I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

  • ryannathans@aussie.zone
    4·
    2 days ago

    It doesn’t “mess with your contacts”. You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.

    It’s robustly encrypted and quantum secure, without metadata leaks like the sender of a message.

    It’s recommended by Edward Snowden.

    If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.

    • rirus@feddit.orgEnglish
      32·
      1 day ago

      CONTACTS ARE UPLOADED

      Robust encryption isn’t useful if you don’t verify the fingerprint and signal makes that not intuitively.

      SIGNAL CLIENT HAS UNFREE SOFTWARE INCLUDED

      • ryannathans@aussie.zone
        2·
        20 hours ago

        Contacts are never uploaded

        Hashes of some numbers are if you enable contact discovery

        Verifying keys is easy, what are you talking about?

    • solrize@lemmy.world
      4·
      2 days ago

      Do you mean the client side is open source? What about the server? If you’re required to use Signal’s server, how do you know it’s not disclosing metadata? If you can self-host it, why the phone number?

      • ryannathans@aussie.zone
        3·
        2 days ago

        The idea is you don’t need to trust the server

        Messages sent don’t contain a readable sender field

        Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control