I'd love to use Signal, but are you required to grant it permission to access your contacts?
I loaded it up and declined to let it access my contacts, but unfortunately it seems like it won't let me attempt to send any messages. I just get a screen that always says "None of your contacts have Signal!"
From what I understand, the reason it wants access to my contacts is to make it easier for me to find out which of my friends already use Signal or TextSecure. But none of my friends use these apps, and my goal is to get them to start. Unfortunately they'll refuse to use it if I have to tell them "Well, you'll need to let Signal upload all of your contacts to their server."
I was hoping for the ability to send a message by typing in a phone number directly. Does anyone know if this is possible? If not, would it be possible to add this feature?
Maybe it could work like this: You tap "new message" and then type in a phone number, just like how regular text messages normally work. Then when you're finished typing in the phone number, the app checks with Signal's server to find out whether that number uses Signal. If that number doesn't use Signal, then the app pops up a message saying "Your friend doesn't seem to be using Signal."
That way I can ask my friends to install Signal and send me a message. When they load up the app for the first time and Signal asks to access their contacts, they can click "no" and then type in my phone number directly.
It seems like many people won't be comfortable letting Signal upload all of their contacts, so unless there's some way to call or send a message by typing in a phone number directly, those people won't start using Signal. I'll have a hard time convincing my friends to use it without this.
It's a cryptographically well-audited replacement to iMessage, Skype, and traditional telephony, all of which leave room for governmental and malicious meddling.
It's not really a replacement, more of a secure alternative. Ideally it would be possible to totally replace iMessage with Signal allowing non-secure messages from legacy contacts. However, even if the team were so inclined Apple does not provide adequate messaging APIs. For example, there is no way to intercept an SMS message, see message history, etc.
TBH I think keeping SMS separate from an ip based communications method is better. Lets not pretend that SMS is secure. The only thing I would find missing are quick reply APIs.
How are IP and SMS traffic different, other than "packet" size and encoding constraints? Both are easily interceptable and spoofable, necessitating strong crypto.
I don't see how chacha20/poly1305 is somehow "worse" over SMS.
The difference is mostly that in case of SMS, metadata leaks to carriers. In case of Signal/TextSecure/RedPhone, some limited metadata leaks to Google Cloud Messaging and Apple's equivalent platform (I can't remember the name). That's necessary because of scaling problems with push messages, but I understand there is work going on to develop a self contained alternative using WebSockets.
