Signal commit Username Integration Test(github.com) |
Signal commit Username Integration Test(github.com) |
IE, if somone intercepts the SMS code, even with reglock, you can forcibly de-register somone. This means if you use loose access to your phone number, you can easily loose access to your signal account.
https://github.com/signalapp/Signal-Android/issues/12595#iss...
They justify this by saying "The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life", but its way to easy for activists and dissidents to lose ownership (temperately or permanently) of phone numbers for the phone number system to be the backbone identity system for a secure messaging platform
There are many useful non-social network features that they can implement and test that would greatly improve its usefulness as secure p2p communication platform.
And a formatting feature with (seemingly? would love to be wrong there) no syntax to use it without clicking/taping everywhere which makes it useless for me (and frustrating because with a syntax (say, markdown like?) I would love it).
You can argue its not social media, but I think the stories feature definitely puts it on the social media spectrum to some degree.
If it walks like a duck.
The friction is slight for users, but higher for scammers that might go through thousands of accounts. Telegram is too easy to sign up, so it's mostly scams.
Many, Many reporters put their signal number in twitter bio seeking tips. Many activists (including me) use signal group chats to organize volenteers and staff, and publicly share room links. In other words, we have to either share our number publicly or buy a burner phone number if we want people to interact with us on signal.
Telegram has always been more social and more for communities or groups of potential strangers.
The fact that people complain about Signal doxing you is in some ways a good sign, because it suggests Signal has become so popular and trusted that strangers want to use it to communicate privately.
Signal helped pave the way for mainstream society to use communication tools that respect them without being a hacker or messing with a terminal.
Also the original purpose of signal was secure sms, so using phone numbers make perfect sense.
https://signal.org/blog/private-contact-discovery/
Of course, they have the ability to push a new client that hoovers up whatever they want, especially with their time-bomb policy of preventing old clients from sending messages until they're updated. But I was impressed by the lengths that they go to to build this privacy-preserving contact discovery service. I was especially interested to see their use of remote attestation "for good" and to preserve privacy and freedom, rather than systems like DRM and WEI that seek to compromise those.
Phone numbers are a quite ridiculously small problem compared to that.
It's like saying no one uses Facebook or Google anymore. That's true for certain bubbles, and it's hard to know when you're in one, but, say least for those two, it's not too hard to look outside your bubble.
Now the cryptocurrency integration, that one I do wonder about. (Since my friend group doesn't use it and I'm extrapolating :) ).
Your comment makes me curious: I do really wonder how this feature is used. Signal announced it was really something users were looking for. I wonder if it was a weak attempt at convincing the Instagram crowd or if it is really popular with some population.
In the end, I’m still angry that they removed SMS support. That was really useful to have only one messaging app on my phone.
Calm down there buddy, I just asked a question.
edit: I think I misunderstood you. Yes, it is the case that everyone in the chat has access to everyone else's ID, however in my use-cases group members have already been vetted before joining the group, I don't participate in publicly accessible Signal chats or use it to communicate with true strangers.
I was hoping this would be the case. It's the problem with telegram too, you can show a username but you must still have a phone number.
Matrix does this really well though. So I use that a lot. Unfortunately not many people do.
It has some disadvantages though, depending on how you use it. Your ID is a 66 character long hexadecimal hash instead of a classic username. Another disadvantage I've found is the paltry 10 MB attachment limit - trying to share a short video clip I made on my phone required several re-encodes to dip below the limit. Even some still photos will hit that limit, depending on complexity. So not very good for sharing media, but great for texting, in my experience.
Me too, I wonder if it's a technical difficulty/limitation or just a business decision.
Whatcha selling :)
To coordinate my own anonymous commodity transactions I just use gpg to encrypt a .txt which can be delivered in all sorts of anonymous ways. I can't say that I transact anonymously too frequently though, so the additional friction with this method isn't especially onerous.
Then ask yourself if they should have a sellers real phone number.
Even Whatsapp is better than this.
And what is that phone number fetish? It's not like it is some magic identifier. There are bots out there testing every number out there and sending you SNS spam. Your phone number is worthless.
As far as I remember, you can still find people on Telegram by searching for phone numbers. Isn't there even an automatic discovery feature?
The Telegram salt around those announcements seems like the final cry of Telegram fans to me because after that, there is absolutely nothing which would even remotely paint Telegram as a safe or secure messenger. Especially because everybody know why you are on Telegram. It's a different use case. I talk on Signal to people I know personally. They already have my number. People I know go on Telegram for porn and piracy over here. They still have Whatsapp or Signal to talk to their friends and family. They actually are ashamed that they have Telegram because everybody here know why they have it ;)
> elegram knows your number and your messages but it is unlikely that they will give them out
How do you know that? Do you know the people personally or where is your knowledge coming from because if you don't know them, you are just another user who gave out all of their chat contents AND the phone number to "some people somewhere". Nothing else. You have no guarantee for anything, and you should already know that they do act upon requests from governments. Google it.
I just use it to follow events at clubs in interested in. There's a bit of an overlap with Instagram but I find the telegram experience nicer. Less ads, no stupid 'reels' forced upon me.
This is why I don't begrudge sending telemetry for how I'm using software. As a developer myself, I really want to know if the code I'm writing is at all appreciated or if I'm just coding into the void, so I'm happy to send stats on how some one else's software is getting used.
Here it's WhatsApp for 1:1 and small groups, and telegram for big public groups because WhatsApp sucks for those. I (and most of my friends!) even use WhatsApp for making calls these days. The only time I make a legacy phone call is to call a business that doesn't have WhatsApp. 95% of the calls I receive are spam harrassment so I ignore calls unless I know the number.
But Telegram is quite common for normal use to follow clubs, to follow tattoo artists, to get notifications of stock of Nvidia cards, for cybersecurity information, for our makerspace.. We really use it a shitload.
I don't use telegram for porn or piracy at all. Nor do I know anyone that does. Even though I do those things a lot, but I have much better places for it.
But perhaps in the US it's used very differently? I don't know. Here it's really quite mainstream.
Then share the link publicly. Signal Public Groups.
Who does this?
How is the spread of this compared to Telegram groups?
Why do you keep on pushing for the wrong use case?