Incoming links: Tor (anonymity network)
This is a way to host a server that actually hide the IP of the server from the client, just like Tor hides the IP of the client from the server. Amazing tecnology!
This is why it enables hosting illegal things like the Silk Road: law enforcement is not able find where the server is hosted, and take it down or identify the owner.
Basic must haves:
Other cool stuff:
- sealed sender: signal.org/blog/sealed-sender/ Nice!
Missing:
- Tor routing by default:
- option to enable disappearing messages by default:
- community.signalusers.org/t/ability-to-set-your-own-default-timer-for-disappearing-messages-on-all-new-conversations/5144 "Ability to set your own default timer for disappearing messages on all new conversations"
- www.reddit.com/r/signal/comments/jhknuz/default_disappearing_messages_timeout_for_new/
- messages are not encrypted on desktop via the password manager!?!?
- github.com/signalapp/Signal-Desktop/issues/549
- github.com/signalapp/Signal-Desktop/issues/1318
- www.reddit.com/r/privacy/comments/fwux29/signal_desktop_stores_the_encryption_key_in_a/
- whispersystems.discoursehosting.net/t/improve-security-of-desktop-apps-encryption-of-data-at-rest/26494
- community.signalusers.org/t/why-cant-we-lock-the-desktop-app-with-a-password/1383
- web client:
- secure anti-forensic data erasure to attain plausible deniability of disappearing messages:
Previously missing:
- remove the need to share your phone number with contacts: messaging software that force you to share your mobile phone with contacts. This is a deal breaker for online acquaintances:Beta February 2024: signal.org/blog/phone-number-privacy-usernames/
- security.stackexchange.com/questions/231637/signal-contact-people-or-have-people-contact-me-without-revealing-phone-numbe/245665#245665
- community.signalusers.org/t/have-option-to-set-up-username/8723
- www.reddit.com/r/signal/comments/8kybil/is_signal_ever_going_to_include_usernames/
- community.signalusers.org/t/usernames-lets-throw-phone-numbers-in-the-dustbin-of-history/7282
- remove need for phone completely:
- community.signalusers.org/t/a-proposal-for-alternative-primary-identifiers/3023
- community.signalusers.org/t/remove-the-need-for-a-mobile-phone/1543
- community.signalusers.org/t/registering-with-an-email-address/919
- community.signalusers.org/t/username-id-registration-without-phone-number/9800
- community.signalusers.org/t/more-reasons-why-signal-should-ditch-phone-numbers-the-guardian-confirmed-the-identity-of-those-in-the-chat-by-cross-checking-phone-numbers-attached-to-the-signal-accounts/7311
- community.signalusers.org/t/why-is-phone-and-phone-number-required/1425 community.signalusers.org/t/what-is-the-technical-reason-that-i-cannot-use-signal-without-a-phone-number-and-that-i-cannot-use-signal-desktop-without-signal-on-my-phone/11400
TODO what's the fucking official discussion/feature request forum?
- community.signalusers.org appears to be the de-facto non-official one.
- github.com/signalapp/Signal-Android/issues/5372
- whispersystems.discoursehosting.net
- github.com/signalapp/Signal-Desktop/issues/1318 closes and points to discoursehosting
- github.com/signalapp/Signal-Desktop/issues/549
- www.reddit.com/r/signal/comments/lipo6z/community_signal_forum_vs_reddit/ gives some good history, says they pay for community.signalusers.org/ and have admin powers there.
Haven't found the one yet:
- open source software, doh
- end-to-end encryption...
- has browser frontend and Android app
- public URL without sharing your mobile phone: messaging software that force you to have a mobile phone
- self-destroying messages (turned on by default please)
- user base large enough to give some confidence that it was reviewed for security issues
- easy/built-in setup over Tor
Optional but really ideal:
- can delete messages from the device of the person you sent it to, no matter how old
- decentralized, your username is a public key
The state of messaging is ridiculous as of 2020.