I say it’s not only “refreshing” to see a company like Signal taking a principled stand, it’s necessary.
It’s a powerful demonstration why critical infrastructure of any kind needs to be operated by public non-profit entities. At the very least that should include water, heat, electricity, communication, basic housing, essential agriculture, medical services.
When you’re serious about a community driven by common values, this is what you must do to stay resilient.
If you base critical parts of your infrastructure on profit, you get the tortured attempts we have today, to fit irreconcilable expectations through a single funnel – and the complex inconsistencies that go along with it.
All my support for not giving govts more power. Better to leave and keep credibility.
Now the digital currencies are coming (CDBC). They are really dangerous.
Let's start to make conscious decisions. I think freedom is in play with these movements and now it is the time, at least in Europe.
We have a ton of regulations for Data protection, yet later they want to use CDBC so that you cannot use your money for what you want, your money could expire as your phone balance, will tell you what you use it for, and... and all transactions will be known by them! They want to make the physical money disappear.
More encryption, more privacy and hands out from govs on us. Things are getting very bad in the latest 15-20 years. In the 80s, mid 90s til beginning of 2000s (talking about Spain) Spain was a much more free country and with fewer taxes.
Now we have both (more taxes and less freedom) and things are NOT better. In fact, GDP for Spain is getting nearly 45% public BUT salaries are stuck the last 15 years when discounting inflation. :( I am really worried about my country.
Not every, but most of them are, either explicitly (by design) or implicitly (by not actually checking if it was made secure). We're talking about secure systems, not any system that could also be secure.
I think parent poster's point is that security is a continuous, not binary, value. Things aren't secure/not secure. They simply have a cost for breaking them. The goal of effective security is to make that cost larger than the reward for breaking it.
For example, you might say my public-private key is secure. I take great care with my private key, etc. But I guarantee that for a few million dollars you could get it, simply by hiring some nefarious people to get it out of me and/or steal my computer. The thing that makes my private key secure is only the system, it's also other peoples' motivations for breaking it (or lack thereof).
I suppose it depends on what we think of when we write system and call it secure.
A system could merely be a design, or a composition, but it could just as well be a product or an implementation in general.
If a system was designed to be secure, the implementation can still be insecure. But if a system was not designed to be secure, or better yet, designed to be insecure, the implementation can never be secure.
To your point, an implementation or product can only have a state at a point in time where we can think of it being secure or insecure, as the next state or the next point in time might differ. But when we're talking about Signal, and their stance on influencing their design or architecture to make it insecure-by-design, I don't think we're talking about bugs or specific cryptography implementations, we're taking about making the design such that the implementation can never be secure.
If we were to take RSA for example, the factoring might be quantum-computable at some point in time, but right now, it is not. RSA was designed to be secure, and secure implementations exist. That said, if we were to wait a few years to a few decades, and again measure RSA as a cryptosystem, we might conclude that while it was designed to be secure, no secure implementations exist anymore.
I once had a professor who would demand I come teach her class even though I was funded through a research assistantship and hated interacting with students unless they advanced my agenda, so I eventually quit my PhD.
She'd just call up my personal phone, say she had to leave town, and then would tell me to do her work, because she was advising me at the time.
I'd get annoyed she was just... flying off on short notice and demanding I teach her class uncompensated, so I'd just show up, explain the assigned reading quickly, ask if folks had questions, then move on to asking them if they know what crypto-anarchy is, pulling up a copy of Jim Bell's "assassination politics", and having a chat about where the best spots to get spicy food in town were.
Later when I was reading up on the Daisey's Destruction case I had a bit of an aha moment... oh wait... this person doesn't work for the FBI, CIA... or the DEA... they constantly are talking about the Grateful Dead and how they used to do (and I quote) "an aircraft carrier's worth of drugs" on the weekends back in North Carolina.
And then I'd go back to trying to do all my classwork, some of their work, and scrounge around town for a decent weed connection because alaprazolam was not helping me -- though I got the sense the prescribing physician respected the long string of antidepressants I tried prior to that
After that there was a liminal period where I worked for an NGO, hoping to finish and then work as a staffer, but I also left my NGO for similar reasons -- I was on a W3C privacy group and one of my coworkers would come up and block my exit (physically stand in the door) and mansplain that "fingerprinting isn't tracking" or other... it was a tone of voice kind of like he was trying to do mind control or something?
I don't want to give my exact age, but I'm from a generation of phone phreaks born at the fall of the USSR who notice that if we use a novel argument like pointing out that up until 1863, America had unbreakable encryption via the Vigenère cipher[0] folks screw up their faces and get mad they can't trade the same bullet points back and forth they've been trading since the 90s and might have to have a substantive discussion that would realign the power order or whatever.
Anyways, Signal made the right call. India has a lot of issues -- I don't see the whole Kashmir situation ever discussed with the same level of attention to detail I've seen writings on the genocide in Xinjiang or the aggressions in the South China sea. (Bullshit little fake islands and the like.)
And then of course there's that whole... Ukraine thing... but I guess that doesn't impact India?
Anyways, sorry to ramble, I'm taking a day to focus on self care -- this was a good call.
It's honestly a shame that a company so dedicated to making private chats universal is going to completely kill their entire reason for existing and all potential growth by removing SMS.
I am not sure I follow your argument. If you are using it for private (ie encrypted) chats then you should not be using it for SMS... I think they have a good point when they say that having SMS there tricks less tech savvy people into think that those messages are secure as well when they are not.
It's not a thing now, but it used to be a great deal to thing around 2006-2008. 1000 sms packs used to be sold for 36 rupee and they sold like hotcakes.
