| > Why does it need your phone number? Great question! It's a good way to make it easy for general-purpose users with limited technical expertise to adopt, use, and find one another. > Seems pretty weird for a “secure” program. You're right! It's definitely weird, but it's also understandable as a tradeoff in favor of less technically adept users. It's not one I'm in love with, but I think it makes sense. > And why does it use AWS? Isn’t that subject to all kinds of privacy risks including National Security Letters? The risk from NSLs depends a lot on what is hosted. If it's opaquely encrypted blobs, there's minimal risk. And where could things be hosted that wouldn't be subject to privacy risks from a government of some sort? > Why isn’t Signal just a Free and open source, infrastructure-less p2p solution? That's such a good idea that Signal is already a Free and open source solution! That said, nothing is ever actually infrastructure-less, just like no data store is actually schema-less. There's just explicit infrastructure and implicit infrastructure. Implicit p2p infrastructure is not immune to governments or NSLs, and is often subject to more by virtue of being in more countries. |