Keep your phone number private with Signal usernames

... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.

The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).

Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.

To me Signal is in the business of collecting metadata and nothing else (for whom, that is a good question: probably some three letter agency).

What they need it for is simply that it's the way the system has always worked, because Signal started life as an encrypted replacement for SMS. The point was that you could switch from the standard SMS app you were already using over to Signal (which was called "TextSecure" at the time) without having to change your habits, because sending messages to people's phone numbers was simply what people did then. There's nothing nefarious about it.

The claim (which generally I'm inclined to believe) is that requiring a phone number drastically increases the cost to sending spam. That in turn drastically reduces the spam amount.

I haven't seen a phone booth in Europe for the last 7 years.

wouldn't the next bloke using the booth for same cause get the whole account?

… never need the phone number again

What if I lose my phone and want to login again on a new one. Don't they send a verification code to the number again?

Damn, people will never be satisfied, will they. It's not meant to be an anonymous messenger, because those have spam issues.

I could certainly point out the differences, but the fact that you yourself aren’t acknowledging them indicates to me that you’re throwing intellectual integrity out the window because this product doesn’t work in the way that you want it to work. Engineering is about tradeoffs, and not every company serves to build something that does exactly what YOU want it to. I prefer Signal the way it is. I understand the tradeoffs.

no data collection to share nothing with governments who seek for data,

That isn't true anymore and hasn't been for years. Signal collects your data and keeps it forever in the cloud.

If we take privacy issue, it can be divided into 3 segments:

This sounds like a bunch of bullshit.

I just don't want my metadata (contact graph) hoovered because I send a (encrypted) message to someone that may be an over sharer on FB, etc.

I use Signal because I am a "nothing to hide and I like to own my privacy as much as possible" type online person.

Signal == more peace of mind just generally in this online world we have.

1,2 and in part 3 were already fixed with the Signal FOSS fork back then, but Moxie and his army of lawyers decided to send out multiple cease and desist letters against those projects. Which, in return, makes Signal not open source, no matter what the claims are. If they don't hold up their end of the license and argue with their proprietary (and closed to use) infrastructure then I'd argue they are no better than Telegram or WhatsApp. Signal's backup problem is another story which might blow up my comment too much.

Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.

But it has huge potential as both a messenger and a federated and decentralized platform.

But for solutions, can't you just buy a voip number?

No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.

Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.

So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?

I don't know anyone who buys a phone with cash except international students.

Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.

It wasn't always like this - the requirement to give your ID to get a SIM card, as you noted, was only introduced in 2017 (though it certainly feels way longer ago for me).

Anyways - why does nobody care?

Simple: most don't feel this being an issue.

Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(

On the flip side, SMS fraud is almost nonexistent from German mobile numbers, which is why scammers just send from other countries to German mobile phone owners. Mostly from France.

Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation

That's the entirely wrong cause and effect.

The obvious root cause are a world war and the DDR.

This is the case in most countries these days. There are very few places left where you can get a mobile phone number without identifying yourself at some point.

same in my country.

I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.

both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.

there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.

It's a voip service isn't it? Those numbers will not work with many online services and even some more obscure normal providers.

There are many countries where it's completely impossible to get a burner phone.

in a world where iOS users won't install another free app from the app store because they already use iMessage, matrix is like asking for your friends to perform calculus just to talk to you.

The reason Signal is successful is because it at least somewhat reliably works, while Matrix is the worst of fiddleware.

https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.... explains why Matrix is lacking market share, and I think Signal's decision to be aggressively closed is due to a justified fear of becoming that.

They don’t and can’t disallow third party clients. The client is GPL.

I really like the idea of federation, but I haven't seen it be successful in practice. I can't think of a federated service that isn't also highly centralized. This was a big problem for cryptocurrencies and it's not like email isn't almost all Microsoft or Google. Mastodon has been struggling as well.

While I think there are better services to be private and secure from a technical perspective, there's one killer security and privacy feature that Signal has that on one else does: usability. It's pretty hard to get my grandma onto Matrix, but it isn't hard to get her on Signal. The truth of the matter is that you can't have private and secure conversations if there is no one on the other side. So while I really do like Matrix and the like, I think of them as more alpha or beta type projects. I don't find that the bashing of Signal is helpful (like we also do with Firefox) because all it does is creates noise for people that don't understand the bashing is coming over a nuanced and biased point of view (we're mostly highly tech literate here on HN, it is a bubble. But people still read our comments that aren't). End of the day, if we aren't getting 1 click server installs (or literally everyone is a host), federated systems are going to become highly centralized at some point. PGP's always failed because the easiest way to hack a PGP email was to reply that you couldn't decrypt. It wasn't appropriate for the masses even when it wasn't difficult to use. Don't get me wrong, I love Matrix, but it's got a long way to go to get mass adaptation.

Fwiw, I remember a user awhile back offering a bounty for a decentralized pathway in Signal[0]. The idea was to create an AirDrop like system to help with things like local file sharing but then extend the project forward to create a mesh network. Seems like a reasonable idea to me. I think it may be more advantageous to try to push Signal in the right direction than rebuild from scratch. I'd highly encourage people with other opinions to participate in the Signal community because it is a crazy echo chamber in there and for some reason the devs treat it as a strong signal.

[0] https://community.signalusers.org/t/signal-airdrop/

We really should convince Moxie Marlinespike to push the implementation of an out-of-the-box working bridge between the Signal client and the Matrix network. With e2e encryption, of course.

Just because a project is open source doesn't mean everything the team works on or releases will be in the public eye, nor does it even imply that it has to be open source as well.

Signal has its problems, some of them sever. It's also buying "us" much needed time to build out federated and self-hosted chat platforms.

I truly believe they are altruistic, although it is unrealistic to expect that to last forever.

By the way, some of the claims you made about their "bad actions" are actually false. And Matrix is still incredibly annoying to work with for "normies" and only recently got first-class E2EE and retention policy, both things needed for a secure chat experience. And btw, those things aren't deeply supported in the ecosystem, and also it doesn't have client feature flag alerting (to allow good intentioned clients to de-facto report they don't support certain security features).

I do think Matrix (or something like it) is the future, but it's certainly not the present.

XMPP cries in a corner. I wish XMPP had more accessible (to the general public) desktop clients. Conversations is great, but speaking from experience, people aren't going to want to use Gajim because it looks like it's ten years old (even though that's a good thing ;). XMPP needs better clients in general. The last time I used Profanity it had very annoying bugs about sending and saving OMEMO encrypted files.

I agree about the passing utility of Signal [0] but Matrix (which I do use) is a barely adequate dumpster fire. They spent all this effort developing a generic synchronization protocol, but yet didn't include native encryption in 2014 and had to bolt it on as an afterthought? And the last time I tried to find a native client it seemed like they were all still using web engines for rendering (inherently slow and insecure), presumably because the markup is too complex to make straightforward native apps.

[0] I don't even use Signal. My tack is to isolate and contain my "mobile phone" device as much as possible (when I'm home it generally stays next to the door on a charger). Whereas Signal has been designed around that single device as a critical part of my life. When I can sign up using only a username, and use Signal from a native client or web browser without any sort of Android device in the picture, then I'll be interested.

Matrix?! As someone who runs is own Matrix homeserver, oh, man, no way. Matrix is super fiddly, unreliable, and user-unfriendly (and I say this as someone who has at times agreed that Signal can be user-unfriendly).

Matrix also is just not particularly private. Servers control and know far too much about users, and pretty much no mainstream client enables E2E encryption by default. Matrix is an impressive piece of technology, but it has a long way to go before it's as usable for an average mobile phone user as Signal is.

Easy to use is important and it's a shame that you're downplaying that. More accessible than PGP/OTR? Sure. But maybe by a hair's width of an alligator's back.

If I am working with a source who gets frustrated by the impenetrability of communicating with me because I insist they use matrix while they're not technical and likely impatient, then that person will be much more likely to use a fallback method such as SMS or email, and they'll do it without warning. It's legal risk, period. My job is to make sure that they can share information with me as easily as possible and during a particularly sensitive period of that person's life, usually. Matrix, as a sibling post highlighted well, is too difficult for this use-case. That is an enormous failure for a use-case of sensitive information sharing.

Whatsapp message content can be pulled via a subpoena along with a lot of other private data. Signal's can not.

FBI doc on what messaging apps can provide via subpoena pulled by a FOIA request...

https://propertyofthepeople.org/document-detail/?doc-id=2111...

WhatsApp does not provide real encryption - all the metadata is unencrypted!

1. Facebook owns WhatsApp and uses it to collect data about people, such as who they communicate with, how and when. They also know about many of the websites you visit and what you do there. They know everything you do on Facebook, Facebook Messenger and Instagram. They buy mountains of data about us from other sources. By analysing all of that data they can probably do a reasonable job at guessing the content of your WhatsApp messages.

2. WhatsApp tries to get every user to accept the option to backup messages and photos to Google Drive, where they sit unencrypted and accessible by Google. Even if you reject that option yourself, your correspondents are likely to have enabled it (if only just to stop WhatsApp from nagging about it) and so your messages are available for Google to read. Example of why this can be bad: https://www.vice.com/en/article/zm8q43/paul-manafort-icloud-...

3. Google Photos asks WhatsApp users if they'd like it to back up their WhatsApp photos. Even if you reject that option, your correspondents may have enabled it and so your photos are stored online unencrypted and accessible by Google.

4. Why should we limit what Google and Facebook know about us? Google and Facebook influence our behaviour for the benefit of their paying customers. Their computer systems are too powerful for our minds. They work against us, not for us. Companies like Facebook will come to be seen like tobacco companies, except that the harm is as from mind altering drugs. There is a documentary on Netflix called The Social Dilemma which explains this well. The polarisation of societies and the spread of conspiracy theories are some of the effects. The only defence is to disengage.

5. Read about Chinese-style social credit to understand why you want companies like Facebook and Google to know as little about you as possible. This is a good overview: https://nhglobalpartners.com/wp-content/uploads/2021/10/chin...

Whatsapp only e2e encrypts message contents. The only thing Signal knows about you at any given time is the time of account creation and the date of your account’s last connection to Signal servers. That's tied to your phone number. They don't know who you chat with, the contents of those messages, your phone contacts, anything.

I'd get a chuckle out of comparing that with the privacy of Whatsapp.

Again: Metadata. WhatsApp records a timestamp of every message you send/receive, and who the other party is. Signal only records two pieces of metadata: timestamp of when you signed up, timestamp of the last time you sent a message.

My 2¢, as someone who tried using WhatsApp once and ran away screaming:

WhatsApp requires you to give it access to all your contacts (your entire address book) in order to use it at all. This information is uploaded straight to Facebook’s servers where they’ll inevitably use it to place your WhatsApp account in a social graph so they know who you are based on your contacts. I found this to be unacceptable so I uninstalled it.

Even if all the other things sibling posters mentioned didn't exist, the simple fact that Whatsapp is owned by Meta and Signal is not... well, that'd be enough for me.

No data sharing with FB

People who subpoena Whatsapp know who your friends are.

It encrypts your metadata (the most important data) and doesn't use it to manipulate you. It's a non-profit. And now you can use it without exposing your phone number to other users.

As far as I'm aware, everything is open[0]. Only issue I know of is that the server code isn't consistently up to date and you can't run your own. But you can compile the app and desktop clients yourself. I guess there's also the issue of reproducible builds but AFAIK this is a play store issue and doesn't seem that problematic since you can compile from source. I mean they even have a commit from 4 days ago for the Android app.

[0] https://github.com/signalapp

If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.

Isn't the source code available? What's preventing you from compiling your own copy?

Here u go

https://github.com/signalapp/Signal-Desktop

I believe signal is completely open source...

old Mac

older OSX

How old OSX are we talking? Is it older than current Xcode with Sonoma supports? If it's that, then you have your answer. If you want to daily drive and older machine Linux or even Windows should be fine, but this is not really the way with Apple hardware - if it was, Xcode would make this easier for the developer. For reference, you can still build for Windows Vista using current Windows 10 SDK - I haven't tried Windows 11 SDK, so not sure how things are there.

WhatsApp has this feature and it drives me nuts. My roll is full of crap people (especially chat groups) send me and I have to clean it up every now and then. I surely hope Signal doesn't do this and keeps the current approach of allowing users the option to download the images they want, when they want.

I actually like it this way. Occasionally (not always, which is even more confusing), images from random Whatsapp conversations ends up in the Android equivalent of my camera roll, and it annoys me to no end.

My camera roll is for photos that I have taken. If I want to put something from someone else in there, that's a decision I will pro-actively make. Other apps shouldn't be doing that for me.

They have a community forum with a feature request system. Though I'll admit it's a big echo chamber there. But every new user adds a new voice and I can't see how that isn't a good thing.

Fwiw, I want this feature too. And others. I've submitted feature requests in the past. I even asked that usernames add QR codes and links. I'm not sure if I was heard, but hey, the feature is there and even some of the echo people were against it.

Signal has so many footguns that I stopped recommending it. I know more than one person who lost all their messages and pictures when they switched phones.

I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging

Er, what? So no one you know uses Whatsapp, FB Messenger, Telegram, Google Talk, or anything else? I suppose it's possible that's true, but even if so, you and the people you know do not represent the common-case user.

That's correct, but so what? So does Tor. The US isn't a single unified entity. They get some funding from groups that promote encryption. Gov still wants encryption for their own people and for people in authoritarian countries (it's hard for normal people to overturn an authoritative government when all communications are watched. No need to discuss CIA). But also remember there's plenty of US gov groups that attack Signal too. Just saying "US funded" isn't strong enough on it's own. The gov has it's hands in everything so it's too noisy. You'd need to make an argument about it's dependency on that money, which they aren't. Records are public btw, they are a nonprofit.

Would they be able to resist a secret court order?

For the spam part, I commented below how’s that doesn’t work and it doesn’t even make sense for a messaging app.

I'm not sure why you need to assume that it will be linked back to your real identity;

I’m not assuming, only North America (edit: and some European countries) doesn’t require an ID for a phone number (1), and even in here, you would use it in other services that are linked to your real ID like banks or paying the phone bill online. The concept simply boils down to as soon as you find an account’s phone number, it’s a game over for that said privacy.

(1) https://www.comparitech.com/blog/vpn-privacy/sim-card-regist...

There are places where one's mobile phone is effectively one's identity. South Korea for example:

<https://www.nfcw.com/2022/10/20/379863/south-korea-to-roll-o...>

Neither Signal nor Telegram allow to pay a small amount in cryptocurrency to prove you are not a spammer. This shows that they are really interested in knowing who is their user.

Does Telegram still have a feature where you can see who nearby you is using Telegram? That to me is a reason alone to not install it.

Telegram's privacy is questionable but its UI is absolutely outstanding.

Telegram has channels and groups that work in a weird but very useful way. That's mostly the draw for me, not really the private messaging. Though the UX is just amazing, even for private messages. Everything is just super neat and where you expect it to be. I'd still probably not use it if it wasn't for how channels work

It is a way to increase usability for casual users

You can keep it as an option.

decrease spam by requiring some other source

Phone numbers never been a good way to counter spam, just look at social media, you can buy phone numbers in bulk these days, not to mention spam might work in social media because there’s the concept of “public space” where everyone shares and talk, so it does make sense for some bad actors to spam or even trying to influence others, that’s not the case in messaging app, because first I need to know your “unknown” username that I can’t see it elsewhere, and second, the efforts are worthy for such unsolicited message, which in case it was, you can get a burner to send it. The point is requiring a phone number to counter spam doesn’t work, and it doesn’t make sense either for messaging apps.

If you want a private messaging platform with zero prerequisite identity, use Briar.

Well, personally I don’t use Signal, never will in its current state, but they always try to promote it as privacy messaging app while still relying on a broken system known as GSM.

It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).

You either end up discriminating against users who have to use VOIP for whatever reasons (and there are legitimate reasons) by blocking VOIP numbers, or your barrier to entry for spammers is almost negligible. It's not a good system.

If you want to prove that users are humans, use a webcam and an id, or delegate the task to some bigcorp who already has a similar system. If that's too much for you in terms of privacy, you shouldn't be attempting to prove that users are humans in the first place. Maybe you should prevent spam via product driven solutions, e.g. whitelisted contacts.

For the people who really don't want a phone number, make them pay via mobilecoin. Lets them raise money and prevent spam.

It may decrease privacy philosophically, but it isn't nefarious.

It doesn't decrease privacy. It decreases anonymity which is distinctly different.

If you want a private messaging platform with zero prerequisite identity, use Briar.

Or Session which is a fork of Signal that runs it's own network using standard PKI instead of a phone number for identities and a decentralised message delivery/onion routing system.

How much spam did you get on ICQ? I remember getting a lot.

Yep, plus I (and many others) feel the US government is satisifed with the information that Signal provide to the government and it has to follow juristictions such as NSLs: https://dessalines.github.io/essays/why_not_signal.html#a-si...

The apps and most of the backend are open source too, not just the protocol.

The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).

Both the app and the server is open source

https://github.com/signalapp/Signal-Android https://github.com/signalapp/Signal-Server

There are forks like Session which doesn't require a phone number to sign up

https://github.com/oxen-io/session-android

They've described what they're attempting to be here: https://signal.org/blog/the-ecosystem-is-moving/

It's not [attempting to be an open ecosystem]. Their ToS used to forbid using third party clients. I don't think this has changed. They haven't banned anyone for using third party clients (to the best of my knowledge), but they're openly against an open ecosystem.

It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.

It's patently unforgivable that a message would not be delivered because the client is out of date.

The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.

In the US, cellular is often expensive and slow.

In underdeveloped countries where software like Signal could be really important, all this is even more true.

We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?

I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.

The answer is almost certainly no. It means the old APIs that expose phone numbers will stop working in 90 days. And old clients along with them.

I have not investigated this at all, but I have enough faith in Signal/Whisper Systems to be optimistic.

This is a common, but terrible argument. Anyone can (mis)use, make, or weaponise technology given enough time and funding. Following this reasoning to its logical extreme, nobody should ever do anything.

The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.

Done right, that fraction will be significant.

Don’t worry, telegram is now gatekeeping certain privacy settings behind the premium subscription like it’s 2003.

They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.

There was no confirmation prompt. Pretty sure this happened to me more than once.

Please don’t ever compare Telegram with Signal.

Telegram and Signal solves very different types of privacy issues.

Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).

But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.

Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.

Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.

Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).

Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.

Why do you say that Telegram isn't as secure as signal?

Telegram isn't a messaging service. It's a social network with a messenger UI. Quite ingenious, if you'd ask me, but a social network and a private messenger can't really be reconciled into a single product.

You're in luck because Signal had a whole blog post about long term financing a couple months ago.

https://signal.org/blog/signal-is-expensive/

I don't want to be too dismissive of Matrix, but I also see these types of comments as understanding what problem Signal is actually addressing: security for the masses. There's no way I'm getting my grandma on Matrix and you're delusional if you think she can setup a server. But it isn't hard to get my grandma on Signal and that's a much better security feature than federation or even not having phone numbers. If I want extreme security, you're right that there are better tools. But my threat model isn't trying to avoid nation state actors, it's mostly about avoiding mass surveillance, surveillance capitalism, and probably most importantly: sending a message to the gov to fuck off with all this spying. At the end of the day, there's no other app that's even close to fulfilling those needs.

I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.

And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?

[0] https://news.ycombinator.com/item?id=39446183

indeed, with an incoming Teams meeting invite, it should be determinable from the sender's context which account should work on the meeting. Instead there is 2 minutes of waiting, and what seems like pot luck with the account.

You can use these “features” to hijack accounts too ;)

I’d call them bugs, but they’ve been reported and didn’t get fixed.

Oh yeah it was more a joke than anything. Microsoft is just creating such a shitty environment. I can be logging in from my company portal where they know the identifier yet I still have to add @company.com. I mean I got one for my job, for my university, for conferences (CMT), and I swear I'm forgetting 30 others that I only use once in a blue moon.

They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.

I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.

Also nice to mention that some of those are connected and some are not. For example I have a personal account (that I did not create but appeared magically at some point; it behaves as totally separate), a work account (main work tenant) and three guest work tenants that share the password, but don't share the 2fa. For some apps you chose the tenant, but not for all.

I think the Signal devs hadn't thought this through at all and just blindly copied what Telegram was already doing thinking it must be cool and trendy with the masses, without understanding their core user base at all.

Same with prioritizing stories, stickers and crypto payments as core features of Signal when that's not what most of their users care for. Meanwhile there's still no official way to port your existing chat history on PC and iOS to your new device, or support for Android tablets. Obviously, stickers are more important.

I was all excited about Signal, but rarely use it because of this very feature. Once it started sending me notices about other users, I was extremely not happy. I was very hesitant since one of the first things it did was ask for access to contacts. I'm still pissed at myself for allowing it.

I uninstalled Signal and haven't looked back due to the constant `X from your address book has joined Signal` notifications that you can't disable.

I think you can turn that off with telegram, but I'm not sure if it's still the case.

now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.

yeah, you need to authenticate to delete the account (aka deregister). How else would they verify that you are the owner of the account you want to delete?

Signal has not supported SMS for quite a while now.

I personally don't have a problem with this feature, and it's actually how I discovered Signal use among many of my friends.

But I think it's inexcusable that these sorts of notifications could essentially allow someone to circumvent blocking done by one of their contacts. If I've blocked someone via my phone's default contact blocking mechanism, and then I join Signal, and that person is already on Signal, they should not suddenly be able to contact me... and even be explicitly invited to do so on their end!

I wouldn't be surprised, though, if neither Android nor iOS gives regular apps access to the blocked contacts list. So I'm not really sure how an app like Signal could solve this problem.

But in the 7.0 release, we added

great, but what about all of those people that installed before 7.0 and had it already happen to them? "oops" doesn't help. at. all.

How come it wasn't the default right from the start?

How can a privacy oriented company not see the privacy implication of this? Sometimes, you want to be forgotten by some people, and Signal is telling them you are still there and active on that number. I remember reading a story about someone getting into real trouble for that.

Without "usernames", the proper way to handle it would have been to not let anyone know you are on signal when they look up your number. To get into contact, send a message, then the recipient will receive a notification with the message and an option to rely. If the recipient doesn't respond, from the sender point of view, it should be as if the account didn't exist.

The list of phone numbers with signal accounts is basically public. It kind of has to be. When a new number gets added and it matches someone in your address book, your app will tell you that one of your contacts has joined. People have always had the ability to turn off that feature, but that's not what the feature request seems to be asking.

People seem to be asking for a way they can join Signal without their number showing up in the registry of Signal users. This is why it's "not possible".

edit: This may have changed today. I'm now seeing an option that lets me hide my number from the registry. This means that even someone with my phone number will not be able to message me on Signal, which seems like a good deal to me.

European quotation marks commonly have the left one down low and the right one up high. The same applies for single quotes. But using comma-backtick is deeply unorthodox.

It's ‚comma-apostrophe‘, actually.

It‘s what my phone made out of two presses of the same (single quote) button.

To give a definite answer to the discussion below - it seems Czech, Slovak, German, Slovenian and Croatian sometimes use this format. Here an authoritative source: the EU publications office:

https://op.europa.eu/en/web/eu-vocabularies/formex/physical-...

HellDivers 2 LFG rn is all about sharing Friendcodes... you can get a ton of them on discord or reddit... but then you end up haveing a "friendcode" cybermentally-distributed DNS system for them over time.

Six degrees will still exist.

(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?

---

OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...

So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2... but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...

still - even with random friend codes - six degrees is still available, easily.??

---

I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....

But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...

But I'd really like to know more about the arch and overall traffic flows etc of this game.

Its beautiful see "problems" like this explode in like ~2 weeks.

What do internet traffic graphs look like since growth, per carrier?

Not everyone I connect to on signal is a friend. same for e.g. journalists or government people who use Signal.

Why not "invite code" like Discord does it? This is literally the same thing.

Its a code, inviting other people to speak to you.

Yeah that seems to be the standard and very descriptive.

Maybe "contactcode" would be better in this situation, as it doesn't imply any specific relationship between participants.

But identifier already means something else (i'm used to identifiers being unique, constant, and useful for actually identifying someone).

I like “handle”. It’s short and conveys some mutability.

Regarding (a), apart from the inicial account setup, you can actually use the desktop client fully standalone.

Regarding (b), yeah that's still a bummer, though, depending on your country of residence, you can get throwaway SIM cards for free and use that.

Matrix doesn't have the same threat model as Signal, and isn't a 1:1 replacement for it. Matrix is great (maybe optimal) for things that would otherwise be Slack channels.

For users who want strong security in messaging, yet an easy way for anyone to use the platform Signal has a much better user experience. Over 95% of my messaging is on Signal. Almost none of those users will benefit in any way by switching to Matrix. While it's a great ecosystem, it's also too much work for people who don't want those features or flexibility.

My parents, in-laws, grandmother-in-law, and entire extended family is on Signal. It's the extended family group chat, video calls with grandparents/great grandparents, and the baby photo feed. That's mostly because you just install it and it works.

I have no idea how to get my extended family on a Matrix homeserver without extensive handholding. I can barely figure it out myself and I was a huge XMPP nerd that ran my own ejabberd server for years.

Sybil identities is currently an unsolved problem, the mitigation is the requirement of unique scarce resources (like phone number in this case)

Then let your phone number receive the spam instead?

Please stop peddling this horrible experience as a form of a valid backup. A process that requires full manual interaction and requires you to know ahead of time when your phone will break or be stolen is not a useful backup process.

Nope. Latest version.

I see it, but it just looks like it uses internal storage. So far as I know, there's no Drive File Stream/Dropbox sync for Android, so you'd still lose your shit if you weren't manually backing them up somewhere.

I doubt that's a habit many people will develop for a setting they didn't even know existed.

They're pretty bad. You can't specify where the backup goes, so if you are running low on storage space (eg if you have a lot of photos or videos to back up) and add an SD card, tough luck because you can't save there. The best you can do is manually export your media (also without any choice over where it goes) and then manually move it to the SD card to make space on your internal storage. They say this is for security but if an attacker is in a position to export your backup, they are already in your signal account.

Same story with the PIN signal requires if you haven't used it in a few hours. It's the same as your phone PIN and there isn't anywhere you can change it, so it's just security theater.

My cousin comment [1] provides a bit more detail, but this is not available on iOS/iPadOS despite Apple allowing apps to save files to the filesystem and many other apps supporting this for years now.

[1] https://news.ycombinator.com/item?id=39445286

I don't see that option in Settings > Chats on my iPhone. What device are you using?

There are no backups available on the iPhone/iPad app, only a device-to-device transfer while setting up a new device assuming your previous device and new device are both iPhones/iPads. This is despite support for apps storing files to the filesystem that was added some years ago now, and many other apps on those platforms supporting backups of custom file formats (or JSON, etc.).

https://support.signal.org/hc/en-us/articles/360007059752-Ba...

generate hashes based on user inputs or something.

Because friend codes were so popular on Nintendo.

Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.

Getting rid of phone numbers as identifiers

Unless I got the wrong end of the stick, that's exactly what they are not doing.

Could have gotten stavr.05

It's a brilliant design choice. At first I was like "What?" and now the more I think about it, the more I realize it is an absolute genius move.

People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.

more or less completely eliminates “vanity names” and the “value”

With notable exceptions, i’m sure, being username69 and username420 and a few others (a similar phenomenon happened in magic the gathering, when they introduced limited edition 500 print runs of cards with the serial number stamped on them, and the only ones you can really sell or command a good price for are 1, 69, 420 and 500)

This reasoning doesn't make sense to me. A spammer can make an account, but how would they contact me if they don't know my account handle?

Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.

I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.

They're resilient to spam, but often impossible to recover.

I had a spare SIM card that friends and family use when visiting from abroad. It's been unused for 90 days and has been deactivated. The number is lost, and irrecoverable. A friend had created a (second) Signal account with this number and can no longer log into new devices.

As a more mundane example: If I accidentally drop my phone into a river, the SIM is gone forever, and so is that line.

Sure, you can have a contract line which allows recovery. Depending on where you live, these can be several times more expensive than a regular pre-paid line.

Email is easier to recover and unlike a phone number you can actually own and control your email. There is no way of actually owning a phone number.

What’s a spam account anyway? If I create a new account per conversation does that count as spam? It puts exactly the same strain on Signal servers.

Why is the defining feature of being human the property of having a phone number?

Spam is indeed a hard problem to solve, but the issuance of phone numbers is not designed to be used as human identification.

Because a regular person, being given not a number for something, is going to call it a username.

Later explaining "you can have multiple usernames" is easier then trying to undo that conception. People are familiar with it. Your username is how you identify yourself on the computer in every context when it's not obviously your phone number.

It's absolutely a username. It can be changed arbitrarily whenever you like, and you'll probably in the future be able to have more than one name for the same underlying account, but it's still a username.

Other services do this too. For instance, you can sign up for some services with an email, and that's what you use to sign in, and you might be able to find other people by email if they let you, but you don't necessarily get shown someone's email on their profile, just the display name in their profile. And (in a well-designed service) you can change your email address at any time.

The point is to make it easier to verbally tell your friend "I'm vel0city23 on signal, add me" and have them actually remember.

It's not really permanent - you can change it as much as you want. Once someone has established a connection with you via your username once, that connection will still exist even if you change your username.

You should be able to choose your own threat model.

No.

I'm not a CIA operative, so, I'm willing to take that risk.

as long as only one of those is a phone

Do you know why this limitation?

Yeah, this is still my top requested feature. I have two phones, one is data only sim. I just want to be able to signal from both of them just like how I can on my mac and PC.

That's useful but not quite sufficient for this use case, though. The different devices currently have no way to sync chat history, so you'd lose all your old chats.

What I'd love to have is the ability to connect my phone and my laptop to the same Signal account, have them automatically sync chat history between each other, and then in the future if I add a new phone (e.g. because I've upgraded) my phone can sync from my laptop and get all of my message history.

My current work-around is just to use a group chat and have both work and personal accounts part of the chat. Fortunately, I only need to be able to chat with a few people (family) while off with the work phone so this isn't that big of a hassle, but it's something I wish I didn't have to do.

I don't want my counter-parties to have backups for e2e encrypted IM.

That's not your choice to make.

Ok but I can already do it on desktop (and it's even easier on Android), it's only missing on iOS. So this point is kinda moot...

The encryption key is in cleartext on desktop and the SQLite db is right next to it: ~/Library/Application Support/Signal/config.json

Run a windows VM, install signal desktop, bob's your auntie.

The devs are working on a cloud backup solution so not quite true, but it's also the one thing that's keeping me from recommending Signal https://signalupdateinfo.com/news/cloud-backups.html

The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.

"No one can read your chats, including you." — Signal

I think (but don't quote me on this) that you don't need the Signal phone app to start using it. As long as you have a phone that can receive text messages, I think you can also enter the confirmation number into the desktop app.

Also, if you forget to open the desktop app for a few weeks, it breaks the link and you have to go get your phone anyway.

And it doesn't show any messages that came in on the phone during that time, so you're missing context and in practice you just have to use the phone for everything anyway.

But will the other person really have two distinct chats with me in their list then? One with my username and one with my phone# ?

Why do you want to pay them?

And a way to pay signal anonymously?

Heh, I donate monthly to the Signal foundation but still get the occasional notification in the app to do so. In some sense, I am paying them anonymously :D

For most services to sign up, you also need an email address. This is also to help you recover your account in case you lost your password. A phone number can be used for this purpose too. Now you can share your Signal account with someone without sharing your phone number. Like you can share your Facebook username without sharing your email address.

Personal computers are big. They don't fit in your pocket. They don't lock when you hit a small button on the side. They are often shared. Your argument about locking down the whole computer is brought up every time someone wants this feature. The reality is, we want signal to be an application that anyone can use. Not everyone is a single male with enough income to have their own private computer.

Ugh. I shouldn't have even mentioned the feds. This isn't threat actor level stuff. The thing that bothers me is that if I let a non-technical user onto my computer to do something like write an essay for school, they might stumble upon some messages that should have been private. There's zero protection. That's why I called adding a pin the thinnest possible level of security.

Basically, Signal Desktop is a gaping security hole. That's why I said only the thinnest possible level of security.

Not really the case with signal anymore. if you want privacy you should look elsewhere.

Maybe in the US you don‘t need to mandatory register a phone number with a valid id, in most of the world you have to. If anyone can require the phone company to reveal your identity, it‘s the government.

I used Signal as my primary SMS app until that capability was stripped. It meant that so many of my conversations were Signal-by-default. But now, by attrition, most my conversations are back in SMS. I also find that simple things like programming the date and time of delivery - which Google Messages has - don't exist in Signal. (Or if they do, I have missed it because I'm no longer there unless I have to.

I have SMS, Whatsapp, Signal, and Threema installed, and it's a hot mess of disparate networks. I hate it.

I mean it's an incredibly over-saturated market. There are so many of these apps, they're all the same. There's little room for such errors IMO. But I'm willing to accept that it might have been an overreaction

Germany. Lots of privacy-focused minds. It became a bit of a topic during that crucial time when Whatsapp had some kind of scandal going on. I don't even remember the details. It was a chance of a lifetime for them. Well, in the end these apps are really all the same. I don't mind any of them really

I hope someone corrects me if I am wrong, but around two years ago he backed out of any responsibilities (ceo) after he bundled mobilecoin into the app.

Moxie is currently completing New Year's resolutions that his friends have assigned him: https://moxie.org/stories/year-of-the-challenge/

what is your point?

No idea about signal, but I haven't encountered any recent verification that worked on anything but a non-VoIP mobile number. My landline is useless for this and it isn't even VoIP.

Discord, while overall better than Telegram for privacy, will flag your ip / device / identity and require a phone number for new accounts if you do something like use a message archiver to back up conversations. Took me years to get the block removed (but not for my work account). It was a privacy nightmare for me and when I had to get an account for work I had to sign up for an additional cell phone service, which cost me thousands to this day.

I’m still nervous about making new accounts in case it triggers some process to lock me out of my one account that I don’t have a phone number for. I couldn’t join the baldurs gate 3 discord to find people to play the game with because it required a phone number on the account, which I was already forced to use for my work account.

On the other hand, I’m glad they actually do enforce their rules, unlike Telegram (which is a haven for scammers, pedos, radical communists, open market drug dealers, and terrorists, not to mention the soul-depleting interactions I’ve had overall with chat rooms there)

Well I don't think I should be told what apps they use