How sympathetic are the Signal developers to the concerns of dissidents, really? Signal has had a policy of many years to require a phone number – buying a SIM card now requires providing government ID in so many countries – and only now have they promised progress on this front someday. They also recommend that users install through the Play Store, and they only grudgingly provide a standalone APK. Anyone with the Play Store installed presumably has the full Google software suite that leaks location data, what one enters into the keyboard, etc. that the state can exploit. (And also Signal is based in the US where they are vulnerable to NSLs.)
This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.
> How sympathetic are the Signal developers to the concerns of dissidents, really?
There’s a known problem where the majority of Chinese Android users use a third-party IME to enter text. This is vulnerable to eavesdropping and easy for Signal to detect and warn the user about. Chinese people have been asking them to do this for over a year, telling them that they know of people who have been detained by the government after using Signal, thinking it was secure. Signal have constantly ignored and dodged this. Just lately, their attitude seems to be that somebody needs to prove it is being actively exploited before they will look into it.
Until I saw their behaviour on this, I was recommending Signal to people. Now I can’t help but feel it’s security cosplay. They pride themselves on strong encryption, but won’t lift a finger when people unwittingly use Signal in an insecure context and are being extraordinarily evasive about it.
I mean, technically it is not their responsibility to make sure everything surrounding the app is also secure. Someone could also be watching users over their backs, their device could be rootkitted. Where do you draw the line? I think it would be better to put resources into developing an open-source, non-compromised IME but that is out of scope.
Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).
I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.
NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.
Let's acknowledge and appreciate progress where it is being made.
It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...
Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.
You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.
Exactly, they have made arguments for the usefulness of the phone number as an identifier. But to the best of my knowledge, they have never specifically acknowledged in a blog post the state’s linkage of phone numbers to individual identities in many countries today, and the risks that this poses to dissidents.
Moxie is one of the best security researchers in the business, he was definitely aware of this before anyone ever brought it up on GitHub. Was it really so hard for the Signal devs to acknowledge this downside on the blog?
This all makes me assume that Signal’s security is meant to shield phone owners against advertisers and ordinary criminals, not the state.