Privacy

37774 readers

892 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

168

Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)

submitted 1 day ago by 0101100101@programming.dev to c/privacy@lemmy.ml

255 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments

[–] plz1@lemmy.world 11 points 1 day ago (2 children)

They can "request" it all day long. Signal doesn't store them beyond the time needed to deliver to the end user device, and while (temporarily) stored, it's encrypted in a way Signal's service cannot read.

[–] 0101100101@programming.dev -5 points 1 day ago* (last edited 1 day ago) (3 children)

huh? so the phone number is encrypted in a way that can't be read, but an sms is sent to the phone? ... a separate company sends the text on behalf of signal? so that separate company logs the phone number, the timestamp and who knows what else.

[–] xthexder@l.sw0.com 5 points 1 day ago

Signal doesn't use SMS anymore, and all messages are sent over encrypted Internet protocol. Any servers in between won't see the phone number, it's not needed to deliver the message, it's using an IP address at that point and the entire message metadata is encrypted. Signal is the only one that can see the phone numbers, which they use to identify multiple clients as a single user and route messages accordingly.

[–] plz1@lemmy.world 1 points 1 day ago

Signal doesn't use SMS at all, once you have enrolled. The phone number is used to validate people and exclude bots, during registration. As others have noted, you can hide your number from other users, as well.

[–] JackbyDev@programming.dev 0 points 1 day ago

What are you on about right now? I don't mean that sarcastically, I really am wondering what your concern is. Are you concerned that because your phone number is associated with Signal that police will know you use Signal?

[–] solrize@lemmy.world -5 points 1 day ago (1 children)

The phone carrier at least here in the US is required to store the call data for 18 months, according to the one that I use.

[–] dubyakay@lemmy.ca 11 points 1 day ago (1 children)

What does that have to do with Signal?

[–] solrize@lemmy.world -4 points 1 day ago* (last edited 1 day ago) (2 children)

The claim is that Signal's phone verification step doesn't cause privacy problems because Signal (purportedly) doesn't retain the phone numbers after verification. That claim is falsified because the phone carrier stores the call record even if Signal doesn't. They store it because of the same law that makes them turn it over to Big Brother on demand. The phone verification step is, therefore, a privacy problem. Obviously there are similar issues with IP routing, but at least I can use a VPN with an endpoint in another country.

[–] dubyakay@lemmy.ca 5 points 1 day ago (1 children)

No, that wasn't the claim. Phone numbers are used for sign up, but the post's OP was talking about messaging meta data. Messaging meta data doesn't go through your carrier and is encrypted.

If you check the publication of signal's cases where they had to hand out data, and in reverse the FBI leak that listed analysis of all messenger apps by what data they were able to acquire in most cases, Signal came out as one of the top options.

[–] solrize@lemmy.world 1 points 1 day ago

Oh I see what you mean. But a big enough data dump from the phone carriers identifies all of Signal's users, not good.

[–] plz1@lemmy.world 0 points 1 day ago (1 children)

The "record" is a SMS verification code. All that will tell the government is that you registered for Signal, nothing else.

[–] solrize@lemmy.world 2 points 17 hours ago

Telling the govt that you registered for Signal sounds like a bad failure as far as I'm concerned, e.g. if you are a user in a repressive regime. Do you think Trump would like to get his hands on a list of all the Signal users in the US? Probably yes. What would he do with the list? IDK but it has to be bad. So it should be an objective of Signal to make it impossible for anyone to create such a list.

Anyway, it sounds like Signal has wised up and is getting rid of the phone number requirement. I don't understand why people here keep defending the misfeature. I've heard such things explained as "system justification" but I still don't understand it. All of us make poor decisions all the time, but we should at least make some effort to recognize them, and fix them when possible.

https://en.wikipedia.org/wiki/System_justification