The post, titled “Why I won’t recommend Signal anymore,” piqued my interest as I spend a lot of time evangelizing Signal to virtually anyone I interact with, for reasons which I have spent several years discovering. I immediately thought, “What did this guy discover that I’ve so blatantly missed?” and read through the article.
Unfortunately, there were no real revelations as the points the author raises have been well discussed publicly by Open Whisper Systems (OWS) and Moxie Marlinspike (Moxie) and seem to omit quite a bit of perspective in Moxie’s and OWS’ stances on the issues and also the threat model Signal is assuming with their users.
I’m going to provide some brief background on Signal, Open Whisper Systems and Moxie Marlinspike, then head straight into my response, point-by-point, offering additional context on each issue raised by the previously mentioned author and my thoughts and findings when researching these issues. Continue reading “Managing Security Trade-offs: Why I Still Recommend Signal”