zlacker

[return to "Signal app downloads spike as US protesters seek message encryption"]
1. killsw+f3[view] [source] 2020-06-05 02:34:47
>>pera+(OP)
One has to wonder about behind the scenes heuristics as it pertains to taking a chance distributing a backdoored version sideloaded into the App Stores. One also wonders about whether the encryption or app are possibly compromised generally (even if the source is vetted and distributions are verified)

Perhaps most of interest though would be how many phones are owned otherwise, to give access to the protester Signal comms anyway

And also metadata must still fly around anyway, no?

◧◩
2. raspyb+R3[view] [source] 2020-06-05 02:42:22
>>killsw+f3
Signal does a pretty good job at minimizing the metadata it has access to. For example, the app can tell you who of your contacts has Signal installed but the Signal service itself never gets to see your contacts (https://signal.org/blog/private-contact-discovery/).
◧◩◪
3. canjob+Xd[view] [source] 2020-06-05 04:35:05
>>raspyb+R3
Signal absolutely could do better in minimizing metadata by simply not requiring a phone number. Despite this obvious, huge, and dangerous shortcoming, I have never seen a single explanation of why Signal needs a phone number for signup.
◧◩◪◨
4. kick+je[view] [source] 2020-06-05 04:39:30
>>canjob+Xd
They give an explanation literally every single time this subject is brought up, but of course on the Internet there's someone who against all possible odds manages to completely ignore years and years of the reasoning being linked to or given by a person at Signal in every single possible thread on Signal possible anywhere on the Internet, but what can you do?
◧◩◪◨⬒
5. canjob+if[view] [source] 2020-06-05 04:52:59
>>kick+je
I've asked many times and searched many times and never found a convincing answer. What's the reason?
◧◩◪◨⬒⬓
6. Medite+rh[view] [source] 2020-06-05 05:20:26
>>canjob+if
The typical answer is that a secure app is useless if no one actually uses it, and the use of phone numbers is an unfortunate tradeoff that had to be made to allow the general public to easily sign up for Signal and find their friends automatically from their phone's contacts.

Often this answer is accompanied by pure sarcasm where if you are concerned about this feature, you are told that Signal is not for you and "you can go play at being a spy and sharing a secret decoder ring with your friends", as these people regard PGP to be. I wish those Signal advocates could lay off the sarcasm, it just makes the project look bad.

[go to top]