Week 6 Using Signal

Wherein I ask for help finding my Signal groups:

@librarianbryan: I’m so curious as to which texting app you were using when your friends complained about getting ads regarding what you were texting about. This is something that lots and lots of people have shared anecdotal evidence about, and no one has yet figured out how these apps are doing this. They insist that they aren’t data mining the texts, but that seems like BS.

Re: government employees and transparency around using Signal – it’s a good point! And definitely something to think about more deeply when using privacy tools. In what situations are they not appropriate? Public employee work matters seem like something that should be taken off Signal. But maybe public employee union organizing could be kept there. :slight_smile:

Re: not wanting to randomly invite people to Signal. I should have noted, I always give folks a heads up when inviting them. We definitely don’t want to be sending people random links!!

Re: not being able to find your groups. That is…super weird and I have never seen that happen before. Are you on an Android? So you just name the group and create it and then it disappears? I don’t see anything in the Signal bug tracker that looks like this problem, but maybe you want to look for it? https://github.com/signalapp/Signal-Android/issues And if you don’t see it, please open a new bug report!!

Also, you mention some other issues with Signal Desktop. Definitely open some bug reports for those. You can find Signal Desktop and Signal iOS under their main Github page: https://github.com/signalapp. I open a lot of tickets with them and they’re pretty responsive. Let’s make this software work the way we need it to!!!

@lucedeira likewise, when you get a chance make sure to open a bug report about the QR code not working (first, search for your issue to see if someone else has brought it up): https://github.com/signalapp/Signal-Android/issues. Opening bug reports is one of the best ways librarians can help improve privacy tools.

Re: making it the default app. This actually should not be required. Did it give you some kind of message saying this? Sounds like another bug report to me!

Re: groups. It’s very good that Signal gives you those warnings about creating an MMS group. Otherwise, you might think that the communications are encrypted when they’re really not. Signal is getting better at usability across the board (in part because of detailed bug reports opened by users!!).

Re: what about using Signal is public. So when you use Signal, if law enforcement is surveilling you in real time (like with a Stingray) they can see that you’re using Signal but they can’t see who you communicate with or what you’re saying. If they request your phone records later, all they can see is that you have the app installed and the last time you used it, but nothing about what you communicate about nor whom you communicate with. That metadata/contact privacy is one of the features that makes Signal unique among end-to-end encrypted messengers.

@Rebekah re: differences between Whatsapp and Signal: you’ve got most of it here! The only thing I will add is what I just said to Lucia above…even as Signal stores your phone number to function, it doesn’t store records of who you communicate with, so it can’t turn that over when requested. Like Jessie talked about today – you can’t give up something if you don’t have it!

Thanks Alison!
It seems that someone is having issues with the QR code too so I will read over their ticket/report first. And I will go over my notes re:default and see if there is anything about that too in the Issues page I will check it out.

Occasional hiccups: sometimes we would notice syncing issues, and we assumed the cause was internet connectivity issues and/or our phones data settings as Signal used to only work over a data connection. MMS messages occasionally would not work with folks not on Signal. The actual phone and video chat services haven’t worked as good as SMS/MMS. In our experience, the encrypted calls are really choppy and hardly work, but we haven’t tested it in a while.

All of that weirdness is with the phone app not the desktop app. As is typical with me, the paragraph is poorly constructed. Followed up with my friend about Signal. He was freaked when ads for things he was Googling would appear in the Facebook app. He still started using Signal though.

https://support.signal.org/hc/en-us/articles/217169117-Where-are-my-groups-

Here’s my experience with Signal

Here is my Signal experience

@AllyM, a few comments:

  • it would be great if deleting Signal messages from your phone also deleted them from the other person’s, but you’re right that this is a syncing issue that has to do with not storing the messages on a central server. the Signal threat model assumes that the central server is more likely to be hostile than your friend’s phone, even though that could be too, it’s just basically impossible to do both!

  • disappearing messages only delete after you’ve viewed them! so if you set it to 12 hours, it will delete 12 hours after viewed. or at least, they are supposed to do that! maybe this is a bug, and if so you should report it.

  • you can see everyone’s contact info in a group, so you’re right not to blindly add people. we can experiment with groups together in NYC.

  • that’s great to hear about your husband’s work and how Signal could help. now that you are a Privacy Advocate, you could help them threat model and learn the features. :slight_smile:

Hey everyone, HERE is my write up about using Signal. I really enjoy using the app.

I didn’t include this in my report, but we are hosting a conference tomorrow and one of our presenters will be out of the country. I had her download Signal to contact me during the conference, and she seems to be enjoying it thus far and has made it easier for her to stay in contact just using wifi.

1 Like

@josh glad to hear that you found a not-privacy-related feature for Signal (wifi/data texting/calling)! I have pushed the Signal devs for years to make it more like Whatsapp, because then we can tell people “oh hey just use this texting app that makes it easier to stay in touch internationally, and oh by the way it protects privacy too”.

you bring up important concerns about contact sharing in Signal! the fact is, Signal has opted to use phone numbers as identifiers as a usability feature – meaning basically that if you don’t share your number with contacts, you can’t use it. this means that in group chats, you have to get consent from everyone before starting the chat. I would love to see a feature in Signal that warns you this before adding members to a group. maybe someone wants to write up thatfeature request!!! there is another encrypted texting/calling app called Wire that allows users to create usernames instead of using phone numbers, but they still must be sharing some contact details because TONS of people have added me in that app and I have no idea how they got my username. I didn’t link my phone number or email. :frowning:

lots of people miss the verification step! it’s important, but it’s also one of those things that if it doesn’t fit your threat model and you forget to do it, it’s not that huge of a deal.

Here is my Signal experience.

About Signal’s sustainability, WhatsApp cofounder Brian Acton recently dropped a ton of his cash to start the Signal Foundation a nonprofit dedicated to “open source privacy technology that protects free expression and enables secure global communication.” I hope that gives Signal some stability for a few years.

Related: after Cambridge Analytica, WhatsApp’s other cofounder Jan Koum resigned from Facebook “over the popular messaging service’s strategy and Facebook’s attempts to use its personal data and weaken its encryption, according to people familiar with internal discussions.”

1 Like

great point about the sustainability of these projects @langur. it’s definitely true that without ad revenue it’s hard to know where a project will end up in a year or two. @librarianbryan mentioned the Signal Foundation which will definitely keep them going for some time, but even that kind of support relies on the largesse of some OTHER company that’s definitely making money off data. like how Google is Mozilla’s primary funder. I hope that we will talk some more in the week that we talk at a meta level about the privacy/free software/internet freedom worlds.

Hi guys,
I recently taught our class on video chat. It’s generally older folks whose kids or grandkids use video chat apps, and I explain the most popular ones and help them get on the services that their family members are using. This time I added a couple of instructional slides on Signal, and added a brief discussion on privacy. Here’s my PowerPoint. To make a broad generalization, I find that the baby boomer generation and older is interested in privacy as a right and suspicious of data collection. Everyone in the class still wanted to use what their social circle was using, though, so I only helped people with Facebook messenger, Google hangouts, and, funnily enough, Zoom (by audience request!). One gentleman was particularly interested in the idea of Signal, but didn’t have/use mobile devices.

3 Likes

good stuff Sarah! in the other thread where we were talking about signal/whatsapp/telegram and how to keep up with knowing what is good and what isn’t good anymore, I responded with some thoughts about harm reduction but I didn’t note the network effect (which you do here). so I will just add – if people are already using an app that has strong e2e encryption, and they like it and don’t want the hassle of changing it, then by all means they should continue unless they have a serious threat model! so as librarians our task is to help them understand threat modeling in a non-scary way, and what additional options exist, while also reassuring them that “for many people whatsapp or imessage are both fine”.

1 Like