alt Hacker NewsBlaming the user is sometimes what it boils down to. Security includes a balancing act that involves usability, and Signal is firstly targeting the masses, but includes settings that can be configured for high-risk scenarios.
This "vulnerability" requires the user to have none of the normal things a person with a more extreme threat model would have already configured. EZPZ guides online on locking down Signal.
It's just like an iPhone. They don't ship with Lockdown Mode enabled by default, as it hurts the average consumer's usability. Signal at minimum will ensure no one is snooping on your messages, and it's up to the user whether they want to take that further.
If your definition of not providing security is allowing someone to know they exist on a continent, then that user's ISP has performed terribly as well since they aren't bouncing their signal around the world by default.
> Blaming the user is sometimes what it boils down to.
At least we agree about your argument. :)
> Signal at minimum will ensure no one is snooping on your messages, and it's up to the user whether they want to take that further.
Signal also secures metadata, including the participants in the conversation. That is undeniable - they have gone through considerable development investment to provide that feature.
> that user's ISP has performed terribly
Now we're blaming the ISP. If your app doesn't work with your users and ISPs, who does it work for? And how does a non-technical end-user know whether or when to trust you?