Aral BalkanRE: https://infosec.exchange/@molytov/116376968214888959
Gee, maybe Signal shouldn’t keep harassing people to turn on notifications and take no for an answer?
Thoughts, @Mer__edith?
@Mer__edith Oh, and would you look at that, right on cue…
The opposite of “yes” is “no”, not “not now” or “ask me later”.
#hostileDesign #consent #Signal #design #theOppositeOfYesIsNo
@Mer__edith No, thank you. Please don’t.
Behind every app that won’t take “no” for an answer, there’s a developer that doesn’t understand the concept of consent.
This is a legacy anti-feature, implemented at a time before Signal’s new leadership. I expect better, going forward.
mike morris@aral @Mer__edith
To put it more bluntly: Behind every app that won't take "no" for an answer, there's a rapist mentality.
To put it more bluntly: Behind every app that won't take "no" for an answer, there's a rapist mentality.
bewilderbeast23@mikro2nd @aral @Mer__edith Thats putting it more honestly. Wordpress has now added AI shit unasked-for and given google access to everything their bloggers write, no permission granted.
If anyone knows how we can block these thefts, I'd love to hear it.
If anyone knows how we can block these thefts, I'd love to hear it.
Tom Stoneham@aral It is not just developers. Even #Signal needs a network effect to achieve its mission and missed notifications turn people away from an app. @Mer__edith has been clear about the need for this and the way it affects design decisions.
The question they face is whether this is the right compromise between making the app attractive to mass users and respecting those users' autonomy. A three way option might solve that.
@tomstoneham @Mer__edith There’s a reason the base of the ethical design pyramid is Human Rights.
https://web.archive.org/web/20250328100446/https://ind.ie/ethical-design/
(Make it 10 different options if you like, as long as one of them is “no.”)
Hyde 📷 🖋 
@aral @Mer__edith 100% agree on this.
Please dont copy bad features others built in their app.
Marcella Francesca 
>Turn me on?
<Not know!
>We'll remind you later.
<I'd be having a headache and I'm not in group-sex either!
JimmyB (he/him)@Mer__edith @aral there should be a special place in hell for developers who have yes and later as options…
Deixis9I noticed that too.
Also in other recent micro annoyance news; are ads now playing out in full on youtube and elsewhere before the option to 'skip' is offered?
or is that just me?
@Deixis9 @Mer__edith 🤷♂️
(I don’t see ads on the occasions I’m forced on YouTube.) ;)
RichBartlett 
@aral @Mer__edith to me its a sign of enshittification, see this classic example from Microsoft if you dare to use the web interface via a browser
@RichBartlett @Mer__edith There was a time Microsoft wasn’t shit?
@aral @Mer__edith I wasn't there at the beginning so I can't say, I started with Windows 3.11 and NT 4.
Brad Macpherson@RichBartlett @aral @Mer__edith Ethics has never been a foundational part of Microsoft - Altair BASIC was written partly using stolen computer time, and only after having been sold as vapourware (they claimed to have it under active development when that didn't start until after the deal was made).
Pair of chancers who made it big - Del Boy and Rodders with no charm and even fewer scruples.
Daniël Franke 
@aral @RichBartlett @Mer__edith There was a short time where they looked like they were at least trying to be less shit. Around Win2k through windows 7. Sure vista had issues but at least those issues came from them trying to fix stuff.
juristi
Msb
Ellie 🏴🏳️⚧️@aral @Mer__edith this kind of sus shit is certainly not helping against any of the FUD around signal.
@31113 @Mer__edith Thing is, I really don’t think it’s on purpose. It was, of course, in the Moxie days (when it was implemented) because, well, Moxie… but I like to think they’re either afraid to turn off an anti-feature they see as driving “engagement” (why that’s important for an app like Signal is beyond me) or they just don’t see it as a priority and haven’t gotten around to it yet. I sincerely hope it’s the latter and that the issue will get addressed. Especially in light of this latest news.
Lucas Cantor@aral @Mer__edith I opened a GitHub issue about this several months ago: https://github.com/signalapp/Signal-iOS/issues/6175
I appreciate the response I received, explaining how one of the top issues users report is "issues with notifications", and in many of those reports it turns out the user had disabled notification permissions either accidentally or a long time ago and forgot.
...but it would be nice to have an in-app setting to disable this check if desired!
Scott Francis@aral I must not see what you see (but also don't understand the logic in having a messaging app with no notifications; how would you know somebody messaged or called?)
last time I installed, I set notifications (just show there is one, do not show details) and that's the last I've ever seen or heard about it ¯\_(ツ)_/¯
@darkuncle “Yes / Ask me again later” is a hostile design pattern that shows a profound lack of respect for consent. Signal should be doing better.
You do not know better than the person making the decision whether or not they want notifications on.
(The opposite of “yes” is “no”.)
CC @Mer__edith
KNova@aral @Mer__edith Where do you see this? I’m with @darkuncle - I turned set my notification settings and haven’t been asked by the app again.
Molytov (@[email protected])
Attached: 1 image @darkuncle @[email protected] I imagine if I were to disable notifications, it would be because I intend to only engage with the app on my terms rather than having the app try to get my attention, perhaps away from other things I want to be focused on instead. But that isn't actually relevant to the problem. A user doesn't owe anyone justification for how they set something up for themselves, and an app should be something that accommodates their needs, rather than demanding certain behaviour from them. And like Aral said, the option isn't just a one-time "Yes" and "No" - as in "Alright, I'll enable notifications" vs "No, I want to keep them disabled" - it only has "Not now", which means the app will continue to send the prompt in the future, which does not respect the user's choice.
@aral I guess I haven't seen that particular design pattern (just disabled notifications, restarted Signal, and got prompted -- "not now / enable" -- so yeah, confirming what you see. It's IMO on a par with prodding the user about their PIN, which is at worst mildly annoying but serves a useful purpose).
(I still maintain that a messaging app that supports audio and video calls, but has no notifications enabled, is effectively useless -- but end users should have the option to choose that. I'd argue a better UX here would be "yes / no / ask me later" and if you pick "no" you get an explicit warning that you will never be notified of any incoming calls or messages; at least that way unsophisticated users are aware of the risks and sophisticated ones can still make that tradeoff.
Tradeoffs are really key here, and we should support maximum end user control while also being very explicit about tradeoffs to avoid surprises.)
@darkuncle Here’s what it looks like: https://infosec.exchange/@molytov/116377085436505039
Molytov (@[email protected])
Attached: 1 image @darkuncle @[email protected] I imagine if I were to disable notifications, it would be because I intend to only engage with the app on my terms rather than having the app try to get my attention, perhaps away from other things I want to be focused on instead. But that isn't actually relevant to the problem. A user doesn't owe anyone justification for how they set something up for themselves, and an app should be something that accommodates their needs, rather than demanding certain behaviour from them. And like Aral said, the option isn't just a one-time "Yes" and "No" - as in "Alright, I'll enable notifications" vs "No, I want to keep them disabled" - it only has "Not now", which means the app will continue to send the prompt in the future, which does not respect the user's choice.
sharifgaza
Mx VerdaBut come on, Eileen! Please.
mathew@aral @darkuncle @Mer__edith There’s some hope, they’ve finally adjusted the contact permissions dialog to be once per install.
Molytov@darkuncle @aral I imagine if I were to disable notifications, it would be because I intend to only engage with the app on my terms rather than having the app try to get my attention, perhaps away from other things I want to be focused on instead.
But that isn't actually relevant to the problem. A user doesn't owe anyone justification for how they set something up for themselves, and an app should be something that accommodates their needs, rather than demanding certain behaviour from them.
And like Aral said, the option isn't just a one-time "Yes" and "No" - as in "Alright, I'll enable notifications" vs "No, I want to keep them disabled" - it only has "Not now", which means the app will continue to send the prompt in the future, which does not respect the user's choice.
But that isn't actually relevant to the problem. A user doesn't owe anyone justification for how they set something up for themselves, and an app should be something that accommodates their needs, rather than demanding certain behaviour from them.
And like Aral said, the option isn't just a one-time "Yes" and "No" - as in "Alright, I'll enable notifications" vs "No, I want to keep them disabled" - it only has "Not now", which means the app will continue to send the prompt in the future, which does not respect the user's choice.
@molytov @aral when you are maintaining an app that supports both sophisticated and novice users, you sometimes have to make a decision between user choice and minimizing user risks due to tradeoffs they did not consider. (e.g., my mom last week calling me to figure out why she missed texts from her friend group all the time, and then we realized she had somehow muted the chat but did not realize.)
that said: we should be supporting user choice, while simultaneously being explicit about tradeoffs and risks. both these things are possible, and in this case I'd add "no" in addition to "yes" and "ask me later", and when selecting "no" would warn the user that all incoming calls and messages would be silent, and is that what they want. ¯\_(ツ)_/¯
@darkuncle @aral Absolutely. I think the solution for such an issue would be to properly communicate what an option means so that the user can make a proper decision.
One possible tactic that comes to mind is if a user opts to not enable notifications from the prompt, display a second prompt along the lines of "Are you sure? You won't get notified and will have to open the app to check messages. You can change this option in this menu later." and lock the confirmation and cancellation options behind a 3-5 second timer so that the user is more likely to actually read the warning and not thoughtlessly tap the confirm option just to get rid of it. I don't have years of experience designing and testing UX though so there's probably better ways to accomplish the goal.
@aral @Mer__edith I have notifications enabled without showing any content so I don't experience such persistent messages, but I've seen several comments from people complaining about Signal constantly trying to get them to enable notifications so I don't doubt that is the case. The user makes a conscious choice to enable or disable notifications and they have their reasons for whatever they choose; an app bombarding them with demands to have an option be set a certain way isn't respecting of their decision.
Fabio Manganiello@aral @Mer__edith also a reminder that support for #UnifiedPush, so notifications can be delivered over private ntfy or Nextcloud servers without leaking content to GCM/FCM, has been requested by users for a while.
Context:
https://github.com/signalapp/Signal-Android/issues/13290
David Culley@aral When I set "Show Preview" to "Never"—meaning I still get notified about a new message, but the notification will just tell me there's a new message instead of displaying its content—will the content of the message still end up in the database from which the FBI extracted the content of the message?
David Chisnall (*Now with 50% more sarcasm!*)Note that simply turning on notifications is not sufficient for this exploit route to work, you must also allow notifications to be shown on the home screen.
If you do this, then anyone with physical access to your device will see messages as they arrive, so your threat model must exclude people who can see your screen. If your threat model excludes people who can see your screen, it should probably also exclude people who can connect to the OS and extract system state from the device.
EDIT: This in no way invalidates your points about consent. Signal should really do better.