Ok, Linphone-to-Linphone end-to-end encrypted (ZRTP) calls work just fine even across different providers (SIP2SIP and OpenSips, in my case), different networks (Starlink and my carrier's LTE) and different devices (Android and desktop Linux). One of them was connected via TLS, another one via plain TCP. The call still was end-to-end encrypted. So remind me again please, why do you need Signal, WhatsApp, Telegram and other number thieves?
Discussion
I think the problem is convincing the everyday people around us to use them. It has to be somewhat "modern", with newish features, and have no or little friction to appeal to most of them.
I'm still surprised that I was able to convince my family and friends to switch to Signal over time. Kind of a miracle that they have stuck to it for years. It's 100x better than normal sms texts and cell calls so I'll take what I can get. I didn't use my real number to register for Signal either.
For those that have it available for me to use (like internet anons and our little community) I prefer XMPP OMEMO, SimpleX, etc and I'll use them where I can
Linphone is integrating quantum-resistant algos into their ZRTP implementation (for now it would be in case of Linphone-to-Linphone calls, of course). How more modern can it be at the moment?
That's point number one. Point number two: SIP (and XMPP, for that matter) addresses look just like email addresses, sans the sip: part. Everyone has an email. Is it any harder than a phone number for normies to remember or what? I'd understand some people can dislike Tox for having long IDs, but this? Come on.
I guess they just want the Big Brother to choose for them. That's the main problem.
Hey, you are preaching to the choir. I feel the same way
Thanks. Where did you get the numbers to register on Signal, by the way?
I don't remember which one I used specifically (it was a long time ago), but there are websites out there you can pay for sms verification using Monero like SMSPool, JuicySMS, TextVerified, etc. It's like $1
I just use a burner email or temp email for the sign-ups. Then once you you get your Signal account just "Register Lock" it in the settings so no one else can register that phone number again.
Here's what the official website says:
> To use the Signal desktop app, Signal must first be installed on your phone.
What if I don't have a phone (in fact, pocket PC) where Signal can be installed? Like, at all. I'm a keypad maxi.
Of course I do have some Androids as well, but what if I don't?
Why do they make this so fucking complicated for those who really are freedom-first? Even Telegram doesn't care where you're registering from.
Yes, that is annoying and I understand the complaints.
But Signals draw is for everyday people that want easy accessible privacy. We aren't the target audience. Most people have phones. Signal is available on iOS too not just Android.
The phone number requirement is for simple spam deterrence and convenient contact discovery for users. Signal can't see phone numbers or contacts because everything is hashed client-side on your device before it goes to their servers.
But like I showed above it's fairly easy to get around using your real phone number and register in an anonymous way. And because of sealed sender Signal can't see your social graph. You can also use forked Molly client for even more security and privacy.
Signal is open source and reproducible so you can verify what the code is doing yourself:
https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds
https://www.signal.org/blog/sealed-sender/
Spam deterrence? There is a lot of Signal-targeted spam these days, specifically through the leaked number databases. It has almost reached the WhatsApp/Viber level of scale where I live. Convenience and security rarely go hand in hand.
If someone uses iOS, what kind of privacy are we talking about, regardless of what's being offered on the application level? It's like typing in the most secure password manager on a keyboard with a hardware keylogger embedded into it. Those who use iOS look like someone who deliberately wants to get pwned, and if one really is privacy-serious, any apple (as well as m$ and google and xiaomi/huawei/etc) products are the first things to get rid of unless you can install a fully custom FOSS system on them. If possible, I'd advise to get rid of anything with non-removable batteries either (unless you can Faraday-cage those things when necessary), but, alas, as of now I can't follow this recommendation myself.
Don't get me wrong, I salute any privacy-improving effort, but a service running on top of the the stock irreplaceable vendor's spyware and collecting phone numbers (which are sometimes totally KYC in some countries, luckily not in mine... yet) upon registration hardly looks like any improvement. And to those who don't know the real deal (and don't buy temporary SMS verification specifically for this purpose), such services can give a false sense of privacy and an illusion of safety. Because you know, there are some places where you can get arrested just for using encrypted calls. With exposed numbers, it is too easy to confirm that you are you (even if they are not KYC but used for PSTN calls or other signups). So, even to noobs, I'd recommend Linphone or SimpleX instead.
You're right. I should have added "ostensible" or "supposed" spam deterrence. I think the new username feature will make that better. Curiously, I've never experienced spam on Signal.
Yea, I agree with you about the iOS thing, but that's more of an iOS problem. I don't trust or use iOS. I was just saying that Signal is available outside of Android.
Hell yea, SimpleX is my go to