Richard Stallman: "Signal has some problems" - what did he mean?


#1

So the video where he said that, was published on April 2017 and he said that when the interviewer talked about end-to-end encryption, chat clients and free software. Presumably he was referring to “problems related to security/privacy” that Signal app has or had.

I searched several times on the internet for the “problems” Signal might have and could not find any. Sure you may not know what he meant, unless you can ask him directly, but maybe someone knows of any issues of Signal concerning privacy or security?

Any answers appreciated, thank you.


About matrix and riot
#2

I can’t find the video that you reference (it would be helpful if you linked it). However, I know that the f-droid forums have exstensive discussions about Signal. (F-droid is a Free Software repository for Android). F-Droid does not include signal because:

  1. Signal includes non-free software and relies on Google’s proprietary services.
  2. The developer of signal does not like soft forks of signal (that are compatible with the main version) and F-droid developers seem nice enough to respect that.
    Stallman probably rejects signal because of their use of Google proprietary Services and the distribution through the proprietary Google Play Store.

Further, reading conversation on this Reddit thread lead me to LibreSignal a fully free non-google fork of Signal which is NOT on F-droid probably because of the owner of Signal’s requests. However, the developer of LibreSignal states that “applications installed from Google Play can be silently updated without user knowing about it, e.g. to version with hidden backdoor.” This is absolutely true and could be more of Stallman’s problem with Signal.


#3

Thank you @blendergeek, this is a good start for me to start doing my extra researches on it. :ok_hand:

Here’s the link, though you won’t hear anything more than what I’ve mentioned. You can find the part where he says that, in the last 10 minutes or so of the interview.


#4

After watching the video, I notice that Stallman a few minutes before refers to automatic upgrades as a “universal backdoor”. I definitely don’t think he likes the Google Play aspect of Signal. I have never heard of any other specific problems with it, though I can think of some potential ones:

The signal servers process the data which means that they can see who you message and how often you message them. This information can be used to track you and is potentially hazardous.


#5

I will not try to secondguess RMS here, but I have three problems with Signal, each one sufficient not to use it:

  1. It uses phone numbers as id. This is practically an invitation to stalkers and makes anonymous accounts impossible in most countries. Also, phone numbers are not very “intuitive”.

  2. It is a centralised service. No chance to get a trustworthy service in a country of your choice by a company/community of your choice or host it yourself.

  3. It is bound to mobile phones, support for PCs is only an afterthought, PC clients are not first class citizens. If one doesn’t have a smartphone (like me), one is excluded from conversation.

I personally prefer XMPP (Jabber) over Signal, but e.g. Ring or Matrix are also good.