You sound like people defending PGP when everyone knew there were major downsides and usability issues. How can keeping phone numbers as the only option be more important than everyone being able to publish "Signal:39475638" on someplace like GitHub? Is the phone numbers part of the encryption somehow and you absolutely can't use some other number even in addition to it? Because I refuse to believe you don't understand the downsides of phone numbers and I know you understand the protocol is good enough were it is relevant. So surely then there has to be some technical limitation because what other legitimate reason is there?
And yet, there is no PGP replacement in existence despite it having died a thousand deaths and having promised replacements for decades.
> So surely then there has to be some technical limitation because what other legitimate reason is there?
It's like people aren't reading the whole thread and just responding to specific comments they don't like. The premise of Signal, or at least what's made it practically useable, is that the short identifiers are immediately available and verifiable on a mobile device. When I first reach out to someone on Signal I know the person I'm reaching out to is the owner of the identifier I used unless their phone carrier is actively compromised when I exchange the first message. To Signal's users, this is an acceptable compromise. On top of that, I don't need to do a key exchange dance every time I want to talk to a new person because I have a contacts list of their phone numbers, which Signal has verified and bound to their keys.
Signal is really pretty simple: trade key exchange parties for the phone numbers already acquired though countless years of past parties and have locally grown crypto sans intrusive cloud services. And, do it explicitly not-for-profit so there's no possible motivation to abuse this contract with users in service of shareholders.
Obviously Signal could implement whatever random people felt the need for at any given moment. But they don't and it doesn't seem like whining about it is changing anything. If you don't like that then go use one of the many alternatives or build a replacement. I'm honestly surprised nobody's built one at this point. Literally spin up a signal server, make a build of their mobile app, and let users paste in pubkeys instead of phone numbers when starting a message. See how many people use your product. Or just change the phone number db to a shortname db and remove the verification step.
Yes, these conversations are exhausting. What's even more exhausting is the perpetual outrage from "hardcore" "security" "nuts" and absurd anons driveling on about why all the practical solutions that work for users are nonsense and how they could be made "better" but who balk at actually building the solution they think the world deserves. It's a tale as old as time in the security community, sadly.
It's funny, Moxie actually did something about it and it still isn't good enough. Signal is probably the closest thing to a PGP+email replacement we've ever had. What more do people want?
None of these are a reason to not to also have a different number that you can publish publicly without giving someone your phone number. You can have your phone number for everyone in your phone book and a one way derived or random number for everyone else.
> When I first reach out to someone on Signal I know the person I'm reaching out to is the owner of the identifier I used unless their phone carrier is actively compromised when I exchange the first message.
Compromising is in this case rather common in sim swapping and spoofing (you can barely even call it spoofing). Phone numbers are not useful as some sort of continued point of trust. And I doubt Signal uses it like that under the hood.
> What more do people want?
Before you complain about other people maybe you should give other people the courtesy of reading what they wrote first. I have already said what I want, a public id I can publish on for example GitHub without the implications of publishing a phone number. Implications which anyone with a relevant opinion should already understand.
I think you're being hyperbolic about how weak phone numbers are. Yes, you can get sim swapped. But you pretty much know immediately since your phone stops working. We've never even heard of an attack where someone was swapped for days, weeks, or months and didn't know about it. It's an active attack and while it's possible and yes future messages with Signal users are vulnerable while it's happening, it's not a persistent threat. And your contacts will see your safety numbers change and reach out and make sure you're really you. That leaves a problem of somebody reaching out for the first time to contact you while you're actively being simjacked as the only real damage.
But, none of this even matters if you turn on registration lock. Sim swapping attack thwarted.
I've read your request worded in different ways many times and what people keep doing is pointing a finger at phone numbers, yelling "they're insecure", and then pointing at usernames and saying "look, it can be better". Nobody has actually argued how it could be better, just that phones suck. I don't find that a compelling argument, sorry.
Usernames/email are no less susceptible to whatever service you use to register them getting jacked. There is literally zero security difference and emails are easier to spam. Usernames just don't have KYC baggage that phones do in the US. But honestly as Signal has shown time and time again, all that law enforcement can get from Signal is that a given phone number registered with Signal. Because they have impeccable application layer crypto which is what actually matters.
Okay so what if Signal uses a username/password DB and doesn't allow email reset. That removes the 3rd party from the equation and now Signal takes the burden of being the central authority for usernames. And, while possible, it entirely inverts the whole premise of Signal in the first place.
Good news for you, that's not just my argument, it's actually happening. Signal is trying to add support for usernames by forcing everyone to add a pin. It's not clear at all that this pin is now the password to a signal account that is used to sync your contacts data and profile. That's not a problem in and of itself because it's all theoretically good crypto. The problem is that it isn't good crypto. It's a 4 digit pin for the majority of users. Signal knows this is in a bind trying to slip things in that they know would piss off half their users because it's shit security just in order to make usernames possible. And they're getting called out for it.
aside: It's not passwords per-say that are bad (even though they are because people and UX). It's that Signal is telling everyone "hey add this quick pin" and people don't realize that's actually a password for your whole account and that the whole model is changing underneath them. If you know and set a strong passpin, you're fine.
Anyway, the catcher is this: instead of having to deal with what it means to have passwords and get users up to speed, they developed some technically really cool but batshit insane system to throttle pin attempts so that the burden of trust gets moved from your carrier to Intel and they can wash their hands of how insanely bad a 4 digit pin is in terms of entropy. So you want usernames because you don't trust your carrier? Did you know that would come at the cost of trusting Intel instead? They don't really have a great track record recently...
My entire point is not that people are stupid for asking for usernames or something. It's that they don't come "for free" as everyone seems to think. If you want traditional username/password, then the world changes so that Signal becomes a cloud service you must trust to maintain a new global contacts book of usernames just for use on Signal. Signal didn't like that and that's definitely a problem for all the people who use Signal because they don't have their fingers in that cookie jar. So they punted and are moving the trust point to Intel.
I've learned the hard, or at least slow, way that this discussion is mostly futile. All I can say is that a large part of the world doesn't use phone numbers like that anymore. One of the major benefits of messaging services is that they aren't tied to a country, carrier, area, address, personal identity or even your phone. It doesn't end up in random databases of shopping websites or advertising networks. You can share it with someone you briefly met, someone unknown or even have someone else share it for you.
I've found, and I think more than me have, that the overlap between having an immediate need for security and wanting to share you phone number is surprisingly small. And even just a subset of those people are on Signal.
It's just never been very useful for me when other services are.
As far as I know one of the arguments for defunding the police is that the police is used as a way for those with the ability to change things to externalize the consequences of their actions.
When for example a lack of housing leads to an increase in crime a well funded police prevents those who could increase housing from being affected by the crime and they will therefor not increase housing. Especially as they get many benefits from poverty like cheap labour, a decrease in competition and larger premiums on attractive real estate.
So yes I would say they are thinking about the second-order effects. At some point I might read some of Thomas Sowell's writings but from what I've seen so far he honestly seems more of a theologist than a scientist to me.
1. Western companies moves production of components to China.
2. Chinese companies becomes good enough to produce their own products.
3. Western companies starts rebranding Chinese products.
4. Chinese companies buy western companies.
5. Chinese companies open factories in western countries.
Manufacturing isn't industry in itself and the growth of industry is orders of magnitude more in China. Most people just have no idea how supply chains work or how many R&D centers are opening up elsewhere. Many western countries are no longer great industrial economies but still far from real knowledge economies. Western countries don't really have the infrastructure, housing or education necessary and increasingly not alternative ways of competing either like creativity, influence or equality.
There is a documentary called "American Factory". It isn't the best but it is something.
The video can be found when one looks around some.
Tek, under the leadership of Howard Vollum, literally built the whole region around it up. People could walk in off the streets and end up designing products, in sales, even doing a startup that Tek would help to fund.
I am a product of that culture, and learned a freaking ton from that place and the people who were in and around it.
When Howard Died, the private equity game chopped it all up and it's a shadow of what it once was.
Investments in the local people, partnering with schools, other manufacturers, all add up.
> Which non-Western countries are competing on creativity?
They aren't, that's the point. Countries like China, Japan and South Korea are very good at pulling everyone in the same direction by following rules, having hierarchies, exchanging favors, working long hours, handing out punishments and whatnot. Far better than any western country could because we aren't at that point in time (and maybe Japan isn't now either). What they end up lacking is things like creativity. The problem is that western countries are also increasingly lacking opportunities to exercise creativity. There is few ways these days to in good faith drop out of school and crash on someones couch to do something else you rather want. Which has to some extent been the foundation of new industries.
Creativity isn’t something that just spontaneously appears or flourishes. It requires an appropriate environment. Most of the great achievements of the ancient Greeks happened in a fifty to hundred year span of time.
Much of today’s population’s drive is dissipated into online entertainment.
Solar PV, battery technologies, and smart phone transaction systems are areas where China is playing a leading role. They are competitive in EVs and Automated Vehicles. I'm sure there are others.
The US isn't even in the game any more for many consumer products.
Those rankings are for 15 yr olds. The US definitely is #1 when it comes to high-end university schooling.
Even among high schools and prep schools the nation-wide US average might be mediocre in public schools but when it comes to the higher-end private schools the US is still easily #1
Who does better than the “West” at non-elite education then? Surely non-elite must include a lot of people who never go to university. The PISA or TIMMS rankings are about as good a ranking of those as you’re going to get.
> Which non-Western countries are competing on creativity?
As I see it, Asian economies like India, China, Japan, South Korea offer a reasonable competition to Western economies today.
1. Samsung is a very viable competitor to Apple in hand held + wearables creative space.
2. Indian fin-tech solutions IMO today are some of the best in the world. All I need is a phone to shop for things (from buying a car to paying for parking) and have not used a credit/debit card for a year now (I live in India). Same in Indian edu-tech space. A lot of kids have quit school and are learning at home. Full time. I have not seen this happen anywhere before.
3. Toyota's are way more reliable than BMW's, Audi's and Ford's.
4. TSMC vs Intel is another good example.
I foresee a lot of innovation happening in Asia right now to go global in this and next decade.
Um, TSMC sources many parts which are made exclusively in America. The machines TSMC uses for all of its highest end semiconductor work come from a company called ASML which whilst being a Dutch company sources many of its most sophisticated parts from the U.S. and Europe. But before we bother to argue about what is and is not a knowledge economy, humor me this one possibility.
Perhaps there is no such thing as a "knowledge" economy. At least not in a mass sense. Maybe instead the design knowledge which will drive automation is derivable from only a fraction of the population. That is only a small fraction of the population is capable or necessary for producing this knowledge. Perhpas the Utopia in which every child achieves a doctorate in engineering, medicine, etc was just a fantasy.
Perhaps the people who most perpetrated this story were motivated to. Because they were either complicit in the dismantling of the West's lower middle class economy or perhaps because they were apologists of untrestrained "free markets" and they needed a way to square their dogma without seeming cruel.
Perhaps the consequences of globalization minus the dogmatic fantasy of "everyone will be educated into being einstein" left the nagging uncomfortable suspicion that growth had its limits and someday we would have to admit that the only answer to making sure an equitable portion of wealth made its way into everyone's pockets wasn't an endless growth, every mom blasting their womb with Bach, an STM on every crib nerdocracy but instead gasp dare I say it? Redistribution!?
> admit that the only answer to making sure an equitable portion of wealth made its way into everyone's pockets
This is the key difference between the two ideologies. One side believes equity should be distributed equally regardless of achievement, the other believes equity distribution is directly correlated to productive measures of success.
"From those with the greatest ability, to those with the greatest need."
> One side believes equity should be distributed equally regardless of achievement
I'm not sure this is true. I think a lot of people including economics professors like to consider themselves fairly humanistic. And I think the idea of a mass of people permanently living near or below poverty bothers them.
And I think they take it somewhat for granted that their favorite economic theory has in our recent past effectively provided a middle class standard of living for many people. But when we start talking about dismantling the mechanisms which have created the large middle class and how it could decrease quality of life and increase poverty, they don't offer an honest assessment based on the fundamentals of their theory. That would be to say, "well yes such changes may induce pverty here."
Instead there is kind of a shrug. We'll become a service economy, nevermind making a comparison of the quality of the new service jobs against those being transplanted.
Or we'll become a knowledge economy, the great brain of global capital. Again never really contending with the question of whether that is even possible.
This allows them in my opinion to advocate politicies which harm people whilst shrugging off any guilt because instinctively they know to willfully empoverish people is wrong. It is this dishonesty that bothers me.
My gripe is not with those advocating against redistribution. Though my personal politics are for a mass ownership of property in some regard. My gripe is with people who have setup what might be a fiction (maybe it could be real too) as the answer to making choices which create suffering. And then for that image to have become a dogma we all expected to accept without questioning its basis in reality.
I'm willing to accept that I could be wrong. But I come from a working class background. I've known a lot of working class people over the years and the idea that most or even many of them are going to pivot into IT or what have you is just nonsense. The vast majority have pivoted into low paid service work without much social insurance of any kind.
Most of the inherent cost of a startup is salaries (offices usually second). Most of salaries goes for paying for housing (with market rate and education usually being the other major costs).
Say you have two startup environment. One where it is affordable with housing, education and most people could try to start a startup and another where those things are expensive and few can. Which one requires more capital and which one is more successful?
Investments are something you get when attractive companies are being created. Not something that creates attractive companies in itself. Plenty of countries have plenty of rich people but most don't stand out in terms of successful startups.
I would say it is true but more the entire environment. ~15 years ago in Sweden it was relatively easy to become middle class. It was for its time accessible and affordable to have things like education, housing and a family. At the same time it was relatively hard to become upper-middle class because of progressive income taxes, career paths and overall competition. That meant there were a relatively large number of people capable of starting and joining startups with low opportunity cost of doing so. Which also meant there were more startups who were interested in building something that is viable long-term rather than to cash out quickly.
(This isn't really true anymore but that is a different story)
