I really don’t get why so many people are turning this into a privacy versus anonymity debate when the real problem is censorship.
Yes, Signal needs a phone number to sign up, but replacing that with an email or username doesn’t make it anonymous. The real issue is that governments are blocking the registration SMS, so people can’t even sign up for the app in the first place.
Sure, there are workarounds, but most people aren’t going to jump through all those extra hoops just to use an app. If we want to spread privacy, how do we do that when Signal’s phone number requirement is actively working against us?
Instead of arguing over privacy versus anonymity, shouldn’t we focus on making sure everyone can access Signal without issues? What do you think?
shouldn’t we focus on making sure everyone can access Signal without issues?
I’d rather ppl not use US-based centralized services, hosted on amazon’s servers, and subject to national security letters.
There are far better self-hostable alternatives that aren’t hosted in burgerland.
Not opposed to the overall message but for the national security letter it worth remind people that the communication is E2EE, before propagating some certain level of panic.
E2EE isn’t the magic solution everyone claims to be: https://xkcd.com/538/
Even with full e2ee, they still have
- Your real identity (via phone numbers)
- The real identities of everyone you talk to
- Who you messaged, and when
With this its easy to build social networking graphs, and tag everyone implicated with a targeted account as an accomplice. Reading and trying to build meaning from the e2ee message content is almost less important than social graphs.
I know of matrix, what are some other alternatives?
Also a protocol that got falsely maligned during the crypto days was secure scuttlebutt, and people should be talking about it more.
Matrix, SimpleX, Briar(not a huge fan of this one since its android only), XMPP (only if you have encryption addon).
https://github.com/signalapp/Signal-Server
But you’re right about decentralisation. The main issue is:
They went a whole year without publishing updates to repo a few years back, until there was a big community backlash over it. Also you have no guarantee that’s what they’re running other than: “just trust us”.
What is this slop? Libre software has never meant we control what other people do with their servers.
I credit a good part of my success bringing friends and family over to Signal to the fact that it emulates what ordinary people are used to: a centralized service where people’s identities are associated with phone numbers. No need to teach them anything new, just download it, punch in your number, and then punch in my number. I think Signal is targeting exactly that and putting more anonymous and decentralized models way on the back burner. Concepts as simple to us as ‘instances’ are surprisingly difficult to explain to newcomers, and I wouldn’t be surprised if accounts not associated with phone numbers pose a discoverability issue.
This all might be sidestepping the question a bit since I haven’t dug deep into the issue, but my thinking is that Signal, in its current state, should be seen as a transitional solution until things like SimpleX become more mature and widespread.
It is a centrakized service.
And yes, the familiarity makes it easy to get people to switch. The phone numbers made my contact discoverable so I had an easy way to find out they’re on signal.
it’s been asked a lot and I’ve seen others respond about how the passcode and account username that were added in the last few years are steps in the process to make accounts not dependent on phone numbers. I’ve just given them the benefit of the doubt that someday we won’t be tied to a phone number anymore
We should be working to get more people to use XMPP rather than signal, Whatsapp, etc.
Yes but Signal is libre. If you’re already failing, stop making it harder. Get others to care first, then go for decentralisation.
Signal is like TSA: it’s security theater. Any entity serious about security will not do these things that Signal is doing:
- Hostility to non-Google appstores
- Using phone numbers and SMS for signup
- US-based entitity controlling the ecosystem
So what messaging platform is actually serious about security per the points you have described?
SimpleX is promising, but seems very new.
Telegram is better than Signal on many angles, but has other problems.
I don’t think there is a perfect app yet. But Signal’s aggressive marketing is security-theater, not real security.
Telegram as a platform is amazing. Feature rich while still easy to use. Easy to create useful bots too. Sadly the rest is questionable.
Telegram is what Signal is pretending to be. Telegram has other serious problems, but still lightyears ahead.
Using SimpleX for some time now, can only recommend… only had an issue in France, though last time it just worked.
There’s a lot of dead accounts downvoting you BTW.
