* sub-par user experience: WhatsApp is just nicer and smoother, and people tend to like that
* very few people understand that Signal DOES NOT get your full contact list, while Facebook (through WhatsApp) does
Especially the second point is very relevant with the current situation — you do not necessarily want to expose your entire social graph to Facebook. But so few people understand this, and even fewer grasp that Signal can still work without doing the same thing.
The full contact list is uploaded to Signal servers by the phones. The only protection layer that users have is the questionable security of Intel's SGX.
It's still much better than what WhatsApp is doing, just not a black and white situation.
To add a point to your list: Signal does not have automatic cloud backup of messages, unlike WhatsApp. On WhatsApp, 30% of users have cloud backups enabled [1], meaning that you can basically assume that any reasonably sized group's messages can be accessed by people who have subpoena-power over Google (chance that there is no backup-enabled account in a group of n people is (1-0.3)^n... for 6 people it's already 12%).
Do you have a reference for the claim that your full contact list is uploaded to servers? That seems important since their privacy policy says that they only use hashes, and it can’t be dependent on SGX since it runs on non-Intel hardware:
SGX is for the servers not the clients. Their enclave is open source so you can theoretically audit it using RA.
I say theoretically because these schemes all have a core problem when they're not federated - you have no idea what your client is really doing and it's the client performing remote attestation with the enclave. You have no control over it. It could update tomorrow and switch every last bit of encryption off. Or it could do RA but not pin the enclave hash to anything audited (i.e. it accepts any enclave signed by Signal).
It's not a theoretical problem. Facebook say that WhatsApp is end to end encrypted, in the same way as Signal. That didn't stop them blocking people from forwarding links related to coronavirus. The literal and entire point of E2E cryptography is to stop them monitoring and interfering with people's communications, Facebook have been assuring governments for years they're powerless to do that, but of course the moment Facebook wanted to fight "misinformation" it all went out the window.
Fundamentally Signal and WhatsApp can never provide meaningful encryption or privacy. They don't allow alternative clients, so regardless of how much code they throw into the mix they control the entire pipe end to end and can just as easily switch it off again. And the moment their employees feel they have a sufficiently good motivation, it'll happen again.
How do they know a message is forwarded? The encryption is meant to make identical plaintexts encrypt to different ciphertexts, so obviously they must be leaking the forwarding status in unencrypted parts of the message. And why is an encrypted service trying to combat misinformation to start with - isn't that a contradiction in terms? These things raise difficult questions. You'd hope that once a service decides to go fully encrypted, its staff would believe that what kind of information going over it or how accurate that is, isn't any longer their concern.
There’s a counter added to the encrypted portion of metadata of the message. The receiving client increments the counter by +1 if it forwards it. At some point, some client receives a message that has the maximum amount of forwards and thus the option to forward it won’t be shown by that client. This is handled in-app. An old or modified client won’t do anything with it, you can try it. It’s not a server-side thing but embedded in the E2EE’d data.
OK. Where is the argument then? You've asserted, but not argued.
Today, Signal is claiming their encryption means the only data they have to give to government is date of install and last use. In the past they also claimed WhatsApp uses the same cryptography as them, at least for messages. These two claims cannot both be true. If there's some incredibly subtle detail that means deliberately exposing forwarding metadata in WhatsApp but not Signal they should really clarify that because it's not something I've ever seen a discussion of, and it doesn't follow from the cryptography they're using.
They can both be true. Signal Protocol for message encryption is something different than Signal the official Signal Protocol client. ;) That’s where the difference lies and why the statement can be true: WhatsApp uses Signal Protocol for its encryption, but WhatsApp isn’t Signal.
Yes, it's hashes of phone numbers instead of the phone numbers themselves, but that's a detail. Phone numbers are easy to brute-force especially for people the protesters are worried about, as well as easy to build rainbow tables for.
It's truncated hashes, not full hashes. So you don't see exactly which phone number it is, you get a bucket and the client checks if the full hash is in the bucket. Which is far from perfect, but it's a little better than the full hash.
I think you might want a better way of phrasing that: it’s not the “full contact list” - most people would assume that includes names and all of the other metadata - and since it’s rate-limited there’s an interesting trade off where it’s not easy to brute-force but it is targetable if you are trying to track specific known people.
The name, profile pic, etc. is less relevant than the social graph itself. State actors already have phone number <-> name mappings at least about their own residents. If you are just curious about who's visa applications to deny because according to data collected by your IMSI-catcher many of their contacts have participated in an anti-government protest, then the name etc. isn't really relevant.
I would disagree with the "that's a detail" statement. Properly salted hashes make building a social network graph much more difficult. It's only relatively easy to brute-force a single number.
I don’t think they are salted. When someone joins signal they are compared to your hashes. That is how you get notified that one of your contacts have joined signal.
If they were all individually salted, there would be no way to compare against new joiners.
A hash of the phone number is as good as the phone number itself. Given a list of all phone numbers in use, it's trivial to build a rainbow table for them. And many you can also brute-force.
Actually Signal is uploading contacts with their first and lastname to the cloud now. Or is planning to do so. Read their blog about that f-ing PIN feature. Its explained there. I hope they don’t go through with it, I absolutely do not wish to use some cloud; not even Signal’s. My data should be 100% local. And that they’re gonna push this without a back-up feature for iOS feels a bit like them raising their middle finger to us.
Honestly even if the UX is still behind WhatsApp, I have seen it improve continuously since I've started using it. Images (with annotations), videos (with some controls like trimming), gifs, sound recordings, stickers, emojis... it's great and honestly good enough for most imo. Especially compared to WhatsApp which isn't really on the bleeding edge of social features either.
> WhatsApp is just nicer and smoother, and people tend to like that
Ive used both for a while and WhatsApp is aweful, at least on iOS by all standards I can find. Signal feels like iMessage with reactions, voice recordings, and handy tools. WhatsApp feels dated, clunky, and for groups it gets very very messy fast with out reactions.
I don't think Signal is "really hurt" by WhatsApp being slightly smoother and nicer. Signal caters to those who put a premium on privacy, they are ready and willing to have a slightly less "nice and smooth" UX.
Why does it "really hurt" Signal that are sub-group of the population is ignorant of its features? I doubt that's going to stop people from downloading a privacy app, most people don't care about privacy anyway, and if they do, they will DL signal.
> I don't think Signal is "really hurt" by WhatsApp being slightly smoother and nicer. Signal caters to those who put a premium on privacy, they are ready and willing to have a slightly less "nice and smooth" UX.
Having a slightly worse UX because that's just security considerations is one thing.
Having a slightly worse UX because reason that isn't related to security is another.
I've tried getting my wife onto signal, and while she's happy to try it out because I ask her to, she struggles to stay on it due to by day to day UX. I'm happy to deal with the issues, the general is not. And because they're not, I'm stuck with WhatsApp too.
If signal wants to have a shot at taking over WhatsApp and help with addressing the core issue at hand, specifically encryption between users, they need to address the UX. Sure if you can't address certain things because it weakens security fine, but if you're not addressing them because they think users won't mind because they're here for something else (i.e. security), it's gonna be a much harder sell, and it'll just stay a niche market.
Yeah you have to manually start an encrypted chat. I always thought that increased the sense of security since you have the lock symbol and all but apparently people prefer encryption by default.
Encrypted in transit... But stored plain-text accessible in Telegram’s cloud. They store all your metadata, full contact list, all conversations, all media and attachments, etc. If you value your privacy, Telegram is the absolute worst and one of the most dangerous messengers out there. Telegram should never be recommended as a secure alternative. It’s insecure right to their core. Heck, even their secret chat crypto is a joke. Telegram should be avoided at all costs for private and/or sensitive communication. Even WhatsApp is wayyy more secure.
The biggest drawback with Signal for protesters is that it exposes the user's phone number to everyone else in groups (just like WhatsApp does). There is no way to even hide the fact that you have an account on Signal. I can add phone numbers by enumeration into my contacts and Signal will show who among my contacts is on it. If the authorities don't use tactics like they did in Hong Kong, the protesters may be safe from being spied on (or worse).
Signal is not only used by protesters[0][1] so discovering that a phone number is connected to a Signal account by no means implies that the phone is used by a protester.
Yeah, if you're ever asked why you're on Signal, just say you wanted to stay in touch with a programmer friend who's not on Facebook/WhatsApp, and they suggested Signal (that is now literally true as well - I suggest you try Signal, friend)
If the law enforcement is talking to you in the U.S., the only right answer is "I'd prefer to have a laywer here."
Not a joke, for real.
They are experts at getting you to talk to them even if you know this. They are experts at getting you to say things that incriminate you or your friends -- that you or your friends have done nothing wrong (in your opinion/as far as you know) will not protect you.
The only answers you should be rehearsing or thinking of in advance are "I would like a lawyer" and "I would like to remain silent." They are rehearsing how to get you to say incriminating things, a lot. Rehearsing or thinking up any other answers only plays into their strengths. Even knowing this, I've been tricked into talking to them, to my detriment. They are really good at it.
You should actually be careful to say exactly this phrase: "I want a lawyer" and not a word more.
> [W]hen a suspect in an interrogation told detectives to “just give me a lawyer dog,” the Louisiana Supreme Court ruled that the suspect was, in fact, asking for a “lawyer dog,” and not invoking his constitutional right to counsel.
Okay, he was asking for a lawyer dog, and not invoking his constitutional right to counsel. If he kept his mouth shut otherwise, that would do him little harm.
Yes, the advice is good, but this is targetted against "operating an unlicensed dispensary" -- it is important you realize because you think you've broken no law still does not make you safe, you need to not talk to the police without a lawyer, for your own safety, even if you think you've done nothing wrong.
You (or your friends) can go through serious inconvenience and pain, from lengthy and expensive legal battle (during which you may not be allowed to leave the state etc), to conviction and sentance, even if you don't think you've done something wrong. Innocent people and/or people who didn't realize they were breaking a law get convicted all the time.
Talking to the cops will not help your situation. Not even when they say "Look, we may have it wrong, if you just tell us what happened we can get this all cleared up." Not without a lawyer.
I’ve heard this before but here’s my practical problem: I don’t know any lawyers. I have literally no idea who to call in such a situation. Do I have to go find and retain a lawyer beforehand just in case I might need one later?
You might want to find one advance, but you just have to not talk to the police UNTIL you find one when you need one. You in fact have the constitutional right to this.
Even a last minute lawyer who may not turn out to be ideal is better than no lawyer. A public defender may also be an option in some cases.
When you say the 'magic' legal words "I want a lawyer", they should not talk to you anymore until you have one. In most cases, you are or will be at home with plenty of time to find a lawyer. In some cases you may find yourself detained/arrested ("Am I being detained? Am I free to go?" are other 'magic' words). They may try to tell you that if you would only talk to them, they would let you go -- they are VERY LIKELY lying.
Do not trust that you can tell or sense if they are lying or not. They are experts at tricking you, they are trained and have lots of practice in it. They are legally allowed to lie. (In my personal experience, they did lie about exactly this -- they said "if you just talk to us, you can be on your way", I talked to them, I got arrested anyway.).
Getting arrested sucks; talking to the police without a lawyer can make it much much worse.
tldr; no, you don't need a lawyer in advance, you can ALWAYS say "I would like to remain silent, I would like a lawyer", and you always have this right, and they can not talk to you (or use anything from talking to you) without a lawyer once you've said this.
Most of the time police will arrest you, book you, and then you call a bail bondsmen to get get out or family/friend. Then you find a lawyer. Think DUI, assault, theft, drugs etc. Detectives won’t really question you but it’s still a good idea to say nothing to a street cop.
If you’re in serious trouble like a murder, financial or computer crime you’ll probably be questioned before you’re arrested. That’s the time to be silent and request a lawyer. You may start out with a 1-800 lawyer who will come and tell you to keep quiet. Later you can find a new one if needed.
There are services where you pay a monthly fee ($20 a month in my case), and you get a card with phone numbers for a law firm (actually it's a service that will connect you with a lawyer local to where you are). You get access to a lawyer for a certain amount of time without extra charge, the amount of time increasing the longer you pay for the service. If you get into serious legal trouble you will end up paying for a lawyer anyway, but a service like this will help in those circumstances where a cop wants to question you, and you want to say "I want a lawyer present."
I agree with some of the other commenters that you really should say the word "want", not "wish" or "would like". You need to be clear and emphatic about having a lawyer present.
There are others. Do a search for "prepaid legal services". Most of them have similar prices (~$20 a month) and provide similar services (wills, traffic tickets, document review, etc). Like I said, if you get into serious trouble, you will have to pay for a lawyer. This is like insurance. In my opinion, if it helps you avoid saying something stupid to a cop, it's probably worth it.
It's not a bad idea to have a relationship with a lawyer. Talk to family/friends/co-workers. Somebody will have a name for you.
We made a relationship with one I found through family via estate planning (not his specialty) and land deals (not his specialty).
Now I have a name to say out loud when I interact with police. This has happened twice. The OP is right, they'll do everything they can to get you to talk, but understand that if a police officer is talking to you, they're digging for information to incriminate you. In my case, I was a witness to something, and they cuffed me and made me sit on the curb. No possible way I could've needed to be cuffed and questioned. And that was the approach my lawyer took when he came. Best $100 I ever spent.
> but understand that if a police officer is talking to you, they're digging for information to incriminate you
Are you sure you're not exaggerating? I've totally seen incidents where cops were only talking to see if they've even found the right person. They lose interest pretty damn quickly when they realize they're talking to the wrong person (even to the point of rejecting extra evidence you might offer yourself). Whereas I'm pretty damn sure in these cases you cause yourself a lot of (short-term maybe, but still) grief if you suddenly go on the defensive and plead the 5th. It unnecessarily makes you look guilty, whereas a couple minutes of talking can make it crystal clear to them you're totally clueless.
In my experience, no, I am not exaggerating. In my run-ins with police, they had no clear suspect, so everyone was a suspect. In one case, they questioned me, and had me go through a polygraph test. They didn't inform me of my rights to an attorney, because I was not formally arrested. They also did all of this without legal representation or parents (I was 16). They did it just to be able to tell me that I failed, and that I should confess now and they would go easy on me. For a crime I didn't commit. They even lied about what I said at the scene of the crime to say that I contradicted myself, or the responding officer wrote it down wrong.
I do not believe it is a good idea to speak to police unless they have a clear suspect, motive, evidence, and other indicators they are not fishing for you to be the suspect.
I firmly, firmly, firmly believe short-term hassle and a lawyer's bill are much better than the long-term ramifications of an arrest, even if you are not convicted ultimately.
They could very well have been lying to you about failing the polygraph test too. They are legally allowed to lie to you.
Of course, they can arrest you even if you don't talk to them. It's ultimately up them whether to arrest you, not to you. You don't necessarily get out of getting arrested by not talking to them. (If they say you can get out of getting arrested by talking to them, they can be lying!). But you make it much worse by talking to them.
I spoke to a family friend who quit the police department I was dealing with over ethical concerns. He said that it was pretty standard practice, especially when dealing with a case they had zero suspects on. He said, "they'll bring you in, they'll tell you you failed, and they'll tell you that if you confess, they'll go easy on you because you're so young. It's not the results that matter on a polygraph, it's the answers you give. Don't lie, and don't incriminate yourself."
He was 100% correct. They brought me back to the station, into an interrogation room, and after about an hour of waiting, told me exactly what he said they would.
I lost all respect for law enforcement through that process.
And the cop will say "I don't believe you you terrorist" and lock you up until you say something else. This has happened time and time again, including in the latest Hong Kong protests, on American border interrogations and it will happen in these US protests as well.
Once you're on the list of suspects from someone elses Signal chat, you're not going to persuade a suspicious official by bullshitting.
Do you have a source for the claim that this has happened at protests in Hong Kong? I haven't heard of anyone being arrested here on the basis that they had Signal installed.
They got arrested by association. Signal chat group is such an association, just like other chat groups are. Except that Signal guarantees to give out your phone number (and by extension location and personal address) to every single person in a chat group.
There have been lynchings in India based on this kind of data leaked by WhatsApp which resulted in them finally allowing joining groups anonymously.
How does that matter? Perhaps due to the potential scenario in question being interrogation by law enforcement that doesn't have your best interests at heart, not "who has the better witty retort to score points online?".
FWIW, many of my friends actually could say this, for I am a programmer who's not on Facebook/WhatsApp and recommends Signal.
It definitely needs to be more reliable, though. The last time I tried to call someone with Signal instead of just using it for messaging, I got a ringing indication but they heard nothing and then after a few seconds the call showed up as missed, and the same happened the other way around with them calling me. There seem to have been about 500 updates to the iOS app in the past 5 minutes via the app store, though, so many whatever caused that was a short-lived glitch.
I’ve had this happen with normal carrier phone calls as well so it appears till be nothing special. Maybe there should be a different tone for “finding device(s) to ring” and “ringing device”.
I got a group of friends to use Signal because of the following:
1. Sharing videos/pictures/memes is terrible in an SMS group chat
2. One person in the group has bad cell service, so we needed something that would send messages over Wifi
3. Half the people are on Android, so no iMessage
4. 1/4 of the people aren't on Facebook, so no messenger
I was the one who suggested Signal. I did so because I like the end to end encryption, but that was not a selling point for anyone else. They just cared that it solved the problems above.
That doesn't change the fact that all phone numbers are visible to all group members. All it takes is one rogue participant to reveal the identities of all members. If that actor has access to triangulation data they now have identity, location history, words and possibly images/video.
Yeah, it's optimized for communication between trusted parties (e.g. Snowden and a journalist) - as such the focus is on verifying the identity of the other person, not hiding it. It'd be cool if they figured out a group chat setting that was optimized for groups like protesters trying to coordinate - show your identity only to users you are directly connected with/have verified/whitelisted, but hide your identity to everyone else.
Except the whole point of OTR-like messaging was that you can communicate with someone who you can't be entirely sure you trust in perpetuity (that's why messages in Signal and similar systems don't have non-repudiation -- neither party can prove to a third party that a message really was sent by the other party). Now, obviously the metadata worry is separate to how the message cryptography is implemented but it does seem odd to have a threat model which is somewhat confused on this question.
OTR also allows you to do key verification -- all encrypted chat systems support that. The point isn't that you cannot be sure who you're talking to, the point is that the communication transcript cannot be provided to a third party as evidence that either party in the conversation said something.
This is fairly simply implemented in OTR. Rather than signing the message with an asymmetric keypair (as you would with PGP), you sign it with a HMAC. Thus both the sender and recipient could create a valid message from the sender (giving you the property that only the two people in the conversation can be sure what was actually said by the other party, without being able to prove it to a third party cryptographically).
I'm sure this is an underrated part of why discord became such a big thing in gaming communities. With so many toxic players and threats against a person so common, a good threat model would care a lot less about surveillance and a lot more about everyone seeing your phone number
The issue isn't somebody proving you have a Signal account, the issue is somebody identifying members in a specific group used to communicate about a protest. That way a state actor can find the phone number of a key organizer, persuade their phone provider to share their location, and take them out.
The point made by the parent commenter was that you can join any group (if you get someone to invite you) related to a certain topic and get the phone numbers of everyone in that group.
I am not sure about the situation in the US, but in Europe almost all phone numbers are directly linked to a certain person and address by the provider.
One of the points which, yes, I agree with, but I mainly responded to this:
> I can add phone numbers by enumeration into my contacts and Signal will show who among my contacts is on it.\
> I am not sure about the situation in the US, but in Europe almost all phone numbers are directly linked to a certain person and address by the provider.
Or you can go to a corner shop and buy a Lyca or Lebara SIM with cash. No need to give them your address. You can buy top ups in cash as well. At least in Western Europe this is available everywhere, pretty much.
(I'd still prefer if Signal didn't require phone number to sign up though.)
I've had to provide "home" address and passport/identity docs to purchase SIM cards in Norway, Germany, and Italy. I believe Chile will not sell SIMs to non-citizens.
Off the top of my head, I think it was easier in France (although this was 16 years ago), Iceland, UK. I also recall it being easy in Aus/NZ. Fairly easy in the US as well, I believe, but as I'm a resident, I don't think too much about what address to use when having a prepaid SIM shipped to me, nor do I ever expect to have to show my papers for something like this. (although, of course, a postpaid account usually involves a credit inquiry, so ID docs would be used privately, not for government reasons, for what that's worth).
> Or you can go to a corner shop and buy a Lyca or Lebara SIM with cash.
Which is still a stable identifier that other people know you by, so you will likely keep it a long time and amass a trail of location data. Also its trivial to tie to the IMEI, so if you actually want to change nyms you have to buy a new phone as well.
Everything about the legacy phone system is a liability. Contact discovery is difficult, but tying into phone numbers should be optional and only for the duration of setting up a contact. Using phone numbers for long-lived identifiers is insane.
> Or you can go to a corner shop and buy a Lyca or Lebara SIM with cash. No need to give them your address. You can buy top ups in cash as well. At least in Western Europe this is available everywhere, pretty much.
There are many countries it isn't legal in, which is a shame. The ability to get an anonymous phone ought to be something people care about preserving.
It's illegal in the vast majority of countries [1] including Germany, France. Attempting to build a safe secure communication system around phone numbers that is suitable for situations like this, relying on them as being somehow anonymous, is just a complete non-starter. Even if you don't have to register the phone number, the cell provider will still know your location history. I think it just shows how America-centric Signal is.
In fact, that's the main reason I'm using it, and the main counter-argument to 'I've got nothing to hide', IMHO. Sure I don't, but there are plenty of people who justifiably do.
This was allegedly used by the authorities in Hong Kong during protests there in 2019, but using Telegram. Telegram responded by introducing a new setting that hides your number from people that aren't in your own contacts.
Telegram has off-by-default E2E encryption with a less vetted algorithm that only works for 1:1 chats, and less focus on minimizing server knowledge. That's clearly not
Telegram is not opensource, Signal is...and yes you can setup your own server with Signal. Why trust a Closed-source-Software? Do you even know that it is encrypted?
The encryption takes place in the client though, which you can verify by looking at the client source code. I find your comparison with Facebook a bit lacking, a better one would have been by looking at the Firefox code to verify if https traffic is encrypted.
By using phone numbers as IDs signal can rely on your phone's local contacts (meaning they don't have to send your social graph to their servers). This way they can keep very little metadata on you.
There's pretty much nothing for them to turn over except the fact that your phone number has the signal app.
Most of the other secure apps could turn over your entire contact list (which could be damaging for people in a protest that are being targeted).
Confirming a single phone number has the app is not nearly as big of a deal (I'd argue it doesn't matter at all).
I've lost track of the number of times I've had this conversation but here we go:
There's nothing inherent in phone numbers here. Both iOS and Android also allows you to add e-mail addresses (and other identifiers) to your local contacts. I'm yet to hear an argument as to why e-mail addresses or other identifiers can't be used in addition to phone numbers, or why it would be a complicating factor.
My guess would be that phone numbers are guaranteed to be unique IDs that (almost) every phone will have which simplifies things and reduces the risk of someone impersonating someone else.
I think they are working on non-phone number IDs though (Moxie was in an earlier signal thread on HN recently and mentioned it).
Phone numbers are also guaranteed to be recycled. Every single whatsapp contact I have that's older than 3 years is no longer the original user. I know this because their profile picture is shown to me for some reason. Phone numbers are an outdated system that have no place in modern communication, especially not privacy software.
There is an issue on Github that is collating the problems they are working through. I've lost track of it, though, unfortunately. I've been pretty cynical about it in the past, but the last time I looked at the issue, it does look more complex than I first imagined. I wish it were higher priority, though. Hopefully somebody will remember the issue and post it here (it was from an HN post that I found it originally). Unfortunately, I'm not even sure what project it's under and there are many projects.
In that spirit, emails (when discovered on a device) are also unique IDs. Even if someone's email is The-Dog@someprovider_dot_com authorities can still track that this mailbox was accessed by IP x.x.x.x and this IP is provided to phone number 555-12345 which belongs to Henry Bemis.
It will take the authorities a bit more time (i.e. someone throws away their burner phone and authorities hack it)(with the assumption that phone numbers/SIM activations are provided using valid ID as it happens in many countries).
All typical attacks on Tor are known for many years already. If you follow the advises from the Tor website, it will be very hard (nearly impossible) to find you. What do you mean by "quite easy"?
By quite easy i mean, when you have global surveillance in place. All tor-nodes are public all tor-exits are public, if your system can track connections from one node to another node and then the exit-node everything is clear.
It is enough to have at least a few independent relays to cover the trace. Everyone who can should be running a relay node at home I guess. Also we generally need more participants in Tor of course.
There is also I2P network, which is even harder to break (unless someone owns practically all nodes there).
Well i run a node (not exit) and yes it's better then nothing, but to fully trust Tor is a big nono, i said nothing else. Protections from private company or country's yes..but protection from GCHQ/NSA probably not.
And no you can trace it thru the ISP's, the problem is the latency, Connection from here to there in that millisecond trace one...and so on.
If you are speaking about the timing attack, then you should consider I2P. It makes them significantly harder. In general, I agree that if your enemy is NSA, you can do very little. But you can make their life harder, and you should.
> Most of the other secure apps could turn over your entire contact list (which could be damaging for people in a protest that are being targeted).
But that doesn't help much if the entire contact list is a list of trash mail adresses (in the case of Wire) or a list of random IDs (in the case of Threema). And at least Threema does not store any information about your contacts on their servers.
Can you obtain a phone number without any ID in the US? Because you can't in large parts of Europe.
> Can you obtain a phone number without any ID in the US? Because you can't in large parts of Europe.
Yes. About 10 years ago, before Google Voice, I needed a local area-code number to work with my apartment buzzer. I bought a $15 Tracphone with cash at Walmart and activated it at a payphone (mainly just to see if I could).
iCloud contacts, which is how Apple phones store and sync this metadata for you, is not end to end encrypted, and is available to Apple and the military intelligence community without a warrant.
Using phone number as ID has been proven idiotic since forever now. As much as I like Signal this is such a design flaw that it makes their software not only untrustable but often unusable too.
Signal could still validate the phone number via SMS and immediately discard it afterwards.
Personally I liked the way ICQ did it back in the day, they used a uniq ID just for their service decoupling it from a phone number.
If Signal wanted to avoid long numbers, they could use a CorrectBatteryHorseStaple approach which is what Xbox does for their usernames if you don't pick one.
If that helps, there is a rate limit for checking whether a number is in Signal: with a single account, you can only check 4320 phone numbers a day. This makes mass user enumeration attacks somewhat less practical.
why not? Wire[1] doesn't tie your identity to your phone number. OpenWhisper devs too are aware of Signal's limitation (it was even discussed here on HN recently).
Late post, but I'm just wondering why nobody has mentioned Briar Project. I think it's designed to remedy some of the issues mentioned here: https://briarproject.org/
I don't think that's a great idea until Signal stops exposing the phone number of the user to everyone else (for all the bashing that Telegram gets on cryptography, it has mechanisms to hide one's phone number and even the fact that one has a Telegram account from others).
Absolutely agree. I really wish Telegram would get off the phone number system, especially after the embarrassing hack in Brazil. It's not explicitly Telegram's fault, but if your primary authentication method is insecure it's at least a little bit your fault.
Phone numbers are NOT safe. I don't know why SMS MFA is even a thing, they're worse than passwords.
When you use phone numbers or SMS for security, you are putting the fate of your entire company's security on an underpaid customer service rep at Verizon.
Secret chats are tied to one single device, which may be ok for some people. The bigger disadvantage is that you cannot have group chats that are end to end encrypted. Only person to person chats are allowed as secret chats.
I disagree. Telegram addresses a different issue from Signal. I see signal as a tool to message people you already know and/or trust, but you do not want a third party to be able to listen in. At the point, it doesn't matter if the other party knows my number or not.
Telegram on the other hand is better for issues like this, where large numbers of people need to communicate anonymously without prying eyes.
They're addressing the same issue for different markets. That's all it is.
GP here. It’s no different from WhatsApp in this sense. But WhatsApp is even worse because it shares communication metadata with Facebook (though message content is end to end encrypted).
Having 'Message me on Signal' as status message on WhatsApp and not replying to non-urgent messages from Whatsapp helped to covert some of my contacts.
Nobody gave a shit about my status to contact me elswhwere. People just open the existing conversation and never see it anyway. And most don't care, or want to switch.
Whatsapp is THE messaging standard in my country. Hell, even our politicans use it for communication. "Apping" is even used by news outlets to describe communication by Whatsapp.
We used to have SMS and MSN. Now it's either Whatsapp or Messenger. Depending only on the fact if you have the others phone number or not.
Honestly I don't really understand this. I'm a longtime signal user who installed whatsapp recently (family group I had to join) and.. It feels more or less the same to me. Maybe it's because I haven't allowed any unnecessary permissions, but I don't see much functionality that's different. Statuses maybe?
I'm not using Signal as heavily as I was in the past (due to the fact that they dropped support for Chromeos), but issues that I personally was annoyed by:
- message delivery was not very reliable when your connection is poor and intermittent (think wifi in the underground between stations)
- when you need to resend a message in a group, you need to tap "retry" once for every recipient in the group
Issues that my friends complained about, justifying their non-use of Signal:
- you cannot create links to allow people to join groups (obviously this is a nonstarter, without first allowing people to be in groups pseudonymously)
Signal cares so much about UX that they're starting to agitate security/privacy diehards. They've implemented features like stickers and message reactions that the diehard community calls "useless". And they recently implemented PINs with the intention of storing your encrypted profile and settings for easy recovery on a new device.
I applaud the direction they've taken. These are the kinds of features that will acquire and retain a broader user base.
Actually WhatsApp only uploads numbers. Ironically, Signal is contemplating uploading your full address book to their cloud for “easy recovery”. Which is a nightmare if they follow through with it.
In my opinion Desktop Clients > Browser Clients when it comes to messengers. If you have more than ten tabs open it is annoying to always have to switch tabs or break out a window. Having a desktop application that remembers where you want to save stuff people send you is a plus too.
If you really like having app-like websites, you can do that in Chrome by clicking "Create Shortcut" then click the box that says "Open In Window". Voila. It behaves like a native app, and you can embed it in your Windows taskbar with a favicon and everything.
Electron isn't as safe as Chromium. Last I checked it's based off a vintage build of Chromium with some very important features like the sandbox turned off (!)
My opinion is the opposite, because Electron is quite heavy (which is an issue for Signal Desktop at least), and because you can't use browser containers to use multiple accounts.
There are other options than Electron. Telegram's desktop app is a big factor to why I use it.
There's one big drawback though that's relevant here, and that is that it doesn't support E2E encrypted chats, those are confined to the phone app. I guess it's a security feature, I haven't looked into it too much, but I don't think it would be that difficult to share keys locally between devices you own.
I don't know if many people here don't know about the feature, but most browsers support pinning of tabs makes this relatively easy (especially in combination with Alt+<number> for switching to tab <number> from the left-hand side): https://support.mozilla.org/en-US/kb/pinned-tabs-keep-favori...
Just make a new browser profile for your browser client. It will have its own window, and different profiles prevent windows of the same browser from being collapsed onto each other on some platforms.
Whenever key management is centralized, there is basically no security from the legal authority in the jurisdiction that the messaging vendor is located in. The vendor can always push you an MITM key. They can even show you the "correct" recipient key when you physically verify but use a different one for the actual message transfer and this would be a trivial easy to obfuscate switch in the program binary.
E2E with centralized key management is primarily to protect you from casual/private threats (vendor employees, snoopers in your or your recipients network) not from legal authority.
The Signal Foundation is based in Mountain View and both Moxie Marlinspike and Brian Acton are US nationals...
What’s stopping some US government agency from forcing them to insert code that causes the Signal app to a indicate it is behaving correctly but isn’t?
And don’t say “laws”.
If your threat model includes advanced persistent threats all bets are off.
Does it tho? It changed a lot during the last years and for most stuff I do with my friends (videocalls, textmessages, recorded speechmessages, pictures, videos, groupstuff, desktop app) it just works fine.
It's been a massive battery drain for me as I have no Google services. It's a known bug. You can't really turn off that drain either in favor of getting messages later.
Other apps like Threema or Telegram might delay messages sometimes, but at least they keep my device operational. If I'm punished for opting out of Google's spying, I at least want to choose the punishment.
The desktop app takes several minutes to open (at least on Linux), so I find that the only way to use it is to start it at boot and always leave it open. I'm still hoping that someone may create other clients, e.g. a Pidgin backend.
The mobile apps, on the other hand, work really well. Been using them for years now, both on Android and iOS.
When did you last try it? Startup speed of Signal-Desktop has been much improved in recent months, like, by an order of magnitude. Maybe give it another shot.
It opens pretty quickly for me, but almost every time it wants to be re-linked to a mobile device.
Signal is really annoying with all the things it wants me to do. Re-linking a mobile device. Re-entering a PIN/password for no reason other than to prove that I still know the password.
And when I'm finally logged in it shows me a completely useless selection of mostly obsolete contacts.
I think you need to open it at least every other month or so, otherwise it loses the pairing. I've never had to relink a desktop instance under any other circumstances.
You can turn off the PIN reminders in Settings → Privacy.
I feel like I'm constantly re-linking machines. I have 4 computers I use regularly, so it's a hassle. I can't say for sure if it's been a month since I last opened the app-- maybe a week or two, sure.
The desktop app situation is pretty similar for all messaging apps. I don't really know any messaging application that has good, native desktop apps. Can't really include iMessage in good faith due to the platform restrictions.
It's just a fact that Telegram has more features. Every few weeks I get a notification with a long list of features, it's a more rich experience. My main favourite thing is just that gifs show up bigger.
Muted chat, chat groups, draw on photos, stickers on photos, quiz / polls, dice rolls.
Signal does cover the basics well through (GIFs, voice messages, video, photo, replies) and it has a clean interface.
Also lacks proper fast and memory efficient desktop client, good cloud backups, settings for almost everything (traffic usage/space/visuals), programmable bots. And I'm not saying about some features that for example I use a lot, like "Channels" (Almost always for news, but with ability to offline access to linked websites). Anyway: you just have to test for yourself how comfortably fast their software is on both desktop/mobile platforms.
Tho sure I like Signal very much, it's just not a product for "average human" for now.
They’re working on support for email based accounts rather than just phone numbers. This will likely open up that possibility.
I’m looking forward to it as well as my only Telegram use case is using it as a notification service for my servers. All my chats are transitioned to Signal.
You get that on Signal. I’ve got it on my phone, laptop, and tablet and I see the chats on all of them.
Do you mean message history when setting up a new device? They are working on that, but it’s not so easy to do without storing all your chats with a server side encryption key. Apparently something coming soon though.
On iOS, Signal has implemented a data transfer from one device to another directly. It's of no use if one loses one's device or just hands over the old device to someone else before completing the setup of the new one (people are accustomed to setup a new device from backups in the cloud, which Signal won't support).
"Won't support" is wrong, this is explicitly on the roadmap, they've stated that multiple times. "Doesn't currently support" would be more accurate. For the technical aspects, secure cloud backups are going to be made possible with https://signal.org/blog/secure-value-recovery/.
Maybe this is an okay trade-off for you, but Signal's phone number as ID requirement means they can rely on the local contacts kept on your device and keep very little metadata about you on their servers.
For Signal desktop on Linux to not require that I validate my mobile device randomly to read my encrypted messages. If it used GPG then this wouldn't be a problem.
It looks like a yellow notification that says you need to re-link your mobile device, and in order to do so you have to take a picture of a QR code from your mobile device.
Telegram is THE standard in messaging apps. It's basically flawless. It's extremely fast, and it works every single time. Notifications are rock solid on every platform, it doesn't hog your battery and it feels fluid to use.
Signal, Wickr, WhatsApp and others do not have this experience. They all have drawbacks and do not feel Telegram fast.
As far as I am aware E2E only works on mobile and I think Mac for Telegram, although there may be third-party apps that support it. As long as you use E2E then I believe it has a lot more active users and probably has received an equal amount of security validation, so you should be fine.
I feel like I’ve repeatedly seen on HN that they’re not a good choice for secure messaging (though I don’t remember the specifics around it).
Signal and Matrix are the two options I’ve settled on.
[Edit]: Looks like the main issues with Telegram are that it doesn't use end to end encryption by default and that they rolled their own encryption protocol that's likely not secure. They also used to leak a ton of metadata, but from searching around it looks like they may have made improvements. Either way seems like something to avoid when there are obviously better alternatives.
Telegram is not E2E per default. They claim to not turn over data to authorities but I doubt that claim. Signal on the other hand is fully end to end encrypted.
Telegram's homegrown crypto has been dismissed by many people (including experts). But it offers privacy features that some other messengers do not. Is Signal trustworthy considering that it exposes your phone number to everyone else in groups? With Telegram it's possible to communicate with anyone without revealing your phone number or profile picture or anything else.
The phone number issue is pretty overblown since it's a clear and intentional tradeoff that allows signal to retain very little metadata (leveraging local phone contacts instead of sending your social graph to their servers like everyone else). Moxie Marlinspike is the founder/co-author of the protocol and Brian Acton put in massive funding after the FB/Whatsapp fallout - not sure you can get better than that?
They're also making moves to make the phone number requirement unnecessary. What privacy features does Telegram have? It sounds like they don't even have encryption on by default and people have also dismissed their security? Why would anyone use them?
> Telegram's homegrown crypto has been dismissed by many people (including experts).
Only the expert's opinions are of any value IMO, and I've never seen anyone showing an attack on Telegram's encryption. Telegram themselves seem to claim that it's never broken. I often see vague criticism over the fact that they use their own protocol, but never anything more detailed than that.
GP here. I agree. I believe there’s a stigma against Telegram. There was one security issue with the MProto version 1 several years ago, which was reported (given a bounty too, IIRC) and fixed. I don’t recall any other issue being reported after that.
I switched my friends from Telegram to Signal a few months ago and it’s been great. Probably depends on the features you use most frequently, but we switched as soon as message replies were added.
Honest question for those in the know: If I wanted to run my own personal “analysis” to verify the security of Signal, where would I start? Is it even possible? Just curious if there was a way to “know” rather than “trust”.
Related question, is there an endorsement from a recognised expert? I'd have to live with that since I won't be getting an advanced degree in cryptography.
Heh, I'd never even looked at the website. The four people they have there seem good enough for me. At least Schneier, Green, and tptacek seem to be technical enough, and the others will have big enough need to have done the due diligence properly.
There's a lot more than just crypto. Its much more common for systems to fail in the supporting code then it is for the crypto to be wrong. So first step is probably learn reverse engineering and verify the crypto is being used correctly.
Unless the build is reproducible it would be smart for a paranoid person to use the published source code only as a comparison with the decompiled app.
Certainly not required. A PhD will teach you a lot about methodology but not necessarily the technical details required and involved in secure multi-party or P2P messaging.
How do you know that the binary you run actually corresponds to the source code you read?
EDIT: and would you then also review every commit to make sure nothing bad gets introduced? No, at some point you have to place trust in the vendor, the developers, independent audits, etc.
We're making great strides into software being completely deterministic. The Bitcoin project for many years has had completely deterministic binaries and a ceremony process for GPG signing the output with many individual parties.
How do you know the compiler actually compiles the source code to the binary you expect without injecting backdoors? How do you know that the hardware actually follows the instructions in the binary as they are specified?
How do you know you're not living in a computer simulation in which the operators can access your data without any backdoors whatsoever?
Cartesian doubt becomes pointless at some point. If you're worried that the deep state has implanted microchips in your brain to prevent you from analyzing signal, it probably doesn't matter because at that point they wouldn't need to hack signal to get to you.
A less snarky and more realistic answer is: threat models and risk assesment. (Non-divine) adversaries generally have limited resources. The limit may be high, but its still there. You can realistically worry about a government coercing a service to hand over keys, because that's easily within their power. On the other hand, having a giant conspiracy-trusting trust style-where every compiler & microchip has a backdoor that is inserted into every tool ever compiled, is a bit unrealistic. It would take thousands of people to be in on it to pull it off, spread across many countries (who hate each other) over at least 50 years. Having that many people, especially academics, keep that type of secret for that long is basically impossible. If they could do that, it would be child's play to have most of the protestors be gov agents, so if you think this is realistic, worry about that first. Anyways, in my judgement governments don't have that kind of power, so its probably not something to worry about.
So, to conclude, estimate the level of power and influence you think your enemies have, and then take steps to rule out the possibilities that your enemies have done the things that are theoretically in their power to do. Start with the possibilities that are most likely multiplied by how bad it would be for you (liklihood*severity = risk)
That's my point, you can't establish trust by checking everything yourself. So you delegate to other things as an approximation. In this case, Signal seems to be reputable, have competent developers and afaik no history of leaks or malevolence so I would rely on that rather than a half-assed source code review.
You can build the source locally, then compare the MD5 hash value of your build to (1) the hash value they post publicly for their build and (2) the actual hash value of their build once you download it.
Assuming all three match, you know that the binary matches the source.
Someone who is more technically inclined can probably go into more detail on this.
This is actually more involved than it sounds. It is pretty easy for the compiler to introduce nondeterminism and result in slightly different binaries. I know this for a fact because I fixed a couple bugs like this in LLVM.
For the curious: we actually were intentional about finding these, by compiling many programs with the same parameters on different machines. One with a 32 bit OS and toolchain, the other one on a 64 bit machine, and we would get alerted when we produced binaries with a different checksum.
MD5 is not safe for this use case. Assuming the provider is malicious, this is exactly the scenario where MD5 is broken (i.e. it is possible to make source code that compiles a certain way so that you can make another binary that has the same hash but is different. The bright side is the attack would have evidence as there would be certain patterns in the binary that could be detected if you knew how/where to look. That said, just use sha256)
I never realized signal code was available open source... so in theory one could “build” then load the software via developer tools (assuming you have an iOS dev account).
I like signal, mainly because it's open source. One minor annoyance though, perhaps someone knows how to fix it: when I use Signal on either my phone or my laptop, going back to the other device makes it sync the messages. But it does this really slowly, making a notification noise for each message, sometimes for several minutes. How do you either coalesce them or just do it fast? Doesn't seem like it's really a speed issue.
>Signal and other encrypted messaging apps offer limited protections. If police have access to an unlocked phone, they can still read any messages on it that haven’t been deleted.
In general, forward secrecy can't work if you insist on keeping the messages. If you truly want the messages to be gone for others you have to have to make them gone for you as well.
I actually like Signal, and would use it a lot more, but don't because of one feature - link previews. I understand the technical reasoning why are they so slow to adopt it, but I (and a group of people I communicate on a daily basis) would probably accept even a half-baked solution like the one on WhatsApp.
You want your encrypted chat application to emit DNS queries to your ISP. As another Signal user, I do not want that. Nor do I want the bloat of this and other features that will make the core functionality worse. Next we'll want Memoji's and animated drawings and fireworks.
My point is, there is already an app for that. Signal has a completely different purpose.
You can generate a preview on the sender side. I think WhatsApp does it like that. Since you're the one sending the link, you've already opened it/know what's behind it. The receiver would basically get a thumbnail, with no egress traffic.
As for the DNS, if you're concerned with the DNS of your ISP, you shouldn't be using it anyway (I don't).
Don't extrapolate what I said. I like link previews and don't like Memojis and bloatware. But more often than not I like to know what's behind the URL. Maybe I don't wan't to open the site, or already seen the article, or the preview is enough to get information (like weather?).
If we're on the road to proliferate privacy-conscious behaviour, we need to give something to "the masses", so they can enjoy the experience. And I want my mom and dad using products such as Signal, so I can use it with them. I have no use of it if my friends are not using it, and I'm all alone on the whole network. I don't support bloatware, but some sugar is needed.
If you opened a PR with the websites you're missing, I'm sure they'd be open to it.
I see sibling comments mentioning that they wouldn't want this feature (which is already there) because of its privacy implications, but I think that it basically works like gifs, with a proxy controlled by Signal.
I never found link previews useful. I always try to disable them when I can, and take care to not post a link with a preview (where I can) so as not to polute the visual space of the chat. The only case where I enjoy them is in Wikipedia.
Even though it's generated sender-side, AFAIK, you wound't even know it is there as a feature. You paste a link, wait some time, and a preview appears. If you send it immediately, there is no preview. Which is acceptable, but at least give some kind of indication that the preview is being generated. Or for some links there is just no preview, and you stay there like an idiot waiting for a preview to appear without any notice it failed. Sometimes the preview is just not that good, although it's also up to the link optimisation.
Has anyone here successfully convinced their non-techie friends to switch to Signal? How have you done it? I've been trying on and off with my closest friends, but no luck.
Yep (or at least, less techie friends). Strategy is to not have WhatsApp - which leaves plenty of other alternatives (SMS, email, calling, Twitter DMs, whatever) for people who do need to contact me, but Signal is just considered easier by some. I just made sure that I've got groups chats for all my social circles that I add everyone who joins Signal to.
Additionally, taking the initiative for fun activities (or always being eager to join), which -besides being fun- gives people without Signal FOMO, haha.
Edit: Well, "switching" is a big word. They've got it installed, use it to contact me, and some have started using it as the primary means of communication with others who also have it. Most of them will still use WhatsApp even for contacts who are also on Signal though.
I tried but couldn't. It just wasn't sticky enough for people to continue using it. Perhaps something like this latest growth could help?
I tried with Telegram after failing with Signal and that worked for many. For whatever reason (I assume the user experience is nice and more compatible with Whatsapp etc), non-techie people do prefer Telegram to Signal in my experience.
> Has anyone here successfully convinced their non-techie friends to switch to Signal? How have you done it? I've been trying on and off with my closest friends, but no luck.
I've gotten my girlfriend (now wife) and parents to switch. My siblings use it sporadically, but I think mostly to talk to me.
I got my family group chat setup in Signal. The biggest problem was how long it takes signal to sync your contacts. WhatsApp can do it in seconds but signal was taking an hour or more (this was on Xmas day).
I've convinced less than 3 clients to send me their sensitive credentials via Signal. I've instructed and asked dozens to use the service but most just use email.
The thing about using these kinds of tools (IMO) is that it is effectively a giant flag waving at the NSA saying "hey: over here, I'm doing something worth keeping a close eye on!"
And once they get sufficiently interested, they can crack pretty much anything the market can come up with.
So if you're trying to hide stuff - old school is probably best, innocuous code-word language stuff, keep communication to a minimum, leave phone at home, etc, etc.
> The thing about using these kinds of tools (IMO) is that it is effectively a giant flag waving at the NSA saying "hey: over here, I'm doing something worth keeping a close eye on!"
That's why I use Signal to chat with my wife and parents, and pretty much no one else. Secure apps need to become mundane so they don't draw attention, so I prioritize using them for mundane things.
The more people that adopt Signal, the better. I've been using it for years due to privacy concerns and usually ask everyone that I regularly communicate with to adopt it. I don't think it indicates any subversive or illegal behavior, but merely a desire to have private communications remain private.
I use signal, but am a little bit at unease because it's free. What's in it for the developers? Whatsapp is e2e and all that but the reason it got bought by facebook for an obscene amount of money is what gave me pause
> I use signal, but am a little bit at unease because it's free. What's in it for the developers?
I feel your question subtly touches on one of the reasons people like open source and develop for it - there are many people who just enjoying doing their tech-nerdy things and giving it away for free. Before it was called Open Source it was Freeware, Public Domain and other words - the inherent desire to just do something and give it away for free is inherent in the nature of some folks, with no expectations on return (money, fame, etc.). Postcardware and Beerware were even a thing - "like my thing? send me a postcard from where you live" and I sent a bunch of postcards. :)
They're currently funded by donations [1] by individuals and organisations - among whom one of the WhatsApp cofounders, who made a significant investment using his WhatsApp money.
The Signal Foundation is a 501(c)(3) nonprofit. They're funded by Brian Acton (former co-founder of WhatsApp, net worth ~3 billion), donations, and the Freedom of the Press Foundation. They are not owned by Facebook not sure why you said that.
Just an anecdote, I live close to the town I grew up in, which happens to have a large high-end mall. Over the weekend there have been large peaceful protests (“protest” perhaps isn’t even the right word, more like a show of solidarity) in the town common, a 2-acre square at the center of town.
Police apparently got a tip on Monday night that a separate group was planning on looting the mall. They intercepted a convoy of cars many with out of state plates gathering in the empty parking lot and which fled when they saw the police.
I guess that’s one thing that works in favor of suburban malls being only reachable via car, versus the destruction inflicted upon urban malls in my State.
Apparently there had been public social media posts calling for the looting which got passed along to local police which deployed ahead of time to close the mall and clear out the parking lots.
Op sec is particularly difficult I guess when these groups do not have pre-formed networks and are just sending out public recruitment posts to commit crimes.
Anecdote aside, I think that Signal isn’t going to support the many-to-many broadcast messaging that large groups would need to organize effectively (whether peaceably or otherwise) and a system which allowed mass coordination is that much more likely to be infiltrated (see e.g. Project Veritas’ latest work against Antifa).
Family members of mine were at the town center to show support for BLM. The town police spokesperson was interviewed on the local news and there is video of the police response at the mall.
A couple friends of mine are professional organizers, and I know their orgs use signal for pretty much anything sensitive. I dunno how much they like it, but it's something they all use regularly
One has to wonder about behind the scenes heuristics as it pertains to taking a chance distributing a backdoored version sideloaded into the App Stores. One also wonders about whether the encryption or app are possibly compromised generally (even if the source is vetted and distributions are verified)
Perhaps most of interest though would be how many phones are owned otherwise, to give access to the protester Signal comms anyway
And also metadata must still fly around anyway, no?
Signal does a pretty good job at minimizing the metadata it has access to. For example, the app can tell you who of your contacts has Signal installed but the Signal service itself never gets to see your contacts (https://signal.org/blog/private-contact-discovery/).
The problem is that in many countries, one's phone number is already killer metadata: it is linked to your identity, because you cannot purchase a SIM card without showing ID (a copy of which is made and sent to the authorities). Consequently, a repressive state can determine which of its citizens has installed Signal, and merely using an app known for privacy might already be grounds for persecution.
Apparently Signal is working on identifiers different from a user's phone number, but it is not clear how many people will actually take advantage of this feature.
Presumably those that need to will use that feature. The value is still there as the only way for someone to find out if you have Signal remains the same: brute force. If people who need to keep their Signal use private are using an identifier not tied to their identity, brute forcing will not be useful.
The uncertainty as to how many would use it is likely why it’s been back burnered for so long, but it shouldn’t impact effectiveness. I realize that you may not have been implying it would though.
Signal absolutely could do better in minimizing metadata by simply not requiring a phone number. Despite this obvious, huge, and dangerous shortcoming, I have never seen a single explanation of why Signal needs a phone number for signup.
They give an explanation literally every single time this subject is brought up, but of course on the Internet there's someone who against all possible odds manages to completely ignore years and years of the reasoning being linked to or given by a person at Signal in every single possible thread on Signal possible anywhere on the Internet, but what can you do?
The typical answer is that a secure app is useless if no one actually uses it, and the use of phone numbers is an unfortunate tradeoff that had to be made to allow the general public to easily sign up for Signal and find their friends automatically from their phone's contacts.
Often this answer is accompanied by pure sarcasm where if you are concerned about this feature, you are told that Signal is not for you and "you can go play at being a spy and sharing a secret decoder ring with your friends", as these people regard PGP to be. I wish those Signal advocates could lay off the sarcasm, it just makes the project look bad.
One is for their private contact discovery system[1] and two because they were trying to promote Signal as a default messenger with iMessage like automatic encryption upgrading. A goal to enable people to adopt it even if all their friends weren’t converted yet.
First time hearing about Matrix standard. But in case the clients are maintained by some individuals - why should we trust them that there are no backdoors in their compiled binaries? Seems like a nice project! But probably it will take it's small niche, probably for now it is not wide spreaded, haven't heard any noise about the standard.
Can you elaborate on virtual number? Don’t I have to pay for a virtual number that is essentially linked to my credit card... with my name on it. GV also knows who I am.
It depends of course on your specific situation, but Google Voice offers free virtual phone numbers. No credit card, and you can set it up without personally identifying information.
You can easily find others by searching. You can also use pre-paid credit cards if you must pay.
Long-time Signal user but I'm on the verge of moving I think. There are several UX shortcomings but the new PIN nag is a bridge too far. What are my options for alternatives? I imagine Telegram is the next best bet but very open to suggestions.
Keybase has end-to-end encryption and you can connect to people without publishing the fact. But unfortunately, it was recently purchased by Zoom and probably won't be headed in a good direction in the future.
Of course, Keybase's main idea is to have a verifiable public identity which might not be what you want.
Threema.
Don’t provide your phone number when signing up, and don’t permit it to access your address book. Set a recovery password. It’s not free, but a one small fee per app is worth getting my privacy back.
Oh and it’s hosted outside the jurisdiction of 5-eyes!
I like Threema. You don't have to provide a phone number to create an ID with them.
You can create a backup of your private key in a completely offline way but there is also an online backup for convenience.
Telegram is great for public things like huge groups or newsletters. But no encryption by default is a no go for me.
I have been using an app provided by my company (finance) called SecurLine
It's weird how simple it is, and I don't have to provide my phone number like on Signal
Wire, not phone number based and they are working on distributing their backend and making it FOSS. Client is already FOSSand they've been audited a few times iirc.
I've been using the RiotX beta app for android last few weeks and yes it is definitely in beta, some parts just won't work. But basic chatting, joining rooms and communicating with their "fediverse" works just fine and looks very modern.
Same. The UI is just atrocious. It’s fundamentally a better product but just doesn’t come through as a whole. Evidently they learned nothing from Gimp/Photoshop.
While I assume Signal is very good at keeping your neighbors and the like out of your business, I feel like the NSA must have some ways of getting in to signal if they want. Like if they have backdoors to get in to iPhones I assume they can replace the binary and get at your info.
Idk after learning about the Snowden revelations I assume every computer is compromised. I mean didn’t x86 have unpatched vulnerabilities for like two decades? It’s really hard for me to imagine that apps like Signal running on iphone or android can offer enough security to keep out the NSA. But I’d be very curious what folks think about that. I’ve told my drug dealer friends “signal is fine for selling weed but if you commit a murder they will probably find a way to get your messages.”
> While I assume Signal is very good at keeping your neighbors and the like out of your business, I feel like the NSA must have some ways of getting in to signal if they want.
'You have to go back in history, at least to the time when the devs dropped sms encryption and even earlier.
The main developer, in a matter of weeks, had turned from someone harassed by the TSA into a receipient of a major government grant ($13 mln). Then he received lucrative contracts with the “greatest” bastion of privacy, Facebook and affiliates. You don’t get that by accident. You get that by providing your own significant part of the bargain.'
* sub-par user experience: WhatsApp is just nicer and smoother, and people tend to like that
* very few people understand that Signal DOES NOT get your full contact list, while Facebook (through WhatsApp) does
Especially the second point is very relevant with the current situation — you do not necessarily want to expose your entire social graph to Facebook. But so few people understand this, and even fewer grasp that Signal can still work without doing the same thing.