I like the idea. But I’m pretty happy with Signal. Signal does require a phone number I think, but otherwise seems very similar.
Grounding identity in a phone number is very reasonable for almost all normal usage. It makes recovery simple. It does block the ultra paranoid use cases though. Oh well.
Session is not similar to Signal.
Session aims to provide anonymity, Signal aims to provide privacy.
>> Grounding identity in a phone number is very reasonable for almost all normal usage.
Yeah if you compare that with Facebook messenger and other such services but if you want secure communication it's not reasonable.
> otherwise seems very similar.
It's worth mentioning that Session had started out as a fork of signal.
>Grounding identity in a phone number is very reasonable for almost all normal usage
In many jurisdictions, telecoms form an abusive oligopoly, and you need to provide a state-issued identity document to get a phone number.
That is not at all reasonable for normal usage - unlike well-known non-abusive authentication methods, such as a keypair; or its even simpler cousin, the username/password.
I guess it depends on what you consider normal. Most of the humans I know find it vastly easier to produce a state issued id to an authority than to generate a public/private key pair.
What's easier: to obtain state ID, or to sign up to a website with your preferred username and password?
Well, I and a lot of the people I'm going to talk to through things like Signal are going to have a state ID regardless as I live in a country where one practically needs to drive a car to function in society.
On top of that so many other things just inherently expect one to have a phone number. It would be somewhat odd to not have a phone number for most of the people I know and talk to through platforms like Signal.
So to your question of which is easier, having the state ID and a phone number is easier because I'll already have that for a multitude of reasons.
If you live in a place where its rare to have a phone number, then yes I agree Signal probably isn't a good choice.
Obtaining your first id is obviously difficult. But so is obtaining your first computer. If you’re on good terms with your government, obtaining the id is easier. That’s really the key. Sure if you focus on hostile states this stuff all makes sense. If you’re insistent on hiding from authorities then many things become much more difficult, by design.
signal is really crappy. It fails at the most basic feature which is : deliver the message on time.
does it? have you been trying to use signal while disconnected from the internet?
I had a friend who complained about this too. I never understood it. She had a really cheap old android phone. Maybe that’s the issue?
I primarily use a nearly-bottom end android phone that's a few years old and just recently switched to an even older, even lower end android phone that is six years old. Neither has that issue.
Obviously, I'm not really claiming that it's not possible people are experiencing this issue, but it can't possibly be widespread.
I feel like most likely people are using android skins that aggressively kill apps in the background.
I have that exact issue on a couple of not exactly low end Samsung phones. Holding them side by side with signal open. Delivery times vary wildly. Whereas WhatsApp just works (though I hate it for other reasons)
nope, iphone here, and quite recent. But it's not just me, all the people i communicate with on this app have the same kind of problems. With a group of friends we even had a totally weird ordering of messages, making the conversation quite absurd.
There's something deeply wrong with the way signal delivers messages...
Signal's code quality is not conducive to security. They had an extremely bad state management bug that resulted in photos being sent to random contacts in your list (potentially life ruining implications if you're sending private photos).
For this reason, it's hard to trust them. The encryption quality is irrelevant if the slop coded client is blasting random photos to random contacts.
Source?
It would've taken you less time to Google, but sure: https://www.bleepingcomputer.com/news/security/signal-fixes-...
Send a GIF to Contact A, Contact B receives random private images? Absolutely inexcusable slop code project. This class of state management bugs should not be possible with a well-architected client, period.
Signal's E2E encryption is more like End 2 Random End.