Hey, you are preaching to the choir. I feel the same way
Discussion
Thanks. Where did you get the numbers to register on Signal, by the way?
I don't remember which one I used specifically (it was a long time ago), but there are websites out there you can pay for sms verification using Monero like SMSPool, JuicySMS, TextVerified, etc. It's like $1
I just use a burner email or temp email for the sign-ups. Then once you you get your Signal account just "Register Lock" it in the settings so no one else can register that phone number again.
Here's what the official website says:
> To use the Signal desktop app, Signal must first be installed on your phone.
What if I don't have a phone (in fact, pocket PC) where Signal can be installed? Like, at all. I'm a keypad maxi.
Of course I do have some Androids as well, but what if I don't?
Why do they make this so fucking complicated for those who really are freedom-first? Even Telegram doesn't care where you're registering from.
Yes, that is annoying and I understand the complaints.
But Signals draw is for everyday people that want easy accessible privacy. We aren't the target audience. Most people have phones. Signal is available on iOS too not just Android.
The phone number requirement is for simple spam deterrence and convenient contact discovery for users. Signal can't see phone numbers or contacts because everything is hashed client-side on your device before it goes to their servers.
But like I showed above it's fairly easy to get around using your real phone number and register in an anonymous way. And because of sealed sender Signal can't see your social graph. You can also use forked Molly client for even more security and privacy.
Signal is open source and reproducible so you can verify what the code is doing yourself:
https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds
https://www.signal.org/blog/sealed-sender/
Spam deterrence? There is a lot of Signal-targeted spam these days, specifically through the leaked number databases. It has almost reached the WhatsApp/Viber level of scale where I live. Convenience and security rarely go hand in hand.
If someone uses iOS, what kind of privacy are we talking about, regardless of what's being offered on the application level? It's like typing in the most secure password manager on a keyboard with a hardware keylogger embedded into it. Those who use iOS look like someone who deliberately wants to get pwned, and if one really is privacy-serious, any apple (as well as m$ and google and xiaomi/huawei/etc) products are the first things to get rid of unless you can install a fully custom FOSS system on them. If possible, I'd advise to get rid of anything with non-removable batteries either (unless you can Faraday-cage those things when necessary), but, alas, as of now I can't follow this recommendation myself.
Don't get me wrong, I salute any privacy-improving effort, but a service running on top of the the stock irreplaceable vendor's spyware and collecting phone numbers (which are sometimes totally KYC in some countries, luckily not in mine... yet) upon registration hardly looks like any improvement. And to those who don't know the real deal (and don't buy temporary SMS verification specifically for this purpose), such services can give a false sense of privacy and an illusion of safety. Because you know, there are some places where you can get arrested just for using encrypted calls. With exposed numbers, it is too easy to confirm that you are you (even if they are not KYC but used for PSTN calls or other signups). So, even to noobs, I'd recommend Linphone or SimpleX instead.
You're right. I should have added "ostensible" or "supposed" spam deterrence. I think the new username feature will make that better. Curiously, I've never experienced spam on Signal.
Yea, I agree with you about the iOS thing, but that's more of an iOS problem. I don't trust or use iOS. I was just saying that Signal is available outside of Android.
Hell yea, SimpleX is my go to