- MobileCoin rollout was pretty poorly done and communicated, regardless of the team’s intent. Withholding server source for a year to conceal MobileCoin development really didn’t attract any goodwill, either.
- Phone numbers being required is a bummer. I know that there’s work being done to remove this requirement, and I know that there are valid UX reasons to require phone numbers, but still not desirable for a secure messenger.
- The lack of federation is a valid critique. Moxie has defended this position at length in writing, but I found Matrix’s rebuttal (also a good read) more convincing.
Things I wish were substantiated more strongly:
> The reason the US government hasn't tried to block or hinder Signal, is because it's satisfied with the amount of information Signal can provide to it.
I found this unconvincing; this is a pretty big leap to make without more evidence. (Good counterexamples are all of the Signal alternatives mentioned in TFA.) I also don’t think it’s accurate to say the USG hasn’t tried to block or hinder Signal or E2EE messaging in general.
This reasoning would also disqualify Tor, which the author cites as a technology used in one of the Signal alternatives.
> Signals database [has] Message senders and recipients (via phone number identifiers)
Doesn’t Sealed Sender mean this isn’t the case? To their credit, the author mentions this a couple paragraphs after. I didn’t find that analysis consistent.
It would have been more persuasive to directly address Signal’s blog posts on collected data released in subpoenas (https://signal.org/bigbrother/central-california-grand-jury/ - maybe I missed it) and the zero-trust model of the protocol itself. Reflections on trusting trust, and all that.
I believe it's far more likely that the US government does like signal is the same reason as Tor. It's not about data collection (though technically possible it requires essentially destroying the trust in the service to achieve), it's about providing a tool useful for foreign dissidents and regime change that aligns to US interests.
Signal and Tor are statecraft and espionage tools not surveillance honeypots (though they both could become the latter through extreme means). This value far outweighs the ability to gather even more data when everyone is already surrendering huge amounts anyway.
- MobileCoin rollout was pretty poorly done and communicated, regardless of the team’s intent. Withholding server source for a year to conceal MobileCoin development really didn’t attract any goodwill, either.
- Phone numbers being required is a bummer. I know that there’s work being done to remove this requirement, and I know that there are valid UX reasons to require phone numbers, but still not desirable for a secure messenger.
- The lack of federation is a valid critique. Moxie has defended this position at length in writing, but I found Matrix’s rebuttal (also a good read) more convincing.
Things I wish were substantiated more strongly:
> The reason the US government hasn't tried to block or hinder Signal, is because it's satisfied with the amount of information Signal can provide to it.
I found this unconvincing; this is a pretty big leap to make without more evidence. (Good counterexamples are all of the Signal alternatives mentioned in TFA.) I also don’t think it’s accurate to say the USG hasn’t tried to block or hinder Signal or E2EE messaging in general.
This reasoning would also disqualify Tor, which the author cites as a technology used in one of the Signal alternatives.
> Signals database [has] Message senders and recipients (via phone number identifiers)
Doesn’t Sealed Sender mean this isn’t the case? To their credit, the author mentions this a couple paragraphs after. I didn’t find that analysis consistent.
It would have been more persuasive to directly address Signal’s blog posts on collected data released in subpoenas (https://signal.org/bigbrother/central-california-grand-jury/ - maybe I missed it) and the zero-trust model of the protocol itself. Reflections on trusting trust, and all that.
And more, but this is most of it.