zlacker

>>pera+(OP)
One has to wonder about behind the scenes heuristics as it pertains to taking a chance distributing a backdoored version sideloaded into the App Stores. One also wonders about whether the encryption or app are possibly compromised generally (even if the source is vetted and distributions are verified)

Perhaps most of interest though would be how many phones are owned otherwise, to give access to the protester Signal comms anyway

And also metadata must still fly around anyway, no?

>>killsw+f3
Signal does a pretty good job at minimizing the metadata it has access to. For example, the app can tell you who of your contacts has Signal installed but the Signal service itself never gets to see your contacts (https://signal.org/blog/private-contact-discovery/).

>>raspyb+R3
The problem is that in many countries, one's phone number is already killer metadata: it is linked to your identity, because you cannot purchase a SIM card without showing ID (a copy of which is made and sent to the authorities). Consequently, a repressive state can determine which of its citizens has installed Signal, and merely using an app known for privacy might already be grounds for persecution.

Apparently Signal is working on identifiers different from a user's phone number, but it is not clear how many people will actually take advantage of this feature.

>>Medite+ga
Presumably those that need to will use that feature. The value is still there as the only way for someone to find out if you have Signal remains the same: brute force. If people who need to keep their Signal use private are using an identifier not tied to their identity, brute forcing will not be useful.

The uncertainty as to how many would use it is likely why it’s been back burnered for so long, but it shouldn’t impact effectiveness. I realize that you may not have been implying it would though.