Comment by Klonoar
6 years ago
That's not the representative experience for most consumers/users. Most people do have a phone number, though, so it's easy enough to bootstrap with.
I might not agree with the phone number thing, but I recognize the tradeoff being made and am willing to begrudgingly accept that for right now, Signal/Moxie are probably making the right call. It's not like they're not moving to fix it anyway.
Also, unless I misunderstood him, the APN bit is referencing push notifications, and he's right - if that's out there, it could identify you not just by phone but by Apple account in general. You realistically can't use Signal without an Apple ID, as you couldn't get it from the store otherwise.
> You realistically can't use Signal without an Apple ID
I do, because I got it and signed up for an account on my Android phone...
Okay, I realize what you're getting at here, but it seriously irks me when people talk as if Apple was the only ecosystem, or even the most popular ecosystem, when it is neither.
I probably don't even need a Google Play Store account if I can find an unmodified APK that's signed by OWS.
https://updates.signal.org/android/Signal-website-universal-...
Source: https://signal.org/android/apk/
Thanks! I must admit I never looked for one, the point was more about the possibility. I think this implies it is definitely false that OWS would be able to identify you without a phone number. Because there are ways to use their app without providing any other personal identifier.
> That's not the representative experience for most consumers/users. Most people do have a phone number, though, so it's easy enough to bootstrap with.
It's a trap most don't realize they are falling in. It's easy to set up things without one time registration step (instead of making a user id and password, just download some client and boom - you are set). But think about it. One time(!) convenience is paid with constant(!) reduction of privacy.
Compare it to one time inconvenience of registration step, that gives you constantly better privacy. I'd say the second is the obvious choice.
And it's easy to sell this "convenience" for the clueless, but it's also evil to do so, because most don't realize what they are paying with. So I blame developers who are proliferating this approach. Unlike many of their users, they know very well what they are doing, and they exploit people's cluelessness and natural preference for convenience.
The second isn't better by default - no matter what, you're trusting some organization/entity somewhere in the chain.
Furthermore, your comment just eschews what Signal has said elsewhere - if you have a social app, you need a social graph to operate. They have to piggyback somewhere or else store a bunch of data themselves, and it's clear that they take their time to make sure they're doing something as best as possible before committing to it.
It's also not developers proliferating the approach. This is what the market developed into, and if you want your product/service/whatever to be successful, you have to win with that constraint. What you're describing is idealist, but not realistic at time of writing this. Hopefully it changes, but place the blame where it's appropriate.
> it's clear that they take their time to make sure they're doing something as best as possible before committing to it.
If you mean developers of such tools, they are surely not doing it "as best as possible", because they by design chose the worse approach. Decentralized approach is more difficult, but it is as best as possible.
> This is what the market developed into
Yeah, right, and developers just follow the "invisible hand of the market". It's not an excuse in the slightest, for fooling their users into trading off their privacy for convenience. Those who create such tools bear responsibility for what they created and for proliferation of such approach.
"You realistically can't use Signal without an Apple ID, as you couldn't get it from the store otherwise."
Isn't this the issue people are complaining about. They want to install this program without going through an "app store" to get it.
Is it possible to avoid using APNS. Probably it is enabled by default even the user does nothing with her phone and installs no third party apps. What if the user blocks the DNS requests to Apple.
If you don't accept push notifications, sure, you wouldn't technically be using APNS - the tokens change every time you give access for notifications. Last I checked, there's a connection to APNS running on every device or something... so blocking it would be interesting.
You'll be SOL on iOS anyway, ultimately - you're def not building it yourself with Xcode without an Apple account. Jailbreaking may be a fit here, but in defense of Signal, jailbreaking was kinda dead for a few years and only recently became usable again. Altstore[1] is... interesting, but I don't have enough experience with it to comment further.
I get what you're after, but Signal's not about to ignore the massive iOS userbase, and these are defining parts of the iOS ecosystem currently. You either play by those rules or you probably don't grow.
[1] https://altstore.io