I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Because their founder (Marlinspike) is probably under a National Security Letter, maybe it’s just that, maybe he’s done some crimes they’re also holding over him. If you look at his behavior it’s that of someone very paranoid that they’re going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who’s terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.
This doesn’t necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it’s also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.
And those saying it has to do with spam prevention, that’s kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn’t. Third it’s possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there’s no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).
That is a pretty weird post that doesn’t make much sense, but I remember meeting Moxie and asking him about Android security and being surprised at how defensive he was about it. Is Signal the app he was working on? That helps somewhat. I get them confused with each other.
The Signal app doesn’t appear to be on F-droid, which is a bit discomforting.
Secret sender invalidates your metadata argument
I have never received spam on Signal.
I have exactly once as did a couple of my friends from the same stranger.
I got one one time, been using it for years. Fuckin’ weird to try on people who are privacy and security conscious. My guess is that they were attempting to see what numbers are using signal in the first place if someone responds with a “fuck off” then the spammer knows they use signal.
Privacy: they know who you are but they don’t know what are you doing/when are you doing. Anonymity: they don’t know who you are.
Haven’t seen anyone link this here so I’ll link it myself
https://dessalines.github.io/essays/why_not_signal.html
Some things are outdated, like how you had to give others your phone number (although it’s still necessary for signup) but most of these still hold up
Everything is a balancing act. Privacy, anonymity, and security aren’t the same things. They’re sometimes, and in some aspects always, difficult to achieve without compromising one of the other two.
When you add in the goal of quick, easy setup to make the service useful in the first place. Doesn’t matter how good the service is at the trinity if nobody is willing to use it. Signal just errs on security first, privacy second, anonymity third.
thousands of threads on this topic since decades ago.
it’s an eternal debate (since signal has no plans to change)
just read the history and join the rest of us waiting for them to change. using signal before that change is completely optional. go ahead and don’t use it. no problem.
opening the discussion again is just tiring.
read the history
Is there a url for the history? Or for a good answer about the phone numbers? If the topic keeps recurring and the answers don’t satisfy people, that suggests that there is no good answer, and that there are possibly misaligned interests between Signal and its users.
don’t be like one of the now!now!now! types (i.e. OP) and treat every new discovery (personal first encounters with existing tech, situations) as the final nail in the coffin. there are other messengers available while waiting for signal to change.
just saying, acknowledge that many others have arrived at the same problem years before you and they are not your enemy. so yelling at the choir is counter productive.
opening the discussion again is just tiring.
so tiring that i opened it and read it, then typed a long response.
Fuck haterz, these are valid questions and there no answers.
Signal did its job. I am waiting for simplex to mature.
I think it’s important to remember de difference between being private and being anonymous. Signal IS private. It’s not anonymous. The same is true for many other apps/services.
Personally I like to be private. I don’t really need to be anonymous.
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
Do not let this derail us.
Nothing is derailing you personally. Why are you repeating this to others?
Signal is not perfect but we control its app, libre software. See SimpleX Chat.
First, we must defeat WhatsApp and Discord.
Why we need to defeat those first? We can go straight to SimpleX?
Because the entire point of using communication programs is to communicate with people other than yourself.
Do not let this derail us. Escaping to libre software is the best return on investment.
What SimpleX, Signal, or any app like this need first and foremost is traction, as new users generate more new users. One of Signal’s goals is usability (usually achieved by being simple, as in no complexity for the end user). In my opinion SimpleX lacks that. This is the same reason Signal needs a phone number: populating your contact list with users already on the platform
reason Signal needs a phone number: populating your contact list
Wrong, it is not optional.
First, we must defeat WhatsApp and Discord.
Do whatever works. Do not get derailed. Escaping WhatsApp and Discord, anti-libre software, has the highest return on investment.
You can go to Simplex (for sure a lot of people here already done it) but if only privacy nerds get to this place this is not a great solution. We (I’m talking about us using Lemmy and chatting on SimpleX) must convince people, starting by friends and family to stop using these fucking socials then at this point SimpleX will be considered as a viable alternative
Spam prevention
It’s not an argument. Think about regular mobile numbers, are they preventing spams? No.
What kind of spam are you talking about
Scams, girls wanting to chat with you, incredible money opportunities…
Are you seeing spam on signal? Do you even know why spam is possible on phone networks and what the difference is between phone networks and the internet?
The point, I believe, wasn’t about spam but likely got derailed. It was probably about the phone number requirement being unnecessary. I’ll just add that even if it is, it’s a measure geared towards common users that often need to recover access to their accounts through means they’re already familiar with, as is a verification SMS. It’s not the safest nor the most private, but it’s easier to deal with for most people. Whoever wants something that doesn’t depend on a SIM or eSIM should try Briar and SimpleX. None of these will be a perfect solution for every single person though.
Because Signal has a low user base. Why Spam on Signal, if you can reach everyone with an SMS?
I don’t know what is spam for you, but when you get three message requests from three girls respectively named Tania, Clara and Ella that are contacting you about you carrier or your management skills, I call it spam.
The way that Signal integrates phone number is odd because it opens up the spam door. O understand why Signal use phone numbers this way (to make “normies” adopt Signal more easily like WhatsApp would do) but it not the best to kind of contaminate the network with the traditional cell network
And discovery.
It’s focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.
THATS WRONG! Signal Server can just do a man in the middle as you try connecting to your contact for the first time. You need to verify the fingerprint manually which is not very obvious and present in the UI. In SimpleX.chat you automatically verify the fingerprint, as its the way to establish the chat to your contact and is included in the way you distribute the contact to you.
no middleman
Signal is not P2P
No but it’s e2ee.
Of course. Sorry, but I meant no middleman as in minifying the role of the server in your messahing. Signal’s goal is to ensure the server cannot have access to your messages and its only role is to receive and send data.
Signal IS the middleman.
My conspiracy theory brain goes:
Its funded by the government.
Yes, the messages themselves are encrypted, but they don’t need that, they have access to all the useful metadata.
They can find everyone near the site of a protest (via cell tower data), then find their signal accounts, then see who they are contacting, potentially revealing who the the other protestors and protest organizers are.
And if you need access to the messages, they don’t need to crack the encryption, they could just send pegasus to your phone (and they already have you phone number to do so), and they’ll have access to every message.
Then they just find those other protestors, also send pegasus to their phones.
I mean, the Signal code is technically legit, they just used a side channel (zero day exploits) to gain access.
But this is just a theory, I don’t have any evidence supporting this hypothesis.
This is what the UK police do with WhatsApp data. Even though they can’t read the messages, they do use the connections of messages to suspicious characters as evidence including date and times, which also puts these other people in the spotlight, opening further investigations.
The UK police can also use ‘stinger’ devices that are “fake” mobile data towers to intercept mobile communications.
What are you doing to help others escape WhatsApp, anti-libre software?
Obviously Signal is the lesser evil, but don’t use Signal if you are planning a revolt is what I’m saying.
Obviously Signal is the lesser evil, but don’t use Signal if you are planning a revolt is what I’m saying.
or if you’re the US’ secretary of defense and you’re going to bomb Houthis
🤷
🤣 Absolute shitshow lmfao. Signal is not approved for war communications, that was a security breach (not to mention, adding the journalist), and he risked jepardizing his entire mission.
But on the other hand, having such incompetent fascists is a good thing for the resistance.
Put that at the start. This is c/privacy, not c/revolt.
They don’t need Signal to do any of this though, so this doesn’t seem like a very plausible theory.
True, they don’t exact need signal. But the thing with exploits is that, once found, they would be patched and they can’t use the same exploit again. So they can’t just be sending everyone in the country Pegasus. That would make it easier for it to be detected.
So with Signal’s help, they have a easier time to select a few targets. They can find out who is using Signal, and correlate that with other data like being near a protest site. Then they only need to target a few Signal users, instead of like sending Pegasus to 5000 protestors, they could find out that everyone is talking to this “John Smith” person, then send pegasus to that user and obtain a lot info And since its only few users being infected, its less likely for the fact that the conversations are comprpmised to be known.
I mean, without requiring phone numbers for Signal, they would have a harder time knowing who is using Signal, and they would end up having to infect all 5000 phones in the protest area, which mean now its much more likely for the spyware to be detected. With infecting just a few of the organizers, their spying can remain undetected for a long time.
As for everyone else not using Signal, they are likely to be using unencrypted messaging, so its not even necessary to infect their phones.
Why can’t they send Pegasus to everyone?
If they can create a fund and invent Signal, they can just make Pegasus part of AOSP and have every manufacturer be forced to install it silently
They could, but again, its easier to detect.
But if we are already under the assumption that Pegasus is so sophisiticated that it’s un-detectable. Its possible all this privacy talk is futile and they already have access to every device, which means Graphene OS is also pointless.
I honestly don’t know. If you are planning any anti-government activities, the only way to be totally safe is to not carry a smartphone (and obviously wear a mask to conceal your identity and all that) and use One Time Pad encryption and deaddrops for communications.
Your theory sounds legit
Seems like a lot of unnecessary steps there
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our numbers are not private from Signal. Do not let this derail us. Escaping to libre software is the best return on investment.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
They are referring to message metadata.
Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.
For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.
They store metadata, which is distinct from encrypted data.
Are you saying sealed sender is a lie?
https://signal.org/blog/sealed-sender/
When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.
They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.
The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.
You can see this for yourself at signal.org/bigbrother
deleted by creator
Did… Did you just read the problem they were trying to solve, and just, skip the solution?
No.
We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.
They haven’t hidden it yet. It’s a goal.
in the end of the day, the end user needs an id. this is perfect for the everyday user, but obviously if you are writing anti regime articles, you might want to look around for more anonim apps.
We have to assume we are all writing anti regime articles … In the future
perfect for the everyday user
…because of course, they don’t need privacy, do they now. “Nothing to hide” and all that jazz.
Bots. If it makes you feel better, you can disable other people finding you via phone number and just give them your username. All messages are private.
But the police request the meta data of all messages from your phone number that the company has and they’re required by law to give them it.
Secret sender stops any real amount of information about messages being connected to you
You should go properly read the requests from law enforcement they have received and exactly what information it contains. It’s public. Then evaluate if it matters for yur threat model. Security doesn’t exist in a vaccum.
These are all the court orders Signal has complied to and details all the information they give up
https://signal.org/bigbrother/
TLDR; they only give the last time the account connected to Signal servers and the time of account registration or re-registration
They can “request” it all day long. Signal doesn’t store them beyond the time needed to deliver to the end user device, and while (temporarily) stored, it’s encrypted in a way Signal’s service cannot read.
huh? so the phone number is encrypted in a way that can’t be read, but an sms is sent to the phone? … a separate company sends the text on behalf of signal? so that separate company logs the phone number, the timestamp and who knows what else.
Signal doesn’t use SMS anymore, and all messages are sent over encrypted Internet protocol. Any servers in between won’t see the phone number, it’s not needed to deliver the message, it’s using an IP address at that point and the entire message metadata is encrypted. Signal is the only one that can see the phone numbers, which they use to identify multiple clients as a single user and route messages accordingly.
Signal doesn’t use SMS at all, once you have enrolled. The phone number is used to validate people and exclude bots, during registration. As others have noted, you can hide your number from other users, as well.
What are you on about right now? I don’t mean that sarcastically, I really am wondering what your concern is. Are you concerned that because your phone number is associated with Signal that police will know you use Signal?
The phone carrier at least here in the US is required to store the call data for 18 months, according to the one that I use.
What does that have to do with Signal?
The claim is that Signal’s phone verification step doesn’t cause privacy problems because Signal (purportedly) doesn’t retain the phone numbers after verification. That claim is falsified because the phone carrier stores the call record even if Signal doesn’t. They store it because of the same law that makes them turn it over to Big Brother on demand. The phone verification step is, therefore, a privacy problem. Obviously there are similar issues with IP routing, but at least I can use a VPN with an endpoint in another country.
The “record” is a SMS verification code. All that will tell the government is that you registered for Signal, nothing else.
Telling the govt that you registered for Signal sounds like a bad failure as far as I’m concerned, e.g. if you are a user in a repressive regime. Do you think Trump would like to get his hands on a list of all the Signal users in the US? Probably yes. What would he do with the list? IDK but it has to be bad. So it should be an objective of Signal to make it impossible for anyone to create such a list.
Anyway, it sounds like Signal has wised up and is getting rid of the phone number requirement. I don’t understand why people here keep defending the misfeature. I’ve heard such things explained as “system justification” but I still don’t understand it. All of us make poor decisions all the time, but we should at least make some effort to recognize them, and fix them when possible.
No, that wasn’t the claim. Phone numbers are used for sign up, but the post’s OP was talking about messaging meta data. Messaging meta data doesn’t go through your carrier and is encrypted.
If you check the publication of signal’s cases where they had to hand out data, and in reverse the FBI leak that listed analysis of all messenger apps by what data they were able to acquire in most cases, Signal came out as one of the top options.
Oh I see what you mean. But a big enough data dump from the phone carriers identifies all of Signal’s users, not good.
Its encrypted
Messages are e2e encrypted. Metadata is not encrypted.
Yes it is. Signal isnt PGP email. A lot of work went into protecting metadata.
People told you a few times to go look for yourself what Signal can give away. Its protocol descriptions are pretty understandable.
The whole bloody reason it’s always recommended is because it’s absolutely the best thing in terms of yes, encrypting metadata. It’s state of the art, level above that bullshit you’re thinking.
Unfortunately, that also means that hosting it takes lots of resources, which means they have to screen bots and mults somehow. Phone numbers are one way. Paid accounts are another.
Phone numbers are one way. Paid accounts are another.
Rubbish. How would this stop bots? Bots are created to make money. What makes you think creators don’t have a phone number, or be prepared to pay to spam.
Phone numbers cost money, which means they’re not easy to create in bulk, and therefore banning or blocking spam numbers is much easier than if it was open sign up.
One account per phone number versus infinity of accounts without.
signal accounts… signal accounts everywhere!
what? can you show a source? I think you mixed it up with Matrix
Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It’s not designed to be an anonymous service, just a private one.
It’s not designed to be an anonymous service, just a private one.
I think this needs to be said a lot more often and a lot louder. Anonymous and private are NOT necessarily the same thing, nor should the expectation be that they are. Both have a purpose.
