Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you have something _in evidence_ indicating that Signal is abusing contact information?

The rest of this is scattershot: what matters for the overwhelming majority of use cases is end-to-end encryption between parties that know each others' identities but aren't necessarily technically proficient enough to play key management games. This is the user story that matters for dissidents, journalists, public figures, and ordinary people: if you aren't servicing those people, then it's extremely likely that you're (1) servicing nobody at all, or (2) servicing people who treat security as a LARP rather than a practical concern.



Signal is not the abuser, threat actors are.

> between parties that know each others' identities

And Signal needs to collect their identities and reveal them to each other despite the risk of one of them getting compromised?

> This is the user story that matters for dissidents, journalists, public figures, and ordinary people

When you are outed as a source, as the romantic partner of an estranged spouse, as the public figure losing an election because of an embarassing message,etc... it matters. And you have not given me a technical reason why Signal can't protect people as they expect it to. None of these people are concerned about the FBI doing a forensic investigation or wiretapping them.

> servicing people who treat security as a LARP rather than a practical concern.

Or normal people who don't know enough to think about security and threat models who simply trust you the tech savvy person recommending them Signal which will protect them, you know, the general population. Matter of fact I would bet good money most signal users don't even know you have to verify each other's codes in person for the e2ee to even mean anything other than false security!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: