[exocron]

> from a privacy perspective I have no reason to be made aware of the fact that one of my old bosses who's number is in my phone is on Signal and neither should they know that I am on Signal for the same reasons (or lack thereof).

I agree that there are some contacts that I would rather not know that I was on Signal, but, unfortunately, this is an impossible problem to solve when the goal is to create an end-to-end encrypted messaging platform where your identifier is your phone number. The server has to know when a number is not a user so the app can fall back to sending unencrypted SMS (although why Signal falls back to SMS is a mystery to me) and it also has to carry the current public key for each user so that you can be sure that you're talking to who you think you're talking to.

Put another way, even if Signal didn't advertise that, "So-and-so is on Signal, say hey!" you could still theoretically determine whether or not a given number is on signal by sending a message to that number. If it fails, you know they aren't. And if it succeeds, well, then you know they are.

[dooglius]

>this is an impossible problem to solve when the goal is to create an end-to-end encrypted messaging platform where your identifier is your phone number

Right, the use of phone number as identifier is flawed by design, and not secure

[couchand]

A big part of practical security is usability. It's hard enough getting most people to adopt Signal or other encrypted messaging services. If they couldn't "just send a message to a number" it would be that much more difficult. The tradeoff seems worth it in this case.

[ubercow13]

People seem fine adding each other on Facebook without using a phone number. When I add people on LINE messenger I use their ID not their phone number. When I meet a new person and exchange some contact details, it is rarely a phone number. I would also like to talk to some people who I do not want to know my phone number. I think this tradeoff was a mistake for Signal.

[couchand]

You are clearly not the target audience for Signal. There of course is a space for the type of app you're describing, but saying that the tradeoff that Signal has chosen was a mistake is to misunderstand the goal there.

[codedokode]

What goal do you mean? Sell users to marketers?

[couchand]

Do you have evidence that this is happening? Otherwise, completely FUD.

The goal I was referring to is making it easy for regular folks to use end-to-end encryption. Any real measure of security needs to be practically usable by the intended audience, and the clear and consistent intended audience for Signal is regular folks who don't have a sophisticated threat model. If any other identity scheme were used, I'd guess the number of Signal users would be an order of magnitude smaller.

This is not to say that there aren't great reasons to have more elaborate secure messaging systems that address these questions, for anyone with a different security model.

[newscracker]

Usability? Signal prevents backups on iOS and has no solution for someone changing a device (or even restoring a device from a backup) to carry over the conversations and retain chat history and group memberships. This is because it puts security above usability.

It’s also buggy in many other ways (e.g., sending safety number change messages when nothing has changed with the device or number; contacts sending messages and asking if it was received, etc.).

Signal is quite bad on usability compared to other apps.

[codedokode]

You can just provide a choice, whether user wants to use a phone number and a real name, or just an anonymous login, not linked to anything. Why Signal doesn't want to do this? They don't want users to be anonymous, they want real names, addresses and GPS locations I assume.

[22c]

I wouldn't say it's an impossible problem. It's fairly simple, in my mind.

If someone tries to send me a message on Signal it should go into purgatory. On my end, I should be able to see who is trying to send me the message (yes, including their phone number, given that is how Signal has decided to uniquely identify users) and I should be able to see what their public key is. Then I should be able to either accept that message, which would essentially make my presence on Signal known to the other party, or choose to first verify that the public key matches that of the other party via the existing "in-person" verification method.

Alternatively, I can leave the message in purgatory where a message from someone I don't trust belongs and eventually times out. Not only do I never see the contents of the message, but the sender of the message will also never know if I am on Signal.

[gervase]

> If it fails, you know they aren't. And if it succeeds, well, then you know they are.

This problem is solved in an interesting way by Keybase Chat, in which messages sent to non-existing accounts are "delivered", and can then be read if that account is created later on. It requires re-keying of the message by the sender, so it's not exactly a "fire and forget" solution, but it's pretty neat anyway.

[segmondy]

This is like saying you want people to know you use PGP or encryption implying that those who use such tech have something to hide. I see no problem in anyone knowing that I use Signal. If anything it communicates that I'm serious about privacy and security.