this post was submitted on 08 Nov 2023
520 points (98.7% liked)

Privacy

32173 readers
444 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 116 points 1 year ago (1 children)
[–] seaQueue 36 points 1 year ago* (last edited 1 year ago) (4 children)

Now if they'd just let me run the damned client on more than one device so I can reply to messages from my tablet.

[–] clif 17 points 1 year ago (1 children)

I'm running it on phone, tab (long ago), and desktop... What do you mean?

[–] [email protected] 17 points 1 year ago (3 children)

Maybe they mean how the messages don't sync between devices

[–] clif 15 points 1 year ago (1 children)

Ah, I thought that was by design.

[–] [email protected] 22 points 1 year ago (2 children)

But they do sync. They just don't keep messaging history, which is, as you say, by design. Signal doesn't keep copies of your messages so they cannot give you old message history if you connect your account to a new device.

[–] [email protected] 12 points 1 year ago (5 children)

That's true, but once you trust a new device, there's no reason the authority (your phone that has all history) couldn't transfer the history over to the new client.

I get it would add some complexity, but it could be done in a secure and private way.

[–] UnculturedSwine 12 points 1 year ago (1 children)

I feel like that is also by design. If your account is compromised, you wouldn't want them to be able to pull messages from your existing devices. It kinda defeats the purpose of them not being stored on the servers.

[–] [email protected] 5 points 1 year ago

They could just make it opt-in, no?

"New device X has logged in to your account. Do you want to transfer existing history on this device to it?"

load more comments (4 replies)
[–] hansl 3 points 1 year ago

They could sync those between devices on the same network. It’s definitely possible to have both.

[–] CaptainS7ark 3 points 1 year ago (1 children)

Probably mean run it on more than one phone. I'd love to run it on my iPhone and my android phone but it can't be run without a phone number on a phone afaik

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 5 points 1 year ago

Take a look at Molly for your tablet!

load more comments (2 replies)
[–] [email protected] 81 points 1 year ago* (last edited 1 year ago) (3 children)

Still sucks you will need a phone number to use it though. Hopefully they adopt meshnet type technology similar to https://berty.tech so people can communicate even when the internet is shut off across all platforms with end to end encryption

[–] n00b001 39 points 1 year ago (4 children)

My mouth waters at the idea of decentralised, infrastructure-less, encrypted, p2p, mesh messaging

Thanks for pointing me towards Berty!

[–] [email protected] 8 points 1 year ago

infrastructure-less

I'd say it is infrastructure-agnostic and not necessarily without infrastructure.

[–] [email protected] 7 points 1 year ago (1 children)

There's Briar, but I am upset they don't have the bluetooth mesh functionality on desktop at least yet, and I don't know if you can make it work in a VM.

[–] n00b001 4 points 1 year ago

I think I tired Briar, but I either couldn't get it working on android or on iOS

[–] [email protected] 5 points 1 year ago (2 children)

In the world of Mobile, you’re always going to have to have some kind of signalling protocol that will have to be through someone else Simply because establishing listening functions that help push notifications reach you at all consumes battery. In this case, I think what the real thing should be is, if we should be trusting these push notification systems We should be able to host them as well Servers we choose to associate with our devices

load more comments (2 replies)
[–] [email protected] 13 points 1 year ago

Another day, another chat service.

load more comments (1 replies)
[–] shotgun_crab 35 points 1 year ago (4 children)

Why are phone numbers a requirement anyway

[–] [email protected] 29 points 1 year ago (1 children)

To validate that a user is a person. The idea is to trust the phone companies that a person who happens to possess a phone number is actually a person.

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 4 points 1 year ago (1 children)

I never said it was a good solution. There is no way to trust any validation that a user on the Internet is a person. But this way is cheap easy and most people aren't gonna go through the effort of masking their identities.

Also one discrepancy in an audit of a phone number trusted user base sticks out enough for cops to make some progress.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 19 points 1 year ago (1 children)

People are putting too much thought into this. It's discovery. Signal is a WhatsApp alternative. You switch from WhatsApp and want to know which of your contacts you can still talk to? No action necessary, you can do it right away.

Simple as.

Try doing that without a phone number.

[–] shotgun_crab 3 points 1 year ago* (last edited 1 year ago)

I guess that's true, but I'd prefer the phone number part being optional. If you don't give it, you don't get access to the easy migration or discovery features, but you get to hide your phone number.

Edit: It's not that I don't trust them, either.

[–] crimsdings 9 points 1 year ago

You need some sort of verification that the person is a person. Phone number puts a layer between you and the service you are trying to use - the provider of the number. The provider holds your identity but only passes on a phone number.

It's definitely not ideal, but not bad

[–] [email protected] 5 points 1 year ago (2 children)

Some question to be honest. I cannot expect any privacy if I have to share my phone number.

[–] sudneo 18 points 1 year ago (1 children)

Privacy and anonimity are different things. As long as nobody besides you and the indented destination(s) has access to the content of your communication, that communication maintains privacy, even if everyone sees that it's you talking.

Also, and this is something I mention all the time, the only information this gives is that you use signal. Besides that, as soon as anybody else registered your phone in their contact list, your phone number is already known and associated with you considering that many apps (like all the meta ones) gain access to the contact list and the chance that anybody who has your phone number uses one of those is almost 100%.

[–] JubilantJaguar 7 points 1 year ago

App-accessible contact lists is the original sin of smartphones. As a result, a few powerful corporations know the social graph of entire countries. The handful of people who make efforts to stay anonymous be damned - they're in the database too thanks to their friends. This one infuriating feature makes decent privacy all but impossible.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

They do their best to use the number in ways no one but your contacts who use Signal can actually see what that number is, to be fair. And you're still private either way. What a phone number breaks is anonymity, which is something they don't explicitely claim to give you. (I think)

[–] [email protected] 31 points 1 year ago (5 children)

What is this stupid website. Cant open it because they have banned my IP. Why the fuck do they ban MullvadVPN servers?

[–] [email protected] 22 points 1 year ago

Some malicious users do use VPNs to send spams and many websites automatically bans these IPs. Normally switching to a different VPN server will resolve the issue.

[–] [email protected] 9 points 1 year ago (2 children)

Surprisingly it's fine on Tor.

load more comments (1 replies)
[–] [email protected] 7 points 1 year ago

Banned on my VPN, too, good to know I shouldn’t be aggravated at my service.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Try a different server. I've never had any issues accessing bleepingcomputer with Mullvad.

[–] [email protected] 14 points 1 year ago (2 children)

c'mon Signal, gimme that apk & I give you some logs in return, don't make it hard on me

[–] [email protected] 14 points 1 year ago

They want you to do just that: https://community.signalusers.org/t/public-username-testing-staging-environment/56866 That link has instructions on how to sign up.

load more comments (1 replies)
[–] [email protected] 14 points 1 year ago

omg i’m so excited for this

load more comments
view more: next ›