Again, it depends on your threat model. In daily life, how many people do contact/key verification with each contact? Unless you have specific threats/fears, most people won’t bother with it at all! Even if you wanna do it, most of your contacts won’t be willing to do that verification.
So, with a username or phone number it would be very easy to get in touch.
Indeed. He even messed the twitter, let alone making DMs safer, more private and secure.
The recent “vulnerability” found in signal desktop is legit.
Here I summarize it (linking twitter coz there is a lot of context - don’t mind pl.)
Even though I don’t like how signal managed the criticisms, they patched the issue. Here is the GitHub issue and the news.
implementation of the spam filter is private; internal
They have a completely closed-source “abusive message filter” module server side. Could this functionally be used for censorship?
EDIT: But I understand the need to hide how it works so spammers don’t bypass it.
Perhaps you could create a new thread, as this seems not related to the previous discussion ? Call it “signal not completly open source, proprietary spam filter for censorship ?” if you want to be clickbate 
I have been exploring alts to secure messaging, only simpleXchat comes sort of close but ofcourse test of time is pending.
But i think the only long term solution is, privacy groups start lobbying on mass scale in major countries (USA, UK, possibly India but that country’s political environment was theatre last I checked, and the legal system is only competant in USA and UK, or atleast that’s what my friends say.)
https://xcancel.com/TommyTran732/status/1811346194020606393#m
Why is Signal doing this to themselves? They look really bad when this type of crap comes to the surface.
Who knows with this guy. He’s not exactly a good faith actor
https://xcancel.com/TommyTran732/status/1811347516983759096#m
At the bottom :
Both are quite bad. Look where being quiet got us - that’s right, they just ignore it and let it rot.
How long do you think it will take until they fix this? Probably until another account with a large following makes a big deal about it.
He’s 100% true.
No one’s saying Signal is 0% secure, but is has its own issues (we can consider this topic as an issue, especially since it has been reported since many years and Signal didn’t want to hear us).
Signal has completely screwed up, and they, more than anyone else, have to do more to maintain their reputation.
Another indication of Signal’s lack of consideration for this problem is that when we want to associate our conversations on the desktop, it says this:
Like E2EE alone is enough to protect all messages on desktop when the decryption key is in plain text, what a joke…
They should be more honest and precise about the current security limitations of their desktop version, but no, they prefer to be in bad faith and remain on the defensive against those who criticize these known problems for 6 years.
I don’t even want to engage in this absolute shitshow anymore, it’s just very disappointing.
This thread summarizes my thoughts pretty well: https://xcancel.com/kaepora/status/1810611336675565934#m
Signal’s cult status amongst the cryptography in-group has led to a corrupt discourse that punishes constructive critical thinking and ostracizes any analysis of Signal that’s not wholly positive as being done in bad faith. Signal’s leadership has explicitly encouraged this.
Had to take 5 mins to rewrite this without ad-hominems.
Signal team did not handle this well. But it was presented to the public to spread fear (the original poster who tweeted it was endorsing Threema with retweets, which has multiple layers of irony). Attacks against Signal have come from Elon, Telegram, and the like. None of them credible entities.
Signal acted defensively, but so does any credible project when it is maligned in bad faith by people who endorse not better alternative. Graphene OS famously also does the same. Would you call GOS a project that has a cult of android security ingroup around it? Its an ingroup because they are the damn experts 
Signal has miles to go, but it is not helped by factions of actors and their “idealistic” followers constantly attacking the project instead of donating and helping it improve.
Well, Signal is actually attacked in bad faith by powerful actors like the ones you mentioned, so their situation is a little different.
I actually don’t think that criticism of Signal should be condemned, no. Signal should be popular on its own merits, not just because we like them. Projects that gain a cult status tend to become bad news.
Mysk’s statement was a bit more provocative than it needed to be, but I’m not really sure it was in bad faith.
Calls to stop donating to Signal or to stop using Signal aren’t criticisms though, that is just bad behavior and should stop. Noting that Signal has problems, on the other hand, aren’t attacks against Signal, they’re legitimate complaints from their own users.
I don’t think that is a fair comparison (not fair to Signal), but I get your broader point.
Timing is a factor I think, the more minor constructive criticisms come right on the heels of a lot of very clearly bad-faith and disingenuous attacks and conspiracy theories from very self-interested and unprincipled people (Musk and his culture war/hurt feelings, Telegram’s CEO and his obvious self-interest as a less private competitor). I can understand how how the response would be skeptical and defensive in that context. Not saying its the correct response, just saying that I (and I think probably most of us) have been in similar situations, and reacted similarly.
, not touching that topic with a 10 foot pole. Not my place to certify credibility of claims.
Moving on, I actually did not say pointing signal’s flaws is a bad thing. I merely pointed out that the ones doing it are not doing it out of altruism, and there are definite agendas at work here. The problem is its not that hard to criticise projects and still endorse them (see tommytran732’s tweets about secure blue), and saying “STOP USING SIGNAL ON MAC” is actually a moronic way to handle it.
Edit: Actually, @xe3 wrote down what I wanted to write very well. Read his message above instead of my ramblings
The main reason I find it difficult to defend Signal or condemn Mysk entirely in this case is because the issues actually were reported through the proper channels and were open for years.
This is why I am less sure that Mysk had an “agenda,” because it seems equally likely to me that they just felt passionate about an issue they discovered had not been addressed for many years. And maybe that feeling made them lash out a little bit more than necessary, but it clearly was a legitimate criticism, because Signal went out of their way to improve the situation afterward.
Usually I’m the one doing the rambling 
i’d assume he means when you put signal on the browser there been a couple articles about weaknesses on the browser, signal is a mobile app. imo you should just use it as such.
Did you ever see GrapheneOS completely ignore or downplay security or privacy issues like Signal did? If yes, did they become defensive like Signal did?
