[TaylorAlexander]

Where we disagree is that I believe OWS should consider security advisories. This comes up multiple times if you read the whole thread linked in the top of this HN post (TFA). OWS wants to assume that users are normal people without much knowledge of opsec. They want the users to trust the engineers to guide them. Well, if everyone is saying “Signal is end to end encrypted and no one can read your chat” OWS might be able to help a lot of people by clarifying that while messages sent over the wire are encrypted, a compromised phone could still mean compromised conversations. This is painfully obvious to you or I, but regular people I speak to have no idea about things like this. Non technical folks I speak to still don’t understand the most basic opsec.

[angry_octet]

Telegram/WhatsApp/iMessage/FB Messenger all go pretty far down the 'this is secure messaging' path, with far less justification. (And for a Chinese iPhone iMessage is completely broken.) Far more people use the big platforms. Getting a significant user base for Signal is a big comparative win, even if the handset security it weak.

Should they be less minimalistic on their website? Probably yes. Would anyone read it? Geeks, yes. Maybe people who are worried. But I think it is a small win at a high cost.

Maybe it's possible to write a basic phone opsec guide and just stick it on medium or something. Rely on the magic of Google to help people find it. (Would Baidu index it? I wonder.)