I really hope this eventually leads to a situation where an adversary cant forcibly de-link you from your signal account by taking control of your phone number or intercepting an sms.
Nope. "If Alice registers number X and enables reglock, but Bob later proves ownership of number X (by registering and completing the SMS code), then Alice will be unregistered."
IE, if somone intercepts the SMS code, even with reglock, you can forcibly de-register somone. This means if you use loose access to your phone number, you can easily loose access to your signal account.
They justify this by saying "The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life", but its way to easy for activists and dissidents to lose ownership (temperately or permanently) of phone numbers for the phone number system to be the backbone identity system for a secure messaging platform
Signal at the moment requires a phone number. People don't like that e.g. for privacy reasons. Signal said they'll eventually support usernames, this is a signal that there's progress.
Session [0] is an up and coming, open source E2EE messenger that doesn't rely on phone numbers (and doesn't require them). It also routes messages through Tor. It's fast and reliable, and I always get notifications on time.
It has some disadvantages though, depending on how you use it. Your ID is a 66 character long hexadecimal hash instead of a classic username. Another disadvantage I've found is the paltry 10 MB attachment limit - trying to share a short video clip I made on my phone required several re-encodes to dip below the limit. Even some still photos will hit that limit, depending on complexity. So not very good for sharing media, but great for texting, in my experience.
I love Signal, but somehow they seem to have stopped developing the product. The last useful feature was being able to change number.
But other than that, things like MobileCoin or Stories show that there is no product vision.
There are many useful non-social network features that they can implement and test that would greatly improve its usefulness as secure p2p communication platform.
That's also part of the issue here: we _are_ getting new [useless] features for the sake of new features lately: stickers, stories, crypto currency support are the main ones that come to mind atm.
And a formatting feature with (seemingly? would love to be wrong there) no syntax to use it without clicking/taping everywhere which makes it useless for me (and frustrating because with a syntax (say, markdown like?) I would love it).
Signal is finally copying what Telegram has implemented since long ago? Do people in the West simply do not care about hiding their number (judging by WhatsApp and Signal)?
The mobile number requirement was always a feature of signal.
The friction is slight for users, but higher for scammers that might go through thousands of accounts. Telegram is too easy to sign up, so it's mostly scams.
I meant that Telegram doesn't display user's phone number and doesn't require sharing a number to add person to contacts. But with WhatsApp and Signal you have to disclose your number in order to talk to someone.
Why are you comparing Signal to Telegram? Telegram keeps all of your conversations on their servers in plain text, not to mention any other metadata. Signal only keeps your registration time and last login time. Yes it uses your phone number to do this, but they don't have anything else. Not even your contact list or who sent a message, they just know a blob went somewhere.
Never really understood the privacy argument for hiding (or disconnecting) your phone number in a User-User "texting" type application. I suppose if Signal were linking my identity across a bunch of platforms I'd be worried, but their privacy policy is pretty aggressive so I'm not really worried about that. Indeed the additional friction for scammers is a benefit to me. Telegram is a morass of dodgy group chats and spam, Signal is miles better for the things I value in a messaging service (encrypted texting and group chatting with people I already know in the real world).
With WhatsApp or Signal, if you want to talk to a stranger (e.g. if selling something) you have to share your real number, while in Telegram you can share just a username.
To coordinate my own anonymous commodity transactions I just use gpg to encrypt a .txt which can be delivered in all sorts of anonymous ways. I can't say that I transact anonymously too frequently though, so the additional friction with this method isn't especially onerous.
But why not just use an email address or something for that case? I get how it would be ideal (and myself desire) to have one messaging tool which works in all cases, but it doesn't seem like a massive failure specifically of Signal to not work for this usage. Certainly not one large enough to warrant the torrent of comments I see any time Signal gets mentioned on HN
I regularly talk to Chinese vendors selling robot parts who want to talk over WhatsApp. This is ultimately fine for me but it’s an example of a scenario where I don’t really want to give anything more personal than necessary.
Sure that makes sense to me, however I will say that if I was a vendor selling stuff internationally I probably would want (and even require, depending on export controls) some level of de-anonymization on the buyer's part. Presumably at the very least you need to provide a shipping address to receive the goods, which is no less identifying or difficult to spoof than a phone number.
For a lot of people, signal is not simply a User-User "texting" type application, but much more akin to slack or discord or matrix.
Many, Many reporters put their signal number in twitter bio seeking tips. Many activists (including me) use signal group chats to organize volenteers and staff, and publicly share room links. In other words, we have to either share our number publicly or buy a burner phone number if we want people to interact with us on signal.
Makes sense, definitely if anonymity from conversation partners is desired then I can see how Signal's model falls short of your needs. I've also used Signal in the past for activist group chats, but in those cases my primary risk vector has been having messages read by someone outside of the group, people typically join those after being referred by someone they met face-to-face. I suppose there's always the risk of a wrecker slipping in, and having more layers of anonymity could reduce that downside risk. Hopefully this username approach is able to address your needs better! I really like the tool so would be stoked to see it cover additional use cases.
Presumably if they introduced usernames they would also allow you to hide your number in a chat?
edit: I think I misunderstood you. Yes, it is the case that everyone in the chat has access to everyone else's ID, however in my use-cases group members have already been vetted before joining the group, I don't participate in publicly accessible Signal chats or use it to communicate with true strangers.
Absolutely, not to mention if you ever switch numbers you have to change the signal information. For me, its fine for verification, but I want an identifier I ever have to change.
Signal started as an e2e replacement for SMS, so it chose phone numbers on purpose to solve the discoverability problem, under the assumption that people will be communicating with all the same people who already have their number.
Telegram has always been more social and more for communities or groups of potential strangers.
The fact that people complain about Signal doxing you is in some ways a good sign, because it suggests Signal has become so popular and trusted that strangers want to use it to communicate privately.
Signal helped pave the way for mainstream society to use communication tools that respect them without being a hacker or messing with a terminal.
Well, it's different kind of things, on tgram you have usernames but lack privacy bc usual chats most ppl use are not e2ee.
On signal you have nr as piblic info but all messages are e2ee. Also signal's backup& sync mechanism is very bad.
Closest app to tgram is Whatsapp, without encryption downside. Next is maybe Element based on matrix protocol with signal type encryption for groups
Signal has an interesting article describing how, while contact discovery allows users to populate an instant social graph, Signal's servers still do not have access to that information, even as they send "so-and-so is now on Signal!" notifications:
Of course, they have the ability to push a new client that hoovers up whatever they want, especially with their time-bomb policy of preventing old clients from sending messages until they're updated. But I was impressed by the lengths that they go to to build this privacy-preserving contact discovery service. I was especially interested to see their use of remote attestation "for good" and to preserve privacy and freedom, rather than systems like DRM and WEI that seek to compromise those.
I meant in Telegram you don't need to share your phone number with your contants or members of a public chat you've joined. While in WhatsApp or Signal your contacts know your number and can easily find out your identity and where you live if you write something they don't like.
Bringing up Telegram in this context makes it quite funny, since Telegram users seem not to care about the safety of the contents of their chats at all in this shady black box.
Phone numbers are a quite ridiculously small problem compared to that.
No. If you join a public chat in Telegram you don't have to share your phone number with other members so you don't have to be afraid that they will find you in real life. You can write anything you want. But with WhatsApp or Signal you have to share a phone number with everyone which means they can easily find who you are and where you live (this data is cheaply sold on black market).
Your group chats go into a black box unencrypted. You don't know what happens to it because it's not E2E. You also gave your phone number to this shady company who runs those servers which keep everything you wrote.
Even Whatsapp is better than this.
And what is that phone number fetish? It's not like it is some magic identifier. There are bots out there testing every number out there and sending you SNS spam. Your phone number is worthless.
As far as I remember, you can still find people on Telegram by searching for phone numbers. Isn't there even an automatic discovery feature?
The Telegram salt around those announcements seems like the final cry of Telegram fans to me because after that, there is absolutely nothing which would even remotely paint Telegram as a safe or secure messenger. Especially because everybody know why you are on Telegram. It's a different use case. I talk on Signal to people I know personally. They already have my number. People I know go on Telegram for porn and piracy over here. They still have Whatsapp or Signal to talk to their friends and family. They actually are ashamed that they have Telegram because everybody here know why they have it ;)
In WhatsApp or Signal your number is visible and anyone in a public group can know who you are and burn down your house if you write something they didn't like. Yes, Telegram knows your number and your messages but it is unlikely that they will give them out to random weirdo^W manly person with strong sense of injustice.
There are no "public groups" in Signal. Don't know about Whatsapp since I don't have it anymore. All of my groups consist of people I know. You still don't understand the use case.
> elegram knows your number and your messages but it is unlikely that they will give them out
How do you know that? Do you know the people personally or where is your knowledge coming from because if you don't know them, you are just another user who gave out all of their chat contents AND the phone number to "some people somewhere". Nothing else. You have no guarantee for anything, and you should already know that they do act upon requests from governments. Google it.
Telegram is not only used for porn and piracy. In fact there's much better places to get those things.
I just use it to follow events at clubs in interested in. There's a bit of an overlap with Instagram but I find the telegram experience nicer. Less ads, no stupid 'reels' forced upon me.
I use telegram mostly for chats to public groups that anyone can join anyway. So the end to end point is kinda moot. Same with IRC for example. This is why nobody complains about it not having that.
My friends on Signal do, but I have no idea how widespread it is across their whole userbase. It's not as in-your-face as Instagram, which is actually kind of nice, but like it's being said - signal is social media. you can choose to not use that feature but that's on you. To look at you and your friend group and extrapolate from there is not science, or data driven. the plural of anecdote is not data.
It's like saying no one uses Facebook or Google anymore. That's true for certain bubbles, and it's hard to know when you're in one, but, say least for those two,
it's not too hard to look outside your bubble.
Now the cryptocurrency integration, that one I do wonder about. (Since my friend group doesn't use it and I'm extrapolating :) ).
I disabled that feature as soon as it appeared (the less I use a messaging app, the best it is) and forgot about it.
Your comment makes me curious: I do really wonder how this feature is used. Signal announced it was really something users were looking for. I wonder if it was a weak attempt at convincing the Instagram crowd or if it is really popular with some population.
In the end, I’m still angry that they removed SMS support. That was really useful to have only one messaging app on my phone.