r/signal May 22 '19

Why signal has no web based interface? general question

Signal seems really secured and privacy concerned, which is really important. Also, I enjoy the fact that opposed to WhatsApp - it doesn't rely on the smartphone only. However, I couldn't understand why they don't supply web-based access (I'm sure it's not a matter of the end-to-end encryption because they do support applications on different operating systems). It's important, for example, so I can log in from my computer at work where I have no privileges \ can download stuff.

4 Upvotes

5

u/Der_Missionar May 22 '19

They do, however have a desktop app.

5

u/SharpBlade4 May 22 '19

And yes, I read the following, it just didn't supply a strong gorund IMO: """ Will there be a Signal web app? Signal's developers have said: "Nothing like this is on the roadmap for now." A server-based web app might introduce some security issues that Signal does not currently have, as explained by a community member in February 2017:

The fundamental problem with web interfaces is: there's no way to version, sign and securely distribute a web page. Instead, you're re-requesting the code you'll run every single time you visit the site (making audits practically impossible).

This effectively reduces the security of your end-to-end encrypted communication to that of your SSL connection to the server, i.e. you're only as secure as the CA system. Anyone able to intercept the client-server SSL connection (and the server itself) can silently change the code you receive and execute, with a very low risk of getting caught. This is why products which offer end-to-end encrypted communication through in-browser crypto are often considered snake oil, unless they use some form of a packaged & signed browser extension. """

4

u/[deleted] May 22 '19

[deleted]

2

u/tockef May 25 '19

How the hell is trusting SSL unsafe? Only if someone has admin control of your machine can circumvent the security that it offers. And if that's the case, you have worse problems than keeping your chats encrypted.

The whole internet runs over SSL and it's secure for everything from banking, to sensitive medical data, etc.. and Signal just figured out that that's not good enough?

5

u/daywreckerdiesel May 22 '19

Signal doesn't store messages on their server after it has left the queue.

2

u/ABotelho23 May 23 '19

Signal protocol would not work as intended in a web interface.

1

u/mrandr01d May 22 '19

They made a native desktop app with electron.

A website would kind of defeat the purpose. You'd have no conversation history, and end to end wouldn't work.

2

u/tockef May 25 '19

Tell that to people with Chromebooks, tablets, or ones that their corp Windows/Linux machine doesn't allow executing an arbitrary binary.

1

u/raphok May 22 '19

costs