Hacker News new | ask | show | jobs
by Mediterraneo10 1987 days ago
How sympathetic are the Signal developers to the concerns of dissidents, really? Signal has had a policy of many years to require a phone number – buying a SIM card now requires providing government ID in so many countries – and only now have they promised progress on this front someday. They also recommend that users install through the Play Store, and they only grudgingly provide a standalone APK. Anyone with the Play Store installed presumably has the full Google software suite that leaks location data, what one enters into the keyboard, etc. that the state can exploit. (And also Signal is based in the US where they are vulnerable to NSLs.)

This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.
2 comments
JimDabell 1987 days ago
> How sympathetic are the Signal developers to the concerns of dissidents, really?

There’s a known problem where the majority of Chinese Android users use a third-party IME to enter text. This is vulnerable to eavesdropping and easy for Signal to detect and warn the user about. Chinese people have been asking them to do this for over a year, telling them that they know of people who have been detained by the government after using Signal, thinking it was secure. Signal have constantly ignored and dodged this. Just lately, their attitude seems to be that somebody needs to prove it is being actively exploited before they will look into it.

Until I saw their behaviour on this, I was recommending Signal to people. Now I can’t help but feel it’s security cosplay. They pride themselves on strong encryption, but won’t lift a finger when people unwittingly use Signal in an insecure context and are being extraordinarily evasive about it.

More info: https://community.signalusers.org/t/signal-should-warn-users...

link
antihero 1986 days ago
I mean, technically it is not their responsibility to make sure everything surrounding the app is also secure. Someone could also be watching users over their backs, their device could be rootkitted. Where do you draw the line? I think it would be better to put resources into developing an open-source, non-compromised IME but that is out of scope.
link
bgentry 1987 days ago
They've actually said publicly that they're working on making it possible to use Signal without a phone number, via usernames. Here's a recent hint at that: https://twitter.com/signalapp/status/1347248608660185089
link
Mediterraneo10 1987 days ago
Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
link
bgentry 1987 days ago
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).

I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.

NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.

Let's acknowledge and appreciate progress where it is being made.

link
Krasnol 1987 days ago
It did not "take years".

They haven't seriously considered that for long. I don't think it's even been a year when they announced this switch for the first time.

Please don't spread this kind of false information. Signal gets enough of that already.

link
Mediterraneo10 1987 days ago
It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.

[0] https://github.com/signalapp/Signal-Android/issues/1085

link
Krasnol 1987 days ago
> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.

You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...

link
Mediterraneo10 1987 days ago
Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.

You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.

link