On 07/02/2019 05:18 AM, Robert J. Hansen wrote: >> Signal went the other way. Build a verifiably secure communications >> platform so easy that literally anyone can figure it out. > > I think this is a misunderstanding of Signal.
<SNIP> > Signal is, by its very nature, tightly tied to one specific > communications platform -- that of the smartphone. It's not likely to > break out of its home. And not only that, it's tied to one of the least privacy-friendly aspects of smartphones: the phone number.[0] | Requirements | | Signal uses your existing phone number. | | The number must be able to receive an SMS or phone call. Sure, it's not necessarily the number of the phone that you're using Signal on. But it's gotta be a number that you can use, and which others can't use. So what do you do, to avoid geolocation? You can't use one of those shared SMS services. So what, lease a SIM from some SIM farm in wherever, and hope that they're honest? There's also the issue of actually using Signal while preventing geolocation. You can't just use Tor, which itself is nontrivial on smartphones, because Signal needs UDP. So you're stuck with VPNs, where you must trust providers. It's frightening how popular Signal has become. Especially for people whose lives are threatened by geolocation. If I were paranoid, I'd say that it was a honeypot. But whatever. Something using Tor onion services is probably the best option. Unless Tor is also a honeypot. <SNIP> 0) https://support.signal.org/hc/en-us/articles/360007318691-Register-a-phone-number _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
