Hacker News new | past | comments | ask | show | jobs | submit login

Why does it need your phone number? Seems pretty weird for a “secure” program. And why does it use AWS? Isn’t that subject to all kinds of privacy risks including National Security Letters?

Why isn’t Signal just a Free and open source, infrastructure-less p2p solution? Maybe the goal isn’t really security or privacy after all...




> Why does it need your phone number?

Great question! It's a good way to make it easy for general-purpose users with limited technical expertise to adopt, use, and find one another.

> Seems pretty weird for a “secure” program.

You're right! It's definitely weird, but it's also understandable as a tradeoff in favor of less technically adept users. It's not one I'm in love with, but I think it makes sense.

> And why does it use AWS? Isn’t that subject to all kinds of privacy risks including National Security Letters?

The risk from NSLs depends a lot on what is hosted. If it's opaquely encrypted blobs, there's minimal risk. And where could things be hosted that wouldn't be subject to privacy risks from a government of some sort?

> Why isn’t Signal just a Free and open source, infrastructure-less p2p solution?

That's such a good idea that Signal is already a Free and open source solution!

That said, nothing is ever actually infrastructure-less, just like no data store is actually schema-less. There's just explicit infrastructure and implicit infrastructure. Implicit p2p infrastructure is not immune to governments or NSLs, and is often subject to more by virtue of being in more countries.


[flagged]


Discoverability, familiarity, and usability are good reasons that many find convincing. I understand that some people might disagree.

Personal insults aren't called for. Please stop.


[flagged]


The major group Signal wants to market to is normal people, and they've stated repeatedly that they optimize for that over maximum security with what they consider worse usability.

And even though I disagree with the focus on phone numbers and wish they'd prioritized a model that makes them optional, I do understand the network effect argument for including it. Kind of annoying that the alternatives that do it better have a hard time, but I also have to admit that it proves Moxies point to a degree.


Normal people have no issues creating user handles on Reddit and Discord and Twitter. Again, the only reason to require a phone number is because Rosenfeld wants it.


No, because using phone numbers gives you contact discovery through the phone book "for free" (with further privacy implications Signal has discussed at length). And an entire argument around it providing a social graph independent of service infrastructure that is important for some aspects of user freedom - again something that has been discussed publicly at length, both from Moxie and from other players in the wider messenger ecosystem (many of which at least partially disagree and have made different tradeoffs - but generally acknowledge the tradeoff exists).


How many casual users have you personally convinced to switch to some E2E-encrypted messaging app?


What is stopping someone from running signal on a dedicated burner if they're worried about it?

Different people have different threat models and I think asking for a phone number for the reasons posted above is acceptable for most people.


There really is no such thing as a dedicated burner. you don't even need NSA level threat vectors for most phone sim purchases in western countries to exfiltrate tons of user data.

Wifi is even worse, not better..


I think the best way to get a burner account is to use the free services to receive text messages online. These are enough to create an account, and you can then set a pin to prevent any takeover, assuming you synchronize your account every week.


Using phone numbers as identifiers for encrypted messages is the core feature of Signal. It was marketed from day one as a drop in SMS replacement. Initially it even used SMS as the transport for encrypted messages. It was literally called "TextSecure".

You can find any number of infrastructure-less p2p solutions. The number of users they have compared to Signal might be illuminating.


Quick answer: Find the right one to blame, please.

If you think that, just by making authorities know your phone number is registered on Signal is dangerous enough for you to be arrested, you should not use Signal.

Signal, like any other software, can not solve political, or dictatorship. Signal is a chat app, not a magical tool, even if it is helpful for those objectives. That's what we mean when we says "security is layered".

So, if your government have unlimited resources (that is to say, they can simply arrest and sentence you if they *think* you *may* using Signal, Telegram, Whatsapp, Tox chat, ..., without judicial review), then maybe Signal is not your biggest problem.


It seems like the phone number is used mainly for matching you up to your contacts, and secondarily used for a first level of authentication. Signal has always encouraged independent verification of folks' public keys for sensitive communication.

Whether or not AWS is risky, I don't think signal has any increased risk hosting their infrastructure on it vs. any other service. The whole point is that comms are end-to-end encrypted from handset to handset, and so any data in Amazon's hands is encrypted.


Seems like using a phone number as an account identifier is a huge risk to privacy. Has Rosenfeld admitted this? It’s just weird to require a phone number unless you’re talking about some big tech botnet like Facebook or Google.


The Rosenfeld stuff is weird, man.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: