TL:DR: When you edit an unread message on Signal, the recipient can see all the changes you made. Is that a good thing? I don’t think so.
I’m sure a lot of you know that when you edit a message on Signal, the recipient can still see not just the original version but every version of the message if you edited it multiple times.
IMHO, if the user has not seen the message, we should be able to hide all the edits from them.
If you are having an argument with your partner over text and send a harsh reply that they have not seen but that you quickly edited, they would still be able to see your harsh words.
I understand that if the recipient hasn’t seen the message, I can still delete it, but I wish we could hide edits.
I remember when Telegram introduced the ability to edit and delete past messages, one of my friends felt that the way Telegram implemented it was wrong because it shattered the integrity of messages. Telegram allows you to delete messages you sent months or years ago with zero indication that you deleted anything. This can easily change the meaning of past conversations when someone reads them back again. It can easily create a lie. It’s actually the primary reason my friend stopped using Telegram.
Signal’s way of implementing edited and deleted messages is a good counter to that, but I wish it were possible to hide edits when the recipient has not seen the message. If the recipient has seen the message, I’m ok with them having access to previous versions.
How would this be actually work? Even if the recipient has not yet read the message, their device has likely retrieved it and they may have seen the content in the push notification. It is poor UX for the recipient to not be able to see changes to a message they already have on their device and may have already seen.
It would also entirely depend on the recipient’s client cooperating. If you are trying to hide something about a message you are sending from the person you are sending it to, you will have no guarantees that any measures will actually succeed because they may be using a client that simply doesn’t cooperate while reporting it does. The closest feature Signal has already to this threat-model-wise is disappearing messages, but disappearing messages provide a benefit when communicating with non-adversaries when both want to ensure a third party couodn’t seize a device and review the entire chat history. There is no such benefit for this feature, it would only be for the purpose of helping you against an adversarial recipient, which Signal is not capable of actually providing safety against.
I hear you, but I am specifically referring to a message the recipient has not seen. Also, I am not against the recipient knowing that the message was edited even if they haven’t read it. But giving them access to previous versions in this context is IMO, unnecessary.
Maybe so, but most people use the default client. Most Signal users use the official Signal app. They don’t use Molly. Also, when I send a message that was unread and deleted before it’s read, I am confident that the recipient hasn’t seen it. So why not have the same feature for edited messages? The risk level is the same.
I disagree. The recipient doesn’t have to be adversarial. Hiding edits to an unread message achieves the same thing as deleting the message. So why not allow it?
To me the edit system is valuable for the sake of transparency. The case you describe is an edge case where one should use delete (or take a beat to let their emotions cool and proofread before hitting send) instead of placing responsibility on the app.
I don’t think this level of nitpicking is helpful. Signal serves hundreds of millions of people, and the current edit policy seems like a wise choice for all but a handful of situations, and in those situations there are other remedies (as you yourself noted). It’s also probably a fair amount of work to build this hyper-specific functionality, and that time can be better spent on less frivolous features.
As I mentioned push notifications mean there is no way to know if it has actually been seen.
To you, as the sender. Maybe the recipient prefers to keep that record. It’s not your decision, as the content is already on their device.
The default client can act uncooperatively in this context if the recipient creates a backup before the message is edited. You don’t need a third party client for this.
Why? Not everyone sends read receipts, and even if they do again they can see it in their push notifications which doesn’t send a read receipt even if they have them enabled. Also, if the message was sent more than 24 hours ago, it actually doesn’t delete it from the recipient’s device. Even if less than 24 hours ago, if they have a backup created since it was sent they will still have the content in the backup.
Someone you are messaging who if they can see past edits to messages you’ve sent them is problematic for you is by definition, at least to some degree, adversarial.
Not technically speaking. Deleting messages is a convenience thing, and signal actually explicitly doesn’t guarantee that it will be deleted on the recipient’s end (they specifically document this as “best effort”). Content can’t be deleted from backups created after the message was sent, for example. Editing needs to be reliable, because it updates the content and produces a new event. It doesn’t make sense to provide reliable delivery of edits and unreliable hiding of edit history.
I mean if it’s the same thing to you why not just delete the message and resend it then?
Hiding edits would create the assumption that it is hidden, which creates confusion for users. It would be like a downgrade attack which you in general want to avoid.
Being transparent about, this can potentially be seen by other users, is a good thing.
It’s not my decision, but it’s not really the receiver’s either. It’s Signal’s decision.
They are the ones who chose to implemented it this way.
In the context of an ongoing argument that started before the message was edited, yes.
But sometimes letting the recipient see the edited message can start the argument. I’ll give an example.
Your friend tells you that they had a skateboard accident, and broke their arm. A month goes by and they are still healing. You text them:
- Hey, how’s your leg. Is it completely healed?
Realizing your mistake you edit the message to:
- Hey, how’s your arm. Is it completely healed?
Your friend sees the original message and gets upset because they’ve discussed their accident multiple times with you, and the fact that you asked about their leg instead of their arm shows that you are a terrible listener.
I’ve seen arguments start exactly like this with both friends and family.
Not allowing the recipient to see your edits would be beneficial in this context.
It’s kind of like when your partner sends you to the grocery store to buy apple juice, and instead you buy orange juice, but you realize in the car that you made a mistake and go back to get the apple juice.
Does your partner need to know that you almost came back with the wrong thing?
No.
Even so. The risk is the same as when I delete an unread message.
All of my Signal contacts use Signal primarily because of me. They don’t really use it to talk to other people on it, and hence accept the default settings. Read receipts are on. I have changed the chat settings many times for our chats, and they never commented on that or intervened to change it to their liking.
The risk remains pretty much the same so it would make sense to hide edits for unread messages, IMHO.
They can offer the same warning for edited messages. I am willing to take that risk.
This is why I am in favor of indicating that a message was edited. I actually think it’s a must.
But I don’t think the integrity of a message is betrayed when the receiver doesn’t have access to prior versions that they never saw before they were edited.
But deleting a message that was unread also hides the history. It rightly doesn’t hide that the message was deleted, but it hides the content of the message.
I do that. I’ve sent media (pictures, videos, photos) by mistake and deleted them because they did not appear in the order I wanted.
But when it comes to text, from a UX point of view, editing is easier than deleting. Because if I just want to edit a sentence in a 5 line text, deleting it requires that I copy the message, send it to myself, and then delete it. After that I have to edit the message in my “notes to self”, copy it once it’s completed, and paste in my chat. It’s more effort.
I have no strong feelings. I’ve used platforms that work both ways and for most people in most situations they work equally well. I’d rather adjust my own behavior than try to change a platform.
Agreed, if I see someone wrote something, regretted what they said or felt they phrased it poorly, and then edited it to be more considerate then I am not really going to have a negative impression of them. If we interact in person they are not going to get to edit their responses after speaking, so one assumes I already know about this and am okay with it at that point. Their effort into being considerate is obvious.
Someone you are messaging who if they can see past edits to messages you’ve sent them is problematic for you is by definition, at least to some degree, adversarial.
Yeah, if it were me talking to a spouse or friend, they could simply ask me not to read their edit history if I hadn’t seen what they said pre-edit. If I agreed, someone who knew me well would have no reason to doubt me due to my history with them.
Adversarial might seem like strong phrasing, but we’re really talking about a specific situation where someone either won’t agree to that or can’t be trusted to follow through on what they say. There are benefits and drawbacks of both ways of handling edits. However, regardless of how Signal handles it, I don’t think the aforementioned situation should be what they base their design choices on.
I had no idea the original message of Signal edits were visible, which feels like a privacy violation to me. The idea that you should just delete your message if you don’t want the original to be read is fine… if you’re aware of that fact in the first place. Most messengers don’t work this way in my experience. I’m fine with the logic of it but this should be abundantly clear when editing a message.
Assuming original messages, before an edit, are visible has been my default assumption about nearly all internet messaging/communication tools I’ve used over the years.
Once the message leaves your device no service can reasonably make guarantees about who can or can not see the message on the receiving end.
I second this. Also I don’t think Signals threat model is to protect you against yourself.
As other people said: once a message is sent, it’s sent. Pretending it’s tracelessly deleted and it never happend (like Telegram does) is just security theater. If you don’t trust your chat partner don’t send them messages.
If they are getting so pissed about you getting something wrong (like mistakenly asking about an injured leg instead of an arm) it’s not the messengers problem. It might be the relationship. Or how do you handle this in real life?
If you’re using Signal then I would assume you have some grasp on personal responsibility regarding handling your own data.
I think it also subtly promotes transparency and trust to the recipient in showing your mistakes and corrections, rather than the sometimes ominous “edited”.
I also like that they give you the option to delete the entire message and start again if it’s really a problem.
But 99% of the time it will be typos and readability fixes that people edit messages for.
I edit my comments on this forum often because I’m impatient (case in point: I typed “inpatient”) and don’t proof-read enough lol. I appreciate that this forum sometimes asks for a reason why you’re editing, because I never really thought about what that could imply to the reader.
TL;DR I think it’s the best option.
My backup solution would be “undo send”, that we have on email clients. But that would make instant messaging slow as balls.
This is a personal problem, not a Signal problem. If you can’t control yourself enough to not send harsh words that you will regret later then it’s not Signal’s job to help bail you out.
Edit history always seemed to me to be an important log for potentially abusive messages. If someone was sent a threatening message or something constituting harassment, the edit history ensures the message can’t just be redacted/changed to something unremarkable to protect the sender from consequences.
There is still the deleted message workaround anyway. And while that could also be exploited it seems necessary to keep for people to protect themselves if a phone is stolen or seized or something like that.
It’s perfect now. Other options create transparency, usability, and privacy problems for no real benefit.
Want to change something without your contact seeing what it was before? Delete for everyone. And send the new one.
Want to make an edit and don’t care if it is seen? Edit.
I am happy with Signal’s UX—I can’t ask for anything more on the UX front. I don’t need anything that Discord or WhatsApp DMs gives. Signal is clean, intuitive, and features are implemented well. I even like stories .
I didn’t know about it either. I found out soon after the feature launched when a friend told me. It’s the same friend who left Telegram for Signal because of how they implemented deleted and edited messages.
That’s the key part. I don’t think most people are aware, and, in my opinion, that is good enough of a reason to change it.
I don’t think most people make that assumption when the message is unread. That’s the point.
That’s a fair argument. But when Proton Mail, and other email services allow you to unsend an email within minutes or seconds after you clicked send, aren’t they protecting you against yourself?
Signal was not the first messaging app to introduce editing sent messages. It was Telegram.
And as there are justified critiques for how Telegram implemented this feature, I think this is a justifiable one for Signal too. Signal chose to implement it this way.
I think it is a fair compromise to ask that if a message is unread, edits should not be visible to the receiver. But if it has been read, then it’s fair to show them the changes that were made.
I agree. It’s not Signal’s problem. But I don’t think it’s unreasonable to request a change to this feature all the same. It’s not Proton’s problem if you made a mistake in your email to a potential employer either, but it’s still nice to be able to unsend it.
That may be true today because Signal is a very small player compared to its competitors, who are 20 times bigger. But would it be true if Signal was the most popular messaging app? Unlikely so. I don’t think it’s accurate to assume that if you use Apple, it’s because you care about privacy and hence have some grasp on personal responsibility regarding handling your data.
When I believed Telegram respected privacy, I tried to convince my friends to join, and I used privacy as my main argument. My friends did join Telegram, but not because of privacy. It was because of Telegram’s superior UI and UX over WhatsApp and the many features the latter didn’t have, like a desktop app. Also at the time, WhatsApp had an outage in many countries, and because of that, some people were more open to try alternatives.
There are people who use Signal primarily because their family or friend asked them to. Because they care about keeping in touch with them, they are willing to make that change. They are not moved by privacy. None of my friends or family are on Signal because of privacy.
I agree. But it’s a level of transparency that is not necessary, IMHO. Transparency is already present when there is an indicator that the message was edited. People can be put off by seeing your process and revisions, especially if it’s not pretty. As the saying goes, you only get one chance to make a first impression.
At one of my previous jobs, I used to stay up late because I was overwhelmed by the workload and the tasks I had to do. It was extremely anxiety-inducing. I had just started the job. My boss didn’t know I worked late. I sent my reports to her the moment I finished them, that is, at 2 o’clock in the morning.
Although my boss only read those reports at 9 when she got into her office, she saw the time at which I sent them, and she called me to her office. To her, it was clearly a sign that I could not handle the job if such tasks took me this long. If I had scheduled my emails to be sent at 9 am, which was not possible, my boss would have never gotten that negative impression of me.
That is certainly my experience. But in a work context, people can be judged for that too. And people often won’t judge you the same based on who you are. An Italian person might be judged less harshly than a Chinese person if they make the same English spelling mistakes and both work for the same company in the US or UK. I have definitely observed this.
I hear you. But this post is not about PG. I am not advocating for PG to hide edits. I am specifically talking about Signal, in the context where the message was unread by the recipient.
It’s not about harsh words. I gave examples where there are no harsh words and the recipient is still upset.
This is certainly good argument for it.
I have Molly on my phone, but I stopped using it for two reasons:
I agree with the transparency sentiment, after all you have to assume your message has been seen, since the recipient could just be offline directly after receiving it. (And live with the mistake you made.)
–
Edit: Before reading on, be aware this seems not to be in the official app. I’m using the degoogled unofficial version Signal-FOSS, which utilizes patches from Molly, IIRC.
Which bring me to this (sorry if I missed it already mentioned) :
The workaround of deleting and resending does not work.
.