Yes - in fact, because so few people use Signal, having two people who know each other who you also know appear in your Signal phone book probably means they are talking to each other. Which might be a problmeatic metadata leak in some cases.
Agreed. It also alerts you with "X is on Signal, say hey!" notifications when someone in your contacts signs up. I've brought this up before on HN and the Signal issue tracker [0] but there's been little to no attention paid to it. They also seem to conflate simply using an encrypted messenger with alerting everyone else that you're using an encrypted messenger. It's the difference between an email client that lets you send a GPG encrypted message and a client that immediately notifies you of every contact with a GPG public key, regardless of whether you've been in contact with them. I understand it can be done, I just don't think it should be implemented in the official client everyone uses. It's pretty shitty because apart from this issue, it's the best in it's class of secure mobile messenger. Unfortunately it has friends (and perhaps myself) eager for new entrants for which this isn't an issue.
I use Ricochet (uses Tor hidden services) on Desktop, which doesn't require a phone number or registration, and is metadata-safe, but the limited feature set leaves a bit to be desired.
Desktop client ties in with google chrome. The last place I would consider anything private on my computer.
Mobile app ties in with my cell phone. ... again meta data I would rather no one know, or be forced to associated with whatever I communicated on whisper..kinda defeats the purpose.
Major and inexplicable issues I would love to see discussed.
The desktop app also works with chromium. But then, you need to have the mobile app installed to use the desktop app...
Look, I don't think that Signal is that great against targeted attacks. The fact that you have to install it on a not too trustworthy platform (android/iOS), that you need to register with a phone number and that it broadcasts the fact that you use Signal to everyone who knows your phone number all make it a bit hard to recommend when you need very strong security.
But then, Signal seems to be targeted at the 'average user' and it features top notch cryptography. It does that in order to thwart mass surveillance. I think this is an admirable goal and that Signal achieves it. If you think you might be targeted by a three letter agency, use something different for your sensitive communications.
My experience has been less then ideal with this application (iOS). Often calls do not establish or the call get dropped within a few minutes. WhatsApp (voice) on the other hand as not exhibit any of these symptoms when communicating with the the same parties using the same devices and networks.
Does anyone else experience this? I do wonder if there is an ISP or operator involved in degrading / blocking the service.
Just need to make it the new normal, in Little Brother by Doctorow the main characters have a similar problem with encrypted traffic 'sticking out', they push an encrypted music service to change the proportion of encrypted vs unencrypted traffic.
The analog hole and the fact that phones are already compromised to unknown degree still an issue though, but still a good step in the right direction.
Yes, but FaceTime/iMessage is not free/open source nor available for non-Apple products. EFF gives both 5/7, pretty good considering the other options: https://www.eff.org/secure-messaging-scorecard
For me, it's nearly the perfect encrypted IM app, but it would be nice if you could use it without tying it to a phone number.