this post was submitted on 15 Jul 2023
73 points (95.1% liked)
The Signal messenger and protocol.
1633 readers
20 users here now
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So why do they only allow users to signup to Signal with a phone number? If they really were about privacy and security, they should allow signups via username+password only.
There so much money to be made for just knowing who is talking to who. Who is using the app and when. Even if they can't get at the content of your messages.
I don't trust them one bit.
You confuse privacy and security with anonymity, they are different things. Also, with the sealed senders option, the sender are hidden.
The person I'm talking to is allowed to know who I am so I'm not anonymous. Signal doesn't need to know who I am. It doesn't matter what you call it, that's the feature I'm waiting for to motivate a switch.
That said, I looked up sealed senders. They really do go above and beyond to end2end encrypt as much as they possibly can.
It's just a shame that they insist so hard to tie user accounts to phone numbers.
@Dienervent @andrewm @citytree @animist @BananaTrifleViolin
Signal was originally designed with phone number as the key identifier. This is to facilitate contact identification and building the social graph. The real issue is not that you need a phone number to register with signal. The problem is signal exposes the phone number to all people with whom you communicate, including in groups. That is a big privacy concern, especially if you a part of large groups where you don't want everyone to see your phone number. This is a well known issue and the solution is to have disposable usernames along with ability to hide phone numbers from contacts.
Signal is currently working on these and some previews are available already. Hopefully that should be released soon.
Honestly, I think the problem here is that people have the habit to use the wrong app for a specific use. Signal is, conceptually, similar to WhatsApp, Built for discussing with people you already know (for WA is stated on the website too "Friends and family"), not for any stranger people in the world. So, it shouldn't be used for that, app/protocol like Matrix, Threema and Telegram fit better that purpose
Signal doesn't know who you are. A number don't reveal your identity, and, usually, you should be just a gov. entities to discover that. Does matter what you call it: Signal is for privacy (they have your number, but they don't know who you are, who you write and what you write), not for (full) anonymity (they don't have any information, including number, on you).
Anyway, they're implementing the username too.
First, you're conflating privacy with anonymity.
Secondly, they are one of the few orgs (maybe only?) that have been subpoenaed multiple times and they've published documented evidence
[0]that even when compelled by law to present all the info they have on any specific user, all they know is:Feel free to trust whoever you want, but the source code to Signal's clients and server are open for anyone to criticize, and they have been. They're not perfect, nobody is, but they're also one of the few orgs out there showing that they're willing to put up or shut up.
Criticize in a constructive manner. Don't be dismissive and spread FUD by stating "I don't trust them" without backing up understanding the Signal threat model and mixing up privacy & anonymity.
[0]https://signal.org/bigbrother/