I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

  • pwalker@discuss.tchncs.de
    0·
    18 hours ago

    The amount of trolls in this thread that either try to spew false information intentionally or just have idea what they are talking about is insane.

    If you are worried about what data (including your phone number) law enforcement can recieve (if they have your specific user ID, which is not equal to your phone number) from the Signal company check this: https://propertyofthepeople.org/document-detail/?doc-id=21114562 Tldr: It’s the date of registration and last time user was seen online. No other information, Signal just doesn’t have any other and this is by design.

    If you want to know more about how they accomplish that feat you can check out the sealed sender feature: https://nerdschalk.com/what-is-sealed-sender-in-signal-and-should-you-enable-it/

    or the private contact discovery system: https://signal.org/blog/private-contact-discovery/

    Also as Signal only requires a valid phone number for registration you might try some of these methods (not sure if they still work): https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/

    • Autonomous User@lemmy.worldEnglish
      0·
      17 hours ago

      This shows they do not need our phone numbers but they still demand it.

      However, escaping WhatsApp and Discord, anti-libre software, is more important.

      • Undertaker@feddit.org
        0·
        10 hours ago

        No it doesn’t. What is a need? It is for troll and spam and bot protection. How does the links show that there is no need for it?

        • Arthur Besse@lemmy.mlEnglish
          0·
          17 hours ago

          Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

          I don’t know what you mean by “bait” here, but…

          Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.

          (fuck whatsapp and discord too, of course.)

            • Arthur Besse@lemmy.mlEnglish
              0·
              15 hours ago

              When it’s libre software, we’re not banned from fixing it.

              Signal is a company and a network service and a protocol and some libre software.

              Anyone can modify the client software (though you can’t actually distribute modified versions via Apple’s iOS App Store, due to Apple’s binary distribution system being incompatible with GPLv3… which is why unlike the Android version there are no forks of Signal for iOS) but if a 3rd party actually “fixed” the problems I’ve been talking about here then it really wouldn’t make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.

              Signal (the company) must approve of and participate in any change to Signal (the protocol and service).

      • pwalker@discuss.tchncs.de
        0·
        17 hours ago

        it’s being answered in the github thread you linked. Sorry that this is not enough for you but it’s enough for most people: “For people who are concerned about this sort of thing, you can enable sealed sender indicators in the settings”

        • Arthur Besse@lemmy.mlEnglish
          0·
          17 hours ago

          it’s being answered in the github thread you linked

          The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to “unsealed sender”.

          That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does “enable sealed sender indicators”).

          This can be separated into two different questions:

          1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
          2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

          The strongest possibly-true statement i can imagine about sealed sender’s utility is something like this:

          For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

          This is a vastly weaker claim than saying that “by design” Signal has no possibility of collecting any information at all besides the famous “date of registration and last time user was seen online” which Signal proponents often tout.