I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Signal is a messenger service. You can expire messages after a certain amount of time.
They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.
I get that Signal is a messaging system (not sure if “messenger service” has a specific meaning). What I don’t understand is why I’d want to use it instead of any of the million others that are out there. I’ve never used Signal and don’t have the slightest clue about how it operates, but apparently it tries to mess with the contact list on your phone? That sounds bad. I use Nextcloud Chat sometimes and its web design is ugly, but it works ok and you can self-host it fairly easily. It doesn’t do anything with your phone contacts. Jami is distributed but (maybe unrelated) I often have trouble getting it to work at all.
It doesn’t “mess with your contacts”. You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.
It’s robustly encrypted and quantum secure, without metadata leaks like the sender of a message.
It’s recommended by Edward Snowden.
If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.
Do you mean the client side is open source? What about the server? If you’re required to use Signal’s server, how do you know it’s not disclosing metadata? If you can self-host it, why the phone number?
The idea is you don’t need to trust the server
Messages sent don’t contain a readable sender field
Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control
You trust the server if you don’t verify fingerprints. Signal makes that too difficult.
Sealed sender is a theater that you can enable but still have to trust Intel, aws and the signal server.
The wikipedia article looks informative and I will read through it: https://en.wikipedia.org/wiki/Signal_(software)
Is spam a serious problem on other messaging systems?
I have received maybe 3 spam messages in many years of use
Spam is a huge problem on other messaging apps I have tried
CONTACTS ARE UPLOADED
Robust encryption isn’t useful if you don’t verify the fingerprint and signal makes that not intuitively.
SIGNAL CLIENT HAS UNFREE SOFTWARE INCLUDED
Contacts are never uploaded
Hashes of some numbers are if you enable contact discovery
Verifying keys is easy, what are you talking about?