Nobody asked for payments in Signal. Where did this idea come from? It was never put forward prior to this, it was never on the road map. That only makes me even more suspicious of this decision, which leads to my second point...
MobileCoin has all the appearances of a scam. 85% of the coin is owned by the creators. The price rapidly shot up at the end of March. The social media of the developers was posting rubbish for a long period of time. There was no mention of this collaboration beforehand. This has all the hallmarks of a pump and dump. Have the Signal devs been duped? Or are they wanting to cash in on Signal's rising popularity?
Anybody at all with an interest in Signal needs to let the foundation know that this Beta needs to be scrapped, and that payments should never be added.
There was: https://news.ycombinator.com/item?id=26718488
The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
There's no cost to sending payments on most mainstream banks. How much do you charge?
Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
Thanks!
The one venmo-like thing people do use a lot in the U.K. is probably something like revolut for dealing with different currencies and international transfers (either for travel in Europe or for migrant workers sending earnings abroad for family or retirement). But a service that’s only available in the U.K. isn’t much use for that.
I also personally don’t really see the privacy use. I think I’m willing to give up a reasonably large amount of private information about the people on either side of a transaction if it is effective at reducing fraud and making transactions reversible.
idk, but this sounds like a great problem to have.
In russia government can send your organisation money from abroad via an agent and then shut you down as a 'foreign agent'.
In cases where you've been sent unwanted money your obligation is typically to return it, but that specific type of use-case is often not considered when people design things. If you end up in a situation where anyone can send you money and you can't return it, you're in big trouble because the sender might be causing you to unintentionally get involved in a violation of the law and leave you without any method to undo it.
First time I read about that, how does this work in practice? A person regularly sends you small amounts such that all you see is their name whenever you log into your bank account?
Imagine getting a dozen messages saying
£0.01 From: Your Stalker Ex. Ref: I just want you back!
Or similar. It's a real problem.
If you were regularly recieving money from someone, then it looks like you're in business with them - and you'd have a hard time pricing you're not if they then staged some other activities (i.e. shipping you stolen goods, which they then have stolen from your doorstep by an associate).
A: MobileCoin is as fast (or faster in some cases) than a bank payment in the UK with greater privacy. As far as settling back to Fiat, if that's what you're asking about, the velocity of that depends on on-ramp and off-ramp integrations which will come over time (but it looks like there's no reason MobileCoin can't help developers deliver payments at the same speed as banks).
>>The UK has a problem with authorised push payment fraud. Banks can recover funds which have been sent as a result of phishing / fraud. How can I reverse a payment on your platform if it was fraudulent?
A: Payments on MobileCoin cannot be reversed at the protocol level. If you want escrow and reversibility, you should use a wallet or payment service that supports those primitives. We believe that developers will build such services on top of the foundation of the MobileCoin protocol.
>>The UK also has receiver verification. If I try to send to an account and it doesn't match the name I'm sending to, my bank will warn me. How do you stop impersonation?
A: Signal relies on phone numbers for identities. Other apps that integrate MobileCoin may have a higher threshold for identification.
>>There's no cost to sending payments on most mainstream banks. How much do you charge?
A: Fees are set by the foundation (which has a stated goal of keeping transaction fees to around $.04 when the network isn't congested). Currently fees are higher as they need to be adjusted by a foundation vote.
>>Most banks let the user block receiving payments from specific accounts. How do you stop harassers sending unwanted money?
A: Signal doesn't allow people you haven't keypaired with to send you funds. If you have accepted a message request from someone, they can send you money.
It gives readers a better sense of your ability to answer the questions accurately, in addition to letting people make assessments based on the potential conflict of interest.
Also, responding here and inviting discussion on a technical level is possibly the best thing you can do for perception of Mob, because this is a forum where those questions are likely to get asked.
Edit: I see you've done that in another post on this thread. Since we don't have anything like flair it would also help people who don't read the whole thread.
I know the next question is signal specific but do you have any details on how they'll maintain privacy for pegging which is likely just to require an on/off ramp. Surely this is just no better if the majority of transactions have an associated log on an exchange?
Also, why do the Signal developers trust SGX so much and have stayed completely silent about SGX vulnerabilities – even when the cryptographers whose quotes they used to put on the signal.org home page[1] are increasingly critical?[2]
Finally, why is there no open communication about major events like the Signal PIN UI fuckup last year or the server issues earlier this year? Foundation or not, if no communication is happening and they're not demonstrating that they're capable of openly admitting mistakes and learning, they're not gaining the trust of anyone.
Don't get me wrong, I've been a die-hard fan of Signal since the early TextSecure days and have convinced > 100 people to switch but I'm starting to have a bad aftertaste and some of my friends (equally big Signal fans) are, too.
EDIT: Looks like the Signal server repo[3] was updated today, as this article[4] (in German) attests to. I had last checked the repo this past weekend. I suppose the repo hadn't been updated to keep the MobileCoin thing secret but I do wonder: Why not simply create a private branch instead of risking one's reputation for openness?
[0]: http://web.archive.org/web/20210311053716/https://github.com...
[1]: http://web.archive.org/web/20200201112751/https://signal.org...
[2]: https://blog.cryptographyengineering.com/2020/07/10/a-few-th...
[3]: https://github.com/signalapp/Signal-Server
[4]: https://www.golem.de/news/crypto-messenger-signal-server-nic...
Maybe because the marketing of their sketchy token scheme depends exclusively on the illusion of SGX security.
Traceable by Google every time you open the App... and using Google's Backup service to store the private keys unencrypted. Well, so much for E2EE.
This combined with what went on with LibreSignal and legal threats from moxie made me realize it's just a company selling privacy claims without proof.
(if you don't think this is true, use AppWarden or decompile the APK. Play Services, Firebase and Recaptcha are still integrated years after LibreSignal was forked.)
> Google PREF cookie
The PREF cookie is for Google's safe browsing feature. How on Earth would that find its way into Signal? (I doubt the link preview feature uses that, given how much effort they put into making sure they get it right[2].)
> Traceable by Google every time you open the App...
How so? AFAIK the Signal app doesn't connect to the Google servers directly (reCAPTCHA aside – I have yet to see it in Signal but even then it would be a one-time thing), so even if the cookie existed, it wouldn't get transferred anywhere. The Firebase Cloud Messaging library / Google Play Services on your phone do connect to Google but they carry unique identifiers, anyway (or otherwise push notifications would not work). If you don't want that, use a phone without all the Google stuff – Signal works fine without it (though it might need more battery).
> and using Google's Backup service to store the private keys unencrypted
Could you provide a source that's more accurate than "decompile the APK" or "read the source code"? AFAIR the app's database is encrypted at rest by a key in the phone's hardware key store precisely because the Signal developers did not want Google Backup to get access to the app's data. (Which is why they ended up rolling their own backup solution.)
> This combined with what went on with LibreSignal and legal threats from moxie made me realize it's just a company selling privacy claims without proof.
What legal threats? (I'm familiar with the discussion but I have yet to see Moxie threatening anyone.)
[0]: https://signal.org/blog/giphy-experiment/
[1]: https://signal.org/blog/signal-and-giphy-update/
[2]: https://signal.org/blog/i-link-therefore-i-am/
Compared to the ICO crypto shenanigans of Telegram and now this I don't see a reason to switch. People also kept trying to get me to use Brave instead of Chrome, and the first time I opened it there was crypto advertisement everywhere.
That is quite an understatement. This is like Facebook saying "we will protect your privacy, but there is a slight delay".
Deleted Comment
All the SGX stuff is about making metadata more private for features that absolutely must be done serverside. So a compromise in SGX is more an issue if Signal itself becomes adversarial or gets compromised. Most services only rely on this for security and don't use things like SGX to hide things from themselves.
I'm the CEO of MobileCoin. If anyone has any questions please feel free to ask here. We've been working on this project for four years and it has been a labor of love. There's a lot of new technology here.
We exist in a highly regulated space so it's possible some questions will require reaching out to lawyers to make sure we answer them in a way that's compliant so please don't feel offended if a response takes a while to come back.
The best set of docs for how the whole thing fits together is our book "The Mechanics of MobileCoin"[0].
We'll be around here and on our forums [1] to answer questions. Please also check out our foundation website[2]. The github[3] is also a lot of fun, especially the section on Fog[4].
[0]https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste...
[1]https://community.mobilecoin.foundation
[2]https://mobilecoin.foundation
[3]https://github.com/mobilecoinfoundation/mobilecoin
[4]https://github.com/mobilecoinfoundation/fog
1. how does MobileCoin make money?
2. how many coins do you / does MobileCoin own?
3. related to that, are there mechanisms in place to prove that this is not a pump and dump? Or simply, how do I know it's not one and it's here for the long-term?
4. what's the threat model of the blockchain you're using? E.g. for Bitcoin, the chain is compromised once 51% of the hashing rate belongs to collaborative evil miners (as a rough approximation). What about MobileCoin? When would something bad happen? How is it prevented?
5. how does MobileCoin compare with privacy-oriented cryptocurrencies such as Monero?
P.S.: you might wanna add a F.A.Q. section somewhere for the questions I've mentioned and the others in this HN thread, right now we either have to blindly trust the claims on https://www.mobilecoin.com/ or going through the 133 pages of https://github.com/UkoeHB/Mechanics-of-MobileCoin, there should be some intermediate tech documentation (or does it exist already?)
MobileCoin pre-mined the coins and is selling them to users. According to other comments, they hold 85% of the coins.
The CEO is commenting in this thread with a link to buy the coins. They make money by selling these coins.
2) I have to check with the lawyers on whether we can disclose exact amounts, but our intention is to own a small minority of coins over the long term. We want the supply to circulate.
3) I don’t know how to prove this other than to tell you that MobileCoin is here to stay. You’ll know us by our deeds.
4) the threat model is 100% of nodes being compromised with an active attack against SGX. If there is even a single honest machine, the network will scream on any fault.
5) MobileCoin is fast and privacy-protecting (and it works on mobile without consuming tons of energy). There aren’t any other cryptocurrencies that presently fit that bill.
https://www.cynicusrex.com/file/cryptocultscience.html
My question, to both you and (especially) Moxie: Why do you trust Intel SGX so much (for Signal but now also MobileCoin)? Why are you not worried about vulnerabilities? As you're surely aware, even Matt Green who is/used to be(?) the biggest fan of Signal[0] is very concerned[1] about SGX. I don't question your intentions but the fact that Signal as an organization has stayed completely silent about this is… worrisome and at the very least taints its reputation of openness and trustworthiness. With MobileCoin now relying on it, too (more or less), this only seems to be getting worse.
[0]: http://web.archive.org/web/20200201112751/https://signal.org...
[1]: https://blog.cryptographyengineering.com/2020/07/10/a-few-th...
1: https://news.ycombinator.com/item?id=26715348
What is the identity and distribution behind the current mobilecoin nodes? What are the requirements for running a node? Since there is no node rewards how will nodes funded in the long term (10+ years)?
Does mobilecoin employ something similar to Dandelion++? What prevents nodes or those running fog from performing timing based attacks? Is mobilecoin suseptable to any other attacks (e.g. Poisoned output, subaddress association)?
How will the mobilecoin foundation and continued development be funded in the long term (10+ years)?
If SGX is found to be vulnerable/no longer fit for purpose is there a mitigation plan?
I know Moxie seems to put near-complete trust in SGX, but many security professionals don't.
Why does it make sense to integrate MobileCoin into anything? Why not use Monero or zCash? Sure, you can definitely explain this to me, but nothing explains that to general people on your GitHub page. Same thing on your foundation page, which simply has logos and "Private Payments for everyone" [1].
I've spent a lot of time working on blockchain and perceptually, it feels like you're trying to sell snake oil here. For example, the mechanics paper [2] starts with "Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic." Cryptography is a tool. What's obscure about it? People are using it right this second. Why is it esoteric?
The paper then continues with a brief overview of 'blockchains' (why the scare quotes?). In the same paragraph, it states that the purpose of blockchains is that "no piece of money can be duplicated or created at will" but this is only one of many points of the entire point of a blockchain. Why does it not explore other facets of blockchains if the goal is to be introductory?
Then, in the fifth paragraph, the paper remembers that people may not be reading this for the first time with no experience, and suddenly jumps up to 11, with this paragraph. Note, this paragraph is one single 91-word jargon-filled sentence:
> MobileCoin is a standard one-dimensional directed acyclic graph (DAG) cryptocurrency blockchain, where blocks are consensuated with an implementation of the Stellar Consensus Protocol, transactions are validated in SGX secure enclaves and are based on elliptic curve cryptography using the Ristretto abstraction on curve E25519, transaction inputs are shown to exist in the blockchain with Merkle proofs of membership and are signed with Schnorr-style multilayered linkable spontaneous anonymous group signatures (MLSAG), and output amounts (communicated to recipients via ECDH) are concealed with Pedersen commitments and proven in a legitimate range with Bulletproofs.
While I want to assume good faith here, I find that the blockchain community often has a history of attempting to "smooth over problems" with lots of jargon and hoping for the best. This sentence, when run through Hemingway [3], gives it a post-graduate reading level. But that's not anything about the cryptography: the paragraph/sentence is simply unreadable to most people. It serves no purpose in the middle of this section.
While I'm sure you'll mention that this is a preview document, you're pointing people to it as the primary resource for people to learn "how the whole thing fits together."
Other warning signs that make me wary are everywhere.
The foundation about page has the Intel, Azure, and IBM logos under a "powered by" footer [4]. The meaning is ambiguous, and the intent is clear: you want to use these big tech company logos, because they're recognized. Yet, this is the exact same thing companies do when they're sponsored by other companies. To the untrained eye, these are indistinguishable things. Is MobileCoin sponsored by Intel, IBM, or Azure? If not, you should remove the logos. It feels like a "trust play." You're not linking to any sites or providing any information as to your relationships with these companies, but it seems like you just have cloud services with Azure and IBM, and use Intel SGX.
There's a typo on the "Foundation Trusted Nodes" page (two words slammed together): "MobileCoin Consensus is built on trust relationships between individuals and organizations who are running MobileCoin Consensus Validator Nodes.Determining" [5].
So, I suppose, if I had a question, it's: why, in all of this documentation and all of the websites that you've linked to, is there not a single "you should use MobileCoin over Monero and zCash because of ..." comparison? Why does it seem more like it's interested in propping itself up and being trustworthy, rather than conveying details about how it's superior to its competition for mobile payments?
[0]: https://github.com/mobilecoinfoundation/mobilecoin
[1]: https://www.mobilecoin.foundation/ & https://archive.is/ktf3o
[2]: https://github.com/UkoeHB/Mechanics-of-MobileCoin/blob/maste... (archive: https://files.catbox.moe/1wal8z.pdf)
[3]: https://hemingwayapp.com/
[4]: https://www.mobilecoin.foundation/about & https://archive.is/JNDbG
[5]: https://www.mobilecoin.foundation/foundation-trusted-nodes & https://archive.is/Pr868
Deleted Comment
Deleted Comment
There's a missing reference on p. 61 (physical page 68)
> ...Chapter ?? discusses how enclaves fit into the broader picture of consensuating transactions and growing the MobileCoin blockchain.
I assume it means chapter 10.