I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Is there a quick explanation of what signal actually does? I don’t understand the need for a phone number either. Jami doesn’t ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I’m luddite enough to still be using it) doesn’t ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven’t looked into and tbh I don’t understand why they exist.
Signal is a messenger service. You can expire messages after a certain amount of time.
They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.
I get that Signal is a messaging system (not sure if “messenger service” has a specific meaning). What I don’t understand is why I’d want to use it instead of any of the million others that are out there. I’ve never used Signal and don’t have the slightest clue about how it operates, but apparently it tries to mess with the contact list on your phone? That sounds bad. I use Nextcloud Chat sometimes and its web design is ugly, but it works ok and you can self-host it fairly easily. It doesn’t do anything with your phone contacts. Jami is distributed but (maybe unrelated) I often have trouble getting it to work at all.
It doesn’t “mess with your contacts”. You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.
It’s robustly encrypted and quantum secure, without metadata leaks like the sender of a message.
It’s recommended by Edward Snowden.
If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.
Do you mean the client side is open source? What about the server? If you’re required to use Signal’s server, how do you know it’s not disclosing metadata? If you can self-host it, why the phone number?
The idea is you don’t need to trust the server
Messages sent don’t contain a readable sender field
Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control
The wikipedia article looks informative and I will read through it: https://en.wikipedia.org/wiki/Signal_(software)
Is spam a serious problem on other messaging systems?
You trust the server if you don’t verify fingerprints. Signal makes that too difficult.
Sealed sender is a theater that you can enable but still have to trust Intel, aws and the signal server.
CONTACTS ARE UPLOADED
Robust encryption isn’t useful if you don’t verify the fingerprint and signal makes that not intuitively.
SIGNAL CLIENT HAS UNFREE SOFTWARE INCLUDED
Contacts are never uploaded
Hashes of some numbers are if you enable contact discovery
Verifying keys is easy, what are you talking about?
It’s not suspicious. It’s been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it’s simpler.
The code is open, if you don’t trust other people and can’t read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it’s suspicious is not productive to anyone.
-
I don’t understand what you mean about discoverability: is my presence on the network advertised to strangers and spammers? That doesn’t sound good. What does the onboarding process look like?
-
You still haven’t said what Signal’s advantages are supposed to be over alternatives, though I can guess some (e.g. better/more crypto than irc has). Jami seems conceptually ok, but buggy in implementation. Nextcloud Talk works but is kind of clunky. Matrix is popular though I’ve never used it: is it the main alternative to Signal these days? I thought it was what all the hipsters had migrated to while luddites like me were still on irc. Jitsi Meet looks nice though again I haven’t explored it much. I’ve been puzzled for a long time that there is so much work in this area yet everything has deficiencies. Are there difficult problems to solve?
-
If Signal’s code is open then of course I’d want to self-host the server. Can I do that? Does that get in the way of the onboarding process you mention? Where does the phone number come in, in that case? If I to use Signal’s server, that doesn’t sound so open, and normally there’s no way for me to verify that it’s running the same code that they claim.
I don’t see where I’m spreading FUD. Ignoring a question and calling it FUD doesn’t invalidate the question.
- You can easily migrate everyone from WhatsApp to Signal and they don’t have to exchange usernames as most people have the phonenumbers in their contacts. (This has massive drawbacks addressed somewhere else, one lesser known fact is that they would have to verify fingerprints anyway to be sure they are speaking to the right person an not a proxy. Instead of that they could also exchange username+fingerprint initially, like Simplex does it.)
You can’t easily selfhost Signal. They engineered it purposefully to only run on Big Tech Clouds with specific Intel CPUs they put (too much) trust in.
Very interesting, thanks. Do you mean they use SGX (Intel’s buggy secure enclave feature)? Any idea what they use it for? If not SGX, do you know what the issue is? AMD Epyc processors have something similar but different, fwiw. If there is such highly secret info on the server though, that makes self-hosting even more important. It also makes the architecture suspect.
Yes SGX, they use it for sealed Sender, contact discovery and mobilecoin.
- Yes, kinda, if they have you in their contact books, they get a notification you joined.
-
Privacy ≠ Anonymity ≠ Security
The amount of trolls in this thread that either try to spew false information intentionally or just have idea what they are talking about is insane.
If you are worried about what data (including your phone number) law enforcement can recieve (if they have your specific user ID, which is not equal to your phone number) from the Signal company check this: https://propertyofthepeople.org/document-detail/?doc-id=21114562 Tldr: It’s the date of registration and last time user was seen online. No other information, Signal just doesn’t have any other and this is by design.
If you want to know more about how they accomplish that feat you can check out the sealed sender feature: https://nerdschalk.com/what-is-sealed-sender-in-signal-and-should-you-enable-it/
or the private contact discovery system: https://signal.org/blog/private-contact-discovery/
Also as Signal only requires a valid phone number for registration you might try some of these methods (not sure if they still work): https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/
Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.
Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.
I don’t know what you mean by “bait” here, but…
Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.
(fuck whatsapp and discord too, of course.)
When it’s libre software, we’re not banned from fixing it.
When it’s libre software, we’re not banned from fixing it.
Signal is a company and a network service and a protocol and some libre software.
Anyone can modify the client software (though you can’t actually distribute modified versions via Apple’s iOS App Store, due to Apple’s binary distribution system being incompatible with GPLv3… which is why unlike the Android version there are no forks of Signal for iOS) but if a 3rd party actually “fixed” the problems I’ve been talking about here then it really wouldn’t make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.
Signal (the company) must approve of and participate in any change to Signal (the protocol and service).
Yeah, iOS is not libre software.
SimpleX is better
Escaping WhatsApp and Discord, anti-libre software, is most important part.
it’s being answered in the github thread you linked. Sorry that this is not enough for you but it’s enough for most people: “For people who are concerned about this sort of thing, you can enable sealed sender indicators in the settings”
it’s being answered in the github thread you linked
The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to “unsealed sender”.
That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does “enable sealed sender indicators”).
This can be separated into two different questions:
- For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
- For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?
The strongest possibly-true statement i can imagine about sealed sender’s utility is something like this:
For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.
This is a vastly weaker claim than saying that “by design” Signal has no possibility of collecting any information at all besides the famous “date of registration and last time user was seen online” which Signal proponents often tout.
This shows they do not need our phone numbers but they still demand it.
However, escaping WhatsApp and Discord, anti-libre software, is more important.
No it doesn’t. What is a need? It is for troll and spam and bot protection. How does the links show that there is no need for it?
It’s focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.
Signal IS the middleman.
THATS WRONG! Signal Server can just do a man in the middle as you try connecting to your contact for the first time. You need to verify the fingerprint manually which is not very obvious and present in the UI. In SimpleX.chat you automatically verify the fingerprint, as its the way to establish the chat to your contact and is included in the way you distribute the contact to you.
no middleman
Signal is not P2P
Of course. Sorry, but I meant no middleman as in minifying the role of the server in your messahing. Signal’s goal is to ensure the server cannot have access to your messages and its only role is to receive and send data.
No but it’s e2ee.
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
Do not let this derail us.
Nothing is derailing you personally. Why are you repeating this to others?
in the end of the day, the end user needs an id. this is perfect for the everyday user, but obviously if you are writing anti regime articles, you might want to look around for more anonim apps.
We have to assume we are all writing anti regime articles … In the future
perfect for the everyday user
…because of course, they don’t need privacy, do they now. “Nothing to hide” and all that jazz.
They implemented an alt method IIRC but you must go out of your way to search and find it. I just recall seeing a bunch of post headlines about using email or something like that a year so so back.
They send an initial SMS message that is a main expense and funded by some rich person and donations. I think that has some significance to encryption or something but I’m not sure of the details. I could be wrong on that one, it has been years since I read the details.
Your wrong, except the rich person part. That rich guy is the WhatsApp founder, who got the money by selling their users to Facebook.
Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It’s not designed to be an anonymous service, just a private one.
It’s not designed to be an anonymous service, just a private one.
I think this needs to be said a lot more often and a lot louder. Anonymous and private are NOT necessarily the same thing, nor should the expectation be that they are. Both have a purpose.
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our numbers are not private from Signal. Do not let this derail us. Escaping to libre software is the best return on investment.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
They are referring to message metadata.
Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.
For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.
They store metadata, which is distinct from encrypted data.
Are you saying sealed sender is a lie?
https://signal.org/blog/sealed-sender/
When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.
They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.
The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.
You can see this for yourself at signal.org/bigbrother
I am really frustrated when this is brought up, since it only shows what they have been collecting so far, not what they’re capable of collecting. The government agencies can force them to do whatever modifications to the server AND to keep completely silent about it. I am still trying to understand whether Sealed Sender would protect from a server collecting and recording ALL the data it possibly can.
Did… Did you just read the problem they were trying to solve, and just, skip the solution?
No.
We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.
They haven’t hidden it yet. It’s a goal.
My conspiracy theory brain goes:
Its funded by the government.
Yes, the messages themselves are encrypted, but they don’t need that, they have access to all the useful metadata.
They can find everyone near the site of a protest (via cell tower data), then find their signal accounts, then see who they are contacting, potentially revealing who the the other protestors and protest organizers are.
And if you need access to the messages, they don’t need to crack the encryption, they could just send pegasus to your phone (and they already have you phone number to do so), and they’ll have access to every message.
Then they just find those other protestors, also send pegasus to their phones.
I mean, the Signal code is technically legit, they just used a side channel (zero day exploits) to gain access.
But this is just a theory, I don’t have any evidence supporting this hypothesis.
What are you doing to help others escape WhatsApp, anti-libre software?
Obviously Signal is the lesser evil, but don’t use Signal if you are planning a revolt is what I’m saying.
Put that at the start. This is c/privacy, not c/revolt.
Obviously Signal is the lesser evil, but don’t use Signal if you are planning a revolt is what I’m saying.
or if you’re the US’ secretary of defense and you’re going to bomb Houthis
🤷
🤣 Absolute shitshow lmfao. Signal is not approved for war communications, that was a security breach (not to mention, adding the journalist), and he risked jepardizing his entire mission.
But on the other hand, having such incompetent fascists is a good thing for the resistance.
Seems like a lot of unnecessary steps there
They don’t need Signal to do any of this though, so this doesn’t seem like a very plausible theory.
True, they don’t exact need signal. But the thing with exploits is that, once found, they would be patched and they can’t use the same exploit again. So they can’t just be sending everyone in the country Pegasus. That would make it easier for it to be detected.
So with Signal’s help, they have a easier time to select a few targets. They can find out who is using Signal, and correlate that with other data like being near a protest site. Then they only need to target a few Signal users, instead of like sending Pegasus to 5000 protestors, they could find out that everyone is talking to this “John Smith” person, then send pegasus to that user and obtain a lot info And since its only few users being infected, its less likely for the fact that the conversations are comprpmised to be known.
I mean, without requiring phone numbers for Signal, they would have a harder time knowing who is using Signal, and they would end up having to infect all 5000 phones in the protest area, which mean now its much more likely for the spyware to be detected. With infecting just a few of the organizers, their spying can remain undetected for a long time.
As for everyone else not using Signal, they are likely to be using unencrypted messaging, so its not even necessary to infect their phones.
Why can’t they send Pegasus to everyone?
If they can create a fund and invent Signal, they can just make Pegasus part of AOSP and have every manufacturer be forced to install it silently
They could, but again, its easier to detect.
But if we are already under the assumption that Pegasus is so sophisiticated that it’s un-detectable. Its possible all this privacy talk is futile and they already have access to every device, which means Graphene OS is also pointless.
I honestly don’t know. If you are planning any anti-government activities, the only way to be totally safe is to not carry a smartphone (and obviously wear a mask to conceal your identity and all that) and use One Time Pad encryption and deaddrops for communications.
Your theory sounds legit
This is what the UK police do with WhatsApp data. Even though they can’t read the messages, they do use the connections of messages to suspicious characters as evidence including date and times, which also puts these other people in the spotlight, opening further investigations.
The UK police can also use ‘stinger’ devices that are “fake” mobile data towers to intercept mobile communications.
Signal is not perfect but we control its app, libre software. See SimpleX Chat.
First, we must defeat WhatsApp and Discord.
Why we need to defeat those first? We can go straight to SimpleX?
What SimpleX, Signal, or any app like this need first and foremost is traction, as new users generate more new users. One of Signal’s goals is usability (usually achieved by being simple, as in no complexity for the end user). In my opinion SimpleX lacks that. This is the same reason Signal needs a phone number: populating your contact list with users already on the platform
reason Signal needs a phone number: populating your contact list
Wrong, it is not optional.
First, we must defeat WhatsApp and Discord.
Do whatever works. Do not get derailed. Escaping WhatsApp and Discord, anti-libre software, has the highest return on investment.
You can go to Simplex (for sure a lot of people here already done it) but if only privacy nerds get to this place this is not a great solution. We (I’m talking about us using Lemmy and chatting on SimpleX) must convince people, starting by friends and family to stop using these fucking socials then at this point SimpleX will be considered as a viable alternative
deleted by creator
Do not let this derail us. Escaping to libre software is the best return on investment.
Because they’re lying. Corporations, governments, and just people in general tend to do that, ya’know.
Maybe I am being too simplistic here. But I have never received a spam message to my XMPP account and I don’t know how a spammer would find it.
In a phone-based system a spammer can spam a list of numbers, or use contact lists that are easily shared via phone permissions. There are several low-effort discovery processes.
For e-mail, you get spam when you you input your personal e-mail into forms, websites, or post it publicly.
But for something like XMPP… It seems rather difficult to discover accounts effectively to spam them. And, if it is an actual problem, why not implement some kind of ‘identity swap’ that automatically transmits a new identity to approved contacts? A chat username does not need to be as static as an e-mail or a phone number for most people.
I just don’t see ‘spam’ as such a difficult challenge in this context, and not enough in my view to balance out requesting a phone number. Perhaps a spammer can chip-in?
Is it possible to use a voip based SMS for registration?
Those are a little easier to get anonymously then physical sim cards.
Too many steps.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Because their founder (Marlinspike) is probably under a National Security Letter, maybe it’s just that, maybe he’s done some crimes they’re also holding over him. If you look at his behavior it’s that of someone very paranoid that they’re going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who’s terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.
This doesn’t necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it’s also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.
And those saying it has to do with spam prevention, that’s kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn’t. Third it’s possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there’s no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).
That is a pretty weird post that doesn’t make much sense, but I remember meeting Moxie and asking him about Android security and being surprised at how defensive he was about it. Is Signal the app he was working on? That helps somewhat. I get them confused with each other.
The Signal app doesn’t appear to be on F-droid, which is a bit discomforting.
Removed by mod
I got one one time, been using it for years. Fuckin’ weird to try on people who are privacy and security conscious. My guess is that they were attempting to see what numbers are using signal in the first place if someone responds with a “fuck off” then the spammer knows they use signal.
I have exactly once as did a couple of my friends from the same stranger.
Secret sender invalidates your metadata argument
