ContactDiscoveryService
Signal-iOS
Our great sponsors
ContactDiscoveryService | Signal-iOS | |
---|---|---|
70 | 130 | |
270 | 10,442 | |
- | 0.6% | |
0.0 | 10.0 | |
12 months ago | 4 days ago | |
C | Swift | |
GNU Affero General Public License v3.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ContactDiscoveryService
- Is it generally ok to store phone numbers in a firestore database?
-
7 Best Open-Source Alternatives To WhatsApp In 2023
[1] https://signal.org/blog/private-contact-discovery/
-
WhatsApp data leak: 500M user records for sale
Signal uses SGX for remote attestation, which presumably lets the client verify that the code running on the server is a build of the OSS code and not a modified version. But I don't know the details or if this is reliable.
SGX and remote attestation described here:
https://signal.org/blog/private-contact-discovery/
-
WhatsApp data breach sees nearly 500 million user records up for sale
Signal does private contact discovery and the effort they've gone to to do this is quite impressive.
- A brief family story about convincing boomer parents to Signal
- Elon on Signal
- Absolutely Insane "Feature"
-
Types of Execution Environments, Attestation and SGX
TEEs have numerous privacy-enhancing applications that may benefit users. One of them is, as discussed earlier, private contact discovery; the Signal application uses a contact discovery service enhanced using Intel SGX, a TEE technology, to protect its users' privacy. A similar application of TEEs is performing malware analysis in a remote cloud service, so that the service may not identify users by the contents of their devices, such as the applications they have installed, especially important as 98.93% of users may be uniquely identified by the list of applications they have installed.
-
Twilio Incident: What Signal Users Need to Know
Signal (or, more accurately, one of its predecessors) used to use client-side private set intersection for contact discovery, but this scales poorly [1].
Now they use a solution based on Intel SGX and server-side trusted computing [2].
[1] https://signal.org/blog/contact-discovery/
[2] https://signal.org/blog/private-contact-discovery/
- Where are Signal servers located and how is it safer than Swiss-based Threema ?
Signal-iOS
- Signal 7.0 released for iOS – Private Phone s
- Police Can Spy on Your iOS and Android Push Notifications
- Police used Cellebrite to break into my phone, how do I prevent this in the future?
-
Governments spying on Apple, Google users through push notifications -US senator
Fortunately, they did foresee this! The push notification only contains enough information to tell the phone that it should fetch the actual notification content from Signal's servers.
Here's a Signal dev talking about it on the Signal-Android GitHub: https://github.com/signalapp/Signal-Android/issues/12961#iss...
And similarly for Signal-iOS: https://github.com/signalapp/Signal-iOS/issues/962#issuecomm...
-
Privacy is Priceless, but Signal is Expensive
This was a nice, detailed read. I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):
> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.
That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.
Signal is obstinate on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.
Secondly, I found this paragraph in this post to be disingenuous:
> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.
Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).
Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).
Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.
I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal showing me the middle finger.
[1]: https://github.com/signalapp/Signal-iOS/issues/4590#issue-72...
-
Telegram raises $210M through bond sales
I also use both extensively and I agree, Telegram has the best UX of any messaging app. The desktop app is QT I think so it feels very snappy compared to Signal's electron app.
Signal's iOS app is a native Swift/UIKit app and open source however, so I'd encourage you to report any bugs or issues you find: https://github.com/signalapp/Signal-iOS
-
App crashes on open | iOS 16.5 | will stop donation
Yeah I was able to find a few tasks that might be similar to your issue, though I don't know the exact details how the app behaves in your case, as in if you get error message or something like in this issue, or if it just closes on open like in this issue comment. Regardless, the generated crash report from the phone itself is probably good to add in your email to support (which is different from the debug log, just to specify in case you have been sending only that, here's a link for more details).
- I have absolutely had it with Signal (lack of basic backup options)
-
Rewriting the Messenger codebase for a faster, smaller, simpler messaging app
My bet is on "object-oriented obfuscation" and bloat caused by "modern" coding styles. Looking through the Signal source you linked to, I see tons of the former. There is an absolutely insane amount of boilerplate-looking code in here, for example: https://github.com/signalapp/Signal-iOS/tree/main/Signal/src...
I don't know Swift or the iOS UI API, but a lot of that code seems to be manually creating and positioning UI elements and otherwise implementing UI functionality that I'd expect the OS to handle. It's a lot of code that should really be data (arrays, structures).
To offer a huge contrast, a long time ago I wrote an MSNP chat client in pure Win32, and it was around 2kloc. The binary was 24KB. Of course it only supported contacts, presence, and text messaging, but I still can't see features like audio/video or the crypto that Signal has needing 100x more, especially if they use OS functionality for much of them.
- Camera quality during video call
What are some alternatives?
whatsapp-viewer - Small tool to display chats from the Android msgstore.db database (crypt12)
mollyim-android - Enhanced and security-focused fork of Signal.
TextSecure - A private messenger for Android.
simplex-chat - SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
LibreSignal - LibreSignal • The truly private and Google-Free messenger for Android.
TelegramAndroid - Fork client of Telegram app for Android.
wire-ios - 📱 Wire for iOS (iPhone and iPad)
Unigram - Telegram for Windows
element-ios - A glossy Matrix collaboration client for iOS
Signal-Desktop - A private messenger for Windows, macOS, and Linux.