undefined | Better HN

0 pointsknz9y ago0 comments

I've given up on Signal (for now at least). Yes the encryption and privacy is great but without a decent desktop client it's hard to get others in my network to switch to it.

Two things bothered me about the desktop application - it runs as a Chrome application rather than in a tab (not sure if there is a technical reason for this?). If I care enough out privacy to run Signal then I probably don't want to broadcast to anyone watching my screen that I'm running it (like a boss walking past etc) and would rather bury it amongst my other open tabs. I also couldn't find any obvious way to sign out of or lock the desktop client - if this isn't just user error then it seems like a significant oversight for a secure messaging app to not allow the user to control access if someone else was able to access the computer.

It also really bothered me that signal doesn't give me better control over what contacts can see my phone number. When I signed in I could see phone numbers for a contractor I had used for remodelling my home. The desktop client had them listed as someone to message on the default page. It's not a huge deal in this situation but if the phone number was for someone I no longer wanted to be in touch with (a former partner etc) then there was no obvious way in either the Android app or desktop client to block them. I assume that the other user can also see my details - security should include having control over who can see your phone number.

Edit: Screenshots from the desktop app as a response to comment below:

http://imgur.com/5nK07ER - the default screen http://imgur.com/mmEyQWH - the settings UI

http://imgur.com/gjdyPsF - showing Signal in my dock for all to see.

0 comments

4 comments · 1 top-level

morsch9y ago· 3 in thread

There is a desktop client. It's packaged as a Chrome app. Some people downthread think a "decent" desktop app must be (more) standalone. You seem to think a "decent" desktop app should live inside a browser tab. It's hard to make everybody happy. People need to stop claiming there is no desktop app just because the very clearly existing one does not fulfill their own arbitrary set of criteria.

I don't know if you can sign out within Signal desktop (I assume you can, but I can't verify at the moment); you can sign out existing Signal sessions from within the mobile app.

The phone number is Signal's account identifier. You don't see somebody else's phone number because you've got them on Signal, you're seeing them on Signal because you've got their phone number. So you're worried about people having access to your phone number who already have access to your phone number. Signal using phone numbers as account identifiers has it's issues, this is not one of them.

knzOP9y ago

I don't mean to be negative about Signal. I appreciate the work they have put into it and understand that the platform is maturing - as you said, they can't please everyone.

The chrome app vs tab is definitely a minor issue related to user preference. It's not a deal breaker for me personally but others in my network (who are less concerned about privacy) will not switch if it's not easy. Not being able to sign out is a possible deal breaker and seems like basic functionality that has security implications.

Thanks for the information about the phone numbers - I understand that they aren't a "contact" in the sense that we added each other. I do think the issue of having control over who can see my phone number is a valid one though. How would I block someone I no longer want to have contact with without changing my phone number? Again, this seems like basic functionality for a platform that is concerned about security and privacy.

Here are screenshots from the desktop app showing the only options I can see:

http://imgur.com/5nK07ER - the default screen (includes the contact that I mentioned in my first post as someone I can message right now.)

http://imgur.com/mmEyQWH - the settings UI

morsch9y ago

Okay, I checked now, and you're right, there does not seem to be a way to sign out (or, as they call it, unlink) the desktop app from within the desktop app. I agree, that's weird.

As a workaround, you can unlink using the phone app[1], and I assume (but have not checked) deleting the desktop app will also work.

[1] http://support.whispersystems.org/hc/en-us/articles/21645978...

codethief9y ago

On Android there's a button in the conversation settings to block the other party.

1 more reply

j / k navigate · click thread line to collapse