I really don’t get why so many people are turning this into a privacy versus anonymity debate when the real problem is censorship.
Yes, Signal needs a phone number to sign up, but replacing that with an email or username doesn’t make it anonymous. The real issue is that governments are blocking the registration SMS, so people can’t even sign up for the app in the first place.
Sure, there are workarounds, but most people aren’t going to jump through all those extra hoops just to use an app. If we want to spread privacy, how do we do that when Signal’s phone number requirement is actively working against us?
Instead of arguing over privacy versus anonymity, shouldn’t we focus on making sure everyone can access Signal without issues? What do you think?
https://fair.tube/w/4QCyVXns5fpUUqhkQRnu3b?start=2m25s
Starts in Deutsche; she switches to English for þe talk.
Different people have different wants and needs.
Your real problem might be censorship.
But your uncensored messages are going to other people who might have a problem that’s not censorship. When you sent that message to your uncle last week about all the horrible things done around the world, and he gets stopped at the border to another country, and they used a certain unlocking software provided by another country with a really big intelligence service. Now his ass is waiting in lock up for agreeing with you on a message. His problem isn’t censorship.
There are lots of ways to avoid censorship. There are very few to remain anonymous while you’re doing it.
Everytime Signal fanboys hype Signal up, it reminds me of this XKCD: https://xkcd.com/538/
You can just do self deleting texts.
I credit a good part of my success bringing friends and family over to Signal to the fact that it emulates what ordinary people are used to: a centralized service where people’s identities are associated with phone numbers. No need to teach them anything new, just download it, punch in your number, and then punch in my number. I think Signal is targeting exactly that and putting more anonymous and decentralized models way on the back burner. Concepts as simple to us as ‘instances’ are surprisingly difficult to explain to newcomers, and I wouldn’t be surprised if accounts not associated with phone numbers pose a discoverability issue.
This all might be sidestepping the question a bit since I haven’t dug deep into the issue, but my thinking is that Signal, in its current state, should be seen as a transitional solution until things like SimpleX become more mature and widespread.
It is a centrakized service.
And yes, the familiarity makes it easy to get people to switch. The phone numbers made my contact discoverable so I had an easy way to find out they’re on signal.
Where are you seeing gov blocking SMS?
How about this - in order to get a sim card to receive that SMS in most EU countries, you need first to provide your ID to the goverment. Also applies for many other countries with less rights. Some of which might become suspicious if it’s a second separate SIM to your normal use one. So yeah, so much for anonymity.
- That didn’t answer my question
- Doesn’t matter what country you’re in. You don’t need a SIM. All you need is a number, which you can get from a variety of places like MySudo or jmp.chat
- No one said Signal provided anonymity.
2 and 3 are the whole point of the original post.
How do you figure?
Sure, there are workarounds, but most people aren’t going to jump through all those extra hoops just to use an app.
Must not be important to them then.
you need first to provide your ID to the goverment.
Doesn’t need to be a government issued ID iirc, also doesn’t have to be issued by the country you are trying to purchase it in.
There’s any number of reasons for SMS not to be sent. I’ve had this problem on various platforms as well.
The point is that people can’t sign up for Signal due to blocked SMS. Arguing privacy versus anonymity is pointless when there is a denial of service.
These are 2 unrelated conversations. If you want to have either one of them, we can do that, but you can’t use one to argue the other. You can’t argue that you can’t sign up for Signal because the service isn’t private. That’s simply inaccurate.
This is never written anywhere in that comment. Is it too hard to read? Which part is confusing?
You haven’t provided any evidence that it’s “blocked” or that there is any “denial of service”. As far as I can tell, the user has network issues.
Why are all the ‘network issues’ always effecting phone numbers starting with the same country code?
Anonymity is part of fighting censorship. State actors will try to undermine that.
shouldn’t we focus on making sure everyone can access Signal without issues?
I’d rather ppl not use US-based centralized services, hosted on amazon’s servers, and subject to national security letters.
There are far better self-hostable alternatives that aren’t hosted in burgerland.
Not opposed to the overall message but for the national security letter it worth remind people that the communication is E2EE, before propagating some certain level of panic.
Even with full e2ee, they still have
- Your real identity (via phone numbers)
- The real identities of everyone you talk to
- Who you messaged, and when
With this its easy to build social networking graphs, and tag everyone implicated with a targeted account as an accomplice. Reading and trying to build meaning from the e2ee message content is almost less important than social graphs.
E2EE isn’t the magic solution everyone claims to be: https://xkcd.com/538/
I know of matrix, what are some other alternatives?
Also a protocol that got falsely maligned during the crypto days was secure scuttlebutt, and people should be talking about it more.
Matrix, SimpleX, Briar(not a huge fan of this one since its android only), XMPP (only if you have encryption addon).
https://github.com/signalapp/Signal-Server
But you’re right about decentralisation. The main issue is:
They went a whole year without publishing updates to repo a few years back, until there was a big community backlash over it. Also you have no guarantee that’s what they’re running other than: “just trust us”.
What is this slop? Libre software has never meant we control what other people do with their servers.
it’s been asked a lot and I’ve seen others respond about how the passcode and account username that were added in the last few years are steps in the process to make accounts not dependent on phone numbers. I’ve just given them the benefit of the doubt that someday we won’t be tied to a phone number anymore
We should be working to get more people to use XMPP rather than signal, Whatsapp, etc.
Yes but Signal is libre. If you’re already failing, stop making it harder. Get others to care first, then go for decentralisation.
Signal is like TSA: it’s security theater. Any entity serious about security will not do these things that Signal is doing:
- Hostility to non-Google appstores
- Using phone numbers and SMS for signup
- US-based entitity controlling the ecosystem
So what messaging platform is actually serious about security per the points you have described?
SimpleX is promising, but seems very new.
Telegram is better than Signal on many angles, but has other problems.
I don’t think there is a perfect app yet. But Signal’s aggressive marketing is security-theater, not real security.
Using SimpleX for some time now, can only recommend… only had an issue in France, though last time it just worked.
Telegram as a platform is amazing. Feature rich while still easy to use. Easy to create useful bots too. Sadly the rest is questionable.
There’s a lot of dead accounts downvoting you BTW.
deleted by creator
It does need one to sign up and make your account.
It no longer needs one to contact somebody. You can share a username instead of your phone number. That may be what you’re thinking of.Yes it does
Don’t spread misinformation
I don’t see this announced on their website.
