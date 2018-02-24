Signal, WhatsApp Co-Founder Launch 'Open Source Privacy Technology' Nonprofit (thenextweb.com) 32
An anonymous reader quotes The Next Web:One of the first messaging services to offer end-to-end encryption for truly private conversations, Signal has largely been developed by a team that's never grown larger than three full-time developers over the years it's been around. Now, it's getting a shot in the arm from the co-founder of a rival app. Brian Acton, who built WhatsApp with Jan Koum into a $19 billion business and sold it to Facebook, is pouring $50 million into an initiative to support the ongoing development of Signal. Having left WhatsApp last fall, he's now free to explore projects whose ideals he agrees with, and that includes creating truly private online services.
"Starting with an initial $50,000,000 in funding, we can now increase the size of our team, our capacity, and our ambitions," wrote Signal founder Moxie Marlinspike (a former Twitter executive).
Acton will now also serve as the executive chairman of the newly-formed Signal Foundation, which according to its web site will "develop open source privacy technology that protects free expression and enables secure global communication."
WhatsApp created 2009, started introducing encryption in 2014 after competition had done so. Took a while, eh.
It makes sense that Koum didn't change his worldview just because of that.
Cool story, bro. But if you RTFS, you'll see it's Acton they're talking about.
Reading stuff like this makes me very happy, and restores some of the hope that I've been losing as I age.
There is no valid technical reason for requiring the revelation of a mobile phone number for enabling an account instead of f.e. using e-mail, and since the application is not monetized in any way - no ads, no end-user costs what so ever - people should ask themselves what the true gain is from pouring millions of dollars into SMS costs etc. to keep Signal running without a single end-user dollar going back to the operation.
That is why you use a prepaid SIM card and toss it after registration, if you are really concerned about such things.
Everyone else who has tried to do so has failed, but the market needs it, and with tens of millions of dollars and a reputable brand, maybe Signal can make it work. We need something with Apple-like security, the flexibility of Android, and FOSS.
I don't think the Purism Librem 5 is going to succeed. The hardware specs are too old and the direction they're going is too niche and non-functional to work for the typical user.
First, Signal doesn't run over SMS at all; it routes over IP and calls are VOIP.
Second, call metadata is already retrievable by any mass surveillance operation. Signal does offer an option to relay all calls through their server, obscuring the metadata. Because it runs over IP, you can also route Signal through a VPN or even Tor (though probably not reliably).
Yes, I was going to post the same thing you just did, but you beat me to it. (All for the better; it would have languished at score:0).
I never had to give anyone my phone number to chat via IRC back in the day.
I never had to give anyone my phone number to chat via XMPP.
I won't do it now for Signal or whatever else. There's no reason to turn the internet into a platform where all social graphs are tracked by somebody, even if that somebody pinky-swears not to sell that data.
...but who you are, when you talk, and who you talk to is divulged.
Unless you want to set up, maintain, and continually vet the operators of an onion router network, there's really no way to hide this information from everyone but your conversation partner.
However, you are already putting a very large amount of trust in the devs of and operators of Signal. If they are malicious, then they can release an evil client that fails to correctly encrypt your data.
You need to register on a central server using your unique mobile number.
According to this Wikipedia article they've so far only once had to hand over data.
Interestingly this data is limited to the time the registration was done and the last time you accessed the service.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Their privacy policy:
https://signal.org/signal/priv... [signal.org]
Reading material for the rightfully paranoid:
https://medium.com/@thegrugq/s... [medium.com]
Yes in some lawless* places it would be illegal.
* Lawless as in no constitutional or in law enshrined right to privacy.