Great question! It's a good way to make it easy for general-purpose users with limited technical expertise to adopt, use, and find one another.
> Seems pretty weird for a “secure” program.
You're right! It's definitely weird, but it's also understandable as a tradeoff in favor of less technically adept users. It's not one I'm in love with, but I think it makes sense.
> And why does it use AWS? Isn’t that subject to all kinds of privacy risks including National Security Letters?
The risk from NSLs depends a lot on what is hosted. If it's opaquely encrypted blobs, there's minimal risk. And where could things be hosted that wouldn't be subject to privacy risks from a government of some sort?
> Why isn’t Signal just a Free and open source, infrastructure-less p2p solution?
That's such a good idea that Signal is already a Free and open source solution!
That said, nothing is ever actually infrastructure-less, just like no data store is actually schema-less. There's just explicit infrastructure and implicit infrastructure. Implicit p2p infrastructure is not immune to governments or NSLs, and is often subject to more by virtue of being in more countries.
No comments yet.
