Signal is being used by at least 10 well-paid medical professionals (group chat) that I know of, and one of them proclaimed today that Signal is owned by Elon Musk (probably because he tweeted about it). I did not care to educate them. And this is in a first world country with a rather wealthy population.
Why am I saying this? Users don't give a damn, they expect free things, and they expect things which work. They have been taught to use appstores on their phones where tapping on a button installs an app and everything just works with zero effort on their end, while completely ignoring the work that someone put into creating the very app they depend on. Majority will never, ever, even think about it, let alone click on the developers website to find out who created the miracle they use.
This practice needs to end. I believe that it is time to stop making free products. Developers should unite in this and finally start to value their hard work.
Your belief about Skype being owned by Bill Gates is kinda factually true. Not necessarily Bill Gates himself, but Microsoft acquired Skype back in 2011.
> Signal uses encryption protocols sponsored by Broadcasting Board of Governors, a sister federal agency to the State Department. In plain words, data easily accessible by CIA, NASA and FBI.
I wonder what NASA will do with my Signal messages, maybe use them for a giggle in between transmissions from Mars.
> I wonder what NASA will do with my Signal messages
They batch them up and send them to deep space through SETI. The aliens are the real ones behind surveillance operations which they use to create a reality TV show. And with this NASA prevents the world from being destroyed from said aliens.
Very good point. People will happily pay 50 pounds a month for an IPhone and thinking nothing of it. But then really struggle to pay a penny for an app that runs in that iPhone. There’s some funny psychology going on.
Paying for software vs phones is not really an apples to apples comparison.
A better comparison would be how people gladly pay ten bucks a month for spotify/netflix but would probably never pay that for messaging and IMHO that's where the industry should be going.
People in the past also thought music and movies should be free and pirated the shit out of them, but by making it simple and accessible, for ten bucks a month, most people with a job just won't bother with piracy anymore, even though they gladly pay for something they'll never actually own.
So, the billion dollar question is, how do we transfer that model to messaging?
I keep dreaming about a Pied Piper like decentralized internet.
What i don't like is that "everything" is 10$ a month. I would like to subscribe to some payment aggregator where they charge me X dollars a month in one transaction, then pays it out to developers/service providers. This way things could go down in price too, since the fees would be lower because of less transactions. This way cheaper services like messaging could be 1$ a month without being eaten up by fees.
Netflix and spotify give me quick access to lot of content and I value it. I don’t care what software gives me this content.
With messaging it’s different. Transferring messages is relatively simple topic to do as a software. But the cost of running and maintaining it is hard and that’s what users don’t care.
There is very little to no awareness of what it takes to create software. We, the developers who have released our work for free, have allowed this to happen. It feels like mobbing, heck, we keep reading about other devs mobbing others by opening GitHub issues and demanding new features or bugfixes for software they did not pay for. I really hope that we can do something about raising awareness.
I can’t remember if it was always that way. When the App Store opened I guess there was a standard price of 59p for an app. Before that, 59p would have been seen as a ridiculous price to pay for a copy of software. Imagine buying windows 95 on a CD for 59p. By setting the bar so low for app prices at the start, it’s possibly just become the way it is now.
This got worse with the introduction of GitHub. Obnoxious users were always a problem, but before centralized OSS warehouses at least they had to go to the project's web site and mailing list.
Where they'd be told to get lost if they misbehaved.
With GitHub, the branding of products is lost and most credit goes to GitHub. If a user isn't satisfied, he does the proverbial left-swipe and goes to the next project in a second.
If you tell a user to get lost, you violate the tenets of the new corporate sponsored cultural revolution: Newcomers are always right.
The last 10 years have been a coordinated attack on OSS to make developers obedient and silent cogs. It works, because at present they are showered with money in return.
One big hangup users have is a difference in expectations. They know what they're getting with the money they pay towards their iPhone. Heck - most users will gladly pay exorbitant prices for a cup of coffee as long as it meets their expectations. The same cannot be said for a given app they pull off the App Store. The quality experience can vary greatly from app to app. Even then, an app that fits your lifestyle may not fit mine, so a recommendation isn't necessarily a guarantee of value.
For me I think it is a question of ownership. It is easier to pay for something you actually own. Software already is intangible, but add in modern licensing, app stores, etc and you really do not have any ownership over your software. Even in the case of open source software like signal, Apple could chose to boot them off the app store tomorrow and I would lose my "investment".
There was a time in the 90s/00s where you bought software in a big box, and it came with all sorts of manuals and such. The tangible assets (manual, floppy, box, whatever) along with the licensing agreement made that software much more valuable than the software we use today.
I remember when some of them came with hardware dongles. Adobe After Effects had a dongle that you had to attach to your keyboard cable in order for the app to launch. The mental value I attributed to that dongle was immense. I think I still have it around here somewhere...
I'd venture to guess that speed/simplicity of installing an app is also something users subconsciously factor in. The faster/smoother the installation, the less appreciation they have for the app. I remember installing Windows 95 from floppy disks.. boy oh boy, I appreciated every file that was successfully installed and admired it every time it booted into desktop.
"Free" isn't a model you should pick if you're going to care you aren't guaranteed to get compensated it's a model you should pick when you want to give a cool idea a chance to take off for the good of everyone without risk of being turned into something else if it is successful.
Problem is that the largest of the free products aren't free. They are surveillanceware. "Free" is used as a gimmick to get them onto as many phones as possible to surveil people. Those players have zero incentive to change that, and will be more than happy to use "free" to edge out any paid competition. This is how paid apps became almost non-existent outside of professional niches.
What happens when a whistleblower or dissident wants to use Signal? Should they be forced to cough up a payment with a traceable credit card or app store account in order to use it?
For that reason alone I think it's important for the service to be free. Though I would perhaps support some reasonable free usage limits if needed to prevent abuse.
How sympathetic are the Signal developers to the concerns of dissidents, really? Signal has had a policy of many years to require a phone number – buying a SIM card now requires providing government ID in so many countries – and only now have they promised progress on this front someday. They also recommend that users install through the Play Store, and they only grudgingly provide a standalone APK. Anyone with the Play Store installed presumably has the full Google software suite that leaks location data, what one enters into the keyboard, etc. that the state can exploit. (And also Signal is based in the US where they are vulnerable to NSLs.)
This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.
> How sympathetic are the Signal developers to the concerns of dissidents, really?
There’s a known problem where the majority of Chinese Android users use a third-party IME to enter text. This is vulnerable to eavesdropping and easy for Signal to detect and warn the user about. Chinese people have been asking them to do this for over a year, telling them that they know of people who have been detained by the government after using Signal, thinking it was secure. Signal have constantly ignored and dodged this. Just lately, their attitude seems to be that somebody needs to prove it is being actively exploited before they will look into it.
Until I saw their behaviour on this, I was recommending Signal to people. Now I can’t help but feel it’s security cosplay. They pride themselves on strong encryption, but won’t lift a finger when people unwittingly use Signal in an insecure context and are being extraordinarily evasive about it.
I mean, technically it is not their responsibility to make sure everything surrounding the app is also secure. Someone could also be watching users over their backs, their device could be rootkitted. Where do you draw the line? I think it would be better to put resources into developing an open-source, non-compromised IME but that is out of scope.
Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).
I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.
NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.
Let's acknowledge and appreciate progress where it is being made.
It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...
Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.
You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.
Exactly, they have made arguments for the usefulness of the phone number as an identifier. But to the best of my knowledge, they have never specifically acknowledged in a blog post the state’s linkage of phone numbers to individual identities in many countries today, and the risks that this poses to dissidents.
Moxie is one of the best security researchers in the business, he was definitely aware of this before anyone ever brought it up on GitHub. Was it really so hard for the Signal devs to acknowledge this downside on the blog?
This is all probably correct, and should change in the long term. In the short term, I hope you've donated to Signal, and it would also help if you'd dispel the misinformation when you hear it.
The world would be better if the world were better, but until it is, would you mind helping out a bit?
Is Signal having a problem of not enough money? I'd heard rumors they'd burned through the $100mm USD donation already but didn't want to believe them.
Is there any indication that applying capital to the problems we're seeing will fix them?
I want to help, but only in a way that will be effective in improving the situation. If they already have enough money, giving them more will not. If they don't have enough money following a $100mm USD donation, it's possible that giving them more will not.
Havent heard about them using the entire $100mn unless you have a source. I cant imagine the current situation is making their spend rate go up however.
The problem is, this is not a sustainable model (Wikipedia is a whole other universe and can not be compared) and it bugs me so much to see developers pour their souls into projects which end up dying.
I think it is acceptable, in this day and age, for people to expect instant messaging apps that are gratis and "just work". Technology and society should be at a state where - assuming you have network connectivity at all - that should be the case.
At the same time, I agree that there is practically criminal negligence of the education of people about what makes those techno-social institutions which "just work", work:
* Commercial interests and the role and nature of large corporations in tech and elsewhere;
* The massive amount of hard work, expertise, and good will invested by people in public-benefit work (which could be writing FOSS or volunteering in retiree caregiving etc.)
* What the machinery of government - and its myriad branches and institutions - does, beyond the political horse race shown on the evening news;
and through that, the realization that free lunches get made by someone, and its very important who and how they get made.
> Majority will never, ever, even think about it
It is a challenge for us to educate people around us about this fact.
> I believe that it is time to stop making free products.
Software is free by its very nature. It is only state coercion via threats of incarceration and violence that we are deterred from copying software.
I'm always surprised anew how unworldly people here can be.
Are you even aware that most people are not your "well-paid" medical professionals? Where is this offensive ignorance coming from? How do you even dare to say something like that? We're talking about a non-profit who brings a good and secure messenger even to 3rd world countries. How about you shut your mouth about everybody on the planet and use it to convince your "well-paid professionals" to pay instead? The general population does already pay for too much. They don't need a arrogant Schweizer Goldjunge to drag even more money out of them.
Oh and, you're not getting enough recognition and praise from your customers? Maybe you should make something which would really justify it? I'd recommend a FREE APP which helps poor people! Jesus, you run a page which rips off content other people provided you for FREE...unbelievable...
You’re wrong on so many levels (I was born and raised in a 3rd world country and survived 4 years of war under siege). I am not a Schweizer Goldjunge, and even if I was, suggesting that developers should value their work more definitely does not warrant your tone.
It’s an interesting dichotomy: many say they want to make the world a better place but also (1) have a personal philosophy of “the regular user is always wrong”, and (2) will do their damndest to argue how developers and IT corporations are always right and virtuous (FB just wanted to connect people; people didn’t vote with their wallets so now they spy on people just to make ends meet).
I don't think the practice of people easily downloading/installing apps through app stores is going to end. In my network I'm not alone in paying for free apps to support development if they're value-added.
Governments probably shouldn't simply ban all free products, but it certainly might be reasonable to ban some economic activities that enable some business models for sustaining free products.
Of course not, but it wouldn't hurt if we all got better at valuing our work more. Heck, majority of developers I worked with are decent, loving people, who could simply never dare to ask to be compensated for the work they do...
Why am I saying this? Users don't give a damn, they expect free things, and they expect things which work. They have been taught to use appstores on their phones where tapping on a button installs an app and everything just works with zero effort on their end, while completely ignoring the work that someone put into creating the very app they depend on. Majority will never, ever, even think about it, let alone click on the developers website to find out who created the miracle they use.
This practice needs to end. I believe that it is time to stop making free products. Developers should unite in this and finally start to value their hard work.