zlacker

[return to "Signal app downloads spike as US protesters seek message encryption"]
1. AnonC+ul[view] [source] 2020-06-05 06:17:12
>>pera+(OP)
The biggest drawback with Signal for protesters is that it exposes the user's phone number to everyone else in groups (just like WhatsApp does). There is no way to even hide the fact that you have an account on Signal. I can add phone numbers by enumeration into my contacts and Signal will show who among my contacts is on it. If the authorities don't use tactics like they did in Hong Kong, the protesters may be safe from being spied on (or worse).
◧◩
2. goneho+gn[view] [source] 2020-06-05 06:36:45
>>AnonC+ul
This tradeoff is arguably a good thing.

By using phone numbers as IDs signal can rely on your phone's local contacts (meaning they don't have to send your social graph to their servers). This way they can keep very little metadata on you.

There's pretty much nothing for them to turn over except the fact that your phone number has the signal app.

Most of the other secure apps could turn over your entire contact list (which could be damaging for people in a protest that are being targeted).

Confirming a single phone number has the app is not nearly as big of a deal (I'd argue it doesn't matter at all).

◧◩◪
3. Legogr+vo[view] [source] 2020-06-05 06:50:42
>>goneho+gn
I've lost track of the number of times I've had this conversation but here we go:

There's nothing inherent in phone numbers here. Both iOS and Android also allows you to add e-mail addresses (and other identifiers) to your local contacts. I'm yet to hear an argument as to why e-mail addresses or other identifiers can't be used in addition to phone numbers, or why it would be a complicating factor.

◧◩◪◨
4. goneho+rp[view] [source] 2020-06-05 06:59:49
>>Legogr+vo
My guess would be that phone numbers are guaranteed to be unique IDs that (almost) every phone will have which simplifies things and reduces the risk of someone impersonating someone else.

I think they are working on non-phone number IDs though (Moxie was in an earlier signal thread on HN recently and mentioned it).

◧◩◪◨⬒
5. mikekc+Aq[view] [source] 2020-06-05 07:18:03
>>goneho+rp
There is an issue on Github that is collating the problems they are working through. I've lost track of it, though, unfortunately. I've been pretty cynical about it in the past, but the last time I looked at the issue, it does look more complex than I first imagined. I wish it were higher priority, though. Hopefully somebody will remember the issue and post it here (it was from an HN post that I found it originally). Unfortunately, I'm not even sure what project it's under and there are many projects.
[go to top]