alt Hacker NewsI wonder whether the protesters could opt for offshore alternatives that don't require exposing their phone number to a company that could be compelled to reveal it by US law. For example, there is Threema[1], a Swiss option priced at 5 euros one-time. It is interesting on Android as you can pay anonymously[2], therefore it doesn't depend on Google Play and its services (they offer Threema Push services of their own.) If your threat model includes traffic analysis, likely none of it would make much difference as far as US state-side sigint product line is concerned, but with Threema a determined party might as well get a chance! Arguably, the US protest organisers must be prepared for the situation to escalate, and adjust their security model accordingly: GrapheneOS, Mullvad subscription with DAITA countermeasures, Threema for Android, pay for everything with Monero?
Replies
Note that Threema has had a recent change in ownership to a German investment firm. Supposedly nothing will change but I can’t help but be wary
It's worth noting that the way Signal's architecture is set up, Signal the organisation doesn't have access to users' phone numbers.
They technically have logs from when verification happens (as that goes through an SMS verification service) but that just documents that you have an account/when you registered. And it's unclear whether those records are available anymore since no warrants have been issued since they moved to the new username system.
And the actual profile and contact discovery infra is all designed to be actively hostile to snooping on identifiable information even with hardware access (requiring compromise of secure enclaves + multiple levels of obfuscation and cryptographic anti-extraction techniques on top).