top | item 45756950

(no title)

buyucu | 4 months ago

E2EE is nice to have, but not the magic cure Signal advertises it is. The #1 most authoritarian governments access chats is by forcing people to unlock their phone. At which point Signal's obsession with phone numbers becomes a huge liability. You can't claim security while tying a phone number to each and every account.

discuss

akimbostrawman|4 months ago

>The #1 most authoritarian governments access chats is by forcing people to unlock their phone

How would you know this? If they access the data from the platforms server you would never know unlike with obvious forceful physical seazure. The point of E2EE is that the weakest link, the server, is removed. It increases the required threat model from simple dragnet surveillance to high effort targeted attacks. If the client is insecure nothing can protect your data and signal has said that many times.

I don't see how the debate about requiring a phone number is relevant to this discussion since telegram does too.

buyucu|4 months ago

Because I live in a very authoritarian government. That is how I know.

The weakest link is not the server. The weakest link is the user device. There is no security without anonymity.