| “If you are fine with giving away your number you can just use WhatsApp or Telegram.” Those projects do not have the same high standards as Signal has. Especially not Telegram. I use Whatsapp for convenience/social reasons, but I definitely prefer Signal for the additional security. Telegram I don’t use at all. I don’t believe it’s reasonable to throw out the baby with bath water, just because Signal requires a phone number for registration. Protection from “any actor” would of course be nice – but do you really believe that threat model is reasonable? Would using Session, Matrix or OMEMO protect against any actor whatsoever? If we want to base our discussion in reality, I do believe we need to talk about threat models in more detail than “I want protection from any threat actor”. Let’s take an example: If I send a message to a friend I don’t want any script kiddies, ISP, cloud provider or advertising agency to be able to read it. I don’t want any passive eavesdropper to be able to read it e.g. by slurping up all traffic from my nearest IXP (i.e. dragnet surveillance). However, if Five Eyes/Mossad/MUST/FSB really wanted some intel on me, they would probably be able to retrieve it if they were willing to spend some resources. But probably not by decrypting my Signal messages. There would be other, far cheaper ways to retreive the info. |
Also as I understand you have to give your number to your contacts to be able to chat with them. For comparison, Telegram allows adding contacts without sharing a phone number. So in Signal all contacts know your real identity and your location.