I got banned by WeChat last week for a while for using "unauthorized plugins". They seem to also be adamant about not allowing people to run WeChat on virtual machines.
Seriously, WTF? It's none of your business what device I use and whether it's virtual or not.
I got a cease-and-desist from Facebook many years ago for trying to write a Perl interface to their messenger.
I own and control my devices, damnit. I hate these walled garden messaging apps that seem to actively thwart innovation. All I want is a protocol (which I'm even happy to pay for!) and I will decide how messages present themselves on my end.
Many years ago I used Pidgin to interface to MSN, ICQ, AIM, QQ, Gtalk, Yahoo, Zephyr, and a couple others. It was great -- I had E2E encryption (sorry Pichai and Whatsapp I had E2E encryption on ALL of my messengers before you all decided to wall-garden your apps and then do some stupid PR stunt about E2E encryption years later), automatic human language translation, automatic LaTeX rendering, and a bunch of other features, all of which I don't have now because the messenger apps everyone uses now are anti-innovation. We've taken a huge step backward.
I got a discord account banned recently, and they wouldn't tell me why. My guess is that it has to do with my using a weechat bridge rather than their garbage client. I have to do the same for slack and for signal (which, by the way, is terrible even with signald), because they too have garbage clients. I have a much better experience when just using plain IRC.
It's slow to start, constantly downloads a bazillion updates. Information-wise, it's not very dense. It's hard to customize; doing so requires a bunch of hacky stuff: https://github.com/AryToNeX/Glasscord/wiki/Installation
Using a third-party client is a bannable offense under the terms of service. I hate the little "emoticon" icons that are all over the place. It set itself to auto-start on boot (this behavior may be different on win/mac). I don't like trusting it with my messages. It tries to show what applications users are running at the moment. There have been some improvements, but I still don't trust the security of electron.
These are some of the ones I can remember off the top of my head. Generally, it always seemed like it was both trying to baby me and seem "cool". It's many of the things I hate in modern software in one application. It's a chat app, which should shut up and show me messages, not try to double as a social network. It's also a voice conferencing app, which should shut up and transmit/receive audio, not try to double as a social network.
I know a lot of other people who seem to like it as well; good for y'all. All of this would be much less offensive if it hadn't banned me for opting out of its webshit.
I'm going to assume you ask this question because you're honestly curious about GP's discontent with Discord's interface, so this is NOT directed at you, but ...
One of the things I've often noticed is that people like to shame me for being discontent with e.g. WeChat's interface or Facebook's interface. "What's wrong with it? I think it's great! [... and you're weird]" and that mentality of casting away hacker types who want to invent their own UIs is extremely toxic to creativity and innovation, but it's a pattern I've seen happen very frequently with all of these walled-garden apps. (Again this is not directed at you)
Yes, I totally agree with that being a problem. At the end of the day different UIs satisfy the goals of different people. It's a bit pointless to bash people for picking things that fit their lifestyle.
Pidgin still exists and there are plugins for lots of the modern messaging systems. Please note that OTR is no longer considered safe crypto-wise, there is an unfinished OTRv4 that fixes that.
>Please note that OTR is no longer considered safe crypto-wise...
I could not see any discussion of the deficiencies of OTR in the titles of the OTRv4 sections. Could someone direct me to a reference? This is the first I have heard of this. I thought OTRv4 was all about usability.
> - compared to Signal, it does not snoop your phone number
Great, leaking the user's email address which, more often than not, contains their real name is so much better. /s
Seriously, though, I don't think this comparison accurately reflects the differences between Delta Chat and Signal:
Signal uses your phone number for account lookup but not for addressing participants. Moreover, it uses a feature called Sealed Sender[0] to conceal even the cryptographic address of a message's author. In contrast, Delta Chat leaks the email addresses of the people participating in a [group] conversation[1] (and, thus, their social network) not just to one provider (as in the case of Signal) but to all email providers involved in hosting the conversation, meaning that, as a user, you have to trust not just a single but multiple entities. Meanwhile, Signal doesn't even know how many people there are in a group conversation.
You seem to care about whether the messaging provider knows your phone number / email address... but that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to; essentially, they want a trusted provider to protect them against untrustable contacts, not to speak with their trusted contacts using an untrustable provider. Now, can you solve for both of these problems at the same time? I think so--and maybe Three.ma is exactly that!--but Signal doesn't seem to care, as they have a somewhat strange model of how people chat. The question, then, is mostly about how well the application supports creating unrelated accounts / aliases: what you really want is just some kind of separate user identifier (such as you get with Three.ma, or with services like Wire/Kik); but, barring that (as federation makes that weirdly hard), email addresses are way better than phone numbers, as it is way way easier to get throwaway email addresses--even ones from unrelated hosting companies--than throwaway phone numbers.
> You seem to care about whether the messaging provider knows your phone number / email address... but that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to
I don't disagree but OP was specifically talking about Signal "snooping" one's phone number, so I was talking about a different attack vector.
Besides, to answer all those comments saying that they would set up a separate anonymous email address in heartbeat, we should not forget that the HN crowd is a rather unique group of people. How many of our grandmas would get themselves a new email address just for the purpose of signing up for Signal?
Finally,
> Signal doesn't seem to care
doesn't seem to be true. The Signal developers have been working on switching from phone numbers to usernames as unique identifiers[0] since at least 2019. As they have mentioned multiple times, though, it is a complicated change.
Your links do not demonstrate that they "care", nor do they even show it is "complicated". I have been following the Signal project since well before it was even called Signal, I talk with a lot of Signal advocates at the events where I speak, and I have spent lots of time digging through issue trackers and conference proceedings to get some concept of what goes on in the mind of a Signal developer (particularly Moxie, who has made himself the enemy of decentralized systems and even open source clients): they seem to only be doing this--and lazily to boot--because people are upset about it, not because they believe in the use case; they are extremely opinionated in their specific model of chat and generally insist that using phone numbers was necessary in order for network effect to work (along with commensurate defenses of all of the privacy SNAFUs related to it, some of which they have attempted to address, but half-heartedly). Put another way: you don't spend so many years shitting on an idea and claiming it would be actively harmful to your cause just to eventually say "ok, fine: we're working on it" without any explanation that "we made a mistake and hope the community can forgive our prior misunderstanding here" if you actually "care" about something.
> that simply isn't the attacker model most people have: they want the people they are talking to to not have their real phone number / real email address, and couldn't care less if Telegram or Snapchat or Google or even Facebook knows who they are taking to
Are you sure you're not extrapolating from your needs to that of "most people"?
I don't doubt that there are people for who need anonymous communication (whether just sender-anonymous or sender-anonymous, recipient-pseudonymous). But so far, I've never had the need for it.
Quite the opposite, actually: I wouldn't want to receive anonymous messages on Signal, at least not without opt-in.
No: I am not (in fact, I am really strange: I am a super famous person who has decided to have a single public phone number and email address that he gives to everyone). I think part of the problem here is that you seem to think leaning heavily into the anonymous communication scenario, but that isn't how other people conceptualize wanting to not have their real phone number or email address given to random people: the real play is almost entirely about being pseudonymous, where you might have your name (or a "well-known alias") and a photo of yourself attached to the account... but not a real phone number or email address (which tie your identity together to other systems). This use case is so common that even tech people whom I feel "should know better" opt for solutions like Apple or Facebook login rather than giving away their real email address to a random website!
So, first, to address this: it is frankly extremely rare to have a realistic attacker model that cares about eorher governments or a chosen large corporation having access to your chats, at least "in the West". Like, seriously: sit down and list who you think falls into this category... this is a list which starts with "political dissidents" and continues into some really strange low-likelihood scenarios, as the entire premise surrounds a government or law enforcement agency subpoenaing your messages.
Most of the people I know who are in this category are simply people who want to believe they will one day be targeted by governments for being too dangerous. I can still motivate this software for people, based mostly on scenarios involving bad people getting jobs at large companies to access your information (this is a big issue with Facebook), but even those scenarios barely work against companies like Google (which have good internal information controls). I have gone into this in more detail before (with someone shilling Signal who hilariously ended up just admitting that Signal doesn't work here as it is a "privacy issue").
The ironic thing is that, without also solving the untrusted contact problem, this set barely even includes political dissidents: I have tons of friends who do stuff like coordinate protests, and the #1 realistic concern is that the police--whom I also talk to a lot (I am an elected government official), and I know they do this--have managed to infiltrate their giant group chat and are just watching it all happen and writing down phone numbers. There is a big gap between anonymous and trusted, and it is where most use cases actually happen.
So, on the other side, pretty much every "normal" person constantly meets people with whom they want to communicate without giving away their real phone number / email address. How do I know this? Because that's what most people want to talk with the people whom they are casually dating. This is a big reason why everyone uses Snapchat for almost everything (and Instagram or TikTok for everything else): because it gives you a feeling of control over what people know about you.
Just earlier today I was watching someone on TikTok--in a video about dating communication--say "using Snapchat as the only form of communication during the talking stage is the move: I'm not giving you my phone number... we just met! I would sooner give you a urine sample" (this is an exact quote). The comments mostly agreed with everything she said (and she only had like three supposedly-"unpopular" opinions that were actually quite popular ;P); here are some of the strongest comments about the Snapchat mention.
> Yes! Snapchat! The only way they can’t use one type of social media to find you on other social media
> Yes about the snap vs phone number. I started online dating after a 15 yr relationship and I got a phone stalker that texts me with new numbers
> yeah idk why ppl hate on snap. I prefer it bc they don't have my last name or extra info on me and I can see more what they look like beyond a few pix
Were there people who disagreed with her? Sure, but they were all either advocating for refusing to leave the dating app in the first place (which is itself a trusted provider protecting you from untrustable contacts), were advocating for a different but similar solutions (that still don't involve giving out your phone number), or seriously said "I don't know if I am just old or what"... to which I will note "yes, you are apparently quite old :/".
> Snapchat is dead there are apps like Text+ that create burner numbers...that’s what I use
> Yeah you’re right about this but the Snapchat thing is enlightening as somebody who was an adult before Snapchat lol
> Great, leaking the user's email address which, more often than not, contains their real name is so much better. /s
So, how good is your spam filter for SMS/calls? /s
Personally, I rather give my mailaddress than my phone number. I can set up a new address rather quick. I cannot switch my phone number that effortless.
Maybe worth noting that spam calls/SMS are primarily a problem in the US.
In the European countries that I've had phone numbers in, these basically don't exist, and my phone number has been part of several data breaches. (That said, I am curious if this is a problem occurring in almost all or almost no other countries!)
As far as I understand, these problems are also in the process of being fixed in the US via caller ID authentication (to enable carrier-level filtering), which seems like the right approach: In the long term, it's more or less futile to keep a phone number out of data breaches or advertiser databases.
Would much rather use an email vs a phone number, 100%. Most email has good spam blocking compared to phone numbers. And you can hold multiple addresses without paying more per month on a cell plan.
Compare to most IM systems Delta Chat is:
- easier to set up: you already have an email
- equally private: most IM systems leak metadata anyways. A global observer can infer your peers.
- compared to Signal, it does not snoop your phone number
- decentralized
- cheaper to run 1: managing mailservers is cheaper than managing both mailservers and IM servers
- cheaper to run 2: mailservers evolved for decades and are now pretty efficient, especially compared to most IM servers