mirimir at riseup.net
Wed Jul 3 05:20:19 CEST 2019
On 07/02/2019 05:18 AM, Robert J. Hansen wrote:
>> Signal went the other way. Build a verifiably secure communications platform so easy that literally anyone can figure it out.
> I think this is a misunderstanding of Signal.
> Signal is, by its very nature, tightly tied to one specific
> communications platform -- that of the smartphone. It's not likely to
> break out of its home.
And not only that, it's tied to one of the least privacy-friendly
aspects of smartphones: the phone number.
| Signal uses your existing phone number.
| The number must be able to receive an SMS or phone call.
Sure, it's not necessarily the number of the phone that you're using
Signal on. But it's gotta be a number that you can use, and which others
can't use. So what do you do, to avoid geolocation?
You can't use one of those shared SMS services. So what, lease a SIM
from some SIM farm in wherever, and hope that they're honest?
There's also the issue of actually using Signal while preventing
geolocation. You can't just use Tor, which itself is nontrivial on
smartphones, because Signal needs UDP. So you're stuck with VPNs, where
you must trust providers.
It's frightening how popular Signal has become. Especially for people
whose lives are threatened by geolocation. If I were paranoid, I'd say
that it was a honeypot. But whatever. Something using Tor onion services
is probably the best option. Unless Tor is also a honeypot.
More information about the Gnupg-users