Hacker News new | past | comments | ask | show | jobs | submit login

I agree with 13.

There needs to be a way to have an account that is not tied to a SIM card or any kind of phone number.

I'm frankly astonished there's even a debate about that.




I'm just astonished that there's even justification for it not being an option. Bang on about easy discovery all you want, there's lots of people who don't want to give out their phone number for no good reason to some strangers.


This is nowhere nearly as simple as "you just published your phone number to TextSecure":

https://whispersystems.org/blog/contact-discovery/

It is a very real security issue, too. What Matt Blaze is talking about with "extra namespaces" is a giant piece of attack surface TextSecure is avoiding.


We're getting back to the issue of 'usability' though.

My desktop has no phone number, my tablet has no phone number and .. I have multiple phones, which have different phone numbers. I would like to use a single IM account (hey, like with mail. Or xmpp).

TextSecure doesn't allow that. TextSecure is not usable in these scenarios. It's not about "Could TextSecure leak my number", it's more about "The current architecture of TextSecure makes no sense for these use cases and seems to be quite close to WhatsApp et al - even before their agreement".

A telephone number is not an identifier, it's not stable and it's not something you can expect as 'given'. This is a broken system. As 13, the thread starter, mentioned.


It's not a "broken system". It's one that doesn't work for your particular use case. As Matt Blaze pointed out in his Twitter message and I did here: simplifying "identity" down a phone number sidesteps a complicated security problem that has created flaws in other applications and will continue to do so.

I'm sorry you can't use TextSecure right now; it's the only encrypted messaging system I actually like (though I think you can get by with OTR [but not group OTR!] and GPG). They have to start somewhere, though. And it's far better than they get a simple case right than an ambitious case wrong.


You keep talking about "discovery".

I don't want to be discovered.

I don't want my Signal identity to be tied to any phone number.


Use other tools. There's plenty of alternatives for secure communication. The OWS apps have a specific purpose that's closely tied to how smartphones are used.


I think that I'd be happier with social-network discovery: I can see my friends, and those of their friends whom they have shared with me; I can then ask to become friends with those whom I know, and then see their friends, and so forth. My namespace would be local to me, but I could browse my friends' namespaces as well.


Having a way to work without a phone number would also be a requirement to use it on a desktop/laptop or tablet.


You can install Signal on a WiFi-only iPad and use any phone number to register. This will also be the case for the upcoming desktop client.


Get a Google Voice number (Free. Use throw away account) and use that. There are instructions out there on how to connect a Google Voice number to Signal.


I don't want to get any number. I want to have any number of throw-away accounts active in parallel on every device.

Just as with jabber, e-mail, IRC and every other open messaging technology.


Which you can only do in the US.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: