Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> What's the benefit of decentralization? Not being snarky, I just don't really see it. What does a decentralized PGP email have that I don't have with my Signal Messenger?

It's a lot harder to block. You can have anyone run a mail server on any port (SSLed if necessary), which means you can use it for secure communications inside any "great firewall" (like that of China or Kazakhstan), or even in a country/region that's been cut off from the Internet (which we've seen happen for various amounts of time in Syria, Crimea, Turkey...). WhatsApp/Signal have a very limited version of this by getting makers of popular HTTPS services to work with them, but those services are subject to their own commercial pressures (all the big names have been known to collaborate with e.g. the Chinese authorities in the past) and attackers always have the option of just blocking those services outright.

It rules out a whole class of attacks involving compromising the central servers and tricking the client into redoing an initial exchange. If the Signal client is implemented correctly this shouldn't be an issue, but it's an extra attack surface that simply doesn't exist for OpenPGP.

Also compared to Signal et al it's more practical (though still difficult) to use pseudonymously, because a pseudonymous email address is eaiser than a pseudonymous phone number. Signal advocates talk about having deniability because your messages aren't provably signed by you, but I don't think that advantage exists in any reasonable threat model - if we're worried about a state adversary hunting down everyone who corresponded with dissident x, they'll find it easier to track down a phone number than an email address, and once they've tracked down one of x's correspondents (i.e. someone who has a phone with a number that exchanged messages with x) they're not going to be bothered by the fact that they don't have signed mathematical proof that this is the same person who corresponded with x.

> Signal was designed from the ground up with UX in mind, and made several important trade offs for it

Such as? At the protocol level I mean.



https://whispersystems.org/blog/the-ecosystem-is-moving/

One of the explicit protocol level trade offs is federation:

> One of the controversial things we did with Signal early on was to build it as an unfederated service. Nothing about any of the protocols we've developed requires centralization; it's entirely possible to build a federated Signal Protocol based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all.


The maintainer of the "Conversations" XMPP client wrote an interesting response to that article:

https://gultsch.de/objection.html


Thanks, I wasn't aware of this. Though to be honest, I am not exactly convinced. Calling HTML federated seems a real stretch. My browser doesn't have to talk to other browsers, just servers, and those can speak many languages. The network effects are really _very_ fundamentally different.

The reality is that, no matter how much I wanted xmpp (and google wave for that matter) to succeed, Signal (and if you are willing to trust the closed source client WhatsApp) are the only ones that did.

And that's even though XMPP preceded Signal by a decade. The argument that a good federated user experience is possible in principle starts to sound a lot like talk about "sufficiently smart compilers".

Let's grant it is true that we don't have sufficient resources to update a host of different clients to use all the extensions. So then it still seems that in a resource constrained environment federation is not feasible. Open Whisper Systems managed to get encryption on a billion devices with a team of three people. The idea that it only succeeded due to a resources advantage (rather than fundamentally different trade-offs) does not seem very plausible.


> And that's even though XMPP preceded Signal by a decade. The argument that a good federated user experience is possible in principle starts to sound a lot like talk about "sufficiently smart compilers".

For how much of that decade did we even see "a couple of full-time developers" applied to XMPP though? Yet alone an actual UX designer.


Have you tried Conversations? You might want to give it a try. On the whole, the user experience is not significantly worse than Signal. With both sides using OMEMO encryption, privacy should be about the same.

Trade offs:

Onboarding is trivially more complex. You have to enter your JID and a password -- registration of a new JID adds one checkbox to that.

Contact discovery does not piggyback on phone numbers, so you will have to add JIDs to your address book if you want Conversations to pick them up.

Another new XMPP-based app, Zom (https://zom.im/) makes some of this easier by letting you automatically register on their hosted XMPP server, locking you into sane default settings, etc. Android app seems still a little buggy, though.


All due respect it not exactly mind-blowing that to compete with some of the most successful businesses in the world you have to do things they can't. The author often likes to use catchy quotes so let's go with the classic "It is difficult to get a man to understand something, when his salary depends on his not understanding it". They make their money selling licenses and consulting for centralized messaging services. It's not in the interest of either party to have disagreements on this issue.


Signal making choices for ease of evangelizing it doesn't condemn the entire idea any more than poor implementations of secure email means we should totally give up on it


Also, is it really true that a state actor could not effectively block email? Or for that matter all encrypted email? They are, after all, blocking web pages. It seems to me (as a lay man observer) that at the state actor level the Internet is relying on centralized resources already, maybe that's why decentralization seems intuitively less important to me. This is not to disagree with your points.


It's more that a private actor can exclude you from any network. Maybe WhatsApp blacklist you for "abuse". Maybe they're right. But even if you kill someone you're allowed to use the telephone network, and send or receive letters.

As long as the message silos aren't regulated as utilities, decentralised systems give us more of the freedoms.

It's pretty easy to run a separate dns system - you can even blend your own private "authorities" dns for new tlds with fall back to the centralised root servers.


That's a fair point actually. Does the fact that signal is open source and based on phone numbers change that though? Seems that as long as you have access to the phone network you have access to the signal network...


No, because the servers are still centralised and they can blacklist you at that level.


They can block any traffic in/out of their network. But e.g. it's possible to use email on a LAN (or a wireless mesh network) entirely disconnected from the Internet.


Hm?

if /BEGIN PGP SIGNED MESSAGE/.test(message) { greatFirewall.block(message); }


Sure, but that only catches messages that cross the wall. They could disconnect China from the Internet entirely, but email would still work within China.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: