I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
One of the design goals is that they don’t have a user database, so governments etc can’t knock down their door demanding anything. By using phone numbers your “contacts” are not on their servers but local on your phone.
But your phone number is, and thus every agency can get your full name and address and location.
Yes but only yours. That’s still better and only having to knock on one door to get everything.
If I’m the target, then this is enough.
You are not the only person using Signal.
and then every phone number on your phone by arresting you and searching your phone.
deleted by creator
This sounds like it’s a problem no matter what method of communication you use, unless you keep no address book and memorize everything.
That’s WRONG they have a Database of every Phone number registered to them and metadata like the last time they logged in. You send all your contacts numbers to signal so they can respond who is also using Signal.
During registration they want a phone number to send a verification code. I know I am me. They don’t need to verify that.
They do. Otherwise anyone can register with your phone number and start messaging as if they were you.
If you want more privacy you’d need something like Simplex.
They need to verify using a phone number because otherwise other people could sign up using your phone number and pretend to be you? What?
They can only sign up using your phone number if they do require a phone number. If they didn’t ask for a phone number then how would people sign up using your phone number?
Signal’s internal identifiers are, of course, not phone numbers. And you can download their server and host it without requiring phone numbers for registration. Just they simply can’t afford it, they need to prevent bots from registering and sending messages somehow. A group message is stored in Signal as many times as there are group members, for example.
… but why require numbers in the first place.
deleted by creator
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
Do not let this derail us.
Nothing is derailing you personally. Why are you repeating this to others?
Tried session? Anyone have comments on it? Nice to be able to skip the phone and easily use vpn, though I haven’t spent enough time on that.
I think the people behind Session cares for their mission, and it might align with OP’s, so maybe. Although I personally am not too fond of about all their choices.
The omission of Forward Secrecy for instance doesn’t sit well with me. Each to their own though, and they do go into their reasoning on their blog: https://getsession.org/session-protocol-explained
Likewise their last audit from 2021, lists quite a handful of critical/moderate issues in their apps, hopefully they’ve fixet it. Afterall it’s been a while since 2021. https://getsession.org/faq#security-audit
Session is a Signal fork and they removed forward secrecy which makes them vulnerable to Key Compromise Impersonation attacks.
Privacy ≠ anonymity
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
It’s libre software. Go host the server and change the clients to connect to your custom server and distribute the the users you need.
How? i wanted to do that but the client doesn’t let you use another server? Host file ?
Are you saying I have to literally rebuild and distribute my own client APK if I want to use my own server? There’s no “settings” in the existing client where you say what server you want to use, like every email client has? That sounds obnoxious.
If you don’t trust Signal to run an unmodified server without malicious modifications, then why would you trust their build of the APK?
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Personally I have no problem using Signal’s servers
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Usually I only install APK’s from F-Droid, which always builds its apps from source, rather than using the developer’s APK. I’m uncomfortable that Signal doesn’t seem to be on F-droid, and I’m in fact hesitant to install it from anywhere else. I’m not currently set up to build Android apps myself. I’m a fairly unsophisticated Android user.
I just checked and I installed Signal from F-Droid.
It says Repository: Guardian Project on the app page.
Interesting, I wonder why it’s not in the main F-droid repo. Thanks.
You can use Obtainium and get it straight from Github.
Signal on Android has had reproducible builds for years now.
Sources: Github Readme, Official blog post
Thanks. I’m not a sophisticated Android user and so far have just stayed with installing stuff from F-droid. If the official build matches the F-droid build, that’s great. At some point I want to spend some time bringing up Android build tools, but I have too much other stuff going on right now.
edit: nvm i re-read what you wrote
i agree it does mostly fulfill the criteria for libre software. perhaps not in every way to the same spirit as other projects, but that is indeed a separate discussion.
h̶o̶w̶ ̶m̶a̶n̶y̶ ̶c̶o̶m̶m̶u̶n̶i̶t̶i̶e̶s̶ ̶a̶r̶e̶ ̶d̶o̶i̶n̶g̶ ̶t̶h̶a̶t̶ ̶r̶i̶g̶h̶t̶ ̶n̶o̶w̶?̶ ̶i̶ ̶s̶u̶s̶p̶e̶c̶t̶ ̶y̶o̶u̶ ̶m̶a̶y̶ ̶b̶e̶ ̶d̶r̶a̶s̶t̶i̶c̶a̶l̶l̶y̶ ̶u̶n̶d̶e̶r̶s̶t̶a̶t̶i̶n̶g̶ ̶t̶h̶e̶ ̶b̶a̶r̶r̶i̶e̶r̶s̶ ̶f̶o̶r̶ ̶t̶h̶a̶t̶.̶ ̶b̶u̶t̶ ̶w̶o̶u̶l̶d̶ ̶b̶e̶ ̶d̶e̶l̶i̶g̶h̶t̶e̶d̶ ̶t̶o̶ ̶b̶e̶ ̶p̶r̶o̶v̶e̶n̶ ̶w̶r̶o̶n̶g̶.̶.̶.̶
The barrier is that only you and your friends would be using that Fignal or Xignal or whatever home installation, and for that practically, for ease of use, it’s simpler to host Matrix which even a complete idiot can do.
deleted by creator
You could change it to use multiple servers but changing app is faster.
So, escaping WhatsApp and Discord, anti-libre software, is the most important part.
Agreed, escaping WhatsApp and Discord is the most important part.
SimpleX
I hope it gets multi device support and sync one day, in a way that just works
You can just make a group for each contact with all of your (and their) devices in it.
It’s still a shitty workaround
If people contact me, I can’t expect them to create a group…
You can configure one or more of your profiles’ addresses to be a “business address” which means that when people contact you via it it will always create a new group automatically. Then you can (optionally, on a per-contact basis) add your other devices’ profiles to it (as can your contact with their other devices, after you make them an admin of the group).
It’s not the most obvious/intuitive system but it works well and imo this paradigm is actually better than most systems’ multi-device support in that you can see which device someone is sending from and you can choose to give different contacts access to a different subset of your devices than others.
Indeed, didn’t know that.
I prefer having the possibility of having multiple devices under the same profile 🤷
And it uses same tech as Signal.
However getting friends to join Simplex is complicated by two annoyances:
(1) It gets confused by an invite URL coming from facebook (it doesn’t know to strip the appended Facebook tracking code - as trivial as it is).
(2) When the invite is via a QR code you must scan it with SimpleX not your native camera app. Invitees just give up.
Isn’t the QR Code a link you could also open in a web browser?
No it isn’t a URL. But that would indeed be the way they could make it work. If that did that, then…
If you don’t have the app installed it installs it from the web site. If you have it installed then the app takes over instead of the web browser. That is how many apps work (eg Reddit).
There is a lot of FUD here. It’s just like anti-vaxxers claiming vaccines make you autistic or have microchips in them: they don’t understand what they’re talking about, have different threat models, and are paranoid.
Messages are private on signal and they cannot be connected to you through sealed sender. There have been multiple audits and even government requests for information which have returned only the phone number and last connection time.
Messages are private on signal and they cannot be connected to you through sealed sender.
No. Signal’s sealed sender has an incoherent threat model and only protects against an honest server, and if the server is assumed to be honest then a “no logs” policy would be sufficient.
Sealed sender is complete security theater. And, just in case it is ever actually difficult for the server to infer who is who (eg, if there are many users behind the same NAT), the server can also simply turn it off and the client will silently fall back to “unsealed sender”. 🤡
The fact that they go to this much dishonest effort to convince people that they “can’t” exploit their massive centralized trove of activists’ metadata is a pretty strong indicator of one answer to OP’s question.
So, they do not need our phone numbers but they still demand it.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Privacy: they know who you are but they don’t know what are you doing/when are you doing. Anonymity: they don’t know who you are.
Is there a quick explanation of what signal actually does? I don’t understand the need for a phone number either. Jami doesn’t ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I’m luddite enough to still be using it) doesn’t ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven’t looked into and tbh I don’t understand why they exist.
It’s not suspicious. It’s been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it’s simpler.
The code is open, if you don’t trust other people and can’t read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it’s suspicious is not productive to anyone.
-
I don’t understand what you mean about discoverability: is my presence on the network advertised to strangers and spammers? That doesn’t sound good. What does the onboarding process look like?
-
You still haven’t said what Signal’s advantages are supposed to be over alternatives, though I can guess some (e.g. better/more crypto than irc has). Jami seems conceptually ok, but buggy in implementation. Nextcloud Talk works but is kind of clunky. Matrix is popular though I’ve never used it: is it the main alternative to Signal these days? I thought it was what all the hipsters had migrated to while luddites like me were still on irc. Jitsi Meet looks nice though again I haven’t explored it much. I’ve been puzzled for a long time that there is so much work in this area yet everything has deficiencies. Are there difficult problems to solve?
-
If Signal’s code is open then of course I’d want to self-host the server. Can I do that? Does that get in the way of the onboarding process you mention? Where does the phone number come in, in that case? If I to use Signal’s server, that doesn’t sound so open, and normally there’s no way for me to verify that it’s running the same code that they claim.
I don’t see where I’m spreading FUD. Ignoring a question and calling it FUD doesn’t invalidate the question.
You can’t easily selfhost Signal. They engineered it purposefully to only run on Big Tech Clouds with specific Intel CPUs they put (too much) trust in.
Very interesting, thanks. Do you mean they use SGX (Intel’s buggy secure enclave feature)? Any idea what they use it for? If not SGX, do you know what the issue is? AMD Epyc processors have something similar but different, fwiw. If there is such highly secret info on the server though, that makes self-hosting even more important. It also makes the architecture suspect.
Yes SGX, they use it for sealed Sender, contact discovery and mobilecoin.
- Yes, kinda, if they have you in their contact books, they get a notification you joined.
Thanks. The more I think about it, the more this seems like outright evil behaviour on Signal’s part to pursue user growth, similar to Facebook etc. Imagine that you and your boss are in each other’s contacts for obvious work-related reasons. Do you really want Signal notifying your boss that you registered for Signal? For some of us it’s fine, but in general it seems like a terrible idea.
- You can easily migrate everyone from WhatsApp to Signal and they don’t have to exchange usernames as most people have the phonenumbers in their contacts. (This has massive drawbacks addressed somewhere else, one lesser known fact is that they would have to verify fingerprints anyway to be sure they are speaking to the right person an not a proxy. Instead of that they could also exchange username+fingerprint initially, like Simplex does it.)
-
Signal is a messenger service. You can expire messages after a certain amount of time.
They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.
I get that Signal is a messaging system (not sure if “messenger service” has a specific meaning). What I don’t understand is why I’d want to use it instead of any of the million others that are out there. I’ve never used Signal and don’t have the slightest clue about how it operates, but apparently it tries to mess with the contact list on your phone? That sounds bad. I use Nextcloud Chat sometimes and its web design is ugly, but it works ok and you can self-host it fairly easily. It doesn’t do anything with your phone contacts. Jami is distributed but (maybe unrelated) I often have trouble getting it to work at all.
It doesn’t “mess with your contacts”. You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.
It’s robustly encrypted and quantum secure, without metadata leaks like the sender of a message.
It’s recommended by Edward Snowden.
If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.
CONTACTS ARE UPLOADED
Robust encryption isn’t useful if you don’t verify the fingerprint and signal makes that not intuitively.
SIGNAL CLIENT HAS UNFREE SOFTWARE INCLUDED
Contacts are never uploaded
Hashes of some numbers are if you enable contact discovery
Verifying keys is easy, what are you talking about?
Do you mean the client side is open source? What about the server? If you’re required to use Signal’s server, how do you know it’s not disclosing metadata? If you can self-host it, why the phone number?
The idea is you don’t need to trust the server
Messages sent don’t contain a readable sender field
Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control
The wikipedia article looks informative and I will read through it: https://en.wikipedia.org/wiki/Signal_(software)
Is spam a serious problem on other messaging systems?
I have received maybe 3 spam messages in many years of use
Spam is a huge problem on other messaging apps I have tried
You trust the server if you don’t verify fingerprints. Signal makes that too difficult.
Sealed sender is a theater that you can enable but still have to trust Intel, aws and the signal server.
SimpleX is coming nicely along. Should be good to switch next year once they got their desktop apps polished up
Simplex has a bad user experience and needs a lot of work before it’s ready for normies.
Last time I tried Simplex, the battery drain was unbelievable. Maybe I’ll give it another go and see what happens, but I’m not optimistic.
Spam prevention
And discovery.
It’s not an argument. Think about regular mobile numbers, are they preventing spams? No.
What kind of spam are you talking about
Scams, girls wanting to chat with you, incredible money opportunities…
deleted by creator
I misread the comment you replied to originally (thought they were referring to bot spam prevention)… Signal doesn’t work like the phone network, you can’t necessarily just “call” or “text” a random person. There’s also additional verification before you can send messages sometimes.
Are you seeing spam on signal? Do you even know why spam is possible on phone networks and what the difference is between phone networks and the internet?
I don’t know what is spam for you, but when you get three message requests from three girls respectively named Tania, Clara and Ella that are contacting you about you carrier or your management skills, I call it spam.
The way that Signal integrates phone number is odd because it opens up the spam door. O understand why Signal use phone numbers this way (to make “normies” adopt Signal more easily like WhatsApp would do) but it not the best to kind of contaminate the network with the traditional cell network
Because Signal has a low user base. Why Spam on Signal, if you can reach everyone with an SMS?
The point, I believe, wasn’t about spam but likely got derailed. It was probably about the phone number requirement being unnecessary. I’ll just add that even if it is, it’s a measure geared towards common users that often need to recover access to their accounts through means they’re already familiar with, as is a verification SMS. It’s not the safest nor the most private, but it’s easier to deal with for most people. Whoever wants something that doesn’t depend on a SIM or eSIM should try Briar and SimpleX. None of these will be a perfect solution for every single person though.
deleted by creator
Maybe I am being too simplistic here. But I have never received a spam message to my XMPP account and I don’t know how a spammer would find it.
In a phone-based system a spammer can spam a list of numbers, or use contact lists that are easily shared via phone permissions. There are several low-effort discovery processes.
For e-mail, you get spam when you you input your personal e-mail into forms, websites, or post it publicly.
But for something like XMPP… It seems rather difficult to discover accounts effectively to spam them. And, if it is an actual problem, why not implement some kind of ‘identity swap’ that automatically transmits a new identity to approved contacts? A chat username does not need to be as static as an e-mail or a phone number for most people.
I just don’t see ‘spam’ as such a difficult challenge in this context, and not enough in my view to balance out requesting a phone number. Perhaps a spammer can chip-in?
Bots. If it makes you feel better, you can disable other people finding you via phone number and just give them your username. All messages are private.
But the police request the meta data of all messages from your phone number that the company has and they’re required by law to give them it.
They can “request” it all day long. Signal doesn’t store them beyond the time needed to deliver to the end user device, and while (temporarily) stored, it’s encrypted in a way Signal’s service cannot read.
The phone carrier at least here in the US is required to store the call data for 18 months, according to the one that I use.
What does that have to do with Signal?
The claim is that Signal’s phone verification step doesn’t cause privacy problems because Signal (purportedly) doesn’t retain the phone numbers after verification. That claim is falsified because the phone carrier stores the call record even if Signal doesn’t. They store it because of the same law that makes them turn it over to Big Brother on demand. The phone verification step is, therefore, a privacy problem. Obviously there are similar issues with IP routing, but at least I can use a VPN with an endpoint in another country.
No, that wasn’t the claim. Phone numbers are used for sign up, but the post’s OP was talking about messaging meta data. Messaging meta data doesn’t go through your carrier and is encrypted.
If you check the publication of signal’s cases where they had to hand out data, and in reverse the FBI leak that listed analysis of all messenger apps by what data they were able to acquire in most cases, Signal came out as one of the top options.
Oh I see what you mean. But a big enough data dump from the phone carriers identifies all of Signal’s users, not good.
The “record” is a SMS verification code. All that will tell the government is that you registered for Signal, nothing else.
Telling the govt that you registered for Signal sounds like a bad failure as far as I’m concerned, e.g. if you are a user in a repressive regime. Do you think Trump would like to get his hands on a list of all the Signal users in the US? Probably yes. What would he do with the list? IDK but it has to be bad. So it should be an objective of Signal to make it impossible for anyone to create such a list.
Anyway, it sounds like Signal has wised up and is getting rid of the phone number requirement. I don’t understand why people here keep defending the misfeature. I’ve heard such things explained as “system justification” but I still don’t understand it. All of us make poor decisions all the time, but we should at least make some effort to recognize them, and fix them when possible.
huh? so the phone number is encrypted in a way that can’t be read, but an sms is sent to the phone? … a separate company sends the text on behalf of signal? so that separate company logs the phone number, the timestamp and who knows what else.
Signal doesn’t use SMS at all, once you have enrolled. The phone number is used to validate people and exclude bots, during registration. As others have noted, you can hide your number from other users, as well.
What are you on about right now? I don’t mean that sarcastically, I really am wondering what your concern is. Are you concerned that because your phone number is associated with Signal that police will know you use Signal?
Signal doesn’t use SMS anymore, and all messages are sent over encrypted Internet protocol. Any servers in between won’t see the phone number, it’s not needed to deliver the message, it’s using an IP address at that point and the entire message metadata is encrypted. Signal is the only one that can see the phone numbers, which they use to identify multiple clients as a single user and route messages accordingly.
Its encrypted
Messages are e2e encrypted. Metadata is not encrypted.
Edit: I feel the need to qualify this statement. Metadata about your connection may be encrypted at rest but is decryptable given that signal is released metadata to authorities with a warrant/subpoena.
People told you a few times to go look for yourself what Signal can give away. Its protocol descriptions are pretty understandable.
The whole bloody reason it’s always recommended is because it’s absolutely the best thing in terms of yes, encrypting metadata. It’s state of the art, level above that bullshit you’re thinking.
Unfortunately, that also means that hosting it takes lots of resources, which means they have to screen bots and mults somehow. Phone numbers are one way. Paid accounts are another.
Phone numbers are one way. Paid accounts are another.
Rubbish. How would this stop bots? Bots are created to make money. What makes you think creators don’t have a phone number, or be prepared to pay to spam.
One account per phone number versus infinity of accounts without.
signal accounts… signal accounts everywhere!
Phone numbers cost money, which means they’re not easy to create in bulk, and therefore banning or blocking spam numbers is much easier than if it was open sign up.
what? can you show a source? I think you mixed it up with Matrix
Yes it is. Signal isnt PGP email. A lot of work went into protecting metadata.
Secret sender stops any real amount of information about messages being connected to you
These are all the court orders Signal has complied to and details all the information they give up
https://signal.org/bigbrother/
TLDR; they only give the last time the account connected to Signal servers and the time of account registration or re-registration
You should go properly read the requests from law enforcement they have received and exactly what information it contains. It’s public. Then evaluate if it matters for yur threat model. Security doesn’t exist in a vaccum.
I think it’s important to remember de difference between being private and being anonymous. Signal IS private. It’s not anonymous. The same is true for many other apps/services.
Personally I like to be private. I don’t really need to be anonymous.
Session is an alternative that does not require, or request, your phone number (or any other identifying information). Honestly, I have no idea why Signal got popular and Sessions did not. As soon as Signal asked for my phone number that set off alarm bells for me and I’ve never really trusted it since.
Isn’t Session the one with insane username strings?
Session is the one with broken security.
I don’t know that their security is “broken”. It may be, I don’t know. But also without anything that connects you to any particular message, it seems that – in itself – is a pretty good form of security.
I just don’t get why people accept Signal’s justification for requiring a phone number. They absolutely don’t need to (session proves that). It is certainly possible for them to say, “If you register without a phone number and access to your phone book then you will lose automatic discoverability by other users of Signal — meaning that you need to find another (physical) way to exchange your Signal username with your contacts”. They CAN do this. I think many users, like myself, would be fine with this tradeoff for greater anonymity. For some reason, they have steadfastly refused. The reasoning behind this refusal is what bothers me.
Yes. That was how they avoided using identifying information from their users.
So the reason Session never took off is probably because exchanging contact information is a big hassle, effectively barring users looking for convenience?
No, it had and has other problems
According to privacyguides.org, Session is listed under this message:
These messengers do not have forward secrecy, and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of all past communications.
Link: https://www.privacyguides.org/en/real-time-communication/#additional-options
This is incredibly important. Signal is considered the “gold standard” of encrypted and private communication for a reason.
Thanks for this link but your username also makes this pretty sus. 😜
This is a privacy community lol, I think you know why people use throwaways.
privacyguides.org have been a reputable source of information, also you aren’t suppose to just click hyperlinks without hovering over it and verifying that it is a trustwothy link anyways.
Ya. It was a joke.
It’s focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.
Signal IS the middleman.
no middleman
Signal is not P2P
No but it’s e2ee.
deleted by creator
End-to-end encryption have been designed so that a “middleman” such as Signal can’t read your conversation. Signal goes even further by encrypting metadata protecting other information such as who you’re talking too and at what time (some technical and targeted attack could however determined these).
In asymetrical cryptography we tend to assume that what we call middleman is a third-party placed between the two peers during the public key exchanges (such as handshake). Signal is indeed a middleman on the infrastructure level but the software has been designed to protect you from middlemen having access to the raw, unencrypted data.
That say if you don’t verify your peer’s public key it’s not impossible that someone has done a man-in-the-middle attack and that you’re sending message to him and he’s rerouting them to your peer, etc… However this is unrealistic for the average person.
So even if it’s not a p2p infrastructure but some centralized servers we can assume that there is no middleman thanks to e2ee.
You can’t just write three paragraphs (that contain half-truth, half-misinformation) about how Signal is the middleman and then conclude “you can assume there’s no middleman”. You can’t assume that. Signal is the middleman. There’s no arguments to be made against this. Signal doesn’t claim they aren’t the middleman either.
Do you know that using most P2P messenger you still rely on multiple ISP and big tech owned communication wire in order for your message to get delivered, even if there is no central server ?
What’s your point?
Of course. Sorry, but I meant no middleman as in minifying the role of the server in your messahing. Signal’s goal is to ensure the server cannot have access to your messages and its only role is to receive and send data.
THATS WRONG! Signal Server can just do a man in the middle as you try connecting to your contact for the first time. You need to verify the fingerprint manually which is not very obvious and present in the UI. In SimpleX.chat you automatically verify the fingerprint, as its the way to establish the chat to your contact and is included in the way you distribute the contact to you.
