Privacy is Priceless, but Signal is Expensive
signal.org
We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.
You are viewing a single comment
I love Signal but this is one of many problems with centralized servers. Not only can they be disabled by the gov but they cost, as seen here, tens of millions of dollars to keep running at scale.
What is the advantage? Why are we not using P2P systems? If I can download a 30GB video problem-free over and over again, shouldn't it be simple enough to do with a 1mb text file?
A huge part of their costs is just verifying phone numbers, which is something the service does not need and shouldn't even have.
God you must be like my wife and write fucking novels as text messages.
Lol I think they probably mean like an entire chat history (or page of one), but yeah that's pretty big.
I was just rounding up
If you are curious, you should give XMPP a shot, it's equivalent to Signal in terms of encryption, but anyone can host their own. Signal is ideologically opposed to anyone but themselves being in control of your account, and because of that I don't want to trust them.
That's great except barely anyone I know uses Signal, much less XMPP
And now here I am, nostalgic for the good old days of having one chat app that could connect you to everyone over XMPP/jabber.
Yeah you could even communicate between facebook and google easily. The world didn't have to be full of walled gardens.
Pidgin exists
Please, don't recommend pidgin, it's a security hellhole, and a pretty terrible XMPP client at that. If you want something with a similar vibe, check-out https://dino.im/ or https://gajim.org/ if you are more on the "power-user" side of things :)
Indeed. Xmpp is lost as a general purpose chat app for everyone. I have many issues with matrix but it's the best chance we have, particularly with bridges.
XMPP is the IETF Internet Standard while Matrix is just another custom IM protocol managed by a venture capital funded startup which keeps losing money.
I don't disagree with that statement; however, that doesn't make it something the general public will embrace. Its mess of extensions are top little too late. That ship has long sailed. And I say this as someone that prefers using XMPP for 1:1 chats
Edit: Sorry, I responded to the wrong parent.
I don't believe Matrix is better positioned than XMPP to succeed. On a technical aspect, Matrix hasn't managed to stabilize its protocol, and they've been a decade into it. This has resulted in only a single organization being in charge of the protocol, the client and the server implementations. This isn't sound, this isn't sustainable. And now, unsurprisingly, this organization is in a financial crisis, has lost important customers, has no budget secured to maintain its staff in the next years, and recently underwent a major licensing change that we can only interpret as a shift towards an opencore model at the detriment of the regular user.
The license change is to a GPL variant from the Apache license. How does that affect the regular user? Wouldn't it be better?
I can't pretend to know the future, but if you read between the lines and the justifications provided, this isn't really about AGPL per se, but about Element brokering AGPL exceptions. Practically we can expect all kinds of forks with opencore options that might enshittify the user experience in different ways, and further solidification of Element's single-handed control over Matrix (which had been a prime concern for many years). Matrix is by the day closer to the closed-source centralized silos it was first pretending to oppose.
I hear what youre saying, I don't like the license exceptions. I just hope it doesnt go that route.
And don't forget the CLA!
Neither XMPP nor Matrix will ever become “the next WhatsApp”: the current internet has seen too much consolidation for the tech majors to permit it (and open and federated protocols can’t compete, do not have the marketing budget nor the platforms to promote their software, but I salute the EU’s Market Act attempt to shake-up the status quo).
But that doesn’t really matter IMO. What (I believe) is important in the grand scheme of things is that such protocols remain alive, maintained and secure, so that:
small-scale instances can flourish and contribute to a more resilient/efficient internet (think of family-/district-level providers ; this is the kind of service I personally offer: family members and friends at large appreciate that the messages and data that we exchange aren’t shared over some cloud or facebook server for no good reason)
IM identities can persist over time: if you are a business or an individual, you may want to look into having a stable/lasting contact address, that will survive the inevitable collapse of facebook/whatsapp/instagram/… If you are old enough, your current email address probably existed before facebook. Why not your IM address?
And yes, I hear you, this is rather niche, but what got me there (and on XMPP in particular) is having been long-enough on the internet to become tired of the never-ending cycle of migrations from service to service. More and more people will have a similar experience as time goes, so this niche will only grow :)
While that may or may not be true, it's really not important for several reasons.
All current XMPP clients I have seen are janky as fuck.
No one is going to spend the billions of dollars necessary to advertise XMPP clients to end users who aren't actively looking for them.
The vast majority obviously doesn't care about their privacy.
Just seems like a fruitless endeavour.
WhatsApp started is an XMPP client, but they use lots of proprietary extensions (doesn't matter since they don't federate). You can build very robust and scalable messengers with it if you want to.
The open source implementations are developed by like 1-2 guys in their spare time and they're not far behind (and sometimes even ahead) other federated messengers which received tens of millions in venture capital funding.
What about feature-rich and with a nice UI?
Nothing in the XMPP RFCs says you can't do that. Go ahead.
And yet no one does or has in a dozen years...
Which xmpp clients have you used? Conversations and its forks seem far from janky. Movim is nice, Dino is looking good, Kaidan is looking pretty good. Prose could be interesting.
If you need to convince your friends to use some app it might as well be XMPP compatible instead of another walled garden. If you can get your friends on board, you win, even if nobody else uses it.
Ten years ago sure, the days I'd suggest matrix instead.
I assessed XMPP vs Matrix about 8 years ago, and strikingly, the basis on which it didn't make the cut still applies today. Here's what I responded to a sibling post: https://programming.dev/comment/5408356
In short, Matrix dug themselves into a complexity pit with an inadequate protocol, survived for a while on venture capital money (upscaling servers and marketing at all cost), all of it dried up, and now they are in financial trouble. Matrix won't disappear overnight, but is definitely losing the means to run the managed instances and the client/server ecosystem.
Is Matrix's problem just the large scale? I thought it worked relatively well if you're just using it for personal needs like smaller servers and personal bridges.
It works great for me for personal use yes.
Matrix problems become unmanageable at scale, but the effects of the underlying complexity can be felt long before: https://telegra.ph/why-not-matrix-08-07
Isn't that why they built matrix 2? Or am I thinking of element 2?
Edit: it's matrix
https://matrix.org/blog/2023/09/matrix-2-0/
If you read between the lines, Matrix 2 is practically about handing the client state over to the server (what they refer to as "sliding sync"). Realistically, this is an admission that the protocol is too complex to be handled efficiently on the user's devices. I'm not saying there are not clear benefits (and new trade-offs) to the approach, just that in the grand scheme of things the complexity is shifted elsewhere (and admins foot a larger bill).
And Element X as client.
They are kinda shooting themselves in the foot with all their big rewrites though. Like Vector, Riot, Element, Element X (and I think before vector/riot there was another official client). And Synapse/dendrite... It feels like they spread their development over too many fronts.
They're supporting development of MLS for managing encryption for groups
Yup, like pretty much everyone else :) https://nlnet.nl/project/XMPP-MLS/
It's difficult to maintain privacy in a P2P environment. In naive implementations, your IP address will be visible to all the peers you connect to. This is the case in e.g. BitTorrent.
Signal has this issue with video/voice calls as well; by default they operate on a P2P basis for performance reasons, and they expose your IP address to the second party. Signal has an option in the settings to relay voice/video calls through their servers specifically to mitigate this.
There are some workarounds for anonymizing P2P, like routing through Tor or I2P. Tor, however, has known exploits and is probably not suitable if you need to hide your activity from advanced adversaries like world governments (e.g. political dissidents, journalists, etc.)
I2P sounds interesting but I'm not deeply familiar with it. I understand that I2P clients also act as relay nodes, which puts an additional bandwidth burden on users. I'm not sure if I2P is more resilient against government-level attacks than Tor. I'd be interested to hear from anyone who is more familiar with the protocol.
I am not concerned with the people I'm actively chatting with having my IP address.
If you're using it for personal correspondence with people you know and trust, that's probably fine. However, a secure and private communications platform should support more extreme use cases as well.
If you're a journalist, for example, you might need to communicate with people you do not know or trust. You could realistically be talking to someone who wants to kill you, or who is being monitored by people who want to kill you, particularly if you are covering high-profile political issues or working with whistleblowers (or are yourself a whistleblower). Even revealing information as broad as what city you're in (which would be revealed by your IP address) could be a risk to your physical safety.
Even though I do not personally face such high-level threats in my life, I feel better using services that allow for the possibility. Privacy is a habit, and who knows what tomorrow might bring?
A MitM sniffer would be able to see the source and destination IP addresses, not just the person you're chatting with. Even if the data is encrypted, P2P is still vulnerable to a layer 3 attack.
Will the same apply if you're in a lot of open group chats though?
Depends on who is in the group chats. Primarily I am concerned with keeping them out of the hands of corporations, eg: Google, Meta, MS, AWS, etc. to be added to giant databases and used to profile me or unjustly subpoenaed by the gov.
I‘m not an expert on this topic, so someone correct me if I’m wrong. Signal is only storing stuff temporarily to pass it on, so I’m assuming you’d have the exact same costs even if it weren’t centralized. Maybe even more as it’s probably cheaper to have it managed in one place. I’m assuming all this would do is distribute the cost, but otherwise be the same?
Exactly. I can locally process the 1-3 messages/day I send on my device rather than having billions of messages processed on a single server.
I can even host my own Matrix or XMPP encrypted server on a $100 machine consuming ~7W and host several hundred users easily.
XMPP maybe. Matrix is a bloated protocol which costs a lot more to host.
You're not wrong. Federation would have higher costs but distributed over more people. Even with pure P2P a-la BitTorrent things might not be significantly cheaper because you'd likely still need to host authentication centrally or federally. You'd only eliminate the message bandwidth costs.
The thing is, we already have a way to distribute the costs - people subscribe to support Signal. Some pay more, others less. Whether I run a node that serves 100 people or subscribe for $10/month, it's somewhat equivalent. So the practical takeaway should be - if you want for Signal to keep signalling - subscribe if you can afford it.
The difference is that there's enough unused capacity on your personal device to handle all the traffic any typical user needs to handle in a day many times over, for simple messaging. Likely, that load is so little it won't even affect your battery life.
Wouldn’t you still need a server in between to temporarily store the messages if the other person isn’t available?
No, P2P = Peer to peer, meaning no servers are required in between.
Wouldn’t that mean both have to have a connection at the same time? What if one is offline?
Yes.
How do you think you're going to receive messages offline?
How much time does your phone spend offline?
One device can send a receipt when received. If the other device doesn't receive that receipt it can just keep pinging periodically until it receives it.
You can also just hook up any old phone or computer, install the app, and let it run as the server.
For more info on how this currently works you can check out Keet.io
If you have a static IP address, if you want to bother with securing and maintaining it, if you're willing to deal with downtime when something inevitably breaks, if you're willing to deal with lost data or also maintaining a backup solution, if... a dozen other things that most people don't want to deal with.
You don't need to do any of those things. It's functionally no different from your Signal Android and desktop apps. There's no configuration necessary.
Keet is closed-source app with built-in crypto, I am not touching it with a 10ft pole. Holepunch does sound like interesting technology at first glance. It doesn't solve any of the issues mentioned above besides connectivity however.
I wasn't suggesting you should use it, it's a demonstration of the application of the technology.
Sure, but you also just... don't have to do that. None of that is necessary fore core functionality of a messaging service, IF you stipulate that both devices must be online at the same time to ping each other.
The only thing you need is some very basic addressing service so they can find each other, and there are entirely P2P solutions for this that already exist and work without issue. See: bittorrent.
The ONLY drawback of having no server, fundamentally, is that the two devices need synchronicity. If they both aren't online at once, messages won't get delivered. Which is not a big deal for a modern smartphone given that most of them are online close to all of the time.
I'm not really going to get into the technical aspect since I feel neither of us know enough to tell how feasible it is (although I think you're wrong since you do need trackers in order to find at least one other member of the swarm), but this part
I just a horrible take. You can't base your business model on "modern phones being online close to all of the time". You can't have random data loss whenever someone goes out of service area, has to turn on airplane mode, runs out of battery, has a software error or just an update or some other kind of temporary downtime? That's not how you design any software, less alone a dependable messaging service. You can't just "stipulate that".
Nothing gets lost. Not having every packet get delivered is already entirely normal on any internet application, and already solved.
Solving that "problem" is as simple as sending an acknowledgement back when a message is received, and retrying when acknowledgement isn't received. Routing P2P is more (but not very) complicated than that is.
What business model? Why does a messaging app need to be a business? And again, how is someone who doesn't have service supposed to be receiving/sending messages? Makes no damn sense.
Basically all bittorrent programs include allowing a peer to act as a tracker directly.