Switching to Signal is Not Enough
Switching to Signal is Not Enough, but it's a good step towards the right direction. Protocols help you avoid being locked into a single application or service.
This page was published on
,
and was last updated on
.
Tags:
Switching to Signal is a good step towards the right direction, but it is not enough.
We are seeing a massive spike in Signal
installations
since WhatsApp introduced their new privacy policy.
Though there are many other alternatives available, Signal is getting popular, but the hype is due to A celebrity's tweet to Install Signal
.
Unlike WhatsApp, Signal is a non-profit organization, and Signal is a free and open-source client. This makes Signal superior in terms of security as they have gone through multiple audits and anyone can verify that the encryption is done correctly.
There are things in common for both of them, some are good and some are... not so much.
Con: Both are centralized
If Signal goes the wrong way, we cannot just switch a server and continue like what we can do with other decentralized, federated services like Mastodon, PeerTube, or Matrix.
A wide adoption to a centralized service is never a good idea as moving from it means you have to convince everyone else using that service to move with you (isn't this what's happening with WhatsApp?).
But if the service is decentralized, one can just switch from the server they don't like, it's like switching the e-mail, you'll just change the domain, and everyone can still mail you without installing another app or using a new different service.
Edit: on 15th January 2020, Signal had a global
outage
due to the surge in its usage, this also demonstate how vulnerable Signal is to a takedown.
If a decentralized service had a similar issue, users could have moved on to another server without loosing functionality.
Con: Both are not available on F-Droid or other Foss stores
WhatsApp does not qualify the requirements to be included in the F-Droid store, this is because WhatsApp is a proprietary application and has non-free binaries included in it.
But Signal does qualify (or it used to until Signal devs decided to included Google reCAPTCHA) and the developer Moxie is against having Signal published in F-Droid.
Instead, He decided to provide a link on the website to download the android APK directly.
The link is not mentioned anywhere on the website, instead if you search for Signal APK
in your search engine, you will be able to find the link to download the file.
But the page will warn you and try it's best to install the app from the privacy invading Google Play Store.
F-Droid allows anyone to create custom repositories and that would be a much secure way to download the application than a direct link.
Pro: Both uses Signal protocol
Signal protocol is one of the most secure cryptographic protocol that can be used to provide end-to-end encryption for voice, video and text conversations.
WhatsApp claims to use Signal protocol, but by design (proprietary service) there is a way for the user to verify if WhatsApp actually uses it or not.
Instead of relying on applications, one should rely on protocols, this makes sure that anyone can use the app of their choice to contact you.
Update : I used to have a list of alternatives that you can use on this page (archived), I've moved them to my migrating to floss blog as it fits better there, make sure to check it out!