Technology

58115 readers

5131 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

-33

Signal Facing Collapse After CIA Cuts Funding (kitklarenberg.substack.com)

submitted 9 months ago by [email protected] to c/technology

38 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 9 months ago (1 children)

For a project like Signal, there are competing aspects of security:

privacy and anonymity: keep as little identifiable information around as possible. This can be a life or death thing under repressive governments.
safety and anti-abuse: reliably block bad actors such as spammers, and make it possible for users to reliably block specific people (e.g. a creepy stalker). This is really important for Signal to have a chance at mass appeal (which in turn makes it less suspicious to have Signal installed).

Phone number verification is the state of the art approach to make it more expensive for bad actors to create thousands of burner accounts, at the cost of preventing fully anonymous participation (depending on the difficulty of getting a prepaid SIM in your country).

Signal points out that sending verification SMS is actually one of its largest cost centers, currently accounting for 6M USD out of their 14M USD infrastructure budget: https://signal.org/blog/signal-is-expensive/

I'm sure they would be thrilled if there were cheaper anti-abuse measures.

[+] [email protected] 4 points 9 months ago (1 children)

[deleted]

[–] [email protected] 7 points 9 months ago (1 children)

Bad actors can buy one.

What does it cost to buy hundreds? It's a great deterrent to bad actors creating many accounts.

I really, really, really dislike using my phone number to verify. Like so much so it kept me off signal until about 6 months ago.

I get it. I don't like it, but I get the compromise until they can develop a better mechanism

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago) (1 children)

deleted

[–] [email protected] 1 points 9 months ago

You could run a network like signal, and either charge a small amount of money per message, or a larger amount of money to register with the network.

Hell you could do the WhatsApp model, charge a dollar for new users, the pay for the registration verification. The same thing.

You just need some mechanism to add friction for mass spamming, be that money time or complexity.