zlacker

One has to wonder about behind the scenes heuristics as it pertains to taking a chance distributing a backdoored version sideloaded into the App Stores. One also wonders about whether the encryption or app are possibly compromised generally (even if the source is vetted and distributions are verified)

Perhaps most of interest though would be how many phones are owned otherwise, to give access to the protester Signal comms anyway

And also metadata must still fly around anyway, no?

>>killsw+(OP)
Signal does a pretty good job at minimizing the metadata it has access to. For example, the app can tell you who of your contacts has Signal installed but the Signal service itself never gets to see your contacts (https://signal.org/blog/private-contact-discovery/).

>>raspyb+C
It doesn't, logically, know who sent messages either.

>>raspyb+C
The problem is that in many countries, one's phone number is already killer metadata: it is linked to your identity, because you cannot purchase a SIM card without showing ID (a copy of which is made and sent to the authorities). Consequently, a repressive state can determine which of its citizens has installed Signal, and merely using an app known for privacy might already be grounds for persecution.

Apparently Signal is working on identifiers different from a user's phone number, but it is not clear how many people will actually take advantage of this feature.

>>raspyb+C
Signal absolutely could do better in minimizing metadata by simply not requiring a phone number. Despite this obvious, huge, and dangerous shortcoming, I have never seen a single explanation of why Signal needs a phone number for signup.

>>canjob+Ia
They give an explanation literally every single time this subject is brought up, but of course on the Internet there's someone who against all possible odds manages to completely ignore years and years of the reasoning being linked to or given by a person at Signal in every single possible thread on Signal possible anywhere on the Internet, but what can you do?

>>canjob+Ia
That feature is coming and should be released shortly according to the team.

>>kick+4b
I've asked many times and searched many times and never found a convincing answer. What's the reason?

>>canjob+3c
The typical answer is that a secure app is useless if no one actually uses it, and the use of phone numbers is an unfortunate tradeoff that had to be made to allow the general public to easily sign up for Signal and find their friends automatically from their phone's contacts.

Often this answer is accompanied by pure sarcasm where if you are concerned about this feature, you are told that Signal is not for you and "you can go play at being a spy and sharing a secret decoder ring with your friends", as these people regard PGP to be. I wish those Signal advocates could lay off the sarcasm, it just makes the project look bad.

>>ancien+bb
I remember reading that in 2014.

>>Medite+17
Presumably those that need to will use that feature. The value is still there as the only way for someone to find out if you have Signal remains the same: brute force. If people who need to keep their Signal use private are using an identifier not tied to their identity, brute forcing will not be useful.

The uncertainty as to how many would use it is likely why it’s been back burnered for so long, but it shouldn’t impact effectiveness. I realize that you may not have been implying it would though.

>>canjob+3c
One is for their private contact discovery system[1] and two because they were trying to promote Signal as a default messenger with iMessage like automatic encryption upgrading. A goal to enable people to adopt it even if all their friends weren’t converted yet.

[1] https://www.signal.org/blog/private-contact-discovery/

Of course, this feature is Android only as iOS doesn’t allow default alternatives.

>>canjob+3c
https://news.ycombinator.com/item?id=22328856