I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
Privacy ≠ anonymity
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
It’s libre software. Go host the server and change the clients to connect to your custom server and distribute the the users you need.
Are you saying I have to literally rebuild and distribute my own client APK if I want to use my own server? There’s no “settings” in the existing client where you say what server you want to use, like every email client has? That sounds obnoxious.
If you don’t trust Signal to run an unmodified server without malicious modifications, then why would you trust their build of the APK?
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Personally I have no problem using Signal’s servers
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Usually I only install APK’s from F-Droid, which always builds its apps from source, rather than using the developer’s APK. I’m uncomfortable that Signal doesn’t seem to be on F-droid, and I’m in fact hesitant to install it from anywhere else. I’m not currently set up to build Android apps myself. I’m a fairly unsophisticated Android user.
You can use Obtainium and get it straight from Github.
Signal on Android has had reproducible builds for years now.
Sources: Github Readme, Official blog post
Thanks. I’m not a sophisticated Android user and so far have just stayed with installing stuff from F-droid. If the official build matches the F-droid build, that’s great. At some point I want to spend some time bringing up Android build tools, but I have too much other stuff going on right now.
I just checked and I installed Signal from F-Droid.
It says Repository: Guardian Project on the app page.
Interesting, I wonder why it’s not in the main F-droid repo. Thanks.
Agreed, escaping WhatsApp and Discord is the most important part.
edit: nvm i re-read what you wrote
i agree it does mostly fulfill the criteria for libre software. perhaps not in every way to the same spirit as other projects, but that is indeed a separate discussion.
h̶o̶w̶ ̶m̶a̶n̶y̶ ̶c̶o̶m̶m̶u̶n̶i̶t̶i̶e̶s̶ ̶a̶r̶e̶ ̶d̶o̶i̶n̶g̶ ̶t̶h̶a̶t̶ ̶r̶i̶g̶h̶t̶ ̶n̶o̶w̶?̶ ̶i̶ ̶s̶u̶s̶p̶e̶c̶t̶ ̶y̶o̶u̶ ̶m̶a̶y̶ ̶b̶e̶ ̶d̶r̶a̶s̶t̶i̶c̶a̶l̶l̶y̶ ̶u̶n̶d̶e̶r̶s̶t̶a̶t̶i̶n̶g̶ ̶t̶h̶e̶ ̶b̶a̶r̶r̶i̶e̶r̶s̶ ̶f̶o̶r̶ ̶t̶h̶a̶t̶.̶ ̶b̶u̶t̶ ̶w̶o̶u̶l̶d̶ ̶b̶e̶ ̶d̶e̶l̶i̶g̶h̶t̶e̶d̶ ̶t̶o̶ ̶b̶e̶ ̶p̶r̶o̶v̶e̶n̶ ̶w̶r̶o̶n̶g̶.̶.̶.̶
Spam prevention
And discovery.
It’s not an argument. Think about regular mobile numbers, are they preventing spams? No.
What kind of spam are you talking about
Scams, girls wanting to chat with you, incredible money opportunities…
I misread the comment you replied to originally (thought they were referring to bot spam prevention)… Signal doesn’t work like the phone network, you can’t necessarily just “call” or “text” a random person. There’s also additional verification before you can send messages sometimes.
deleted by creator
Are you seeing spam on signal? Do you even know why spam is possible on phone networks and what the difference is between phone networks and the internet?
The point, I believe, wasn’t about spam but likely got derailed. It was probably about the phone number requirement being unnecessary. I’ll just add that even if it is, it’s a measure geared towards common users that often need to recover access to their accounts through means they’re already familiar with, as is a verification SMS. It’s not the safest nor the most private, but it’s easier to deal with for most people. Whoever wants something that doesn’t depend on a SIM or eSIM should try Briar and SimpleX. None of these will be a perfect solution for every single person though.
I don’t know what is spam for you, but when you get three message requests from three girls respectively named Tania, Clara and Ella that are contacting you about you carrier or your management skills, I call it spam.
The way that Signal integrates phone number is odd because it opens up the spam door. O understand why Signal use phone numbers this way (to make “normies” adopt Signal more easily like WhatsApp would do) but it not the best to kind of contaminate the network with the traditional cell network
Because Signal has a low user base. Why Spam on Signal, if you can reach everyone with an SMS?
deleted by creator
So, you’re going to get two schools of thought on this, and one of them is wrong. Horrendously wrong. For perspective, I was a certified CEHv7, so take that for what its worth.
There’s a saying in security circles “security through obscurity isn’t security,” which is a saying from the 1850s and people continually attempt to apply the logic to today’s standards and it’s–frankly stupid–but just plain silly. It generally means that if you hide the key to your house under the floor mat, there’s no point to having the lock, because it doesn’t lend you any real security and that if you release the schematics to security protocols and/or devices (like locks), it makes them less secure. And in this specific context, it makes sense and is an accurate statement. Lots of people will make the argument that F/OSS is more secure because it’s openly available and many will make the argument that it’s less secure. But each argument is moot because it deals with software development and not your private data. lol.
When you apply the same logic to technology and private data it breaks down tremendously. This is the information age. With a persons phone number I can very likely find their home address or their general location. Registered cell phones will forever carry with them the city in which they were activated. So if I have your phone number, and know your name is John Smith, I can look up your number and see where it was activated. It’ll tell me “Dallas, Texas” and now I’m not just looking for John Smith, I’m looking for John Smith in Dallas, Texas. With successive breakdowns like this I will eventually find your home address or at the very least your neighborhood.
The supposition made by Signal (and anyone who defends this model) is that generally anyone with your private number is supposed to have it and even if they do, there’s not much they can do with it. But that’s so incredibly wrong it’s not even funny in 2025.
I’ve seen a great number of people in this thread post things like “privacy isn’t anonymity and anonymity isn’t security,” which frankly I find gobstopping hilarious from a community that will break their neck to suggest everyone run VPNs to protect their online identity as a way to protect yourself from fingerprinting and ad tracking.
It frankly amazes me. Protecting your data, including your phone number is the same as protecting your home address and your private data through redirection from a VPN. I don’t think many in this community would argue against using a VPN. But why they feel you should shotgun your phone number all over the internet is fucking stupid, IMO, or that you should only use a secure messaging protocol to speak to people you know, and not people you don’t know. It’s all just so…stupid.
They’ll then continue to say that you should only use Signal to talk to people you know because “that’s what its for!” as if protecting yourself via encryption from compete fucking strangers has no value all of a sudden. lol
You have to be very careful in this community because there are a significant number of armchair experts which simply parrot the things that they’ve read from others ad-nauseam without actually thinking about the basis of what they’re saying.
OK. That’s my rant. I’m ready for your downvote.
The only thing I’ll tack onto this is that with the introduction of Signal usernames, you still have to give Signal your number to verify that at least on some level, you probably are a real person. As someone with 5 different phone numbers, probably doesn’t stop spam as much as they’d hoped, but more than they feared, but at least now you don’t have to give that Craigslist guy who uses Signal your phone number, just your username. Is that the best method? I dunno, but but it is something.
I was unaware of this change, and it’s perfectly acceptable. No one has any ground to lambast Signal for requiring phone numbers to get an account. I think that’s a perfectly reasonable spam mitigation technique. The issue is having to shotgun your phone number to every Howard and Susan that you want to use Signal to communicate with.
This was honestly the only thing holding me back from actually using Signal. I’ll likely register for an account now.
If you are even remotely involved in any activist type of things, you certainly don’t want this US government honeypot have your phone-number and device id.
At least in theory, this is mitigated. The signal activation server sees your phone number, yes. If you use Signal, the threat model doesn’t protect you from someone with privileged network or server access learning that you use Signal (just like someone with privileged network access can learn you use tor, or a vpn, etc).
But the signal servers do not get to see the content of your group messages, nor the metadata about your groups and contacts. Sealed sender keeps that private: https://signal.org/blog/sealed-sender/
You would obviously want to join those groups with a user Id rather than your phone number, or a malicious member could out you. It’s not the best truly anonymous chat platform, but protection from your specific threat model is thought through.
edit: be sure to go to Settings > Privacy > Phone Number. By default anyone who already has your phone number can see you use signal (used for contact discovery, this makes sense to me for all typical uses of Signal), and in a separate setting, contacts and groups can see your phone number. You will absolutely want to un-check that one if you follow my suggestion above.
There are some mitigations in place, yes, but Sealed Sender on a centralized platform is snake-oil as someone with server access can easily do a timing attack and discover who communicated with whom.
That a timing attack could be successful is not a given. It’s a possibility, yes, but there is very likely sufficient mixing happening to make that unrealistic or unreliable. An individual doesn’t create much traffic, and thousands are using the server constantly. Calling it a honeypot or claiming the phone number and device is are available is a stretch.
Timing attacks can work in tor when you are lucky enough to own both the entrance and exit node for an individual because very few people will be using both, and web traffic from an individual is relatively heavy and constant to allow for correlation.
A timing attack is extremely realistic when you control one of the end devices which is a common scenario if a person gets arrested or their device compromised. This way you can then identify who the contacts are and with the phone number you can easily get the real name and movement patterns.
This is like the ideal setup for law inforcement, and it is well documented that honeypot “encrypted” messengers have been set up for similar purposes before. Signal was probably not explicitly set up for that, but the FBI for sure has an internal informant that could run those timing attacts.
Spam accounts are clearly the biggest factor for not letting anyone just sign up with an email. Although getting a new email without a phone verification is getting increasingly hard now.
Everything is a balancing act. Privacy, anonymity, and security aren’t the same things. They’re sometimes, and in some aspects always, difficult to achieve without compromising one of the other two.
When you add in the goal of quick, easy setup to make the service useful in the first place. Doesn’t matter how good the service is at the trinity if nobody is willing to use it. Signal just errs on security first, privacy second, anonymity third.
Signal fills an incredibly important spot in a spectrum of privacy and usability where it’s extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it’s not the best, but it’s a hell of a lot easier to convince friends and family to use Signal than something like Matrix.
Privacy ≠ Anonymity ≠ Security
One of the design goals is that they don’t have a user database, so governments etc can’t knock down their door demanding anything. By using phone numbers your “contacts” are not on their servers but local on your phone.
But your phone number is, and thus every agency can get your full name and address and location.
Yes but only yours. That’s still better and only having to knock on one door to get everything.
If I’m the target, then this is enough.
You are not the only person using Signal.
and then every phone number on your phone by arresting you and searching your phone.
This sounds like it’s a problem no matter what method of communication you use, unless you keep no address book and memorize everything.
deleted by creator
During registration they want a phone number to send a verification code. I know I am me. They don’t need to verify that.
They do. Otherwise anyone can register with your phone number and start messaging as if they were you.
If you want more privacy you’d need something like Simplex.
… but why require numbers in the first place.
They need to verify using a phone number because otherwise other people could sign up using your phone number and pretend to be you? What?
They can only sign up using your phone number if they do require a phone number. If they didn’t ask for a phone number then how would people sign up using your phone number?
deleted by creator
That’s WRONG they have a Database of every Phone number registered to them and metadata like the last time they logged in. You send all your contacts numbers to signal so they can respond who is also using Signal.
The amount of trolls in this thread that either try to spew false information intentionally or just have no idea what they are talking about is insane.
If you are worried about what data (including your phone number) law enforcement can recieve (if they have your specific user ID, which is not equal to your phone number) from the Signal company check this: https://propertyofthepeople.org/document-detail/?doc-id=21114562 Tldr: It’s the date of registration and last time user was seen online. No other information, Signal just doesn’t have any other and this is by design.
If you want to know more about how they accomplish that feat you can check out the sealed sender feature: https://nerdschalk.com/what-is-sealed-sender-in-signal-and-should-you-enable-it/
or the private contact discovery system: https://signal.org/blog/private-contact-discovery/
Also as Signal only requires a valid phone number for registration you might try some of these methods (not sure if they still work): https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/
edit: it’s funny how people downvoting comments about signal’s sealed sender being a farce never even attempt to explain what its threat model is supposed to be. (meaning: what attacks, with which adversary capabilities specifically, is it designed to prevent?)
Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.
Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.
I don’t know what you mean by “bait” here, but…
Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.
(fuck whatsapp and discord too, of course.)
When it’s libre software, we’re not banned from fixing it.
SimpleX is better
Escaping WhatsApp and Discord, anti-libre software, is most important part.
When it’s libre software, we’re not banned from fixing it.
Signal is a company and a network service and a protocol and some libre software.
Anyone can modify the client software (though you can’t actually distribute modified versions via Apple’s iOS App Store, for reasons explained below) but if a 3rd party actually “fixed” the problems I’ve been talking about here then it really wouldn’t make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.
Only Signal (the company) can approve of changes to Signal (the protocol and service).
Here is why forks of Signal for iOS, like most seemingly-GPLv3 software for iOS, cannot be distributed via the App Store
Apple does not distribute GPLv3-licensed binaries of iOS software. When they distribute binaries compiled from GPLv3-licensed source code, it is because they have received another license to distribute those binaries from the copyright holder(s).
The reason Apple does not distribute GPLv3-licensed binaries for iOS is because they cannot, because the way that iOS works inherently violates the “installation information” (aka anti-tivozation) clause of GPLv3: Apple requires users to agree to additional terms before they can run a modified version of a program, which is precisely what this clause of GPLv3 prohibits.
This is why, unlike the Android version of Signal, there are no forks of Signal for iOS.
The way to have the source code for an iOS program be GPLv3 licensed and actually be meaningfully forkable is to have a license exception like nextcloud/ios/COPYING.iOS. So far, at least, this allows Apple to distribute (non-GPLv3!) binaries of any future modified versions of the software which anyone might make. (Legal interpretations could change though, so, it is probably safer to pick a non-GPLv3 license if you’re starting a new iOS project and have a choice of licenses.)
Anyway, the reason Signal for iOS is GPLv3 and they do not do what NextCloud does here is because they only want to appear to be free/libre software - they do not actually want people to fork their software.
Only Signal (the company) is allowed to give Apple permission to distribute binaries to users. The rest of us have a GPLv3 license for the source code, but that does not let us distribute binaries to users via the distribution channel where nearly all iOS users get their software.
Yeah, iOS is not libre software.
it’s being answered in the github thread you linked. Sorry that this is not enough for you but it’s enough for most people: “For people who are concerned about this sort of thing, you can enable sealed sender indicators in the settings”
it’s being answered in the github thread you linked
The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to “unsealed sender”.
That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does “enable sealed sender indicators”).
This can be separated into two different questions:
- For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
- For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?
The strongest possibly-true statement i can imagine about sealed sender’s utility is something like this:
For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.
This is a vastly weaker claim than saying that “by design” Signal has no possibility of collecting any information at all besides the famous “date of registration and last time user was seen online” which Signal proponents often tout.
This shows they do not need our phone numbers but they still demand it.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
No it doesn’t. What is a need? It is for troll and spam and bot protection. How does the links show that there is no need for it?
SimpleX
And it uses same tech as Signal.
However getting friends to join Simplex is complicated by two annoyances:
(1) It gets confused by an invite URL coming from facebook (it doesn’t know to strip the appended Facebook tracking code - as trivial as it is).
(2) When the invite is via a QR code you must scan it with SimpleX not your native camera app. Invitees just give up.
Isn’t the QR Code a link you could also open in a web browser?
No it isn’t a URL. But that would indeed be the way they could make it work. If they did that, then…
If you don’t have the app installed it installs it from the web site. If you have it installed then the app takes over instead of the web browser. That is how many apps work (eg Reddit).
I hope it gets multi device support and sync one day, in a way that just works
You can just make a group for each contact with all of your (and their) devices in it.
It’s still a shitty workaround
If people contact me, I can’t expect them to create a group…
You can configure one or more of your profiles’ addresses to be a “business address” which means that when people contact you via it it will always create a new group automatically. Then you can (optionally, on a per-contact basis) add your other devices’ profiles to it (as can your contact with their other devices, after you make them an admin of the group).
It’s not the most obvious/intuitive system but it works well and imo this paradigm is actually better than most systems’ multi-device support in that you can see which device someone is sending from and you can choose to give different contacts access to a different subset of your devices than others.
Indeed, didn’t know that.
I prefer having the possibility of having multiple devices under the same profile 🤷
Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It’s not designed to be an anonymous service, just a private one.
It’s not designed to be an anonymous service, just a private one.
I think this needs to be said a lot more often and a lot louder. Anonymous and private are NOT necessarily the same thing, nor should the expectation be that they are. Both have a purpose.
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
I think it’s important to remember de difference between being private and being anonymous. Signal IS private. It’s not anonymous. The same is true for many other apps/services.
Personally I like to be private. I don’t really need to be anonymous.
It’s focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.
no middleman
Signal is not P2P
No but it’s e2ee.
deleted by creator
End-to-end encryption have been designed so that a “middleman” such as Signal can’t read your conversation. Signal goes even further by encrypting metadata protecting other information such as who you’re talking too and at what time (some technical and targeted attack could however determined these).
In asymetrical cryptography we tend to assume that what we call middleman is a third-party placed between the two peers during the public key exchanges (such as handshake). Signal is indeed a middleman on the infrastructure level but the software has been designed to protect you from middlemen having access to the raw, unencrypted data.
That say if you don’t verify your peer’s public key it’s not impossible that someone has done a man-in-the-middle attack and that you’re sending message to him and he’s rerouting them to your peer, etc… However this is unrealistic for the average person.
So even if it’s not a p2p infrastructure but some centralized servers we can assume that there is no middleman thanks to e2ee.
You can’t just write three paragraphs (that contain half-truth, half-misinformation) about how Signal is the middleman and then conclude “you can assume there’s no middleman”. You can’t assume that. Signal is the middleman. There’s no arguments to be made against this. Signal doesn’t claim they aren’t the middleman either.
Do you know that using most P2P messenger you still rely on multiple ISP and big tech owned communication wire in order for your message to get delivered, even if there is no central server ?
What’s your point?
I am referring at man-in-the-middle attacks
Of course. Sorry, but I meant no middleman as in minifying the role of the server in your messahing. Signal’s goal is to ensure the server cannot have access to your messages and its only role is to receive and send data.
Signal IS the middleman.
THATS WRONG! Signal Server can just do a man in the middle as you try connecting to your contact for the first time. You need to verify the fingerprint manually which is not very obvious and present in the UI. In SimpleX.chat you automatically verify the fingerprint, as its the way to establish the chat to your contact and is included in the way you distribute the contact to you.
Signal is not perfect but we control its app, libre software. See SimpleX Chat.
Escaping WhatsApp and Discord, anti-libre software, is more important.
Why we need to defeat those first? We can go straight to SimpleX?
What SimpleX, Signal, or any app like this need first and foremost is traction, as new users generate more new users. One of Signal’s goals is usability (usually achieved by being simple, as in no complexity for the end user). In my opinion SimpleX lacks that. This is the same reason Signal needs a phone number: populating your contact list with users already on the platform
reason Signal needs a phone number: populating your contact list
Wrong, it is not optional.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
You can go to Simplex (for sure a lot of people here already done it) but if only privacy nerds get to this place this is not a great solution. We (I’m talking about us using Lemmy and chatting on SimpleX) must convince people, starting by friends and family to stop using these fucking socials then at this point SimpleX will be considered as a viable alternative
deleted by creator
Because the entire point of using communication programs is to communicate with people other than yourself.
Escaping WhatsApp and Discord, anti-libre software, is more important.
