So in the beginning of the presentation Moxie brings up some valid cases where it's good that centralized services can rapidly iterate and improve such as WhatsApp being able to roll out end-to-end encryption with a single update, while email is still not encrypted despite the tools existing to do so for years. Basically centralized services can roll out changes quickly and decentralized ones are more or less set in stone.
However, I feel that maybe he isn't considering the downsides of being able to change quickly. Sure WhatsApp was able to add end-to-end encryption with a single update, but they can just as easily remove encryption with another update. Additionally, while I will admit that it sucks that email is not encrypted, knowing how many people and businesses rely on email every day, it should be incredibly difficult to make changes to it. I don't want a single person or company to be able too suddenly decide to change how email works.
One area where I am sympathetic towards Moxie and Signal is requiring phone numbers (mentioned at the end in the Q&A). Personally, I don't see it as being all that big of a deal and it does bring several advantages with it:
* Users get to store/control their own social network in their phones address book
* Users can switch easily between WhatsApp/Signal/etc.
Although I agree that requiring phone numbers does reduce the privacy of Signal users, I think it is a worthwhile trade off for making the app usable by the public.
This idea of phone numbers being easy to use is baffling to me. Phone numbers come with so much red tape it's unbelievable.
I'm still paying for a phone service in a country where I previously lived (5 years after leaving) because I can't move all the stuff that's linked to that phone number. I even had to send them a government issued photo ID recently so I could keep the number.
And to use the number without switching SIM cards I have a separate phone that I'm booting up just for that purpose. I actually bought a third phone to manage all my SIM cards. This time I was smart. I bought an Android phone with dual SIM slots in spite of being an iPhone user.
After listening to Moxie's talk, I realise that many of his arguments sound entirely plausible from a US centric point of view but make far less sense if you live elsewhere.
Building on top of phone numbers also assumes that end-to-end encrypted messaging will always be permitted in the mobile app stores. It's a reasonable assumption as far as the US app stores are concerned. I wouldn't bet on it here in the UK though, and even less so in many other countries.
Phone numbers are useful for exactly the reasons you find them frustrating: stability -- as you said, everyone and everything you associate with can and will store and contact you via your phone number indefinitely -- and portability -- everyone accepts and understands phone numbers, modulo international dialing.
Sure, something could and maybe should replace phone numbers, as the system is definitely messy wrt international dialing and countries changing numbering plans.. But the thing that replaces phone numbers in their usefulness will bring the same frustrations you express.
Email has mostly the same characteristics, especially for non-computer-people. My parents were paying $10/mo for dialup up to ten years after switching to DSL and Gmail, just to keep their old email address. I bring that up not to point out the extortion -- email could theoretically have had address providers decoupled from hosting provider through DNS, if it had been made user-friendly -- but to point out the value in the stable identifier. I know this is an anecdote, but the story of AOL email is similar, that 2.5 million people [1] were still paying $20/mo for their dialup and bundled email when "some of whom" (sorry there's no better information on this) had since switched to a different ISP, but kept paying AOL to keep the email.
> I even had to send them a government issued photo ID recently so I could keep the number.
Governments will always want to link users to their stable identifiers. It's in their policing interest, for better or worse. Switching away from phone numbers will just shift the problem.
>Phone numbers are useful for exactly the reasons you find them frustrating: stability -- as you said, everyone and everything you associate with can and will store and contact you via your phone number indefinitely
No, not at all. Most of my contacts don't have my current actively used phone number or the old one I'm forced to keep. I have a whole box full of SIM cards I once used for one reason or other. Most of them no longer work (I think).
It's the same thing in the other direction. I have tons of phone numbers of some people and I have absolutely no idea which ones actually work.
You're right that email is the same mess, at least for people who don't have their own domain (which is most people).
But Signal is a centralised service. So why not use usernames?
The reason is not stability, because phone numbers can hardly be more stable on Signal than Signal's own usernames.
I believe the reason is that Signal was hoping to get faster traction by showing people who else in their phone book has Signal installed.
I find that creepy to say the least. And it's a very bad reason force the whole usability disaster that is phone numbers, SIM cards and phone companies onto all Signal users.
Why not use something like an email address instead of a phone number though. A phone number can be used to track you in the real world, it’s worse than having someone’s IP in some cases.
In fact some countries (Russia, at least) require you to give over Government issued ID when you get a new phone number. So it’s directly tied to your real persona, this is not just one country doing that either. I believe it is also a requirement in the UK now too. (They’re combating “burner” phones)
Because of contact discovery and migration. The success of those apps is directly related to the fact you can instantly see all your contacts with it when it first start. Email wouldn't have the same effect because poeple don't have them saved in the contact list.
I think university should have a mandatory course where IT student go and interact with real users and have a budget to manage according to the success of their exhange. It would make those questions much less likely.
Not sure I agree. Although I’m not 100% certain of all smartphone implementations. But I definitely have emails for everyone in my addressbook/contacts list.
It’s the only thing that exists which can be anonymised properly and is static through many centralised providers.
Otherwise it’s back to usernames and the bazaar that is: does this person /actually/ have their names on telegram/skype/whatever
I don't think this is true at all, maybe you are in a USA bubble? People in other parts of the world do not seem have a problem adding each other on LINE or Facebook for example without using a phone number at all. Meanwhile one friend of mine has lived in France, the UK and Germany in the last few years and I have no idea what his current phone number(s) are or what country they are from. Many acquaintances who I have not spoken to for some time have most likely moved abroad at some point and I doubt any of the phone numbers I have for them are still correct.
In my experience, for reasons like this, people do not generally bother swapping phone numbers any more.
Meanwhile, in Southeast Asia recently, I was unable to sign up for Discord because they required verification with a phone number. My local phone number was rejected because it was prepay, not a contract. I wonder how many people in that part of the world have a phone contract? Does Signal also enforce that requirement? Should access to secure comminications really be linked to one's credit history in that way?
> "Although I agree that requiring phone numbers does reduce the privacy of Signal users, I think it is a worthwhile trade off for making the app usable by the public."
My phone service is data-only. Requiring I have a legacy communication service like a phone number makes the service unusable by me and I'm sure I'm not the only one.
There is no good reason to require a phone number when you realise the downsides of it. Since everyone has an email anyway I dont see how requiring a phone number is an advantage. You can lose access to a phone but losing access to an email that is available across devices is a lot more difficult.
However, I feel that maybe he isn't considering the downsides of being able to change quickly. Sure WhatsApp was able to add end-to-end encryption with a single update, but they can just as easily remove encryption with another update. Additionally, while I will admit that it sucks that email is not encrypted, knowing how many people and businesses rely on email every day, it should be incredibly difficult to make changes to it. I don't want a single person or company to be able too suddenly decide to change how email works.
One area where I am sympathetic towards Moxie and Signal is requiring phone numbers (mentioned at the end in the Q&A). Personally, I don't see it as being all that big of a deal and it does bring several advantages with it:
* Users get to store/control their own social network in their phones address book
* Users can switch easily between WhatsApp/Signal/etc.
Although I agree that requiring phone numbers does reduce the privacy of Signal users, I think it is a worthwhile trade off for making the app usable by the public.
Also, it seems like usernames might be supported in the future: https://signal.org/blog/secure-value-recovery/