this post was submitted on 15 Jul 2023
73 points (95.1% liked)
The Signal messenger and protocol.
1639 readers
1 users here now
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Signal made a foolish decision to remove SMS support from their app. It was a good way to get people in to use the app and build the user base - it's easier to say to people "try signal, it also replaces your text messaging app" than to say "try this other messenger in addition to your texting app and whatsapp and etc..."
When they made the decision it was also announced on a pompous and self congratulatory way in my opinion. They posted a long post talking about being more secure rather than recognising that they were inconveniencing their users by removing a feature. Users can't decide how someone is going to send them a message but they can be advocates for adopting signal when they receive an SMS from someone.
There seems to be a lack of awareness in the Signal team of the strategic benefit of supporting SMS, when you're competing with other convenient but not as secure popular systems like WhatsApp you need a unique selling point. An all-in-one approach was a good trojan horse way of getting signals secure comms into people's lives.
While I believe in Signal I find myself defaulting to WhatsApp and my SMS messenger. Even people I know who do have signal, and who I conversed with previously are preferring to contact me via WhatsApp now. Signal is the more secure and independent option but it's convenience that really drives adoption for a lot of users.
It was not foolish. It was a security decision and the right one. The goal of signal isn't to have billions of users, the goal is to become a privacy and security centered app. If a feature prevents that it should be immediately removed.
So why do they only allow users to signup to Signal with a phone number? If they really were about privacy and security, they should allow signups via username+password only.
There so much money to be made for just knowing who is talking to who. Who is using the app and when. Even if they can't get at the content of your messages.
I don't trust them one bit.
You confuse privacy and security with anonymity, they are different things. Also, with the sealed senders option, the sender are hidden.
The person I'm talking to is allowed to know who I am so I'm not anonymous. Signal doesn't need to know who I am. It doesn't matter what you call it, that's the feature I'm waiting for to motivate a switch.
That said, I looked up sealed senders. They really do go above and beyond to end2end encrypt as much as they possibly can.
It's just a shame that they insist so hard to tie user accounts to phone numbers.
@Dienervent @andrewm @citytree @animist @BananaTrifleViolin
Signal was originally designed with phone number as the key identifier. This is to facilitate contact identification and building the social graph. The real issue is not that you need a phone number to register with signal. The problem is signal exposes the phone number to all people with whom you communicate, including in groups. That is a big privacy concern, especially if you a part of large groups where you don't want everyone to see your phone number. This is a well known issue and the solution is to have disposable usernames along with ability to hide phone numbers from contacts.
Signal is currently working on these and some previews are available already. Hopefully that should be released soon.
Honestly, I think the problem here is that people have the habit to use the wrong app for a specific use. Signal is, conceptually, similar to WhatsApp, Built for discussing with people you already know (for WA is stated on the website too "Friends and family"), not for any stranger people in the world. So, it shouldn't be used for that, app/protocol like Matrix, Threema and Telegram fit better that purpose
Signal doesn't know who you are. A number don't reveal your identity, and, usually, you should be just a gov. entities to discover that. Does matter what you call it: Signal is for privacy (they have your number, but they don't know who you are, who you write and what you write), not for (full) anonymity (they don't have any information, including number, on you).
Anyway, they're implementing the username too.
First, you're conflating privacy with anonymity.
Secondly, they are one of the few orgs (maybe only?) that have been subpoenaed multiple times and they've published documented evidence
[0]
that even when compelled by law to present all the info they have on any specific user, all they know is:Feel free to trust whoever you want, but the source code to Signal's clients and server are open for anyone to criticize, and they have been. They're not perfect, nobody is, but they're also one of the few orgs out there showing that they're willing to put up or shut up.
Criticize in a constructive manner. Don't be dismissive and spread FUD by stating "I don't trust them" without backing up understanding the Signal threat model and mixing up privacy & anonymity.
[0]
https://signal.org/bigbrother/