Imagine if they pivoted to Nostr auth 🤯
reply
That would be very surprising to me.
reply
isn't it open source. couldn't someone do this now? I think there's an android build that's slightly modified eg uses tor by default or something
I know in the US it is much harder to get a cell phone number without KYC than it used to be. It is still doable and you can use services like silentlink to do so with bitcoin. But, I am not aware of how difficult this is to do in other countries. Anyone care to share?
reply
Mexico is easy.
Aside from that, registering anything with phone numbers is a total No Go security wise.
reply
silentlink was easy to set up for me in canada, but i was only using it for data.
having a local phone number that i could receive texts on became important eventually, and ultimately ended my silent link experiment.
the one thing i couldn’t get around was that my bank required 2FA and they only allowed 2FA via text or call.
reply
silent.link has an option to get a number too. But it costs more money.
reply
true, silent link’s price for a number is much more than a cheap canadian carrier though, so went that route
reply
crypton.sh provides an online SMS service, good rates
reply
impossible in Belgium, I need to drive to the Netherlands to buy a sim without KYC
Definitely about time. But curious timing, after waiting so long.
The cost of creating a new username and spamming users is zero and extremely scalable now. If they did this, they’d have to integrate with some other form of “hooman” verification I imagine. Probably via a one-off payment, like Twitter seem intent on pushing.
reply
Not sure about still using signal after the Tucker debacle....
Tucker claims he was texting russ.ian contact setting up interview with P u t in - and afterwards contact from intel agency read back his text to him over the phone.
reply
Quite likely that the "Russian contact" was an FBI agent. Nothing to do with Signal's security.
reply
Its very annoying when media figures say crap Luke this with no follow up. It goes both ways. If there is an issue let's expose it so it can be fixed. I still wonder if Tucker is an asset sometimes. Don't trust him.
reply
First off don't trust someone like Tucker on technology things. Second it is very likely the issue was human security failure. It almost always is. We are the weakest point of failure.
Also very possible the message was SMS and not over signal. They used to have this feature. If it were an actual weakness in Signal he should contact the devs and report it so they can resolve it.
I don't trust Tucker either. We should not be basing our opinions on media figures period. Even if you agree with them. Trust the math or don't use Signal.
reply
Welcome to 2012
reply
signal cannot be self hosted, insists on google locate-ya captchas, the build cannot be reproduced, and is heavily phone number centric
it's honestly no different to facebook whatsapp or telegram
time to switch to truly private messengers like Simplex, Session, Briar, or self hosted matrix/element
reply
It is different. It has flaws like those you mention but you are over simplifying incorrectly.
reply
it does have differences that make it better than all the other phone number based systems
still better to avoid anything that collects phone numbers though
if you must use Signal servers, it's best to use Molly as the client, and a throwaway or virtual phone number
Think I'll stick with 0xChat, thanks.
reply
More people on Nostr concerned about the metadata leakage of NIP-04 messages needs to use 0xChat and its Secret Chats feature.
reply
Finally.
reply
Try to kill Session App
reply