> We’re all on the same side here, guys. It’s just a matter of temporary compromise.
I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.
> There is not a federated messenger that provides the same security as Signal.
Actually, there are federated messengers that provide better security and privacy than Signal. Yes, XMPP ones. They might not have the same convenience yet, yes, because they are not tied to phone numbers, but don't even get me started by trying to say that tie to phone numbers is a plus.
Conversations, Xabber, Chatsecure. Any of these is more secure than Signal: they are not tied to phone numbers (means: way more privacy), work with TOR easily, and starting a secure conversations is no more difficult than 'add contact' (enter contact XMPP id) -> 'press lock' -> you're ok, chat is private, and your phone number is not exposed.
Actually, this phone number thing is the main reason why I find it hard to suggest using Signal to anyone who's life is on the line.
Can you explain why any of this is more secure than signal with sealed sender? What is the privacy impact of tying to a phone number, beyond the one bit: I have signal?
As far as I can tell, sealed sender leaks less metadata than omemo currently does, which makes tor etc. Mostly irrelevant. Plus, I'm not going to fuck up signal, while I will misuse Tor.
That's not a threat model, and not generally possible (or even desirable) with something like a messaging app. So again, what is the threat that you wish to address that you believe is only solvable with multiple identities?
This is an important question, because cryptographic repudiation and secured metadata prevent most of the dangers that I can think of, but I might be missing some.
If your life is actually on the line you are better off doing some research on how to use PGP properly. Otherwise you have no good way to know if you will end up with something strong enough to use against state actors. The simplicity and strength of PGP is hard to beat. Riseup.net has an entire section mostly about OpenPGP:
Here's the Signal version of the riseup.net article:
> Purchase a modern android or iOS device and install Signal. Your communications are now secure.
Given the security provided by signal, why do I need to understand the message authentication schemes, private key management, keyservers, versions, etc.
> The simplicity and strength of PGP is hard to beat. Riseup.net has an entire section mostly about OpenPGP:
Given that, in practice, basically no one's use of PGP provides security or privacy beyond what I get when using Gmail or Outlook, I beg to disagree.
How in god's name can you claim that a 6 page article describing the ~20-30 steps to correctly set up a keyring (oh and then keep up your opsec for the life of your communication because pgp doesn't provide forward secrecy and the protocol makes it possible to transfer plaintexts unencrypted) is simpler than "Install signal, and send messages"?
They're secure right up until the point someone with the ability to do so spoofs your phone number.
And yeah, Signal will detect that and inform the other side that "security number has changed". At which point they'll promptly confirm the new one, because they don't understand its purpose anymore so than private key management etc - because they simply installed the app from the store, and expect it to "just work".
> Signal will detect that and inform the other side that "security number has changed"
Specifically, it will say "Your safety number has changed...This could either mean that someone is trying to intercept your communication, or that <other party> reinstalled signal."
Even for a layperson, if they have reason to be concerned about a powerful attacker that's reason enough to stop.
I have switched quite a few casual users to Signal by now, and in my experience, none of them have paid any attention to those regardless. They don't even bother asking the person through some other channel - just confirm the new number.
Assuredly, but most people aren't actually that concerned about state sponsored attacks on their communications, and for those people Signal is still as good as (or better than) PGP email, but they can safely ignore these notifications because, well, the likelyhood (and the risk due to) a state sponsored attack is relatively low.
Signal can't work on an air gapped system. So it is entirely subject to all the available attacks on the rest of the system it is running on. Someone risking their life no the overall security of something like, say, a smart phone is not being wise.
Something like Signal is OK for most people, particularly if they trust the Signal company. But when things get serious you have to:
1. Know what you are doing.
2. Keep the device that is doing the encrypting as separated from the rest of the world as possible.
If this is the kind of thing you're resorting to claiming, we're well beyond reasonable forms of argument, and so I think it's safe to say that you agree that signal is better.
No communication protocol works on an air gapped system, and a modern Android or iOS device is going to be secure enough that you really don't need to use a special device for your messaging.
The riseup article doesn't mention anything about using a special device for your secure messaging, so I'm not sure why you think it's so important all of a sudden.
I get that, and I actually agree with you on almost this whole comment. The problem of the temporary compromise on Signal is that I don't believe it is temporary. Signal is actually good enough to prevent the transition to the optimum. Being non-federated, Signal will always have a single point of failure, but this will get masked until it is eventually exploited.