this post was submitted on 16 Aug 2022
109 points (95.8% liked)

Privacy

31957 readers
520 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] kvjxq@beehaw.org 22 points 2 years ago (2 children)

It's abominable that Signal still requires a phone number.

[–] AgreeableLandscape@lemmy.ml 20 points 2 years ago* (last edited 2 years ago) (3 children)

How else are they going to track you?

No, seriously. Even if the messages are encrypted, the metadata including your account info and the account info of everyone you talk to are not. In a lot of these cases, they don't have to have the actual contents of the messages to have a pretty clear picture of what you might be talking about!

With a phone number that's almost certainly registered to your real identity, it makes it trivial to track what you as a person is doing even without breaking the encryption! An encrypted messenger that requires anything related to your real identity to get an account is security theatre.

For example: if you suddenly start messaging back and fourth with an account, and that account happens to have the same phone number as the one on the business card and website of an out of state abortion clinic worker, and your own phone number's area code just so happens to fall in a state that banned abortions after Roe v Wade got trashed, it juuuust might imply a few things about you. They can't definitively prove what the messages were, but if your state criminalizes any and all attempts to get an abortion anywhere, it's probably enough to get a warrant against you.

[–] noodlejetski@lemmy.ml 7 points 2 years ago* (last edited 2 years ago) (2 children)

luckily, from the warrants they've received in the past we know that they don't store metadata, and the only information about the requested numbers that they've been able to provide to the court were the date of registering an account and the last time they were online, both in Unix epoch format: https://signal.org/bigbrother/

[–] yogthos@lemmy.ml 9 points 2 years ago

You have to keep the bigger context in mind here. Even if Signal only tracks your phone number, it can be easily correlated with other data that's associated with you that's aggregated from your online footprint.

[–] KLISHDFSDF@lemmy.ml 6 points 2 years ago (5 children)

What viable user-friendly (i.e. no account creation required) options are there? I just want my messages between friends and family to not be mined by greedy corporations.

[–] thervingi@lemmy.ml 6 points 2 years ago

Matrix is pretty good.

load more comments (1 replies)
[–] ree@lemmy.ml 2 points 2 years ago (2 children)

What you wrote is simply wrong.

Signal encrypt metadata to the best of their capacity. On the contrary matrix, xmpp, telegram, WhatsApp don't (unless sth changed since last year)

For example on my matrix server I could read the IP, username and time of each message.

https://signal.org/blog/sealed-sender/

load more comments (2 replies)
[–] Akimoto@lemmy.ml 8 points 2 years ago (2 children)

They probably do it to prevents spam/abuse. It is supposed to be a better WhatsApp after all, not a completely federated software. So it gotta be somewhat user friendly.

[–] Democracy@lemmy.ml 8 points 2 years ago* (last edited 2 years ago) (1 children)

What? It's easier for spammers/scammers to enumerate phone numbers (because they follow a specific pattern) than usernames or random IDs.

[–] AgreeableLandscape@lemmy.ml 9 points 2 years ago (1 children)

Probably referring to that it's harder for scammers to create scam accounts because they need to verify the phone number is actually theirs before the account can send messages. IMO, still not worth requiring a phone number for the 90% of legitimate users.

[–] thervingi@lemmy.ml 5 points 2 years ago (1 children)

There are websites online that offer 10 minute phone numbers.

[–] AgreeableLandscape@lemmy.ml 3 points 2 years ago (1 children)

Not sure if Signal does this, but most websites will automatically look up the phone number registration, see that it's from one of those companies, and reject it.

[–] Democracy@lemmy.ml 2 points 2 years ago* (last edited 2 years ago)

There are these services still around.

https://sms24.me/en/messages/Signal

You'll notice most numbers aren't from US. The ability to detect VoIP numbers only applies to NA.

[–] snek_boi@lemmy.ml 17 points 2 years ago (1 children)

I tried finding the GitHub issue that asks for Signal to stop relying on phone numbers. I can't find it. Do you [whoever is reading this] know where the issue is at?

[–] OsrsNeedsF2P@lemmy.ml 9 points 2 years ago (1 children)

Github Issues are only for bug reports, the Username feature is tracked here https://community.signalusers.org/t/usernames-in-signal/9157

[–] w_ortiz@beehaw.org 3 points 2 years ago (1 children)

Now you can request "enhancements" too in the issue section. See https://github.com/LemmyNet/lemmy-ui/issues

[–] OsrsNeedsF2P@lemmy.ml 3 points 2 years ago (1 children)

That's.. nice but I'm talking about how Signal handles Github issues

load more comments (1 replies)
[–] i_shot_the_sherry@lemmy.world 14 points 1 year ago (1 children)

This is probably a good time to remind everyone to set up the registration lock.

[–] RojaBunny@lemmy.world 4 points 1 year ago (1 children)

Am I missing something or is this setting not available on Android?

[–] herrfrutti@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

I found it. It's in the Account settings, under pin settings.

[–] w_ortiz@beehaw.org 10 points 2 years ago* (last edited 2 years ago) (2 children)

Someone was talking about Session in another post, the open source app that uses signal code, but without the need to register a phone number.

Can someone recommend it ? Has it been audited ? Because when it comes to cryptography, even if it's supposedly the same code as Signal, it still needs to be independently audited to be trusted.

[–] sexy_peach@feddit.de 2 points 2 years ago (1 children)

Session runs on the cryptocurrency backed loki network.

[–] w_ortiz@beehaw.org 2 points 2 years ago

Ok, didn't know that. I will have so much catching up to do with documentations one of these days... The onion routing seemed cool but I barely read anything on it yet.
I Hope it's not some bullshit whitepaper just to add value to a blockchain/token.

load more comments (1 replies)
[–] nicfab@community.nicfab.it 9 points 2 years ago
[–] hellfire103@lemmy.ml 8 points 2 years ago

Ight, imma delete Signal

[–] QuazarOmega@lemmy.world 4 points 1 year ago* (last edited 1 year ago) (1 children)

~~This is old news though?~~ Never mind

[–] CupDock@lemmy.world 8 points 1 year ago (1 children)
[–] QuazarOmega@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

~~Yes, exactly~~ My bad, you meant the Lemmy post, didn't notice that, now I get what is happening

[–] Amicchan@lemmy.ml 3 points 2 years ago

People seriously still use Signal? lmao

[–] dhadelis@lemmy.ml 2 points 2 years ago

Who thought that requiring phone number and relying on third party services would reduce users privacy /s

load more comments
view more: next ›