Yes, and I acknowledged that in my own post. But it took years to get to the point where they are even talking about upcoming support for this, let alone actually providing it. In the interim, this aspect of great importance to people living in authoritarian regimes was ignored.
I agree that it's unfortunate that the initial attachment to phone numbers has thus far made Signal harder to use for dissidents in many countries. But I can also understand that there are legitimate constraints that led them to go this route initially (abuse & spam prevention come to mind).
I can also acknowledge that it's a universally good thing that they are moving in a positive direction here, and I do not hold it against them for being unable to solve all problems for all people at the same time.
NSLs are a problem generally, but I have a lot less concern in Signal's case because they have no data, and they'd have to be forced to make significant software modifications to enable targeted interception of messages. This is something I expect they would be motivated to fight, more so than any for-profit company might.
Let's acknowledge and appreciate progress where it is being made.
It has taken years: one of the major GitHub issues requesting alternate identifiers than a phone number for privacy’s sake dates from 2014. [0] The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
> The devs last year started to speak publicly about making the change, but they were aware of the privacy concerns among users for much, much longer.
You realise that this is something completely different than what you wanted to imply are you? Up until they introduced the PIN, they've been defending the phone number. Just because someone had a issue on github, doesn't mean they've been working on it...
Whether they were working on the Github issue or not, is irrelevant. Those Github issues (if not their own intuition already) would have already made them aware that by requiring a phone number, they were compromising user privacy. Of course they had their arguments for requiring a phone number.
You think I’m knocking the app. I’m not, I think it is the best option available. I just feel that as long as the phone number was required, they could have been clearer to ordinary users about the threats that Signal aimed to protect users from: advertisers and ordinary criminals, sure, but not necessarily the state authorities, and so it might not be suitable for dissidents for the time being.
Exactly, they have made arguments for the usefulness of the phone number as an identifier. But to the best of my knowledge, they have never specifically acknowledged in a blog post the state’s linkage of phone numbers to individual identities in many countries today, and the risks that this poses to dissidents.
Moxie is one of the best security researchers in the business, he was definitely aware of this before anyone ever brought it up on GitHub. Was it really so hard for the Signal devs to acknowledge this downside on the blog?
