Arnt Gulbrandsen
About meAbout this blog
2017-04-04

Open source leads to raised expectations.

That's about all I wanted to say.

When you install Signal, it computes a one-way hash of each phone number in your contact list and sends that to the Signal servers. The reason for this is that if any two people use Signal to communicate with each other, then Signal wants to guarantee that they use the Signal protocol rather than cleartext.

There are other ways to do this, including ones that tell the Signal server less, but they have other problems. The ideal solution would reveal nothing to the Signal server or anyone else, use no battery power, no bandwidth, find all contacts with whom the user can communicate using Signal, and not need action on part of the user. That's obviously impossible, so a compromise must be implemented.

It's easy to find solutions that satisfy some of these, but completely fail on one aspect. For example, if you can expect the user to already know who else uses Signal, the rest is easy. There's an interesting solution if you can spend unlimited CPU/battery and a little network traffic on the problem, too. But if you cannot do any of that, then in my opinion what Signal does is very close to the best currently achievable compromise. I've looked at the source code and I'm not sure it's the best possible tradeoff, but I can't think a different way that's clearly better or much better.

However, Signal being open source, it gets real criticism. Here's Jamie Zawinski and in a followup, Felix von Leitner, both of whom have massive readership by techblog standards. For those who cannot read German, a leo.org discussion provides some translations. So Signal shows utter contempt for its users? Please. This isn't funny.