Comment by hnarn
2 years ago
> The concept simply boils down to as soon as you find an account’s phone number, it’s a game over for that said privacy
You completely misunderstand what kind of privacy Signal aims to achieve. Signal protects you from eavesdropping and data hoarding, two major privacy issues with solutions like Facebook Messenger for example.
They do not and have never claimed to offer a service where “privacy” means nobody knows who anyone is, it isn’t Tor and I wouldn’t want it to be.
If you don’t like the goals and design choices of Signal, just use another service.
There are benefits of the choices they’ve made, namely ensuring that most users of the service are “real people”, which I think is great. It’s not a social network, it’s a messaging app between friends that solves issues presented by alternatives like SMS or Instagram; that’s it.
> Signal protects you from eavesdropping and data hoarding
How on Earth collecting a phone number may be considered as not data hoarding?
It's a lot less like data hoarding than keeping a separate copy of your social graph. What is an adversary going to do with a list of phone numbers that are known to have signal accounts and nothing else?
Hoarding =/= collecting the bare necessities. Signal needs one piece of data to distinguish users from each other, and collects that. Hoarding would be to collect (significantly) more pieces of identifying data, more than needed to distinguish users. Signal does not appear to be doing that.
Because they don’t know anything except the phone number so all they have is a list of phone numbers which maybe people use. Quite different from Facebook reading everything you send, for example
A list of phone numbers and little money is easily exchanged to names and addresses on black market in many countries.
2 replies →
They either already store or would be able to log everything about who is sending messages to whom, and when.
That's the vast majority of what intelligence agencies actually care about. They rarely care about message contents anymore.
4 replies →
Are you misunderstanding what data hoarding means on purpose or do you really think it’s equivalent to the business model of say Google or Meta?
Matrix and XMPP also provide privacy without requiring a phone number
(Or a phone, even)
That's a fact, and many people use XMPP and Matrix more because of that. We need to stop relying on phone number identifiers as described here: https://dessalines.github.io/essays/why_not_signal.html#phon...
The news today is a step in the right direction for sure, but more needs to be done if they want more privacy and anonymity-focused people to use it. This section on what makes a good messaging platform still resonates: https://dessalines.github.io/essays/why_not_signal.html#what...
> Signal protects you from eavesdropping and data hoarding
Do they?! We can ask Tucker Carlsons about that https://www.reddit.com/r/signal/comments/16evuej/did_the_nsa...
As long as you can’t host and use your own server, you should never assume that.
> There are benefits of the choices they’ve made, namely ensuring that most users of the service are “real people”
You communicate with your colleagues and clients over emails and you know they are real, you probably play games too and use discord and you know they are real, meanwhile you can be talking to bot in twitter that they are registered with a “real” phone number.
> Do they?! We can ask Tucker Carlsons about that https://www.reddit.com/r/signal/comments/16evuej/did_the_nsa...
A lot of people in the comments have things to say about that video.
Personally, I wouldn't trust anything that comes out of Tucker's mouth.
Focus on the issue, not the person (Tucker), you might not trust a person which is fair, but you are still trusting Signal’s server, you can NEVER know if they have a memory injection backdoor running in there, you can audit the code as much as you want and it still passes, yet, the messages are compromised.
3 replies →
[dead]