Whilst not the same as mentioned in TFA, I noticed in Signal that if you allow it access to your contacts it will tell you how many of your contacts are already on Signal. I understand this is useful from a usability/discoverability aspect, but from a privacy perspective I have no reason to be made aware of the fact that one of my old bosses who's number is in my phone is on Signal and neither should they know that I am on Signal for the same reasons (or lack thereof).
What's worse is there seems to be no way to opt-out of this behavior. I can deny Signal access to my contacts, thereby not knowing which of my contacts are on Signal, but that doesn't stop the other party from knowing if I am on Signal if they have given Signal access to their contacts.
It's not farfetched to consider a world where an oppressive regime may outlaw the use of something like Signal, Telegram or even WhatsApp and they'd be able to easily determine if you're using such a service through passive techniques such as these.
As far as I know, Wickr is a bit more privacy focused, but it doesn't tick the open source box for me (although the supposed source code is published[1] for public review).
Signal has spoken [1] at length about the issues of private contact discovery, and the many [2] solutions they've employed to minimize the amount of information that gets leaked. There's this intractable problem of requiring a social graph for easy discovery and for trust, and Signal's found one of the better solutions (though I'm sure we'll discover better ones yet).
Signal could allow using it without a phone number, and let people themselves choose between anonimyty, social graph and trust. Why didn't they allow it? Because they don't want anonymous users I assume.
> from a privacy perspective I have no reason to be made aware of the fact that one of my old bosses who's number is in my phone is on Signal and neither should they know that I am on Signal for the same reasons (or lack thereof).
I agree that there are some contacts that I would rather not know that I was on Signal, but, unfortunately, this is an impossible problem to solve when the goal is to create an end-to-end encrypted messaging platform where your identifier is your phone number. The server has to know when a number is not a user so the app can fall back to sending unencrypted SMS (although why Signal falls back to SMS is a mystery to me) and it also has to carry the current public key for each user so that you can be sure that you're talking to who you think you're talking to.
Put another way, even if Signal didn't advertise that, "So-and-so is on Signal, say hey!" you could still theoretically determine whether or not a given number is on signal by sending a message to that number. If it fails, you know they aren't. And if it succeeds, well, then you know they are.
>this is an impossible problem to solve when the goal is to create an end-to-end encrypted messaging platform where your identifier is your phone number
Right, the use of phone number as identifier is flawed by design, and not secure
A big part of practical security is usability. It's hard enough getting most people to adopt Signal or other encrypted messaging services. If they couldn't "just send a message to a number" it would be that much more difficult. The tradeoff seems worth it in this case.
People seem fine adding each other on Facebook without using a phone number. When I add people on LINE messenger I use their ID not their phone number. When I meet a new person and exchange some contact details, it is rarely a phone number. I would also like to talk to some people who I do not want to know my phone number. I think this tradeoff was a mistake for Signal.
You are clearly not the target audience for Signal. There of course is a space for the type of app you're describing, but saying that the tradeoff that Signal has chosen was a mistake is to misunderstand the goal there.
Do you have evidence that this is happening? Otherwise, completely FUD.
The goal I was referring to is making it easy for regular folks to use end-to-end encryption. Any real measure of security needs to be practically usable by the intended audience, and the clear and consistent intended audience for Signal is regular folks who don't have a sophisticated threat model. If any other identity scheme were used, I'd guess the number of Signal users would be an order of magnitude smaller.
This is not to say that there aren't great reasons to have more elaborate secure messaging systems that address these questions, for anyone with a different security model.
Usability? Signal prevents backups on iOS and has no solution for someone changing a device (or even restoring a device from a backup) to carry over the conversations and retain chat history and group memberships. This is because it puts security above usability.
It’s also buggy in many other ways (e.g., sending safety number change messages when nothing has changed with the device or number; contacts sending messages and asking if it was received, etc.).
Signal is quite bad on usability compared to other apps.
You can just provide a choice, whether user wants to use a phone number and a real name, or just an anonymous login, not linked to anything. Why Signal doesn't want to do this? They don't want users to be anonymous, they want real names, addresses and GPS locations I assume.
I wouldn't say it's an impossible problem. It's fairly simple, in my mind.
If someone tries to send me a message on Signal it should go into purgatory. On my end, I should be able to see who is trying to send me the message (yes, including their phone number, given that is how Signal has decided to uniquely identify users) and I should be able to see what their public key is. Then I should be able to either accept that message, which would essentially make my presence on Signal known to the other party, or choose to first verify that the public key matches that of the other party via the existing "in-person" verification method.
Alternatively, I can leave the message in purgatory where a message from someone I don't trust belongs and eventually times out. Not only do I never see the contents of the message, but the sender of the message will also never know if I am on Signal.
> If it fails, you know they aren't. And if it succeeds, well, then you know they are.
This problem is solved in an interesting way by Keybase Chat, in which messages sent to non-existing accounts are "delivered", and can then be read if that account is created later on. It requires re-keying of the message by the sender, so it's not exactly a "fire and forget" solution, but it's pretty neat anyway.
This is like saying you want people to know you use PGP or encryption implying that those who use such tech have something to hide. I see no problem in anyone knowing that I use Signal. If anything it communicates that I'm serious about privacy and security.
> I noticed in Signal that if you allow it access to your contacts it will tell you how many of your contacts are already on Signal
I specifically did not let Signal access my contacts, but some of my contacts contact me on Signal.
Those people that did upload those contacts and being notified that I'm on Signal.
I don't like it.
Its moderately creepy when Google or Facebook do it, but when a service that is advertising itself as the antithesis to those and being privacy conscious I am really disappointed.
We are not really supposed to talk ill of the holy Signal here on HN, and we usually get severely trounced if we do. But of course you are absolutely right - this has been one gaping hole in Signal privacy since forever.
Another thing Signal likes to do is to broadcast the fact every time you shift it to a new device. I have seen enough changing round from a couple of correspondents to deduce a pattern in their hardware habits.
A third stunt it likes is to make it non-obvious what actually happens when you set up groups. One friend did, believing it to be just a personal way of organising contacts, thereby of course immediately exposing parts of his contact list to the rest of us and vice versa.
Also terrible user experience (like using heavily license restricted software). I no longer use the thing.
> Another thing Signal likes to do is to broadcast the fact every time you shift it to a new device. I have seen enough changing round from a couple of correspondents to deduce a pattern in their hardware habits.
This is a security feature to ensure you're talking to the same person. Phone numbers are terrifyingly easy to port to another account.
Yes, I know it's supposed to be a security feature. Not one that works weel, but perhaps it does somewhat enhance security. Alas, Signal forgets to mention that it does so at a cost to privacy.
It stops being a security feature when Signal keeps sending such messages when nothing has changed (and because Signal has bugs), prompting users to ignore these messages forever.
This feature leaks metadata.
It's just an implementation detail, I'm sure the devs are not happy about it and probably are researching other ways to provide cross-device experience.
> from a privacy perspective I have no reason to be made aware of the fact that one of my old bosses who's number is in my phone is on Signal and neither should they know that I am on Signal for the same reasons (or lack thereof).
Your goal is to set up little fun secret decoder ring groups each silo'd with a handful of people so you can pretend to be spies or whatever. For this goal it's important that each silo you set up doesn't know about the others. Signal just wants to end-to-end encrypt all the messages sent between all phones. These goals conflict, and, frankly I think your goal is stupid and should lose.
People use Signal in the first place because they want something more secure and privacy focused than the alternatives. It's not reasonable to mock them for having higher expectations of privacy and security than you do. Its the whole point of the product.
People who actually want "secure and privacy focused" text messages would want their messages to or from their boss to be "secure and privacy focused" too. Whereas people who just want to create yet another little clique don't want that. They'd rather most messages remained unencrypted, insecure, not privacy focused at all, so long as they can underscore how cool they are by creating an "in" group of people with secure messages.
The _whole point of the product_ - to repeat your phrase - is to secure _all_ the messages rather than repeat the mistake of tools like PGP that never get there.
The problem could be solved like this; you generate an UUID and your friend generates UUID. Then you both exchange the UUID. You should do it within an hour. When both UUIDs are entered into the opposite parties you become friends. Now your friend knows you as G435-… and your wife knows you as B64J-…. No one can add you as friend with these used UUIDs. This will solve the privacy problem, mostly.
Signal could allow both options: register with a phone number or with completely anonymous logins. I think they just don't want anonymous users, visits from FBI etc. Also, it is not very profitable to sell ads to anonymous users.
You have to have a secure channel to exchange phone numbers too. The code could be communicated simply using a QR code. Other messengers already work this way and it works well.
Using Google to deliver notifications to Android phones achieves Do Not Stand Out, an important property that it would be an "epic fail" not to offer.
If you insist, you can install a version of Signal that doesn't use this service, whereupon you will stand out, or more specifically your notifications will stand out from everything else.
What's worse is there seems to be no way to opt-out of this behavior. I can deny Signal access to my contacts, thereby not knowing which of my contacts are on Signal, but that doesn't stop the other party from knowing if I am on Signal if they have given Signal access to their contacts.
It's not farfetched to consider a world where an oppressive regime may outlaw the use of something like Signal, Telegram or even WhatsApp and they'd be able to easily determine if you're using such a service through passive techniques such as these.
As far as I know, Wickr is a bit more privacy focused, but it doesn't tick the open source box for me (although the supposed source code is published[1] for public review).
[1] https://github.com/WickrInc/wickr-crypto-c