[Cryptography] Signal planning to support for plaintext SMS

John Denker jsd at av8n.com
Sun Oct 30 03:55:25 EDT 2022 

On 10/29/22 1:56 PM, Ralf Senderek wrote:

> While at the start they feel, that having unencrypted messages on board would
> help to use Signal as a default, today the risk of a confusion between secure
> and insecure messages by the ordinary user demands a clear cut.
> Insecure messagers a available in abundance, so users will find an alternative
> for insecure messaging quite easily.

The problem is not finding apps. The problem is using the apps.
Plural.

Crypto exists at the intersection of ethereal mathematics and
down-to-earth engineering. Today we are discussing human-factors
engineering.

I haven't done a proper human-factors study of this issue, but
it's clear that the Signal guys haven't either. They have not
analyzed even the most basic usability issues. They need to
start looking at it from the user's point of view, not from
the app's point of view.

When there are two apps, if I want to find a message, I have
to look in two places. Half the time this doubles the workload.
This is a step backwards in terms of usability.

By the same token, if I want to send a message, I have to
choose which app to use. If I choose the SMS app, I will
send an insecure message, even when it would have been
possible to send a secure message. So this is backwards in
terms of security as well as usability.

There is a well-known discipline for analyzing decisions. It
requires considering all the plausible possibilities and
weighing the costs and benefits of each. For example, if the
perceived problem is unwittingly sending an insecure message,
there are about ten ways of addressing that. None of them are
perfect, but some are better than others.
  -- My guess is that a separate app is closer to the bottom
   than the top of the list
  -- I see no evidence that the Signal guys have even bothered
   to make a list, i.e. to consider the costs of a separate
   app and the benefits of the various alternatives.

By way of analogy: Suppose firefox and chrome required users
to obtain separate browsers, from different suppliers, with
different UIs, to distinguish HTTP from HTTPS sites. Are you
telling me that security "demands" this?

More information about the cryptography mailing list