LOSING SIGNAL
by Ploum on 2023-03-09
https://ploum.net/2023-03-09-losing-signal.html
Warning to my friends : Until further notice, consider I’m not receiving
your Signal messages.
Signal, the messaging system, published a blog post on how we were all
different and they were trying to adapt to those differences. Signal was
for everyone, told the title. Ironically, that very same day, I’ve lost
access to my signal account. We are all different, they said. Except
myself.
Signal is for everyone (except me)
https://signal.org/blog/signal-is-for-everyone/
What is this difference? I’m not sure but it seems that not having a
standard Android phone with Google Play services play a huge part.
How I lost access
=================
I’m using an Hisense A5 Android phone. This is one of the very rare
phones on the market with an eink screen. While this is not recommended
for most users, I like my eink phone: I only need to charge it weekly,
it’s not distracting, I don’t want to use it most of the time. I feel
that coloured screens are very aggressive and stressful.
The Hisense A5 comes with proprietary crapware in Chinese and without
Google Play Services. That’s fine for me. I don’t want Google services
anyway and I’m happy with installing what I need from Aurora store and
F-Droid. For the last three years, it worked for me (with some quirks,
of course). Signal worked fine except for notifications that were
sometimes delayed. I considered that as a feature: my phone is in do not
disturb all the time, I don’t want to be interrupted.
On March 7th, I made a backup of my Signal messages and removed the
application temporarily as I wanted to quickly try some open source
alternatives (signal-foss and molly). Those didn’t work, so
I reinstalled Signal and asked to restore the backup.
Signal asked for my phone number, warned me that I had no Google Play
Services then re-asked for my number then re-warned me. Then asked me to
prove that I was a human by solving a captcha.
I hate captcha. I consider the premises of captcha completely broken,
stupid and an insult to all the people with disabilities. But those were
the worst I had ever seen. I was asked to look on microscopic blurry
pictures, obviously generated by AI, and to select only "fast cars" or
"cows in their natural habitat" or "t-shirt for dogs" or "people playing
soccer".
Now, I’ve a question for you. Is a car looking like an old Saab fast
enough? While a cow on the beach is probably not in its natural habitat,
what about a cow between two trees? What if the t-shirts are not "for"
dogs but with dogs on them. And what if the drawing on the t-shirt is a
mix between a dog and a cat? What if there’s a player holding a golf
club but hitting a soccer ball? Even with a colour screen, I’m not sure
I could answer those. So imagine on an eink one…
Signal is for everyone but you need to answer those idiocy first. It
should be noted that I have a very good eyesight. I cannot imagine those
with even minor disabilities.
Of course I did try to solve the captcha. But, after each try, I was
sent back to the "enter your phone number" step, followed by "no Google
services warning" then… "too many attempts for this number, please wait
for four hours before retrying".
I have no idea if my answers were bad or if there’s a bug where the
captcha assumes Google Play Services. I’ve tried with the APK official
version and the Google Play Store version (through Aurora), they all
fail similarly. In three days, I’ve managed twice to pass the captcha
and receive an SMS with a confirmation code. But, both times, the code
was rejected, which is incomprehensible. Also, I learned that I could
only read the code from the notification because opening the SMS app
reinitialised Signal to the "enter your number" step, before the
captcha.
Centralisation is about rejection of differences
================================================
What is interesting with corporatish marketing blog posts is how they
usually say the exact opposite of what they mean. Signal blog post about
differences is exactly that. They acknowledge the fact that there’s no
way a single centralised authority could account for all the differences
in the world. Then proceed to say they will do.
There’s only one way for a centralised service to become universal:
impose your vision as a new universal standard. Create a new norm and
threat every divergence as a dangerous dissidence. That’s what Facebook
and Google did, on purpose. Pretending to embrace differences is only a
way to reject the differences you don’t explicitly agree.
Interestingly, Signal is only realising now that they have no choice but
do the same. At first, Signal was only a niche. A centralised niche is
not a real problem because, by definition, your users share a common
background. You adapt to them. But as soon as you outgrew your initial
niche, you are forced to become the villain you fought earlier.
Moxie Marlinspike, Signal’s founder, is a brilliant cryptographer.
Because he was a cryptographer, he did what he found interesting. He
completely rejected any idea of federation/decentralisation because it
was not interesting for him. Because he thought he could solve the
problems of world with cryptography only ("when you have a hammer…").
He now must face that his decision has led to a situation where the
world-freeing tool he built is publishing facebookish blog post about
"differences" while locking out users who do not comply with his norm.
Like Larry Page and Serguei Brin before him, Moxie Marlinspike built the
oppression tool he was initially trying to fight (we have to credit Bill
Gates, Steve Jobs and Mark Zuckerberg for being creepy psycho craving
for power and money since the beginning. At least, they didn’t betray
anything and kept following their own ideals).
That’s the reason why email is still the only universal Internet
communication tool. Why, despites its hurdles, federation is a thing.
Because there is no way to understand let alone accept all variations.
There’s a world of difference between Gmail interface and Neomutt. Yet,
one allows you to communicate with someone using the other.
Centralisation is, by its very definition, finding the minority and
telling them "you don’t count". "Follow the norms we impose or
disappear!"
It is really about Google’s services after all…
===============================================
One problem I have with my Hisense A5 is that my banking application
doesn’t work on it, expecting Google Play Services.
To solve that issue, I keep in a drawer an old Android phone without sim
card, with a cracked screen, a faulty charging port and a bad battery.
When the bills-to-pay stack grows too much, I plug that phone in the
charger, fiddle with it until the phone start, launch the banking app,
pay the bills, put that phone back in the drawer.
After fiddling for two days with Signal on my eink phone, I decided to
try on that old phone. I installed Signal, asked to connect to my
account. There was no captcha, no hassle. I immediately received the
SMS with the code (on the Hisense eink phone) and could connect to my
Signal account (losing all my history as I didn’t transfer the backup).
At least, that will allow me to answer my contact that they should not
contact me on Signal anymore.
Signal automatically trusted a phone without sim card because it was
somewhat connected to Google. But cannot trust a phone where it has been
installed for the last three years and which is connected to the related
phone number. Signal vision of the world can thus be summarised as: "We
fight for your privacy as long as you agree to be spied on by Google."
Centralisation is about losing hope
===================================
One thing I’ve learned about centralised Internet services is that you
can abandon all hopes of being helped.
There’s no way Signal support could help me or answer me. The problem is
deep into their belief, into the model of the world they maintain. They
want to promote differences as long as those differences are split
between Apple and Google. They probably have no power to make an
exception for an account. They could only tell me that "my phone is not
supported". To solve my problem, they should probably reconsider how the
whole application is built.
Technically, this specific problem is new. Three years ago, I had no
problem installing Signal on my phone and no captcha to solve. But once
you sign up for a centralised service, you are tied for all the future
problems. That’s the deal. I was similarly locked out from my Whatsapp
account because I didn’t accept a new contract then forgot to open the
app for several months (I was disconnected at the time ).
Le suicide de mon compte Whatsapp
https://ploum.net/le-suicide-de-mon-compte-whatsapp/index.html
That’s what I like so much about federated protocols (email, fediverse).
I can choose a provider where I know I will have someone in front of me
in case I have a problem. Either because I’m a customer paying the
expensive tiers for quick support (Protonmail) or because I trust the
philosophy and donate appropriately (my Mastodon server is hosted by La
Quadrature du Net, I trust that team). I also know that I can easily
migrate to another provider as soon as I want (considering mailbox.org
instead of protonmail).
As a chat tool, Signal is better than many other. But it’s centralised.
And, sooner or later, a centralised service faces you with a choice:
either you comply with a rule you don’t agree, either you lose
everything.
With every centralised service, the question is not if it will ever
happen. The question is "when".
Either you conform to the norm, either you are too different to have
your existence acknowledges.
That’s also why I’ve always fought for the right to differences, why
I’ve always been utterly frightened by "normalisation". Because I know
nobody is immune. Think about it: I’m a white male, cis-gendered,
married with children, with a good education, a good situation and no
trauma, no disability. I’m mostly playing life with the "easy" setting.
I’m sure lots of reaction to this post will be about how I made mistakes
by "trying signal-foss" or by "using a completely weird and non-standard
phone".
That’s exactly the point I’m trying to prove.
I’ve suddenly been excluded from all the conversations with my friends
because I very slightly but unacceptably deviated from the norm.
Because, three years ago, I thought having a black and white screen on
my own phone was more comfortable for my eyes.
ABOUT BLUESKY AND DECENTRALISATION
by Ploum on 2023-03-03
https://ploum.net/2023-03-03-bluesky.html
Jack Dorsey, Twitter co-founder, is trying to launch Bluesky, a
"decentralised Twitter" and people are wondering how it compares to
Mastodon.
I remember when Jack started to speak about "project bluesky" on
Twitter, years ago. ActivityPub was a lot more niche and he ignored any
message related to it. It definitely looked like a NIH syndrome as he
could, at least, have started to discuss ActivityPub pros and cons. I
was myself heavily invested in decentralised protocols (from blockchain
to ActivityPub). It was my job to keep an eye on everything
decentralised and really tried to understand what BlueSky was about.
My feeling was, in the end, clear: Jack Dorsey wanted a "decentralised
protocol" on which he had full power (aka "VC-style decentralisation" or
"permissioned-blockchains").
You have to keep in mind that those successful in the Silicon Valley
know only one kind of thinking: raise money, get users, sell off. They
can’t grasp decentralisation other than as a nice marketing term to add
to their product (and, as Ripple demonstrated during the Cryptobubble,
they are completely right when it comes to making tons of money with
shitty tech which pretends to be decentralised while not being it at
all).
To my knowledge, acknowledgement of ActivityPub existence by BlueSky
came very late after the huge Mastodon burst caused by Elon Musk buying
Twitter from Jack Dorsey. It’s more a "oh shit, we are not the first"
kind of reaction.
But even without that history, it’s important to note that you don’t
simply design a decentralised protocol behind closed doors then expect
everybody to adopt it. You need to be transparent, to discuss in the
open. People need to know who is in charge and why. They also need to
know every single decision. Decentralisation cannot be done without
being perfectly free and open source. That’s the very point of it.
If we don’t want to consider the hypothesis that "bluesky
decentralisation" is simply cynical marketing fluff, I think we can
safely assume that Jack Dorsey has hit his mental glass ceiling. He
doesn’t get decentralisation. He doesn’t have the mental model to get
it. He will probably never get it (he became a billionaire by "not
getting it" so there’s no reason for him to change). The whole project
is simply a billionaire throwing money at a few developers telling him
what he expects to hear in order to get pay. A very-rich-man’s hobby.
There’s no need to analyse the protocol or make guess about the future.
It’s a closed source beta application with invite-only membership. It is
not decentralised. It cannot be decentralised.
Discussion on Hacker-News
https://news.ycombinator.com/item?id=35009723