undefined | Better HN

0 pointsmotohagiography5y ago0 comments

It has other features, but the main point of using Signal is to send encrypted messages to people using the PSTN directory service (e.g. phone numbers). You are still in that sandbox.

The secondary feature it it ostensibly encrypts messages at rest on your device so they cannot be decrypted and read by other apps. (Assuming that's true.)

If you want a more secure messenger, use Wickr, Riot/Matrix/whatever it's called now, or protonmail or something similar, as these don't depend on the phone directory for identity and so they resist some traffic analysis and contact tracing as well.

The threat model is both the business model and use case for security products, so talking about the features or implementations outside the context of the threat model is going to just add uncertainty, imo.

0 comments

3 comments · 1 top-level

frabbit5y ago· 2 in thread

Sure. Agreed. I was responding to your statement that you can send encrypted SMS messages using that handy PSTN directory access provided by Signal.

You can't.

I think this is a common misconception.

motohagiographyOP5y ago

Open loop criticisms are why I often can't stand other security and crypto people.

To be clear, if someone is a Signal user, you use their phone number for directory discovery and initializing identity, then Signal messages themselves are encrypted and transported via Signal servers using WebRTC as a transport protocol?

I think without a sequence diagram, most discussion of security protocols is pointless.

frabbit5y ago

Signal does not send encrypted SMS messages. Period. It can send encrypted messages but they are not SMS.

I think that without using the same words that other "security professionals" (which I would not class myself as) use most discussion becomes absolutely pointless.

j / k navigate · click thread line to collapse