A communications tool must have censorship resistance (decentralization), anonymous signup without requiring a phone, and have an official way to obtain binaries signed by the community instead of by corpos that can be forced to insert backdoors.
Signal fails on every single one of these criteria and that is why we must stop recommending it to our friends and family who have a very limited tolerance for technology changes.
Choose decentralization.
Use matrix, or make something better.
@lrvick I would love to use matrix everywhere, but last time I tried, I got the dreaded "unable to decrypt message" and could not read messages from my friend anymore. That's intolerable UX :(. I've been waiting too long for matrix to get good.
Signal is centralized, but has better security and apps you actually want to use.
@vitSkalicky You would rather have a central party have control of the network and binaries to thus have total access to your messages and metadata in plain text, so long as it never has bugs?
I maybe get "unable to decrypt message" about once a month these days, as a power user, and then I just refresh and when their client is online to re-sync keys again later, it works again.
Decentralized protocols take the most time to mature and update but they are worth it, always.
@lrvick Signal is using reproducible builds, so you can verify that the binaries match the source code. And I rather have my messages properly encrypted on a centralized server than using a decentralized network that leaks my messages to hackers because of a bug.
As I said, I'm big fan of decentralized protocols (email, XMPP, Matrix) but they need to work. Matrix does not :(.
@vitSkalicky Signal disabled those reproducible builds for a year so they could work on mobilecoin secretly, and no one noticed. They also mandate you get signed binaries from google play or the app store. They can easily ship you a binary different from the reproducible one.
Also I send end to end encrypted messages to my firends and family directly and via group chats every day. It has been my exclusive personal messaging system in my circles for years.
What does not work exactly for you?
@lrvick Let me check those reproducible builds... I don't get why they would need to disable them for mobile coin...
Element X is getting better now, but it is still a bit clumsy. I was chatting with my friend when suddenly none of us could decrypt each other's messages. If it was a chat between my mom and and granpa, they would have no idea what to do and they would go back to WhatsApp :( unacceptable.
Also Element Desktop is warning about some problem with libsecret every time I start it :(
@vitSkalicky Signal silently stopped pushing code to their public repos for a year and was effectively closed source so they could secretly add mobilecoin support.
Naturally moxie was a paid adviser on the MobileCoin board and it was a pre-mine coin so he made bank by abusing his power over a non-profit chat app to add support for a cryptocoin he was invested in.
Shady shit like that, and their refusal to support community builds or servers are major red flags.
@vitSkalicky I am the one that went viral for publicly calling out moxie for this blatant corruption, and the only response we got from the signal foundation was Moxie stepping down, and being replaced by the founder of WhatsApp.
Centralized power has been abused as long as humans have been a thing. We are all greedy bastards, and it is why no one should have control over something as fundamental as the ability for humans to privately communicate with other humans.
@vitSkalicky Signal is thus a centralized chat app that requires you agree to the Google or Apple terms of service to use it via official channels, and it has a history of blatant financial corruption and going closed source without warning.
These facts make Signal a complete non starter, and thus Matrix is kind of the only option that exists making it easier to look past bugs and UX shortcomings.
And thus we are left with matrix, and working through any bugs along the path to it maturing.
@lrvick You can use Signal's self-updating APK from their website on a de-googled custom ROM.
The UX bugs and shortcomings of Matrix are so severe in my experience that you cannot look past them. Matrix is not something I would install on my grandpa's phone and expected it to work.
Also, you are ignoring XMPP. Why don't you use that?
@vitSkalicky sideloading an apk requires disabling signature verification which no one should do.
The non google/apple option that is signed and reasonably safe is f-droid where you push your signature, and they build it and push a second signature.
This is the practical solution for end users that do not have the time or experience to reproduce every release by hand.
Moxie made it a policy to never allow this, for fear it would hurt google/apple usage tracking stats, by his own admission.
@lrvick wtf are you talking about? All app installs on Android are TOFU (trust on first use). And how do you install F-Droid? By sideloading it!
Most of your claims are half-trues of completely wrong, so I'm ending the discussion here. If you want to discuss further, support your claims by evidence first.
@vitSkalicky f-droid has had a mature system for automated reproducible builds and multi-party signing from source for maybe 10 years now, while Signal just hosts an unsigned apk and cheekily says it is possible for users to manually reproduce and sideload every release, knowing almost no one will ever do this.
Lance R. Vick
Vít Skalický 
