But it’s a difficult concept for the average person to not have an account, but everything is device oriented. Same problem with people not using gpg for email. Having to maintain a thing similar to a private key that’s not memorizable like a username and password and back that up in case your device is lost. Is a big hurdle for many. And then additionally having to share a qr code or link through some external means for someone to connect with you rather than just telling them to download an app and enter your username HSS always been difficult.
So, IMHO, Signal has the best implementation possible with the level of usability that many nontechnical people expect in a chat application, even if it’s not the most secure. I am interested to see how SimpleX solves these issues in the future, though.
Of course it is, that’s the innovating part of it ! My opinion was that I rather use SimpleX if I wanted to switch away from Signal, if not I’ll simply use Signal not Session. But my threat model isn’t everyone’s.
I think as people will be more educated on cryptography in there digital lives we will have better UX to the point of it not be as difficult as sending on e-mail in the late 80s. Innovation like Bitcoin, nostr, U2F, passkeys etc… will be more accessible over time. Today sending a message on Signal is infinity more easy, secure and private than the majority of e-mails of the 21th century.
Yeah, I just meant people are used to decades of using meaningful usernames. Having to use a cryptographic key has traditionally made it very difficult to get enough people to adopt to make it worth adopting yourself as a technologically savvy person. I never would have used Facebook in a million years if it wasn’t for the fact that it was the only place I could get in touch with many people. Having to build your networks in-person is tedious for many people and sharing the codes securely through other means is cumbersome if you don’t have an existing method for sharing.
Just like HTTPS needs several layers to make it work and still relies on an untrustworthy and corruptible thing like DNS to verify the destination and it’s keys are the thing you’re expecting to connect to. There’s no secure way to share the route to your device electronically in a user-accountless system with no secure, trusted middleman translating names to addresses unless you do it in-person.
But it’s a difficult concept for the average person to not have an account, but everything is device oriented. Same problem with people not using gpg for email. Having to maintain a thing similar to a private key that’s not memorizable like a username and password and back that up in case your device is lost. Is a big hurdle for many. And then additionally having to share a qr code or link through some external means for someone to connect with you rather than just telling them to download an app and enter your username HSS always been difficult.
So, IMHO, Signal has the best implementation possible with the level of usability that many nontechnical people expect in a chat application, even if it’s not the most secure. I am interested to see how SimpleX solves these issues in the future, though.
Of course it is, that’s the innovating part of it ! My opinion was that I rather use SimpleX if I wanted to switch away from Signal, if not I’ll simply use Signal not Session. But my threat model isn’t everyone’s.
I think as people will be more educated on cryptography in there digital lives we will have better UX to the point of it not be as difficult as sending on e-mail in the late 80s. Innovation like Bitcoin, nostr, U2F, passkeys etc… will be more accessible over time. Today sending a message on Signal is infinity more easy, secure and private than the majority of e-mails of the 21th century.
Yeah, I just meant people are used to decades of using meaningful usernames. Having to use a cryptographic key has traditionally made it very difficult to get enough people to adopt to make it worth adopting yourself as a technologically savvy person. I never would have used Facebook in a million years if it wasn’t for the fact that it was the only place I could get in touch with many people. Having to build your networks in-person is tedious for many people and sharing the codes securely through other means is cumbersome if you don’t have an existing method for sharing.
Just like HTTPS needs several layers to make it work and still relies on an untrustworthy and corruptible thing like DNS to verify the destination and it’s keys are the thing you’re expecting to connect to. There’s no secure way to share the route to your device electronically in a user-accountless system with no secure, trusted middleman translating names to addresses unless you do it in-person.