Gonna be gonest 99% of people’s issues with signal using phone numbers is just FUD
Like compare that to matrix where you have massive timing vulns, or xmpp with crypto years behind in updates, its pretty fuckin clear which one does a better job being a privare messenger
Causr thats the thing, from the start signal’s primary concern was privacy that means nobody can read your messages but you and the intended recipient. And it does a damn good job of that.
The phone number thing is not a matter of privacy, its a matter of anominity, and a pretty minor one at that. All a MITM or whatever could prove is that you’re using signal, nothing about who you’re talking to
Signal claims not to store that information, okay nice, but the whole point of E2EE was that you don't have to trust your server.
>Like compare that to matrix where you have massive timing vulns, or xmpp with crypto years behind in updates
That other protocols are worse isn't an argument that not being able to easily have more than one identity and tying the one you have to legal documents is good, actually. Private messaging in 2024 sucks, great, we have that thread every month at the very least.
@affine ok but realistically what can an EU government do with the fact you’re a signal user?
@dangerdyke @affine interestingly, no one can ever answer this
@affine @dangerdyke Installing Signal *isn’t* an admission of breaking laws, though. Have there ever been any convictions that relied on someone simply *using* Signal as the evidence that they are committing crimes?
@dangerdyke @affine Wait so you think that courts are falsifying records to cover up evidence they’re being given now? And the defense is fine with that?
I'm not trying to discourage anyone from using Signal, I'm using it myself for talking to people I know IRL and happily shill it to WhatsApp/Messenger/plain SMS users, I just don't get why a principle of "don't ask for sensitive info you don't need" isn't a complete no-brainer and is instead met with demands for proof that someone was already harmed for it.
@destroy @dangerdyke I mean, out of:
Asks for sensitive information it doesn’t need
Devs knowingly left a side channel vuln for 7 years or so, and deprecated the library only when a furry blogger set their asses on fire
Extremely easy to misuse, and existing implementations don’t negotiate versions
Also asks for sensitive info, and is proprietary and owned by Facebook
Signal wins, but it could just, like, not ask for my phone.
I don't buy the spam prevention algorithm, as someone who gets spam SMS at least every week and used to get multiple spam phone calls from different numbers every day after some asshole recruiter sold my number.
Clearly getting enough burners isn't a problem for the viagra merchants out there.
The only thing it achieves is that people who can't afford 2 sim cards can't separate their identities, even when using the username feature.
Realistically, I'd bet that 99% of e2ee users don't even need the encryption in the first place, as they're using it for small talk and cat pics only. Keep up the "hurr derp privacy nuts using encryption without a threat model" rhetoric, and if you'll have your way and nobody will use e2ee without a very good reason to, _then_ merely installing Signal will be an admission of breaking laws.