I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Because their founder (Marlinspike) is probably under a National Security Letter, maybe it’s just that, maybe he’s done some crimes they’re also holding over him. If you look at his behavior it’s that of someone very paranoid that they’re going to be found out to be cooperating with the feds and get hit with charges for not upholding the bargain, someone straddling one or two big lies that have to be maintained to keep their life going. Very controlling of things they should be open about if they care about privacy as they claim. But exactly the behavior of someone under an NSL who’s terrified of getting hit with charges for that and maybe other things but who is expected to front and run a purported privacy first messenger. The secrecy, the refusal to allow others to operate their own servers, the antagonism towards federation, the long periods without publishing source code updates.
This doesn’t necessarily mean that signal message content is compromised, the NSA primarily scrapes metadata and would most care about knowing who is talking to who and to put real names to those people and building graphs of networks of people. Other things like what times they talk can be inferred from upstream taps on signals servers without their knowledge or cooperation via traffic observation and correlation especially when paired with the fourteen eyes global intercept network. With a phone number it’s also a lot easier to pinpoint an exact device to hack using a cooperating (or hacked) telecom. Phone numbers can also be correlated to triangulated positions of devices, see who in a leftist protest network was A) heavily sending messages and B) attended that protest and left last and begin to infer things about structure and particular relationships.
And those saying it has to do with spam prevention, that’s kind of nonsense. First I still get the occasional spam, second a phone number that can receive a confirmation text is something all these criminal organizations have access to which the average person doesn’t. Third it’s possible to prevent spam just by looking for people (especially new accounts under 120 days old) sending very small amounts of messages (1-3) to a very large amount of other users especially in a short amount of time. Third there’s no reason to keep the phone number tied to the account, a confirmation text could be required with a promise to delete the phone number immediately after (would still be technically useful to the NSA though less useful for keeping track of people changing numbers or using a burner for this who might be higher value targets).
That is a pretty weird post that doesn’t make much sense, but I remember meeting Moxie and asking him about Android security and being surprised at how defensive he was about it. Is Signal the app he was working on? That helps somewhat. I get them confused with each other.
The Signal app doesn’t appear to be on F-droid, which is a bit discomforting.
I have never received spam on Signal.
I have exactly once as did a couple of my friends from the same stranger.
I got one one time, been using it for years. Fuckin’ weird to try on people who are privacy and security conscious. My guess is that they were attempting to see what numbers are using signal in the first place if someone responds with a “fuck off” then the spammer knows they use signal.
Secret sender invalidates your metadata argument
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our numbers are not private from Signal. Do not let this derail us. Escaping to libre software is the best return on investment.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
They are referring to message metadata.
Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.
For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.
They store metadata, which is distinct from encrypted data.
Are you saying sealed sender is a lie?
https://signal.org/blog/sealed-sender/
When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.
They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.
The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.
You can see this for yourself at signal.org/bigbrother
I am really frustrated when this is brought up, since it only shows what they have been collecting so far, not what they’re capable of collecting. The government agencies can force them to do whatever modifications to the server AND to keep completely silent about it. I am still trying to understand whether Sealed Sender would protect from a server collecting and recording ALL the data it possibly can.
Did… Did you just read the problem they were trying to solve, and just, skip the solution?
No.
We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.
They haven’t hidden it yet. It’s a goal.
Session is what you want. But you have to directly shares each others public keys to connect
Because it’s centralized, I prefer SimpleX.
Privacy: they know who you are but they don’t know what are you doing/when are you doing. Anonymity: they don’t know who you are.
Tried session? Anyone have comments on it? Nice to be able to skip the phone and easily use vpn, though I haven’t spent enough time on that.
I think the people behind Session cares for their mission, and it might align with OP’s, so maybe. Although I personally am not too fond of about all their choices.
The omission of Forward Secrecy for instance doesn’t sit well with me. Each to their own though, and they do go into their reasoning on their blog: https://getsession.org/session-protocol-explained
Likewise their last audit from 2021, lists quite a handful of critical/moderate issues in their apps, hopefully they’ve fixet it. Afterall it’s been a while since 2021. https://getsession.org/faq#security-audit
Session is a Signal fork and they removed forward secrecy which makes them vulnerable to Key Compromise Impersonation attacks.
Is there a quick explanation of what signal actually does? I don’t understand the need for a phone number either. Jami doesn’t ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I’m luddite enough to still be using it) doesn’t ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven’t looked into and tbh I don’t understand why they exist.
It’s not suspicious. It’s been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it’s simpler.
The code is open, if you don’t trust other people and can’t read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it’s suspicious is not productive to anyone.
-
I don’t understand what you mean about discoverability: is my presence on the network advertised to strangers and spammers? That doesn’t sound good. What does the onboarding process look like?
-
You still haven’t said what Signal’s advantages are supposed to be over alternatives, though I can guess some (e.g. better/more crypto than irc has). Jami seems conceptually ok, but buggy in implementation. Nextcloud Talk works but is kind of clunky. Matrix is popular though I’ve never used it: is it the main alternative to Signal these days? I thought it was what all the hipsters had migrated to while luddites like me were still on irc. Jitsi Meet looks nice though again I haven’t explored it much. I’ve been puzzled for a long time that there is so much work in this area yet everything has deficiencies. Are there difficult problems to solve?
-
If Signal’s code is open then of course I’d want to self-host the server. Can I do that? Does that get in the way of the onboarding process you mention? Where does the phone number come in, in that case? If I to use Signal’s server, that doesn’t sound so open, and normally there’s no way for me to verify that it’s running the same code that they claim.
I don’t see where I’m spreading FUD. Ignoring a question and calling it FUD doesn’t invalidate the question.
-
Signal is a messenger service. You can expire messages after a certain amount of time.
They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.
I get that Signal is a messaging system (not sure if “messenger service” has a specific meaning). What I don’t understand is why I’d want to use it instead of any of the million others that are out there. I’ve never used Signal and don’t have the slightest clue about how it operates, but apparently it tries to mess with the contact list on your phone? That sounds bad. I use Nextcloud Chat sometimes and its web design is ugly, but it works ok and you can self-host it fairly easily. It doesn’t do anything with your phone contacts. Jami is distributed but (maybe unrelated) I often have trouble getting it to work at all.
It doesn’t “mess with your contacts”. You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.
It’s robustly encrypted and quantum secure, without metadata leaks like the sender of a message.
It’s recommended by Edward Snowden.
If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.
Do you mean the client side is open source? What about the server? If you’re required to use Signal’s server, how do you know it’s not disclosing metadata? If you can self-host it, why the phone number?
The idea is you don’t need to trust the server
Messages sent don’t contain a readable sender field
Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control
The wikipedia article looks informative and I will read through it: https://en.wikipedia.org/wiki/Signal_(software)
Is spam a serious problem on other messaging systems?
I have received maybe 3 spam messages in many years of use
Spam is a huge problem on other messaging apps I have tried
SimpleX is coming nicely along. Should be good to switch next year once they got their desktop apps polished up
Simplex has a bad user experience and needs a lot of work before it’s ready for normies.
Last time I tried Simplex, the battery drain was unbelievable. Maybe I’ll give it another go and see what happens, but I’m not optimistic.
Maybe I am being too simplistic here. But I have never received a spam message to my XMPP account and I don’t know how a spammer would find it.
In a phone-based system a spammer can spam a list of numbers, or use contact lists that are easily shared via phone permissions. There are several low-effort discovery processes.
For e-mail, you get spam when you you input your personal e-mail into forms, websites, or post it publicly.
But for something like XMPP… It seems rather difficult to discover accounts effectively to spam them. And, if it is an actual problem, why not implement some kind of ‘identity swap’ that automatically transmits a new identity to approved contacts? A chat username does not need to be as static as an e-mail or a phone number for most people.
I just don’t see ‘spam’ as such a difficult challenge in this context, and not enough in my view to balance out requesting a phone number. Perhaps a spammer can chip-in?
I assume ease of use and spam prevention.
I think Signal tries to be at least somewhat attractive to the average person who wants more privacy than just using WhatsApp or whatever. Making it easy to message existing contacts helps a lot with adoption.
I think it’s important to remember de difference between being private and being anonymous. Signal IS private. It’s not anonymous. The same is true for many other apps/services.
Personally I like to be private. I don’t really need to be anonymous.
Bots. If it makes you feel better, you can disable other people finding you via phone number and just give them your username. All messages are private.
But the police request the meta data of all messages from your phone number that the company has and they’re required by law to give them it.
They can “request” it all day long. Signal doesn’t store them beyond the time needed to deliver to the end user device, and while (temporarily) stored, it’s encrypted in a way Signal’s service cannot read.
The phone carrier at least here in the US is required to store the call data for 18 months, according to the one that I use.
What does that have to do with Signal?
The claim is that Signal’s phone verification step doesn’t cause privacy problems because Signal (purportedly) doesn’t retain the phone numbers after verification. That claim is falsified because the phone carrier stores the call record even if Signal doesn’t. They store it because of the same law that makes them turn it over to Big Brother on demand. The phone verification step is, therefore, a privacy problem. Obviously there are similar issues with IP routing, but at least I can use a VPN with an endpoint in another country.
The “record” is a SMS verification code. All that will tell the government is that you registered for Signal, nothing else.
Telling the govt that you registered for Signal sounds like a bad failure as far as I’m concerned, e.g. if you are a user in a repressive regime. Do you think Trump would like to get his hands on a list of all the Signal users in the US? Probably yes. What would he do with the list? IDK but it has to be bad. So it should be an objective of Signal to make it impossible for anyone to create such a list.
Anyway, it sounds like Signal has wised up and is getting rid of the phone number requirement. I don’t understand why people here keep defending the misfeature. I’ve heard such things explained as “system justification” but I still don’t understand it. All of us make poor decisions all the time, but we should at least make some effort to recognize them, and fix them when possible.
No, that wasn’t the claim. Phone numbers are used for sign up, but the post’s OP was talking about messaging meta data. Messaging meta data doesn’t go through your carrier and is encrypted.
If you check the publication of signal’s cases where they had to hand out data, and in reverse the FBI leak that listed analysis of all messenger apps by what data they were able to acquire in most cases, Signal came out as one of the top options.
Oh I see what you mean. But a big enough data dump from the phone carriers identifies all of Signal’s users, not good.
huh? so the phone number is encrypted in a way that can’t be read, but an sms is sent to the phone? … a separate company sends the text on behalf of signal? so that separate company logs the phone number, the timestamp and who knows what else.
What are you on about right now? I don’t mean that sarcastically, I really am wondering what your concern is. Are you concerned that because your phone number is associated with Signal that police will know you use Signal?
Signal doesn’t use SMS at all, once you have enrolled. The phone number is used to validate people and exclude bots, during registration. As others have noted, you can hide your number from other users, as well.
Signal doesn’t use SMS anymore, and all messages are sent over encrypted Internet protocol. Any servers in between won’t see the phone number, it’s not needed to deliver the message, it’s using an IP address at that point and the entire message metadata is encrypted. Signal is the only one that can see the phone numbers, which they use to identify multiple clients as a single user and route messages accordingly.
Secret sender stops any real amount of information about messages being connected to you
Its encrypted
Messages are e2e encrypted. Metadata is not encrypted.
Edit: I feel the need to qualify this statement. Metadata about your connection may be encrypted at rest but is decryptable given that signal is released metadata to authorities with a warrant/subpoena.
People told you a few times to go look for yourself what Signal can give away. Its protocol descriptions are pretty understandable.
The whole bloody reason it’s always recommended is because it’s absolutely the best thing in terms of yes, encrypting metadata. It’s state of the art, level above that bullshit you’re thinking.
Unfortunately, that also means that hosting it takes lots of resources, which means they have to screen bots and mults somehow. Phone numbers are one way. Paid accounts are another.
Phone numbers are one way. Paid accounts are another.
Rubbish. How would this stop bots? Bots are created to make money. What makes you think creators don’t have a phone number, or be prepared to pay to spam.
One account per phone number versus infinity of accounts without.
signal accounts… signal accounts everywhere!
Phone numbers cost money, which means they’re not easy to create in bulk, and therefore banning or blocking spam numbers is much easier than if it was open sign up.
Yes it is. Signal isnt PGP email. A lot of work went into protecting metadata.
what? can you show a source? I think you mixed it up with Matrix
These are all the court orders Signal has complied to and details all the information they give up
https://signal.org/bigbrother/
TLDR; they only give the last time the account connected to Signal servers and the time of account registration or re-registration
You should go properly read the requests from law enforcement they have received and exactly what information it contains. It’s public. Then evaluate if it matters for yur threat model. Security doesn’t exist in a vaccum.
Because they’re lying. Corporations, governments, and just people in general tend to do that, ya’know.
Spam prevention
It’s not an argument. Think about regular mobile numbers, are they preventing spams? No.
What kind of spam are you talking about
Scams, girls wanting to chat with you, incredible money opportunities…
I misread the comment you replied to originally (thought they were referring to bot spam prevention)… Signal doesn’t work like the phone network, you can’t necessarily just “call” or “text” a random person. There’s also additional verification before you can send messages sometimes.
deleted by creator
Are you seeing spam on signal? Do you even know why spam is possible on phone networks and what the difference is between phone networks and the internet?
I don’t know what is spam for you, but when you get three message requests from three girls respectively named Tania, Clara and Ella that are contacting you about you carrier or your management skills, I call it spam.
The way that Signal integrates phone number is odd because it opens up the spam door. O understand why Signal use phone numbers this way (to make “normies” adopt Signal more easily like WhatsApp would do) but it not the best to kind of contaminate the network with the traditional cell network
The point, I believe, wasn’t about spam but likely got derailed. It was probably about the phone number requirement being unnecessary. I’ll just add that even if it is, it’s a measure geared towards common users that often need to recover access to their accounts through means they’re already familiar with, as is a verification SMS. It’s not the safest nor the most private, but it’s easier to deal with for most people. Whoever wants something that doesn’t depend on a SIM or eSIM should try Briar and SimpleX. None of these will be a perfect solution for every single person though.
deleted by creator
And discovery.
Signal fills an incredibly important spot in a spectrum of privacy and usability where it’s extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it’s not the best, but it’s a hell of a lot easier to convince friends and family to use Signal than something like Matrix.
