Hacker News new | ask | show | jobs
by johnisgood 1966 days ago
And for the love of God, people should stop calling Signal secure as long as it is tied to a phone number. You cannot get a SIM card in my country without not having it tied to your ID card number, address, and so forth. You are not anonymous on Signal.
2 comments
mickotron 1966 days ago
They can tell that you got a phone number and use signal. Apart from when you first and last used signal (timestamp), as in sent messages, that's about all the info signal has on you, and can provide. That sounds pretty good. Even if it is tied to a physical identity. The fact that your content is sufficiently encrypted and cannot be tied to your identity, even by signal, means what you say is anonymized.
link
majewsky 1965 days ago
> people should stop calling Signal secure as long as it is tied to a phone number.

Like nearly everything, "secure" is a spectrum and not binary. On that spectrum, Signal is overwhelmingly more secure than most messenger apps people actually use.

link
johnisgood 1965 days ago
You are right, although as long as it is tied to me, it is not secure according to my definition, but sure, it is more secure than most instant messaging apps. I do not think it is a good thing to have my phone number, or even my e-mail tied to it when you can easily do it in another way. With e-mails the problem is that most have a thing against throwaway e-mails, and non-throwaway ones are difficult to sign up for using a VPN, let alone Tor, for example. It is still pretty much tied to you. There are so many ways to do it without using either of those. I suppose they may use those things as an anti-spam mechanism or something, but see below for an instant messaging app that does not require these and where DDoS attacks or spamming is not much of a concern. For the record, in Ricochet you got random IDs in the form of "ricochet:xxxxxxxxxxxxxxx". You share your Ricochet ID to be able to get a connection request.

To me, Ricochet is the most secure instant messaging app for desktop. It would be even better were it to use Onion v3, and if it were available on Android, but then again, I do not really consider my phone secure by default with all the Google crapware. I disabled the default Google keyboard and downloaded one that does not require Internet connection and that is not related to Google in any way. It is so silly that I cannot even delete any apps that came with my phone. So they say its storage capacity is 32 GB. Half of that is spent on crap that came with the phone, splendid. In any case, I am going off-topic here so... :)

link