Signal / Silence on GNU+Linux : A comprehensive summary | Librem 5 app

Not sure I see the appeal to a piece of software that only uses cellular SMS capabilities and just adds encryption when possible.

Signal on the other hand makes A LOT of sense.

Let’s put it rather differently.
Chatty is an official message centrre for L5, and it is backed by libpurple. By default it (L5) is shipped with sms and xmpp plugins. xmpp plugin in addition has omemo plugin (which is using Signal’s cryptography concept - double ratchet algo) but sms is just plain old sms.
So OP is asking to empower SMS by the same double ratchet algo encryption in the same way as Silence on android.

3 Likes

Yes, it’s a good things and it’s off topic for signal support.
I hope SMS encryption will be compatible with Silence.

Yes of course. I understand that. I just don’t understand why you would want that capability when today offers much better communication capabilities.

Why, for example, if you are using Android, you would prefer Silence over Signal? The sub question being why you would prefer a Silence port versus full up Signal?

1 Like

For simple reason, i don’t use signal. as well as telegram, wahtsup, whatsdown, whatsnot… i use xmpp. period.
But - sometimes internet is not available so it’s nice to have encrypted offline alternative. although doing kex over sms is going to drain mobile credit dry unless one has unlimited sms subscription :slight_smile:
And same as one can communicate with users on different platforms using one protocol.
SMS is just a transport, same as xmpp is a protocol to transport omemo payloads. If you encrypted your message on one xmpp client you’d expect it to be decrypted properly on the other (hence XEP standartisation). Same if you sent encrypted sms from android it should be possible to decrypt it on librem.

4 Likes

In addition to what @ruff said, in many countries, SMS is a “free” (= unlimited included in the monthly fee) tool that is widely used by the population. Maybe you don’t feel it because in your country, it is technologically outdated in favour of messaging applications.

Signal encrypt you text content, then forward your message to their server, and sent it to your recipient. Nobody knows today if Signal has the ability to decrypt your message (their server part is closed-source). No one can say what they do with your unique phone number that’s supposed to identify you either.

Where Silence is very strong, it does exactly like Signal, but with the advantage that the content is unreadable on my operator’s server. I was able to verify it (the phone operator offered a service to register SMS in a webmail) : my recipient and I could read our messages in Silence, while my operator’s server displayed an unreadable encrypted message.

Some people, included me, use Signal or Telegram but don’t trust them. We use them because they are the only few alternatives to Whatsapp (and it is already difficult to convince someone to discuss with you with those alternatives). XMPP is the same problem : you have to chose a server that you don’t know. And if you want to setup your own, it is difficult to do it for a standard person like me.

I am a bit disappointed about this SMS aspect of the Librem 5 : they promote privacy and give you the ability to use SMS, but it is like they don’t want to use this open-source Text-Secure protocol to secure SMS while it is obvious that it needs to be secured.

1 Like

It’s not about “they don’t want” - I’m pretty sure they do. It’s about resources and capacity. If silence implementation in C exists - someone (maybe even me at some time) will add it to libpurple (and thus to chatty). If it’s just in Java - it’s unlikely to be added any time soon.

4 Likes

It’s false.
Text message server is free software. Cyanogen was operaring its own server years ago.
Only the voice/video call part is close sourced.

You can read the code on client side (it’s also free software) and see that the app never sends your phone number to the server.

There is no Silence implementation. It uses Signal implementation without change.
See previous post to find the link to the C library.

3 Likes

Like ruff said, and because this really can’t be stated enough:

Purism is literally doing everything they can to push their social purpose. They are a small team working on very complicated projects. They need to prioritize.

You say SMS is a priority, but I believe internet based communication is far more useful. There are many people that may never even use cellular capabilities with the phone.

Signal really is the golden goose of the free software world. Financed for the indefinite future, and proof that free software can co-exist with proprietary software. I use rocket chat for my personal server with friends and family and thus never use signal’s voice or audio calling, but if I could self host signal without it being a real pita, I would prefer it. It has the mark of truly professional development and is better suited to informal communications. (RC is very professional as well, the RC team does amazing work. Signal and RC are complex projects, and RC is focused on team communication. RC also works as an effective cloud storage system.)

I believe, from everything I’ve read from Purism and from my own experience as a developer, that Purism really is doing all they can, within the financial constraints they have.

5 Likes

Myself for one. Last time i used SMS was like 15-20 years ago i think. Mostly because it blatantly insecure but also because it far from being realtime (that part might have improved, no idea).
Same for the calls, only spam from various surveys. So i always buy packages with internet, calls/sms is usually complementary service which i don’t use.

Because, as far as I know, Signal requires you to have a Google infection on your device (it relies on some of their backend libraries).

3 Likes

Could you give specifics? If you are referring to push notifications, that is of course platform specific and is obviously a non-starter for the Librem 5.

I don’t think so, here it says SMS is unsecured.
While here it says it actually mainly secure-sms application and is a fork from signal to re-enable sms encryption.

The only C library i found is from Richard Bayerle - which is the same person who developed OMEMO for libpurple. Is that what you’ve meant?

Yes, it’s only a fork of the original OpenWishperSystem Textsecure app, there is no modification on the crypto or protocol side. Silence use the original library maintained by Signal.

No, I mean the official Signal library: https://github.com/signalapp/libsignal-protocol-c

3 Likes

Oh, my bad, even in the axc itself is written that it’s just a wrapper for libsignal-protocol-c

1 Like

To complete the picture, TextSecure-QML (the independent Signal client for UBport) uses an unofficial GO implementation: https://github.com/nanu-c/textsecure/

My current thinking is: should we develop a GTK interface based on the GO implementation of Textsecure-QLM that already works or develop a Libpurple extension based on the official library, which requires more work but would benefit more software and would be closer to the official project.

3 Likes

Both options are viable because encrypted sms is really rather niche use. So while libpurple would benefit more projects and will be integrated, the benefit itself is hypothetical and might actually not be used by anyone except (privacy concerned) L5 users. So if standalone app gets less effort to implement may fit as well.

I fully agree with you, and this is why I trust this project. Maybe I was not enough clear so I apologize in that case. However, I feel disappointment, not against Purism team, but against the fact that SMS is an unsafe tool in the safer Librem 5. It can be made safer, but so far there is no response about it.

I agree that priority should be to Signal-compatible Messaging app. It’s true. However, in a working context, or with adult/senior people, SMS is still used for quick short one-to-one discussion, while Signal-like apps are more used as a group-chat and video calls. The same in many area where data reception isn’t high (I know there is maybe people living in big cities here, but let’s also think about rural folks with bad/not enough data reception). If SMS wasn’t used as much as you say in the world, this SMS icon would not appear in each new iOS/Android/PureOS version. Maybe there are French people here, they may know what I mean.

2 Likes

SMS encryption is another topic according to me.
Actual Signal app and Textsecure-QML doesn’t support SMS.

It think it should be integrated with the Chatty’s libpurple addon for SMS developped by Purism.
I’m not sure but as I understand it the same libsignal-protocol-c library could be used for SMS Silence compatible encryption and Signal compatible web messaging.

I’ve done a little more reading, and it seems that my information is old. Originally, it flat out required Google infrastructure to pass messages, but they have apparently changed it for just push notifications (https://signal.org/blog/goodbye-encrypted-sms/) - quite some time ago, in fact.

I don’t remember if push notifications are a required part of the software functioning, but that seems to be irrelevant as well at this point, since there is now apparently another method of doing that (https://www.reddit.com/r/signal/comments/ap9lin/gcm_notification/ and https://github.com/signalapp/Signal-Android/commit/1669731329bcc32c84e33035a67a2fc22444c24b).

I suppose that the only thing stopping me from using it is being able to get the damn thing. It’s not on F-Droid, so I’d have to figure out the whole weird Android build process.

1 Like