Standalone Signal Desktop

429 points by rouma7 8 years ago | 309 comments

Why no web app? Moxie closed https://github.com/WhisperSystems/Signal-Desktop/issues/723 without giving any reasoning. Can someone link me to a blog post that explains why Signal is refusing to release a web version?

I cannot run another Electron app on my computer, I simply do not have the RAM left. Signal as a web-app would allow me to put it inside of Franz or Rambox, where all my other chat services live.

Right now Signal is the only chat service that I cannot run in Rambox or a browser.

All the other major chat services provide a web-app that can run in a browser:

- messenger - whatsapp - wechat - hangouts - skype - zulip

These apps all have web versions for good reason, a website is the most versatile, portable way to share an application with users who's devices you cant support individually. If a user's chrome extension gets hacked a steals their messages that's their fault, it should be the choice of the user whether they run the app in an insecure environment. After all, you're relying on them to not have keyloggers or rootkits on their computers that run the desktop app.

I don't see any reasoning for Signal to not follow WhatsApp's model and release a web-app that links to your phone.

kijiki 8 years ago | |

In-browser e2e encryption is vulnerable to targeted attacks on specific individuals.

The service (either intentionally or by virtue of being hacked) can serve up Javascript crypto code that either uploads plaintext, or subtly backdoors the crypto so it can be decrypted. And they can do this to just a single user, so unless you audit the Javascript every single time you load the page, you'd never know.

A signed app is more secure, because a backdoor would have to be distributed to everyone, greatly increasing the chances of it being discovered.

baby 8 years ago | | |

I don't think I agree with you. Here's a way you could make it work: by downloading a signed index.html, and opening it locally in your favorite browser. If it loads anything from the outside, use subresource integrity[1] to make sure it's sane.

Furthermore, we're using their website to download the Desktop app, the binaries are neither signed by them nor by Apple (or macOS). So the threat model is "almost" the same here as a web app here except for:

* CSRF would not work on an Electron-based app.

* Trusting an Electron-based app is a one-time thing (close to a Trust-On-First-Use trust model). (thx Nik Kinkel for pointing that to me.)

[1]: https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

swsieber 8 years ago | | |

A signed app is only more secure if they load absolutely no code remotely, otherwise they open up the same channels of attack.

That said, at least they have the option of closing that hole with the electron app.

nikisweeting 8 years ago | | |

That doesn't fit my personal threat model (dragnet surveillance), so I'd be happy to accept slightly lower security and use a web app. imo they should offer the option of both, but notify users on web that the Electron app is preferred because it's more secure.

woolvalley 8 years ago | |

They are a small non-profit dev group, and resource wise it's probably not worth it for them.

You could indirectly solve this problem by making some sort of electron multiplexer that could take multiple electron apps and make them share the same electron host browser, achieving the same thing you have now.

I personally just use a bluetooth keyboard and my phone. I get a native app, keyboard typing and nothing hogging resources on my computer.

ezekg 8 years ago | | |

The issue with doing that though is that most Electron apps don’t use the same version of Electron. I have apps I’ve built that are still running pre-v1 because updating has been too much of a headache.

tomc1985 8 years ago | | |

Or they could have written the app in .Net, JavaFX, QT, GTK, or any of the other perfectly good languages and frameworks out there

maerek 8 years ago | |

Not sure what I'm missing here, but I see Signal using 37.5MB of memory. That doesn't seem egregious, but I'm also not familiar with what other Electron apps use.

smcleod 8 years ago | | |

I don't think you're looking at all the processes:

A fresh launch without logging in or having it run for any period of time immediately uses 211.2MB:

  1. Signal: 58.3MB
  2. Signal Helper: 128.6MB
  3. Signal Helper: 24.3MB

After logging in and starting a few conversations I quickly see the total rise to over 350MB.

smcleod 8 years ago |

Other than the memory usage - these are problems I've encountered thus far:

  - It said it was 'Importing contacts and messages' when I signed in without first prompting me if that was OK.
  - Importing contacts and messages failed.
  - Manually importing contacts fails.
  - Conversations show up, but each message just shows as an error.
  - Deleting a conversation doesn't delete it, it just makes it as read.
  - Messages marked as read randomly reappear as unread.
  - Incorrect unread message count next to conversations list.
  - Messages often don't arrive at all, seems at random.
  - The application loses it's 'link' to your account seemingly at random upon launch and needs to be relinked.
  - Appears to use an outdated version of electron with published security vulnerabilities.

darklajid 8 years ago | |

I'm not trying to be snarky here, but .. did you report those on GitHub / to the Signal developers?

Vinnl 8 years ago | | |

Link to lower the barrier: https://github.com/WhisperSystems/Signal-Desktop/issues/new

aluhut 8 years ago | |

Not a single of those happened to me. Are you sure there is nothing wrong with your PC?

It uses 130MB RAM here (Win). How much is it on your side?

72deluxe 8 years ago | | |

Call me old, but how can a messaging app like this use 130MB RAM? I am exasperated that Skype on my machine is using 109MB with only one conversation window open.

We seemed to get by with MSN Messenger with far less RAM, and the features were pretty much identical.

It boggles the mind how memory-intensive some of the modern apps are. It's insane.

mrmondo 8 years ago | | |

Howdy, glad to hear it’s less for you, that’s a much more reasonable amount of memory to use but are you sure you’re including all active memory from each of its processes / worker threads?

equalunique 8 years ago | |

Most of these problems happened to me when I switched signal apps between phones. It all started working again within the same hour.

pokemongoaway 8 years ago | |

I had a load of problems when I first installed it and tried to migrate. A main issue was that it took a while for the "migrate" function to appear in the Chrome app.

lewisl9029 8 years ago |

Any reason why there's not more support for the Progressive Web Apps standard on desktop browsers [1]?

It seems to me that many Electron apps these days are super-thin wrappers around a web app that don't actually need the full desktop access offered by Electron (things like local filesystem access, multi-process execution, multi-window management, arbitrary node APIs, etc).

They just need a way for users to "install" the app so that it 1) has a separate shortcut and appears in a separate window from the browser, 2) can send notifications through the native notifications stack, and use a fallback on systems where one isn't available, 3) is available for use offline.

The Progressive Web Apps spec has answers to all of these problems, and it would vastly improve the resource usage model compared to Electron because each PWA would share the same browser runtime as the user's browser of choice, which is more likely than not running 24/7 anyways.

Security-minded apps like Signal might need more guarantees such as asset verification and version pinning on install, but surely those could be added to the spec, as they would be beneficial for other Progressive Web Apps as well.

I know PWA was designed with mobile apps in mind originally, but it'd be a shame to limit it to that use case, as there is clearly a lot of demand for building desktop apps with web technologies, and PWA sounds like an excellent alternative to the current status quo that's dominated by Electron.

[1] https://developer.mozilla.org/en-US/Apps/Progressive

captainmuon 8 years ago | |

It's coming, at least for Edge on Windows. If you add appropriate meta tags, your app will even automatically appear in the windows store.

The web platform is a really great example of backwards compatibility - it has to, because people wouldn't tolerate breaking changes to websites. Browsers (and Electron) have made a lot of progress in the last years, but now I think this platform is very capable and you can get a lot done without waiting for a new feature. This makes something like Electron a good candidate to ship with the OS. Remove the burden of updates from the individual vendors, and use a lot less disk space and memory because there is only one runtime.

I don't see installable Electron any time soon, but interestingly Edge might fulfill that role on Windows (if it is compatible and PWAs are powerful enough to replace most electron apps).

Vinnl 8 years ago | | |

That's the main reason, I think: the PWA is getting there, but only just now. Discovery (mostly on mobile) and integration (on desktop) is still relatively lacking. Once those are fixed, I'm guessing it will slowly be getting more uptake.

tmikaeld 8 years ago |

Another 205MB Electron App to the collection, at least it's 50MB smaller than Wire.

kome 8 years ago |

Signal Desktop is not really standalone, because you still need to pair it with your phone. And the phone should be turned on.

I am very privacy conscious, and I don't use a smartphone, at all, because it's basically a spying device in your pocket.

Why Signal is all about privacy and then it forces me to pair it with a telephone?

Telegram desktop is really standalone. They require a telephone number too (and that's very annoying), but they don't require having a smartphone or keeping your phone open. My phone number on telegram is not even my phone number anymore, and it doesn't make any difference... Privacy wise is far from being perfect, but it's already better. At least it's usable.

unicornporn 8 years ago |

I so wish more people discovered Matrix or https://riot.im.

To me it's simpler and works better than Signal while being decentralized and federated. It has excellent clients for all platforms (and these keep measages in sync with each other) and does not require a phone number.

terraforming 8 years ago | |

Matrix is fantastic. However, riot desktop sucks in my opinion. Yet again, an electron app. You say that matrix "has excellent clients for all platforms". That is simply not true at this time. For linux, there's pretty much only 1 client that's currently usable, and that is riot (electron app).

There's a fantastic one in the works, qmatrixclient (quaternion: https://github.com/QMatrixClient/Quaternion), but it doesn't support E2EE yet.

Sir_Cmpwn 8 years ago | | |

There is a Weechat plugin.

https://github.com/torhve/weechat-matrix-protocol-script

drdaeman 8 years ago | | |

There is also nheko (https://github.com/mujx/nheko), but it's not particularly mature and also has no Olm/E2EE support (https://github.com/mujx/nheko/issues/13)

vertex-four 8 years ago | |

I don't agree that Matrix has excellent clients for all platforms - IMHO, only Riot Web/Desktop is usable, and that only in comparison to other open-source messaging software - it doesn't compete against pretty much anything that people make money off of. Riot iOS and Android both make it nearly impossible to handle a large amount of chatrooms, IME. And nothing else implements even most important features of Matrix.

The developers badly need to invest in a UX engineer, but are currently stuck scrambling for money as their corporate sponsorship ran out.

work_account 8 years ago | |

Matrix is terrific. I've "converted" some friends from Signal to Riot and we're not going back. Video/calls and group chats work a lot better, and the riot.im web client is excellent (at least, compared to Signals lack of).

I've also stopped using an IRC client and just use a Matrix bridge. Really happy so far.

Main drawback is that E2E is a bit clunky to set up, and downright confusing for non-technical users.

dbrgn 8 years ago |

Does it still store all data unencrypted on the disk? https://github.com/WhisperSystems/Signal-Desktop/issues/1017

metilda 8 years ago | |

Use full disk encryption, or store Signal's database in an encrypted volume. Signal for Android only has encryption due to the litany of issues associated with FDE on android, from wiping your phone when you encrypt it, to accidentally bricking your phone cause your vendor broke FDE in their Android build.

enraged_camel 8 years ago | |

Wow, reading that thread basically made me decide against using Signal.

For an app that is supposed to be the pinnacle of secure messaging, leaving anything unencrypted on the local device is just breathtakingly negligent.

The way moxie ushers people to take the discussion elsewhere doesn't help either. It just reinforces the perception that he doesn't care.

darklajid 8 years ago | | |

As someone that doesn't care at all about Signal (I'm in the "no federation & mobile number as ID is unappealing and I can just as well use WhatsApp" camp) I came away with the opposite opinion:

The people in the report (not necessary the original submitter, the "Now I'll go and tell everyone to uninstall Signal! There you have it!" crowd) seemed to be demanding/whining and spammed a bug tracker with random anecdotes and their personal agendas in a rather rude way.

Whereas moxie - again, in my opinion - replied in a very friendly, objective and calm manner and invited these people to discuss the issue further. In the _right place_ for an open debate about design decisions.

baby 8 years ago | | |

It is not Signal's job to encrypt your device. It is your OS or device's job. If you care about these things you should already have FDE (Full Disk Encryption) enabled on your device hence Signal encrypting your data on disk would be redundant.

ec109685 8 years ago | | |

Shouldn’t you instead just encrypt your disk entirely?

jsnar 8 years ago |

Using Electron is a bad idea: it's not secure. Electron has many security vulnerabilities. The latest version is still based on old Chromium (58 & 59) so it inherits many of the security vulnerabilities published in Chromium 60, 61 and 62

openfuture 8 years ago |

I want to say "finally!" but they're deprecating the chrome extension so now my chromebook won't be connected anymore but at least I'll be able to get rid of chromium on my desktop.

Guess you can never please everyone.

But in all seriousness thank you for the great work, this is excellent news!

fattire 8 years ago | |

That you won't be able to run it on a chromebook any more is a big deal actually... will you be able to sync the android version on chromebook w/o a phone #? I haven't tried that but I don't think you can "slave" the android version to an existing account the way you do the standalone app.

Vinnl 8 years ago | |

Unfortunately that was going to happen anyway, as Google's planned to deprecate Chrome apps. Note sure if in general, or if they'd still be supported in Chromebooks, but it's quite a lot of work to support it just for Chromebooks.

BHSPitMonkey 8 years ago | |

Deprecating doesn't necessarily mean you can't keep using what's already there. Even if it's removed from the store you should still be able to run it locally.

rrix2 8 years ago | | |

Also, hi, we both used to hang out in #teensonlinux back in the day! Always good to see handles from that old place randomly pop up

rrix2 8 years ago | | |

Not if Chromium removes support for packaged apps: https://blog.chromium.org/2016/08/from-chrome-apps-to-web.ht...

verbify 8 years ago |

It's ludicrous that you need javascript enabled to download a secure messaging app.

mfwoods 8 years ago | |

For those that don't want to enable Javascript, these are the hidden Linux instructions:

  $ curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
  $ echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
  $ sudo apt update && sudo apt install signal-desktop

frabbit 8 years ago | | |

How are we supposed to verify keys.asc?

(To be a bit more explicit: searching for either the pub (57F6FB06) or sub(0E46390F) keys on hkps.pool.sks-keyservers.net returns no result)

acdha 8 years ago | |

You are willing to run their code on your computer with full access to your data but not in the heavily-sandboxed browser environment?

scott_karana 8 years ago | | |

Verbify didn't say that at all.

It's ludicrous that you can't download a security-focused app when your browser settings are unusually secure. ;)

mrmondo 8 years ago |

Was happy to see this as it was the only reason I had Chromium on my machine - launched it and right off the bat it uses 350MB of memory!

Inspecting the app, it appears to be just another Javascript app (Electron).

noja 8 years ago |

> Linux distributions supporting APT, like Ubuntu or Debian

Oh come on guys. Don't forget Fedora. Fedora means SELinux. SELinux means you are getting the people who value security.

moosingin3space 8 years ago | |

It uses `electron-builder`, which has rpm support. I don't think it would be that difficult to add in a pull request, might do it myself later. (I use Fedora, with SELinux and Wayland and all that good stuff)

jnaulty 8 years ago | | |

Here's something to work off of: https://whispersystems.discoursehosting.net/t/signal-desktop...

daxorid 8 years ago | |

I think you underestimate the number of people whose first post-installation task is setenforce 0

mrmondo 8 years ago | | |

https://stopdisablingselinux.com/

noja 8 years ago | | |

I know no Linux admin (good or not) that does that. It's 2017.

pjmlp 8 years ago | | |

There are also people that run as root...

eeZah7Ux 8 years ago | |

> SELinux means you are getting the people who value security

Proper, very strict sandboxes implemented with seccomp & friends are much more secure. You simply block the large majority of system calls.

Surprisingly, they are often easier to set up.

noja 8 years ago | | |

Can you recommend any distros that use it extensively, or is it too early?

richardwhiuk 8 years ago | |

Fedora doesn't support APT right? It needs to be packaged separately? So it's a whole bunch of work for a small user base.

noja 8 years ago | | |

It's a different user base. Give us a github repo and we can build it ourself. Let me see if I can find one.

Edit: https://github.com/WhisperSystems/Signal-Desktop

mrmondo 8 years ago | | |

Small user base? I think not...

etiam 8 years ago |

Support post for how to migrate: https://support.signal.org/hc/en-us/articles/115002502511-Ho...

asdojasdosadsa 8 years ago |

A lot of people have given negative feedback(because of electron?). I for one, am happy for this. I am in the middle of migrating slowly to Mozilla Firefox from Google Chrome, and one of the hardest things, is to have some of the apps as standalone. I couldn't use my MacBook for anything else if I wanted to chat using signal (..and have chrome running in the background).

Maybe that's just me, but it's good news!

JshWright 8 years ago | |

It's not "standalone" though... It's moving from being a Chrome extension to simply bundling an entire instance of Chromium that only it gets to use.

So, you're migrating from Firefox to multiple instances of Chrome...

StavrosK 8 years ago | | |

I don't understand why it can't be served as a web app, like WhatsApp Web is :(

csomar 8 years ago |

Privacy. Privacy. Privacy. Bla, bla, bla... Now we are going to ask for your phone number.

Am I the only one who thinks this defeats the whole point?

elago 8 years ago | |

No. Signals okay for a drop in replacement for a phones built-in text messaging app (unfortunately really few of my contacts are using it) but once I'm on a laptop/PC there are way better messaging apps imo.

Signal feels slightly like the pigs in Animal Farm getting everyone riled up against the unjust farmers, only to take their place.

Propen 8 years ago | |

Signal is about _privacy_ not necessarily anonymity. Understand the difference?

edit: And anyways, if you read their blog posts you can see how you phone number is only required to make it easy to connect for the masses. You already have your social graph in your contact book.

xwvvvvwx 8 years ago |

Signal is fantastic. Huge thanks to the team for their efforts.

Really happy to have it as a standalone app outside of Chrome now.

laretluval 8 years ago |

It's still insane and confusing that you need a phone number to use Signal. It's almost as if they want to make it hard to be anonymous.

Foxboron 8 years ago | |

Signal provides privacy, not anonymity. It's a hard trade off sometimes, but it's easier for wider adoption.

laretluval 8 years ago | | |

It's hard to imagine how requiring a phone number makes adoption wider.

nullc 8 years ago |

More "security" software that blindly accepts effectively unaudible binary updates from a third party.

iwalsh 8 years ago |

What does this mean for ChromeOS users? Will Signal be maintained for ChromeOS or will those users no longer be able to use Signal?

Zhenya 8 years ago | |

Seems to be a discussion here: https://whispersystems.discoursehosting.net/t/signal-desktop...

Zhenya 8 years ago | |

FWIW, seems to be still functioning on CrOS, for now.

BlackjackCF 8 years ago |

Finally! Here's to hoping the desktop client outperforms the Chrome extension.

captn3m0 8 years ago |

Published to AUR:

- https://aur.archlinux.org/packages/signal-desktop-beta/

- https://aur.archlinux.org/packages/signal-desktop-bin/

tomc1985 8 years ago |

Not more Electron garbage!

whostolemyhat 8 years ago | |

Not more comments complaining about Electron!

tomc1985 8 years ago | | |

Not more lemmings defending Electron!

touart 8 years ago |

Is there a web version available? web.whatsapp.com come in handy if you don't like electron apps.

j7ake 8 years ago |

Does signal do search for text as well as a way to view all images exchanged within a chat ? The only way I found was to scroll up while keeping my eyes focused on certain key words or images. Not a pleasant experience.

unhammer 8 years ago | |

work in progress, non-trivial on phone at least: https://github.com/WhisperSystems/Signal-Android/issues/1232...

andyjh 8 years ago |

No proxy support, so I can't use it in my corporate environment.

https://github.com/WhisperSystems/Signal-Desktop/issues/1632

Also a bit annoying that it can't be run in the background, at least on Windows.

https://whispersystems.discoursehosting.net/t/new-desktop-ap...

kethinov 8 years ago |

Another Electron app, another thread full of people complaining about Electron.

The solution is to build a common Electron runtime that all Electron apps can use. But it seems nobody is working on it despite all the complaints.[1]

I really don't understand why there isn't anybody working it. If that got implemented, it would put a swift end to the biggest complaints about Electron.

[1] https://github.com/electron/electron/issues/673

pjmlp 8 years ago | |

It already exists, it is called web widgets, with MSHTML during the 90's being one of the first implementations of such idea.

Qt, Gtk, .NET, Java, Android, Cocoa, UI Kit, KHTML, even crufty old Motif had such widgets.

It is just web developers not getting native development.

kethinov 8 years ago | | |

Web widgets require a hybrid codebase. It's not "web developers not getting native," it's web developers preferring the Node.js APIs to writing C++ code to read and write files to the filesystem.

majewsky 8 years ago | |

That only solves the installation size problem, not the resource usage problem.

kethinov 8 years ago | | |

I don't think that is correct. The extent to which Electron uses resources today is as if you install five copies of Node.js and five copies of Chrome and launch them all.

A common runtime would be as if you ran five Node.js apps using the same runtime and opened five tabs in a single instance of Chrome.

I'm not super well versed on the low level implications there, but I find it hard to believe that wouldn't save a lot of resources.

I mean, do .NET apps load up a full copy of .NET and all its libraries into memory for each app you open?

mynewtb 8 years ago | |

Do you mean a web browser?

kethinov 8 years ago | | |

The web browser for UI drawing is only part of what Electron does. It also bundles Node.js and all its APIs, which web browsers don't ship. And Electron also provides APIs for native OS integration, e.g. native macOS menus and whatnot.

muppetman 8 years ago | | |

Oh man I choked on my dinner laughing at this. That just frames it all up so well.

geokon 8 years ago |

The weird thing that isn't supported is Signal on 2 Android devices. I tried to install in on my tablet, but if I put in my phone number it blocks the app on my phone... bewildering..

Kinda the Wechat model

teekert 8 years ago |

Great! But it found back some old groups with the same logo as a new group (what a pain if someone changes their phone, but I understand it is for security reasons), took me some tries to find what is what. It's doesn't sync back my older messages apparently, again, probably for security reasons. I was also unable to delete the old groups although they were long deleted from my phone, they popped up there again. After deleting them on my phone, they still remain on the desktop.

fiatjaf 8 years ago |

"If you’ve never used Signal Desktop before, this is a great chance to start. Download the app, pair it with your phone, and experience private messaging with all ten fingers."

So it is not _really_ standalone. You still need a phone. This is still a geeky version of WhatsApp.

In fact, why would I want to use this instead of WhatsApp if they're basically using the same encryption features and I have to trust the same people (who assert that)?

(I don't use WhatsApp, I think it is the worst mankind nightmare.)

aluhut 8 years ago | |

You need to pair it once with your phone for installation.

rabidrat 8 years ago | | |

I don't have a phone that can install the app. So I can't use it.

JshWright 8 years ago |

So now rather than being able to use my existing browser runtime with the Chrome extension version, I get to run yet another browser runtime that only runs Signal...

Yay...

drudru11 8 years ago |

How does whisper system make money?

24gttghh 8 years ago | |

>As an Open Source project supported by grants and donations [...]There are no ads, no affiliate marketers[...]

From the bottom of the main page on their website. I removed the marketing copy.

teekert 8 years ago |

Why an apt package for Debian derivatives only, where they could have opted for a snap and supported a lot more distros: https://snapcraft.io/

I'm very happy with it nonetheless!!

petre 8 years ago | |

Or an appimage https://appimage.org/.

Klasiaster 8 years ago | |

Or Flatpak, that would be nice. But even better would be if you could import the Chrome stuff - is it possible?

Dowwie 8 years ago |

can't I just be able to freely remove and add contacts? I'm not asking for much

davexunit 8 years ago |

I can't tell from the page if the client can be run without using any nonfree software. Does anyone know? The Android application unfortunately requires nonfree components.

mtgx 8 years ago |

I see that you still can't drag and drop an image on the new desktop app. It's not a huge issue but it's quite an inconvenience.

Igor_kh 8 years ago |

Guys, have you heard about checksums? Do you really want me to download and install that bulky zip/exe on my laptop ?

flareback 8 years ago |

I was ready to get excited, I installed the app and one contact showed up. Looks like it only works between signal users.

JoeCoder_ 8 years ago |

No option to minimize to system tray? So I have to have a Signal App taking up room in my taskbar all the time.

nickpp 8 years ago |

Can we please stop calling Webapps that come with the whole browser desktop apps? The fact that you give me to install a dedicated browser for your web app does not magically make it desktop app. It makes it a worse web app, which does not even share the browser runtime with other web apps.

Desktop apps are supposed to be: native code, well integrated in the OS, still working when the net is down and using system widgets and OS look&feel.

tclover 8 years ago |

yay another electron app

petre 8 years ago |

Still requires pairing with my phone, thus not standalone.

Thank you but I'll just keep using Wire on the desktop and Signal + Wire on mobile. Too bad, because the mobile version is really good.

MattSteelblade 8 years ago |

I'm thrilled, it now finally works over 443.

biostasis 8 years ago |

Design is somehow looking related to Telegram...

RickS 8 years ago | |

And nearly indistinguishable from iMessage on OSX.

Chrysler shouldn't make their tires square just because Ford was first to the circle.

I'm happy they're not burning cycles reinventing the wheel.