[Cryptography] Signal planning no support for plaintext SMS
Phillip Hallam-Baker
phill at hallambaker.com
Wed Nov 2 20:24:16 EDT 2022
On Wed, Nov 2, 2022 at 8:21 PM John Gilmore <gnu at toad.com> wrote:
> John Levine <johnl at iecc.com> wrote:
> > It's hard to burn through a lot of data unless you are streaming video
> > or downloading very large apps.
>
> Signal forces you to download new versions of the app. I was really
> unhappy when at Burning Man with super limited flaky wifi bandwidth and
> no phone service, it started warning me that it would start refusing to
> run unless I let it download a new version. (Unlike competently
> maintained free and open source software, they have a longstanding logic
> bomb in Signal that makes each version refuse to operate after 90 days.)
> They release a new version roughly every 2 weeks and have auto-updates
> on by default, so this may have something to do with the bandwidth
> charges.
>
So it's not just me gets annoyed by this!
As I look at it, you should only force an upgrade for either a security
vulnerability or to phase out a protocol version and that should only
happen after two years min.
If you are writing an app from scratch, you should have used a type safe
language with managed memory so you should not be having security
vulnerabilities every two weeks.
I really don't like the chatter that came out of Signal about
crypto-currencies. If someone is peddling one of those, I don't trust them.
Another issue is the notion that 'disappearing texts' is the biggest
security concern to the exclusion of all else. It is a security control I
use for some of my conversations but I definitely want to have all my
conversations saved in other cases. The whole 'we know your security needs
best' thing is really tiresome.
My biggest concern is I have no way to audit the app I am running and I
have no practical way to check I am connecting to the user I think I am.
The whole safety number thing seems rather hokey and unintuitive. I find it
less understandable than PGP fingerprints to be honest.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20221103/d895d927/attachment.htm>
More information about the cryptography
mailing list