this post was submitted on 20 Feb 2024
212 points (98.2% liked)

Privacy

32173 readers
1839 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.world/post/12200311

Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private

top 21 comments
sorted by: hot top controversial new old
[–] [email protected] 33 points 9 months ago* (last edited 9 months ago) (2 children)

Whittaker says that, for better or worse, a phone number remains a necessary requisite

Worse. It is for the worse. We sure did wait a long time for this half measure, Signal.

[–] [email protected] 34 points 9 months ago (4 children)

Is there a reasonable alternative, though? Email addresses? Adding a cryptographic challenge to prevent somebody from generating tons of accounts?

As far as phone numbers go, I'm not a big fan of Signal having them, but I definitely prefer not having to give them out! That change is a huge deal to me, as I can now communicate with people without handing them a phone number. And Signal has provided their client and server source code, along with evidence that their servers store absolutely nothing.

Nowadays, the most likely way your Signal data will get leaked is if somebody screenshots it.

[–] [email protected] 5 points 9 months ago

Jami doesn't require a phone number, which is p2p. Xmpp (+ Omemo) doesn't require a phone number and it's federated... I mean, if a service is willing to rid of phone numbers, it'll do totally without them.

[–] [email protected] 3 points 9 months ago (1 children)

The challenge of having your device solve a nasty PoW that takes minutes would not deter most people: a timer once is better than evil captchas, phone numbers, etc. I don't understand why they use hCaptcha and not that.

[–] [email protected] 9 points 9 months ago (1 children)

If one computer can create a single spam account every few minutes, imagine how many total spam accounts could be created by a small farm of computers, in a single day.

[–] [email protected] 0 points 9 months ago

A lot, but farming phone numbers from poor countries is also cheap and Signal sends them insanely expensive SMS. There is no perfect solution, spammers aren't stupid. Since Signal is centralised they can enforce PoW incrementally if they get reports for spam, I still think it is way better than hCaptcha which is garbage.

[–] [email protected] 1 points 9 months ago (1 children)

phone numbers for spam prevention are a bandaid for a mediocre solution. the mediocre aspect being that it's totally centralized when it should at least be federated like SimpleX. SimpleX is the ultimate solution to be honest with you, it's federated, fast, extremely private and extremely secure.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

I don't mind SimpleX. I use it myself, sometimes. But it is also currently a very obscure service, and it's not exactly easy to find people to communicate with. Phone numbers, and now usernames, provide a jumping-off point for that.

How do you find people on SimpleX and then make sure you're talking to them in a group later on? Right now, that's really hard.

And right now, SimpleX is pretty small, so if it starts expanding in that first area, how would it prevent spam?

[–] [email protected] -2 points 9 months ago (2 children)

It’s the signal metadata that they want to keep associated with an identity

They still can fulfill government requests for who is talking to who and how often

[–] [email protected] 9 points 9 months ago

Only the recipient number has been in the messages, so unless Signal servers have been compromised, and they've figured out how to associate sender IP addresses with phone numbers, and they've never been caught by the multiple government demands from them... I think it's fair to say

  1. they probably don't keep these logs, and
  2. they made it about as hard as possible to do
[–] [email protected] 7 points 9 months ago

Got proof for that last claim?

I thought their sealed sender feature was meant to prevent exactly this scenario.

[–] Landless2029 3 points 9 months ago

Maybe use a VOiP for verification?

[–] [email protected] 7 points 9 months ago* (last edited 9 months ago)

Fucking beta release . I'm not making google account to download the apk

[–] Rustmilian 2 points 9 months ago
[–] [email protected] -1 points 9 months ago (1 children)

Signal is one of those apps that is good because it is popular and old.

However, they need to step up there game if they want to compete with other messagers.

[–] [email protected] 8 points 9 months ago (1 children)

Its also the only really free messenger. Free as in freedom and no money.

[–] [email protected] 5 points 9 months ago (2 children)
  • Session
  • Briar
  • Simplex Chat
  • Jami (unproven)
[–] [email protected] 6 points 9 months ago (1 children)

I use Jami daily. The pro is that it is completely decentralised: it doesn't need a server to run, all communications are over DHT. The cons is that not all messages are delivered instantly, and both sender and recipient need to be online at the same time.

[–] [email protected] 3 points 9 months ago (1 children)

Be careful as its not been audited

[–] [email protected] 0 points 9 months ago

I am not expecting security from it, just complete decentralisation.

[–] [email protected] 3 points 9 months ago

Yeah mainstream messenger that other people have. I personally like briar but it sucks my battery dry in houra.