I trust Signal's end-to-end encryption promise, but I have a problem with the application not offering anonymity or privacy. By demanding users to provide a cell phone number to enable their accounts, they are connecting actual people to the Signal accounts and consequently also allowing them (or someone else) to visualize social networks; in intelligence gathering, data such as who speaks to whom, at what hours, with what message frequency etc. is highly valuable. It's also important that users ask themselves how Signal manages to finance all the SMS costs and the infrastructure when the application is gratis and free from ads.
Original from 2018, 467 comments <a href="https://news.ycombinator.com/item?id=17723973" rel="nofollow">https://news.ycombinator.com/item?id=17723973</a>. Not commenting as snark (reposts are ok after all) more to save Dang digging out the link and also to see how many more or less duplicate sentiment comments are made and / or how perceptions have changed.
I love Mr. DeVault's work, and think he consistently shows integrity in his work, to say nothing of his incredible productivity and engineering.<p>That said, in my time following his blog and Mastodon toots, he's prone to making these hot-takes that take down successful projects that do a lot of public good, but don't tick every check. His repeated criticism of Mozilla is a good example of this.<p>It often feels like cutting off ones nose to spite the face. Without the Mozillas and OpenWhispers of this world, we've no hope for the DeVaults which create incredible feats of engineering that tick all the ideal boxes but lack some of the creature comforts (e.g. sr.ht, wayland, etc..)<p>I'm optimistic for the future, and the projects started by Moxie and DeVault are a large part of it.
Signal falls into an uncomfortable place for me.<p>I like pre-paid cellphone plans which give me a small number of text messages, a small amount of airtime. Using these I can communicate with people when I am not near a WiFi AP. I do not want to pay for data and would prefer to use my and my friends' access points and the free wifi in the small number of commercial locations that I visit.<p>In Canada all of the major carriers disable WiFi Calling² on pre-paid plans. They essentially only enable it as crutch to leach off public infrastructure to take up the slack on their insufficient private infrastructure.<p>So I infrequently (but enough to be annoyed) find myself in the situation that I am not near a WiFi access point and wish to communicate with someone else. Currently Signal will only allow me to do this via insecure SMS messages.<p>I read their original explanation in 2015 for disabling this functionality. Namely SMS leaks too much metadata¹ and we are only catering to needs of real-activists in real-dictatorships, and anyway SMS is too expensive there so this is a 1st World Problem.<p>As an explanation it leaves me wondering why I would bother with Signal: if I bite the bullet and sign up for a circa CA$50/month plan with data I may as well just use Element Matrix over WiFi. Signal brings nothing to the table except the possibility of accidentally sending an insecure SMS message and incurring a 30c charge for it.<p>1. <a href="https://signal.org/blog/goodbye-encrypted-sms/" rel="nofollow">https://signal.org/blog/goodbye-encrypted-sms/</a>
2. <a href="https://support.signal.org/hc/en-us/articles/360007321171-Can-I-send-SMS-MMS-with-Signal-" rel="nofollow">https://support.signal.org/hc/en-us/articles/360007321171-Ca...</a>
I'm so proud that a family member managed to get all of my extended family on Signal. My grandparents are even on Signal.<p>I wouldn't trust such an app for anything actually secret due to the mentioned issues (and phone number req), but I think it's great that we're using high grade encryption to talk about what we had for dinner.<p>Encrypted and private should be the default no matter what!
Trust it to what?<p>I use Signal because I think it protects my SMS messages from:<p>a) being harvested and read by other apps on my phone<p>b) being read by someone who unlocks my phone<p>c) being passively intercepted and stored by carriers and their snoopy employees<p>d) opposition researchers or private investigators targeting my friends, acquaintances, and business associates.<p>For anything targeted and state level, all bets are off anyway, so it's not a solution for people who have that problem. What am I missing?
As to the interjection that Signal is lacking a FBI canary - Moxie was clear on the subject:<p><a href="https://web.archive.org/web/20141027143819/https://github.com/WhisperSystems/whispersystems.org/issues/34" rel="nofollow">https://web.archive.org/web/20141027143819/https://github.co...</a>
This post has been on Hacker News several times. For instance: <a href="https://news.ycombinator.com/item?id=17723973" rel="nofollow">https://news.ycombinator.com/item?id=17723973</a>.<p>When it was first published, it included an emphatic recommendation to use Matrix, and, later, Tox --- in fact, the post even included a changelog at the bottom recording the inclusion of Tox. After it was pointed out to the author that Matrix didn't even do E2E by default, the recommendations (and the changelog) were ghost-edited out of the post, but you can still see them on Archive.org.<p>I don't understand why people take this post seriously.
I reacted to previous posts about this by installing Element (was Riot.im; search for both words) matrix client, setting up a periodic donation to privacytools.io, and making accounts with that as homeserver (chat.privacytools.io) for me and for the rest of the family.<p>(Previously, I had a Librem.one account, but they don't maintain their server, so I dropped it.)<p>It works... Still waiting for anyone else I know to come over.<p>Element really needs to set up as an optional SMS handler, on phones. Probably building in a Signal gateway is needed too. Signal would be nowhere today if it didn't also do SMS. Separate gateways are too clunky.
I really don’t think OWS has the authority to stop forks from
using the Signal servers, any more than YC has the authority to dictate that I use Chrome to view HN.<p>There is, of course, the vague language of the CFAA, so I’m not sure I’d want to test this theory, but his demands that forks not use the main centralized servers are, in my opinion, unenforceable bluster.
I only use phone calls (sync) and e-mail (async) nowadays.There's no other communication channel I would need. I'd only be willing to substitute them with their encrypted, P2P, and open-source counterparts, if they ever come into existence.<p>Texting, on the other hand, used to be the bane of my existence, as--especially in its current form (free, nested layout, etcetera)--it's one of the most distracting, inefficient, absurdly redundant and useless communication mediums I know.