return to table of content

Keep your phone number private with Signal usernames

zuhsetaqi
118 replies
23h42m

If I understand correctly it’ll still not be possible to create an account without entering a phone number?

For me this is a requirement to call a service a private service because in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card

nottorp
51 replies
23h22m

... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.

tivert
40 replies
23h12m

... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.

The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).

Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.

nottorp
22 replies
23h1m

But then it's not private. It's linked to your phone number.

WithinReason
18 replies
22h58m

You can now hide you phone number, according to the blog post.

[...] Selecting “Nobody” means that if someone enters your phone number on Signal, they will not be able to message or call you, or even see that you’re on Signal. And anyone you’re chatting with on Signal will not see your phone number as part of your Profile Details page – this is true even if your number is saved in their phone’s contacts. Keep in mind that selecting “Nobody” can make it harder for people to find you on Signal.

nottorp
17 replies
22h42m

I can only hide my phone number from other people, and even for that it should have been hidden by default from the start.

Can't hide it from some thought police which may or may not need a court order.

borski
16 replies
22h33m

But it’s irrelevant, as the chats are end to end encrypted regardless. So sure, they’d know you had a Signal account, but not the contents thereof.

nottorp
9 replies
22h24m

Well, to link with recent news, do you think talking with the late Alexey Navalni over Signal would protect you from russian police? They'd still be able to see that you talked to him.

And then what's the point of the super duper encryption?

Summershard
5 replies
14h16m

Signal does not know who you correspond with. The only information they keep is the account creation timestamp, and the date that the account last connected to the Signal service.

You may have confused this information with WhatsApp which indeed keeps a lot of metadata on each user.

fsflover
2 replies
12h41m
Summershard
1 replies
12h27m

Well, TIL. That does not refute my comment, though. Signal still does not know who you chat with. It's the cloud provider who might log the IP address of the sender. Identifying the person based on that information alone would be non-trivial if not simply impossible.

fsflover
0 replies
11h3m

Signal still does not know who you chat with. It's the cloud provider

To me, it's much worse. A non-profit doesn't have my data but Amazon (and NSA) does. With Amazon's scale, it must be trivial to identify everyone.

See also: https://news.ycombinator.com/threads?id=autoexec&next=394457...

xorcist
1 replies
12h24m

Signal absolutely knows who you correspond with. How could they otherwise route your chat messages?

They promise to throw this information away, which is nice but not possible to verify.

They also employ a roundabout way of encrypting this data, but as they rightly point out in their article that describes the scheme, encrypting or hashing phone numbers is not safe from a malicious attacker. The space of all possible phone numbers is so small that it could be brute forced in the blink of an eye.

You place all your trust in Signal (and Google/Apple) when you use them. That may be better than the alternatives, but it's still something we should be honest about.

That said, keep in mind that Signal and Google/Apple can also trivially backdoor your software, so unless you take specific precautions against that, the details of their middleman protection isn't terribly important.

Summershard
0 replies
12h16m

I guess you are right. It's trust-based. For an actual obfuscation Signal would need to implement something like onion routing, right? I think Session does it.

wolverine876
1 replies
14h26m

They'd still be able to see that you talked to him.

Signal has no access to metadata, including participants in a conversation. All they know is the date of account creation and the date of the last connection.

However, if they got access to Navalni's phone, then they of course can see everything Navalni can.

nottorp
0 replies
12h59m

However, if they got access to Navalni's phone, then they of course can see everything Navalni can.

Aha :)

Do you people also want the relevant xkcd? The one about the wrench...

ivlad
0 replies
14h34m

In Signal, probably no. Signal has this sealed sender functionality hiding significant amount of metadata from passive observer and active examination post-communication: https://signal.org/blog/sealed-sender/

What Russian police would be able to see, that in a given time period of certificate rotation at most X people communicated to Navalny.

Geisterde
4 replies
20h53m

Even encrypted data is not irrelevant. The frequency of messages is relevant, as is how many messages are sent how quickly, the total package size can be revealing if they arent hella padding the data, there is a lot you can learn just from the data. Total obfuscation is ideal.

op00to
3 replies
19h35m

If you are worried of an adversary that is using numerical analysis on the frequency of messages to somehow undermine you, I’d recommend not using a smartphone or internet connected device. And perhaps medication.

miramba
2 replies
17h21m

Good to hear that you have nothing to hide, comrade.

op00to
1 replies
9h56m

We don’t insult each other here. Take the cheap potshots to Reddit.

Why worry about nation-state level attacks when you can simply be hit over the head with a mallet until you give up your password?

Geisterde
0 replies
9h37m

And perhaps medication

We don’t insult each other here. Take the cheap potshots to Reddit.

Why worry about nation-state level attacks when you can simply be hit over the head with a mallet until you give up your password?

Yes, that would be the point of obfuscation, as opposed to just encryption. End to end encryption does not prevent the $5 wrench attack, obfuscation does.

nl
0 replies
22h23m

It's not irrelevant, but the exposure is reduced.

If a person is a member of a terrorist network - or friends with someone who is - the fact that a warrant could force Signal to expose that link could mean that a court is then more likely to approve increased surveillance of your (non-Signal) communications because of that link.

On the other hand if you are a woman on Tinder and using Signal to communicate with matches, this doesn't expose you to the person you have just matched with adding your number to their phone book, uploading it to LinkedIn and then finding where you work (which is what you can do with a phone number).

My feeling is this is a reasonable compromise, but it is important people understand what it does and doesn't protect you from.

wyre
2 replies
22h57m

Luckily there are other messaging services that are private if you’re going to be that pedantic about it.

egberts1
1 replies
13h7m

But none will be as private as Signal.

fsflover
0 replies
12h39m

Matrix is more private, depending on your threat model.

garbanz0
6 replies
22h14m

Yeah, privacy is weird and cringe! Let's call 'em "privacy-bros" or maybe "encryption-bros" to signify that they are low status (I don't want to be like them, ew!)

fastball
5 replies
16h20m

If you need privacy without usability just exchange pubkeys with your friends?

verticalscaler
4 replies
14h21m

I think the remark is more about these sort of rhetorical tactics which permeate every topic. It is a fair remark.

tivert
3 replies
14h4m

I think the remark is more about these sort of rhetorical tactics which permeate every topic. It is a fair remark.

It's not a fair remark though, all it did was twist what I said into a inflammatory derailment.

The point is there are a lot of (usually technical) people who are too focused one aspect, but are missing the bigger picture. If you follow them, you'll probably get a communication app that only those people can/will use, which has deal breakers for mass-market adoption. And once that happens, those people probably won't use it either, since they want to communicate outside their group.

verticalscaler
1 replies
13h57m

Both his and your comments come off as inflammatory derailment to me. That's how it reads, I'm not ascribing malintent. People didn't use to talk like this, I hope you reconsider.

"not just weird privacy geeks who never gave up on PGP." is simply not conducive towards making your point. You can make your (otherwise solid) point and even win the argument on merit without this sort of thing.

actionfromafar
0 replies
13h26m

I try to figure out another shorthand which communicates as effectively. "Privacy minded geeks with a deep understanding of E2E encryption"?

garbanz0
0 replies
1h14m

The main selling point of Signal is privacy. That's basically the only reason it exists - without it, why not just use WhatsApp, Messenger, Snapchat, etc?

What is the usability concern for no longer needing a phone number?

makeitdouble
5 replies
21h21m

Using phone numbers allows for the kind of user discovery that most people expect in 2024

Do people really expect to still exchange phone numbers ?

Fundamentally I don't want people to call me nor SMS me (that's for spam only), most messaging services will allow contact exchange through a QR code inside the app, and if everything else fail an email address will be the most stable fallback.

op00to
4 replies
19h36m

Do people really expect to still exchange phone numbers

Yes. This is the norm in the US.

fastball
3 replies
16h19m

And everywhere else on earth.

makeitdouble
2 replies
12h55m

Not really, for better or worse.

In many countries SMS was either crazy expensive, unreliable, wall gardened to death (can't message people on other carriers...) and had no traction in the first place.

Then phone calls are also crazy expensive: I'm looking at the phone plans right now and the main focus is the data amount. Phone call options are either to only allow for super short conversations for a flat fee (less than 5min per call, for a 25% increase in the monthly plan) or 30 min to an hour of phone call for double to triple the price of the plans.

Moving to an alternative is just the normal course given these incentives, and that's what people did in droves (looking at Japan for instance)

fastball
1 replies
11h53m

In how many countries do people not exchange phone numbers as the primary means of contact?

op00to
0 replies
2h59m

Hmm... North Korea? Sealand?

hexage1814
1 replies
22h51m

and requiring them inserts a barrier to mass account creation that can keep spam accounts

Well, an even better barrier to reduce spam would be Signal to require some official ID of people...

kQq9oHeAz6wLLS
0 replies
22h33m

But that's also a barrier to actual users, which would be counter-productive.

nottorp
0 replies
12h20m

not just weird privacy geeks who never gave up on PGP

Looks like you're thinking about key exchanges as opposed to phone number exchanges.

Ever heard of user nicknames?

Angostura
0 replies
22h27m

I mean, a phone number is an arbtrary sequence of digits. I'm very happy to use a chat app where I say to someone 'what's your username?'.

I'm not giving a chat app free access to all my contacts - and that includes things like Whatsapp

TacticalCoder
7 replies
20h16m

To me Signal is in the business of collecting metadata and nothing else (for whom, that is a good question: probably some three letter agency).

egberts1
6 replies
13h5m

Perhaps you need a refresher in Signal Protocol.

Do not be sprouting on about things that you do not understand.

https://eprint.iacr.org/2016/1013.pdf

fsflover
5 replies
12h38m
growse
4 replies
9h3m

No, they're not. It's a pretty long stretch from IP traffic analysis to "who's talking to whom".

fsflover
3 replies
8h50m
growse
1 replies
8h16m

Not for Amazon I would guess

If you're worried about Signal's hosting provider seeing your device's IP address, use a proxy. Personally, I'm not, because there's no trivial way to go from "Here's some IP traffic" to "this human had a conversation with this human".

See also: https://news.ycombinator.com/threads?id=autoexec&next=394457...

I also hand BitWarden all my passwords. Therefore, the government has them, right?

fsflover
0 replies
7h42m

My link literally describes viable attacks to deanonymize users.

(But it's broken somehow:

https://news.ycombinator.com/threads?id=autoexec&next=394457...

)

egberts1
0 replies
3h38m

Court requires "what was said" for evidence as in old telcom CALEA, whereas Signal via sealed sender basically guarantees the "Spirit of CALEA".

marssaxman
0 replies
21h17m

What they need it for is simply that it's the way the system has always worked, because Signal started life as an encrypted replacement for SMS. The point was that you could switch from the standard SMS app you were already using over to Signal (which was called "TextSecure" at the time) without having to change your habits, because sending messages to people's phone numbers was simply what people did then. There's nothing nefarious about it.

aqfamnzc
0 replies
23h10m

The claim (which generally I'm inclined to believe) is that requiring a phone number drastically increases the cost to sending spam. That in turn drastically reduces the spam amount.

illiac786
13 replies
14h50m

This is not correct. Go to a phone booth, get Signal, never need the phone number again. Any phone will do. Get a phone number from a different country online and without identity check, who cares, you will never need it again.

boobsbr
6 replies
13h27m

I haven't seen a phone booth in Europe for the last 7 years.

illiac786
5 replies
13h25m

Just use the wonderful openstreetmap to find the nearest one, it will be closer than you think.

boobsbr
4 replies
8h53m

Is there a way to search for it, or do I have to scroll endlessly until i find one?

illiac786
3 replies
8h8m

As an example, this reddit comment points to a procedure:

https://www.reddit.com/r/openstreetmap/comments/96sbd6/comme...

I tested it and it works for me.

boobsbr
2 replies
5h3m

Using:

  (area["ISO3166-1:alpha2"="my_country_code_here"];) -> .a;
    node["amenity"="telephone"].
      (area.a);
      (._;>;);
  out body;
I get 2 hits, one of which says all phones were removed in 2015.

Guess I'll continue not using Signal or Telegram.

illiac786
1 replies
4h59m

Just move the map to your location and type "amenity=phone" in the wizard. Does that work? Are you willing to share the country you are in?

boobsbr
0 replies
1h28m

Belgium.

"amenity=phone" returns 15 matches worldwide.

"amenity:phone", "amenity:telephone" or "amenity=telephone" (no other filters) returns the same 2 matches.

EDIT:

Belgacom started removing them in 2013 in Brussels, and the rest of country followed suit. The Belgian regulator found it unnecessary to require them with the ubiquity of mobile phones.

https://www.bruxelles.be/sites/default/files/bxl/Com_.%20pre...

jesterson
3 replies
14h41m

wouldn't the next bloke using the booth for same cause get the whole account?

illiac786
2 replies
14h39m

Not if you set a PIN no. But I think the next bloke can't use the booth to create a signal account anymore. I don't think we'll run out of booth though considering how rare the use case is ;)

jesterson
1 replies
7h40m

Well, phone booths ain’t getting more ubiquitous for whatever reason either :)

illiac786
0 replies
7h34m

I feel it’s really 5 HN hard core privacy persons who want it. I have 5 booth in walking distance from my home, they can have them =)

Even the one who want it seem not to know about “registration block” and “PIN” concepts in Signal, so I seriously question if they really want it…

zuhsetaqi
1 replies
9h2m

… never need the phone number again

What if I lose my phone and want to login again on a new one. Don't they send a verification code to the number again?

illiac786
0 replies
8h0m

Well if you lost your only credential and it’s a secure solution, it’s gone. You must set it up from scratch again.

Since we’re discussing not providing your phone number out of privacy/security concerns, I assume that “registration lock” and PIN are on the table, which would anyway block you from registering again using the same number after loosing your phone.

Hence, the situation is the same as with your mobile phone number: no backup, no luck.

thisislife2
12 replies
23h33m

Yes, this is just Apple level bullshit - trust us with your private data even though no law prevents us from exploiting it ...

stavros
10 replies
23h26m

Damn, people will never be satisfied, will they. It's not meant to be an anonymous messenger, because those have spam issues.

fsflover
3 replies
23h8m

I never received any spam in Matrix.

stavros
1 replies
23h4m

That's like saying you've never seen any advertisements in the desert.

fsflover
0 replies
11h10m
cqqxo4zV46cp
0 replies
22h28m

Just like you haven’t received any communication from anyone about any topic other than talking about Matrix. It’s not that Matrix has a magic formula, it’s that a fraction of a fraction a percent of people care even an iota about it.

codedokode
2 replies
22h9m

They could collect a small amount in cryptocurrency to prove user is not a spammer. Telegram tried this but the price for not providing a phone number was too high. Does it mean knowing user's number is so valuable?

freeAgent
0 replies
6m

Threema is a paid app and I have never received a spam message on it. I have received spam on Signal, though.

filleduchaos
0 replies
21h25m

It strikes me as hopelessly naive to think that keeping a personal phone number private is the only reason a user would want to be able to sign up for a service completely anonymously. The question is not whether knowing a user's number is worth $X, the question is whether _anonymous access to your platform_ is worth $X; a question that applies equally to both innocent good-faith users and to spammers/phishers/etc. If your platform is actually worth anything, $X is not going to be a small amount.

And yet many people seem to earnestly believe that a tiny token fee will be enough to deter spam, despite clear evidence to the contrary (see for instance how Twitter's "verification" fee has completely failed to stop bots from overrunning the platform, many of which proudly display their blue checks).

tentacleuno
1 replies
23h22m

Signal has spam issues even with the phone number requirement, as I've experienced lately (though nothing on the scale of Twitter). I dread to think what the spam would be like without the requirement of a phone number.

Stephen304
0 replies
22h47m

At least now you can solve the existing spam problem if you want by disallowing people from using your number to message you in the privacy settings and randomizing your username after anyone new adds you - that way your username is like a one time password to add you, kind of like what lots of people here wish existed for phone calls.

prmoustache
0 replies
13h16m

Not true I don't have spam on Tox or Briar.

But sadly I don't have contacts either!

cqqxo4zV46cp
0 replies
22h25m

I could certainly point out the differences, but the fact that you yourself aren’t acknowledging them indicates to me that you’re throwing intellectual integrity out the window because this product doesn’t work in the way that you want it to work. Engineering is about tradeoffs, and not every company serves to build something that does exactly what YOU want it to. I prefer Signal the way it is. I understand the tradeoffs.

vld_chk
10 replies
21h57m

This is a fundamentally different problem for a fundamentally different audience.

If we take privacy issue, it can be divided into 3 segments:

* Privacy of user data. The basic level. When you use Google or Apple, they collect data. Even if you minimize all settings — data is still collected. This data is used to train models and models is used to sell ads, target you or do anything else you have no clue about (like reselling it to hundred of “partners”).

* Privacy against undesired identification. Next layer of privacy. When you want to have some personal life online without sharing much about you. Like Reddit, anonymous forums, or Telegram (to some degree).

* Privacy against governments. The ultimate boss of privacy. When you want to hide from all governments in the world your identity.

Signal was perfect at first layer strong but not perfect at 3rd layer (e2e encryption, no data collection to share nothing with governments who seek for data, good privacy settings, always tell you if your peer logged to new device to protect from cases when government operates with telecom companies and use sms password to make a new login), and almost non present at 2nd because they have no public features except group chats where you share your number.

Now they in one move close gaps at 2nd layer — you can hide phone number and stay fully anonymous, and strength their positions in 3rd layer, leaving the last piece open: government still will know that you have some Signal account.

As for me, this setup solves 99,999% cases for regular people in democratic and semi-democratic countries and address the most fundamental one: privacy of data and actions online.

Yes it is not perfect but barrier for government to spy on me is that high that I reasonably can believe that in most cases you should never be worried about being spied, especially if you live in some places which are named not as Iran or Russia.

The only scenario, in my perspective, you can want to have a login without phone (with all sacrifices to spam accounts, quality of peers and usual troll fiesta in such places) is when you want to do something you don’t want ever be found in your current country.

But in this case, IMO, Signal is the last worry you usually have on your mind and there are a lot of specialized services and protocols to address your need.

autoexec
5 replies
18h54m

no data collection to share nothing with governments who seek for data,

That isn't true anymore and hasn't been for years. Signal collects your data and keeps it forever in the cloud.

khimaros
4 replies
18h44m

citation needed. care to elaborate on this?

autoexec
2 replies
18h10m
barsonme
1 replies
14h59m

Signal is not a VPN. How is this relevant? Or did you link to the wrong comment?

autoexec
0 replies
11h14m

Yeah, not sure how that happened, but that link wasn't exactly what I was going for. If you scroll down far enough from there you'd find the parts I tried to point you to, but try this link instead: https://news.ycombinator.com/threads?id=autoexec&next=394457...

Just to be safe here's a copy/paste with the details:

This has been true for many years now. At the time it caused a major uproar among the userbase (myself included) whose concerns were almost entirely ignored. Their misleading communication at the time caused a lot of confusion, but if you didn't know that Signal was collecting this data that should tell you everything you need to know about how trustworthy they are.

Here's some reading from the time of the change:

https://community.signalusers.org/t/proper-secure-value-secu...

https://community.signalusers.org/t/dont-want-pin-dont-want-...

https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...

https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...

Note that the "solution" of disabling pins mentioned at the end of that last article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.

My personal feeling is that Signal is compromised and the fact that the very first sentence of their privacy policy is a lie and they refuse to update it to detail their new data collection is a big fat dead canary warning people to find a new solution for secured communication. Other very questionable Signal moves that make me wonder if it wasn't an effort to drive people away from the platform as loudly as they were allowed to include the killing off of one of the most popular features (the ability to get both secured messages and insecure SMS/MMS in the same app) and the introduction of weird crypto shit nobody was asking for.

fsflover
0 replies
12h49m

Not exactly that but looks relevant unless you trust Amazon: https://news.ycombinator.com/item?id=39414322

crotchfire
1 replies
16h53m

If we take privacy issue, it can be divided into 3 segments:

This sounds like a bunch of bullshit.

egberts1
0 replies
13h15m

Sounds like your username.

idatum
0 replies
18h28m

I just don't want my metadata (contact graph) hoovered because I send a (encrypted) message to someone that may be an over sharer on FB, etc.

I use Signal because I am a "nothing to hide and I like to own my privacy as much as possible" type online person.

Signal == more peace of mind just generally in this online world we have.

cookiengineer
0 replies
17h28m

1,2 and in part 3 were already fixed with the Signal FOSS fork back then, but Moxie and his army of lawyers decided to send out multiple cease and desist letters against those projects. Which, in return, makes Signal not open source, no matter what the claims are. If they don't hold up their end of the license and argue with their proprietary (and closed to use) infrastructure then I'd argue they are no better than Telegram or WhatsApp. Signal's backup problem is another story which might blow up my comment too much.

Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.

But it has huge potential as both a messenger and a federated and decentralized platform.

godelski
6 replies
20h28m

I think it is a holdover from the Text Secure days. And like others say, it's a different problem.

But for solutions, can't you just buy a voip number? You just need it for registration and then can dump it. I'm sure you can buy one with cash or zcash if you're really paranoid.

While in the US I don't have to show my gov ID to get a phone number, I don't know anyone who buys a phone with cash except international students. So practically everyone is identifiable anyways. But I'm not sure this is a deal breaker since all I'm leaking is that I have registered a Signal account. AFAIK Signal only has logs of an account existing and last online with 24hr resolution (which avoids many collision deanonymization methods). Even paying with cash is hard as I'm probably caught on camera (but these usually get flushed).

So I'm legitimately curious, why is this a dealbreaker? It doesn't seem like a concern for the vast majority of people, and the problem Signal is solving is secure communication for the masses, not the most secure method possible with unbounded complexity. It's being as secure as possible while being similar in complexity to the average messenger.

freddie_mercury
5 replies
20h2m

But for solutions, can't you just buy a voip number?

No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.

Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.

So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?

I don't know anyone who buys a phone with cash except international students.

Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.

graphe
3 replies
19h42m

He’d ask you to do it then like every non technical older person. It’s a non issue.

freddie_mercury
2 replies
19h6m

None of my non technical older relatives in Vietnam have asked for anyone's help signing up for the chat accounts they use.

graphe
0 replies
12h35m

If they needed signal it be because someone like you told them to get it. Non issue for the billions that use WhatsApp and Facebook.

Your uncle in Vietnam has a smartphone, no internet, no number, and NEEDS the signal app? He might need solar, electricity and internet first.

gitaarik
0 replies
17h51m

Indeed. Even most technical people don't have experience setting up VOIP stuff. And needing some techie's intervention just to create an account is not beneficial for a company's user base. Calling this a non-issue is being ignorant about how usability works and influences user engagement.

rustcleaner
0 replies
8m

Briar ('droid only), SimpleX, and Session; optionally with a cheap VPN like Mullvad or Proton to ameliorate anonymity issues in the p2p voice/video features.

crotchfire
6 replies
16h48m

in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card

Personally, I am totally baffled by this.

Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation on so many areas, except for this one, which ends up turning into a massive backdoor in the whole edifice. Okay, we can't ask for a copy of your identification card... we'll just use a telephone number or SIM code or something trivially tied back to your IMSI (like an app store account or IMEI) instead. Because of the absurd 2017 law, these are equivalent to your government ID card.

I really don't understand why Germans put up with this while simultaneously pushing so hard for positive changes in every other aspect of online privacy. Especially when so many other developed Western countries do not tie SIM cards to identities: Netherlands, Denmark, Finland, Iceland, Ireland, US, UK, Canada, and many many others.

It's like a giant `sudo gimme-your-identity` backdoor in all the other data collection protections. And nobody seems to care about closing the backdoor.

moepstar
1 replies
15h39m

It wasn't always like this - the requirement to give your ID to get a SIM card, as you noted, was only introduced in 2017 (though it certainly feels way longer ago for me).

Anyways - why does nobody care?

Simple: most don't feel this being an issue.

Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(

crotchfire
0 replies
1h31m

Simple: most don't feel this being an issue.

Sure, but what's incredibly weird is that many Germans do feel that almost all other digital privacy matters are an issue. It baffles me that they treat this one particular issue differently for some reason.

I wonder if this is some kind of mass-psychology exploit, like it doesn't occur to your average nontechnical person that the ID requirement makes your Apple app store account, and every app you use it to install, equivalent to your government photo ID.

junto
1 replies
14h12m

On the flip side, SMS fraud is almost nonexistent from German mobile numbers, which is why scammers just send from other countries to German mobile phone owners. Mostly from France.

crotchfire
0 replies
11h12m

SMS fraud is almost nonexistent from German mobile numbers

Even if this is true, how does that benefit Germans?

Nobody's seriously talking about blocking all SMSes at the national border.

berkes
1 replies
6h16m

Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation

That's the entirely wrong cause and effect.

The obvious root cause are a world war and the DDR.

crotchfire
0 replies
15m

Yes yes, of course; there are root causes and proximal causes. You are correct about the root cause, which is the reason why Germans in general care about these things.

C3 is the catalyst that turned that caring into actual tangible results. Or at least a big part of the catalyst. Their level of political effectiveness is extremely unusual in the hacker world. I'm glad it has been a force for positive change.

That said, it has limits. And I have heard rumblings before about the telecom giants (DT) being an insurmountable political obstacle. So hacker culture has more political influence in Germany than elsewhere, as long as it doesn't upset the telecom giants.

outime
5 replies
23h37m

Same in Spain since 2004 Madrid train bombings IIRC.

int_19h
4 replies
22h12m

This is the case in most countries these days. There are very few places left where you can get a mobile phone number without identifying yourself at some point.

Gigachad
2 replies
21h51m

I used to care, but at this point it’s obvious that taking a phone number is by far the most effective anti spam and anti trolling method in existence.

someplaceguy
0 replies
20h59m

Which is great when databases leak. Absolutely brilliant.

Springtime
0 replies
20h17m

There was a forum that used to have as a requirement a non-free email account and seemed to have no issues with spam accounts with tens of thousands of members for more than 10 years. In that use case it seemed the non-free account aspect to sign-up was the threshold which seemed to keep spammers out vs the fact such an email account could be (with relevant authority) traced back to a real identity.

I'd be curious if there is a study that has looked into the thresholds for different use cases at which spam account creation drops to negligible amounts and how much price vs anonymity vs difficulty factors into it.

outime
0 replies
8h59m

Not in Finland for example.

wraptile
1 replies
18h44m

Here in Thailand it's the same but phone numbers get recycled and expire very aggressively. I just got a new phone number and I can login to many platforms of some 20 year old guy who really likes pc gaming.

Phone numbers should have NEVER became an ID. Incredibly hypocritical of Signal to claim "privacy focus" when the lowest layer of the system is literally the least secure identification method we have.

123yawaworht456
0 replies
15h15m

same in my country.

I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.

both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.

there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.

ossguy
1 replies
15h30m

Why do you need a German phone number? Many countries let anyone have a phone number, with no proof of address or other identifying information. Just use one of those numbers instead. One example service is https://jmp.chat/ but there are many others.

herbst
0 replies
5h50m

It's a voip service isn't it? Those numbers will not work with many online services and even some more obscure normal providers.

giireon
1 replies
13h8m

It's still preferable to use a burner number for signal/telegram if you want privacy.

the_gipsy
0 replies
12h51m

There are many countries where it's completely impossible to get a burner phone.

joker99
0 replies
15h12m

Just use Wire (wire.com). True end to end encrypted multi device messenger, open source, federated and based on MLS. All you need is an email address, no phone number required. And based in Europe. They allow building your own clients (with some stipulations) and seem to solve everyone’s issues with signal here

WhyNotHugo
0 replies
9h48m

Partially off-topic: I've always found this German requirement baffling. In the Netherlands you can just buy a SIM card at a supermarket and pay cash. No identity, nothing.

areoform
87 replies
1d2h

Signal is one of the great undertakings of our time. And it's one of the last bastions of internet freedom.

A free-to-use global communications platform that doesn't censor, respects user privacy from the ground-up, and is run by a non-profit foundation that is faithfully dedicated to its mission. https://signal.org/bigbrother/.

We should support it. If you haven't already, then consider signing up for a recurring donation to the Signal Foundation. I try to give what I can afford, because I believe that digital freedom is essential for the progress of all humankind, https://signal.org/donate/

Without such projects, our civilization will stagnate and die in darkness.

dijit
46 replies
1d2h

Yeah, nah, it might be fashionable but I'm not 100% convinced that it's not an operation intended to be a lightening rod for "private" communication.

Given how tightly they control development, disallow third-party clients, disallow federation, disallow self-hosting servers, have a history if disallowing use without google play and have hid huge development features from the public (mobile-coin) despite being open source. etc;

The idea that it's a great undertaking of our time is so bombastic that it's guaranteed to be false even if you truly believe that they are completely altruistic (which I'm willing to believe but it's not coming easy to me based on the above).

"What's better"? Matrix. Which seeks to solve all of my points, the only thing lacking is market share which honestly is partially caused by these "easy to use" services which trade off everything else, which also consumes developer mind-share even if you're unwilling to acknowledge that. (devs are motivated to solve issues for friends, family and themselves if they are exposed more frequently to systems and services that are sub-par).

zcmack
11 replies
1d2h

in a world where iOS users won't install another free app from the app store because they already use iMessage, matrix is like asking for your friends to perform calculus just to talk to you.

dijit
9 replies
1d2h

Sure, but I don't see whatsapp/telegram as worse realistically if you've already lost at that level.

Signal is very much in the same area of: "trust us".

With a caveat that they also say: "here's a bunch of information on why you should: but you can't really verify any of it and we have proven bad faith before- also we have an army of people who will pile-on if you call us out for not being actually verified, so, just trust us- we are the secure messenger and all those scary things are just so we are easy to use".

tamimio
6 replies
1d1h

Pretty much, Signal is more dangerous for giving that false sense of privacy while you need to trust them just like other messaging apps, no thanks.

buzzerbetrayed
5 replies
1d1h

Signal is more dangerous...

Definitely not true. Facebook literally censors private conversations. You simply can't send certain text strings to your friends. That is far more dangerous than relying on a third party that claims to be protecting your privacy. Especially since all signs point to them being honest.

aembleton
4 replies
23h45m

What strings can't I send over WhatsApp?

buzzerbetrayed
3 replies
22h46m

I don't know about WhatsApp (but I also didn't mention WhatsApp), but go to FB Messenger right now, open up a conversation with yourself, and try to send a message containing the string "thedonald.win". You'll get an error message saying "Couldn't send", with no further explanation. The list of banned strings used to be longer, but they've unbanned a lot of them since the election ended.

To be clear, this is in private conversations. Not just posting publicly on Facebook or w/e.

aembleton
2 replies
11h57m

Just tried with and without quotes and it sent fine. This was on Messenger version 445.0.0.41.109 on Android 14.

dns_snek
1 replies
9h26m

Could be regional. Are you in the US?

aembleton
0 replies
9h2m

I'm in the UK.

Nab443
1 replies
1d1h

I read somewhere here that, in the case of what's app more metadata is shared with meta, and telegram doesn't have E2EE by default for groups. Didn't check though.

godelski
0 replies
1d1h

You're correct. There are more security features with signal too like the server stuff. It's true that they don't update the code enough but the parent is being overly critical. It's not like WhatsApp is giving us access to the server in any form. So it's not a fair comparison. (Edit: Also, the app can be built from source and you can verify that the communication isn't happening in a way where the server could decrypt it. So it's not too big a deal that the server isn't perfectly up to date on public commits)

To their point, there are benefits to federated systems. But I've yet to see a federated system have moderate to large usage without becoming centralized. Think email. And until this problem can be solved you're still left with a "trust us" problem. There's no trustless system out there, yet. But hopefully it comes in the future. In the meantime, signal is the best if you also want to communicate with anyone that can't tell you if a stack is FIFO or LIFO (or even know those acronyms).

godelski
0 replies
1d1h

Funny enough the best way I found to convince iOS users to talk to me on signal is by telling them it's like iMessage but cross platform. Sure there are differences but most people aren't using those features. I do think signal could really benefit by just linking signalstickers.com into the app since that's the biggest complaint I actually get.

tgsovlerkhgsel
10 replies
1d2h

The reason Signal is successful is because it at least somewhat reliably works, while Matrix is the worst of fiddleware.

https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.... explains why Matrix is lacking market share, and I think Signal's decision to be aggressively closed is due to a justified fear of becoming that.

sitzkrieg
2 replies
1d1h

the matrix protocol immediately fell over on syncing huge channels etc tho

jeltz
1 replies
1d1h

They have fixed that with sliding sync but not all clients support that yet.

NavinF
0 replies
23h39m

but not all clients support that yet

The mantra of every network that stays mediocre and never achieves critical mass

arp242
2 replies
1d1h

I think this is a false dilemma; you can have the high-quality implementations and be more open.

I've criticized Matrix before for their "protocol-first" approach and "too neutral" stance towards clients (which they've changed somewhat it seems; previously [1] was a table of clients with no clue what to choose, now it at least has "featured clients"). I feel they repeated the same mistakes as XMPP, which has not improved their client list.[2] Protocol nerds will say that's a good thing, but all it really does is ensure your protocol remains marginal because most people just get confused. People choose software, not protocols.

But you can write a high-quality client and a specification and allow people to write their own apps. IMHO Signal is needlessly restrictive. Sure, focus on your own implementation and the quality of that first. 100% the right decision. But there's no reason to not at least allow some things down the line. Signal is just a few months shy of their tenth birthday – they're well past the "ensure the quality of our official client"-phase.

[1]: https://matrix.org/ecosystem/clients/

[2]: https://xmpp.org/software/

tgsovlerkhgsel
0 replies
2h33m

As soon as you do that though, it becomes a nightmare to adjust anything about the protocol, and you end up with incompatible clients. So you can use the app perfectly with friend 1 that has the official app, but with friend 2 who uses one client, sending photos doesn't work, and with friend 3 voice calls don't work, and adding friend 4 to a group chat somehow breaks it entirely for everyone.

Friend 2 insists on using their client because it has dark mode, and for the average user, what they see isn't "friend 2 is extra and has a broken client", they see "that app fails to send pictures about a quarter of the time, let's use whatsapp".

chaps
0 replies
23h35m

At the end of the day, the problem with this model is that it expects free labor to take over the next part. Which might work for a little bit -- until it doesn't. Then you have the situation we're currently in where everything related to matrix is mediocre.

thaumasiotes
1 replies
19h21m

https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.... explains why Matrix is lacking market share

It complains that cyberfurz.chat is a "server with profanity in the name".

...why?

Arathorn
0 replies
13h18m

because the author is looking for stuff to complain about, and apparently “furz” means fart in German :|

wulfeet
0 replies
1d

That was a fun read :-)

riedel
0 replies
1d1h

I don't know if there is a straightforward correlation. I agree that my first Matrix experience was also not that satisfactory, but my university switched from XMPP to Matrix. I really liked conversations and quicksy. It just worked for me out of the box even with OTR stuff. However, it seems that there was not enough development on the server side, which I guess it led to the switch by our computing Center. Also the whole German health system as well as the army is switching to Matrix. I still think it is completely over engineered but it has a decent push.

sneak
5 replies
1d

They don’t and can’t disallow third party clients. The client is GPL.

striking
4 replies
1d

https://github.com/LibreSignal/LibreSignal/issues/37#issueco...

If you think running servers is difficult and expensive (you're right), ask yourself why you feel entitled for us to run them for your product.
sneak
2 replies
21h2m

The license in the repo says otherwise, and the license is what governs your use and modification and redistribution of the client app, not their indignation.

Forks are a natural consequence of releasing free software. This is the life they chose.

Also, free software isn’t a product.

The ToS is the only thing that governs end users connecting to the API, and it doesn’t deny end users the use of third party clients. Also, even if it did, that would be insane, like Google saying you can’t even load google.com when browsing with Firefox. It would be pretty much without precedent on the web, and bonkers.

The GPL is the only thing that governs developers’ use of the client codebase. The GPL of course allows forking and modification and redistribution.

Such forks and redistributions obviously cannot use Signal’s trademarks, so LibreSignal was dumb to do so. Ultimately the feelings of the Signal team don’t matter here - only the license under which they officially released the code. You can’t be more explicit about permitted uses than that.

You can’t be open source but then claim you don’t want forks. It’s one or the other.

penteract
1 replies
17h42m

The ToS is the only thing that governs end users connecting to the API, and it doesn’t deny end users the use of third party clients.

"You must not (or assist others to) access, use, modify, distribute, transfer, or exploit our Services in unauthorized manners" [1]

By my reading, the ToS does deny the use of third party clients. Someone could try to argue that a third party is using the services in the same manner as the authorized first party client, therefore it doesn't break the ToS; but since the company's leadership have said that's not OK (causing the mentioned client to stop being updated), I'd assume that if that argument worked in court, they'd just change the ToS to be more explicit about stopping it.

[1] https://signal.org/legal/

dns_snek
0 replies
9h18m

Who would you take to court? LibreSignal is simply distributing software, it's the users who are potentially breaking Signal's ToS by connecting to their servers using unauthorized clients.

This is like attempting to sue qBittorrent for copyright infringement.

kelnos
0 replies
22h38m

Wow, I never really followed Signal's anti-federation drama that closely, but reading that thread is nuts. The LibreSignal folks just don't get it, despite Moxie's clear (at least to me) and plain language. The entitlement there is mind-boggling.

godelski
4 replies
1d1h

I really like the idea of federation, but I haven't seen it be successful in practice. I can't think of a federated service that isn't also highly centralized. This was a big problem for cryptocurrencies and it's not like email isn't almost all Microsoft or Google. Mastodon has been struggling as well.

While I think there are better services to be private and secure from a technical perspective, there's one killer security and privacy feature that Signal has that on one else does: usability. It's pretty hard to get my grandma onto Matrix, but it isn't hard to get her on Signal. The truth of the matter is that you can't have private and secure conversations if there is no one on the other side. So while I really do like Matrix and the like, I think of them as more alpha or beta type projects. I don't find that the bashing of Signal is helpful (like we also do with Firefox) because all it does is creates noise for people that don't understand the bashing is coming over a nuanced and biased point of view (we're mostly highly tech literate here on HN, it is a bubble. But people still read our comments that aren't). End of the day, if we aren't getting 1 click server installs (or literally everyone is a host), federated systems are going to become highly centralized at some point. PGP's always failed because the easiest way to hack a PGP email was to reply that you couldn't decrypt. It wasn't appropriate for the masses even when it wasn't difficult to use. Don't get me wrong, I love Matrix, but it's got a long way to go to get mass adaptation.

Fwiw, I remember a user awhile back offering a bounty for a decentralized pathway in Signal[0]. The idea was to create an AirDrop like system to help with things like local file sharing but then extend the project forward to create a mesh network. Seems like a reasonable idea to me. I think it may be more advantageous to try to push Signal in the right direction than rebuild from scratch. I'd highly encourage people with other opinions to participate in the Signal community because it is a crazy echo chamber in there and for some reason the devs treat it as a strong signal.

[0] https://community.signalusers.org/t/signal-airdrop/

Evidlo
3 replies
1d

There is still a huge difference between a totally centralized system and partially federated one.

An analogy is the U.S. is a two-party system, but most would consider this significantly different than the one-party system in North Korea or Russia.

A federated system with a few large players is still much better than a centralized one.

godelski
2 replies
23h26m

I agree with all this, but only to a certain extent. The big disadvantage of a centralized system is the ability to control an entire ecosystem. The same reason we dislike monopolies. It's because monopolies of any kind have the ability to abuse their power, though that doesn't mean they do. I mean browsers are "decentralized" and that doesn't stop Google from exerting significant control, especially considering most browsers are chromium (I find it weird people say to fight Chrome by switching to a different color of Chrome).

Like I said, I'm all for Signal becoming federated. It's why I dropped that link to the airdrop feature request. I'd also be in favor of people running their own servers. I mean the server code is available, you just can't connect it with the main network. So as far as I see it, there's nothing stopping this from happening. I see a lot of people complaining but I'm not aware of any major roadblocks. That doesn't mean there aren't any, but I'm just not aware of any. And fwiw, there are alternative Signal clients like Molly[0]. So at least the app can be disjoint from the official ecosystem.

[0] https://github.com/mollyim

ericjmorey
1 replies
6h28m

Signal has said that they don't want a decentralized network until they have settled on their standard and implementation as they see decentralized federation as what has prevented email from modernizing . I'm assuming they will never get to the point where they feel Signal is stable enough to decentralize.

godelski
0 replies
4h18m

I'm not sure why people keep responding with this. Signal doesn't want to work on the federated problem, sure, I'm well aware. But everything is open source. We're on a forum of hackers, makers, and programmers. So what is in the way? People keep saying "Signal this" "Signal that", what are they gonna do, stop sourcing the code? Ruin their entire business model? I doubt it. The code is open, so seriously, someone tell me what's stopping you all from creating a federated version?

snickerer
2 replies
1d1h

We really should convince Moxie Marlinespike to push the implementation of an out-of-the-box working bridge between the Signal client and the Matrix network. With e2e encryption, of course.

input_sh
0 replies
1d

I think we're definitely approaching time when Signal / WhatsApp / Facebook Messenger / Google Messages / Matrix / etc will all become at least somewhat interoperable, and it's gonna happen very fast (~Q3), mostly because EU's Digital Markets App is basically forcing them to. (Well okay, only Meta-owned platforms are forced to.)

Matrix did an interoperability talk on FOSDEM (https://fosdem.org/2024/schedule/event/fosdem-2024-3345-open...) and it's basically confirmed (https://www.wired.com/story/whatsapp-interoperability-messag...) there was some experimental work done on connecting WhatsApp (and ergo every other Signal protocol compatible app) and Matrix.

Evidlo
0 replies
1d

From Moxie himself (excerpt from Github issue):

It is unlikely that we will ever federate with any servers outside of our control again, it makes changes really difficult.

... I understand that federation and defined protocols that third parties can develop clients for are great and important ideas, but unfortunately they no longer have a place in the modern world. ...

Also, hasn't Moxie basically left Signal?

pests
2 replies
1d1h

Just because a project is open source doesn't mean everything the team works on or releases will be in the public eye, nor does it even imply that it has to be open source as well.

theultdev
1 replies
1d1h

That's not what this is about.

It's not just any open-source project.

It's a privacy-orientated open-source project.

They could at least BSL the server code and allow others to verify the server code and host but not compete.

growse
0 replies
1d

They could at least BSL the server code and allow others to verify the server code and host but not compete.

This is exactly what they do (except they use AGPL): https://github.com/signalapp/Signal-Server

parl_match
1 replies
1d1h

Signal has its problems, some of them sever. It's also buying "us" much needed time to build out federated and self-hosted chat platforms.

I truly believe they are altruistic, although it is unrealistic to expect that to last forever.

By the way, some of the claims you made about their "bad actions" are actually false. And Matrix is still incredibly annoying to work with for "normies" and only recently got first-class E2EE and retention policy, both things needed for a secure chat experience. And btw, those things aren't deeply supported in the ecosystem, and also it doesn't have client feature flag alerting (to allow good intentioned clients to de-facto report they don't support certain security features).

I do think Matrix (or something like it) is the future, but it's certainly not the present.

pimlottc
0 replies
1d1h

*severe

uraniumjelly
0 replies
1d1h

XMPP cries in a corner. I wish XMPP had more accessible (to the general public) desktop clients. Conversations is great, but speaking from experience, people aren't going to want to use Gajim because it looks like it's ten years old (even though that's a good thing ;). XMPP needs better clients in general. The last time I used Profanity it had very annoying bugs about sending and saving OMEMO encrypted files.

mindslight
0 replies
1d1h

I agree about the passing utility of Signal [0] but Matrix (which I do use) is a barely adequate dumpster fire. They spent all this effort developing a generic synchronization protocol, but yet didn't include native encryption in 2014 and had to bolt it on as an afterthought? And the last time I tried to find a native client it seemed like they were all still using web engines for rendering (inherently slow and insecure), presumably because the markup is too complex to make straightforward native apps.

[0] I don't even use Signal. My tack is to isolate and contain my "mobile phone" device as much as possible (when I'm home it generally stays next to the door on a charger). Whereas Signal has been designed around that single device as a critical part of my life. When I can sign up using only a username, and use Signal from a native client or web browser without any sort of Android device in the picture, then I'll be interested.

kelnos
0 replies
23h2m

Matrix?! As someone who runs is own Matrix homeserver, oh, man, no way. Matrix is super fiddly, unreliable, and user-unfriendly (and I say this as someone who has at times agreed that Signal can be user-unfriendly).

Matrix also is just not particularly private. Servers control and know far too much about users, and pretty much no mainstream client enables E2E encryption by default. Matrix is an impressive piece of technology, but it has a long way to go before it's as usable for an average mobile phone user as Signal is.

chaps
0 replies
1d1h

Easy to use is important and it's a shame that you're downplaying that. More accessible than PGP/OTR? Sure. But maybe by a hair's width of an alligator's back.

If I am working with a source who gets frustrated by the impenetrability of communicating with me because I insist they use matrix while they're not technical and likely impatient, then that person will be much more likely to use a fallback method such as SMS or email, and they'll do it without warning. It's legal risk, period. My job is to make sure that they can share information with me as easily as possible and during a particularly sensitive period of that person's life, usually. Matrix, as a sibling post highlighted well, is too difficult for this use-case. That is an enormous failure for a use-case of sensitive information sharing.

miramba
15 replies
1d2h

Requiring a phone number is like asking for an id. What does signal offer that whatsapp doesn‘t? Serious question.

Edit: Ok, ok, I was wrong, signal does have advantages over whatsapp.

revicon
3 replies
1d2h

Whatsapp message content can be pulled via a subpoena along with a lot of other private data. Signal's can not.

FBI doc on what messaging apps can provide via subpoena pulled by a FOIA request...

https://propertyofthepeople.org/document-detail/?doc-id=2111...

rmgk
0 replies
1d1h

That link says for WhatsApp:

Message Content: Limited*

* If target is using an iPhone and iCloud backups enabled, iCloud returns may include WhatsApp data, to include message content
godelski
0 replies
1d1h

I think this link is better

https://signal.org/bigbrother/

arp242
0 replies
1d1h

Whatsapp message content can be pulled via a subpoena along with a lot of other private data. Signal's can not.

Your own link does not say that. At all. It directly disputes that.

nicce
1 replies
1d2h

WhatsApp does not provide real encryption - all the metadata is unencrypted!

KomoD
0 replies
1d2h

And they're also owned by Facebook, not exactly a company that should be trusted

cja
1 replies
1d1h

1. Facebook owns WhatsApp and uses it to collect data about people, such as who they communicate with, how and when. They also know about many of the websites you visit and what you do there. They know everything you do on Facebook, Facebook Messenger and Instagram. They buy mountains of data about us from other sources. By analysing all of that data they can probably do a reasonable job at guessing the content of your WhatsApp messages.

2. WhatsApp tries to get every user to accept the option to backup messages and photos to Google Drive, where they sit unencrypted and accessible by Google. Even if you reject that option yourself, your correspondents are likely to have enabled it (if only just to stop WhatsApp from nagging about it) and so your messages are available for Google to read. Example of why this can be bad: https://www.vice.com/en/article/zm8q43/paul-manafort-icloud-...

3. Google Photos asks WhatsApp users if they'd like it to back up their WhatsApp photos. Even if you reject that option, your correspondents may have enabled it and so your photos are stored online unencrypted and accessible by Google.

4. Why should we limit what Google and Facebook know about us? Google and Facebook influence our behaviour for the benefit of their paying customers. Their computer systems are too powerful for our minds. They work against us, not for us. Companies like Facebook will come to be seen like tobacco companies, except that the harm is as from mind altering drugs. There is a documentary on Netflix called The Social Dilemma which explains this well. The polarisation of societies and the spread of conspiracy theories are some of the effects. The only defence is to disengage.

5. Read about Chinese-style social credit to understand why you want companies like Facebook and Google to know as little about you as possible. This is a good overview: https://nhglobalpartners.com/wp-content/uploads/2021/10/chin...

joshuaissac
0 replies
1d1h

backup messages and photos to Google Drive, where they sit unencrypted and accessible by Google

WhatsApp provides an option (off by default) to encrypt the backup with a password so that it cannot be decrypted by Google.

pyramid301
0 replies
1d2h

Whatsapp only e2e encrypts message contents. The only thing Signal knows about you at any given time is the time of account creation and the date of your account’s last connection to Signal servers. That's tied to your phone number. They don't know who you chat with, the contents of those messages, your phone contacts, anything.

I'd get a chuckle out of comparing that with the privacy of Whatsapp.

purplejacket
0 replies
1d2h

Again: Metadata. WhatsApp records a timestamp of every message you send/receive, and who the other party is. Signal only records two pieces of metadata: timestamp of when you signed up, timestamp of the last time you sent a message.

ninkendo
0 replies
1d

My 2¢, as someone who tried using WhatsApp once and ran away screaming:

WhatsApp requires you to give it access to all your contacts (your entire address book) in order to use it at all. This information is uploaded straight to Facebook’s servers where they’ll inevitably use it to place your WhatsApp account in a social graph so they know who you are based on your contacts. I found this to be unacceptable so I uninstalled it.

kelnos
0 replies
22h32m

Even if all the other things sibling posters mentioned didn't exist, the simple fact that Whatsapp is owned by Meta and Signal is not... well, that'd be enough for me.

croes
0 replies
1d2h

No data sharing with FB

__MatrixMan__
0 replies
1d2h

People who subpoena Whatsapp know who your friends are.

Vinnl
0 replies
1d2h

It encrypts your metadata (the most important data) and doesn't use it to manipulate you. It's a non-profit. And now you can use it without exposing your phone number to other users.

jjav
13 replies
1d1h

And it's one of the last bastions of internet freedom.

I don't want to be too negative on Signal since they do some good work and I do use it.

But freedom? No. It is another completely proprietary platform. A better one, but still proprietary, so the antithesis of internet freedom.

For example just earlier this month the Signal client overnight stopped working on my old Mac because they decided to no longer support older OSX releases. So I can longer use it on that machine, my primary desktop.

If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.

godelski
6 replies
1d1h

As far as I'm aware, everything is open[0]. Only issue I know of is that the server code isn't consistently up to date and you can't run your own. But you can compile the app and desktop clients yourself. I guess there's also the issue of reproducible builds but AFAIK this is a play store issue and doesn't seem that problematic since you can compile from source. I mean they even have a commit from 4 days ago for the Android app.

[0] https://github.com/signalapp

jjav
4 replies
1d1h

Only issue I know of is that the server code isn't consistently up to date and you can't run your own.

Why can't you run your own? Sounds like it is not entirely open. (Never looked into it, so would be interesting to understand what is missing.)

But you can compile the app and desktop clients yourself.

This has been talked at length here in HN before, they prohibit any clients other than their proprietary binary distribution.

If that has changed, I'd be thrilled. Can anyone point at it having changed?

numeri
1 replies
1d

I believe what the grandparent comment meant was that you can't run a server that participates in the public network, not that you can't run a private server. That was my prior understanding, at least.

I might very well be wrong, and if so, someone please correct me.

godelski
0 replies
23h40m

That is correct. I should have been clearer in my distinction. You can run your own server but that server won't connect to the official Signal network. You're completely fine to run your own[0]. FWIW I've seen other software roll their own servers and use the Signal protocol. I mean WhatsApp uses the Signal protocol but I think they've diverged a lot since.

[0] There's always talk about the big deal breaker for Signal being that it isn't federated. So I've always wondered why this passion isn't used to generate a federated Signal network and is more focused on Matrix (who only recently started being E2EE). I don't know how these things work, I'm not that kind of programmer, but I can't see why you couldn't modify the server code to work in a federated fashion and edit the app code to be able to connect to both? I'm actually interested to know why if someone actually has an answer.

imkh
0 replies
1d

There are quite a few forks that connects directly to the Signal servers, [Molly](https://github.com/mollyim/mollyim-android) being the most well-known I believe.

From my understanding, they're not a fan of it (not sure if it's officially against their TOS or not) but they don't go out of their way to stop them. At least as long as you don't use the Signal name and make it clear you're not an official app.

Even in this blog post about usernames, they clearly make sure to mention them: "This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app."

gruez
0 replies
1d

they prohibit any clients other than their proprietary binary distribution.

source?

BHSPitMonkey
0 replies
1d1h

Signal has documentation on how to reproduce their Play Store builds and compare them with what you've installed locally:

https://github.com/signalapp/Signal-Android/blob/main/reprod...

gruez
2 replies
1d1h

If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.

Isn't the source code available? What's preventing you from compiling your own copy?

dingnuts
1 replies
1d

The server is centralized -- you might be able to stand up your own but it doesn't matter because you can't use it to talk to anyone else who isn't using your custom built app that uses your server

gruez
0 replies
1d

In other words you're complaining that it's not federated? That point has been relitigated in other parts of this thread so I don't want to go down that path. More to the point, I don't think that's what the parent post is talking about. He's complaining how he can't run signal on his outdated machine, not that he can't run his own private server.

warwren
0 replies
1d1h
j0hnyl
0 replies
1d1h

I believe signal is completely open source...

a1o
0 replies
1d1h

old Mac

older OSX

How old OSX are we talking? Is it older than current Xcode with Sonoma supports? If it's that, then you have your answer. If you want to daily drive and older machine Linux or even Windows should be fine, but this is not really the way with Apple hardware - if it was, Xcode would make this easier for the developer. For reference, you can still build for Windows Vista using current Windows 10 SDK - I haven't tried Windows 11 SDK, so not sure how things are there.

oezi
3 replies
1d1h

While I am thankful that Signal exists and is a considerate of privacy concerns I don't think their decisions are always right.

For instance, I would love to see picture sent to me by my spouse automatically saved to camera roll. Signal has no option for this because it could put the privacy of me and the sender in jeopardy.

kiwijamo
0 replies
23h24m

WhatsApp has this feature and it drives me nuts. My roll is full of crap people (especially chat groups) send me and I have to clean it up every now and then. I surely hope Signal doesn't do this and keeps the current approach of allowing users the option to download the images they want, when they want.

kelnos
0 replies
22h33m

I actually like it this way. Occasionally (not always, which is even more confusing), images from random Whatsapp conversations ends up in the Android equivalent of my camera roll, and it annoys me to no end.

My camera roll is for photos that I have taken. If I want to put something from someone else in there, that's a decision I will pro-actively make. Other apps shouldn't be doing that for me.

godelski
0 replies
1d1h

They have a community forum with a feature request system. Though I'll admit it's a big echo chamber there. But every new user adds a new voice and I can't see how that isn't a good thing.

Fwiw, I want this feature too. And others. I've submitted feature requests in the past. I even asked that usernames add QR codes and links. I'm not sure if I was heard, but hey, the feature is there and even some of the echo people were against it.

tw04
2 replies
1d

They need to actually listen to users. Signal needs to support SMS, they need to support backups, they need to support easily migrating to new devices. I don't care if it makes me slightly less secure, make it a checkbox in the client that I agree if I enable the features, I'm a moron because some nation state could abuse it.

Otherwise, it'll always be niche. I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging. When they say "users might not know they're sending insecure SMS messages" - fine, you own the client. Make the client bright red with a flashing "INSECURE MESSAGES" across it for all I care. It's not hard to inform a user in 2024 that they are sending a less secure message.

newaccount74
0 replies
23h54m

Signal has so many footguns that I stopped recommending it. I know more than one person who lost all their messages and pictures when they switched phones.

kelnos
0 replies
22h35m

I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging

Er, what? So no one you know uses Whatsapp, FB Messenger, Telegram, Google Talk, or anything else? I suppose it's possible that's true, but even if so, you and the people you know do not represent the common-case user.

purpleblue
1 replies
1d1h

I thought I read that Signal has some funding by the US government. Was that not correct?

godelski
0 replies
1d

That's correct, but so what? So does Tor. The US isn't a single unified entity. They get some funding from groups that promote encryption. Gov still wants encryption for their own people and for people in authoritarian countries (it's hard for normal people to overturn an authoritative government when all communications are watched. No need to discuss CIA). But also remember there's plenty of US gov groups that attack Signal too. Just saying "US funded" isn't strong enough on it's own. The gov has it's hands in everything so it's too noisy. You'd need to make an argument about it's dependency on that money, which they aren't. Records are public btw, they are a nonprofit.

godelski
0 replies
1d2h

We should support it. If you haven't already, then consider signing up for a recurring donation to the Signal Foundation.

I always like to remind people that you can also donate through your employer and many will match. This is a great way to multiply your donation and everybody wins. Your org is going to donate x amount a year anyways and so might as well "vote" on where some of this money goes.

tamimio
83 replies
1d3h

So basically copying telegram way. That being said, why does Signal still require a phone number in the first place? Exactly, because when needed, it will be used to be linked back to your real identity, it has nothing to do with spam or anything, Signal isn’t a social media with public posts and what not, it is a messaging app.

callalex
32 replies
1d3h

it has nothing to do with spam or anything

What experience do you have to have gained this confident knowledge?

verisimi
31 replies
1d3h

Would they be able to resist a secret court order?

Sanzig
12 replies
1d2h

Signal publishes their responses to court orders already: https://signal.org/bigbrother/.

Obviously doesn't include warrants they may have received where a gag order is in place, but you can see from the responses they do publish that they only store phone number, initial registration date, and last connection date.

autoexec
9 replies
1d2h

They love to brag about the times when they were asked to hand over data and they had to tell the feds that they couldn't because that kind of data was never collected or stored in their systems in the first place. They still love to brag about it, but it's no longer true. They now collect and permanently store in the cloud exactly the kind of data that the police and feds were asking them to provide. Your name, your phone number, your username, your profile picture, and most importantly a list of everyone you have contacted with signal.

This is in direct opposition to the very first line of their privacy policy which lies when it states "Signal is designed to never collect or store any sensitive information." and they've refused for years now to correct that lie and update their policy to detail all the new data collection they're doing.

roughly
8 replies
1d2h

Do you have details on this? Given that usernames just came out, I don’t expect they’re storing many of them, but I’m interested in specifically a source for “a list of everyone you have contacted with signal”

autoexec
5 replies
1d2h

This has been true for many years now. At the time it caused a major uproar among the userbase (myself included) whose concerns were almost entirely ignored. Their misleading communication at the time caused a lot of confusion, but if you didn't know that Signal was collecting this data that should tell you everything you need to know about how trustworthy they are.

Here's some reading from the time of the change:

https://community.signalusers.org/t/proper-secure-value-secu...

https://community.signalusers.org/t/dont-want-pin-dont-want-...

https://old.reddit.com/r/signal/comments/htmzrr/psa_disablin...

https://www.vice.com/en/article/pkyzek/signal-new-pin-featur...

Note that the "solution" of disabling pins mentioned at the end of that last article was later shown to not prevent the collection and storage of user data. It was just giving users a false sense of security. To this day there is no way to opt out of the data collection.

My personal feeling is that Signal is compromised and the fact that the very first sentence of their privacy policy is a lie and they refuse to update it to detail their new data collection is a big fat dead canary warning people to find a new solution for secured communication. Other very questionable Signal moves that make me wonder if it wasn't an effort to drive people away from the platform as loudly as they were allowed to include the killing off of one of the most popular features (the ability to get both secured messages and insecure SMS/MMS in the same app) and the introduction of weird crypto shit nobody was asking for.

tamimio
3 replies
1d1h

I never used signal or wandered in their communities, but wow, thanks for sharing that!

autoexec
2 replies
1d1h

I was a user and a fan. Spent years recommending Signal to others. People are pretty used to software turning to shit but it still sucks to have to reach out to tell people they should look for alternatives to the software I'd once recommended to them.

I swear if VLC ever turns evil I'm giving up on recommending software forever (in the meantime, check out VLC if you haven't already!).

tamimio
1 replies
1d

I was a user and a fan. Spent years recommending Signal to others.

I don’t blame you, I think it did start with a good promise initially, but I believe just like anything centralized that turns big, it will become evil.

in the meantime, check out VLC if you haven't already!

The player? Or is that a new messaging app? For messaging I usually use Matrix/simpleX/Session.

autoexec
0 replies
1d

The media player. It's probably the oldest application I use that's gotten nothing but better with time.

growse
0 replies
1d

There's a big difference between "collecting and storing" and "collecting and storing an encrypted version of".

If there was such a hoo-hah and it was trivial to patch out, I expect we'd have a thriving patched fork up and running by now.

ThePowerOfFuet
1 replies
1d1h

Sealed sender.

autoexec
0 replies
1d1h

Even before they added all the data collection and cloud storage 'sealed sender' didn't do much to protect users.

"Even under the sealed sender, observers said, Signal will continue to map senders' IP addresses. That information, combined with recipient IDs and message times, means that Signal continues to leave a wake of potentially sensitive metadata. Still, by removing the "from" information from the outside of Signal messages, the service is incrementally raising the bar." (https://arstechnica.com/information-technology/2018/10/new-s...)

A couple years after that "incremental" improvement Signal started keeping everything forever in the cloud which means that today governments can get a signal user's information just by brute forcing a PIN

roughly
0 replies
1d2h

I do love that the two responses to this question are a confident assertion that they surely wouldn’t do that and yours posting evidence they do.

_zoltan_
0 replies
1d2h

this seems to have stopped in 2021?

toomuchtodo
7 replies
1d3h

No tech professional is going to resist people with legalized force showing up at their door.

tamimio
4 replies
1d2h

That’s why you design a system that doesn’t require such info in the first place, if you don’t have it, nothing to hand over.

xboxnolifes
0 replies
1d2h

That doesn't explain why it has nothing to do with spam.

If you know how to build an anonymous communication platform, that is convenient to use, and is also spam resistant/proof, you have the miracle platform idea.

insane_dreamer
0 replies
1d2h

that already exists; IRC for one. But not particularly user-friendly for everyone (requires presence).

heavyset_go
0 replies
1d1h

And then when you're faced with potential criminal suits and/or the security state coming after you for "national security" reasons, you implement the tracking the government wants so you don't potentially go to trial and/or prison.

Vinnl
0 replies
1d2h

That's why Signal only stores your phone number (and when you last connected) - they know nothing about your real identity, so they can't link it back to you.

miohtama
1 replies
1d2h
toomuchtodo
0 replies
1d2h

True, but edge case. Spine and fortitude are rare.

stavros
5 replies
1d3h

An order to what? Hand over a random phone number?

anigbrowl
4 replies
1d2h

As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.

growse
3 replies
1d2h

As if you can't get a whole lot of information on most people with just their phone number. The number of people whose Signal ID is built off a burner phone ad no longer traceable back to them is miniscule.

Yes, but what are you going to do with this information? All you know is how long they've been a signal user and when they last connected.

heavyset_go
2 replies
1d1h

You correlate that with the chat logs you've secured from a phone that's been confiscated or subpoenaed.

The metadata itself is just as valuable as the content of the messages.

If you want to prove that criminal A was in correspondence with criminal B, that's how you do it.

As per this comment, they store much more than just the last connection time[1].

[1] https://news.ycombinator.com/item?id=39445791

growse
1 replies
1d

If you got the physical device and the data on it (unencrypted), then what do you need the server for?

anigbrowl
0 replies
17h49m

You're not thinking this through. You might have someone else's device with access to their signal chats, but need to confirm the identity of someone they're talking to. You might have been able to ID a person but only have had temporary access to the message data (eg undercover agents who sneak or are granted a look at someone else's Signal messages). You might have a Signal conversation with someone you suspect of crime, and want to establish correlation with their use of signal (by most-recently-accessed timestamps) and some other activity.

autoexec
3 replies
1d2h

At this point that's entirely unclear. Because they're keeping your data in the cloud my guess is that the US government can easily access that data and any other government can get anyone's data as long as they can guess the person's PIN. You can find a discussion on the problems with their security here: https://community.signalusers.org/t/proper-secure-value-secu...

egberts1
2 replies
13h0m
fsflover
0 replies
11h25m
autoexec
0 replies
11h10m

That was before they started collecting and storing sensitive data in the cloud.

See https://sgaxe.com/files/SGAxe.pdf for an attack that leaked Signal contacts.

Vinnl
28 replies
1d3h

why does Signal still require a phone number in the first place?

From https://signal.org/blog/signal-is-expensive/

We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. This is a critical step in helping to prevent spam accounts from signing up for the service and rendering it completely unusable—a non-trivial problem for any popular messaging app.

I'm not sure why you need to assume that it will be linked back to your real identity; I haven't seen anything that indicates any motivation to do something like that. I'm all for being cautious, but being overly cynical can lead to letting perfect being the enemy of the good.

tamimio
23 replies
1d2h

For the spam part, I commented below how’s that doesn’t work and it doesn’t even make sense for a messaging app.

I'm not sure why you need to assume that it will be linked back to your real identity;

I’m not assuming, only North America (edit: and some European countries) doesn’t require an ID for a phone number (1), and even in here, you would use it in other services that are linked to your real ID like banks or paying the phone bill online. The concept simply boils down to as soon as you find an account’s phone number, it’s a game over for that said privacy.

(1) https://www.comparitech.com/blog/vpn-privacy/sim-card-regist...

hnarn
21 replies
1d2h

The concept simply boils down to as soon as you find an account’s phone number, it’s a game over for that said privacy

You completely misunderstand what kind of privacy Signal aims to achieve. Signal protects you from eavesdropping and data hoarding, two major privacy issues with solutions like Facebook Messenger for example.

They do not and have never claimed to offer a service where “privacy” means nobody knows who anyone is, it isn’t Tor and I wouldn’t want it to be.

If you don’t like the goals and design choices of Signal, just use another service.

There are benefits of the choices they’ve made, namely ensuring that most users of the service are “real people”, which I think is great. It’s not a social network, it’s a messaging app between friends that solves issues presented by alternatives like SMS or Instagram; that’s it.

eimrine
12 replies
1d2h

Signal protects you from eavesdropping and data hoarding

How on Earth collecting a phone number may be considered as not data hoarding?

nrabulinski
8 replies
1d1h

Because they don’t know anything except the phone number so all they have is a list of phone numbers which maybe people use. Quite different from Facebook reading everything you send, for example

kuschku
4 replies
1d1h

They either already store or would be able to log everything about who is sending messages to whom, and when.

That's the vast majority of what intelligence agencies actually care about. They rarely care about message contents anymore.

hprotagonist
1 replies
1d

we know specifically that signal does not do this.

kuschku
0 replies
23h35m

We assume they don't log this data.

We don't know whether an intelligence agency is listening in on their servers and logging this data.

Assuming an eavesdropper that can defeat TLS or is listening via DMA attacks on the signal servers,

- you can log initial signup or login, which allows you to connect user id and phone number

- you can log the first time a chat is created, which allows you to build a social graph of which person is connected to which other people

- even with sealed sender, you still know the identity of the receiver and the IP address of the sender, which is often enough to figure out who is in contact with whom

This would be enough dragnet surveillance to automatically figure out the contacts of people you've already identified as threats. You'd also have enough evidence to get a sealed court order to do targeted surveillance on these people.

growse
1 replies
1d
kuschku
0 replies
23h43m

On the opposite end of the spectrum, users who want to live on the edge can enable an optional setting that allows them to receive incoming “sealed sender” messages from non-contacts and people with whom they haven’t shared their profile or delivery token. This comes at the increased risk of abuse, but allows for every incoming message to be sent with “sealed sender,” without requiring any normal message traffic to first discover a profile key.

By default, the first message between someone and you clearly identifies who is communicating with whom. That's enough.

codedokode
2 replies
1d

A list of phone numbers and little money is easily exchanged to names and addresses on black market in many countries.

gitaarik
0 replies
17h5m

And how to these black markets connect the phone numbers to names? I guess from data collected from more insecure sources. So I think Signal is being responsible with their data.

Also, you need some way to log in to your account. So you need an identifier and some way to validate that you are the owner of that identity. And next to that you want to prevent spam. So I think the choice to use a phone number as an identifier for a text-messaging app that is meant to be a secure replacement of SMS is not that weird.

But let's say they are data hoarding our phone numbers, and they can get other details about us through the black market because we use other more insecure services where we suddenly don't seem to care about privacy. Then what do you think Signal does with this data? They can't resell it because they don't have anything unique, they actually need to invest money to link their database of just phone numbers to something else. And then? What malicious things will they be able to do?

__MatrixMan__
0 replies
5h28m

Ok, now you have a list of people's names and you know they have signal installed. Google and Apple also have this (presuming you installed it via a mobile app store). Your carrier has this (from the IP addresses on your messages).

What have you gained? What does the attack look like?

hnarn
0 replies
1d2h

Are you misunderstanding what data hoarding means on purpose or do you really think it’s equivalent to the business model of say Google or Meta?

brnt
0 replies
8h48m

Hoarding =/= collecting the bare necessities. Signal needs one piece of data to distinguish users from each other, and collects that. Hoarding would be to collect (significantly) more pieces of identifying data, more than needed to distinguish users. Signal does not appear to be doing that.

__MatrixMan__
0 replies
1d2h

It's a lot less like data hoarding than keeping a separate copy of your social graph. What is an adversary going to do with a list of phone numbers that are known to have signal accounts and nothing else?

tamimio
5 replies
1d2h

Signal protects you from eavesdropping and data hoarding

Do they?! We can ask Tucker Carlsons about that https://www.reddit.com/r/signal/comments/16evuej/did_the_nsa...

As long as you can’t host and use your own server, you should never assume that.

There are benefits of the choices they’ve made, namely ensuring that most users of the service are “real people”

You communicate with your colleagues and clients over emails and you know they are real, you probably play games too and use discord and you know they are real, meanwhile you can be talking to bot in twitter that they are registered with a “real” phone number.

Sohcahtoa82
4 replies
1d1h

Do they?! We can ask Tucker Carlsons about that https://www.reddit.com/r/signal/comments/16evuej/did_the_nsa...

A lot of people in the comments have things to say about that video.

Personally, I wouldn't trust anything that comes out of Tucker's mouth.

tamimio
3 replies
1d1h

Focus on the issue, not the person (Tucker), you might not trust a person which is fair, but you are still trusting Signal’s server, you can NEVER know if they have a memory injection backdoor running in there, you can audit the code as much as you want and it still passes, yet, the messages are compromised.

luuurker
1 replies
1d1h

There are ways of getting messages without breaking Signal or using a backdoor. One of them is getting the messages from the other party(ies) involved. You can't protect yourself from this even if you self host. Something else that might happen is you ending up with your phone hacked because you're talking with someone close to Putin.

The only way to know for sure is for you to create an alternative service, write all code yourself, and host everything without ever leaving your server alone. And even then you can't be sure you haven't been hacked.

On a side note, if we're getting information from someone that lies a lot and often leaves out details that don't fit the narrative, then perhaps we should also look at the person, not just the issue.

tamimio
0 replies
1d1h

One of them is getting the messages from the other party(ies) involved. You can't protect yourself from this even if you self host.

You certainly can, the self destruction messages are one of the ways, sure, it is not the only solution as you need to make sure the OS is secure itself too, but definitely helps in that case, no messages stored at rest and all are encrypted in transit.

Something else that might happen is you ending up with your phone hacked

Which is essential to have a messaging platform that allows multi-client/cross platform, say running that app on a hardened OS is an option and possible compared to only iOS with a phone a number for example.

write all code yourself, and host everything without ever leaving your server alone.

You don’t need to write it yourself, as long as you can read it, and host it knowing no other services are spying on that server, should be miles ahead of other apps like signal, sure, you can still have that server breached, but first you need to know where’s that server, or even you are using this messaging app in the first place, contrary to Signal for example, all I need is checking if you use it by the phone number. Not to mention it will make it harder for whoever is trying to spy on you, if most people ran their instances, but that’s a little bit more of a dream as the average person won’t, but at least the option should be provided.

godelski
0 replies
1d

Signal makes the app open source and you can build it yourself and use it. The messages are E2EE so we don't need to trust the server in the same way because they aren't being decrypted there. They can't have the key. They could be logging the messages and metadata, but that's a different argument. And it really would come down to the NSA being able to hack AES with a quantum encryption (though I don't think this was out at that time). So I have pretty good reason to trust signal despite there still being some gray areas that I could still want more light on. It's just that we're the shadows are I'm unconvinced it could undermine the whole system. You can't fit an elephant in the shadow of a mouse.

On the other hand Tucker isn't even being consistent in his telling of the story. He says that he hasn't told anyone and makes a big deal to even mention his wife, so we think even his closest confidants. But then what message did he send over signal that was extracted? The personal notes? There's also much more reasonable pathways for the NSA to get that information. If he's researching and just storing notes on signal he's still leaving breadcrumbs somewhere. He's a popular news host so I'd be surprised if the NSA hasn't tried to compromise his whole phone, and signal only protects your messages in transit. The only evidence we have is his word that someone from the NSA told him. Which itself would be really weird because it'd completely undermine that capability or imo a more likely explanation is someone is lying. Gov does disinformation all the time and convincing people a secure channel isn't seems pretty useful since they'll turn to easier methods.

So I don't have to rely on my distrust of Tucker or his history of misinformation. If this was my only and first encounter there's more than enough for me to be suspicious in just his telling.

rglullis
1 replies
1d

Matrix and XMPP also provide privacy without requiring a phone number

(Or a phone, even)

leotravis10
0 replies
1d

That's a fact, and many people use XMPP and Matrix more because of that. We need to stop relying on phone number identifiers as described here: https://dessalines.github.io/essays/why_not_signal.html#phon...

The news today is a step in the right direction for sure, but more needs to be done if they want more privacy and anonymity-focused people to use it. This section on what makes a good messaging platform still resonates: https://dessalines.github.io/essays/why_not_signal.html#what...

abdullahkhalids
0 replies
1d

You lose anonymity. You do not lose privacy, which is still secured by the message encryption.

dredmorbius
1 replies
11h56m

There are places where one's mobile phone is effectively one's identity. South Korea for example:

<https://www.nfcw.com/2022/10/20/379863/south-korea-to-roll-o...>

Vinnl
0 replies
11h41m

Sure, but that means that your phone number is linked to your identity even without Signal? There's no additional data that Signal links to it, other than that you're a Signal user and when you sent your last message.

codedokode
1 replies
1d

Neither Signal nor Telegram allow to pay a small amount in cryptocurrency to prove you are not a spammer. This shows that they are really interested in knowing who is their user.

Vinnl
0 replies
11h41m

It's either that, or perhaps they're looking for a solution that works for 99% of people.

windexh8er
7 replies
1d2h

Definitely not a copy of Telegram. I'm not actually sure what the draw is with Telegram but given it's origins I'll choose Signal over Telegram.

If you read the thread the linkage between a phone number and a Signal account cuts down on fake accounts significantly - which has nothing to do with "social media" but it does have a lot to do with SPAM as you've incorrectly stated. I understand why it's not ideal, but there are tradeoffs in both directions. It's unlikely that usernames are going to expose users more than they currently are if they're already using Signal. And it's also unlikely that this new feature changes much, but I welcome the ability to prevent users from associating my known number to my Signal account. In this way the security model has improved considerably.

mattl
3 replies
1d1h

Does Telegram still have a feature where you can see who nearby you is using Telegram? That to me is a reason alone to not install it.

Shank
2 replies
1d1h

This feature requires you to press the button that says “make myself visible” — and then it shares location. Like most apps, you can deny the location access at a system level and never worry about it.

mattl
0 replies
1d1h

It has been a long time since I've used Telegram but why else would I have had that enabled?

iamkd
0 replies
1d1h

The interesting thing is that it does share your location when you open that screen even before you click that button. I don’t know why they did it, but it is definitely a shady thing.

anigbrowl
1 replies
1d2h

Telegram's privacy is questionable but its UI is absolutely outstanding.

xk_id
0 replies
1d1h

I know right? Telegram is one of my favourite iPhone apps, hands down, purely on the basis of the interface. It’s also incredibly performant, which means a lot considering I use a 6S model from 2015. In comparison, the last discord update became literally unusable, for performance reasons (it was so bad, i ended up deleting it).

mardifoufs
0 replies
1d2h

Telegram has channels and groups that work in a weird but very useful way. That's mostly the draw for me, not really the private messaging. Though the UX is just amazing, even for private messages. Everything is just super neat and where you expect it to be. I'd still probably not use it if it wasn't for how channels work

unethical_ban
5 replies
1d3h

It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).

It may decrease privacy philosophically, but it isn't nefarious.

If you want a private messaging platform with zero prerequisite identity, use Briar.

tamimio
1 replies
1d3h

It is a way to increase usability for casual users

You can keep it as an option.

decrease spam by requiring some other source

Phone numbers never been a good way to counter spam, just look at social media, you can buy phone numbers in bulk these days, not to mention spam might work in social media because there’s the concept of “public space” where everyone shares and talk, so it does make sense for some bad actors to spam or even trying to influence others, that’s not the case in messaging app, because first I need to know your “unknown” username that I can’t see it elsewhere, and second, the efforts are worthy for such unsolicited message, which in case it was, you can get a burner to send it. The point is requiring a phone number to counter spam doesn’t work, and it doesn’t make sense either for messaging apps.

If you want a private messaging platform with zero prerequisite identity, use Briar.

Well, personally I don’t use Signal, never will in its current state, but they always try to promote it as privacy messaging app while still relying on a broken system known as GSM.

usrusr
0 replies
1d1h

A lot of spammers opt for media that does not require the effort of obtaining a phone number. It's the bike lock model: no bike lock is ever safe, but as long as your bike is parked next to bikes with a weaker lock, you have a pretty good chance of not having to walk home on foot.

smallerfish
0 replies
1d2h

It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).

You either end up discriminating against users who have to use VOIP for whatever reasons (and there are legitimate reasons) by blocking VOIP numbers, or your barrier to entry for spammers is almost negligible. It's not a good system.

If you want to prove that users are humans, use a webcam and an id, or delegate the task to some bigcorp who already has a similar system. If that's too much for you in terms of privacy, you shouldn't be attempting to prove that users are humans in the first place. Maybe you should prevent spam via product driven solutions, e.g. whitelisted contacts.

novok
0 replies
1d

For the people who really don't want a phone number, make them pay via mobilecoin. Lets them raise money and prevent spam.

jacoblambda
0 replies
1d2h

It may decrease privacy philosophically, but it isn't nefarious.

It doesn't decrease privacy. It decreases anonymity which is distinctly different.

If you want a private messaging platform with zero prerequisite identity, use Briar.

Or Session which is a fork of Signal that runs it's own network using standard PKI instead of a phone number for identities and a decentralised message delivery/onion routing system.

EVa5I7bHFq9mnYK
2 replies
1d2h

Telegram? Neither ICQ (1996), nor Skype (2003) required phone numbers. That's a later trend, part of general enshittification of internet.

mattl
1 replies
1d1h

How much spam did you get on ICQ? I remember getting a lot.

EVa5I7bHFq9mnYK
0 replies
6h7m

I dont remember getting spam, but I ditched it pretty early on in favor of Microsoft messenger (RIP).

heavyset_go
1 replies
1d1h

why does Signal still require a phone number in the first place?

Governments won't go on a crusade against Signal as long as they keep records of who is using their platform to commit crimes.

Signal won't commit to being an anonymous platform likely for that reason.

leotravis10
0 replies
23h59m

Yep, plus I (and many others) feel the US government is satisifed with the information that Signal provide to the government and it has to follow juristictions such as NSLs: https://dessalines.github.io/essays/why_not_signal.html#a-si...

tgsovlerkhgsel
0 replies
1d2h

Because the social graph sitting in people's phone address books isn't easily replicated, and using phone numbers is basically the only chance of overcoming the chicken-and-egg problem with network effect.

sneak
0 replies
1d

You can use burner voip numbers, it doesn’t need to be a gsm sim in your phone or tied to your identity in any way.

Vinnl
60 replies
1d3h

Note that even once these features reach everyone, both you and the people you are chatting with on Signal will need to be using the most updated version of the app to take advantage of them.

Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.

Which is also an example of a challenge for open ecosystems where everyone can create apps.

I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.

smt88
29 replies
1d2h

Is Signal considered to be (or attempting to be) an open ecosystem?

My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.

The underlying protocol is open and could be used for an open ecosystem, but I didn't think Signal aspired to do that.

lima
12 replies
1d2h

The apps and most of the backend are open source too, not just the protocol.

The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).

ezst
11 replies
23h46m

I see that it is a ton of wishful thinking and FUD on the side of Signal to claim that: XMPP is alive and kicking, has all the features one needs, runs everywhere, at scale, offers the same or better crypto, better privacy, better resilience and is more sustainable. When Signal will inevitably fail/turn against its users/enshittify itself or get acquired, all federated and P2P protocols will keep on going. For decades. That's the kind of communications systems we should be demanding in the present era, nothing less.

kiwijamo
9 replies
23h37m

Yet I'd wager most HN readers have a grand total of zero XMPP contacts. Myself included. Proving the GPs point.

zaik
4 replies
16h45m

I kicked out all the walled-garden apps like Signal and went standard XMPP only. I have a lot of XMPP contacts now. You just need to commit to it.

cortesoft
1 replies
16h41m

And have friends who are all willing to commit to it, too

zaik
0 replies
16h37m

Not really, my friends are still using proprietary apps besides their XMPP client.

WhyNotHugo
1 replies
9h57m

Did you set up bridges for contacts on legacy networks?

zaik
0 replies
3h2m

Only Biboumi for IRC.

AJ007
3 replies
21h15m

Because of what Google did with Google Talk. https://ploum.net/2023-06-23-how-to-kill-decentralised-netwo...

XMPP is underrated. A lot of people are imagining Pidgen in 2011, but the protocol has been extended, the actively developed clients are good, and it avoids the heavier parts of Matrix (both client and server side.) I wouldn't be surprised if Slack's replacement when Salesforce inevitably fucks it up will be XMPP based rather than Matrix.

hot_gril
1 replies
5h42m

"The protocol has been extended" has been XMPP's theme for decades, and also its problem. Name your favorite client, it probably won't have several extensions, and a lot of useful things require support on both ends plus the server. Lots of things that should be ubiquitous are not, including s2s auth. There needed to be more structure, like AIM back then or Signal now. Also the XML stuff is a nightmare.

Even if Google Talk kept XMPP, they weren't going to save it, cause nobody used Google Talk. Facebook was by far the biggest XMPP-supported platform (though it wasn't federated), and they stopped probably cause they didn't see enough clients. Even Slack supported XMPP for a while, did you use that?

freeAgent
0 replies
25m

My entire friend/acquaintance group used Google Talk in the late-‘00s.

smt88
0 replies
18h56m

Slack's replacement is going to be Teams. No corporation chooses internal chat clients based on interoperability or openness of source code.

hot_gril
0 replies
5h33m

Is it really a wish if it's already come true? I can't name a single person who uses XMPP. If a federated chat protocol ever wins, it'll probably be something more modern like Matrix. At least there's email too.

kaanyalova
7 replies
1d2h

Both the app and the server is open source

https://github.com/signalapp/Signal-Android https://github.com/signalapp/Signal-Server

There are forks like Session which doesn't require a phone number to sign up

https://github.com/oxen-io/session-android

smt88
6 replies
23h48m

I understand this, but Signal doesn't attempt to tolerate third-party apps on their servers as far as I know. They don't support interoperability.

godelski
5 replies
23h8m

You can run Signal app forks on the Signal server. Molly is a popular one. You just can't create new servers. I wish you could, but I get the reasoning of not wanting honeypots. But that doesn't stop you from running your own network of Signal servers. So I don't see anything stopping anyone. I mean Mullvad runs their own stuff and I don't see half the complaints about them. I've always been curious why Signal is so unique here. If 1/100th the people that made these concerns developed a open community of signal servers, I'm sure we'd have a viable alternative network. What's stopping everyone?

xorcist
2 replies
10h1m

The Signal devs have been very clear that they consider forked or third party clients freeloaders and will cut them off, sooner or later.

godelski
1 replies
4h21m

Source? Sounds like even a bigger reason to create a parallel network

LtWorf
0 replies
1h50m

I recall reading this as well on their website

AJ007
1 replies
21h3m

One of the big lessons from Twitter and Reddit was third party apps are tolerated or even encouraged until they are not. Unlike, for example Discord, I haven't see any indication that third party clients are causing account bans, yet.

The status of open source, privacy respecting messaging apps looks really healthy to me, compared to where we've been over the past 30+ years (thinking starting with ICQ.) Signal was a big leap toward getting average people using much more secure messaging, although it is pretty clear even most 'tech' people don't grasp what is going on or why it is important to be able to use e2ee separate from a combined client+server provider.

godelski
0 replies
21h1m

Yes, but my argument is more in the realms of "why are there no projects to create an open network using the existing architecture" not "we shouldn't have an open network and completely rely on Signal forever."

Vinnl
6 replies
1d1h

They've described what they're attempting to be here: https://signal.org/blog/the-ecosystem-is-moving/

fsflover
2 replies
23h3m
bjoli
1 replies
6h47m

I tested matrix in 2021 and found the experience pretty darn awful outside the main client. And by a cursory glance the ecosystem is still pretty much controlled by the matrix.org folks. When I was using it there was a lot of accusations that Synapse did not follow the specification and that server implementera had to reverse engineer what Synapse did to be able to federate.

And talking about that: does federation work properly yet? I used a third party provider and it made my life miserable.

I am all for federation, but in my experience the "federated" part of matrix was a lot worse than the jabber one they want to replace.

fsflover
0 replies
6h15m

I'm using a non-matrix.org server. It works fine.

greyface-
1 replies
1d

The author is no longer CEO, though, and there are a lot of "I" statements in the post. Is it still accurate? Has the current CEO made any comment on it?

sdenton4
0 replies
23h51m

It's a great encapsulation of why Signal is not federated, and, unless you find the current CEO stating otherwise, is unlikely to change. Changes like the one detailed in the link simply wouldn't be possible to roll out efficiently in a federated ecosystem.

Signal has consistently focused on helping /most/ users do what they want with the app without sacrificing security. This change - away from requiring phone numbers - helps plug one of the biggest criticisms, both on the security and product side. Nothing about their mission requires federation, so I respect that they haven't sacrificed their mission in order to do it.

rstuart4133
0 replies
23h0m

Moxie's post looks solid, but there is a counter example: bitcoin nodes. They are a very loose federation of nodes that go through regular upgrades in the protocol. So it is possible.

But yes, it's also very hard. The bitcoin protocol didn't start out that way. It took a lot of knocks and bruises to get to the point they could upgrade all the servers in the federation.

Interestingly, the method bitcoin came up with allows protocol changes to fail, meaning the bulk of the federation never takes them up. Everyone gets a vote, and it only succeeds if the bulk of the federation upgrades. Perhaps from Moxie's point of view that's unacceptable, as it means he is no longer the dictator of the protocol.

Nonetheless, it is possible to design a protocol so it can be upgraded relatively quickly. Even if you don't do add "quick transition" features to a protocol transitions can still haven. IPv6 will replace IPv4. But as Moxie says, it's painfully slow.

WhyNotHugo
0 replies
9h59m

It's not [attempting to be an open ecosystem]. Their ToS used to forbid using third party clients. I don't think this has changed. They haven't banned anyone for using third party clients (to the best of my knowledge), but they're openly against an open ecosystem.

It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.

unethical_ban
15 replies
1d3h

I wish it were more obvious that Signal expires its apps every 90 days.

My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.

When I visited, I opened the signal app and was told I had to update.

KennyBlanken
12 replies
1d2h

It's patently unforgivable that a message would not be delivered because the client is out of date.

The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.

In the US, cellular is often expensive and slow.

In underdeveloped countries where software like Signal could be really important, all this is even more true.

We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?

__MatrixMan__
7 replies
1d2h

Delivering a message to a client which is known to be less secure than the sender expected it to be is unforgivable.

Refusing to deliver is inconvenient.

jjav
5 replies
1d

Delivering a message to a client which is known to be less secure than the sender expected it to be is unforgivable.

That is inconsistent with the threat model of a messaging system!

Inherently, a messaging system will deliver a plaintext copy of the message to the recipient(s). Wouldn't be much of a messaging system otherwise.

Once you sent something and it was delivered in plaintext to the recipient, the information disclosure risk is completely out of your control (and out of control of the application in use). The recipient is free to leak it however they wish.

If you don't trust the recipient to keep it private, don't send it.

eszed
2 replies
1d

Just curious, since I'm not really active in this space, but wouldn't the threat model of most concern be that an external actor breaks (maybe an outdated version of) the app or protocol? This would leak data without you or the recipient being any the wiser. It seems like that's the threat the app-expiry policy is intended to address.

jjav
1 replies
1d

You could update the protocol version if and when a protocol weakness is discovered and then stop talking the previous protocol version after a transition period.

No need to continuously expire apps in the absence of a protocol breach.

eszed
0 replies
14h53m

What if there's a vulnerability in the app itself?

I have no idea if that's what they're concerned about - they may just be being arseholes in this case - but from the outside it seems like a legit reason to build in the capability for app expiration.

joshuamorton
0 replies
22h19m

That is inconsistent with the threat model of a messaging system!

I disagree, the worst thing that a messaging system that aims to be "private" can do is to actually not be private. Sending to a known-insecure client is a violation of, like, the one thing signal claims to do.

If you don't trust the recipient to keep it private, don't send it.

My threat model is some combination of "third party actors who I don't trust" and "second parties who I trust but who are non-experts"[1]. I would like Signal to protect me from the first (by not delivering things to known-insecure clients that can be middlemanned or otherwise discovered) and the second, by having privacy-respecting and mistake-preventing defaults. Things like disappearing messages and such. Keeping my trusted-but-nonexpert peers from making mistakes that can harm either of us in the future is a key part of my threat model.

For example, disappearing messages prevent me from being harmed by my friend, who I trust to discuss things with, not having a lockscreen password and getting warrented by the police. An outdated or third party client that lets you keep them forever, even if well intentioned, can break that aspect of the threat model. And yes, a peer who is actually nefarious can still do that, but that's not my threat model. I think my friends aren't privacy-experts, I don't think they're feds.

[1]: This is, for example, the reason that I think PGP is not a good tool. Even if I do everything right, a well meaning peer who is using the PGP application can unintentionally leak my plaintext when they don't mean to, because of the tool's sharp edges.

__MatrixMan__
0 replies
22h28m

But you don't know, at the time of sending, which version of the client will show up to retrieve it. Otherwise both clients would need to be connected at the same time before you were allowed to send.

sunshowers
0 replies
22h27m

I think this is the tradeoff that Signal makes versus the messenger most similar to it, WhatsApp. Though of course everyone in a group chat must pick one or the other, so it's not much of a free choice. (My friend group in the bay area is entirely on Signal, for example, though I also have a WhatsApp account.)

vel0city
2 replies
23h55m

In the US, cellular is often expensive and slow.

Mint will sell you a plan for 5GB of data for $15/mo. Its not that expensive to have a basic cellular plan. And that's assuming you're not poor enough to have your cellular plan almost entirely subsidized. And also assuming you're pretty much never anywhere with wifi.

In the vast majority of markets in the US it'll take a minute or less to download, it'll probably take more time unpacking on your device and installing.

ambichook
1 replies
22h54m

5gb for $15USD/mo is expensive relative to other areas of the world. in aus, for example, my phone plan is $30AUD/mo for 55gb

vel0city
0 replies
21h10m

Sure, but the thing I was responding to was "in the US".

There's cheaper per-gig plans in the US. Visible has unlimited plans for $30/mo which is cheaper per-gig if you use a lot but more if you're using less than 5GB anyways. And if 200MB/yr currently seems like an expensive amount of data to you, you're probably already using less than 5GB a month.

Klaus23
0 replies
1d

We are talking about 85 MB four times a year to keep the application up to date and running smoothly. Don't be ridiculous.

gnicholas
1 replies
23h46m

I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.

int_19h
0 replies
15h26m

This has more sinister implications in some places. For example, Apple app store in Russia can get banned at any time. So if I understand this correctly, if that happens, Signal will stop working for all iPhone owners in Russia in 6 months. And guess where you really need something like Signal?

LoganDark
8 replies
1d3h

Does this mean the protocol still exposes your phone number and it's hidden only by the client side?

varenc
7 replies
1d3h

The answer is almost certainly no. It means the old APIs that expose phone numbers will stop working in 90 days. And old clients along with them.

I have not investigated this at all, but I have enough faith in Signal/Whisper Systems to be optimistic.

hot_gril
4 replies
1d3h

Found out the hard way that the old versions do stop working. You don't even get message notifications if your app is out of date.

jcollins1991
3 replies
1d3h

Yup, I was on an international trip with hardly any data allowance when all of a sudden my messages stopped sending, and I couldn't receive any new ones... That'll never happen with SMS. I love Signal, but some of their product decisions have been questionable.

hot_gril
2 replies
1d2h

Their decisions seem right for the use case of a secure messaging app, but I don't care about that use case and would rather use a non-e2ee app that'll be reliable, not lock me out, and work seamlessly across devices. Also, for those who truly care about e2ee, it's pointless if you aren't checking all the safety numbers out-of-band.

freedomben
1 replies
1d2h

Yes, this is a compromise on the CIA triad. It prefers integrity and confidentiality over availability.

That is a fine decision to make for a security-minded app, but signal has always presented themselves as a full alternative to SMS and other messaging systems where availability is prioritized over confidentiality and integrity. It should really be made more clear so that users are making an informed decision. They could also do wonders for the user experience by having the app inform the user of the problem and how to remedy it.

hot_gril
0 replies
1d1h

Yeah, but I wouldn't call SMS super available either since it relies a lot on the ends too. Had a lot of those drop when I traveled. Something like Facebook Messenger has a whole server storing messages, so it's solid, you'll receive them later even if your phone breaks.

londons_explore
1 replies
1d3h

The way they say "privacy settings will be honored by everyone using an official Signal app." kinda suggests they're gonna let third parties keep getting this info...

contact9879
0 replies
1d

They won't. It'll be similar to message timers or delete for everyone. You can revoke sharing your number and it will be hidden in official apps but third party apps won't magically forget the number that was previously shared. However if you choose not to share your number from the start, no one will be able to see your number.

hot_gril
3 replies
1d3h

Hackers can always create apps.

verandaguy
2 replies
1d2h

This is a common, but terrible argument. Anyone can (mis)use, make, or weaponise technology given enough time and funding. Following this reasoning to its logical extreme, nobody should ever do anything.

The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.

Done right, that fraction will be significant.

saurik
0 replies
18h22m

I mean, if WhatsApp said this about the privacy of messages, Signal would be running billboard ads about how they don't care about privacy and look at how much better Signal is, right? This is the company that goes out of their way to pile on advanced encryption and insists on using dangerous secure enclaves to get this kind of thing right... until they are asked the hide phone numbers, at which point they are selling people a false bill of goods that WILL confuse someone into giving their phone number to someone who they really shouldn't have. It isn't as if it is somehow impossible to hide anyone's number at the protocol level: hell... even Snapchat does this, right?

hot_gril
0 replies
1d1h

It's not a big expensive task to look at what data an app is sending/receiving. Anyone with minimal reverse-engineering skill will know how to intercept HTTPS to/from their own phone in 5 minutes. Signal uses some other protocol, but it's also doable, also it's open source anyway.

The conclusion isn't that Signal should be closed-source, it's that Signal's servers should not trust the clients not to be tampered with. So after 90 days, they will remove phone numbers from the protocol for users who have hidden them, breaking old clients, which is fine. What is the alternative solution you're thinking of?

vlovich123
0 replies
1d3h

Protocol ratcheting, but 90 days would be quick if there’s a lot of apps.

godelski
59 replies
1d2h

This is fantastic! I also love that there is the QR code generator. It'll make connecting easier.

I hope moving forward we can have multiple usernames and profiles. This would greatly increase privacy since we may have different identities in different social groups. Even on HN a lot of us have multiple personas. I find one of the big challenges is actually handling these different identities as most software only assumes you have one. Though it seems to be common on social media like twitter or instagram. But bitwarden still doesn't know how to differentiate microsoft logins lol

Edit: I'd love in the future to also see things like self destructing or one time links. I don't think these should be hard to implement, especially if one can have multiple usernames. Certainly a limit like 3 would be fine with the numbers, right? Personally I wouldn't be upset if multiple names became a premium feature but I'd strongly prefer if it wasn't. I get that signal still needs money (https://news.ycombinator.com/item?id=39446053)

LtWorf
47 replies
1d

Telegram has had all of these features for a while… too bad it isn't as secure as signal or it'd be perfect, since it's also written in a real GUI toolkit and present in distribution repositories.

I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.

I wonder where signal is about keeping the servers up, since they hate federation so much.

Nuzzerino
23 replies
1d

Don’t worry, telegram is now gatekeeping certain privacy settings behind the premium subscription like it’s 2003.

They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.

There was no confirmation prompt. Pretty sure this happened to me more than once.

Please don’t ever compare Telegram with Signal.

oli-g
9 replies
21h26m

I don't get why people who are so paranoid about someone associating their Telegram handle with their phone number simply don't go and grab a burner SIM at Tesco.

I mean I'm all down with the idea of tech companies respecting our privacy. But here we are, complaining that corporations that are at least trying (and that are operating at a loss since their conception for our convenience) aren't giving us "Snowden hiding in Russia" level of security out of the box, for free, just because we deserve it. All while we could easily implement it ourselves for like $8 and with no online trace whatsoever.

It's like, Tails Linux exists, but FUCK GOOGLE for forcing me to Ctrl+Shift+Delete in Chrome if I want to erase a cookie. I'm so significant and certainly not a criminal, why do they hate me so much??

guhcampos
4 replies
20h48m

It's not always that simple. In many countries, like Brazil, you need a valid ID document to buy a SIM card, and the number is then and always linked to your government ID. This is the case for quite a few relatively free countries as a means to fraud prevention (not that it's particularly effective though).

bombcar
2 replies
8h0m

Keeping your username from phone contacts is quite a different problem than keeping your name from the government.

Geisterde
1 replies
6h7m

Why is there such a pervasive crowd of people who chock this kind of thing up to a lost cause? From my prespective, if it can be done, we should, we must, do it. Is there something special about hiding something from a government thats qualitatively different than hiding it from any other criminal? That they can levy greater amounts of violence? Isnt that even greater justification to privacy?

bombcar
0 replies
5h43m

I'm fully in agreement; we have policies around warrants, etc that have been long-running and should in general treat the government as a quasi-malicious actor.

However, just because the government forces something for them doesn't mean we should just give up entirely for everything - the fact that the government knows your SIM purchase doesn't mean that random users on HN should be able to find it.

kojoru
0 replies
16h0m

Specifically for telegram there's a (rather expensive) crypto-based no-sim option: https://telegram.org/blog/ultimate-privacy-topics-2-0/ru?set...

Nuzzerino
2 replies
17h19m

Ah, the good ol “just get a burner sim bro” argument. Tried that once, they did KYC.

mtnGoat
1 replies
16h58m

I hadn’t used a burner in years, last year my phone broke on a trip and I just wanted to grab a phone, to get me through the week. I can say it’s not like it used to be! Can’t just grab one at the gas station and pop it in a phone. Gotta give ID, sign up for accounts, etc.

prmoustache
0 replies
13h21m

It depends of the country. You can buy a sim card at an Oxxo in Mexico like you would buy a bag of doritos. I did it precisely last year.

Having said that if you leave the country I am pretty sure that sim card and number would be deactivated after a few months if not connected. I am not sure how fast a number can be reused.

palmfacehn
0 replies
14h43m

I've tried 4 different sim cards in telegram. None of them seem to work. Not sure why a "privacy" app is asking for a phone number in the first place.

hanniabu
8 replies
22h56m

telegram is now gatekeeping certain privacy settings behind the premium subscription

Such as?

vld_chk
6 replies
22h14m

For example, now you can’t restrict who can send you a message unless you have a premium. Also they added a “feature” that premium users can bypass non-premium users privacy setting “last seen and online” and TG will tell that info regardless of your choice unless you are premium too.

flexagoon
5 replies
22h7m

You're significantly misunderstanding the changes.

now you can’t restrict who can send you a message unless you have a premium.

And before that you just weren't able to restrict that at all, there was no such feature. They didn't remove this feature for free users - it never existed. They just added it right now only for paid users.

premium users can bypass non-premium users privacy setting “last seen and online”

That is absolutely not what the feature is. If you hide YOUR OWN last seen time, you won't be able to see last seen time of other users, even when they have it public. Now, premium users will be able to see public last seen times of other people if they hide their own. But they obviously still can't see last seen time of people who set it to private, that would've been very dumb.

vld_chk
1 replies
21h46m

Thanks for the clarification on last seen, I certainly misread it. About messages: hm, I was sure it existed before but maybe again my brain just lags.

As someone who for some time created and moderated fairly popular chat (200+ people) for anti-war Russians, I have very long and complicated history of relationship with this service and have a lot of different grey-zone stories where it is hard to understand whether it is a mistake from users and whether it is a leak from the service.

Hence I have a little low expectation and overreact on their recent changes

flexagoon
0 replies
13h4m

I have three Telegram channels with a few hundred subscribers each, and I also use the service daily, as I'm Russian as well.

I generally agree with you that Durov makes a lot of incredibly stupid decisions. I think pretty much everyone in the "Telegram community" (eg. channel administrators, bot/client developers, etc.) would agree that the changes Telegram is introducing are often bad.

The issue, though, is that there isn't any alternative right now - Telegram is the best messenger out there in terms of general usage. So while I do hate what they're doing sometimes, I still use the product and even pay for Telegram Premium. It's bad enough to be mildly annoying, but not bar enough to actually make people leave the platform.

Edit: just as I was writing this, Telegram introduced a new feature. I'm not sure if I love it or hate it to be honest, it's a smart way for them to save money, but it is pretty weird: https://t.me/tginfo/3942

Lockal
1 replies
15h0m

If you consider Telegram as a product to be a logical continuation of the VK message system, then all of these "features" existed.

Restricting of incoming messages existed (cloned from Facebook as usual).

Restricting of "last seen and online" existed in third-party clients. Later on VK started to actively destroy this functionality, by moving manual "is online" management from designated API into all data-fetching APIs.

Not to mention that VK and Telegram are now actively fighting with third-party clients. In which world they would not fight Ninjagram/AyuGram/Plus Messenger/other forks, which allow to add multiple accounts, hide online/reading (to some extent), show message editing history and so on?

stavros
0 replies
12h1m

If you consider technology to be a logical continuation of earlier technology, then all features existed.

danShumway
0 replies
3h46m

And before that you just weren't able to restrict that at all

This is a really basic security feature though that every single platform should support. If Telegram didn't support messaging restrictions before, that doesn't mean they're not currently gating a basic privacy/safety feature behind a paywall. It just means they should be embarrassed that they used to be doing something even worse, ie not even offering a basic privacy/safety feature at all.

Correct that this would not technically count as removing a feature, but I feel like that's possibly a distinction without a difference. I'm not coming out of reading this explanation feeling more charitable about Telegram's security or willingness to gate off security features. It's a bad look for a company to put basic blocklists behind a paywall, that is not a company I trust not to start degrading security for free users.

Systemling0815
0 replies
22h28m

Last online status

LtWorf
2 replies
23h24m

Come on signal until today had no way to keep the phone number private. Which is the topic here.

fidelramos
1 replies
22h54m

Because unlike Telegram they strive to do things in a privacy-respecting way, and that's hard to get right.

guappa
0 replies
11h46m

Wasn't the saying "perfect is the enemy of good"?

While waiting to have it perfect you don't have it good either.

kome
0 replies
23h12m

i've been using Telegram on and off since 2015 or so, and i've never shared my contacts. never! re-installing Telegram has never changed that setting.

The real problem with cellphones is that a lot of privacy-threatening issues are literally one fat finger away. And clearly, that's a feature, not a bug. That's why I prefer to work and message on my laptop anyway.

but again, Telegram has been, in many practical ways, much more privacy-oriented than all the other messengers, exactly because you don't have to share your phone number to participate in groups and chats.

vld_chk
10 replies
22h18m

Telegram and Signal solves very different types of privacy issues.

Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).

But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.

Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.

Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.

Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).

Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.

psuresh
4 replies
15h29m

Dictatorship exists in varous forms. Russia has democracy though in bad shape. There various flavours of democracy. But what about total dictatorship in China has no opposition and many countries with theocratic monarchy.

walteweiss
2 replies
14h12m

Bullshit. Russia has no democracy, even in the minds of its citizens, not to say in the government. It never had and it may never have democracy. At least, until Russia exists in its current shape of form.

My bet is that they have a chance for democracy only when Russia becomes a set of little independent states. As Russia in a nutshell, is just a Muscovy that occupied other sovereign states. It was exactly like they’re trying it with Ukraine currently, again. Again, as the previous one was in 1918, when Russia ‘incorporated’ other states, what we know as ussr.

borissk
1 replies
7h50m

Russia had democracy back in the late 80s, 90s and early 2000s.

E.g. the Russian Comunist party leader Zyuganov have said many times that he lost the 1996 president elections in a fair way.

walteweiss
0 replies
5h9m

Oh, that proves me so very wrong!

vertis
0 replies
12h39m

It's really easy to tell the difference between a democracy and a fake democracy. Democracies are messy, people never agree. Anywhere that get's consistent landslides for one person or party is not a democracy.

Take for example France vs Russia. In the 2022 election, Macron managed to get just ~30% of the voters that wanted him as President. In the second round where only two options remained, only 58%.

Without any serious opposition (with the murder of Boris Nemtsov and jailing/deregistration of Alexei Navalny), the 2018 was again a landslide for Putin with 76.69% of the vote.

There are of course other easy ways to tell, but this serves as a pretty easy heuristic.

This is, of course, a gross simplification, of everything that makes up a democracy. For example, the US is at best a flawed democracy because of all the lobbying, money and gerrymandering (and things like the Electoral College).

Disclaimer: Not American, I'm a Kiwi, so outsiders view of US politics.

pcchristie
2 replies
21h1m

I didn't know a lot of this. I thought Telegram was mostly funded through Durov's Bitcoin and VK money? It feels strange that he'd be so "in bed" with the Russian govt when the whole reason he left was because of his staunch opposition to taking down Navalny's VK page. But I haven't done extensive reading on this.

vld_chk
0 replies
20h40m

Durov was indeed an opposition to Russian govt for some time and TG was banned in Russia for some time.

But then “SEC-incident” happened. He and his brother wanted to build TON and fund it by kind of ICO (without naming it ICO). SEC decides enough is enough and blocked launch of TON with charging Durov for selling unregistered securities.

At the end, issue was settled, Durov returned all money and settle the deal with SEC, but it shrinks his finance by a lot and he ran out of money for TG.

Then he was seen in Russia and issued bonds for $1 bln. According to Russian financial press [1], bonds were underwritten by Russian banks closely affiliated with government or directly stated-owned (all of them are in sanctions list now), and even some money was invested by Russian Fund of Direct Investments [2]. Last summer he again issued bonds for TG for $270 mln. You can buy TG bonds at SPB stock exchange where they were listed 2 weeks after the issuing [3].

Surprisingly (repeating my comment below), around same time, Russian govt withdrew all their claims to Telegram and started to use as the official communication channel.

Not to say that other “transformations” happened like Duriv publicly denounce US declaring it is a “police state” [4]

All links in Russian, sorry:

[1] https://www.rbc.ru/finances/15/03/2021/604f11019a79478034130... [2] https://www.bbc.com/russian/news-56501991.amp [3] https://www.forbes.ru/finansy-i-investicii/424665-shirokiy-k... [4] https://te.legra.ph/7-prichin-ne-pereezzhat-v-Kremnievuyu-do...

Lockal
0 replies
15h30m

Durov personally blocked Navalny channels in Telegram during 2021 elections - https://www.rferl.org/a/telegram-navalny-smart-voting/314662... even though "technically" as a foreign legal entity they had no obligation to follow orders of Russian censorship agencies. Also, if you look up the results of court decisions in Russia, Telegram leads by a significant margin among other messengers. Yes, of course, it is the most popular messenger in Russia, but it is designed from the ground up to tie and control the circle of communication to specific people as precisely as possible.

grayfaced
1 replies
21h55m

It was also banned and blocked in Russia for several years. It was only unbanned when they agreed to cooperate with security services.

https://en.wikipedia.org/wiki/Blocking_of_Telegram_in_Russia

vld_chk
0 replies
21h41m

More to this “lucky coincidence” it was unbanned exactly when Durov failed in trouble with SEC and raised Russian-state money to solve his problems. Around same time almost all official Russian institutions open TG accounts and Russian Parliament (if we can call that silly thing like this) representatives was saying like “we solved all problems with them”.

When war started, and Russia banned a lot of services like FB, they created list of communication platforms they have questions about loyalty and cooperation with Russian government. TG was not on that list and through the whole war the only issue was about Telegraph — supplementary platform to publish long notes. AFAIK there was 0 questions or criticisms to TG in those 2 years.

As for me, it says a lot

Faizan711
5 replies
16h20m

Why do you say that Telegram isn't as secure as signal?

LtWorf
2 replies
13h41m

Chats are not e2e encrypted by default, they are just encrypted in transit. However this allows chats to be synced across many devices, so it is very very convenient.

Telegram has e2e encrypted chats but only on mobile and not on desktop for some reason.

fsflover
0 replies
12h55m

However this allows chats to be synced across many devices

I use Matrix with e2e encryption, and my chats are synced just fine.

Moldoteck
0 replies
11h31m

telegram is e2ee only for secret chats, all other chats & group chats are not e2ee (which means telegram can access their content at will on the servers) Synced chats across devices is possible with e2ee, even signal has this, it's just one edge that's poorly implemented: initial sync of the chat history and afaik they haven't fixed this yet, but all messages after setting up a new device are in sync as far as i know

jknutson
1 replies
16h4m

I’m not who you replied to, but I agree with his sentiment about signal being superior to telegram in terms of security (or more specifically, privacy).

For me, there’s two big reasons for this:

Signal chats are E2E at all times, while Telegram is only E2E when you explicitly create a “secret chat” with whoever you’re conversing with. I don’t fault Telegram too much for this, because they still provide the option to use E2E for everything, but Signal gets brownie points in my book because they just do it by default without getting in the way of the User.

Secondly, as far as I know, Telegram uses their own in house encryption techniques as opposed to industry standards. I am not at all knowledgeable about encryption or cryptography— I only know what’s required of me in my job (basically the bare minimum), and so I don’t actually know whether this is anything of serious concern. It could very well be that Telegram’s encryption techniques are just as effective as the established norms, but I do see the general consensus trending towards “roll your own encryption = bad, use established norms = good”, which is primarily what I am basing my opinion on here.

To further detract from my own point, it actually seems like Telegram might be using “established norms” for encryption nowadays anyways [1], although I couldn’t really tell from the brief description I read on Wikipedia.

Overall, I think Telegram is perceived as being less secure than Signal primarily because of the reputation Telegram has for implementing their own in house encryption techniques, even if they don’t use those techniques anymore— their name has become associated with their known history of using ad hoc encryption.

[1]: https://en.m.wikipedia.org/wiki/Telegram_(software)#Architec...

_Algernon_
0 replies
6h57m

Also, Telegram does not even have e2ee as an option for group chats while Signal does. That's a pretty big deal!

snotrockets
2 replies
22h7m

Telegram isn't a messaging service. It's a social network with a messenger UI. Quite ingenious, if you'd ask me, but a social network and a private messenger can't really be reconciled into a single product.

AnonHP
1 replies
17h19m

What would you classify Signal as, with its stickers, cryptocurrency (MobileCoin), etc.?

hunter2_
0 replies
13h1m

I think "social" in this context refers to frictionless friend finding, not stickers. Good privacy involves a certain level of friction, with PGP verification being a classic example of the UX problem space.

contact9879
2 replies
1d

You're in luck because Signal had a whole blog post about long term financing a couple months ago.

https://signal.org/blog/signal-is-expensive/

nicce
1 replies
23h16m

Good reminder that need to make a new donation.

brewdad
0 replies
21h49m

I kick in $5 a month because that's about what I figure self-hosting a messaging service would cost me. I don't want the hassle of self-hosting and I trust Signal more than the other remote hosted options.

Geisterde
5 replies
21h2m

Matrix might interest you, but it doesnt solve telephone numbers (i think)

godelski
4 replies
20h44m

I don't want to be too dismissive of Matrix, but I also see these types of comments as understanding what problem Signal is actually addressing: security for the masses. There's no way I'm getting my grandma on Matrix and you're delusional if you think she can setup a server. But it isn't hard to get my grandma on Signal and that's a much better security feature than federation or even not having phone numbers. If I want extreme security, you're right that there are better tools. But my threat model isn't trying to avoid nation state actors, it's mostly about avoiding mass surveillance, surveillance capitalism, and probably most importantly: sending a message to the gov to fuck off with all this spying. At the end of the day, there's no other app that's even close to fulfilling those needs.

I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.

And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?

[0] https://news.ycombinator.com/item?id=39446183

BlueTemplar
2 replies
13h58m

There's no way I'm getting my grandma on Matrix

Why ? Have you tried ?

staunton
0 replies
13h6m

Indeed, my grandma is on Martix (I did help her set it up though)

godelski
0 replies
11h4m

lol I can barely get my grandma to text. My parents don't even get Signal. Most of it is will power though, no one gives a fuck. In fact, most of the people in my CS grad program think both are too hard to use and don't see the point of using encrypted messengers. Even people studying security aren't using Signal. Yes, I think its odd too.

Geisterde
0 replies
19h46m

Oh, I agree completely with everything in the top paragraph, and I certainly have seen a natural trend towards central nodes/relays in all the federated networks I can think of. I think the appeal is that for the average user its about as good security as anything else available, and it has the option to work off the centralized network.

vel0city
4 replies
1d

But bitwarden still doesn't know how to differentiate microsoft logins

To be fair to Bitwarden even Microsoft doesn't know how to differentiate between multiple Microsoft logins. As of at least a year ago, you can technically have different logins with the same username/email identifier, and different login prompts will behave differently.

smingo
0 replies
12h27m

indeed, with an incoming Teams meeting invite, it should be determinable from the sender's context which account should work on the meeting. Instead there is 2 minutes of waiting, and what seems like pot luck with the account.

mtnGoat
0 replies
16h56m

You can use these “features” to hijack accounts too ;)

I’d call them bugs, but they’ve been reported and didn’t get fixed.

godelski
0 replies
23h16m

Oh yeah it was more a joke than anything. Microsoft is just creating such a shitty environment. I can be logging in from my company portal where they know the identifier yet I still have to add @company.com. I mean I got one for my job, for my university, for conferences (CMT), and I swear I'm forgetting 30 others that I only use once in a blue moon.

They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.

I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.

folmar
0 replies
21h22m

Also nice to mention that some of those are connected and some are not. For example I have a personal account (that I did not create but appeared magically at some point; it behaves as totally separate), a work account (main work tenant) and three guest work tenants that share the password, but don't share the 2fa. For some apps you chose the tenant, but not for all.

FlamingMoe
52 replies
1d2h

I couldn't believe it when I first signed up for Signal and people who had my number were * sent notifications * that I had just signed up. This could've included people I had blocked on my phone.

myself248
31 replies
1d2h

Same. One included an unstable individual who I was happy had forgotten me. Suddenly he messages me out of nowhere -- "Oh hey, you still exist! And you just installed Signal.... hmm, given what day it is, I'm guessing you're at such-and-such event?"

Absolutely unacceptable.

FirmwareBurner
29 replies
1d2h

I think the Signal devs hadn't thought this through at all and just blindly copied what Telegram was already doing thinking it must be cool and trendy with the masses, without understanding their core user base at all.

Same with prioritizing stories, stickers and crypto payments as core features of Signal when that's not what most of their users care for. Meanwhile there's still no official way to port your existing chat history on PC and iOS to your new device, or support for Android tablets. Obviously, stickers are more important.

tptacek
12 replies
1d2h

Signal (and Signal's phone number model) predates Telegram. It was designed as an SMS and WhatsApp replacement; that is, it was originally designed to replace insecure phone-number-addressed systems.

Obviously, the cryptographic guarantees of the two systems aren't even close to comparable.

FirmwareBurner
10 replies
1d2h

May be. But that feature wasn't there since 2014. Signal has adopted a lot of "social media" feature from WhatsApp and Telegram over the years.

tptacek
9 replies
1d2h

They're messengers. They have messenger features. The details of how those features are implemented is what matter. Last I checked, Telegram doesn't even have encrypted group messaging, and it has a serverside database of who's talking to who.

I don't know what "feature" you're talking about not existing until 2014, but before Open Whisper Systems, the thing we call Signal was "TextSecure", a literal SMS replacement.

FirmwareBurner
8 replies
1d2h

>They're messengers. They have messenger features.

And some are better at being messengers than others.

tptacek
7 replies
1d2h

This is true. At every point where Telegram and Signal had the choice between being a pleasant messenger experience or being secure and private, each made decisions consistent with all their previous decisions.

tjoff
6 replies
1d1h

For some definition of secure and private.

Forcing you to use your phone number and then the same second you created your account go behind your back and spam everyone you just did so is neither private nor something many would associate with secure.

I guess something doesn't have to be secure if you can pretend it is public.

Of course Signal has carefully designed their goals to allow them to do that but in doing so that is a straight up asshole move in a context where they should be seeking trust?

Absolutely mind bending.

This is a great improvement, but they have already proven they can't be trusted with anyone's phone number so it is a damn shame they still won't allow you to create an account without one.

It is a decent service otherwise, but my fricking god I hope they at some point realize the harm they've done.

Up until today I've been ashamed of suggesting signal. Hopefully that will change with this feature.

tptacek
3 replies
1d1h

My general experience in discussing this over the last 10 years is that nerds like us generally find it absolutely mindbending when privacy services make decisions in the interests of ordinary people, such as using the phone-number-based addressing ordinary people already use in order to minimize serverside metadata. But I think it mostly just speaks to how carefully people aren't thinking about the project's goals, and the fixation they have on their own goals. A lot of people are just super angry they can't write their own TUI for Signal.

tjoff
2 replies
1d1h

That argument might have had something to stand on if:

1. Users were properly informed

2. Users were given the option to opt-out

And please don't pretend being annoyed about not being able to write third party client is in the same realm, that is just disingenuous.

tptacek
1 replies
1d

I'm pretty comfortable with how sturdy my argument is, but that doesn't mean I think you have to agree with it.

tjoff
0 replies
1d

I'm interested to know how you believe basic honesty (1) or choice (2) would violate Signals goals, or impact them negatively.

And I'm not talking about something obnoxious like a cookie-banner here, something in the fine-print would go a long way.

kelnos
1 replies
23h6m

Having to share your phone number does not meaningfully affect security and privacy. Being able to sign up without a phone number enables anonymity. Anonymity and privacy are related, to be sure, but anonymity is not required for privacy.

I think it's a mischaracterization to say that they spam "everyone" when you create an account. They only tell others who a) have you in their contact lists, and b) have an account with Signal too. I agree, though, that they should be more transparent about this, and require that you opt in to this behavior.

Personally, though, I don't mind it; for the most part this is how I've discovered other contacts on Signal, and vice versa. But I can understand why it makes some people uncomfortable.

What I find "absolutely mind bending" is that this is such a big deal-breaker for people such as yourself. While I wouldn't call it a nothingburger, it's -- to me -- at most a simple error in assuming what people are comfortable with.

Edit: I re-read what a few others had said upthread about how indiscriminate this new-user notification is. The examples of notifications being sent to users that had been blocked via the phone's built-in call/SMS blocking features are especially chilling. There's really no excuse for that, but still, to me this automatic notification is a feature developed in good faith, with good intentions, not some nefarious privacy invasion. They should be taken to task for its failings, but dismissing the entire platform over it seems a bit over the top.

BrandoElFollito
0 replies
11h1m

Having to share your phone number does not meaningfully affect security and privacy.

Of course it does, way more than "meaningfully". I actually wonder if I got your message right taken that I am not a native speaker of English.

Do you mean that if your phone is public (and you are known to be the owner) you will not get creepy calls, have ot listed as a free pizza delivery for calls after 23:00, having it blacklisted, ....

I must have understood wrong.

Otherwise what is the number of your president/prime minister? Or the CEO of Google/Apple/... I do not think they are public.

slim
0 replies
1d1h

TextSecure and Redphone did not upload your contacts to the cloud. No need to be a security expert to know that it's unwise to leak user state to contacts. In fact textsecure (now Silence) is the first SMS app to have a different colors for each contact to help the user avoid mistakingly messaging the wrong person.

metalliqaz
11 replies
1d2h

Stickers are more important because just like every other tech company, growth is the only way to stay in business. You can just run a business on delivering a good product to your customers anymore. You have to grow constantly, which means bringing in new customers which, by definition, aren't part of the core user base. It's gross and depressing and it enshitifies everything

FirmwareBurner
10 replies
1d2h

>You can just run a business on delivering a good product to your customers anymore.

Who said Signal was a good product to begin with? And who though adding sticker would improve market share?

Casual users value UX and porting their chat history and VoIP calling vastly more than they value E-2-E encryption. You can't talk about growth when you fail to deliver on these fronts first. That's how Telegram and WhatsApps rule the market.

Adding stickers won't move the userbase needle when you already lost your potential users at the lack of chat history and UX.

WolfeReader
7 replies
1d1h

What fantasy land are you posting from? Signal has 40 million users as of 2022 (this was the first stat I found on a quick DDG search, which is all the effort your post deserves).

Also: "Who said Signal was a good product to begin with?" LOL. Just read the comments on this link bro.

FirmwareBurner
6 replies
1d1h

> Signal has 40 million users as of 2022

How does Signal count it's active userbase? Like I said, me and almost everyone else I know have it installed but don't regularly use it because most people don't really like it versus the established Telegram and Whatsapp.

WolfeReader
5 replies
1d

Signal is known to store two points of data per (hashed) phone number: the first login date, and the most recent login date. The second point is sufficient to get a user count.

FirmwareBurner
4 replies
1d

Having a "most recent login" doesn't prove someone is an active user. I use it about once every two days, am I also an active users? Compare that to WhatsApp which most people use multiple times a day or even multiple times per hour, and you get the picture of how popular or lack thereof Signal is by comparison.

Like I said, a lot of people have Signal, but very few use it as their primary messenger on a regular basis, and more of a "it's just there in case one of those tech nerds who told me to install it decided to message me on"

WolfeReader
3 replies
1d

"I use it about once every two days, am I also an active users?"

Yes. I think your definition of "active user" is non-standard.

FirmwareBurner
2 replies
1d

Is it? My definition of active, is "do you use Signal as your main messenger or in that ballpark".

If you only use it a couple of times per week you're not really an active users when messenger apps on average get used multiple times per day.

So I don't think I;[m unreasonable at all to compare Signal to the average messaging apps in term of screen time.

kiwijamo
0 replies
23h20m

By your definition I don't have any active messenger!

WolfeReader
0 replies
23h54m

Yes, that is definitely a non-standard definition of "active user". It's not really a relative term - if you're signed in and sending/receiving messages, you're an active user.

baq
1 replies
1d1h

And who though adding sticker would improve market share?

My daughter loves stickers.

FirmwareBurner
0 replies
1d1h

That's not the point. The point is if stickers make people love Signal. Sticker are popular on other platforms as well but because those platforms are popular not because they have stickers.

elevation
3 replies
1d2h

Nothing about Signal is haphazardly borrowed from Telegram. The feature we're discussing was chosen to help Signal to grow from a few thousand users to 50M+ without needing to build a social graph on Signal servers.

This mechanism may not be ideal for all users, and it's possible that Signal has now outgrown it, but without it, there would be no Signal as we know it today.

FirmwareBurner
2 replies
1d2h

>The feature we're discussing was chosen to help Signal to grow from a few thousand users to 50M+ without needing to build a social graph on Signal servers.

How did THAT feature help Signal grow?

You only receive that spammy message if you already have Signal installed and your contact already has it too.

Signal grew a lot in 2021 (in Europe) because of the pandemonium created by Meta when they announced a change in WhatsApp Privacy Policy so everyone rushed to install Signal but the initial surge, was short lived.

Moving the clocks forward to today, looking at my extended network of family, friends and acquaintances, almost everyone has Signal installed, but most don't use it anymore as it's too frustrating and feels dead, so everything is still on WhatsApp, especially groups. All the Signal groups I have, originally meant to replace the WhatsApp groups, slowly died out and people stopped posting on them or following them, defaulting instead back to the WhatsApp groups.

You don't fix this lack of retention with stickers and spammy messenges.

shafyy
1 replies
1d1h

Let's see if and how Signal will become interoperable with WhatsApp later this year...

baq
0 replies
1d1h

Tell me more?

dylan604
0 replies
1d1h

I was all excited about Signal, but rarely use it because of this very feature. Once it started sending me notices about other users, I was extremely not happy. I was very hesitant since one of the first things it did was ask for access to contacts. I'm still pissed at myself for allowing it.

smt88
5 replies
1d2h

I've seen this on Telegram but never on Signal. I use Signal on both iOS and Windows.

2024throwaway
3 replies
1d2h

I uninstalled Signal and haven't looked back due to the constant `X from your address book has joined Signal` notifications that you can't disable.

miken123
1 replies
1d2h

Except that, you can actually disable them.

https://support.signal.org/hc/en-us/articles/360007061452-Do...

2024throwaway
0 replies
1d1h

Well that's new then. You used to not be able to.

pitaj
0 replies
1d2h

There's a setting for it on Android at least:

Settings > Notifications > Notify When > Contact joins Signal

mardifoufs
0 replies
1d2h

I think you can turn that off with telegram, but I'm not sure if it's still the case.

photonthug
4 replies
1d2h

After I realized this happened to me, I uninstalled signal. But because of the way signal jumps in and replaces normal sms, I found out later that signal users were no longer sending/receiving plain text messages to/from me properly. I forget the details but it was really frustrating.. first it ate my contact list and contacted them, then after I uninstalled it held those contacts hostage, breaking comms with them because those users didn’t know they were still signaling me, not using a normal text message. I text, they reply with signal, I can’t ask them to uninstall their app, so now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.

sigmar
1 replies
1d2h

now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.

yeah, you need to authenticate to delete the account (aka deregister). How else would they verify that you are the owner of the account you want to delete?

photonthug
0 replies
1d1h

So because they elected to blur the line between their own opt in service and a built in service, I have to jump through extra hoops to properly opt out and get my comms back up? That’s if you even realize any of this is happening. Whether it’s down to design or to negligence, that’s a pretty hostile user experience and it feels deliberate, especially since they pawed through my Contacts to “help” me into this position. I felt disrespected and no longer very confident in their stated values/mission. Hard to use or recommend after something like that

ThePowerOfFuet
1 replies
1d1h

Signal has not supported SMS for quite a while now.

photonthug
0 replies
1d

It would be interesting to know whether signal decided to fix the awful UX I’m describing or if the android/iOS app stores noticed the abuse and disallowed it

greysonp
3 replies
1d1h

Hi there, engineer on the Signal Android app here. Just an FYI that the notifications are generated on the receiving client by detecting that one of their contacts newly showed up as a registered user -- they're not "sent out" by you when you register or anything. Also, these notifications have defaulted to being disabled for the last 1.5 years or so. So only people who go into their settings to manually turn them on should be seeing them at this point.

That said, the complaint around this is usually that people don't want others to know that they use Signal. And unfortunately there was no way to _really_ do that (until now), because if you open your chat list, you'll see all of your registered contacts. But in the 7.0 release, we added the ability to hide yourself from being discoverable by phone number at all. So for people who don't want anyone else to know that their phone number is registered with Signal, they now have that option.

kelnos
0 replies
22h23m

I personally don't have a problem with this feature, and it's actually how I discovered Signal use among many of my friends.

But I think it's inexcusable that these sorts of notifications could essentially allow someone to circumvent blocking done by one of their contacts. If I've blocked someone via my phone's default contact blocking mechanism, and then I join Signal, and that person is already on Signal, they should not suddenly be able to contact me... and even be explicitly invited to do so on their end!

I wouldn't be surprised, though, if neither Android nor iOS gives regular apps access to the blocked contacts list. So I'm not really sure how an app like Signal could solve this problem.

dylan604
0 replies
1d1h

But in the 7.0 release, we added

great, but what about all of those people that installed before 7.0 and had it already happen to them? "oops" doesn't help. at. all.

GuB-42
0 replies
1d

How come it wasn't the default right from the start?

How can a privacy oriented company not see the privacy implication of this? Sometimes, you want to be forgotten by some people, and Signal is telling them you are still there and active on that number. I remember reading a story about someone getting into real trouble for that.

Without "usernames", the proper way to handle it would have been to not let anyone know you are on signal when they look up your number. To get into contact, send a message, then the recipient will receive a notification with the message and an option to rely. If the recipient doesn't respond, from the sender point of view, it should be as if the account didn't exist.

dsp_person
1 replies
1d2h

https://github.com/signalapp/Signal-Android/issues/7409

We've discussed at length why this is not possible, but if you have more thoughts then please visit the forums. Please try not to open duplicate issues in the future, even if you feel like something is important.

I wonder why this is "not possible"

px43
0 replies
1d1h

The list of phone numbers with signal accounts is basically public. It kind of has to be. When a new number gets added and it matches someone in your address book, your app will tell you that one of your contacts has joined. People have always had the ability to turn off that feature, but that's not what the feature request seems to be asking.

People seem to be asking for a way they can join Signal without their number showing up in the registry of Signal users. This is why it's "not possible".

edit: This may have changed today. I'm now seeing an option that lets me hide my number from the registry. This means that even someone with my phone number will not be able to message me on Signal, which seems like a good deal to me.

lynndotpy
0 replies
1d2h

This and the iPad "We'll remind you later" iPad notification nag are significant problems. I am a big supporter of Signal, but it's certainly hostile to those escaping an abusive situation. Usernames are a step in the right direction at least.

dkjaudyeqooe
0 replies
1d2h

One of the many reasons to never sign up for a service that requires your phone number, or have a special number just for this purpose.

avsteele
0 replies
1d2h

Yes, this drove at least two people I know/encouraged to use it off the platform. When people see this they also think that Signal snooped their contacts. Very bad.

tcmb
42 replies
1d1h

I like the idea, but they should have called it something else instead of ‚usename‘. Maybe ‚connection string‘ or ‚discovery phrase‘. Right now they have to explain at length in what ways it’s different from regular usernames.

nsxwolf
20 replies
23h48m

Is ,comma-backtick` some personal quirk of yours, or is it some standard I'm not aware of?

loeber
9 replies
23h43m

European quotation marks commonly have the left one down low and the right one up high. The same applies for single quotes. But using comma-backtick is deeply unorthodox.

sph
4 replies
22h49m

Germany != Europe.

The French use « », Italians use ‘regular’ “quotes”, etc.

Strangely enough, this is the first time I see your style of quote, in two decades on the Internet.

replwoacause
2 replies
17h53m

Yeah I’m surprised at how rare this is to see. I guess that means all Germans don’t follow this convention?

illiac786
0 replies
14h49m

I believe it should be double, „like this“, not single quotes.

helboi4
0 replies
9h35m

Other countries use it too. I'm pretty sure that Spain does.

lock-the-spock
0 replies
12h25m
fredoliveira
2 replies
23h0m

European quotation marks commonly have the left one down low and the right one up high

Wouldn't say it's "common", because IIRC that's only the case in Germany and Austria.

pitkali
1 replies
22h40m

Also in Polish, actually.

Jenda_
0 replies
22h20m
replwoacause
0 replies
17h50m

Interestingly, the author does not follow this convention on his personal site (first link in profile) … instead option for the ‘single quote’ form instead.

stavros
7 replies
23h27m

It's ‚comma-apostrophe‘, actually.

godelski
6 replies
23h13m

,comma-apostrophe'? Only place I've see the backtick used for apostrophe is latex. And even then half the people don't know about it.

stavros
5 replies
23h12m

Sure, but there's no backtick in the GP's comment. Only an apostrophe.

godelski
4 replies
22h57m

Wait what? I see

,comma-backtick` whereas I wrote ,comma-apostrophe'

I copy pasted both btw. You see them both as '? I see GP as having ` and me having '

https://en.wikipedia.org/wiki/Backtick

stavros
3 replies
22h55m

tcmb used ‚comma-apostrophe‘. nsxwolf asked "Is ,comma-backtick` some personal quirk of yours, or is it some standard I'm not aware of?"

I'm pointing out that nsxwolf was wrong to ask about comma-backtick, because tcmb used comma-apostrophe.

roryokane
2 replies
22h34m

Both are wrong. tcmb didn’t use ‚comma-apostrophe’ – they opened with , U+201A SINGLE LOW-9 QUOTATION MARK (not U+002C COMMA) and closed with ‘ U+2018 LEFT SINGLE QUOTATION MARK (otherwise known as an open single quotation mark).

This matches the German convention described on https://en.wikipedia.org/wiki/Quotation_mark#German.

godelski
1 replies
22h12m

Sorry I was quoting nsxwolf. But now that you point it out, I can see the difference. It's subtle so I'll copy paste so others can see.

tcmb: ‚usename‘

nsxwolf: ,comma-backtick`

stavros: ‚comma-apostrophe‘

godelski: ,comma-apostrophe'

Though while copy pasting I see tcmb and stavros as having the same character which is different from the longer character you pasted. Seems my clipboard doesn't like that character. I also seem to have crashed OSX's emoji and symbol tray. No longer pops up if I press the button (bottom left) or select from firefox but got it back by opening safari.

Fuck man, I do not envy you people working on ligatures. Or timezones. I'm always impressed by these random rabbitholes and complexities in things that always look very simple. It's beautiful in a weird way.

crazygringo
0 replies
20h21m

Wow this is like the most HN thread I've ever seen, I love it! It's almost like a punctuation version of "Who's on first?"

Everybody's arguing, then finally all is revealed, and I learned a ton of stuff along the way about German quotation marks and the subtle difference between backticks and opening curly quotes, and low quotation marks and commas, in the Verdana font!

(If this had been a serif font with actual curly quotes the differences would have been much more obvious...)

tcmb
0 replies
15h12m

It‘s what my phone made out of two presses of the same (single quote) button.

lock-the-spock
0 replies
12h25m

To give a definite answer to the discussion below - it seems Czech, Slovak, German, Slovenian and Croatian sometimes use this format. Here an authoritative source: the EU publications office:

https://op.europa.eu/en/web/eu-vocabularies/formex/physical-...

m12k
11 replies
1d1h

"friendcode" seems to be pretty standard in multiplayer video games

samstave
6 replies
1d

HellDivers 2 LFG rn is all about sharing Friendcodes... you can get a ton of them on discord or reddit... but then you end up haveing a "friendcode" cybermentally-distributed DNS system for them over time.

Six degrees will still exist.

(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?

---

OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...

So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2... but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...

still - even with random friend codes - six degrees is still available, easily.??

---

I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....

But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...

But I'd really like to know more about the arch and overall traffic flows etc of this game.

Its beautiful see "problems" like this explode in like ~2 weeks.

What do internet traffic graphs look like since growth, per carrier?

solardev
5 replies
1d

Does it not have built-in public matchmaking?

pfych
4 replies
23h49m

The developers last game had an all time peak of 7,000 users. They planned worst case scenario of 250,000 users for the sequel expecting more realistically 50,000 users.

They're currently at 394,686 players on steam alone - not including Playstation players. The servers are doing their best right now.

solardev
3 replies
21h44m

Sorry, I don't quite understand this in the context of "friend code" vs "matchmaking". Are you saying that friend codes bypass their servers, allowing peer-to-peer play even when the servers are overloaded (the way direct IP addresses used to do in old PC games)?

I apologize for not asking a clearer question. I was actually just interested in buying the game, but only if it has public matchmaking built-in for finding anonymous pick-up groups, instead of needing an external Discord server to swap friend codes on.

samstave
2 replies
17h48m

Friendcode is basically a token: lets have a game - call me on this burner number. we have game.

.>..x###.////3~~E`~,~X>>----- XXNXN x0x

then I know that youre solardev.. and we can be friends in future

(but this model is exploitable in ways, which is premise of many threads here)

solardev
1 replies
5h49m

I get that, but how does that help with overloaded servers? Unless the friend code is actually an IP address for peer to peer networking (which is rare in online games because of cheating), it still has to go through some central server.

At a minimum, the server would connect the tokens to players in a database. But usually I think they do more than that, such as hosting lobbies, punching through NAT, and in many cases, actually hosting the games themselves and being the authority for all the state.

In that case I don't see how tokens would save any load over matchmaking.

samstave
0 replies
4h15m

>the server would connect the tokens to players in a database*

the additional telemetry data for such connections and also unknown tracking from the clients is what is load.

unless you know what is coming going from to each client, and reqs of that connection btwn clients on the DB... have a bad time?

--

Or am I an idiot.

weikju
0 replies
23h49m

Not everyone I connect to on signal is a friend. same for e.g. journalists or government people who use Signal.

pests
0 replies
2h13m

Why not "invite code" like Discord does it? This is literally the same thing.

Its a code, inviting other people to speak to you.

duxup
0 replies
1d1h

Yeah that seems to be the standard and very descriptive.

b1n
0 replies
23h52m

Maybe "contactcode" would be better in this situation, as it doesn't imply any specific relationship between participants.

WolfeReader
2 replies
1d1h

"Connection string" already means something else. I'm partial to "Identifier", myself.

msm_
1 replies
23h53m

But identifier already means something else (i'm used to identifiers being unique, constant, and useful for actually identifying someone).

WolfeReader
0 replies
23h49m

Good point!

The former C++ programmer in me wants to call them "user pointers" but that would just confuse people who haven't learned pointers.

folmar
1 replies
21h16m

There is old-now-unused "nickname".

jamwil
0 replies
18h49m

I like “handle”. It’s short and conveys some mutability.

denton-scratch
1 replies
11h8m

they have to explain at length

My reaction to the article was that they're using a lot of words to explain this change. That suggested to me that maybe they aren't being completely candid.

I've never used Signal, because (a) I don't want to rely on a smartphone, and (b) I don't want to use my phone-number as my ID, because it's traceable. I can't work out from the TFA verbiage whether this change addresses my concerns or not. That in itself is concerning, to me.

Tmpod
0 replies
8h20m

Regarding (a), apart from the inicial account setup, you can actually use the desktop client fully standalone.

Regarding (b), yeah that's still a bummer, though, depending on your country of residence, you can get throwaway SIM cards for free and use that.

crossroadsguy
0 replies
11h43m

They also missed the opportunity, like many times they have done over the years, to actually make it something rather like 'Hide My Number' in true sense, after spending years sitting on this feature. That would have been the true case of "caring for privacy". This is just a lazy (too lazy!) copy from Telegram (however, with one good thing -- getting rid of username vanity)

WhyNotHugo
0 replies
10h2m

Indeed. And apparently you'll still log in with your phone number (not the username).

rvz
29 replies
1d3h

Until now, someone needed to know your phone number to reach you on Signal. Now, you can connect on Signal without needing to hand out your phone number. (You will still need a phone number to register for Signal.) This is where usernames come in.

How about no phone numbers for registration at all?

fsflover
22 replies
1d3h

How about switching to Matrix? (I already did and am happy.)

tptacek
14 replies
1d3h

Matrix doesn't have the same threat model as Signal, and isn't a 1:1 replacement for it. Matrix is great (maybe optimal) for things that would otherwise be Slack channels.

fsflover
13 replies
1d3h

I don't understand which different threat model you mean. Could you elaborate? To me, it's the same: private, end-to-end encrypted chat with rooms.

tptacek
12 replies
1d2h

Signal:

* Gives the servers virtually no control over communications between parties.

* Goes through huge pains to minimize serverside metadata storage.

* Is a sealed system end-to-end; the client and the server are part of a single coherent design that together make promises about privacy and security that apply to every user of the system; Matrix is a protocol ecosystem.

A good example of this is group messaging: Matrix servers control group membership. In Matrix, group membership is key management; a Matrix server decides who can decrypt your group messages. That's not how Signal works! But I don't think anybody seriously thinks Signal is a replacement for a large Slack.

fsflover
11 replies
1d2h

* Goes through huge pains to minimize serverside metadata storage.

And yet uses AWS: https://news.ycombinator.com/item?id=39414322

tptacek
10 replies
1d2h

And? It could run on NSA servers and it shouldn't in theory much of a difference. (I would not use Signal if it ran on NSA servers).

The threat model assumes attackers have maximal control of the server environment.

baq
9 replies
1d1h

Assume US AWS servers are NSA servers.

tptacek
8 replies
1d1h

You get that it's the literal opposite, right? There are actual rules, whether you believe NSA follows them or not, about NSA interfering with US servers. Not only are there no rules applying to overseas servers, but interfering with those servers is literally NSA's chartered mission.

greyface-
5 replies
22h5m

Rules historically have not been an impediment to the NSA. Worst case, they can be ignored, best case, they can be interpreted with extreme creativity. Five Eyes partners are not subject to the same rules, and information can be shared freely with them.

This continued insistence (widespread - not just you!) on the benevolence and good faith of US intelligence, post-Snowden, doesn't make any sense to me.

tptacek
4 replies
21h9m

Yes, I agree that the rules don't mean much to NSA. Do you see why that doesn't matter in this case?

greyface-
3 replies
21h4m

No, I don't see that. I do, however, see you in the parent comment arguing that rules are what currently prevent the NSA from compromising AWS.

tptacek
2 replies
20h27m

You skipped whether you believe NSA follows them or not. Even if NSA ignores those rules, they have literally no rules about compromising foreign servers; they are required to do so, as part of their job.

Take a step back and note that nobody on HN is going to make an argument premised on "you should trust NSA to follow the rules". You can accept that as an axiom and have easier conversations here.

fsflover
0 replies
11h50m

Even if NSA ignores those rules, they have literally no rules about compromising foreign servers

This is not good enough. Signal server is a single point of failure: NSA (and any other attacker, e.g., China) knows that the users can't go elsewhere, so it's very easy to target them all (thanks to the Signals's politics of walled garden). In case of Matrix, there are thousands of servers around the world, which you have to find and get into. They can run completely different software. This is not very scalable or easy.

baq
0 replies
13h52m

I guess this whole subthread is based on the assumption that non-US servers are somehow more safe than US servers; I completely agree that's obviously not true, I just want to point out that allies ratified shenanigans to pull between each other to stay compliant with internal regulations on paper but in truth have access to everything about everyone: https://en.wikipedia.org/wiki/Five_Eyes

...and this is the declassified part.

baq
1 replies
1d1h

I’m not in a position to know anything except unconfirmed rumors about the NSA.

Hence my position remains unmoved.

tptacek
0 replies
1d1h

Ok! Either way: immaterial to Signal.

windexh8er
5 replies
1d2h

For users who want strong security in messaging, yet an easy way for anyone to use the platform Signal has a much better user experience. Over 95% of my messaging is on Signal. Almost none of those users will benefit in any way by switching to Matrix. While it's a great ecosystem, it's also too much work for people who don't want those features or flexibility.

autoexec
4 replies
1d2h

For users who want strong security is messaging signal should not be considered because they lie to users about their risks, and they store sensitive data in the cloud. It's easy to use and not a bad chat/IM system, but I would never trust it to protect your data.

egberts1
3 replies
12h58m

Given that you post same diatribe on a common theme, you clearly lack ways to back up your veiled allegations without any evidence.

https://eprint.iacr.org/2016/1013.pdf

fsflover
1 replies
11h25m
egberts1
0 replies
3h40m

In the spirit of CALEA, sealed sender basically pushes law enforcement back to good ol' days of "got the time", "got the IP addy", but "we don't know what was said".

autoexec
0 replies
11h4m

Here you go: https://news.ycombinator.com/threads?id=autoexec&next=394457...

The paper you linked to was published before they started collecting and storing sensitive user data in the cloud

tapoxi
0 replies
1d2h

My parents, in-laws, grandmother-in-law, and entire extended family is on Signal. It's the extended family group chat, video calls with grandparents/great grandparents, and the baby photo feed. That's mostly because you just install it and it works.

I have no idea how to get my extended family on a Matrix homeserver without extensive handholding. I can barely figure it out myself and I was a huge XMPP nerd that ran my own ejabberd server for years.

flockonus
4 replies
1d3h

That would welcome a world of spam. Sybil identities is currently an unsolved problem, the mitigation is the requirement of unique scarce resources (like phone number in this case)

rvz
3 replies
1d3h

Sybil identities is currently an unsolved problem, the mitigation is the requirement of unique scarce resources (like phone number in this case)

Then let your phone number receive the spam instead?

flockonus
1 replies
1d2h

fww i get a lot of spam in Telegram, but none in Signal (same phone number), so whatever they are doing by my very limited benchmark is going well.

tazu
0 replies
1d2h

You can restrict who can message you first ("start a conversation") to Contacts on Telegram, not sure how spam is an issue. I hope Signal does the same thing.

bpfrh
0 replies
1d3h

No, the phone number needs to be known by the other party and you need to accept the "friend" request.

It prevents the creation of an unlimited number of signal accounts by a single user with no cost to the user but cost to signal and other signal users.

edit: Your are probably right in that it does not change the risk of spam for a single user, as you could guess the phone number or just iterate over all known phone numbers and try to connect to them.

requiring phone numbers only solves the cost problem for signal(The company/legal entity) and lowers(hopefully) the amount of spam that would get send.

insane_dreamer
0 replies
1d2h

so one person can create 1000s of accounts?

noja
24 replies
1d3h

Great! Now can we have backups so we don´t lose our messages if our phone gets stolen or breaks?

ibejoeb
20 replies
1d3h

Backups have existing for quite some time: settings -> chats -> backups

update: only on android. turns out there are quite a few caveats for backup. See https://support.signal.org/hc/en-us/articles/360007059752-Ba...

izacus
8 replies
1d2h

Please stop peddling this horrible experience as a form of a valid backup. A process that requires full manual interaction and requires you to know ahead of time when your phone will break or be stolen is not a useful backup process.

growse
7 replies
1d2h

Eh? My Signal auto-backups every night to a device folder which I then replicate off with Syncthing. How is that requiring "full manual interaction"?

freedomben
6 replies
1d2h

I think GP is being a little too harsh, but I also think you're being a little too generous. If it requires a third-party tool like sync thing, then it seems like a hard point to argue that signal has Auto backups. It's better than nothing, but it is definitely not as seamless as most users would expect from a backup solution.

growse
5 replies
1d2h

It doesn't "require" Syncthing, I just choose to use it. I could choose to keep it on my device, or upload it to Dropbox or something else. Even keeping it locally is still a backup that protects against the device corrupting it's local database or accidentally getting uninstalled / cleared.

There's no single obvious thing called "this is what everyone wants from backup".

izacus
2 replies
1d

It's pretty safe to say that most users will want a type of "backup" that actually leaves the device so the data doesn't disappear if your phone falls out of your pocket and breaks or gets stolen.

It's after all, a device that's carried around and much easier to destroy than pretty much any other.

For most of population (you know, the ones we all want to get onto Signal so they stop using Meta and Apple stuff) not losing their valuable pictures, memories and conversations is way above the paranoia of some theoretical government official deciding to give up while trying to unlock your phone.

growse
1 replies
1d

I don't think that's a safe assumption at all. And even if it were, there's eleventy billion different ways to have the data leave the device and wind up somewhere else.

Should Signal support/implement all of these? Some of them? Which ones?

izacus
0 replies
14h43m

Whichever. As long as it works. Plenty of choice. Instead they spend time with crypto crap.

freedomben
1 replies
1d

My Signal auto-backups every night to a device folder which I then replicate off with Syncthing

It doesn't "require" Syncthing

I'm talking about your solution, and yes it does seem to require syncthing, unless you are using some fourth party tool that sets up syncthing automatically for you, and in that case it still isn't built in to Signal.

There are other possible solutions, but you used your solution as an example. If you have a different solution that doens't require syncthing and also doesn't require manual intervention (i.e. Signal app can automate the process), please share it. Remember what the comment said that we are replying to:

Please stop peddling this horrible experience as a form of a valid backup. A process that requires full manual interaction and requires you to know ahead of time when your phone will break or be stolen is not a useful backup process.

Did you not have to manually setup syncthing (or some other sync tool) to get it working? Or do you know of some way to do that with just Signal?

Unless you are saying that Signal has a built-in backup solution that doesn't require manual intervention (like configuring some sort of third-party syncing service) then you aren't rebutting anything.

growse
0 replies
1d

If we're widening the definition of "manual intervention" to "I have to configure my device to do what I want", then yes. Setting up backups is a task that requires a manual intervention.

You want signal to fully automate the process of configuring your device with an arbitrary third party service to send backups to with zero "manual intervention"? I think you're asking for the moon on a stick.

noja
2 replies
1d3h

Nope. Latest version.

ibejoeb
1 replies
1d2h

Backup functionality was removed in the latest version?

jacoblambda
0 replies
1d2h

No. iOS builds don't support it.

bsimpson
2 replies
1d2h

I see it, but it just looks like it uses internal storage. So far as I know, there's no Drive File Stream/Dropbox sync for Android, so you'd still lose your shit if you weren't manually backing them up somewhere.

I doubt that's a habit many people will develop for a setting they didn't even know existed.

MadnessASAP
1 replies
1d2h

It's not going to help a casual user but I solved the problem by putting the Signal backup in a Syncthing shared folder. It's been a workable solution at least 2 phone swaps now

XorNot
0 replies
1d1h

It tries to keep 2 copies and so uses 2x the space on your phone. If you're sending a lot of images and video, then it becomes impractical quickly.

anigbrowl
2 replies
1d2h

They're pretty bad. You can't specify where the backup goes, so if you are running low on storage space (eg if you have a lot of photos or videos to back up) and add an SD card, tough luck because you can't save there. The best you can do is manually export your media (also without any choice over where it goes) and then manually move it to the SD card to make space on your internal storage. They say this is for security but if an attacker is in a position to export your backup, they are already in your signal account.

Same story with the PIN signal requires if you haven't used it in a few hours. It's the same as your phone PIN and there isn't anywhere you can change it, so it's just security theater.

ThePowerOfFuet
1 replies
1d1h

Same story with the PIN signal requires if you haven't used it in a few hours. It's the same as your phone PIN and there isn't anywhere you can change it, so it's just security theater.

This is not the Signal PIN. It sounds like you have the Screen Lock option enabled.

https://support.signal.org/hc/en-us/articles/360007059792-Si...

anigbrowl
0 replies
18h21m

I'm aware of the registration lock PIN. But the screen lock option is just the same as the phone PIN, so it provides zero additional security.

vinay427
0 replies
1d2h

My cousin comment [1] provides a bit more detail, but this is not available on iOS/iPadOS despite Apple allowing apps to save files to the filesystem and many other apps supporting this for years now.

[1] https://news.ycombinator.com/item?id=39445286

frereubu
0 replies
1d3h

I don't see that option in Settings > Chats on my iPhone. What device are you using?

p2004a
2 replies
1d3h

But there are backups available in signal app

vinay427
1 replies
1d2h

There are no backups available on the iPhone/iPad app, only a device-to-device transfer while setting up a new device assuming your previous device and new device are both iPhones/iPads. This is despite support for apps storing files to the filesystem that was added some years ago now, and many other apps on those platforms supporting backups of custom file formats (or JSON, etc.).

https://support.signal.org/hc/en-us/articles/360007059752-Ba...

yreg
0 replies
1d1h

I'm currently facing this issue.

The process to transfer the history is to scan a QR code displayed on the new phone by the app on the old phone.

Well, the camera on my old iPhone is broken. The phone has 3 other working cameras, but I cannot switch which one the app uses…

jenny91
20 replies
1d3h

I've been a Signal beta tester on iOS for as long as I remember, knowing that they were going to introduce usernames, and I wanted to get my (relatively common) name as my username. Now they finally introduced it, but they require it to end in at least 2 digits "a choice intended to help keep usernames egalitarian and minimize spoofing".

Edit: this is not actually a serious problem for me, don't worry! Rather, I think it's funny. And honestly I kind of like having the numbers required, it's a good idea. It does remove a lot of the vanity from usernames.

giantrobot
7 replies
1d3h

I can't wait to talk to elonmusk420! I'm sure it'll be the real Elon. His online antics are such anyone with that username will instantly trigger Poe's Law. Getting rid of phone numbers as identifiers is a good idea but I think it would be better to just assign user IDs or generate hashes based on user inputs or something.

vel0city
5 replies
1d2h

generate hashes based on user inputs or something.

Because friend codes were so popular on Nintendo.

Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.

KennyBlanken
2 replies
1d1h

Given nintendo's user base includes a LOT of children who are very young, the long codes may have been a feature, not a bug - the equivalent of a child latch - to slow down/discourage young users from adding people themselves so their parents have a better idea of who they are interacting with.

vel0city
0 replies
1d

Don't get me wrong I get there were intentional reasons for it in regard to friend codes and I don't necessarily fully mind with that in mind in that use case. I do kind of wish there was an "I'm 13/18+, let's take the training wheels off" feature though.

JoshTriplett
0 replies
23h48m

I expect it's more a combination of several factors:

- if we don't have usernames we don't have to deal with obscene usernames, trademarked usernames, impersonation claims, and similar

- if we don't have usernames and our generated friend codes aren't guessable, we don't have to worry about people getting random unexpected friend requests from people they don't know

giantrobot
1 replies
23h44m

The issue there is "veI0city66". Depending on the font that capital "I" might look identical to a lower case "l". A hash with an alphabet that doesn't include homoglyphs would reduce ambiguity.

There's also the "weedlordbonerhitler69" issue. A user name that seemed hilarious at 16 likely seems less hilarious at 26.

If users were identified with a hash derived from an input user name you could type in "weedlordbonerhitler69" and what would be displayed is a hash on the client side. The contact add UI could simply return the UID for the input username. So you could give out the UID or username and another user could still add you.

vel0city
0 replies
21h2m

The issue there is "veI0city66". Depending on the font that capital "I" might look identical to a lower case "l". A hash with an alphabet that doesn't include homoglyphs would reduce ambiguity.

They're not going to get mixed up typing it in from me verbally telling me the name. They're not going to get confused typing it in. And even then, validate the user after, that's another feature of signal is in person/out of band validation of the ends. So start the convo the verify through a channel you otherwise trust.

There's also the "weedlordbonerhitler69" issue. A user name that seemed hilarious at 16 likely seems less hilarious at 26.

And with their setup you can change it at any time, so once again not really an issue.

denton-scratch
0 replies
10h51m

Getting rid of phone numbers as identifiers

Unless I got the wrong end of the stick, that's exactly what they are not doing.

stavros
2 replies
1d3h

Well, I got stavros.01, if anyone wants to chat.

ggrelet
1 replies
22h50m

Could have gotten stavr.05

stavros
0 replies
22h49m

I thought of that, but it's much harder to say. "stavr dot zero five" is going to confuse people.

hnarn
2 replies
1d2h

It’s an excellent design choice, it more or less completely eliminates “vanity names” and the “value” of shorter names.

zestyping
0 replies
18h19m

It's a brilliant design choice. At first I was like "What?" and now the more I think about it, the more I realize it is an absolute genius move.

People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.

mckn1ght
0 replies
7h43m

more or less completely eliminates “vanity names” and the “value”

With notable exceptions, i’m sure, being username69 and username420 and a few others (a similar phenomenon happened in magic the gathering, when they introduced limited edition 500 print runs of cards with the serial number stamped on them, and the only ones you can really sell or command a good price for are 1, 69, 420 and 500)

password4321
0 replies
23h58m

require it to end in at least 2 digits

... notes HN user jenny91

kelvie
0 replies
1d1h

As you may already know, getting a commonly used username is also somewhat of a curse (do you like getting "forgot your password" emails every hour?)

Or tons of (mistaken) conversation requests?

canaus
0 replies
1d3h

I don’t think this is necessarily something to lose sleep over.

baq
0 replies
1d3h

I’m politely putting it away into the not-a-problem drawer.

ThePowerOfFuet
0 replies
1d1h

At least 8675309 ends in two digits!

Marsymars
0 replies
1d2h

Usernames are only used for the initial connection, so "getting" a username doesn't really gain you anything other than the "username" you give to people who don't already have you as a contact: "a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal"

boobsbr
18 replies
13h23m

Now, you can connect on Signal without needing to hand out your phone number. (You will still need a phone number to register for Signal.)

Why is it so hard for Signal and Telegram to not require a phone number as an account identifier?

I don't need to verify anything by phone or even email. If I lose the password, the account is lost, so be it. I'll create a new one.

If I really want to, then I'll set up email/phone.

cpa
11 replies
13h16m

Unfortunately, spam exists and phone verification is one of the least-bad-way to ensure that the user is a real person (there are other options, but it really is one that has many advantages).

Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.

dns_snek
10 replies
9h52m

This reasoning doesn't make sense to me. A spammer can make an account, but how would they contact me if they don't know my account handle?

Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.

I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.

_heimdall
6 replies
9h20m

I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.

Well that's a whole separate rabbit hole.

Governments shouldn't be requiring something as simple as a SIM card and phone number to be directly linked to a government ID. The right to privacy is a hell of a thing and the only reason a government would require this is to be able to spy on or track everyone.

dns_snek
2 replies
7h17m

You're right but it's Signal's mission to provide private messaging in the face of government overreach.

Even if they have a good reason for the paywall, it's so bizarre that they don't ask for $2-$5 donation via their own cryptocurrency MobileCoin as an alternative to providing a phone number.

lightdot
1 replies
4h25m

Every time one sees something "bizarre" such as this, one should assume its made so on purpose and ask oneself hat purpose does it serve.

In this case, its painfully obvious.

Then assumptions such as "it's Signal's mission to provide private messaging in the face of government overreach" suddenly become very dubious.

dns_snek
0 replies
1h11m

Oh that thought has certainly crossed my mind but I didn't want to bring it up without a shred of real evidence.

greenavocado
1 replies
5h19m

There is absolutely no way you can connect to the Internet in Switzerland without a chain of custody of your identity. And in Germany you need to show your ID card or passport to obtain a phone number. Your phone number is required for SMS verification even for free in-store wifi in shopping centers and grocery stores. There is no exception to this except for some rare routers managed by people who accidentally left their router unsecured.

_heimdall
0 replies
2h53m

I have to say, Germany doesn't surprise me too much there. The culture in general is in favor of strict rule of law and heavy regulation. I don't mean that disparagingly at all to be clear, that isn't my cup of tea but I don't live there and really don't mind at all how another culture or society prefers to run things.

Switzerland surprises me a bit there though. Presumably the people approved that, I had a Swiss friend while living in the Netherlands and was surprised by how frequently they vote on seemingly minor regulations. I very much appreciate it honestly, both as a much more democratic system and as a way of making sure the government is both slower moving and checked by the people. I have to assume the Swiss voted to allow such a regulation, curious if you know more about how that was actually legislated though.

freeAgent
0 replies
30m

It’s true that governments shouldn’t require ID to be linked to phone numbers, but in much of the world (likely most of the world’s population), they do.

MagicMoonlight
2 replies
3h19m

By bulk messaging every possible phone number... and you can't detect that because signal can't read the messages to look for spam.

freeAgent
0 replies
33m

That problem would be mostly solved if they didn’t use the phone number = account model. If you have public usernames that are sufficiently complex, spammers would spend the vast majority of their time shouting into the void. Presumably, seeing an account spamming messages to recipients that don’t exist would be a strong indicator of an account that should be closed.

dns_snek
0 replies
1h7m

That's a self-imposed problem. If they used a semi-random account handle (e.g. chosen nickname + 4 digits) there would be nothing to enumerate, and remaining spam could be filtered out with a "message requests" feature.

I've received hundreds of spam messages on Facebook, but I only found out about them years later when I clicked on "message request" tab by accident, it's extremely effective.

sedatk
4 replies
13h21m

Because it’s resilient against spam, and extremely easy to recover.

WhyNotHugo
2 replies
9h50m

They're resilient to spam, but often impossible to recover.

I had a spare SIM card that friends and family use when visiting from abroad. It's been unused for 90 days and has been deactivated. The number is lost, and irrecoverable. A friend had created a (second) Signal account with this number and can no longer log into new devices.

As a more mundane example: If I accidentally drop my phone into a river, the SIM is gone forever, and so is that line.

Sure, you can have a contract line which allows recovery. Depending on where you live, these can be several times more expensive than a regular pre-paid line.

hahn-kev
0 replies
9h31m

Easy to recover your Signal account using the phone number. Not saying it's easy to recover a phone number.

crazygringo
0 replies
6h23m

You don't need a "contract" for recovery, just an account.

E.g. in the US, Mint Mobile is $15/mo. and is prepaid in the sense that you buy blocks of months at a time. But if you lose your SIM they'll still send you another one with the same phone number.

So no, if you lose your SIM you don't necessarily lose your number, even if it's prepaid. That only happens if you're buying your SIM as an "anonymous" one-off purchase, which is not what most people do these days. Not to mention the increasing prevalence of eSIMs.

herbst
0 replies
5h54m

Email is easier to recover and unlike a phone number you can actually own and control your email. There is no way of actually owning a phone number.

dakial1
0 replies
6h11m

Apart from Spam, phone number is also one of the few unique identifiers, which is valuable to, among other things, to ID you cross-channel and show you ads.

It is easy to create a new email, but not so easy to create and keep a new phone-number.

kilolima
17 replies
1d2h

They are not usernames, so why do they call them that? They are more like disposable per-conversation identifiers.

"Usernames in Signal do not function like usernames on social media platforms. Signal usernames are not logins or handles that you’ll be known by on the app – they’re simply a quick way to connect without sharing a phone number."

Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.

This new "feature" does very little to make signal more secure or private.

afroboy
6 replies
1d1h

How to you suggest to fight spam accounts without registering with a phone number?

drexlspivey
3 replies
1d1h

What’s a spam account anyway? If I create a new account per conversation does that count as spam? It puts exactly the same strain on Signal servers.

godelski
2 replies
1d

A spam account is a fake account that sends spam. Like Bitcoin bullshit. Platforms like signal, Whatsapp, telegram, and others have an issue since you can just message literally every possible number. One way signal handles this is by not identifying that you even have an account unless you accept the message. There's also rate limiting and other stuff going on. But I'm pretty sure you know that a spam account is. If you really don't I'd love to learn how you use the Internet because I'd love to learn how to avoid these accounts. Twitter and Gmail loves to connect me with spam accounts.

drexlspivey
1 replies
1d

How does signal know that account X is sending Bitcoin bullshit if the messages are encrypted? Also I see you have a Keybase account, Keybase doesn't use phone numbers, how do they solve "spam accounts" ?

godelski
0 replies
23h46m

How does signal know that account X is sending Bitcoin bullshit if the messages are encrypted?

They don't. That's not what I intended to say, sorry for the miscommunication. It's just a common spam bot I see on things like Facebook, Insta, Twitter, TikTok, Reddit, email, etc. But Signal can stop you from sending 100 messages a second. There are other ways to fight spam without needing to know any of the users or contents of the messages. A lot can be done from the minimal metadata that's required to perform communications.

Keybase doesn't use phone numbers, how do they solve "spam accounts" ?

I don't know but I'm not a security expert. So you probably shouldn't be asking me. But if you got any questions about ML I'm qualified to answer some of those.

I'm pretty sure a big reason Signal uses phone numbers is just because they built from Text Secure. It is also aimed at an audience less technical than Keybase's target audience. I mean Keybase is free and private but everyone still uses Slack or Discord. FWIW, Signal does write blogs about these things. So if you'd like to learn more I suggest reading those while you wait for someone much more qualified to answer your question. I think you'll get it answered much faster if you're less assertive. Or you could go the otherway and try the old tactic of confidently saying something outlandish and wait for people to correct you. But I think this is a more difficult method to get answers to a specific question. Your call though.

chrisnight
1 replies
1d1h

Why is the defining feature of being human the property of having a phone number?

Spam is indeed a hard problem to solve, but the issuance of phone numbers is not designed to be used as human identification.

vel0city
0 replies
23h51m

Maybe they're not necessarily going for "all humans that exist everywhere under any circumstances" but instead "humans likely to have access to a phone number which can sometimes receive SMS."

Not every app needs to cater to every single human and potential use case on the planet.

IshKebab
2 replies
1d2h

That was my first thought too. It's stupidly confusing to call something that acts nothing like a username a username. They clearly know that given the number of times they clarify how they work. Here's another:

Note that a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal. A username is simply a way to initiate contact on Signal without sharing your phone number.
XorNot
0 replies
1d1h

Because a regular person, being given not a number for something, is going to call it a username.

Later explaining "you can have multiple usernames" is easier then trying to undo that conception. People are familiar with it. Your username is how you identify yourself on the computer in every context when it's not obviously your phone number.

JoshTriplett
0 replies
23h45m

It's absolutely a username. It can be changed arbitrarily whenever you like, and you'll probably in the future be able to have more than one name for the same underlying account, but it's still a username.

Other services do this too. For instance, you can sign up for some services with an email, and that's what you use to sign in, and you might be able to find other people by email if they let you, but you don't necessarily get shown someone's email on their profile, just the display name in their profile. And (in a well-designed service) you can change your email address at any time.

vorticalbox
1 replies
1d1h

They are more like disposable per-conversation identifiers.

Why are then not just random when you go to the share screen.

No real reason to let a person pick it

vel0city
0 replies
23h53m

The point is to make it easier to verbally tell your friend "I'm vel0city23 on signal, add me" and have them actually remember.

sigmar
1 replies
23h51m

Doesn't seem "disposable per-conversation" in my reading of the announcement. Seems like a permanent username that just doesn't get featured in the conversation.

Your profile name remains whatever you set it to.
mjg59
0 replies
22h42m

It's not really permanent - you can change it as much as you want. Once someone has established a connection with you via your username once, that connection will still exist even if you change your username.

webdoodle
0 replies
1d

Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.

Agreed. I don't own a phone of any kind, and would love to use Signal, but alas I can't because you need a telephone number, or a level 65 Necromancer to do the magic to sign up without it.

* Magic: https://www.techbout.com/use-signal-without-phone-number-sim...

jraph
0 replies
1d

It does, because instead of having to share your phone number to Signal + all your contacts, you can share it with Signal only. It is an improvement. It doesn't address the case where you are not willing to share your phone number to Signal, but it addresses the case where you tolerate it but would like to discuss with someone with whom you'd rather not share your number.

I hope it will allow creating groups without forcing members to have their phone numbers shared with everyone.

godelski
0 replies
1d

Is it? On Twitter and discord people see a different name than my username. Username tends to be more for connection and display name for identification. While I get the argument I don't see why this is a big deal.

HumblyTossed
17 replies
1d3h

I'm a huge fan of Signal, but I'm disappointed that this still means that I cannot have the same account on two phones (work and personal).

nwsm
8 replies
1d3h

Would signing into Signal on a work device not negate most of the security benefits of using Signal? Genuine question; I am only vaguely familiar with Signal.

fsflover
5 replies
1d3h

You should be able to choose your own threat model.

growse
4 replies
1d3h

You can. There's a plethora of e2e messaging apps out there all catering to different threat models.

fsflover
3 replies
11h54m

Sounds like arguments from Apple fans: You trust Apple and do everything Apple way or go away.

growse
2 replies
9h2m

I'm no Apple fan, but "Don't use things you don't like" seems... perfectly reasonable?

fsflover
0 replies
8h48m

Too strongly opinionated networks are bad for the users, especially when network effects play a role.

HumblyTossed
0 replies
7h54m

I never once said "i don't like it." Don't put words in others' mouths.

izacus
0 replies
1d2h

No.

HumblyTossed
0 replies
1d3h

I'm not a CIA operative, so, I'm willing to take that risk.

Vinnl
5 replies
1d3h

The interesting thing is that it is possible to share the account on multiple devices, as long as only one of those is a phone. You can sign in to and chat from that account just fine on the desktop app, even if your phone is off.

(I guess theoretically you could run something like PostmarketOS on a phone to run the desktop app, but you know what I mean.)

busymom0
1 replies
1d2h

as long as only one of those is a phone

Do you know why this limitation?

Vinnl
0 replies
1d1h

Unfortunately I don't. If I were to guess, I'd expect it's just a matter of the engineering hours that would need to be invested not being worth it at this time, given how few people they expect to need it.

sgarman
0 replies
1d2h

Yeah, this is still my top requested feature. I have two phones, one is data only sim. I just want to be able to signal from both of them just like how I can on my mac and PC.

JoshTriplett
0 replies
23h36m

That's useful but not quite sufficient for this use case, though. The different devices currently have no way to sync chat history, so you'd lose all your old chats.

What I'd love to have is the ability to connect my phone and my laptop to the same Signal account, have them automatically sync chat history between each other, and then in the future if I add a new phone (e.g. because I've upgraded) my phone can sync from my laptop and get all of my message history.

HumblyTossed
0 replies
1d3h

My current work-around is just to use a group chat and have both work and personal accounts part of the chat. Fortunately, I only need to be able to chat with a few people (family) while off with the work phone so this isn't that big of a hassle, but it's something I wish I didn't have to do.

jcul
0 replies
1d1h

Yeah, would like this too.

Whatsapp added this recently and it is very convenient. You can link a companion device in the same manner you sign into WhatsApp web.

A kind of hacky workaround (that I used to use for both signal, WhatsApp and others) is to set up a server with matrix bridges running and bridge your signal, WhatsApp etc. so then you can install the one matrix client on all your devices.

But as most apps do support multiple devices these days, bar signal, it doesn't feel like it's worth the effort. And I seem to remember the signal bridge in particular being a little buggy.

imkh
0 replies
1d

I'm sure it will become possible soon. The code is already there on iOS, as the app also work on iPad, but hidden behind the internal feature flag [0]. Same with Android [1]. If your second device in an Android, you can already use it now with [Molly](https://github.com/mollyim/mollyim-android).

Also, WhatsApp recently added this feature, so the expectations from potential new users who switched is now there.

[0] https://community.signalusers.org/t/allow-android-ios-device... [1] https://community.signalusers.org/t/allow-android-ios-device...

v7p1Qbt1im
15 replies
1d

Nice. Now please finally give us iOS cloud backups before i break or loose my phone and years of conversations get evaporated.

harry8
5 replies
20h42m

Counterpoint:

I don't want backups for IM. I don't want my counter-parties to have backups for e2e encrypted IM. I don't want IM to last. Why record every conversation on your permanent record? It's nuts.

For me, having a searchable record of everything said defeats the whole purpose if IM and e2e encryption. I'm sure the NSA like it.

Reasonable people may differ on it.

Zuiii
3 replies
19h43m

I don't want my counter-parties to have backups for e2e encrypted IM.

That's not your choice to make.

harry8
2 replies
18h27m

Are you happy with anyone you talk to secretly bugging the conversation and transcribing it?

I don't want to be randomly assaulted on the street, also not my choice to make. Doesn't make it ok imho.

worez
0 replies
13h35m

what's stopping someone from just showing another person their phone screen with your messages?

int_19h
0 replies
15h23m

They can do that in any case if they want to, just by taking photos of their phone screen.

nikisweeting
0 replies
15h45m

Ok but I can already do it on desktop (and it's even easier on Android), it's only missing on iOS. So this point is kinda moot...

The encryption key is in cleartext on desktop and the SQLite db is right next to it: ~/Library/Application Support/Signal/config.json

infotainment
4 replies
23h50m

The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.

Sadly, from what I’ve seen in similar threads online, it seems the devs are opposed to backups in principle (they believe that chats should be ephemeral and backing up is antithetical to this).

jtriangle
1 replies
18h11m

Run a windows VM, install signal desktop, bob's your auntie.

infotainment
0 replies
16h42m

This is basically what I do, just replace Windows vs Mac.

Still, I feel it's much more inconvenient than it really needs to be; the correct UX is a button press.

nar001
0 replies
5h26m

The devs are working on a cloud backup solution so not quite true, but it's also the one thing that's keeping me from recommending Signal https://signalupdateinfo.com/news/cloud-backups.html

erichocean
0 replies
23h39m

The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.

"No one can read your chats, including you." — Signal

simonklitj
0 replies
1d

Just happened to me a couple of months ago. Cannot agree with you more.

laktak
0 replies
22h28m

You may be able to install something like https://github.com/mollyim/mollyim-android in the EU ... eventually.

gitaarik
0 replies
17h37m

Why iOS cloud backup? Why not a universal backup way, OS / cloud vendor independent?

JoshTriplett
0 replies
23h53m

I'd settle for full sync of chats between my own devices. If I can sync between my laptop and my phone, that's sufficient, since I already back up my laptop.

entropie
10 replies
1d3h

Is there a usuable desktop app existing by now, or still mobile use only?

enriquto
7 replies
1d3h

There is desktop electron app that works mostly OK (as far as electon apps go). Unfortunately, you need a mobile phone with the signal app to start using it.

Vinnl
5 replies
1d3h

I think (but don't quote me on this) that you don't need the Signal phone app to start using it. As long as you have a phone that can receive text messages, I think you can also enter the confirmation number into the desktop app.

vel0city
3 replies
1d2h

When my phone gets turned off I get a signal can't connect error message on the current desktop app. I don't know if that's just how my account and desktop app is linked, but that's my current experience.

Vinnl
1 replies
1d2h

Oh huh, that is weird - I can use Signal Desktop even with my phone turned off, that I am certain of.

vel0city
0 replies
1d

Actually, I retract my earlier statement. I just successfully sent a message on Signal while my phone was turned off. I'm not sure when that changed or if its different on other machines, but I've definitely seen the yellow warning of not being available to send messages on a different computer in the past month or two.

imkh
0 replies
1d

The Desktop app is definitely independent from your primary device, once it's been linked. The WhatsApp desktop app used to require a connection to your phone, but even they updated it recently to the same architecture as Signal, where each device connects directly to the server.

If you don't open the Desktop app for a few weeks though, there is a "syncing" step where it fetches the recent messages queue from the server (can't remember the exact number, might be the last 1000 messages or all messages from the last 30 days or something similar).

enriquto
0 replies
1d2h

You are probably right. But I'm so afraid to lose my message history that I'm not willing to do an experiment to replicate this.

myself248
0 replies
1d2h

Also, if you forget to open the desktop app for a few weeks, it breaks the link and you have to go get your phone anyway.

And it doesn't show any messages that came in on the phone during that time, so you're missing context and in practice you just have to use the phone for everything anyway.

windexh8er
0 replies
1d2h

There's been a desktop option since 2015. And the Electron based app since 2017.

baq
0 replies
1d3h

Depends on your definition of usable. It sends and receives messages and has been for years now.

bertman
10 replies
1d3h

If I'm reading this correctly, this also means that a person that already has my phone number in their contacts will necessarily be able to link my number to my username after they have scanned my QR code.

stavros
9 replies
1d3h

Not if you've selected to hide your number, looks like.

bertman
8 replies
1d2h

But will the other person really have two distinct chats with me in their list then? One with my username and one with my phone# ?

stavros
7 replies
1d2h

It depends on whether you want your number to be discoverable. In either case, they'll only have one chat, with your username.

bertman
6 replies
1d2h

Yeah, so they will indeed be able to link my phone number to my username, even if the number is set to "hidden".

This sounds unfortunate, but I guess there's no way around this as long as Signal insist on keeping phone numbers as primary identifier.

stavros
4 replies
1d1h

How will they be able to link your phone number to your username? They can't do anything with your number unless you choose to.

bertman
3 replies
1d1h

How will they be able to link...

By "link" I mean they immediately know what person the username belongs to iff they already had that person's phone number because the chat that is initialized after they scan the QR code is just the old chat being continued.

stavros
2 replies
1d1h

But if they have my number, why would I be worried that they know my username? The username is there so I can avoid sharing my number, not the other way around.

bertman
1 replies
1d

not the other way around

Exactly. I think that's important to know before people start giving out their Signal handles left and right because they think they're anonymous now.

stavros
0 replies
1d

Ah, that's what you mean. Yeah, if you want to be anonymous to Signal itself, I don't think that's possible. If you want to be anonymous to people, I think you can delete and recreate your account. I think that might do the trick.

jcul
0 replies
1d1h

I don't think this is the case.

If you set your privacy to nobody and someone saves your phone number, to them it will appear that you do not have a signal account, even if they start chatting with you via your handle.

ruffrey
9 replies
23h52m

Is there a way to keep your phone number private from Signal as well?

a_gnostic
4 replies
23h49m

This. And a way to pay signal anonymously? A workaround for some apps, is to have friends gift you support tokens.

thaumasiotes
2 replies
19h32m

Why do you want to pay them?

a_gnostic
0 replies
16h2m

I have found that web services, I don't pay for, either fail, or turn me into a product.

Being a product < Being a customer

YPPH
0 replies
15h55m

Why does anyone donate to positive social causes?

ddejohn
0 replies
21h54m

And a way to pay signal anonymously?

Heh, I donate monthly to the Signal foundation but still get the occasional notification in the app to do so. In some sense, I am paying them anonymously :D

infotainment
2 replies
23h49m

Agreed. It’s ridiculous that they’re even calling this feature usernames, since you still need a phone number, thus completely defeating the purpose of a “username”.

gitaarik
1 replies
17h33m

For most services to sign up, you also need an email address. This is also to help you recover your account in case you lost your password. A phone number can be used for this purpose too. Now you can share your Signal account with someone without sharing your phone number. Like you can share your Facebook username without sharing your email address.

freeAgent
0 replies
2m

Email addresses can be anonymous, though, unlike (for the majority of people) phone numbers.

RunSet
0 replies
17h53m
novia
7 replies
18h57m

If anyone wants to help me add the thinnest layer of security possible to the signal desktop app please reach out to me. It needs the option to use a pin to unlock, like, yesterday.

As it stands, if you let someone use your computer and you have signal desktop, they can see all your E2E texts. Desktop computer sharing is much more common than the devs acknowledge. Also there have been several high profile cases of federal agents squatting on a confiscated laptop, keeping it awake and eavesdropping on signal group chats without the other participants’ knowledge. See the evidence in the FTX trial as a recent example.

I'm a python programmer, and I have zero experience changing the internals of an electron app, but this is a big deal to me.

gitaarik
2 replies
17h39m

There is a universal way of fixing this for all your desktop apps: locm your computer. It works similar to locking your phone: when it's locked, you have to first unlock it with a password or something, in order to start using the decide and it's apps again. As long as it's locked, all your data is protected.

novia
1 replies
7h53m

Personal computers are big. They don't fit in your pocket. They don't lock when you hit a small button on the side. They are often shared. Your argument about locking down the whole computer is brought up every time someone wants this feature. The reality is, we want signal to be an application that anyone can use. Not everyone is a single male with enough income to have their own private computer.

gitaarik
0 replies
3h47m

So what about your mail client, team chat app, browser (with all your accounts logged in to your sites), terminal, and all your files and network mounts?

I would rather make this a feature of your desktop environment / window manager. Then you have this functionality for all apps, and the apps themselves don't have to make that functionality.

Edit: actually maybe what you're looking for is to have multiple accounts on one computer. Then every user has their own desktop environment with their own apps and data and apps are not shared among users.

jtriangle
1 replies
18h12m

If the feds have you device, they have everything, regardless of how hard you try to lock it down. Not worth even considering how to keep them out because you're simply not going to.

Also consider that, a sufficiently motivated private threat actor is likely going to break a pin, there's not enough entropy there, or they'll hit you with a $10 harbor freight pipe wrench until you tell them the pin.

For everything else, bitlocker, LUKS, or equivalent is more than sufficient and battle tested for those uses. Yes there are ways of breaking both, conditional on XYZ, etc, but, they're good enough. It does force you to multiboot, but that's good practice anyway, no reason someone using your computer should be using your root partition in 2024.

novia
0 replies
7h55m

Ugh. I shouldn't have even mentioned the feds. This isn't threat actor level stuff. The thing that bothers me is that if I let a non-technical user onto my computer to do something like write an essay for school, they might stumble upon some messages that should have been private. There's zero protection. That's why I called adding a pin the thinnest possible level of security.

RunSet
1 replies
17h57m

It might not please you to learn that Signal Desktop stores your messages in a trivially-read SQLite database. But it may prevent you from trying to lock the client with a pin.

https://www.alexbilz.com/post/2021-06-07-forensic-artifacts-...

novia
0 replies
7h59m

Basically, Signal Desktop is a gaping security hole. That's why I said only the thinnest possible level of security.

nalekberov
7 replies
1d2h

Oh yeah, privacy oriented messaging app requires phone number for sign up. Telegram has this feature for years already? It seems to me that they are positioning themselves as privacy saviours just because they are non-profit organization and their app is open source.

cl3misch
5 replies
1d2h

It is privacy with respect to government surveillance and the like. Not the kind where you mistrust your contacts.

autoexec
3 replies
1d2h

Not really the case with signal anymore. if you want privacy you should look elsewhere.

yreg
2 replies
1d1h

Care to elaborate?

autoexec
1 replies
1d1h

I posted links to a lot of information here: https://news.ycombinator.com/threads?id=autoexec#39445866

The TL;DR is that they collect and forever store sensitive data in the cloud, meaning that the US gov could almost certainly access that data and any other government could access any one person's data too just by brute forcing a PIN

autoexec
0 replies
11h2m

That link isn't quite right... if you scroll down enough you'll still get to the relevant bits, but here's a corrected link (I hope) https://news.ycombinator.com/threads?id=autoexec&next=394457...

miramba
0 replies
1d2h

Maybe in the US you don‘t need to mandatory register a phone number with a valid id, in most of the world you have to. If anyone can require the phone company to reveal your identity, it‘s the government.

nalekberov
0 replies
1d

BTW I am probably getting downvotes from Signal's fanboys who refuse to do their research.

bun_terminator
7 replies
1d1h

Signal is such a tragic story. They had it all during the great uprising against Whatsapp. Even my non-technical friends started switching to Signal. They were exploding, more than Telegram ever was. And then they added some crypto bs right at the height of their hype. Bummer, no second chances from me, and removed from all those friends phones as a direct effect. They blew it

GuB-42
2 replies
1d1h

Also, they removed SMS support way too soon. That it was also a good SMS app was one of their main appeal.

mynameisash
1 replies
1d1h

I used Signal as my primary SMS app until that capability was stripped. It meant that so many of my conversations were Signal-by-default. But now, by attrition, most my conversations are back in SMS. I also find that simple things like programming the date and time of delivery - which Google Messages has - don't exist in Signal. (Or if they do, I have missed it because I'm no longer there unless I have to.

I have SMS, Whatsapp, Signal, and Threema installed, and it's a hot mess of disparate networks. I hate it.

genpfault
0 replies
7h54m

programming the date and time of delivery

Long-press the send button.

scubbo
1 replies
1d

That _is_ a tragic story!

Thankfully, your experience is not universal. It's still the primary means of communication between me and the majority of my friends, technical and non-technical alike. I believe they've walked back (or, at least, not committed to) that crypto project - at least, I haven't heard anything about it in so long that I barely remembered what you were referring to.

I'm skeptical of crypto too, but this sounds like an over-reaction that is cutting off your own nose to spite your face.

bun_terminator
0 replies
1d

I mean it's an incredibly over-saturated market. There are so many of these apps, they're all the same. There's little room for such errors IMO. But I'm willing to accept that it might have been an overreaction

GaggiX
1 replies
1d1h

We probably live in a different part of the world, but where I live no one who is not very techy knows about Signal, it was never close to Telegram or Whatsapp.

bun_terminator
0 replies
1d1h

Germany. Lots of privacy-focused minds. It became a bit of a topic during that crucial time when Whatsapp had some kind of scandal going on. I don't even remember the details. It was a chance of a lifetime for them. Well, in the end these apps are really all the same. I don't mind any of them really

superkuh
5 replies
1d3h

Now that moxie is no longer there how about getting rid of the requirement for personally identifying phone numbers as IDs at all?

thrtythreeforty
4 replies
1d3h

Out of the loop: what happened to Moxie?

monetus
2 replies
1d3h

I hope someone corrects me if I am wrong, but around two years ago he backed out of any responsibilities (ceo) after he bundled mobilecoin into the app.

nlitened
1 replies
1d2h

Does it mean that he just cashed out this way?

monetus
0 replies
23h39m

That that was his intention is the impression he left, with people like me at least - a quick glance shows its price only went down after he stepped down. Who knows how much he has invested/made ¯ \ _ ( ツ ) _ / ¯ I don't hold it against him if he is a true believer. I feel like integrating it makes as much sense as Twitter becoming a payment processor, but hey.

evbogue
0 replies
1d3h

Moxie is currently completing New Year's resolutions that his friends have assigned him: https://moxie.org/stories/year-of-the-challenge/

hnarn
4 replies
1d2h

I just donated the minimum amount to Signal through the app (~$3), I encourage all other users to do the same, because every time a Signal article is posted it’s a reminder how dystopian IM would be if there was no realistic, privacy respecting option for ”normal people”.

It’s probably the only piece of privacy friendly software I’ve recommended to older relatives that actually stuck. It’s not fancy, but it’s solid, simple and does what it’s supposed to.

dylan604
3 replies
1d1h

well, technically, you donated ~$3 - 30%, yeah?

hnarn
2 replies
1d

what is your point?

dylan604
1 replies
20h58m

just bringing some reality to your humble brag

hnarn
0 replies
7h48m

How is it a “humble brag” that I donated three bucks to an open source project? The only reality here is that you’re acting like a fundamentally unpleasant person

teekert
3 replies
1d2h

I love signal but am just a tad disappointed, I was planning to finally sign my brother up via his PC (he refuses a smartphone).

I tried element, somehow that keeps kicking him out, or I need to validate new sessions or something.

Vinnl
1 replies
1d2h

Does he have a normal phone number? I thought you should also be able to receive a confirmation code there from the desktop app.

bonton89
0 replies
1d1h

No idea about signal, but I haven't encountered any recent verification that worked on anything but a non-VoIP mobile number. My landline is useless for this and it isn't even VoIP.

fsflover
0 replies
1d2h

Ask for support on Matrix forums or rooms. Worked for me.

nabaraz
3 replies
1d

Most of the use-cases for requiring a phone number to sign up for a service e.g. Twitter, Signal seems to be to avoid spam. Atleast allegedly!

What alternatives can be used instead, something that is easily accessible/available to the general public but not easy to obtain to create mass users?

jonasdoesthings
2 replies
1d

Instead of heavily limiting account creation, Discord for example limits the possibility to message users outside of your network by default. Only people you have added as friend or you share a server with are allowed to message you by default.

For signal that would be harder to implement since it's more focused on 1o1 chats instead of groups, maybe if spam gets out of hand they could use a grey-listing approach like Instagram does where users outside your network get moved to the "message requests" inbox by default.

Nuzzerino
1 replies
23h52m

Discord, while overall better than Telegram for privacy, will flag your ip / device / identity and require a phone number for new accounts if you do something like use a message archiver to back up conversations. Took me years to get the block removed (but not for my work account). It was a privacy nightmare for me and when I had to get an account for work I had to sign up for an additional cell phone service, which cost me thousands to this day.

I’m still nervous about making new accounts in case it triggers some process to lock me out of my one account that I don’t have a phone number for. I couldn’t join the baldurs gate 3 discord to find people to play the game with because it required a phone number on the account, which I was already forced to use for my work account.

On the other hand, I’m glad they actually do enforce their rules, unlike Telegram (which is a haven for scammers, pedos, radical communists, open market drug dealers, and terrorists, not to mention the soul-depleting interactions I’ve had overall with chat rooms there)

nurumaik
0 replies
20h56m

Discord, while overall better than Telegram for privacy

Sorry, what?

arichard123
3 replies
1d2h

I once did work for a UK politician and got a notification when they signed up.

hnarn
1 replies
1d2h

So?

arichard123
0 replies
1d1h

Well I don't think I should be told what apps they use

WolfeReader
0 replies
1d1h

Good choice on their part.

__rito__
3 replies
17h1m

I guess I will be uninstalling Telegram, now.

It was great, then it focused on monetization at the cost of other things.

I still kept it because I could simply share an handle and talk with strangers over the internet on my phone/laptop. There won't be that need anymore.

I hope this feature puts pressure on Whatsapp to implement the same.

risyachka
2 replies
16h56m

Telegram's biggest investor is Russia's sovereign fund.

So I'd argue monetization here is not a top issue

__rito__
1 replies
11h26m

Honestly, TG was the most convenient messaging app that I had ever seen.

I used it for the convenience.

Until they focused all their energy, time to monetization features. The quality of rest of the app began to deteriorate.

CaptainFever
0 replies
5h54m

To be fair, they had to make money somehow. I'm happy that they're trying to be financially sustainable.

Razengan
3 replies
1d2h

Ol' MSN Messenger, back in 4000 BC, had solved everything already.

All of the current messaging apps are spyware in one form or another.

Why can't they function without access to the entire contacts list?

zelphirkalt
0 replies
1d2h

Not sure if DeltaChat or Briar require access to contacts. Maybe those could be good for you?

tapoxi
0 replies
1d2h

Signal doesn't store anything about your account on the server except last login time and when you registered. It doesn't store a contacts list, so it used your own, assuming you granted it access to do so.

Contrast to MSN, which kept your contacts on the server, as well as information about your account, groups, your plaintext messages, etc.

ThePowerOfFuet
0 replies
1d1h

Signal has never had access to my contacts and works perfectly without it.

EastSmith
3 replies
1d2h

When they announced usernames I thought I will be able to install Signal on my TV desktop (linux) and send / receive messages from to it (links, files, etc).

Now that I know it still needs phone number I assume it will need to be unique so my use case fails.

For the record, I am still a happy Signal user and a monthly supporter, thank you very much.

tapoxi
2 replies
1d2h

There's a contact in Signal called "Note to Self" that you can use for this.

hnarn
0 replies
1d2h

Just hair splitting obviously but I don’t think it’s really a contact, it’s just what the recipient shows as when you send something to your own number.

WolfeReader
0 replies
1d1h

I use Signal this way too. It's great for small messages and files. For larger files, you'd want SyncThing.

shp0ngle
2 replies
1d2h

This is the interesting part. For me.

Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account.

The "no longer associated", I will need to get Signal word for that, right. (You cannot cryptographically prove something was deleted, right.)

But it's good enough I guess

smt88
1 replies
1d2h

You shouldn't need to cryptographically prove that an old username is unavailable. You should be able to simply send a request to Signal servers asking if it's available and receive "no" as a response.

You'd have to take their word that this wouldn't change, though.

shp0ngle
0 replies
13h23m

Yeah but they can remember forever which real person had what username.

gtvwill
2 replies
1d2h

Went for IT job with Intel gov mob. Got asked to use signal for interviews. Can't trust signal anymore. Definitely backdoored.

atoponce
1 replies
1d2h

The source code is open source. Please point to the lines of code where the backdoor exists.

gtvwill
0 replies
16h52m

Source code is open source doesn't mean squat for safety. Have you audited the code? Do you have the skills etc required to prove its not backdoored?

Because I know I don't have that skill set or time. I do have however some big fat red flags on using it because it was opted for by an entity whose entire existence is based around backdoors and spying.

Honestly i find it absurd that some folks say just because something is open source it's automatically safe. The vast majority of us whether the project is open source or not lack the skill or capacity to pick up on a well obfuscated hole. Hell even the best of us aren't that good.

gigel82
2 replies
1d2h

All I know is since they introduced this feature I received 4 spam messages about crypto, whereas in the past several years I received 0 such messages. Overall a net negative for me.

contact9879
1 replies
1d2h

You mean in the hour and a half it's been released...?

gigel82
0 replies
1d1h

No, this happened over the past 2 months. I've received messages from accounts with female first names without any phone number (and obviously not in my address book). I suspect they were testing the username feature pre-release and bad actors already started taking advantage of it.

It's 2 swipes to block and delete but a problem I never had to deal with before on Signal.

wackget
1 replies
6h54m

you will still need a phone number to sign up for Signal

Guess I'm not signing up for Signal then.

Seriously though - this has always bothered me. They build the "most private" communications service ever, yet require one of the most identifying pieces of your information in order to use it.

If I didn't know any better I would swear it was a surveillance honeypot.

berkes
0 replies
6h21m

But now that you "do know better", what's holding you from signing up?

seany
1 replies
20h27m

This does not matter _at all_ until phone numbers aren't required.

c0pium
0 replies
16h6m

Of course it matters. One extremely frequent complaint about Signal is that you have to give out your actual phone number to use it, and anyone with your number can determine if you use it. This cuts off both of those.

redder23
1 replies
1d1h

Took WAY too long. And you still need a phone number to sign up. Wire (that uses the Signal Protocol and also has video chat never needed your phone number AFAIK)

Also, Signal loves to claim how secure it is, but they will never dare to tell you that participating in the Android and mainstream mobile systems nobody is secure. Especially not on Google Play. If the government wants to spy on you, they WILL! It does not matter if they can't decrypt your messages because they will be sucking the data right off your phone with invisible screenshots and AI transcribing the text or by other means like key logging. There are people who claim Pegasus does not even need you to click on some link anymore, all they need is your phone number. And Pegasus is for sure not the only thing out there.

Signal and others create the illusion of privacy, there is no privacy on any smartphone with any kind of mainstream OS. Probably not even on the "hardened" de-googled Android forks.

baq
0 replies
1d1h

You have a different threat model than most of us. Get an iPhone and turn locked down mode on or don’t is a phone at all.

petre
1 replies
1d

Did this roll put? I have the latest version but no Phone number under privacy settings.

avarun
0 replies
19h27m

Only in the beta client for now.

nikolay
1 replies
19h9m

It's a terrible choice to use something that Discord has abandoned - this numerical suffic is disgusting!

kvirani
0 replies
19h6m

Maybe with something like instant messaging vs community platform it's justified? Unclear myself tbh

newscracker
1 replies
16h52m

I like the concept of Signal usernames not being public either, and that they’re only a means to tell others how to find and contact them. I can’t wait for this to be rolled out.

It’s not clear to me if it’d be possible to prevent the “contact joined Signal” messages if someone else has the phone number in one’s contacts. That would be a huge thing.

For a little more historical context, with this change Signal has now solved the problems that became widespread during the protests in Hong Kong in 2019 — someone else (authorities) adding random phone numbers to their contacts list, opening a chat app (such as Signal or Telegram) and finding if that person uses that app. Telegram solved this swiftly by adding more privacy controls, [1] while Signal had other priorities.

[1]: https://www.reuters.com/article/idUSKCN1VK2NC/

Psychotherapist
0 replies
15h30m

There's new phone number privacy settings for "Who can see my number?" and "Who can find me by number?", both having "Everyone" and "Nobody" settings. I assume disabling both should stop it from messaging people, although not sure if you can set it quickly enough after registering.

mikece
1 replies
1d2h

Small step in the right direction but I want to be able to SIGN UP with a username and no phone number. Wake me up when that happens.

yreg
0 replies
1d1h

Ok, which alternative would you prefer? A government issued crypto birth certificate proving you are an actual human?

Or sama's crypto eyeball scanning thing? (WorldCoin?)

mekoka
1 replies
1d3h

I'd willingly provide a copy of an official ID to rid my Signal and Whatsapp accounts from the phone number. I mean, if it's good enough for the mobile company, why not just skip the middleman?

cl3misch
0 replies
1d2h

I figure the verification process is pretty expensive.

lkdfjlkdfjlg
1 replies
7h35m

So this Moochie Spike guy used to tell us how great for the users it was that Signal required a phone number. It's best this way because of X Y Z.

What happened to those arguments now? Were they bullshit this whole time?

HumblyTossed
0 replies
7h31m

The way this is implemented, has this changed his arguments?

lencastre
1 replies
23h58m

My favorite feature from Threema now available on Signal. Next up… please make it easier to transfer databases between mobile phone upgrades, I’m looking at you iOS version.

Still I would love that this feature generated QR codes without the unique disposable username in human readable form.

lencastre
0 replies
23h25m

Still I would love that this feature generated QR codes without the unique disposable username in human readable form.

johnchristopher
1 replies
22h32m

I wish the regular HNers who have a beef with Signal would make a webpage or something with their points, some eli5 and their sources. They fuck up every Signal threads and are vocal but even if they are right their mannerisms and holier-than-thou attitude and "don't you know that ?" mantras is really getting old.

cqqxo4zV46cp
0 replies
22h27m

It’s privacy purists. Every service that exists on the internet has to put their goals and desires above all else.

fsflover
1 replies
1d3h
dang
0 replies
1d

Thanks! Macroexpanded:

Signal v7.0.0 with phone number privacy - https://news.ycombinator.com/item?id=39413417 - Feb 2024 (107 comments)

everdrive
1 replies
1d1h

The only killer feature I really want is the ability to use Signal without it being tied to a phone.

sneak
0 replies
1d

Spammers want this, too.

dbg31415
1 replies
1d1h
tamimio
0 replies
21h48m

Ha! I didn’t even know that! case’s closed.

I know some people defend Signal out of ignorance or loyalty, but I suspect there are some paid shills for Signal now. I don’t see how anyone with a bit of security awareness (which is the reason to use Signal instead of whatsapp) can justify using a phone number as an ID in 2024..

crossroadsguy
1 replies
21h38m

People who have your number saved in their phone’s contacts will still see your phone number since they already know it.

I know this is great and groundbreaking seemingly. And that it was and more was already there in Telegram, for years.

This is just unfortunate if it has been implemented like Telegram and it seems it has.

I should be able to dictate that “if I initiated communication” to “username” or “from my username” my phone number should not be linked to it even though the other person has my phone number in their address book saved, because that doesn’t mean they are a friend or even if they are I might not want to know that or chat outside the username.

I will try to access the beta (pretty sure it’d be full by now) and test how it goes but I hope it has not been implemented like Telegram after taking all these years.

Though I like that they have essentially nuked vanity username rush and grab in the bud. Kudos.

22c
0 replies
21h19m

This is just unfortunate if it has been implemented like Telegram and it seems it has.

Yes, agreed. This doesn't stop an adversary who knows your phone number and identity (such as a surveillance state) from linking communications under your username with your real identity.

It just means that people don't need to give their phone number to someone just so they can communicate via Signal.

I think this can lead to people having a false sense of security.

codethief
1 replies
18h26m

Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts. [Footnote: Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with.]

(emphasis mine)

Couldn't Signal just brute-force all possible usernames in order to connect them with their accounts?

All in all, it seems usernames are just as public as anywhere else and the encryption part sounds like snake oil. Ok, maybe once more they try to protect the username table (or its equivalent in the zero-knowledge proof algo) from getting probed too often by means of an Intel SGX enclave or something, but I wouldn't want to trust SGX either.

contact9879
0 replies
18h19m

usernames are between 3 and 32 characters long with up to a 9 digit discriminator at the end. ~200 bits

aes starts at 128 bits

Shank
1 replies
1d1h

If you select “Nobody,” the only people who will see your phone number in Signal are people who already have it saved to their phone’s contacts.

Can someone explain how this doesn’t leak information? If I add someone via username and I randomly guess their phone number, does Signal leak it after the fact?

jcul
0 replies
1d1h

I was wondering about that too, I think the wording is just a little confusing.

Further down it says:

Selecting “Nobody” means that if someone enters your phone number on Signal, they will not be able to message or call you, or even see that you’re on Signal. And anyone you’re chatting with on Signal will not see your phone number as part of your Profile Details page – this is true even if your number is saved in their phone’s contacts.

So I think what they mean is if you've been chatting with someone before this update and they have already linked your phone number and signal account then setting to nobody won't revoke that.

However if you initiate a chat with someone new using your signal handle, even if they have your phone number stored, they won't know it is you.

Otherwise it seems like it would be easy to brute force someone's phone number!

zolbrek
0 replies
1d1h

Joe Rogan has no reason to complain about Signal now.

witx
0 replies
12h18m

Private from whom? I still need to give my phone number to create an account. So.. no.

uconnectlol
0 replies
8h0m

i didn't get why any phone number is involved when this software was released, and now it's gone. i safely avoided even bothering to learn of whatever false conundrum these San Fransisco, Twitter scene people had in mind.

ubermonkey
0 replies
5h29m

Don't you still have to give Signal your phone number to sign up?

toastal
0 replies
14h29m

Great start. Now can I have an account without using the Apple/Google duopoly mobile OSs (especially since Signal doesn’t support UnifiedPush to get some of the leaked metadata for notifications from Firebase, but at least the Molly fork supports this), or a desktop program that isn’t Electron, or allow decentralization? Why should I have to own a phone? Why do I need to run an entire browser for just a chat app when XMPP & Matrix do fine from web to native to TUI? When will I be able to run my own server?

subarctic
0 replies
1d

Has anyone figured out a way to copy your chats from android over to ios yet? I switched phones recently and don't want to lose my old messages, so I haven't moved signal over yet.

snambi
0 replies
1d2h

This is fantastic.

smithcoin
0 replies
1d1h

Random aside: I saw the title and before reading it wanted to try and claim mine. I went on my phone, and this page was not even on my first google results page when I searched "how to use signal usernames", nor was anything remotely related to either topic.

I was tired of reading all the comments on here about how 'google search' is terrible, I now believe it and will be looking into all the suggestions here.

skeptrune
0 replies
1d2h

I am very excited about this

shireboy
0 replies
9h13m

People who have your number saved in their phone’s contacts will still see your phone number since they already know it.

Does it defeat the protections then to add a range of phone numbers in contacts and harvest username/phonenumber combinations?

saos
0 replies
1d

Telegram has had this for a while no?

sampli
0 replies
21h39m

Smart that they force users to add 2 numbers to the end of the username to avoid “high end” usernames. I wanted to grab my first name but ended up with firstname.01

rustcleaner
0 replies
18h46m

signal

Hide-Your-Number(tm) option!

still need a number

LOL just install Session and SimpleX (and, for 'droid Chads: Briar). If P2P voice/video skeeves you then get mullvad or proton or something vpn. Why is it the normie will do all kinds of torturous steps like phone and identity verification to install instacoom...

... but they just refuse to install Session and copy/paste an identifier to add contacts (assuming non-locality, else there's QR), complaining it is "too hard whine mew!" Normies make dragnet surveillance so easy!

p4bl0
0 replies
1d

This new feature was already discussed here on HN a few days ago if some of you want to read the previous discussion: https://news.ycombinator.com/item?id=39413417

neycoda
0 replies
17h28m

Wow why did this take so long, this should have been step 0

matt-attack
0 replies
20h53m

Phone numbers are fast becoming a global, persistent, shared user identifier across applications, business, and government.

Think of how many systems innocently ask for phone numbers as a hard requirement for account creation (under the guise of DFA). Think of all the restaurants that innocently ask for it “so we can text you when your tables ready”, or when you buy a shirt at Banaba Republic, “can I get a phone number”. Like seriously, WTF?

In reality it’s now the defacto method to identify and reconcile your records across ecosystems.

Apple needs to create throw away phone numbers like they’ve successfully done with email addresses. I expect this to be their next iCloud+ offering.

latexr
0 replies
3h13m

A username on Signal (unlike a profile name) must be unique and must have two or more numbers at the end of it; a choice intended to help keep usernames egalitarian and minimize spoofing.

Interesting choice. I’m guessing most people might just use the last two digits from their birth year, to make it easy to remember.

krick
0 replies
22h56m

New default: Your phone number will no longer be visible to everyone in Signal

I just laughed reading this. I never used Signal, for obvious reasons, so I wouldn't know, but was it really the default? And people were using it as supposedly private messenger? That's unbelievable.

konstantinua00
0 replies
9h57m

...can we keep our phone numbers private by NOT HAVING THEM REQUIRED AT ALL, please?

k8svet
0 replies
1d1h

First, it is a mistake to call these usernames. Second, it's a big mistake because this is a cool feature.

It's interesting to compare this feature to Session, where you also have randomized identifiers, but they identify you globally, and there's no way to give someone a handle to you that isn't linkable to other conversations. It sounds like Signal now offers that, which is actually the first time I've been intrigued by Signal.

juliangmp
0 replies
11h14m

Glad to see them using a name + some numbers scheme here. I immediately rushed to reserve my username but found out I didn't need to. Oh well now have the .01 suffix

jmakov
0 replies
13h45m

What's the point of Signak if they're still leaking metadata?

jliptzin
0 replies
17h42m

What a revolutionary concept

heavyset_go
0 replies
1d1h

You still need a phone number to sign up.

happymellon
0 replies
15h5m

Does this mean I can create an account without a phone number yet?

greenie_beans
0 replies
5h4m

will this let you recover your account if you no longer have a smartphone? bc that's some bs

geniium
0 replies
1d1h

Love what you guys are doing. Great jobs Signal!

I have always wished to integrate a similar method in our phone first booking solution to keep the number private beetween host and particpant.

Very inspiring!

fatkam
0 replies
20h37m

Do you still need to give your phone number to Signal to signup? Fucking ridiculous that you have to when it's not really needed.

enriquto
0 replies
1d3h

Oh, please, stop already with this phone number nonsense. I want to use signal from my computer, without need for a mobile phone at all. (Also, to be able to easily synchronize history between different computers).

dns_snek
0 replies
9h37m

Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.

This sounds terrible. Are they saying that your phone number will still be visible to anyone running an unofficial app, even if they didn't have it before?

Is it enforced by the protocol or is the number just "hidden" by the official app?

daneel_w
0 replies
1d

So? Let us know when we can finally register and use an account without giving you our mobile phone numbers.

dakiol
0 replies
11h15m

MSN?

chipsdip
0 replies
22h24m

WTF is this crap. I am using old-fashioned mobile phone with keyboard. How do I sign up for Signal???

binkHN
0 replies
1d1h

A username on Signal ... must be unique and must have two or more numbers at the end of it; a choice intended to help keep usernames egalitarian and minimize spoofing.

Amen.

alexnewman
0 replies
9h50m

The whole idea that anything on your phone is private is laughable. Private to who? To hackers? To the FSB? The NSA? Phones are all easily hackable for one. Real privacy cannot be achieved on the spy device in your pocket.

What this does is provide a casual level of privacy. It gets us parity with the phone number hiding in tools like telegram.

Pxtl
0 replies
23h43m

The whole "your phone number is your user ID" was always the dumbest trend in instant messaging and I have no idea how it caught on.

KomoD
0 replies
6h12m

I've been waiting for this for so long

KingOfCoders
0 replies
1d1h

The examples are iOS? My Android version looks like a totally different app?

DarkmSparks
0 replies
19h50m

Nice. Still not going to be giving them my telephone number tho.

CptMauli
0 replies
1d1h

over 200 comments and not one mention of Threema, come on!

1vuio0pswjnm7
0 replies
1d