[dcow]

And yet, there is no PGP replacement in existence despite it having died a thousand deaths and having promised replacements for decades.

> So surely then there has to be some technical limitation because what other legitimate reason is there?

It's like people aren't reading the whole thread and just responding to specific comments they don't like. The premise of Signal, or at least what's made it practically useable, is that the short identifiers are immediately available and verifiable on a mobile device. When I first reach out to someone on Signal I know the person I'm reaching out to is the owner of the identifier I used unless their phone carrier is actively compromised when I exchange the first message. To Signal's users, this is an acceptable compromise. On top of that, I don't need to do a key exchange dance every time I want to talk to a new person because I have a contacts list of their phone numbers, which Signal has verified and bound to their keys.

Signal is really pretty simple: trade key exchange parties for the phone numbers already acquired though countless years of past parties and have locally grown crypto sans intrusive cloud services. And, do it explicitly not-for-profit so there's no possible motivation to abuse this contract with users in service of shareholders.

Obviously Signal could implement whatever random people felt the need for at any given moment. But they don't and it doesn't seem like whining about it is changing anything. If you don't like that then go use one of the many alternatives or build a replacement. I'm honestly surprised nobody's built one at this point. Literally spin up a signal server, make a build of their mobile app, and let users paste in pubkeys instead of phone numbers when starting a message. See how many people use your product. Or just change the phone number db to a shortname db and remove the verification step.

Yes, these conversations are exhausting. What's even more exhausting is the perpetual outrage from "hardcore" "security" "nuts" and absurd anons driveling on about why all the practical solutions that work for users are nonsense and how they could be made "better" but who balk at actually building the solution they think the world deserves. It's a tale as old as time in the security community, sadly.

It's funny, Moxie actually did something about it and it still isn't good enough. Signal is probably the closest thing to a PGP+email replacement we've ever had. What more do people want?

[petestream]

None of these are a reason to not to also have a different number that you can publish publicly without giving someone your phone number. You can have your phone number for everyone in your phone book and a one way derived or random number for everyone else.

> When I first reach out to someone on Signal I know the person I'm reaching out to is the owner of the identifier I used unless their phone carrier is actively compromised when I exchange the first message.

Compromising is in this case rather common in sim swapping and spoofing (you can barely even call it spoofing). Phone numbers are not useful as some sort of continued point of trust. And I doubt Signal uses it like that under the hood.

> What more do people want?

Before you complain about other people maybe you should give other people the courtesy of reading what they wrote first. I have already said what I want, a public id I can publish on for example GitHub without the implications of publishing a phone number. Implications which anyone with a relevant opinion should already understand.

[dcow]

I think you're being hyperbolic about how weak phone numbers are. Yes, you can get sim swapped. But you pretty much know immediately since your phone stops working. We've never even heard of an attack where someone was swapped for days, weeks, or months and didn't know about it. It's an active attack and while it's possible and yes future messages with Signal users are vulnerable while it's happening, it's not a persistent threat. And your contacts will see your safety numbers change and reach out and make sure you're really you. That leaves a problem of somebody reaching out for the first time to contact you while you're actively being simjacked as the only real damage.

But, none of this even matters if you turn on registration lock. Sim swapping attack thwarted.

I've read your request worded in different ways many times and what people keep doing is pointing a finger at phone numbers, yelling "they're insecure", and then pointing at usernames and saying "look, it can be better". Nobody has actually argued how it could be better, just that phones suck. I don't find that a compelling argument, sorry.

Usernames/email are no less susceptible to whatever service you use to register them getting jacked. There is literally zero security difference and emails are easier to spam. Usernames just don't have KYC baggage that phones do in the US. But honestly as Signal has shown time and time again, all that law enforcement can get from Signal is that a given phone number registered with Signal. Because they have impeccable application layer crypto which is what actually matters.

Okay so what if Signal uses a username/password DB and doesn't allow email reset. That removes the 3rd party from the equation and now Signal takes the burden of being the central authority for usernames. And, while possible, it entirely inverts the whole premise of Signal in the first place.

Good news for you, that's not just my argument, it's actually happening. Signal is trying to add support for usernames by forcing everyone to add a pin. It's not clear at all that this pin is now the password to a signal account that is used to sync your contacts data and profile. That's not a problem in and of itself because it's all theoretically good crypto. The problem is that it isn't good crypto. It's a 4 digit pin for the majority of users. Signal knows this is in a bind trying to slip things in that they know would piss off half their users because it's shit security just in order to make usernames possible. And they're getting called out for it.

aside: It's not passwords per-say that are bad (even though they are because people and UX). It's that Signal is telling everyone "hey add this quick pin" and people don't realize that's actually a password for your whole account and that the whole model is changing underneath them. If you know and set a strong passpin, you're fine.

Anyway, the catcher is this: instead of having to deal with what it means to have passwords and get users up to speed, they developed some technically really cool but batshit insane system to throttle pin attempts so that the burden of trust gets moved from your carrier to Intel and they can wash their hands of how insanely bad a 4 digit pin is in terms of entropy. So you want usernames because you don't trust your carrier? Did you know that would come at the cost of trusting Intel instead? They don't really have a great track record recently...

My entire point is not that people are stupid for asking for usernames or something. It's that they don't come "for free" as everyone seems to think. If you want traditional username/password, then the world changes so that Signal becomes a cloud service you must trust to maintain a new global contacts book of usernames just for use on Signal. Signal didn't like that and that's definitely a problem for all the people who use Signal because they don't have their fingers in that cookie jar. So they punted and are moving the trust point to Intel.

They've been working on this for years.