my-talks
Signal-iOS
Our great sponsors
my-talks | Signal-iOS | |
---|---|---|
5 | 130 | |
306 | 10,451 | |
- | 0.6% | |
1.8 | 10.0 | |
over 3 years ago | 4 days ago | |
Swift | ||
- | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
my-talks
-
Foojay Podcast #7: Security in Java, what do we need to know and how to keep our applications secure?
Join a unique discussion on Java security featuring @BrianVerm, @spoole167, @vixentael, @costlow and learn about the fascinating world of secure coding and detecting vulnerabilities in your Java applications!
-
Encoding vs encryption for 📱iOS app devs
Anyone can install your app from AppStore, decrypt and decode it — and read the data you stored there in a plist. Watch @Anastasiia Voitova (@Cossack Labs) and @Vincent Pradeilles disclosing how to secure your users’ data.
-
Backstage: cryptographic R&D internship at Cossack Labs
Hey! I'm Anastasiia from Cossack Labs. We are a data protection company and our work is closely related to applied cryptography, both traditional and cutting-edge. Recently, we’ve launched an invite-only cryptographic internship, aimed at computer science students who want to work in the applied crypto space.
-
E2EE and privacy in mobile messengers, by @vixentael
Get 2 minutes pro explanation by Anastasiia Voitova aka @vixentael, Head of customer solutions at Cossack Labs.
-
Where do you get started learning about encryption if one were trying to make an encrypted messaging app?
Anastasia Voitova, from the Ukrainian computer security consultancy Cossack Labs, has some relevant talks about secure software development, including one from iOSCon London in 2019
Signal-iOS
- Signal 7.0 released for iOS – Private Phone s
- Police Can Spy on Your iOS and Android Push Notifications
- Police used Cellebrite to break into my phone, how do I prevent this in the future?
-
Governments spying on Apple, Google users through push notifications -US senator
Fortunately, they did foresee this! The push notification only contains enough information to tell the phone that it should fetch the actual notification content from Signal's servers.
Here's a Signal dev talking about it on the Signal-Android GitHub: https://github.com/signalapp/Signal-Android/issues/12961#iss...
And similarly for Signal-iOS: https://github.com/signalapp/Signal-iOS/issues/962#issuecomm...
-
Privacy is Priceless, but Signal is Expensive
This was a nice, detailed read. I was happy to note this about employee compensation since paying them well is a good thing apart from their personal motivation to work on this (even at a comparatively lower pay than in other companies/projects):
> When benefits, HR services, taxes, recruiting, and salaries are included, this translates to around $19 million dollars per year.
> We are proud to pay people well. Our goal is to compensate our staff at as close to industry wages as possible within the boundaries of a nonprofit organization.
That said, I really dislike Signal for a few reasons. The first is what many people have already talked about very often — forcing to use a phone number to register. Since the SMS or call costs are quite high, Signal could adopt the iMessage approach to verification, which is having the user send an SMS to the service (this will cost the user some money depending on which country the SMS is sent to). This could be decided based on the country code so that the current SMS OTP model can coexist.
Signal is obstinate on a few aspects on user experience, more so on iOS/iPadOS. Firstly, it refuses to provide a data backup mechanism for iOS/iPadOS. If someone loses their devices, there is no way to restore older messages. Even setting up a new device requires the old device to be in physical proximity to transfer the data. Signal does integrate with CallKit (to act like a phone app) and with Apple’s notification services, but refuses to allow the user to backup the data with a password to encrypt it.
Secondly, I found this paragraph in this post to be disingenuous:
> Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.
Signal on iOS/iPadOS wants the user to enable notifications and to share contacts. If notifications are disallowed and if contacts upload is disallowed, it will pester every few days about it. One might think this is a silly mistake that Signal isn’t aware of. But it was reported some years ago and Signal responded that it will not fix it because it believes this is the only way. [1] Not even an option where this is a toggle for those who want no notifications or don’t want to share contacts (Signal does have a toggle for contact joining notifications).
Signal is also not that reliable in delivering messages in a timely manner compared to other apps (the GitHub repo has many repetitive issues on this topic over all these years).
Finally, since Signal has poorer UX in general, which isn’t an easy or cheap thing to handle, I use it only with less than a handful of people who I know and who use it.
I’d donate occasionally so that Signal can continue to exist, but I don’t feel like supporting it every month with all these issues, some of which look like Signal showing me the middle finger.
[1]: https://github.com/signalapp/Signal-iOS/issues/4590#issue-72...
-
Telegram raises $210M through bond sales
I also use both extensively and I agree, Telegram has the best UX of any messaging app. The desktop app is QT I think so it feels very snappy compared to Signal's electron app.
Signal's iOS app is a native Swift/UIKit app and open source however, so I'd encourage you to report any bugs or issues you find: https://github.com/signalapp/Signal-iOS
-
App crashes on open | iOS 16.5 | will stop donation
Yeah I was able to find a few tasks that might be similar to your issue, though I don't know the exact details how the app behaves in your case, as in if you get error message or something like in this issue, or if it just closes on open like in this issue comment. Regardless, the generated crash report from the phone itself is probably good to add in your email to support (which is different from the debug log, just to specify in case you have been sending only that, here's a link for more details).
- I have absolutely had it with Signal (lack of basic backup options)
-
Rewriting the Messenger codebase for a faster, smaller, simpler messaging app
My bet is on "object-oriented obfuscation" and bloat caused by "modern" coding styles. Looking through the Signal source you linked to, I see tons of the former. There is an absolutely insane amount of boilerplate-looking code in here, for example: https://github.com/signalapp/Signal-iOS/tree/main/Signal/src...
I don't know Swift or the iOS UI API, but a lot of that code seems to be manually creating and positioning UI elements and otherwise implementing UI functionality that I'd expect the OS to handle. It's a lot of code that should really be data (arrays, structures).
To offer a huge contrast, a long time ago I wrote an MSNP chat client in pure Win32, and it was around 2kloc. The binary was 24KB. Of course it only supported contacts, presence, and text messaging, but I still can't see features like audio/video or the crypto that Signal has needing 100x more, especially if they use OS functionality for much of them.
- Camera quality during video call
What are some alternatives?
wire-ios - 📱 Wire for iOS (iPhone and iPad)
mollyim-android - Enhanced and security-focused fork of Signal.
Themis - Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
simplex-chat - SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
disk-encryption-hetzner - Encrypt a hetzner server from the "serverbörse" and unlock it remote via ssh
LibreSignal - LibreSignal • The truly private and Google-Free messenger for Android.
acra - Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
Signal-Desktop - A private messenger for Windows, macOS, and Linux.
awesome-crypto-papers - A curated list of cryptography papers, articles, tutorials and howtos.
seaglass - A truly native Matrix client for macOS - written in Swift/Cocoa, with E2E encryption support
Unigram - Telegram for Windows