My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.
It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I wonât use Telegram or Signal because of this.
Itâs about your posture. Most people who use signal use it to have privacy from governments. Theyâre not hiding that they use signal, theyâre hiding what they write on signal. In this case, using your phone number isnât a big deal.
Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.
Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is âgood enoughâ for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I donât know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.
But putting a phone number in immediately exposes protesters to association. Sure, Signal canât give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.
Itâs the complete antithesis of freedom of association when thereâs a record of everyone that youâve contacted. The contents donât enter into that problem, and I canât see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesnât give you privacy from governments, because governments that donât respect freedom of association will use that information to punish dissidents.
I canât imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesnât require this sort of personal proof, and itâs suspicious as hell.
You can use a username only for finding and adding friends, you only need the phone number to create an account. Thatâs probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.
It kind of sucks, but I think thatâs a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I donât know if there are any problems with this, but I donât think they do anything with your phone number after everything is set up.
Yeah. And I donât fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.
Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone elseâs computer w/o having to install something.
I donât know what direction theyâre going, but Iâm honestly okay with the caveats that currently exist.
Big concern with your number being recycled and a new user receiving the signal activation key on that number.
Sure, and I think that would send a message to all of your contacts that a new account is using that number, but Iâm honestly not sure. If you have an active account (i.e. on a desktop or something), I think you can just change your number if that happens (i.e. get another temp number).
Itâs certainly more convenient if you use a longer-term number, but I think itâs feasible with a throwaway number. Once your account is set up, Signal doesnât need your number for anything if you disable publishing that.
Another issue with phone numbers is that it makes it easier to censor - from what I heard, in Iran the confirmation SMS just would not arrive, making rentals the only option (thus making you risk your account being deleted by the new owner).
My personal biggest issue with Signal, though, was the inability to register from the official desktop client. They were pushing to register on mobile instead. There are ways around it, like Signal-Cli (what I used) and Android VMs. However, the fact that they push people onto mobile at all is worrying, because phones are much harder to make private (while you can install Linux onto pretty much any given laptop/desktop, only certain phones are compatible with alternative OSes, and mine wasnât so I could not trust it with my chats).
Hmm, I guess then youâd need to get a VPN that works in your country (not sure how hard that is in Iran) and find a VOIP service that either doesnât require any payment, or accepts payments from Iran.
Itâs certainly not ideal, and I wish theyâd eliminate the dependency on phone numbers, but until then, there are options for most people to create an account w/o having a permanent number.
Google is a very bad choice because it requires a phone number on its own. Also heard that there may be additional KYC.
Are you suggesting you need a phone number to get a phone number from Google Fi?
And yeah, itâll definitely to KYC, because thatâs a federal regulation. My point is that you donât need the number long-term, so the number will only be associated with you for like a week while the trial period lasts. So sign up for Google Fi trial, create a Signal account, then cancel the trial. That sounds pretty reasonable to me.
I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe