They probably tried to say that most of signal users use third party keyboards.
https://www.nbcnews.com/tech/security/trump-bans-wechat-some...
Note that even for Chinese people in the US (myself included), Signal was in my experience a pretty minor choice when Trump was trying to ban WeChat. Whatsapp, Line, etc were among the favorite alternatives.
Additionally, if you're already using a chinese phone, why does it matter whether your IME is compromised? Doesn't the CCP already have its nose in all of the manufacturers' OSes already? Maybe Signal should warn about that as well.
I'm all for helping people communicate securely, something Signal should be very interested in, but the hyper focus on IMEs is confusing.
What specifically are you saying here? Are you suggesting that every Chinese person's phone is sending off their keyboard inputs to the Chinese government even if they don't use a compromised IME? Because if not, then yes it matters whether or not your IME is compromised. Otherwise your position is just "the phone might be compromised in ways I don't know, so I won't even bother fixing the ways I do know".
Yes.
You have a point about the rest, though, especially when it comes to more secure systems.
https://www.techrepublic.com/blog/asian-technology/japanese-...
> ... please use the original title, unless it is misleading or linkbait; don't editorialize.
https://news.ycombinator.com/newsguidelines.html
If you can still edit the title, you should change it to the original "Signal should warn users who are likely using insecure IME apps"
https://twitter.com/RealSexyCyborg/status/119769537620088012...
That's hardly her main point:
> For Chinese who are used to a specific IME- like Sogou, trying to type on something else is a tiny bit like a QWERTY user suddenly faced with Dvorak- we can make it work, but it's slow enough day to day that 50/50 they just install Sogou because what's the big deal right?
> The Signal "fix" is "Incognito Mode" aka for the app to say "Pretty please don't read everything I type" to the virtual keyboard and count on Google/random app makers to listen to the flag, and not be under court order to do otherwise.
> Needless to say, Sogou/Baidu dos not respect the IME_FLAG_NO_PERSONALIZED_LEARNING flag. So basically all hardware here is self-compromised 5 minutes out of the box.
> so unless journalists tell them otherwise, which they have not been doing- users will install Sogou.
This is important.
Btw I agree that when Signal says your messages are secure, it should probably do something to warn about ways things still may leak.
I don't mind it at all. If someone uses "being called asshole" as a reason to not even inform anyone, they would have found another excuse. Some people simply register it as strong language and otherwise focus on the content. At any rate, it's very easy to judge what someone says in frustration when you yourself don't even suffer from the situation and/or don't care about those who do.
> But it's not like everyone tries to annoy other, it's more an issue of ignorance.
So she shed light on that, and instead of talking about the important bit, people think it's super important to teach a random person to not be rude, ever? That's what we're focusing on?
Insecure IMEs exist everywhere and affect every app. Not just Signal, not just in China.
This is the operating system's job to tackle, not Signal's. And oh wonder: Android displays a scary reminder when you install an IME (of course they could and should disallow network access for IMEs as well).
Signal should show a reminder to help people be secure, but framing this as some kind of obligation towards the people of China is weird.
EDIT: The specific request in TFA is to detect users using a third party IME and give them a security warning. Seems pretty reasonable.
(ios makes the third-party keyboard ask the user for "full access" in order to hit the internet.)
Considering how quickly the language moves to keep up with internet culture and new newsworthy names, new parlances, new memes, an IME has to do the equivalent of staying up to date with the equivalent of urbandictionary for users to be able to invoke the latest "lit" colloquialism. This is a full-time job on its own.
There are entire companies that exist to solve just this problem that is basically orthogonal to Signal’s purpose and mission. While it would be great for there to be a top tier Chinese IME from someone we trust, it’s by no means an easy task like most people are probably envisioning.
They already have some romanizations like Pinyin that are largely phonetic.
But take something like "mao". Without any accents to indicate the tone, that could be:
* 毛 - like a dozen distinct meanings
* 猫 - a few meanings, but mostly "cat"
* 冒 - half a dozen meanings
* 昴 - one meaning
* 懋 - a few meanings
* 帽 - a few meanings
* 貌 - a few meanings
* 牦 - one meaning
* 矛 - one meaning
* 铆 - a couple meanings
* 锚 - one meaning
* 贸 - one meaning
* 茂 - two meanings
When someone uses a romanized keyboard to type "m", "a", "o" you've got like two dozen possible characters that becomes. If you're trying to figure out from context which one the person might be intending, you need to look at like 60 different possible meanings in context and figure out which characters are most appropriate. And that's given the previous several things they've entered have been narrowed down to one character, but likely still have several meanings.
A lot of (I'd dare say most?) Chinese people do use romanized input (the alternative I've seen is very slowly drawing out each individual character on the screen), but whether the keyboard sees you type "I have a cute... mao" and decides you want 'anchor' or 'cat' has a huge impact on day-to-day usability for people actually using it.
The written language is vastly more complicated than the spoken one as far as I can tell. A syllable that can have 60 meanings is relatively easy to figure out in context, but when written the meaning has to be made explicit. As a really basic example, "ta" is both he and she. So they just don't have masculine and feminine pronouns, right? Wrong. 他 is he, 她 is she. These are said exactly the same so even given accents to indicate tone they're romanized identically. But when written, the distinction is made.
And if you make a mistake somewhere in all of this?
Well, baba (爸爸) is dad. baba is also poop (㞎㞎).
Wo ai ni, baba. I love you, poop.
Imagine typing English by speaking. You can say "flower", but that might get written out as "flour". Some intelligence has to be implemented that picks the right one based on context, or give you the ability to correct it. That is where the complexity in east asian input methods come from.
(Yes, as English-speaking computer users we are very lucky. The exact sort of symbols that readers of English expect map 1:1 to our keyboards. Still kind of a pain on a phone, though!)
I'm not sure I understand your point. Without keeping up with the new memes, IME still let people type them (it's simply not as easy when IME does not auto-suggest the new combination, users can manually select each Chinese character).
Regarding "an informal ambiguous layer", are you implying there is something more fundamental/low-level than the Chinese characters used in communication? If so, what is that?
Can china shut down Signal by banning traffic that seems like Signal communication??
They could do that, but it would have a maintenance cost. I do think we need to find a solution to this, however, as these personalised keyboards actually _track_ what people type. That could have real-world implications.