Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even Signal doesn't match the requirements set by this blog post.

It too has frequently prioritized features and usability over security. For example:

- Relying on SGX-based security for some of their features (e.g., gif search) while SGX has been thoroughly broken again and again

- Using phone numbers as account ids, which allows nation states to capture just one phone and immediately unmask the IRL identities of all other group chat members and contacts

Signal's authors have previously argued that it's better to give a some security to 100% of people than 100% of security to some people. Which is why they cooperated with WhatsApp on their encryption, or why they used phone numbers to ease adoption.

Matrix for example is doing exactly the same, just with a slightly different focus.

This narrow view of "Signal competitor" is more harmful than good.



>Using phone numbers as account ids, which allows nation states to capture just one phone and immediately unmask the IRL identities of all other group chat members and contacts

Incorrect. Accounts can be set to not make the registration phone number either visible or findable by (or both) contacts.


This is a fairly recent change for the better.


unmasking the other people in the group is news to me, you got a source for that? lol


Signal uses phone numbers as identifiers. Due to KYC laws phone numbers are closely bound to real-world identities.

If the police is able to unlock one person's phone, even if that person used self-deleting messages, they immediately know the identity of every other person that person chatted with.

Signal might as well have used your SSN as your account ID, that would have been just as private.

Luckily Signal has finally started fixing that in the past few weeks.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: