Comment by godelski 16 hours ago
> if they don't have a good way of enumerating other Signal users?
Btw, if you don't accept message requests from spammers they have no indication of if you have an account or not. Try sending a message to a friend who you haven't added on signal. You can just see you sent the message but not if it was received or rejected or anything. Not until they click accept
> Admittedly not an amazing user experience to have to share a random string to your friends
It's also harder to then do contact discovery to find who's already in the network. Which is the basic principle of any social network (yes, I'm calling old school landline phones a social network too). It's a tradeoff, right?
And it's worth noting that usernames exist now and this is serving as a bridge. You can provide links and QR codes too. I think this is a fair system and allows my grandma to use signal while still providing a path forward to another paradigm.
This brings me to one of my critiques of signal. I wish they would recognize we all have multiple identities. My real name obviously isn't godelski. But I might want to link my contact here on HN but not reveal to those people that my actual name is "Joe Schmoe". We don't need unlimited identities but having 2 or 3 could really do a lot for privacy. Let me have a little more granularity over my privacy settings. Let me have some people contact me via godelski.## and some by joeschmoe.##. The former sees my name as "godelski" and the latter as "joe".
And to be clear, the phone number issue is privacy related, not security.
> not an amazing user experience to have to share a random string to your friends
It doesn't have to be that way, at least in theory.
They can nerf accounts without verified phone numbers to be unable to reach verified accounts. And delete idle unverified accounts sooner, to combat potential DOS.
People who believe their phone number will be used to deanonymize them, can just use an account they keep unverified, and exchange IDs via other channels. It's harder, but for these people it will be worth it.
The rest of us can verify our phone numbers, and enjoy the easy discovery. (The way it is now.)
Machine-created, unverified, spam accounts will have to brute-force address space way bigger than that of phone numbers, and still only be able to reach other spam accounts, or an occasional very privacy-sensitive user.
I have no idea whether the above is technically possible, though.
You can't brute force it if the ID is large enough. E.g. if it's a 256 bit ID, sending 10^18 brute force messages per second it would still take 10^41 years until you hit a real user (assuming 6 billion users).
"Can I contact you on signal? Just wait for a few minutes while I type this 64 character long hex string".
I know you can work around this with QRs, but that's poor UX, has many failure scenarios and takes a long time. In comparison, you can just tell someone your phone number, even without neither of you having a phone nearby - you just need a piece of paper and a pen.
Signal brought security and privacy for the masses, because it - correctly - prioritized ease of use over tech-nerd paranoia.
> but that's poor UX, has many failure scenarios and takes a long time.
Is signal the right tool for those hyper concerned with both security and privacy? No. But is it the right tool for the average person to securely communicate and get some good privacy? Absolutely.
People forget the GPG days. GPG had a huge flaw back then: you can't send GPG encrypted emails if no one was going to read them. It didn't become viable until that part was hidden in the background.
It's even easier than that since you already have the phone numbers in your contact list, they will just show up as soon as you sign up.
Good luck brute force guessing an Ed25519 keys (32 bytes).
Honestly there are so many better options than phone numbers available. If you're already using QR-codes to transmit user ids, you might as well use something that is transferable and user generated.
You're reading the problem wrong. Yeah, even considering the birthday problem you're going to have a hard time finding a valid key.
But now we have a discovery problem. How do I find my current contacts? Do I need you rebuild my social graph from scratch? Good luck getting my friends with PhDs in computer science doing this, let alone my grandma.
Entropy is a double edged sword. IMO signal is doing a good job here. We can go drop phone numbers completely when enough people are using signal. But while the userbase is low it's probably worth the 3 spam messages I get a year. I get more than that in a week on my iPhone and more than that a month when I used Android. So I'll take the trade.
And I must stress, the phone number issue is about privacy, not security. At least with regards to signal
One can still use simpler contact information like a phone number, email or QR code to transfer a user id.
While I love what Signal has done, the compromises are significant. I use Secure Scuttlebutt, Cabal, Spritely Goblins, Tor, email and a variety of other P2P software on whatever device I like, but Signal requires a phone with Android or Apple, and requires that I lock my id to my phone number.
> the compromises are significant.
> I use Secure Scuttlebutt, Cabal, Spritely Goblins, Tor,
Honestly, I don't care how secure or how private (phone numbers are a privacy issue, not a security issue) if I have no one to communicate with. You need to solve the mass adoption problem.
If it's a sufficiently long random string, that shouldn't be possible, right? Admittedly not an amazing user experience to have to share a random string to your friends, but many Signal-like apps do this.
Great point that requiring a friend request beforehand kind of eliminates the issue too. I assume the Signal developers do have a good reason for thinking requiring phone numbers reduces abuse, but I'm having trouble understanding it.