Whisperfish 1.0.0 (planned)
The milestone on GitLab for this release (th
Many big plans!
Whisperfish 0.6.0 (planned)
The milestone on Gitlab for this release
Features
- Feature parity with, and modernized version of Whisperfish 0.5.
Whisperfish 0.6.0-beta.20
Post-quantum end-to-end encryption, registration fix, and much more.
Changes
- Post-quantum (Kyber) key-exchange
- Fix build version number in CI/About page (maybe, I hope)
- Fix the info row lock size in developer mode
- Fix muting conversations
- Fix disappearing messages timer resets
- Store attachment pointers in database, preparation work for attachment download retries.
- New, more fine grained notification privacy options
- Show blur hash while attachments are downloaded
- Emoji-react to messages (hold message, swipe away, then tap the emoji)
- Fix logs on panic
- Implement a captcha test page
- Handle remote message deletions, implement remote message deletion
- Show original attachment file name, if available
- Implement attachment exporting
- Fix unidentified sending mode resets on profile key reception
- Fix registration and linking for new registration protocol
Registration
Signal overhauled their registration procedure. In my eyes, the new API flow has been redesigned to allow for registrations without phone number in the future. Signal has, meanwhile, introduced usernames, which will allow you to hide your phone number from contacts and groups. I hope to get this into Whisperfish soon™ too.
Post-quantum key exchange
Signal recently introduced post-quantum key exchanges for their end-to-end encryption protocol. This is, as far as I know, the first broad and permanent real-world deployment of post-quantum cryptography, and follows the very recent NIST standardization of Kyber. Signal is yet to announce this change officially, but it has been in production for two weeks. I expect Signal to roll out a rekey event for all sessions, and at that time announce the roll-out.
The deployment is a hybrid of X25519 and Kyber. This means that if the new Kyber system is horribly broken next week, your sessions will still be secure in the classical sense.
Practically speaking, the current change means that every new session with a contact will be protected against capture-now-decrypt-later attacks by (currently non-existing) cryptographically-relevant quantum computers, under the condition that Kyber remains as secure as it is thought to be.
I expect Signal to trigger session renewals or rekeying events to additionally protect existing sessions from the “quantum threat”.
Whisperfish 0.6.0-beta.19
Hotfix for the refactoring bug introduced in beta 18
Whisperfish 0.6.0-beta.18
Fixes group updating, since Signal changed their API calls, first steps toward PNI support
Changes
- Database refactoring, phone numbers and UUID are now strong types
- Fixes a hang on unregistered startup
- Fix group update API calls
- Show roles of group members
- Graceful handling of ^C
- Show translation contributors in About.qml, automatically update the About.qml page
- Fix self-recipient bugs
- Reset page stack when closing in daemon mode
- Add PNI column to recipient (currently unused)
- Fetch self-PNI
- Fix archive/pinned UI bugs
- Fix profile image display when clicking notifications for groups
- Fixes related to message notification counter
- Split storage module into separate crate, preparation for more refactoring
- Show the profile picture in the sharing dialog
- Fix RTL support in cover
- Fix detail attachment display for non-image/video attachments
- Fix the "show more" tag placement for long text messages
- Many small fixes
Whisperfish 0.6.0-beta.17
Sealed sending release!
Changes
- Fixes the profile page not loading
- Fix multiple settings page and profile page issues
- Implement automatic identity key reset
- Implement draft messages
- Fix captcha display and submission
- Ignore NullMessages and implement PlaintexContent
- Implement sealed sending
- Cleaner logging thanks to minimized Display implementations for database types
- Log Qt and QML via simplelog
- Keep identity key in memory, instead of reading from storage
- Stop trying to send messages to unregistered users, store registration state in db
- Consider empty sessions as read, fixes incorrect unread message count
- Expose logging settings in Settings page
- Bump emoji.js
Whisperfish 0.6.0-beta.16
Fix an issue during registration, and some QoL improvements
Changes
Whisperfish 0.6.0-beta.15
Overhauls the QML binding system. This should fix all UI inconsistencies, except for a few that are now introduced.
Changes
Whisperfish 0.6.0-beta.14
Bugfix release for most of the bugs we introduced in beta.13, and some fixes for changes upstream.
Changes
- Attempt to handle HTTP 428 by responding with a reCAPTCHA challenge
- Handle device mismatches (fixes sending to contacts that change their linking setup)
- Attempt at fixing a crash at startup related to profile uploading
- Fix a crash when opening an empty session
- emoji.js now supports out-of-date emoji packages as fallback
- Fix typing notification display of names in certain conditions
- Marking as read fix for mismatched sessions
- Cleaner formatting for linked device display
Whisperfish 0.6.0-beta.13
Profile fetching and updating, avatar displaying, sender key and unidentified sender support at receiver side, and much more.
Changes
- Disable defunct "send new message" functionality
- Don't crash when Signal desktop sends a SyncMessage about a story.
- Use move_rows instead of reinserting upon new message reception
- Big refactoring work by Lucien XU
- Send messages via the Websocket instead of the PushService
- Display avatars
- Display Signal profile names, with preference for local contact names in settings
- Implement displaying and sending quotes
- Use Emoji font for displaying reactions when configured as such
- Move (signed) prekeys, identities, sessions into database
- Implement sender keys and unidentified sending at the receiver side for much improved privacy
- Many, many, other tiny and big things.
Whisperfish 0.6.0-beta.12
Hotfix release for the new Signal root certificate
Changes
- Update root CA certificate for Signal production server (4096 bits RSA instead of 2048!)
- Multiple fixes for SailfishOS 3.4
- Fix storage migration corner case
- Fix some registration issues
- Fix cover scrolling behaviour
- Big update of libsignal-protocol version
- Misc layout and input field improvements
- Refactored some storage and Sailfish platform code
Whisperfish 0.6.0-beta.11
Mostly bugfixes for bugs that we introduced in beta.10, but also implements Whisperfish as secondary device. This release is basically completely due to direc85 and Gabriel Margiani; thank you both!
Changes
Whisperfish 0.6.0-beta.10 (code sprint edition!)
Many quality-of-life updates and technical debt fixes, thanks to the code sprint of Matti and Ruben!
Changes
Whisperfish 0.6.0-beta.9
Fixes for stuff in beta.8, mostly.
Changes
- Fix for emoji reaction parsing that could cause a crash
- Fix a crash when manually refreshing a group
- Fix config file location after the Sailjail implementation
- Fix creating debug symbols in CI and offline, run LTO on CI. Debug symbols are now hosted alongside nightl RPMs (and probably also here, let's see how the CD copes)
- Add new config paths to MyBackup paths
Whisperfish 0.6.0-beta.8
A bunch of quality-of-life updates, and SailfishOS 4.4 compatibilty! Direc85 did a lot of work in this release. If you consider donating to me for Whisperfish, please also consider buying direc85 a coffee.
Changes
Whisperfish 0.6.0-beta.7
Edition "omg OpenSSL".
Changes
Whisperfish 0.6.0-beta.6
Edition "invert the event loop". Write-up here: https://github.com/woboq/qmetaobject-rs/issues/102#issuecomment-919798690
Features
Fixes
Whisperfish 0.6.0-beta.5
Fixes
- Reception of messages with attachments, but without accompanying text
- Show contact/payment/deletion/group call update messages as "unimplemented" instead of empty.
Whisperfish 0.6.0-beta.4
Features
- MyBackup compatibility, thanks to Nathan!
- Display group changes and message timer changes in chat.
Fixes
- Fix usage of configured attachment path
- Fix the many empty messages sent by Android and iOS clients for profile key pushes
Translations
- Add Lithuanian, by Gediminas Murauskas
- Updates to Greek, French, Turkish, Dutch, and Vlaams. Thanks to all contributors!
Whisperfish 0.6.0-beta.3
Emergency release for the HTTP-500 "nothing can be send" bug and the BadKeyType bug.
Fixes
Whisperfish 0.6.0-beta.2 (yanked)
Emergency release for the HTTP-500 "nothing can be send" bug.
Features
Fixes
Whisperfish 0.6.0-beta.1
The milestone on Gitlab for this release
Features
Translations
- We have a Weblate account now!
- Portuguese translation, thanks to Yield and Antonio Maretzek!
- Czech translation, thanks to PawelSpoon!
- Turkish translation, thanks to Oğuz Ersen!
- Nowegian translation, thanks to Allan Nordhøy!
- Many, many, many, MANY cleanup operations on Dutch, German, French, and Spanish, thanks to Nathan, Dryo, and J. Lavoie!
Fixes
- More stable reconnection management. Flight mode and network changes should now work as expected.
- Access contacts through the Nemo QML interface instead of raw contacts.db. This interface will probably be more stable than the raw SQLite, and keeps compatibility across 3.x and 4.x.
- A "privileged file" allows us to read contact lists again on SailfishOS 4.0
- More or less fixed video playback
- Fix lingering notifications on session activation, thanks to flypig!
- JPEG rotation is now correct in Whisperfish (but not yet on Android), thanks to Mirian Margiani.
- Image zoom is more intuitive for images that are almost the same size as the screen, thanks to Mirian Margiani.
Whisperfish 0.6.0-alpha.9
Fixes startup on upgraded contact database.
Whisperfish 0.6.0-alpha.8
Features/fixes
Whisperfish 0.6.0-alpha.7
Features
Fixes
- Create the correct attachments download directory, should fix attachments downloading for new installations.
- Some phone numbers (notably with dashes, parantheses or dots) did not show up with names.
- New members in a group show up, group renames come through.
- Group members show up as names, not phone numbers, thanks to Thomas Michel.
- Fixes copying message to clipboard, thanks to Thomas Michel.
- Auto-focus password field, thanks to Markus.
Whisperfish 0.6.0-alpha.6
Features
- The conversation page got a complete overhaul in design. I hope you like it.
Fixes
- Fix a race condition during registration, which may corrupt the settings file.
- Sent messages update the session view
- More names show up correctly in session view (please file an issue if it's still buggy!)
- Session sections
- Sent attachments show up as thumbnails
- Some translation work in the (currently disfunctional) Device List page
Whisperfish 0.6.0-alpha.5
Features
- Sending new messages to a single contact, clean-up of contact selection
- Started French language translation
- French translation finished (thanks Thibaut Vandervelden)
- Spanish translation got a lot of clean-up (thanks carlosgonz)
- Settings page looks a lot nicer
Fixes
- Settings page revamped, looks a lot cleaner
- attachment_dir was not set on settings init.
- Contact DB fix for non-nemo users (new 3.4 installs, alternate users)
- Show build ID in about screen
- Notifications with vibration and sound
Whisperfish 0.6.0-alpha.4
The milestone on Gitlab for this release
Features:
Under the hood:
- Partial support new UUID-based identifiers
- Initial tooling for future database migrations
- Pre-key refreshing
- Attachment failure log (set attachment_log=true in harbour-whisperfish.conf)
Whisperfish 0.6.0-alpha.3
The milestone on Gitlab for this release
- Sending direct and group messages, notably no attachments.
Whisperfish 0.6.0-alpha.2
The milestone on Gitlab for this release
- Receiving messages and their attachments
Whisperfish 0.6.0-alpha.1
The milestone on Gitlab for this release
- GUI performance improvement
Comments
skyjumper
Mon, 2022/07/18 - 02:07
Permalink
That command format worked a treat for me - thanks !
rob_k
Sun, 2022/03/27 - 19:07
Permalink
Very promising, the workaround for the captcha. Unfortunately I get:
BTW command seems too long, so I pasted the url in two parts:
rubdos
Sun, 2022/03/27 - 19:55
Permalink
There seems to be a newline in the captcha string you pasted on terminal; that should really not be there. That gets misinterpreted and rejected by Signal.
rossholmes
Fri, 2022/02/18 - 16:52
Permalink
Messed up something probably. I'm trying to register, but when, I entered my phone number, selected text verification method, and the app crashed upon I chose Continue. Any idea?
rubdos
Sat, 2022/02/19 - 13:54
Permalink
Yes. Registration is currently broken in SailfishOS 4.2 and 4.3, without any workaround: https://gitlab.com/whisperfish/whisperfish/-/issues/366
Our hope is that SailfishOS 4.4 fixes it, or gives us another clue about what's up.
Termitebug
Thu, 2022/02/17 - 18:23
Permalink
Hi! Would it be possible to unlock GUI-password with sailfish-sercrets for convenience's sake? For now, I'm copy-pasting from ownKeepass the unlock password. This is just a feature request and if it cannot be done I'm okay with that answer.
rubdos
Sat, 2022/02/19 - 13:53
Permalink
It's a feature request and it's certainly possible some day. Feel free to upvote here: https://gitlab.com/rubdos/whisperfish/-/issues/2
ric9k
Tue, 2022/02/08 - 23:51
Permalink
Hi,
Thank you for Whisperfish.
Is there a way to use whisperfish if I register to signal on another device?
Thanks,
rubdos
Wed, 2022/02/09 - 11:33
Permalink
In Signal, one "device" is the main device (this is currently always a phone), and you can link as many secondary devices as you want (which is currently either an Apple iPad or a computer). Whisperfish currently only supports being the main device. If you want to use multiple devices, you need to register Whisperfish as main device and link all other devices to Whisperfish.
Currently, Whisperfish registration is broken since SailfishOS 4.3.
delocoyo
Fri, 2021/12/10 - 22:35
Permalink
What is the channel in matrix? I cant find it.
rubdos
Wed, 2022/02/09 - 11:32
Permalink
I didn't see the notification for this comment; sorry! The channel is #whisperfish:rubdos.be
If you cannot find it, you can leave me your Matrix username and I can invite you in!
delocoyo
Thu, 2021/12/09 - 17:08
Permalink
when will be possible to use whisperfish for a newer user?
delocoyo
Thu, 2021/12/02 - 17:16
Permalink
Thanks rubdos.
delocoyo
Thu, 2021/12/02 - 13:46
Permalink
Hej. I have not install other whisperfish conto now. The probkem is that I cant reach the captcha, and it breaks
rubdos
Thu, 2021/12/02 - 16:56
Permalink
Yes, registration is currently broken due to the reCAPTCHA again indeed. I hope to fix it some time soon.
delocoyo
Thu, 2021/12/02 - 11:11
Permalink
I just got a xz2c with 4.2 , and I cant install whisperfish in it. I had an xperia 10II and with 4.2 was working without problems?
rubdos
Thu, 2021/12/02 - 11:29
Permalink
What are the symptoms, what is going wrong? You cannot install it with Storeman, or you cannot register?
aviarus
Tue, 2021/11/23 - 13:05
Permalink
Downgrading openssl and installing beta 6 worked
aviarus
Tue, 2021/11/23 - 12:45
Permalink
is it possible to copy the settings from smoother device? i copied .local/share/harbour-whisperfish from an old sfos 3.4 device that cannot update and loaded the saved messages but the icon stayed red. now i thought i could hop over the reiteration on a 4.3 device but it gives the same strange result with the Last provided version here and also with the Last nightly build from gitlab
rubdos
Thu, 2021/12/02 - 11:28
Permalink
You need to copy over both ~/.local/share/harbour-whisperfish and ~/.config/harbour-whisperfish for this to work. Don't try to run the same config on two devices, make sure to disable the old divive (by renaming both directories on the old device, for example)
delocoyo
Tue, 2021/11/23 - 12:08
Permalink
So how can I install it in anew device?
rubdos
Tue, 2021/11/23 - 12:10
Permalink
Installation should just work. Apparently registration is broken on SailfishOS 4.3, so you need to have registered using an older version of SailfishOS. I haven't had the time to look at it yet. You can try the workaround of "deprecated" in the comments here: https://openrepos.net/comment/39319#comment-39319 ; make sure to remove the old OpenSSL package when you have registered.
delocoyo
Mon, 2021/11/22 - 08:12
Permalink
That great to hear it Rubdos. My thoughs was that anytime is something. Is not just to say bad words about Jolla, is just that anytime is a upgrde kind of like the set up that is in tge phone break. Thanks for your time.
delocoyo
Thu, 2021/11/18 - 22:02
Permalink
Isnt amazing that anytime there is an update is so much work to do to make the app work properly again? Isnt a collaboration to make it work smoothy from Jolla?
rubdos
Sat, 2021/11/20 - 20:54
Permalink
By the way: I'm in contact with some people at Jolla. I hear that some Jolla people are even using Whisperfish, which means I'm aware of some bugs before the EA releases (but often difficult to fix without hands-on, such as the 4.3 OpenSSL breakage).
slava
Fri, 2021/11/19 - 04:28
Permalink
I heard that there's something called "backward compatibility"...
delocoyo
Sat, 2021/11/20 - 09:42
Permalink
Whats that?
rubdos
Sat, 2021/11/20 - 20:53
Permalink
It's the idea that Jolla should be making sure that a minor version upgrade doesn't break any app. I agree with Slava's sentiment on the breakage between beta 6 and beta 7 here. Jolla should have carried OpenSSL 1.0 throughout the 4.x series, formally deprecating it and alerting app developers that it would be gone in 5.x series, instead of just dropping this bomb.
That said, all previous breakage was 100% due to me abusing undefined behaviour of the SailfishOS operating system. All those hacks are gone now (since the event-loop rework and the SFDK rework), and there's only a few undocumented APIs that we use (but existing APIs, not undefined behaviour). These undocumented APIs include our rendering of the reCAPTCHA (which is now stabilized in 4.3) and retrieval of contact names by phone number in the GUI.
deprecated
Sun, 2021/11/14 - 20:21
Permalink
For anyone having issues with beta 7 (latest, as of writing) on SFOS 4.3.0.12, I found a workaround. Unfortunately, it's intrusive:
This procedure works flawlessly on my Xperia XA2 Ultra. I went through it twice to make sure it was repeatable. I'll be happy to help if anyone needs assistance. I'm sure this will be ironed out in future Whisperfish releases, but for now this gets us both the latest SFOS and latest Whisperfish with minimal hassle. Good luck!
Edit: It seems this method breaks my SIM contexts for MMS, no idea why. journalctl is unhelpful, and mmslogger provides exactly nothing. Fresh flash to either 4.3.0.12 or 4.2.0.21 results in MMS working as normal. I'll try to figure out a way to get beta 6 installed on 4.3.0.12, register then update to beta 7. Will update as it comes.
Edit #2: Okay, so I finally figured out how to keep ofono working properly, have SFOS 4.3.0.12, AND have the latest Whisperfish:
This is the ONLY way I've gotten it to work correctly. If you install beta 7 first, it'll crash when it's supposed to display the captcha. I hope this helps someone.
rubdos
Sat, 2021/11/20 - 20:49
Permalink
I honestly wasn't aware that the CAPTCHA broke on 4.3 in general, I thought this issue was confined to some ports to non-Sony phones. Thanks for making me notice!
Pages