It doesn't help against the local authorities. But it will help against criminals and foreign authorities. E.g. most of the worlds capitals are packed with IMSI-catchers and passive eavesdropping devices operated from embassies. This spying on foreign soil would be impossible if mobile phones were any good with regards to security.
And signal isn't really very helpful in this scenario, because it doesn't properly protect against MitM attacks.
How does signal fail to protect against MITM attacks? Given that it's end-to-end encrypted, wouldn't an attacker have to force a change of keys to MITM you? In which case you should be notified by signal that the keys were recently changed.
Signal only implements a very weak form of trust-on-first-use for keys. So there is no authentication and no security for a first contact. Subsequent communication can be protected by meeting in person and comparing keys, which nobody knows about. Signal doesn't ever tell you about this necessity and doesn't have any option to e.g. pin the key after manual verification or even just set a "verified contact" reminder.
Being warned about a changed key is only sensible at all if the one before that was verified. Otherwise, how do you know everything wasn't MitMed in the first place? Also, most users ignore the warning if the next message is "sorry, new phone, Signal doesn't do key backups". Which everyone will understand and go along with because they either don't know about the danger there. Or because they know Signal really doesn't do shit to provide authentication continuity through proper backups.
Signal is only suitable for casual communication. Against adversaries that do more than just passive dragnet surveilance, Signal is either useless or even dangerous to recommend. It is intentionally designed just for this one attack of passive dragnet surveilance, nothing else. Please don't endanger people by recommending unsuitable software.
> So there is no authentication and no security for a first contact.
Note that the only alternative is to trust a third party to identify people to you. I guess you might have forgotten to mention that. Or, as seems more likely, you don't realise you're trusting a third party... But of course if you do trust a third party to identify people to you, you wouldn't need this Signal feature, so...
> Signal doesn't ever tell you about this necessity and doesn't have any option to e.g. pin the key after manual verification or even just set a "verified contact" reminder.
Signal does, in fact, explain how this works, provide a "Verified" flag you can set on contacts, and automatically prompt you if the Safety Number changes for contacts you've marked as verified, as well as removing the flag if that happens.
> Signal really doesn't do shit to provide authentication continuity through proper backups.
Leaving copies of your data around to enable "authentication continuity" aka enable seamless Man-in-the-Middle attacks is exactly opposite to Signal's actual goal here.
> Note that the only alternative is to trust a third party to identify people to you.
No, the proper alternative is blocking or discouraging sensitive communication until an in-person verification has taken place.
Also, you are always trusting a third party. You have to trust the Signal people (maybe), you have to trust Intel and their SGX (lol, look for some papers on those) and you have to trust your phone vendor. Proper security educates people about whom the are currently having to trust. Spinning it like no third party needs to be trusted for Signal to operate is dishonest.
Earlier you claimed that users will just ignore safety measures, and now you say that of course they'll obey them.
> You have to trust the Signal people (maybe), you have to trust Intel and their SGX
You don't have to trust either. SGX only gets involved if you are willing to trust it in exchange for having quality-of-life features which are optional. The sort of person who never verifies Safety Numbers probably should take that deal, the sort of person who needs Safety Numbers to protect them from the Secret Police should consider carefully.
The most important thing SGX is doing for you is making guesses expensive. If your Signal PIN is a 4-digit number then SGX's expensive guesses make it impractical for an adversary to just try all the combinations, but if your Signal PIN is 12 random alphanumerics then that's too many guesses to be practical anyway even without SGX.
>And signal isn't really very helpful in this scenario, because it doesn't properly protect against MitM attacks.
I suppose it depends on where exactly the Middle here is, but for basic MitM of the physical network, if nothing else shouldn't the TLS connection to Signal's servers be sufficient?
And signal isn't really very helpful in this scenario, because it doesn't properly protect against MitM attacks.