Talk:Signal (messaging app)/Archive 1

Archive 1

MIT Creates Untraceable Anonymous Messaging System Called Vuvuzela

http://news.softpedia.com/news/mit-creates-untraceable-anonymous-messaging-system-called-vuvuzela-497537.shtml • Sbmeirow • Talk • 14:09, 23 December 2015 (UTC)

This article is about Signal, not Vuvuzela. Could you please suggest exact changes and provide reliable sources? Thank you. --Dodi 8238 (talk) 14:49, 23 December 2015 (UTC)

Other messaging apps' adoption of the Signal Protocol in this article's history section

In order for this article's history section to stay on topic, I think it should focus on the history of the Signal apps and not stray off topic by discussing the history of its developers or its components. Other messaging apps' adoption of the Signal Protocol is discussed in detail in its own section in the Signal Protocol article, and the collaboration of Open Whisper Systems with tech companies to integrate the Signal Protocol into their messaging apps is discussed in the Open Whisper Systems article. In order to stay on topic, it would be better to mention other messaging apps' adoption of the Signal Protocol in the section of this article that is dedicated to the Signal Protocol. --Dodi 8238 (talk) 09:30, 11 December 2016 (UTC)

Propose Table or Other Easy To Digest Comparison of End-to-End Encrypted Messaging Apps

The referenced article https://theintercept.com/2016/06/22/battle-of-the-secure-messaging-apps-how-signal-beats-whatsapp/ takes time to read and will soon be out of date, but provides valuable information including that WhatsApp has Signal baked in but also has a critical security hole in automatic unencrypted cloud backups.

It would be helpful for readers to see at a glance how they can choose among app options to trade off strong privacy with interoperability with existing user bases. Having not yet researched other end-to-end encrypted messaging apps I'm not sure whether this would belong on the Signal page or somewhere on its own.

Eecharlie (talk) 05:10, 11 December 2016 (UTC)

WhatsApp cloud backups are opt-in, so we can't write that Signal is the only messaging app that excludes user's messages from non-encrypted cloud backups by default. There can also be other messaging apps which do not include cloud backups by default. For a table of end-to-end encrypted messaging apps, see the last section in Comparison of instant messaging clients. It is already linked to in the See also section of this article (and most other messaging app articles). --Dodi 8238 (talk) 08:56, 11 December 2016 (UTC)

Fair enough Dodi, you've done more homework on this than I have and I agree with your points. I am fine with closing this topic and the one you added re: where discussion of other apps' inclusion of Signal protocol belongs. eecharlie 04:59, 12 December 2016 (UTC) — Preceding unsigned comment added by Eecharlie (talk • contribs)

Proprietary dependencies

Signal compile allways many proprietary software in the source code, example: the gms:play-services-gcm, the gms:play-services-maps and the gms:play-services-places.^[1] but I have found no way to insert this aspect into the article. The cleaner says the source code is not a primary source...

Where is a journalist who has the source code read again? --46.89.140.83 (talk) 04:23, 28 May 2017 (UTC)

References

1. https://github.com/WhisperSystems/Signal-Android/blob/master/build.gradle#L56-L58

The source code that you referenced is a primary source. If we begin to analyze, evaluate, interpret, or synthesize material about the source code, we would be conducting original research, which is against Wikipedia policy. The best thing to do would be to find a reliable, published secondary source that discusses this aspect of Signal. --Dodi 8238 (talk) 08:57, 28 May 2017 (UTC)

I do not understand, the source code still contains proprietary parts of Google, you can read it also without programming skills. And now I am to look for an interpreter who says exactly the same thing? Where can I find this qualified parrot? --46.89.140.83 (talk) 09:41, 29 May 2017 (UTC)

I can read the source code, but in order to verify your claims, I would need further, specialized knowledge about what those lines mean. To quote WP:PSTS:

Any interpretation of primary source material requires a reliable secondary source for that interpretation. A primary source may only be used on Wikipedia to make straightforward, descriptive statements of facts that can be verified by any educated person with access to the primary source but without further, specialized knowledge.

Articles may make an analytic, evaluative, interpretive, or synthetic claim only if that has been published by a reliable secondary source.

Your recent additions to the article are clearly your interpretations of what those lines in the source code mean. Please understand that we need reliable, published secondary sources that anyone can verify without any additional specialized knowledge. This is a policy that applies to all Wikipedia articles, not just this one. If you are not able to find such sources, then we cannot include these claims in the article. --Dodi 8238 (talk) 13:40, 29 May 2017 (UTC)

On [1] the main maintainer acknowledges they have no intention to remove the mentioned proprietary dependencies (such as Google Maps) nor to comply with f-droid freedom standards. In general, while the situation here is moving rapidly and it would be great to have up to date secondary sources, software is proprietary by default and this specific software has had proprietary dependencies for a while, so per WP:EXTRAORDINARY we should keep the mention that it has proprietary dependencies until proven otherwise by a reliable secondary source. --Nemo 11:53, 21 July 2017 (UTC) P.s.: There are some pseudo-recent articles which touch on the topic, but nothing really recent and on-spot.[2] [3] [4]

Google Play Services

The page claims that Signal will work without play services. This is not correct. The app will not run without it. — Preceding unsigned comment added by 74.65.45.186 (talk) 18:52, 20 April 2019 (UTC)

Are you sure? See this commit Jan Vlug (talk) 19:46, 20 April 2019 (UTC)

Looks like that's subject to ongoing debugging: https://github.com/signalapp/Signal-Android/issues/8402 Nemo 20:12, 20 April 2019 (UTC)

Version information

The [±] symbol to update the version information has vanished? Why/How can I update it now? HerrHartmuth (talk) 07:56, 1 July 2019 (UTC)

One can use the following url Template:Latest stable software release/Signal. HerrHartmuth (talk) 09:56, 10 August 2019 (UTC)

The following url is for the preview release Template:Latest preview software release/Signal. HerrHartmuth (talk) 07:43, 15 August 2019 (UTC)

Signal not blocked in Iran

Signal is currently available in Iran, but due to Google's limitations it is not possible to receive notifications. AmirHossein Marjani (talk) 09:22, 10 February 2020 (UTC)

Question on integrity of the article

I'm sorry if I edit this wrong, I don't know how to do this right on mobile.

I'll go straight to the point. I've been going down the rabbit hole of crypto security and I found something disturbing in a couple of articles, and if what they claim is true, then this should absolutely be present in Wikipedia to alert users. I've done some very basic research and it seems legit so far.

Also, I'm well aware this article isn't politically neutral, but that's besides the point, I'm not posting this as a political act against a government or a party, but rather as a concerned person about authoritarianism. It's very suspicious to say the least that it is the government that funds something that's supposed to protect you from the government.

https://surveillancevalley.com/blog/government-backed-privacy-tools-are-not-going-to-protect-us-from-president-trump

Also I don't know how to sign from mobile so feel free to add it yourself lol, sorry. — Preceding unsigned comment added by 190.136.243.62 (talk) 06:46, 12 October 2020 (UTC)

Yasha Levine is sort of a tabloid writer when it comes to privacy tech — he often gets individual facts right, but makes connections and implications that simply aren't true. The funding situation of Signal is described in the article already, and more accurately than the blog you link. I don't want to get too far into the weeds on a WP discussion page, but yes, there are definitely problems with how technologies like Signal and Tor get funded, but they are far more subtle than "the government can break them or they wouldn't be funding them," which is just a patently false conclusion (the governmental organizations that fund these things want something that works, which means something even they can't break). More specific to the content of this article, almost nothing in the blog post you link contradicts the article as it's currently written, and where they do contradict, the article here is more accurate (with citations to back it up). If you have more specific concerns about the content of this article, we can discuss those, and I'd be willing to help find a more reliable source to either back up what's currently written, or change it if it's wrong. —Tga (talk) 19:06, 12 October 2020 (UTC)

A Commons file used on this page or its Wikidata item has been nominated for deletion

The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion:

• Signal-Logo.svg

Participate in the deletion discussion at the nomination page. —Community Tech bot (talk) 03:00, 24 December 2020 (UTC)

Elon Musk "Use Signal" tweet.

Elon Musk tweeted about this app which tweet led to a massive number of signups for the alternative app to WhatsApp. Source Rizosome (talk) 19:37, 8 January 2021 (UTC)

I agree this might develop into a good story but this specific source is quite fluffy. It would be nice to have a source providing at least some hard data about download spikes, otherwise there's a risk of recentism. (Yes, we can check the app stores stats to verify the source isn't making things up, but I wouldn't rely on original research for this.) Nemo 16:00, 9 January 2021 (UTC)

See WP:NOTNEWS. If this starts being covered by other outlets and has lasting significance, we can add it then. AleatoryPonderings (???) (!!!) 16:03, 9 January 2021 (UTC)

Section on use by bad actors

Chetsford, while I appreciate your recent addition, I feel it may be misleading and approaches an NPOV violation. Any application that offers truly strong encryption will be useful for anyone seeking not to have their messages traced. That's why many journalists and politicians use Signal, and it's why (apparently) many bad actors also use it. I would recommend integrating the content into another section or counterbalancing with sources like the following, which place Signal's recent rise in popularity in the context of recent changes to WhatsApp (Signal is more popular now not just because Parler was shut down, but also because WhatsApp just changed its software) and offer more historical context. AleatoryPonderings (???) (!!!) 07:25, 13 January 2021 (UTC)

• Molla, Rani (2021-01-12). "What is Signal, and why is everybody downloading it right now?". Vox. Retrieved 2021-01-13.
• Duffy, Clare (2021-01-12). "Why messaging app Signal is surging in popularity right now". CNN. Retrieved 2021-01-13.
• Wiener, Anna (2020-10-19). "Taking Back Our Privacy". The New Yorker. Retrieved 2021-01-13.
• Greenberg, Andy (2020-02-14). "Signal Is Finally Bringing Its Secure Messaging to the Masses". Wired. ISSN 1059-1028. Retrieved 2021-01-13.

• "I would recommend integrating the content into another section" That seems like a good idea. I've moved it to Reception where it will both (a) not be a standalone, (b) counterbalanced by other factors. Insofar as your contention that the sources may be misleading about Signal, that's something that would have to be taken up with the journalists themselves. Chetsford (talk) 07:54, 13 January 2021 (UTC)

None of the sources I see here and in the article call out Signal specifically. They always mention Signal in passing or together with Telegram, Discord, Facebook Messenger, and a bunch of others. I think, this content belongs to a dedicated article like "far-right on social media", not specifically here.Anton.bersh (talk) 14:02, 13 January 2021 (UTC)

Chetsford, I looked at your | contribution and I see that many of your sources do not match the text you added. At best, there is a topical resemblance of Wiki text with the source content. At worst, the provided source directly contradicts the Wiki text.Anton.bersh (talk) 13:04, 13 January 2021 (UTC)

I | moved the CNN reference because it ideally fits the new place. This article discusses WhatsApp privacy policy at length, mentions tweets by Musk and Snowden multiple times. It mentions Parler in a _single_ sentence. The user registration spike came _before_ Parler takedown.Anton.bersh (talk) 13:41, 13 January 2021 (UTC)

I agree with AleatoryPonderings's reasoning for this edit . Chetsford, if you intend to a statement, please (1) don't vaguely attach it to another statement and (2) ensure this statement is attributed to a credible source.Anton.bersh (talk) 15:00, 13 January 2021 (UTC)

I'm afraid you may not be looking at the sources correctly. Each of them directly and specifically discusses Signal. Chetsford (talk) 15:23, 13 January 2021 (UTC)

RfC: Mention of app's use by far right - include or disinclude?

Should the following be included (a) in the lead, (b) in the body, (c) removed from the article entirely? Chetsford (talk) 15:45, 13 January 2021 (UTC)

Use by far right, white nationalists, terrorists
The Signal app has been used for organizing by the far right,^[1][2][3] militias^[2] and white nationalists,^[4] including by planners of the Unite the Right II rally in 2018.^[5] In January 2021, downloads of Signal increased after Amazon, Apple and Google deplatformed the extremist social networking site Parler^[6] with Vox's Rani Molla writing that it was possible "Signal’s most recent surge has been propped up by protesters — this time those on the right".^[7] The Signal Foundation has not provided information about how or if it moderates messages being exchanged by the far right and QAnon conspiracists.^[1][8] According to CNN, Signal's security can offer "safe haven to a terrorist in Syria and the person in the United States he's trying to recruit to commit an act of mass murder" while the Minneapolis Star-Tribune reports Signal is being used by "tech-savvy criminals".^[9][10] In 2016, authorities in India arrested members of a suspected ISIS-affiliated terrorist cell that had used the Signal app to communicate.^[11]

Chetsford (talk) 15:45, 13 January 2021 (UTC); edited 20:46, 13 January 2021 (UTC) (sorry, one portion and source [Vox] was cut-off in the original copy, above, I've updated it as of this datestamp)

• B-Body with a one-sentence summary in the A-Lead This may change but, for now, inclusion in the lead may not be consistent with MOS:LEADREL. However, the content is correctly sourced to nearly a dozen WP:RS and is WP:DUE for inclusion as a few sentences in the body of an otherwise long and extremely detailed article that explores every other historical, social and technical nuance of the app. Chetsford (talk) 15:49, 13 January 2021 (UTC); edited 16:32, 13 January 2021 (UTC)
• B, with modifications (note to closer: this is not a !vote to include the above text verbatim, but a !vote to include something along the lines suggested above), but … why do we need an RfC? AFAICS, Chetsford, this is just an ordinary editing dispute between you, me, and Anton.bersh. I explained my reasons for objecting to specific portions of the text above in Special:Diff/1000089570, but no one has ever suggested using any of the text above in the lede. Seems fine to discuss its use by bad actors in the body as a general proposition; I just object to the "tech-savvy criminals" language for the reasons I explained in the linked diff. I would mention, in general, that literally every piece of technology ever has been used by bad actors as well as good, and encrypted tech has been subject to particular controversies in this regard (see, e.g., FBI–Apple encryption dispute), so singling out Signal is somewhat arbitrary. But RS do it, so we ought to as well. AleatoryPonderings (???) (!!!) 16:02, 13 January 2021 (UTC)

  Also, the bit about Parler (per my comments above in Talk:Signal (software)#Section on use by bad actors) seems somewhat misleading. Downloads surged recently for many reasons, including but not limited to Parler being deactivated. AleatoryPonderings (???) (!!!) 16:04, 13 January 2021 (UTC)

  I think that would be an argument to pose as a letter or email to the journalists whose reliable analysis drew those conclusions. However, per WP:OR, as WP editors we can't independently conclude a RS is wrong. Chetsford (talk) 16:16, 13 January 2021 (UTC)

  Chetsford, No, it's not OR. RS are reporting the WhatsApp thing: [5] ("However, this particular bump in Signal's usership comes in the wake of confusion over an updated terms of service notification from Facebook-owned encrypted messaging service WhatsApp"), [6], [7]. AleatoryPonderings (???) (!!!) 16:21, 13 January 2021 (UTC)

  Please see WP:SYNTH. Thanks. Chetsford (talk) 16:27, 13 January 2021 (UTC)

  Nope, not SYNTH either. Your sources explicitly state it's due to Parler. My sources say it's due to WhatApp, as the quote above indicates. The right approach would be to include information from all RS reporting on the event, not just yours. AleatoryPonderings (???) (!!!) 16:30, 13 January 2021 (UTC)

  Per WP:SYNTH, we do not "combine material from multiple sources to reach or imply a conclusion not explicitly stated by any of the sources". Thanks. Chetsford (talk) 16:35, 13 January 2021 (UTC)

  Yes, I understand. But SYNTH does not prohibit us from citing sources that contradict each other. [8] says "However, this particular bump in Signal's usership comes in the wake of confusion over an updated terms of service notification from Facebook-owned encrypted messaging service WhatsApp." [9] says "But a wave of misinformation on social media, not helped by Facebook’s abysmal track record on privacy and its reputation for obfuscating changes to its various terms of service agreements, has resulted in a full-blown WhatsApp backlash that has users fleeing to competitors like Signal and Telegram." In any event, no journalist is going to be able to conclusively state why X million people downloaded Signal. All we know is that X million people downloaded it recently, and a bunch of stuff happened that might explain that. Journalists aren't going around interviewing all the people who downloaded the app to figure out why they did. AleatoryPonderings (???) (!!!) 16:38, 13 January 2021 (UTC)

  WSJ says: "Two apps—Signal and Telegram—are currently the No. 1 and No. 2 free app downloads in Apple’s App Store and Google’s Play Store. Millions of users flocked to the chat apps in recent weeks, according to data from Apptopia and Sensor Tower. There are a few factors behind the surge. One is concern over a privacy-policy update for the Facebook Inc.-owned WhatsApp. Meanwhile, the deplatforming of President Trump from prominent social networks following the U.S. Capitol riot has driven people to seek communication tools without moderators and external visibility." AleatoryPonderings (???) (!!!) 16:41, 13 January 2021 (UTC)

  Seems like SYNTH to me. We'll have to agree to disagree. Chetsford (talk) 16:44, 13 January 2021 (UTC)

  I suppose so, but it bears pointing out that the statement you included in the RfC text would also be SYNTH by the same standard. The CNN source you cited says "Encrypted messaging services like Signal have gained popularity in recent years, as people are increasingly concerned with safeguarding their private information. However, this particular bump in Signal's usership comes in the wake of confusion over an updated terms of service notification from Facebook-owned encrypted messaging service WhatsApp.

  Signal also received endorsements last week from several of Silicon Valley's biggest names, including Tesla CEO Elon Musk.

  The jump in new Signal downloads also followed the riots in Washington D.C. and moves by Amazon (AMZN), Apple (AAPL) and Google (GOOGL) to cut ties with Parler". This is hardly an unequivocal statement that Parler caused Signal to rise in popularity. AleatoryPonderings (???) (!!!) 16:47, 13 January 2021 (UTC)

  I disagree. Chetsford (talk) 16:49, 13 January 2021 (UTC)

"singling out Signal is somewhat arbitrary" On WP we provide content related to the subject of an article sourced to RS. No one is "singling out" Signal. This is an article about Signal and we are providing content about Signal. If you have RS that say Facebook, Twitter, Parler, WhatsApp, Microsoft Excel - whomever - is used by bad actors you should absolutely add it to the respective articles. No one is saying you can't do that. Chetsford (talk) 16:27, 13 January 2021 (UTC)

Yes, I know. That's why I said "But RS do it, so we ought to as well". AleatoryPonderings (???) (!!!) 16:45, 13 January 2021 (UTC)

• I'd like to take issue with the sentence "The Signal Foundation has not provided information about how or if it moderates messages being exchanged" because it doesn't moderate anything at all, that's the point of E2E encryption. The inclusion of the phrase is unnecessary and promotes the nonsensical idea that every form of communication must be monitored and moderated.Dabluecaboose (talk) 16:05, 13 January 2021 (UTC)

"because it doesn't moderate anything at all" I think this is addressed extensively elsewhere in the article and we can assume our readers are intelligent enough to draw this conclusion and don't need to censor information from them due to concerns they might not understand. Per WP:OR we can't selectively choose to include or disinclude reliably sourced content simply because we don't like the way it examines a subject or believe its approach is inaccurate based on our personal technical analysis. Chetsford (talk) 16:14, 13 January 2021 (UTC)

I respect that, but would it not also be our responsibility to avoid contradictory information? The sentence serves no purpose if we've already thoroughly established that they cannot and will not monitor or moderate messages. The sentence serves no purpose. It would be as if putting a sentence in GM's article saying "GM has not provided information about how or if it monitors where cars drive". It's entirely irrelevant since it's *not* happening. Dabluecaboose (talk) 16:36, 13 January 2021 (UTC)

The essay WP:THISORTHAT provides, I believe, a policy-compliant analysis of the correct way to address situations such as those you describe (though I'm not convinced this is contradictory in the way you've indicated): Do not remove the conflicting sources just because they contradict the current sources. Do not choose which one is "true" and discard the others as incorrect. Chetsford (talk) 16:40, 13 January 2021 (UTC)

I don't think we're obligated to include every source that ever discusses Signal, especially when the information serves no purpose. This is an encyclopedia, not a gossip aggregator. It's not a matter of what "true" and what isn't, it's a matter of this sentence being nonsensical and useless for the greater article. Dabluecaboose (talk) 16:44, 13 January 2021 (UTC)

Seems perfectly sensible and useful to me. We'll have to agree to disagree. Chetsford (talk) 16:47, 13 January 2021 (UTC)

Fortunately, I was able to find a source directly from Signal^[12] that explicitly contradicts the article from Grit Daily. Since we have a source, I will remove the offending sentence.Dabluecaboose (talk) 16:57, 13 January 2021 (UTC)

Furthermore, an existing source in the article (^[13]) confirms that Signal is unable to read, monitor, or moderate user data.Dabluecaboose (talk) 17:22, 13 January 2021 (UTC)

Further-furthermore, here^[14] is an article on Forbes where the founder of the Signal foundation explicitly says the platform will be free from content moderation. The Grit Daily article is incorrect and should not be so insistently sourced. I will replace the Forbes article over the Signal one if it is a problem.Dabluecaboose (talk) 17:25, 13 January 2021 (UTC)

@Chetsford: "Agree to disagree" is not a productive solution for an article with incorrect or misleading information, and I cannot edit if you keep reverting my changes without conversation. I resent the implication of vandalism and have found multiple sources that contradict this tabloid garbage that says otherwise. I'd like to continue discussing this rather than childishly reverting edits because the information ``is`` incorrect and leaving it is disruptive to the purpose of the article. Dabluecaboose (talk) 17:30, 13 January 2021 (UTC)

Tentatively, I have made an additive (rather than subtractive) edit so that your desired information stays, as well as clarifying information about it that presents the facts. I hope you understand I am not trying to be disruptive and Assume Good Faith as I am trying to do on your behalf. Dabluecaboose (talk) 17:44, 13 January 2021 (UTC)

Remove the sentence sourced to Grit Daily. It doesn't make any sense, or at best it's an irrelevant distraction. It's impossible for Signal to moderate message content, because they can't read users' messages. —Granger (talk · contribs) 18:58, 13 January 2021 (UTC)

"It's impossible for Signal to moderate message content, because they can't read users' messages." It's absolutely possible for Signal to moderate message content by terminating E2E encryption. We can only overrule a RS on the basis of "the RS is describing something the laws of physics don't allow" if, indeed, the laws of physics don't allow that thing. This is not the case here. The only block is user preferences for E2E encryption. User preferences don't = "impossibility". We go by what RS say. Chetsford (talk) 21:18, 13 January 2021 (UTC)

I have started a discussion at Wikipedia:Reliable_sources/Noticeboard#Grit_Daily as to whether Grit Daily is in fact reliable. AleatoryPonderings (???) (!!!) 21:23, 13 January 2021 (UTC)

I think this claim is evidence that Grit Daily is not a reliable source. It is clearly misleading. —Granger (talk · contribs) 22:40, 13 January 2021 (UTC)

I think at this point there is a decent consensus that the sentence in question is unnecessary at best and misleading at worst. The repeated objections of a misguided yet persistent editor should not overrule this. I vote that we remove the sentence under the previously sourced announcement that Signal will not read user messages. Dabluecaboose (talk) 18:50, 15 January 2021 (UTC)

This is an RfC, so we should allow it to run its course before deciding what there is and is not consensus for. AleatoryPonderings (???) (!!!) 18:54, 15 January 2021 (UTC)

The sentence: "The Signal Foundation has not provided information about how or if it moderates messages being exchanged" is unacceptable: 1) It implies by its wording that communication should be monitor-able, but the purpose of Signal software is to provide communication software that is not monitor-able and people choose it for this reason. 2) It is inaccurate as it is documented by Signal that messages cannot be monitored, examples have already been given and are in this RfC above. — Preceding unsigned comment added by 12think (talk • contribs) 06:48, 3 February 2021 (UTC)

• Body, not lead (with modifications). Not everything on Wikipedia needs to be about the far right. Like any truly secure communication service, Signal will of course be used by all sorts of extremists and criminals. A single sentence about use by criminals could be included in the lead, but only if we also mention other use cases, such as by journalists and government officials (already mentioned in the body). —Granger (talk · contribs) 19:12, 13 January 2021 (UTC)

• Comment There is an issue of WP:RECENT here. Many of the sources are from the last few days. It definitely sits better in the body, but even in body, are we sure that its use by white supremacists currently will be at all notable after time has passed? Its reported use by criminals and terrorists should at least see a higher billing in comparison, in my view. Awoma (talk) 20:11, 13 January 2021 (UTC)

The sources cover the time period 2018 to 2021. I'm not sure we need to wait much longer. Chetsford (talk) 20:59, 13 January 2021 (UTC)

This is a very misleading comment! Aside from contemporaneous sources on Signal's use in the Unite The Right rally in 2018, all sources on use by white supremacists are from the last few days. This is a very clear WP:RECENT issue. Awoma (talk) 03:33, 14 January 2021 (UTC)

• Body, with modifications. I strongly feel that the sentence about moderation is misleading. Wwhhllrr (talk) 20:35, 13 January 2021 (UTC)

• C, because I believe there are sourcing issues with the above paragraph:

• First of all, it's a fundamental fact about Signal that its E2E encryption means that moderation of Signal messages is impossible. The Signal Foundation, as sourced by Dabluecaboose above, is not shy about saying that they cannot and will not moderate Signal. As such, any source that implies that Signal can be moderated or even that Signal is unclear about their moderation policies is questionably reliable for this purpose, because we know they got a fundamental and easily checkable fact about the software wrong.
• Second, a few of the above sources don't quite make the claims they're cited for. So for example, the article about Signal and Parler doesn't actually say that Signal downloads increased because Parler went down, but merely that Signal downloads increased at the same time Parler went down. Similarly the NYT source doesn't say that Signal is being used by "the far-right" but by "some of the organizers" (in context, presumably the organizers of the Capitol riot). Those are far-right people but they are not "the far-right" in general.
• Third and most importantly, I feel most of the sourcing in the above paragraph is WP:SYNTH, in that it collects short mentions of Signal being used by particular far-right groups in other articles to paint an overall picture of Signal commonly being used by the far-right. In other situations this would be obviously WP:SYNTH: we would never collect mentions of far-right extremists eating potato chips to imply that potato chips are in general the food of the far-right. I also object pretty strongly to the final line which uses an arrest of a group of terrorists that used Signal to further imply that terrorists in general use Signal: we would definitely never use an article that mentioned that Osama bin Laden had episodes of Tom and Jerry on his computer to say "terrorists watch Tom and Jerry". Loki (talk) 20:48, 13 January 2021 (UTC)

"As such, any source that implies that Signal can be moderated or even that Signal is unclear about their moderation policies is questionably reliable for this purpose, because we know they got a fundamental and easily checkable fact about the software wrong." This seems to largely be an assignment of preference norms. Of course, Signal could end E2E encryption and be able to moderate anything. So, no, it's not outside the laws of physics for Signal to be able to moderate content. Ergo, the RS are reporting reliably when they note that Signal is choosing not to engage in content moderation. The fact we might find it personally disagreeable for Signal to end E2E encryption doesn't make it physically impossible for them to do so; our personal disagreement doesn't make CNN, Forbes, etc. unreliable. Chetsford (talk) 21:13, 13 January 2021 (UTC)

This seems pretty far-fetched. The whole point of Signal is to use E2E encryption. If Signal got rid of E2E encryption, it wouldn't be Signal anymore. AleatoryPonderings (???) (!!!) 21:05, 13 January 2021 (UTC)

Like I said, this is an assignment of consumer preferences and not for us to debate as encyclopedia writers. The addition or removal of an ingredient in Mountain Dew does not allow us, as editors, to independently determine "it's no longer real Mountain Dew - the kind I grew up on" and edit the article accordingly, from that perspective. Chetsford (talk) 21:13, 13 January 2021 (UTC)

This argument is pure nonsense. The entire purpose of Signal is encrypted messaging. You're basing the relative importance of this unprompted negative assertion ("they have not announced something we never asked them for") on something that is fundamental to the platform and its users. There is no reason to include this sentence whatsoever, as it does *not* provide any useful information to the reader. Dabluecaboose (talk) 19:09, 15 January 2021 (UTC)

Actually, looking back this entire discussion over whether or not they can moderate is entirely a red herring. The text in question is "The Signal Foundation has not provided information about how or if it moderates messages being exchanged by the far right and QAnon conspiracists." The sentence says they have not provided information on if they are currently moderating, which is false: They have provided this information, and they are not currently monitoring or moderating. I have changed the text to better reflect the source in the meantime to "The signal foundation has not provided information about how or if it would moderate" Dabluecaboose (talk) 19:23, 15 January 2021 (UTC)

"we would definitely never use an article that mentioned that Osama bin Laden had episodes of Tom and Jerry on his computer to say "terrorists watch Tom and Jerry" If multiple RS reported that Tom & Jerry was OBL's favorite cartoon it would absolutely be appropriate to include that fact in the corresponding WP article. Chetsford (talk) 20:59, 13 January 2021 (UTC)

Yes, but not as "terrorists watch Tom and Jerry". As "Tom and Jerry was Osama bin Laden's favorite cartoon". Because that's what the source says. (For reference, I was talking about the fact that Osama bin Laden did have episodes of Tom and Jerry on his computer when he was killed). Loki (talk) 00:23, 14 January 2021 (UTC)

• Neither (invited by the bot. If some brief and more NPOV-complaint could be written for the body, that would be fine. North8000 (talk) 21:30, 17 January 2021 (UTC)
• Update on the RSN discussion: it has been archived here, and the consensus seems to be that Grit Daily does not appear to be a reliable source as used here. —Granger (talk · contribs) 20:58, 2 February 2021 (UTC)

References

References

1. Brown, Abram (January 13, 2021). "Meet The Billionaires Behind Signal And Telegram, Two New Online Homes For Angry Conservatives". Forbes. Retrieved January 13, 2021. "The use of Signal and Telegram is really dangerous. They appear to be at this moment welcoming hateful users who've been kicked off other platforms or been made to feel unwelcome on other platforms," says Harry Fernandez, a director at Change the Terms, a non-profit tracking online hate speech. "And it's dangerous that they don't appear to have any infrastructure in place to police these platforms."
   Both Signal and Telegram attributed the recent download surge to new users fleeing WhatsApp, a chief competitor that recently made changes to its privacy settings. This undoubtedly drew in some users but is, at most, only part of the story. "I'm really skeptical," says Will Partin, an analyst at Data & Society, an internet research outfit who monitors right-wing hate speech online. He sees a "PR crisis" brewing for the two apps as conservative groups take hold there—and the companies say nothing publicly about the influx. Or about intentions to turn away the new users.
2. Frenkel, Sheera (January 11, 2021). "Fringe Groups Splinter Online After Facebook and Twitter Bans". New York Times. Retrieved January 13, 2021. In the days since rioters stormed Capitol Hill, fringe groups like armed militias, QAnon conspiracy theorists and far-right supporters of President Trump have vowed to continue their fight in hundreds of conversations on a range of internet platforms. Some of the organizers have moved to encrypted messaging apps like Telegram and Signal, which cannot be as easily monitored as social media platforms.
3. Daly, Kye (January 11, 2021). "The online far right is moving underground". Axios. Retrieved January 12, 2021. Telegram and Signal are far more stable and secure and could prove more enduring homes and recruitment stations for far-right groups.
4. Glaser, April (August 11, 2018). "How White Supremacists Planned Their Rally in D.C." Slate. Retrieved January 13, 2021. This year, Kessler and his fellow white nationalist co-organizers switched much of their rally planning throughout the summer to private groups on Facebook Messenger and the encrypted texting app Signal...
5. Glaser, April (October 9, 2018). "White Supremacists Still Have a Safe Space Online". Slate. Retrieved January 12, 2021. A year later, in the runup to an ultimately barely attended sequel to Unite the Right in D.C., organizers appeared to stay off the platform, opting instead to discuss logistics over Facebook Messenger and the encrypted texting app Signal.
6. Duffy, Clare (January 12, 2021). "Why messaging app Signal is surging in popularity right now". CNN. Retrieved January 12, 2021. The jump in new Signal downloads also followed the riots in Washington D.C. and moves by Amazon (AMZN), Apple (AAPL) and Google (GOOGL) to cut ties with Parler, the social networking service favored by members of the far-right.
7. Molla, Rani (January 13, 2020). "What is Signal, and why is everybody downloading it right now?". Vox. Retrieved January 13, 2020.
8. Sachs, Julia (January 12, 2021). "Private Chatrooms On Telegram and Signal See Explosive Growth After Twitter Bans 70,000 QAnon Accounts". Grit Daily. Retrieved January 12, 2021. Apps like Signal and Telegram have not said if or how they would moderate content relating to QAnon or other extremist groups since experiencing a rise in traffic in recent days.
9. Pagliery, Jose (December 7, 2015). "Obama calls on tech giants to fight ISIS". CNN. Retrieved January 12, 2021. The Signal app encrypts phone calls. Wickr sends self-destructing messages ... The result? The same technology that keeps a conversation private between you and a family member also gives a safe haven to a terrorist in Syria and the person in the United States he's trying to recruit to commit an act of mass murder.
10. Jany, Libor (March 12, 2020). "Hennepin sheriff investigator's warrant to access encrypted Facebook messages worries digital privacy advocates". Minneapolis Star-Tribune. Retrieved January 12, 2021.
11. Tripathi, Rahul (April 11, 2016). "Dangerous Signal: This encrypted app is helping ISIS members in India to communicate". India Times. Retrieved January 13, 2021. A group of terrorist suspects in India said to be inspired by Islamic State wanted to emulate US whistleblower Edward Snowden and use encrypted communication tool Signal to stay in touch, it was revealed in interrogation by the National Investigation Agency (NIA).
12. https://support.signal.org/hc/en-us/articles/360007318911-How-do-I-know-my-communication-is-private-
13. Cite error: The named reference Cohn-Gordon-2016 was invoked but never defined (see the help page).
14. https://www.forbes.com/sites/abrambrown/2021/01/13/meet-the-billionaires-behind-signal-and-telegram-two-potential-new-online-homes-for-angry-conservatives/?sh=62669537edaf

Discussion

The following source, from the NYT, came out after this RfC started, and may be of interest to participants. AleatoryPonderings (???) (!!!) 23:11, 13 January 2021 (UTC)

• Nicas, Jack; Isaac, Mike; Frenkel, Sheera (2021-01-13). "Millions Flock to Telegram and Signal as Fears Grow Over Big Tech". The New York Times. ISSN 0362-4331. Retrieved 2021-01-13.

New article on Signal

• Signal ignores proxy censorship vulnerability, bans researchers --Bleeping Computer

--Guy Macon (talk) 02:46, 8 February 2021 (UTC)

Thanks, added! Jtbobwaysf (talk) 04:20, 8 February 2021 (UTC)

Oh dear.

• Removal notice for Signal article --Bleeping Computer

Given the above, I say we wait until reputable security researchers such as Bleeping Computer,[10] Krebs on Security[11] and Schneier on Security[12] sort it out and publish an update. --Guy Macon (talk) 09:41, 8 February 2021 (UTC)

Bleeping Computer's "shoot first and ask questions later" approach to this story does not inspire much confidence in their journalistic abilities. I agree we should wait for better third-party coverage before adding anything to the article. After all, we are not here to publish news or right great wrongs. --Dodi 8238 (talk) 10:18, 8 February 2021 (UTC)

The story seems to go on here at techtimes.com. Another source says "The real existence of this vulnerability is still doubted at the moment." - vuldb.com Jtbobwaysf (talk) 19:10, 8 February 2021 (UTC)

If you compare that TechTimes article to earlier archived versions of the Bleeping Computer article, you'll see that most of the content in the TechTimes article is just paraphrasing parts of the Bleeping Computer article without doing any additional research or verification:

• Archived on 2021-02-07
• Archived on 2021-02-08

I would therefore not treat the TechTimes article as any more reliable than the version that Bleeping Computer's editor decided to retract based on the information they learned after publication. On the surface, this just looks like blog spam. --Dodi 8238 (talk) 19:52, 8 February 2021 (UTC)

For a not-quite-expert opinion on the matter (I'm not the anti-censorship person in my research group, but I stay relatively up to date on the research since it's adjacent to mine): I would not be surprised if the proxies are vulnerable to some sort of active probing attack. Signal is new in this space, and it's the sort of mistake that's easy to make when rolling your own solution. But that's not really worth mentioning in the article, because 1. of all the governments that engage in internet censorship, there's only one known to have ever employed active probing attacks, and it's not Iran (the only place these proxies are intended for), and 2. these vulnerabilities are very simple to fix for this particular type of proxy, and would almost certainly be quickly fixed if Iran ever started making use of them. (I also suspect Iranian censors know this, and therefore won't bother, but they also might just to see how quickly Signal responds... we'll see.) Obviously we can't just use my opinion for any text in the article, but that's the lens I would recommend looking through when reading sources: "Does this actually indicate anything that matters for how Signal is using these proxies?" The thing about availability is that, unlike other aspects of security, attacks are pretty visible. So until the proxies start getting blocked, this all just seems like sensationalism. −Tga (talk) 21:20, 8 February 2021 (UTC)

Right-wing media claims that Signal is a "government op" with "backdoor"

There is a wave of misinformation about Signal claiming that it is a government op with backdoor, per:

• Signal is a government op Signal was created and funded by a CIA spinoff. It is not your friend. allegedly by Yasha Levine (per citation at bottom of page) on Substack 2021-01-15
• Court documents show FBI may have tool to access private Signal messages on locked iPhones Fox Business 2021-02-09
• Court Docs Show FBI Can Intercept Encrypted Messages From Deep State-Backed ‘Signal’ App Big League Politics 2021-02-10
• Court Docs Show FBI Can Intercept Encrypted Messages From Deep State-Backed ‘Signal’ App Washington Watch 2021-02-11
• (no doubt many more...)

There appear to be fragments of facts that have been strung together to suggest that Signal is vulnerable. The vulnerability referred to apparently relates to iPhones with “partial AFU,” which stands for “after first unlock.” I don't have an iPhone, but I suppose that is a persistent unlocked state. In any event, it would appear that it was the iPhone that was hacked, not the Signal app itself. Naturally, messages need to be decrypted before they can be displayed. It is at that point, after decryption, that the messages are vulnerable to hacking on a mobile phone that has been hacked. I know Wikipedia is not Reddit, but Wikipedia is the de-facto reference. I am sure that this article can be improved if this alleged vulnerability is addressed. I am sure that there are others who are more qualified than I am to make such edits.
Enquire (talk) 22:58, 14 February 2021 (UTC)

I added the Fox Business article as a cite in the local storage section, since 1. that's the only link there that's reliable enough for use here, and 2. this appears to be almost identical to the hype train already discussed in that section, only this time for iOS. (Not necessary knowledge for the edit, but if you're curious: the "partial After First Unlock" thing has to do with a feature of iOS where it tries to remove all plaintext data it feasibly can when the phone is booted and running, but locked. Before you unlock the first time, pretty much nothing but emergency calls work on the device, since all data is at-rest encrypted. Once you unlock, everything is decrypted for anyone with physical access. Then once you lock, but don't shut down, things that can be encrypted again while still having a functional phone get removed from active memory, and left encrypted on storage. Unfortunately, some apps have to run while the phone is locked, such as messengers like Signal to receive messages. The vulnerabilities the FBI pays to use are ones that allow them to access this decrypted data, even while the phone is locked. This will likely always be possible to some extent with enough resources, but Apple tries to design their hardware to make it as difficult as possible.) —Tga (talk) 23:45, 14 February 2021 (UTC)

1st Sentence MisNomer, Centralized?! No.

Two points of contention. (1) The very first sentence in the intro for this article says that this is a cross-platform centralized software... Yet the description contains three paragraphs, and none of them mention anything about a centralized topology, go between, central or middling process, or centralized server for that matter! (2) Further, the opening intro mentions repeatedly that the software communicates one to one or peer-to-peer or P2P - this all indicates to me that the word centralized should be removed from the first sentence. Is anyone in agreement?? -From Peter {a.k.a. Vid2vid (talk | contribs)} 23:38, 8 April 2021 (UTC).

• Hmm... my understanding of Signal's architecture is that it *IS* a centralized architecture. So perhaps we need to find some better sources, and perhaps actually remove that later reference to P2P. (Or it could be centralized for authentication and directory lookup, but connect directly from one client to the other without going through a central server... regardless, the point is that this section needs some clarification.) - Dyork (talk) 00:51, 9 April 2021 (UTC)

I don't see any mentions of p2p in the intro; the only mention of it is in the article itself (where it references the design of webRTC). It does say one-to-one, but that's in contrast to group calls, not a network architecture. It also mentions end-to-end, but again, that has nothing to do with the network layer, it refers to the encryption layer. As for how Signal is designed: It is conceptually centralized (i.e., it is not federated, p2p, or otherwise openly distributed). There is some element of "distributedness" in the sense of using multiple servers for better locality and redundancy, but these servers are all operated by Signal. Signal (Moxie Marlinspike specifically, but he pretty much has final say on anything in Signal's design and operation) has taken an explicit anti-federation policy, saying that in order to rapidly implement the sorts of things Signal improves on, maintaining interoperability as well would be too burdensome. So basically, all messages go through a Signal server. The one exception to this is, as I already mentioned, WebRTC (so audio and video calls), which has p2p elements built in. Signal relies on a library for its WebRTC support these days, so that's where the p2p functionality comes from, but you can explicitly disable p2p for WebRTC in Signal's settings if one is so inclined (it's the "Always relay calls" setting under "Privacy" in the Android version). Does that make things clearer? If you could point to specifically which sentences are confusing, maybe we could rewrite them to make it easier to follow, but right now, I don't see anything at least factually inaccurate in the intro. --Tga (talk) 03:07, 9 April 2021 (UTC)

Error parsing date of desktop release from wikidata

There also seem to be 2 dates listed. 24.68.171.129 (talk) 03:13, 23 January 2022 (UTC)

Thank you! I fixed it. Dexxor (talk) 13:07, 24 January 2022 (UTC)

Dutch government

"In 2022 it was reported some Dutch government officials adopted Signal, sparking some controversy."

Can someone who reads Dutch elaborate on this? As is, it's quite uninformative. Birdsinthewindow (talk) 00:31, 30 December 2022 (UTC)

Possible deliberate tautology

Under the heading "Use by criminals", there is a sentence that begins "Far right right-wing militias". On the face of it, it looks like an accidental tautology, and therefore it should be edited.

Another problem with that phrasing is, it sounds as if the author was trying to influence the reader. I googled the phrase "Far right right-wing militias", and I did not find it to be a "common phrasing".

Maybe "right-wing militias", or "far right militias" would be more appropriate? — Preceding unsigned comment added by Gwrede (talk • contribs) 20:25, 20 April 2022 (UTC)

Perhaps "extremist right-wing militias"? Legowerewolf (talk) 16:31, 21 April 2022 (UTC)

Done – K4rolB (talk) 12:31, 30 December 2022 (UTC)

I agree with Legowerewolf's suggestion. Birdsinthewindow (talk) 00:30, 30 December 2022 (UTC)