Signal: you were the chosen one!


Playlists: 'MCH2022' videos starting here / audio

This is a rant about how moving ecosystems are not a good reason for centralizing a crucial service, how stickers are no substitute for a desktop client that does not crash, and how effectively shutting out less popular OS platforms is just not cool.

In his seminal work ["The ecosystem is moving"](, Moxie Marlinspike laid out clearly the reasons why it's impossible to do what [Matrix](, or [the Fediverse](, or for that matter the Web, have done: create a dynamic, quickly-evolving ecosystem without centralizing it.

For years, as a person responsible for information security of at-risk reporters and their sources, I have been advocating Signal as a secure Internet messaging service. And with good reasons.

Criticizing a security-sensitive tool like Signal is tricky, as it might be misconstrued as a call to abandon it, and move to alternatives that might be in fact worse. But here, at a hacker conference and with little risk of causing confusion and diverting users towards less secure platforms, can we please have an honest conversation about Signal's problems? And how 5 years after that blogpost, moxie's centralization has not solved them?..

There are good reasons to exert a level of control over what connects to a communication network. But effectively shutting out a community of developers that would love to implement Signal clients [for]( [less]( [popular]( [OSes]( (many of which happen to attract the kind of infosec-aware crowd that used to be the core pushers of Signal) is not a good outcome.

Opening up more on the client side and providing some form of independent client development program (starting with a stable API) would already help a ton. Even if it's just the desktop client that gets re-written in something that is not in essence a packaged browser [trailing it's upstream on security patches](

Finally, we need to talk federation. Does it make moving fast and breaking things more difficult? Yes, yes it does, and that can be a good thing. It also makes the resulting federated service more resilient (one [service provider experiencing issues]( does not bring the whole network down). And, it lets others innovate without being locked out.