Looked into it again and it really did. I can see why the international community seems to prefer Telegram. I do wonder if their encryption protocol has been audited as extensively as Signal’s.
Also, on Signal for Android at least, you need to permit the app being able to see your contacts. If you deny that, then there is no way for the App to check and notify people with your number that you are using the app?
Or was it saying that the server is checking your number against other users who have allowed the app to access their contacts?
If I’ve done so, please tell me where I’m wrong and please post a reference.
I didn’t read everything about Signal and to criticize and discuss it I believe I do not have to. And I’m really willing to learn if I’ve been wrong.
BTW, I asked on the Signal forum about this. I’m not sure if those who commented were developers or just people believing that they know what they are talking about.
For that reason I checked the behaviour I criticise in a test setup and was able to reproduce it. You can try for yourself if you have a second SIM.
Just in case this didn’t become clear: If I’d known about this behaviour beforehand or if I’d have been informed about it during install I’d not have registered with Signal. That’s my main critic: Not telling the user what will happen.
Thanks @Quarnero - that is really the information I’ve been looking for and that should be presented to any new user during registration and for this I believe they should ask for consent. If I missed it during registration, I missed it twice and maybe I’m dumb.
But I really read the stuff during installation, because I do not want any software on my mobile that allows others to send me messages without at least the cost of an SMS.
With the move to do away with the use of numbers, which I believe is the app’s strongest objection worldwide, all of this will be a moot point hopefully in the future. Threema for example does not require a phone number to register with the service. It is almost a carbon copy of Whatsapp.
Feature wise, Signal is absolutely feature complete. It really is a great chat app.
This is called Private Contact Discovery Service and for the sake of transparency (and if reaction to this thread), here is another telling info, recently published:
IMHO, accepting this as trustful and justified or not (by considering other available options), my personal interpretation of it (in context of seller … user or perhaps in context of both) is actually what counts here or there, for my private or some other user needs.
The point is that if you want to use Signal, you are forced to use proprietary software because of libraries dependency.
Even if you trust Signal, you cannot trust such proprietary libraries.
I don’t see why you are forced to use proprietary software. Installing Signal doesn’t install those software. If the PlayServices aren’t installed on your phone, you won’t have push notification, that’s all. And if you want push notification, then you can install MicroG, which is an open implementation of them.
Edit: I’m not sure how to write on the FSF wiki to tell them that… Can someone please guide me?
This. No proprietary if Google play services aren’t installed. Push notifications are not entirely necessary anyway. Just check messages when you have time.
Within Signal, you get push notifications without Google Play services via websockets as a fallback. Can confirm this works as good as the proproprietary dependant solution so no problem here.
I’m curious about the power use of a web socket solution. That would only work if the signal process was always sunning in the background. That is kind of the whole point of push notification. It allows the app in question to not even be running.
