undefined | Better HN

0 pointscodedokode3y ago0 comments

In my opinion "secure messenger" should protect from any actor. If we start making exceptions then it cannot be called secure anymore.

Signal requires extra information that is not necessary for exchanging messages. That is at least suspicious. If you are fine with giving away your number you can just use WhatsApp or Telegram.

0 comments

cpach3y ago

“If you are fine with giving away your number you can just use WhatsApp or Telegram.”

Those projects do not have the same high standards as Signal has. Especially not Telegram. I use Whatsapp for convenience/social reasons, but I definitely prefer Signal for the additional security. Telegram I don’t use at all.

I don’t believe it’s reasonable to throw out the baby with bath water, just because Signal requires a phone number for registration.

Protection from “any actor” would of course be nice – but do you really believe that threat model is reasonable?

Would using Session, Matrix or OMEMO protect against any actor whatsoever?

If we want to base our discussion in reality, I do believe we need to talk about threat models in more detail than “I want protection from any threat actor”.

Let’s take an example:

If I send a message to a friend I don’t want any script kiddies, ISP, cloud provider or advertising agency to be able to read it. I don’t want any passive eavesdropper to be able to read it e.g. by slurping up all traffic from my nearest IXP (i.e. dragnet surveillance). However, if Five Eyes/Mossad/MUST/FSB really wanted some intel on me, they would probably be able to retrieve it if they were willing to spend some resources. But probably not by decrypting my Signal messages. There would be other, far cheaper ways to retreive the info.

codedokodeOP3y ago

Your phone number and messages can easily be leaked if there is a vulnerability in your smartphone OS or Signal app. However if you use a messenger not requiring a phone number, then attacker gets only the messages.

Also as I understand you have to give your number to your contacts to be able to chat with them. For comparison, Telegram allows adding contacts without sharing a phone number. So in Signal all contacts know your real identity and your location.

cpach3y ago

I’m not convinced about the reasonability of this threat model where leaking messages is fine but leaking the telephone number means game over.

However, I do understand that sharing one’s phone number is problematic for some users.

With that said: Until Signal implements user names in their system, please note that the user is not required to sign up for Signal with their primary telephone number. One could use Google Voice or a prepaid SIM card for example.

j / k navigate · click thread line to collapse

0 comments

cpach3y ago

“If you are fine with giving away your number you can just use WhatsApp or Telegram.”

I don’t believe it’s reasonable to throw out the baby with bath water, just because Signal requires a phone number for registration.

Protection from “any actor” would of course be nice – but do you really believe that threat model is reasonable?

Would using Session, Matrix or OMEMO protect against any actor whatsoever?

If we want to base our discussion in reality, I do believe we need to talk about threat models in more detail than “I want protection from any threat actor”.

Let’s take an example:

codedokodeOP3y ago

cpach3y ago

I’m not convinced about the reasonability of this threat model where leaking messages is fine but leaking the telephone number means game over.

However, I do understand that sharing one’s phone number is problematic for some users.

j / k navigate · click thread line to collapse