š£THREAD: Itās surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but youānot AWS, not Signal, not anyoneācan access your comms).
Itās also concerning. 1/
The tor network has had 100% uptime. 100%
i did not say run Signal over tor
@davidfetter I did read the whole thing, and this was the only point I could distill from the tor analogy. You're not wrong that it's not going to be comfortable. I was happy to explain it to the one that brought it up, if that was indeed the point being made.
I don't have a strong opinion here, happy signal user, not trying to add hot takes of my own ššæ
Sorry if that was unclear.
@FinchHaven @yawnbox @davep except @signalapp chose to use #AWS (and @Mer__edith chose to not migrate away from it) as well as #Signal chose to bloat from #TextMessaging to centralized #VideoCalling.
There are better options and even if Signal refused to #decentraloze they could've easily outsorced the most workload to users with #P2P #WebRTC.
If people accept nonexisting dedicaded Servers for AAA FPS games sold for $60+, then they certainly can deal with P2P videocalls in a "Free"* Appā¦
Free as in: Relying on big donations because the people behind it can't even do a #Shitcoin #Scam properly...
@jenzi@mastodon.social @lexinova @davidfetter@kolektiva.social Doesn't even need that. #XMPP+#OMEMO (Chats) & #P2P-#WebRTC (Video- & VoiceCalling) are *evdently better* than a centralized, #SingleVendor & #SingleProvider [system](https://infosec.space/@kkarhan/114935952643402592)ā¦ - And that is why @signalapp@mastodon.world will inevitably end like #ICQ & #Skype!
@wanwizard And there are ISPs with IPv6 whose addresses cannot be accessed from outside the ISP.
Thatās why we cancelled a fiber plan here: we found out that half the people wouldnāt be able to connect via IPv6, and there was no IPv4 at all.
It seems that they fail badly on their peering.
@davep @yawnbox
@wanwizard I donāt even need fixed IPv4. I have a dyndns address.
@davep it may be normal, but it shouldnāt be.
We have this awesome distributed structure with full end-to-end connections between all devices and we use it to build a network where devices cannot talk to each other ā¦
ā¦ and then we wonder why AWS became part of the failure point trinity of modern computing.
@wanwizard @yawnbox
@davep @ArneBab @yawnbox Normal as in "we've gotten used to it", yes.
But definitely not normal. It is technically not an issue to give every mobile connection a publicly reachable IPv6 address, it is what it is designed for.
CGNAT is one of the things that makes both ISPs and hosting parties lazy, there is still plenty out there that is IPv4 only.
I often see surprised faces when I discuss our hosting services with potential clients, and I mention that we run full dual stack everywhere.
@wanwizard @davep @ArneBab @yawnbox IMHO #CGNAT should've been outlawed and #IPv6 support should've been mandated by law...
@wanwizard @davep @ArneBab @yawnbox even my #ISP won't give me proper #DualStack, so I'm stuck on static #IPv4 onlyā¦
@FinchHaven@sfba.social @yawnbox@disobey.net @davep@infosec.exchange except @signalapp@mastodon.world *chose* to use #AWS (and @Mer__edith@mastodon.world chose to not migrate away from it) as well as #Signal *chose* to bloat from #TextMessaging to centralized #VideoCalling. There are [better options](https://infosec.space/@kkarhan/115492122419368937) and even if Signal refused to #decentraloze they could've easily outsorced the most workload to users with #P2P #WebRTC. - If people accept *nonexisting dedicaded Servers* for [AAA FPS games sold for $60+](https://www.youtube.com/watch?v=tBvFmhfllrk&t=4m48s), then they certainly can deal with P2P videocalls in a *"Free*"* Appā¦ * Free as in: Relying on big donations because the people behind it can't even do a #Shitcoin #Scam [properly...](https://www.youtube.com/watch?v=0DSGq9FQKU4)
@billiglarper ouch, thatās painful. Iāve done Jitsi calls with 30 people.
Did that degrade with updates or was it always that bad for you?
@billiglarper An alternative would be BBB. Weāve been using that for 4-person roleplaying sessions for years now. All with Video.
@billiglarper trying to check for points where centralization can be reduced, because the AWS outage showed how dependent Signal is on centralized infrastructure.
Note that Meredith is not in the recipients to avoid filling her replies with the unresolved discussion.
@ArneBab @davep @yawnbox Note that in the specific use case of Signal: given their threat model, "direct peer-to-peer connections by default" are not desirable. You'll need to bounce the audio&video traffic by default to make it more costly to infere who is talking with whom.
So the fact that working NAT and IPv6 help rely less on TURN servers won't help decentralize that much.
@dryak Maybe a start could be to switch to direct peer-to-peer connection if Signal sees that both sides are in the same subnet (i.e. on the same wifi).
In that case they connect to the signal server for connection with a voice-data profile *at the same time* which already gives away that they are talking, so staying in the subnet with a direct peer-to-peer connection would reduce the total privacy loss.
@dryak but firstoff, to stop discussing with too little information: the reason they use a forwarding server is that a single device canāt send video to 40 people via direct connections.
Hereās their description: https://signal.org/blog/how-to-build-encrypted-group-calls/
That also shows the level of complexity involved already.
Signal released end-to-end encrypted group calls a year ago, and since then weāve scaled from support for 5 participants all the way to 40. There is no off the shelf software that would allow us to support calls of that size while ensuring that all communication is end-to-end encrypted, so we bui...
Things may have moved on since then, "attest: Functionality for remote attestation of SGX enclaves and server-side HSMs."
@davep @ArneBab @dryak yeah, the same #proprietary shitboxes thar get hacked so often.that #Intelcyeeted that from #Consumer #CPU|s and now there's no "legal" way to play #4K #BluRayDisc|s on modern systems.
Moxie trusts too much into the silicon of parties who's goals are irreconcileable at odds with his demands.
But I guess that's normal with @signalapp folksā¦
https://infosec.space/@kkarhan/114935952643402592
https://infosec.space/@kkarhan/115492122419368937
https://infosec.space/@kkarhan/115492154062048948
My [reservations](https://infosec.space/@kkarhan/114234551915193036) and [criticism](https://infosec.space/@kkarhan/114862595629371002) re: #Signal are not just valid, but the reality is *even worse than I thought*: - The fact that @signalapp@mastodon.world requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users *who don't have a fucking #camera in their Android*ā¦ Seriously, do they expect folks to deal with that shit? - It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles@monocles.social / #monoclesChat & @gajim@fosstodon.org / #gajim easier and faster to onboard #TechIlliterates onto. - Whichever asshole decided that a *replacement for #SMS* should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it! FIX THAT SHIT, @Mer__edith@mastodon.world, and if it means you need to kick some devs in their crouch then consider this a necessary *"investment"*ā¦ #sarcasm #TechSupport #TapesFromTechSupport #Enshittifucation #SignalSucks #TelegramSucks #Messengers
@davep @soop @yawnbox @Mer__edith no it's not.
@FinchHaven@sfba.social @yawnbox@disobey.net @davep@infosec.exchange except @signalapp@mastodon.world *chose* to use #AWS (and @Mer__edith@mastodon.world chose to not migrate away from it) as well as #Signal *chose* to bloat from #TextMessaging to centralized #VideoCalling. There are [better options](https://infosec.space/@kkarhan/115492122419368937) and even if Signal refused to #decentraloze they could've easily outsorced the most workload to users with #P2P #WebRTC. - If people accept *nonexisting dedicaded Servers* for [AAA FPS games sold for $60+](https://www.youtube.com/watch?v=tBvFmhfllrk&t=4m48s), then they certainly can deal with P2P videocalls in a *"Free*"* Appā¦ * Free as in: Relying on big donations because the people behind it can't even do a #Shitcoin #Scam [properly...](https://www.youtube.com/watch?v=0DSGq9FQKU4)
@davep @yawnbox @Mer__edith Pretty sure that wouldn't even be as big of an issue as long as you don't try to exit the network.
You could even potentially improve the throughput ability by making every client that wants to use the network a node that relays traffic when it doesn't have active calls, however that's not suited to be automatically activated on mobile devices with limited power or even data caps. (But I would imagine people would be willingly donate resources to such a network if a simple separate application was offered the same way as it's done with TOR already)
@davep @yawnbox @Mer__edith Regarding Tor: instant messaging (if you stretch "instant" to cover several seconds which is acceptable in practice) have been successfully ran over Tor and other distributed settings.
Regarding video not relying on a centralized infra: Skype during its Kazaa-/pre-Microsoft- era and its "Super nodes" has been a widely successful example of a video calling software that doesn't rely that much on centralisation (but of course with a completely different security model)
@dryak also skype was crap that failed every day for many of us.
@aspensmonster @dryak @yawnbox @Mer__edith
That seems feasible enough. But there's a big difference between having a decent enough experience using Tor for a subset of client interactions and using it across the Signal infrastructure.
I guess the benefit would be to make it (somewhat) more difficult for third parties to link people using synchronous communications, but I don't know if that's a big enough incentive to try it (and it's the synchronous comms that do worst with Tor).
I'm no expert and just thinking out loud here š¤Ŗ
@dryak @davep @yawnbox @Mer__edith yes, cuz.I've been using #XMPP (#OTR, now #OMEMO) for 15+ years over @torproject / #Tor on a THROTTLED #EDGEland* connection!
*#Germany is EDGEland
My [reservations](https://infosec.space/@kkarhan/114234551915193036) and [criticism](https://infosec.space/@kkarhan/114862595629371002) re: #Signal are not just valid, but the reality is *even worse than I thought*: - The fact that @signalapp@mastodon.world requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users *who don't have a fucking #camera in their Android*ā¦ Seriously, do they expect folks to deal with that shit? - It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles@monocles.social / #monoclesChat & @gajim@fosstodon.org / #gajim easier and faster to onboard #TechIlliterates onto. - Whichever asshole decided that a *replacement for #SMS* should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it! FIX THAT SHIT, @Mer__edith@mastodon.world, and if it means you need to kick some devs in their crouch then consider this a necessary *"investment"*ā¦ #sarcasm #TechSupport #TapesFromTechSupport #Enshittifucation #SignalSucks #TelegramSucks #Messengers
With respect Meredith, iām talking about decentralized protocols and their capability to not depend so heavily on the service providers youāre arguing for. Tor Project has shown how possible it is (i used to work there, and itās spelled Tor not TOR).
I listened to Moxieās aversions to decentralization for years. Thatās what I keep seeing now, with posts like these. I also understand the value of huge cloud providers, Iāve worked for many companies who use them, and have worked for them, and I understand why you depend on them and how important that is to a high quality service. Thank you for all that you all do.
But what conversations does Signal Foundation actually have on the topics of resiliency through decentralization? How much money could you save by allowing the community to take on aspects of the network? How much resiliency and trust could be gained, without losing performance?
@tris @yawnbox @Mer__edith @cwtch granted, @signalapp chose to be bad!
@dryak@mstdn.science @davep@infosec.exchange @yawnbox@disobey.net @Mer__edith@mastodon.world yes, cuz.I've been using #XMPP (#OTR, now #OMEMO) for 15+ years over @torproject@mastodon.social / #Tor on a THROTTLED #EDGEland* connection! - It's just that @signalapp@mastodon.world *[chose](https://infosec.space/@kkarhan/114935952643402592) #centralization over #sustainability*ā¦ *#Germany is EDGEland
@yawnbox @Mer__edith Tor is basically a glorified network protocol (albeit very smart) so having it distributed by design is less of an issue.
I agree that making Signal more robust through decentralisation would be great, but this sort of thing gets more difficult the higher up the stack you go, especially when it wasn't part of the core design principles.
@davep @yawnbox @Mer__edith with decentralization you're throwing out of the window not only latency, but often also the capacity to guarantee delivery.
Consider this talk for details:
https://hapyyr.com/@bogo/115401249466782443
...also for alternatives to Signal and the corresponding tradeoffs.
If you are looking for good privacy respecting messaging and other apps, you could check my slides from @linuxdays@mastodonczech.cz conference here : https://pretalx.linuxdays.cz/media/linuxdays-2025/submissions/KGHCKC/resources/FOSS_tools_to_fight__EE3GIn4.pdf #foss #privacy #linuxdays
@mapto @davep @yawnbox @Mer__edith that is dangerous #disinfo, cuz you can let clients send back sending confirmation.
@tris@chaos.social @yawnbox@disobey.net @Mer__edith@mastodon.world @cwtch@fosstodon.org granted, @signalapp@mastodon.world chose to be bad! - As in: It's easer, faster, cheaper, more resilient, private and secure to onboard #TechIlliterates woth #XMPP+#OMEMO over @torproject@mastodon.social / #Tor using @guardianproject@librem.one #Orbot @monocles@monocles.social / #monoclesChat than to do so for #Signal for the last [15+ years](https://infosec.space/@kkarhan/115492199979302447) ! And [I did try to like Signal - honestly!](https://infosec.space/@kkarhan/114935952643402592)
@kkarhan @mapto @yawnbox @Mer__edith
"It's easer, faster, cheaper, more resilient, private and secure to onboard #TechIlliterates woth #XMPP+#OMEMO over @torproject / #Tor using @guardianproject #Orbot @monocles / #monoclesChat..."
If it's easier, why isn't it as successful and used by the military etc? You seem to have dismissed video calls etc too. You could argue against that functionality for certain use cases, but it's become a core part of secure messaging over time. Maybe they just have different audiences.
I kind of agree on Moxie's reliance on Intel SGX though. Even at its inception it worried me. But it's not part of the core E2EE protocol so could potentially be replaced.
@davep @mapto @yawnbox @Mer__edith Granted #MIL / #INTEL - espechally in the #USA - have bespoke pipelines (they tend to use @RocketChat ) and for #Videocalling there are many #WebRTC based options like #WebCall & #JitsiMeet ā¦
You don't expect a Motorcycle to be good at hauling trailers nor do you expect a 40t truck to be perfect for cruising around mountain passes.
Meredith Whittaker
yawnboxšfosdem
David Penfold 
Laurens š§¢ š š»
iwein
David Fetter
FinchHaven sfba
Kevin Karhan 
ArneBab
WanWizard š“ó §ó ¢ó ³ó £ó “ó æ š³š±
Francis š“āā ļø Gulotta
Preston Maness ā
Billiglarper
DrYak
zaire arcana
Max Lee
Diogo Constantino
helly ā
Tris
mapto