What makes it impossible? Naively I would think that if you have a secure 1:1 communication protocol, then you can send N*(1:1) secure messages to a group of N people. To solve the "fake group message" problem where an adversarial member of the group sends different messages to different members of the group, or delays the message to some members, the protocol could simply allow for a 2nd level "vouch" message to be sent, such that Alice sends the message to Bob, Alice sends the message to Charlie, Charlie messages Bob a receipt with the receive time and a hash of the chat log, and Bob messages Charlie a receipt with the receive time and a hash of the chat log. If the hashes don't match, or the receive time is unacceptably different, then you highlight the message as suspect.

Sure, it takes N^2+N messages, but that's not exactly a massive overhead for text. Multimedia takes N times as much bandwidth as the 1-server, server-many model for the sender, but otherwise isn't terrible.

https://simplex.chat/ is iterating on this. There’s a lot of pros and cons to any design of private group chats from the perspective of privacy, performance and single points of failure.

Messaging Layer Security (IETF working group) has some interesting solutions to the various associated problems, and it's being developed as an open standard with multiple implementations: https://messaginglayersecurity.rocks/

Matrix, while kind of a PITA for non-technical people to get into, can do it quite well considering the featureset they support.

Any "secure" encrypted messenger that allows more than 1 to 1 connections will always have the potential for the "ghost user" problem.

System level some use additional connections/recipients for spam/moderation and the moment you allow any invisible/visible group users in, there is a massive potential for an exploit.

Additionally you have the potential for forking off messaging to other users at the system level for either oversight or spam/moderation/other. Some of the compromised systems out there use this very well.

A sneaky way some of these "secure" messaging apps are also doing this is ghost participants in the chat that can essentially syphon off the messages even without a compromised client. The ghost participant is always under the guise of moderation or anti-spam or telemetry or some other proprietary shim.

> The code shows that the messages were secretly duplicated and sent to a “ghost” contact that was hidden from the users’ contact lists. [1]

Lots of "secure" messaging apps do this for intel and surveillance and not just the white hats.

Other areas that "secure" messaging apps have holes in is the anti-spam/moderation systems that need to view messages and in the clients themselves who have access to the unencrypted content. This is also taking place in other client apps as well: VPN, password managers, extensions, wallets, even build systems and more. Many like VPNs have logs sent elsewhere but deleted locally -- access to entire machine and all network access. People are way too trusting of "secure" systems/apps that are very common today based on trust.

All of these apps/systems would pass code checks, reviews, security inspections and essentially be encrypted/"secure" though a copy is sent off to another area for review. At runtime the leak is in the direction of the data.

Then you also have governmental oversight that opens up holes that can be exploited.

On Ghost Users and Messaging Backdoors [2]

> to add a “ghost user” (or in some cases, a “ghost device”) to an existing group chat or calling session. In systems where group membership can be modified by the provider infrastructure, this could mostly be done via changes to the server-side components of the provider’s system.

> I say that it could mostly be done server-side, because there’s a wrinkle. Even if you modify the provider infrastructure to add unauthorized users to a conversation, most existing E2E systems do notify users when a new participant (or device) joins a conversation. Generally speaking, having a stranger wander into your conversation is a great way to notify criminals that the game’s afoot or what have you, so you’ll absolutely want to block this warning.

> While the GCHQ proposal doesn’t go into great detail, it seems to follow that any workable proposal will require providers to suppress those warning messages at the target’s device. This means the proposal will also require changes to the client application as well as the server-side infrastructure.

> (Certain apps like Signal are already somewhat hardened against these changes, because group chat setup is handled in an end-to-end encrypted/authenticated fashion by clients. This prevents the server from inserting new users without the collaboration of at least one group participant. At the moment, however, both WhatsApp and iMessage seem vulnerable to GCHQ’s proposed approach.)

[1] https://www.vice.com/en/article/v7veg8/anom-app-source-code-...

[2] https://blog.cryptographyengineering.com/2018/12/17/on-ghost...

it is very trivial if you don't use unnecessarily fancy cryptographic protocols

In groups you do the same: send a photo message to every group member

I'm currently 20 and mostly use stickers for “repetitive” messages, like “Good Morning” and the like. Sometimes to convey emotions that are hard to type out at that moment, too.

Creating custom sticker packs is also fun, including memes or cute cats.

But of course I don't speak for everyone my age, and it's different for each culture and personality.

About once a week I accidentally send a sticker in Signal. It feels like it should be impossible, but somehow my subconscious muscle memory uses those positions for something. But I've never met anyone else with this problem and still haven't figured out how or why I'm doing it, so I can't blame them.

Yes, it's in the article and also works on android.

Assuming everyone you know isn't already using Signal, I think the most important "feature" for any existing Signal user is getting more users on there.

As far as I can tell, lots of people love stories.

They recently announced they are removing Sms support on Android which feels vastly more useful for the non-tech crowd.

A lot of people (friends) I know on IG use it only for sharing stories.

From my experiences, Signal has the cleanest, most functional UX and design out of nearly all my apps. I have a mid-range Pixel 4a running CalyxOS and it works without hiccups. Not sure why yours is so slow.

+1 on the update harassment. Are these critical security bugs or random updates!? You never know.

Same here, moved to Telegram. Still use Signal though (my mother still contacts me there) but the product needs work.

Indeed. A simple example is photo-sharing, a critical function for many people.

Every time you send you have to manually choose if you want higher quality over smaller size. You can't set a default option.

You can crop crop photos, but the crop handles don't work properly and often spring back if you only want to crop in one dimension.

There's an anti-pattern where there's a separate tool selection and tool edit UI on the screen at the same time, so if you are in a hurry and hit 'Save' without hitting 'done' (immediately above it) your changes are discarded.

But if you hit the discard button, you have to confirm it in a modal dialog. It's faster to discard changes by hitting 'save'.

There are pen and highlighter tools so you can draw on an image. but no shape tools, in case you wanted to blank out someone's face.

There's a text tool with some display options. But it's always in the middle of the image. You can move it around, but only after you have typed the text. You can pick color but you can't change the font. It's faster to make a meme online.

You can't use any text effects like italic, bold, or underline either.

Remember how there were going to be blurring tools built in so you could blur faces if you were an activist or journalist? Offered in Beta, never made it to production.

Well, you could just put a sticker over their face, using one of Signal's (extremely cringey) stickers, or by uploading your own. But you can't paste an emoji.

On desktop, you can drag a sticker over the photo with the mouse, and it gets a little '+' in a box to show you're copying the sticker. Then it disappears. Why? Because it was designed for a touch UI and only clicking on a sticker will actually add it.

These are just the problems with image handling/markup. I could make many more lists for other aspects of the app. The markup tools would be kind of superfluous, but it is useful to be able to do thm within the app...only they're implemented in a way that is a source of constant frustration.

If you bring this up with them on Twitter or so people will rush to say 'well Signal is for secure messaging, use an art program if you want fancy image editing lol.' The same people who rush to defend Stories and stickers as 'broadening appeal' while simultaneously saying 'nobody uses SMS anyway' even though SMS is ubiquitous in Signal's home market. It has degenerated into fanboyism at this point.

I don't think that's accurate.

Pretty sure both work the same way regarding metadata. Think about it: if Signal didn't know that A was messaging B, how would they route that message to B's phone? A has to be able to find B's ip address someway. B can't broadcast its ip address to all the Signal users -- that would be a huge security hole.

It probably works like this: 1) A sends encrypted message + B's phone number to the server 2) server looks up the ip address for B's phone number 3) server routes the message there.

Also, both WhatsApp and Signal hash the contacts data the same way. Signal does seem to go a bit further, however.

WhatsApp's implementation: https://www.whatsapp.com/legal/information-for-people-who-do... Signal's implementation: https://signal.org/blog/private-contact-discovery/

> All metadata is unencrypted

And all the rest of the data too, for all intents and purposes.

After all it is Meta that provides the keys, operates the network, and controls the closed source apps. Also, it is precisely Meta's type of behaviour that warrants encrypting personal data in the first place.

Perhaps that's the real reason they renamed to Meta. Not for the metaverse, but because of their incredible volume of metadata.

Here's an easy way not to forget (on Android):

1) Enable daily backups in Signal

2) Set up Syncthing to automatically send these backups to your laptop/whatever.

3) Profit.

They stop using it because they can’t sms? Why is that… no connection to wifi?

I can accept that it is a real argument, since so many people mention it. But I just don't get it.

People have multiple apps for their social networks, and are completely fine with them. Snapchat, Facebook, TikTok, WhatsApp, Telegram. At the end of the day, I think it's just an excuse. They don't want to install Signal because they follow what others do, and it seems like others are not on Signal.

Instead of saying: "Install Signal, it will be your new SMS app", if you said "What? You don't have Signal? That's the new thing man", I'm sure they would try it. Then realize that they don't have contacts there, and uninstall it (because they reaaaaaallly need to save those 6MB badly on their phone, for some reason).

People don't use what's best, people use what other people use. They don't want to think.

Canadians, people in their 30s and beyond, people who aren't on Facebook, random people not in your friend group, businesses. But most of all, the people who keep complaining about SMS support! What you're saying is a bit nonsensical "if I ignore everyone in this group, the group has no one in it".

People with an Android phone that talk to people with iPhones where one of those parties doesn't use Signal. That's who.

My SMS use:

1) Spam (~40%)

2) Transactional messages (~40%)

3) Conversations with old (45+) relatives (~15%)

4) Conversations with people I barely know (parents of kids' friends, people responding to a web market listing, that kind of thing) (~5%)

Americans basically.

Android users apparently.

everyone receiving packages, visiting doctor, receiving 2FA codes, etc. - TLDR basically every adult person not living on street

but you are right it doesn't have much use for children

They didn't have much choice, unfortunately: https://community.signalusers.org/t/signal-blog-removing-sms...

On this new Google Pixel 7, the app launcher thing is limited to just 4 apps. Now that I can't use Signal for SMS, it has lost it's convenient spot on my home screen. I find myself using it less, so like you, I'm very displeased about their dropping SMS. The forum thread on Signal's Discourse about the change is full of snide remarks from their moderators, and it's extremely disappointing to see Signal community leaders disparaging their own long-time users over SMS. Turning back on the legacy of TextSecure in this way justifies framing this as a betrayal.

All that being said...

I still trust Signal's Stories implementation over any other. While I believe they could have competed with SMS-capable apps like iMessage, Google Messages, and Samsung Messages, if pivoting into WhatsApp/Instagram/Snapchat/TikTok territory is what they'd rather do, then I believe they can execute it well.

I use signal for SMS. Is this an iOS thing? If so presumably it's an Apple restriction?

edit: ah, they announced recently that they are removing SMS support in Android. The reasoning is solid IMO, I've accidentally sent insecure messages before.

Do Telegram, Whatsapp, FB Messenger, etc support SMS?

Maybe I'm the odd one but I haven't received an SMS in a decade. It's all iMessage, WhatsApp, Telegram and the only SMS are transactional that I receive but never send.

I was only able to convince family to use Signal because they didn't need two apps for messaging. It's pretty much a dead app for me now and the decision makes my conversations profoundly less private and safe.

I know that Signal announced plans to have accounts based on usernames rather than phone numbers in the past. I wonder if the removal of SMS has something to do with usernames.

SMS is very rarely used anymore outside of the US and a few select other countries, and for most people Signal and similar messengers serve as a replacement for text messages, not a supplement. It's probably just not a worthwhile market/feature to keep anymore.

Come to think of it, I'm having a very hard time coming up with any sensible use case for using Signal over text message. Presumably both sides still need Signal for the encryption to work, so what's the point? Might as well use the internet to send the message. The only scenario I can see it being useful is when you have GSM, but no internet connectivity, and that's rare these days.

Same. Only now I will be "forced" to ditch Signal as well, for the exact same reason. And I'm an uber-paranoid privacy nut who uses GrapheneOS on my phone.

Thing is, I have all of 2 close contacts who use Signal. The rest use the default messaging app on their phone. So I already had to accept the fact that most of my texts were non-encrypted while I continued to try to persuade people to install Signal. Which was easier to do when it could conveniently replace their default messaging app and give them better security and privacy without any sacrifice.

But like them, I also have zero interest in using Signal to text all of 2 people and a different messaging app for everyone else. As much as I want e2e encryption for my texts, and would like SMS to be universally replaced by something secure, it's not like I text enough (or even use a phone enough) for my texts to be a particularly large attack vector in the first place. It would be way more useful to get MFA codes sent through Signal than it would to have my close contacts switch (and they're not going to anyway so what does it matter if I'm the only one who uses it?)

> My family members will basically all stop using Signal now because they didn't want two apps for messaging.

Schedule time in your calendar for helping family with their "lost" SMS. At least at the moment, Signal seems to keep SMS separately from other apps. Uninstalling Signal will probably make any archived messages dissapear, at least temporarily.