For the purpose of whistle-blowing, I wonder whether Signal could be used as a source of keys tied to identities of real people. The advantage would be that lots of OpenBrain employees might already use signal. But there are certainly some difficulties:
Ring signatures can not be publicly verified, but they could be verified by a journalist who gets their hands on lots of Signal contacts of OpenBrain employees.
Verifying that all the signal contacts in the ring actually belong to OpenBrain employees is difficult.
The public keys are not visible in the normal signal client, so specialized tools would need to be created.
For the purpose of whistle-blowing, I wonder whether Signal could be used as a source of keys tied to identities of real people. The advantage would be that lots of OpenBrain employees might already use signal. But there are certainly some difficulties:
Ring signatures can not be publicly verified, but they could be verified by a journalist who gets their hands on lots of Signal contacts of OpenBrain employees.
Verifying that all the signal contacts in the ring actually belong to OpenBrain employees is difficult.
The public keys are not visible in the normal signal client, so specialized tools would need to be created.