zlacker

>>pera+(OP)
The biggest drawback with Signal for protesters is that it exposes the user's phone number to everyone else in groups (just like WhatsApp does). There is no way to even hide the fact that you have an account on Signal. I can add phone numbers by enumeration into my contacts and Signal will show who among my contacts is on it. If the authorities don't use tactics like they did in Hong Kong, the protesters may be safe from being spied on (or worse).

>>AnonC+ul
Signal is not only used by protesters[0][1] so discovering that a phone number is connected to a Signal account by no means implies that the phone is used by a protester.

[0]: https://www.militarytimes.com/flashpoints/2020/01/23/deploye...

[1]: https://www.theguardian.com/politics/2019/dec/17/tories-swit...

>>hjek+7m
That doesn't change the fact that all phone numbers are visible to all group members. All it takes is one rogue participant to reveal the identities of all members. If that actor has access to triangulation data they now have identity, location history, words and possibly images/video.

>>unicor+Mt
Yeah, it's optimized for communication between trusted parties (e.g. Snowden and a journalist) - as such the focus is on verifying the identity of the other person, not hiding it. It'd be cool if they figured out a group chat setting that was optimized for groups like protesters trying to coordinate - show your identity only to users you are directly connected with/have verified/whitelisted, but hide your identity to everyone else.

>>m12k+0w
Except the whole point of OTR-like messaging was that you can communicate with someone who you can't be entirely sure you trust in perpetuity (that's why messages in Signal and similar systems don't have non-repudiation -- neither party can prove to a third party that a message really was sent by the other party). Now, obviously the metadata worry is separate to how the message cryptography is implemented but it does seem odd to have a threat model which is somewhat confused on this question.

>>cyphar+yJ
But with signal you can verify that person, its like the opposite of otr.

https://signal.org/blog/safety-number-updates/

>>nix23+fW
OTR also allows you to do key verification -- all encrypted chat systems support that. The point isn't that you cannot be sure who you're talking to, the point is that the communication transcript cannot be provided to a third party as evidence that either party in the conversation said something.

This is fairly simply implemented in OTR. Rather than signing the message with an asymmetric keypair (as you would with PGP), you sign it with a HMAC. Thus both the sender and recipient could create a valid message from the sender (giving you the property that only the two people in the conversation can be sure what was actually said by the other party, without being able to prove it to a third party cryptographically).