The @infosechandbook guys suggested they participate on this forum and Reddit. (Do you prefer the Reddit-style or this forum’s style of discussion?) Anyway, here we are.
I wonder how much actionable advice were you able to extract from the articles How to use Signal more privacy-friendly and Signal messenger myths’s if you were a privacy enthusiast of average technical level. As I see these articles they certainly make you more curious but you have to connect the dots. A lot of them.
How to use Signal more privacy-friendly starts with stating some people don’t want to install Signal on their smartphones and suggesting signal-cli, the command line tool. So far so good, I was able to set it up and get a verification code. Now what? The article then suddenly jumps to recommendations on how to set up the mobile app without mentioning that now we are in the mobile app and not in the command line setting up our phone number. Which we didn’t even set up. How does signal-cli and the mobile app add up?
Signal messenger myths Myth 2: You have to disclose your cellphone number to use Signal is equally murky. It’s quite easy to get a verification code to a throwaway number, real or virtual, but then what? Maybe it’s just me but the guide doesn’t mention what happens to your Signal number when you eventually upgrade your smartphone or computer or operating system or hard drive or Android ROM. Or am I missing something and you are not about that? Either way you do not mention anything about how permanent your temporary Signal number is going to be.
The articles are clearly written by someone (Benjamin) who understands what he is talking about. But I say writing good documentation is an art in and of itself. You (team InfoSec) claim on your site that you lecture at various universities. That’s awesome! But would you consider the above guides as actionable handbooks to your students (of average technical level) or more so just teasers to pick the interest of more advanced students who can fill all the dots themselves? A good technical guide usually features lots of descriptive screenshots (if necessary, but why not) and command line walk-throughs for sure. It’s not me who calls your website handbook, it’s you.
How is your Signal guide fundamentally different from the dozens of other Signal guides out there? Maybe it really isn’t and I’m seeing too much into it. That said, I wonder how much actionable advice the community can get out of it specifically. I appreciate your work.