Comment by romantomjak

Comment by romantomjak 14 hours ago

19 replies

View on Hacker News

Signal keeps cranking out brilliant crypto papers, but from a product perspective, it feels like they're throwing stuff at the wall to see what sticks. We've got post-quantum handshakes, stories and money transfer experiments, but still no SDK, no APIs, no bots. The official libsignal library is undocumented and incomplete. Large parts of functionality are still buried on clients. Don't get me started on "but they have published all protocol specs on their website, go on and roll your own library"! That's not how you run a product. It's borderline negligent for a platform used by millions.

Every other major messaging app exposes something to developers, but Signal is allergic to the idea. Makes me wonder if they even have a head of product because whatever they're doing now is a far cry from a coherent product strategy. Signal is basically a pile of hot cryptography duct-taped to a messenger that's more hostile than any product in Apple's walled garden. And that's from a day one user who's been advocating for them the whole way.

</rant> thanks to everyone involved in building the product <3

TheDong 10 hours ago

> Every other major messaging app exposes something to developers

Not iMessage, which is the largest messaging app in the US. Uniquely, it doesn't even have an android app, so android users have to pay $800 to buy a single-use device with an effectively worthless OS bundled on it just to be able to join group chats.

iMessage doesn't even have good crypto, the default settings include unencrypted iCloud backups of your iMessage data lol.

I'll take Signal, which works on my desktop linux machine and android phone, over iMessage any day of the week, but the US as a whole seems to have chosen differently

Reply View 1 reply
  • romantomjak 5 hours ago

    As far as I know, there isn’t an official API for cross-platform communication. However, the Messages framework allows developers to create sticker packs and interactive messages for iMessage. People in the group can interact with messages created by other apps, such as polls, location updates, and game integrations to name a few

    Reply View 0 replies
ezst 11 hours ago

Signal don't want you to build 3rd party clients and integrations, they are another fully centralised product meant to capture and lock users into what signal believes is better for them. That's the whole "we love opensource but we won't merge your PRs and might lock your account out of the network for using forked clients that got rid of features like crypto that you might not like". I'm still sour for all the bad faith placating "the ecosystem is moving" post by Moxie and the lame excuse for not supporting federation. And no, I'm not finding it hard to onboard family and friends onto secure XMPP clients and accounts.

Reply View 4 replies
  • frollogaston 11 hours ago

    XMPP was a well intended idea but a bad protocol. Sure federation is good, but they needed a proper standard instead of making everything an optional extension that C2S and S2S never agree on. Like getting the right auth and encryption is even messier than on email.

    Also, XML was the wrong choice. Pissed me off as a dev, back when I was doing stuff with ejabberd.

    Reply View 1 reply
    • ezst 43 minutes ago

      That's the kind of "compelling in theory, irrelevant in practice" comment I would make if I had no/obsolete experience with XMPP. It just works, with a healthy and thriving ecosystem of compatible client/server implementations developed independently by many organisations (small and large) around the world. At the user-level, it's just plug and play. As a developer, you don't even have to see any XML (you can deserialize your stanzas into whatever higher-level/prettier construct the programming language/stack your product depends on)

      Reply View 0 replies
  • EasyMark 10 hours ago

    I'm glad you aren't finding it hard. I can't even get people to move from Whatsapp and Messenger over to Signal. Only computer geeks seem to care or bother, so that's who is on my Signal list.

    Reply View 1 reply
    • ezst 35 minutes ago

      That's why I skip the Signal intermediate stage plain and simple: once Signal inevitably enshittifies (a property of centralised services), the people you painfully brought there will no longer kindly listen to you when, lesson learned, you will try to pull them into federated services.

      For anyone else (i.e. the majority, which already has 2-5-10 messaging services on their device depending on how you count), quicksy.im does a decent job at emulating the onboarding experience of phone-based social graphs (WhatsApp & al.) and substantially lowers the barrier to being reachable over XMPP.

      Reply View 0 replies
frollogaston 13 hours ago

Is this an important feature? I know WhatsApp and iMessage have some kind of API for businesses, but as a regular user, I've never interacted with a legit business using it. Only been harassed by bots a few times.

My one serious problem with Signal is that it silently goes out of date then stops sending notifications, so I miss messages entirely. Kind of its one job.

Reply View 1 reply
  • godelski 12 hours ago

    Maybe maybe not. I think it is a useful feature for power users. The question is if targeting power users will help mass appeal. I'd argue with an app like Signal, yes it would. The power users are effectively their evangelists. APIs could enable a lot of features that people are asking for like location sharing, bots (e.g. on your IOT devices), and so on. The concern is more that introducing those things creates security risks but I think that's okay. Put a "developer mode" type switch like in Android.

    But there are also other things I'd like to see.

    For mass appeal I'd like to see them integrating Signal Stickers[0] into the app so people can search stickers. This has been a surprisingly common complaint among people I've converted over.

    For both groups I'd love to see something like this feature request[1] I like that it could serve as the backbone of a mesh network and AirDrop is a incredibly popular. Would be super cool if you could hold a copy of the APK on your phone and drop it over to others to install that way. I imagine even a rudimentary mesh network could really reduce server loads. My GF and I often sync pictures to each other this way. No reason that needs to go over the network when we're sitting 5 feet from one another.

    For power users I'd love to see a nuking capability. Bidirectional. I want to know that if I am at a protest or something and get picked up by the Gestapo that either I or a trusted friend can wipe my phone. It's not a cure all, but it greatly reduces the chances of "incriminating" evidence being found on my device. But such a feature seems quite unpopular on their forums (I am very much not a fan of their forums and the community there...)

    [0] https://signalstickers.org/

    [1] https://community.signalusers.org/t/signal-airdrop

    Reply View 0 replies
vayup 11 hours ago

Counter argument: When the sole reason for existence for Signal is private/secure messaging, it makes sense to resist opening up to third party development.

That's a big can of worms that invariably will impact their ability to deliver on their main mission - private IM. Eg of problems: Who gets dev access, how do you vet plugins/aps from deceiving users, would users understand the risks, when an app gets compromised how to fight malicious campaign to discourage using Signal etc. etc.

Reply View 0 replies
acobster 13 hours ago

I feel you. The "stories" feature especially felt like "throwing stuff at the wall to see what sticks." Given that they're a nonprofit founded by an anarchist, I assume their goals are just different from the typical product-focused company? Which I'm fine with, the app does what it's supposed to do. It would be lovely to have an SDK though.

Reply View 0 replies
maxclark 13 hours ago

No API and Bots is a feature for me

Reply View 1 reply
  • NewJazz 13 hours ago

    Yeah if I wanted that stuff I'd go to XMPP or matrix.

    Reply View 0 replies
heavyset_go 12 hours ago

I'm absolutely okay with having none of that. I hope they focus on making a secure and usable messenger above all else.

Reply View 0 replies
attila-lendvai 13 hours ago

let alone this that drives me nuts: they are playing the ringing sound for the caller without the callee's phone actually ringing.

and it's a deliberate choice that they are defending for seceral years now, ever since they removed the submarine sound.

Reply View 1 reply
  • climb_stealth 9 hours ago

    I did not know this but now that you mentioned it, it will forever bug me. I did notice that it plays very early when you make a call.

    Reply View 0 replies
esseph 12 hours ago

The last thing I want in this product at this point is (more) bots.

That's a fast on-ramp to an extremely shitty experience moving forward.

Reply View 0 replies