Fuck signal.
No “privacy” focused messenger should need a phone number to register…at that point u basically handing the agencys meta data on a platter
No, that is an important distinction. People have different threat models. For most people, privacy without anonymity may suffice (i.e. I don’t mind that you know it’s me, I just don’t want you to see what I’m sending). For others (i.e. journalists, whistleblowers, more privacy-centric individuals), anonymity may be equally important.
Whoever controls the number. This is fine for 90% of people who hold on to their number, especially since no data is leaked unless you are sent messages after changing your number. But that’s the same for SMS, so it’s not a downgrade from that.
dont you know who u wana talk with?
Yes, but most aren’t on signal yet. When they do join, it’s nice for them to know you’re on it too so your communication can default to that.
Yeah lets use the phone number of a middle man to sign up…sure u wont forget to relock the number every week so they dont get the power for account take over since they manage your number.
Wrong again. Please research before you start shouting.
WhatsApp uses the Signal protocol. The difference is, it being owned by Meta, it also logs all the metadata it can alongside your real phone number.
Signal messenger uses the Signal protocol. Contrary to WhatsApp, it does not store any metadata. Your phone number is used by the Signal protocol merely as a cryptographic hash. That means, it’s impossible to know who is communicating with whom.
It is not replacing “one system” with “another system”. It essence, signal is WhatsApp, but with all the added spying features stripped, none added.
Well in many nation you can only get a phone number by showing ID, hence the number itself isnt anonymized.
So if there is a legal request to signal they hand over the number and u already de anonymized.
If you dont use your own number you have to relock signal every week (manual) so the number cant be used for account takeover…why is that lock even on a timer? That just sounds like a trap.
But lets assume u used your own number, and it gets found out.
With that number it would be easy af for a state actor to send u a zero day SMS to take over your phone…there are so many reasons why a phone number is just bad to use as a identifier in a privacy focused app.
The technical hurdles to allow account creation without phone number or like just to have number as optional, are very low.
The official reason for the numbers is spam protection…but there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
would be easy af for a state actor to send u a zero day SMS to take over your phone.
Two problema with this logic
do you think a state actor needs to leak the phone number from signal to find out your number?
0-click SMS exploits are possibile, but extremely rare and extremely expensive. Someone with such an exploit won’t burn it for random Joe.
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use.
The association between phone number and identity is something that telco companies can already (and do) provide to authorities.
The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.
But that assumes the Signal identity is the same as your IRL identity. Makes not just anonymity (which is often important for safety just as much as privacy!), but multiacc arbitrarily harder. I can’t imagine using the same chat account for my online gaming buddies and for my real family!
What you said is exactly the point of preventing spam.
Having a real identity attached to a signal identity is the point to prevent spam. There is functionally no difference between your multiaccount and a spammer with 6000 accounts.
I can’t imagine using the samw chat account for my online gaming buddies and for my real family!
I can’t really see why, but if that’s the case, signal is not the application for you, I suppose.
Well, it depends how you define different “things”. In your example you are talking with people. It doesn’t matter with whom or about what, and the service is a meta-service in this sense. You might not want to use the same email for the gambling site and for your school newsletter, but talking with people - information that says private - using a program that identifies you with a number is not the same thing.
There is no option to set a different handle and avatar for different groups of people tho, and I don’t remember if the username shows if you get discovered by number. Also, this was just an example - usually you’d have more than two groups you’d want to isolate.
Can you elaborate what would you want to achieve? Are you trying to hide your identity from your interlocutors (e.g., gambling buddies), so that they wouldn’t know you are John Doe?
Fuck signal. No “privacy” focused messenger should need a phone number to register…at that point u basically handing the agencys meta data on a platter
Errybody hatin’ your logic but your logic is just that: paranoid and for no shortage of good reason and those are my dice.
Session
GPG
Don’t let perfect be the enemy of good. Getting people off of proprietary stuff is the first step. Whatever else is the next step.
Anti Commercial-AI license
Why are you licensing your comment?
https://lemmy.world/comment/9850401
https://lemmy.world/comment/9805932
privacy != anonymity
nitpicking
No, that is an important distinction. People have different threat models. For most people, privacy without anonymity may suffice (i.e. I don’t mind that you know it’s me, I just don’t want you to see what I’m sending). For others (i.e. journalists, whistleblowers, more privacy-centric individuals), anonymity may be equally important.
Exactly. And requiring a phone number enables convenience features like:
Once you have an account, you can disable the phone number and use Hawks usernames instead (can be changed at will) of disable discovery entirely.
It’s a pretty reasonable limitation IMO.
“Account recovery”, yeah but by whom?
“Find contacts”, dont you know who u wana talk with?
“be found by other people” ???
Whoever controls the number. This is fine for 90% of people who hold on to their number, especially since no data is leaked unless you are sent messages after changing your number. But that’s the same for SMS, so it’s not a downgrade from that.
Yes, but most aren’t on signal yet. When they do join, it’s nice for them to know you’re on it too so your communication can default to that.
You can disable discovery (I do).
You know that your phone number is never saved anywhere? Signal only uses a cryptographic hash of your phone number.
Jmp.chat is worth being aware of
Also you’re a wackadoo
Yeah lets use the phone number of a middle man to sign up…sure u wont forget to relock the number every week so they dont get the power for account take over since they manage your number.
I know it’s not the best, but it is great when you want someone to shift from other popular proprietary app like WhatsApp.
Replacing one phone number based system with another may not be a wise choise.
Wrong again. Please research before you start shouting.
WhatsApp uses the Signal protocol. The difference is, it being owned by Meta, it also logs all the metadata it can alongside your real phone number.
Signal messenger uses the Signal protocol. Contrary to WhatsApp, it does not store any metadata. Your phone number is used by the Signal protocol merely as a cryptographic hash. That means, it’s impossible to know who is communicating with whom.
It is not replacing “one system” with “another system”. It essence, signal is WhatsApp, but with all the added spying features stripped, none added.
Wise, maybe not. Pragmatic, yes.
Pragmatism got us here. Maybe its time for people to start giving fucks, or like just dont communicate with me.
I suspect most people will take the latter option. Enjoy your “victory”.
Can you explain what you mean? I’m not sure I understand how that would work.
Well in many nation you can only get a phone number by showing ID, hence the number itself isnt anonymized. So if there is a legal request to signal they hand over the number and u already de anonymized. If you dont use your own number you have to relock signal every week (manual) so the number cant be used for account takeover…why is that lock even on a timer? That just sounds like a trap.
But lets assume u used your own number, and it gets found out. With that number it would be easy af for a state actor to send u a zero day SMS to take over your phone…there are so many reasons why a phone number is just bad to use as a identifier in a privacy focused app. The technical hurdles to allow account creation without phone number or like just to have number as optional, are very low. The official reason for the numbers is spam protection…but there are a lot of privacy messengers out there that dont use numbers and dont have a spam problem.
Two problema with this logic
Edit: In any case, if your security depends on malicious actors not discovering your phone number, a generally public piece of information, your have no security to begin with.
Because they have not users either. You are talking about niches in a niche segment of a niche market.
Using a phone number that is used only for account creation is a non-issue overblown by a lot of people. Your phone number is likely in the contact list of tens or hundreds of people, already comfortably associated with your name and conveniently shared with many applications that your contacts use. The association between phone number and identity is something that telco companies can already (and do) provide to authorities. The only bit of metadata that is added is that “person X uses signal” which in itself is an irrelevant piece of data.
I am taking the time to remove my info from the various aggregators, and it is scary the kind of detailed info that exists out there just as public information.
As you say, if you are worried about a phone number being tied to your identity, it’s already public information.
But that assumes the Signal identity is the same as your IRL identity. Makes not just anonymity (which is often important for safety just as much as privacy!), but multiacc arbitrarily harder. I can’t imagine using the same chat account for my online gaming buddies and for my real family!
What you said is exactly the point of preventing spam. Having a real identity attached to a signal identity is the point to prevent spam. There is functionally no difference between your multiaccount and a spammer with 6000 accounts.
I can’t really see why, but if that’s the case, signal is not the application for you, I suppose.
Yeah, but I’d say separating your identities you use for different things is a very basic measure a lot of people would want to use.
Well, it depends how you define different “things”. In your example you are talking with people. It doesn’t matter with whom or about what, and the service is a meta-service in this sense. You might not want to use the same email for the gambling site and for your school newsletter, but talking with people - information that says private - using a program that identifies you with a number is not the same thing.
Couldn’t you use a signal username with the gaming buddies, and your real name / number with the people that already know it?
I don’t use signal much, but I convinced 1 person. They didn’t give me their number but gave me a username instead.
There is no option to set a different handle and avatar for different groups of people tho, and I don’t remember if the username shows if you get discovered by number. Also, this was just an example - usually you’d have more than two groups you’d want to isolate.
Can you elaborate what would you want to achieve? Are you trying to hide your identity from your interlocutors (e.g., gambling buddies), so that they wouldn’t know you are John Doe?
Gotcha, so you can have two “identities” at a time. I guess this is for spam prevention.
Afaik the username does not show if you are added by number