@sir I like how they don't mention the need for phone numbers to use either, which puts a direct homing beacon on what is supposed to be an otherwise secure service.
Not the "forcing users to use proprietary software if they want updates" and "refusing to use f-droid" parts of the approach, but a single client is kind of necessary for what Signal is aiming to do, isn't it?
* Mail clients that embed a web engine on top of another web engine (basically all GUI mail clients, including from "trusted" projects)
* Web browsers that push things like scripts, Java Applets and Flash (basically forcing them as de facto standards or to be implemented as real standards)
* Poor implementations of crypto (see: Enigmail)
* Bloated and worse-than-reference implementations of crypto (see: any implementation of DJB's work that doesn't come from DJB)
* Chat clients that have collapsible code blocks, making clients that don't implement them have to start parsing messages to make chat tolerable again
For something where the primary goal isn't to be "secure," this is fine, if irritating. That HTML mail and DRM in web browsers is standard now because irritating companies strong-armed it is a pretty good example, I think.
The entire goal of Signal was "messenger that even a random child reasonably assume to be secure using," but when people aren't forced to the latest version of a single client, this breaks crowd immunity (people on up-to-date versions of the reference implementation get harmed by people on outdated or non-reference clients).
Of course, Signal fucks it up by relying on centralized, trackable infrastructure to function (secure but not anonymous), so I think 99% of it is wrong, but I don't see how "Only allow one client" is a bad idea.
@kick @communist @sir Yeah, to be honest, while I like the idea of Matrix and the concept of it, the actual implementations leave tons and tons to be desired. That basic management bits are still missing after several years (but hey, we have “communities” now!) says a lot about their development methods and such :(
@sir do you have a preferred secure instant messaging platform that works reasonably well on mobile phones?