You are viewing a single thread.
View all comments

My only gripe with signal, is the use of phone numbers as usernames. Not everyone with whom I want to communicate via signal has a phone number. I understand why they went this route, but wish there was an alternative way.

permalink
report
reply
14 points

It creeps me the fuck out. I do not get why a service that bills itself as secure needs to know something that can be traced back to my credit card and name. I won’t use Telegram or Signal because of this.

permalink
report
parent
reply
2 points

The Signal pitch is that you don’t need identity security so long as the encryption is strong enough.

That is, incidentally, the same pitch Botcoiner make.

permalink
report
parent
reply

It’s about your posture. Most people who use signal use it to have privacy from governments. They’re not hiding that they use signal, they’re hiding what they write on signal. In this case, using your phone number isn’t a big deal.

Some people, have a tighter posture, which could translate to your position. In that case, something like Briar could fit the bill.

Lastly, security and privacy are not the same thing. Google products are secure, but they are not private. Self hosted sftp, for example, is private, but may not be secure. Signal is definitely secure, at least enough for general and governmental use. So, it seems, is telegram. Signal is more private than telegram in many ways, but it is not the gold standard for privacy (because of its use of phone numbers as usernames), but it is “good enough” for the masses. The balance between good for everyone and zero-knowledge private for everyone is delicate, potentially impossible. Honestly, I don’t know if signal was able to strike that balance perfectly, but they did a much better job than many other services, certainly than those others that are accepted by the masses.

permalink
report
parent
reply
5 points

But putting a phone number in immediately exposes protesters to association. Sure, Signal can’t give out the contents of messages, but it still has the chain of contact. So if a government gets hold of this record, legally or otherwise, now you have everyone associated to a suspect phone number/person and can start rounding them up.

It’s the complete antithesis of freedom of association when there’s a record of everyone that you’ve contacted. The contents don’t enter into that problem, and I can’t see why they feel the need to keep this as part of their system. It purposely makes it impossible to use this for something like peaceful protest. So, no, it doesn’t give you privacy from governments, because governments that don’t respect freedom of association will use that information to punish dissidents.

I can’t imagine any reason to use phone numbers except to purposefully keep this chain of association for governments to use. Even Facebook doesn’t require this sort of personal proof, and it’s suspicious as hell.

permalink
report
parent
reply
1 point
*
Removed by mod
permalink
report
parent
reply
1 point

For me, today the best messaging app is SimpleX, it is a bit in early development but it’s already really nice.

permalink
report
parent
reply
34 points

You can use a username only for finding and adding friends, you only need the phone number to create an account. That’s probably because Signal started as an alternative to Messages (or whatever it was called back then), so you could send SMS if you wanted, or secure messages to friends w/ Signal. The whole point was to be a gentle transition from SMS to private messaging. However, they eventually dropped the SMS feature, but it seems they kept the phone number as username thing.

It kind of sucks, but I think that’s a reasonable limitation since the vast majority of people using this service will have a phone number. You could probably even sign up for a free trial of something (e.g. Google Fi) to sign up for Signal, set up the username, and then drop the phone number service. I don’t know if there are any problems with this, but I don’t think they do anything with your phone number after everything is set up.

permalink
report
parent
reply

Yeah. And I don’t fault them for this route. I just with I could sign up without a phone number. Maybe the username thing is a predecessor to allowing usernam-only registration in the future.

permalink
report
parent
reply
4 points

Yeah, hopefully. It would also be awesome to have a web login so I could access messages and whatnot when using someone else’s computer w/o having to install something.

I don’t know what direction they’re going, but I’m honestly okay with the caveats that currently exist.

permalink
report
parent
reply
5 points

Big concern with your number being recycled and a new user receiving the signal activation key on that number.

permalink
report
parent
reply

You need to enter your Signal Pin, otherwise you will get removed from all groups etc

permalink
report
parent
reply
3 points

Sure, and I think that would send a message to all of your contacts that a new account is using that number, but I’m honestly not sure. If you have an active account (i.e. on a desktop or something), I think you can just change your number if that happens (i.e. get another temp number).

It’s certainly more convenient if you use a longer-term number, but I think it’s feasible with a throwaway number. Once your account is set up, Signal doesn’t need your number for anything if you disable publishing that.

permalink
report
parent
reply
4 points

Another issue with phone numbers is that it makes it easier to censor - from what I heard, in Iran the confirmation SMS just would not arrive, making rentals the only option (thus making you risk your account being deleted by the new owner).

My personal biggest issue with Signal, though, was the inability to register from the official desktop client. They were pushing to register on mobile instead. There are ways around it, like Signal-Cli (what I used) and Android VMs. However, the fact that they push people onto mobile at all is worrying, because phones are much harder to make private (while you can install Linux onto pretty much any given laptop/desktop, only certain phones are compatible with alternative OSes, and mine wasn’t so I could not trust it with my chats).

permalink
report
parent
reply
2 points

Hmm, I guess then you’d need to get a VPN that works in your country (not sure how hard that is in Iran) and find a VOIP service that either doesn’t require any payment, or accepts payments from Iran.

It’s certainly not ideal, and I wish they’d eliminate the dependency on phone numbers, but until then, there are options for most people to create an account w/o having a permanent number.

permalink
report
parent
reply
2 points

Google is a very bad choice because it requires a phone number on its own. Also heard that there may be additional KYC.

permalink
report
parent
reply
2 points

Are you suggesting you need a phone number to get a phone number from Google Fi?

And yeah, it’ll definitely to KYC, because that’s a federal regulation. My point is that you don’t need the number long-term, so the number will only be associated with you for like a week while the trial period lasts. So sign up for Google Fi trial, create a Signal account, then cancel the trial. That sounds pretty reasonable to me.

permalink
report
parent
reply
14 points

I think another reason they use a phone number is that it can mitigate issues with people or bots creating hundred of accounts maybe

permalink
report
parent
reply
5 points

But there are plenty of other services that don’t require a phone number that also seem to mitigate that issue, so while it may be a convenient option, it’s hardly the only option.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 6.1K

    Posts

  • 131K

    Comments