>For years companies have been steadily asking, mandating or even trickling users to give them their phone numbers under the excuse of security (while the real reasons were different), now what? >How can they be trusted anymore?

I don't know if they can. I had specific conversations about things life preferring TOTP to phone in internship and job interviews, but I struggled to land the prestigious roles others did, though people I've spoken with informally certainly like to parrot key phrases I liked to use when we'd socialize at conferences.

What does the last sentence have to do with trust?

> and can do whatever they want.

That's not quite correct - they need to follow the laws of the state they are headquartered in.

>Why should we care about the battles between corporate titans over how they treat each other?... the enemy of my enemy is my friend.

You should read a bit about the cold war in my opinion. This logic can burn you.

Can you please define activism for me, in your own words?

I'd hate to try to utilize my legally protected free expression rights, but accidentally do activism instead, so any tips or tricks you have would be greatly appreciated.

>He pointed out the OTR plugin, and it blew my mind that it was guaranteed that no one could possibly snoop our conversation.

That's wonderful but how do you handle the trust aspect?

I hit a wall on infosec stuff because people are pretty gatekeepy.

>"the largest market" always reminds me of "Bin Ladens right hand".

If they're not selling guns, child abuse imagery or other extreme stuff maybe treat it as a source of intelligence rather than keep playing whack a mole?

So what's the second largest?

(Also does largest == best? A market could have a huge volume of mostly scams for example)

>The main problem with projects like these is that I don't know (without manually checking myself) whether they are actually tracking the Signal source code effectively.

That's my main complaint with Signal - lots of widgets. More code to audit and keep an eye on.

More users is good, but stickers and stuff.. meh.

Maybe teach zoomers how to use emoticons ;-)

I understand where Moxie it coming from: user friendlyness (and candy) increases the user base in a demonstrable way. At the same time, adding code like this pretty clearly increases the attack surface unnecessarily. So there is a tradeoff they are making for everyone. I would much rather be able to disable that additional state space, even if I can't strip it out of the build entirely.

I also find it a bit crazy that the 'desktop' app is Electron, and they don't hint anywhere what a house of cards Electron is. I wouldn't run it except inside a VM, and even then I would have to accept that all the messages could be extracted remotely. They give no indication of their compliance with best practices (e.g. https://labs.bishopfox.com/tech-blog/reasonably-secure-elect...) with is disturbing.

Yeah, that's one reason I prefer verbal convos. Electron aside, how many people even keep their phone on the latest version? There's all sorts of ways to slip up with Signal, though now that I'm not violating COPPA by posting on the boards, I don't see a need to make a literal list of all of them.

people really do like those stickers though. You can just not use them, I find them annoying too, but I'd rather signal have them so people who want them don't have a reason not to use Signal