this post was submitted on 11 May 2025
136 points (84.3% liked)

Privacy

37753 readers
779 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
136
Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)
submitted 1 day ago by 0101100101@programming.dev to c/privacy@lemmy.ml
233 comments fedilink hide all child comments
 

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments
[–] rottingleaf@lemmy.world 0 points 18 hours ago (3 children)

You should have visited Signal's github page first, I dunno. Before talking. Made up a lot of stuff.

They do have proprietary code for that crypto wallet they have there, well hidden, and for, eh, phone number registration, but other than that module it's all released, I think.

The server and the client applications are FOSS. You can host it for yourself, patching out the domain names and registration parts the way you like it more.

[–] rirus@feddit.org 1 points 5 hours ago

They also have Google Play Libraries included for Push Notifications and Maps.

[–] FreeWilliam@lemmy.ml 1 points 7 hours ago (1 children)

That’s not the full picture. That's exactly the problem I was highlighting. The issue isn't whether some of the code is "FOSS", it’s about whether all of it is. If even small parts remain proprietary (as you mentioned), then we can’t verify what those parts are doing. And those parts could theoretically significantly affect the data collection. Also, I didn't make up a lot of stuff. The Signal Foundation themselves have confirmed that certain UI and build components are not fully libre. As the GNU project puts it, if part of your system is closed, then you're trusting a black box, no matter how well-lit the rest of it is.

[–] rottingleaf@lemmy.world 1 points 6 hours ago (1 children)

Signal protocol guarantees that what's on the server we can discard in your suspicions, it doesn't matter, because you are not trusting it.

The client is fully open.

[–] rirus@feddit.org 1 points 5 hours ago (1 children)

You are trusting the server, or do you verify the fingerprint of EVERY contact of yours? The normal people don't, as Signals UI purpusfully doesn't encourages it.

[–] rottingleaf@lemmy.world 1 points 3 hours ago

Normal people don't anyway.

[–] phx@lemmy.ca 2 points 17 hours ago (2 children)

I didn't actually know the server code was published. It'd be cool if the client allowed multiple servers so you could talk to people on the "normal" master while also thing a private instance

[–] autonomoususer@lemmy.world 1 points 7 hours ago* (last edited 7 hours ago)

This is why escaping WhatsApp and Discord, anti-libre software, is most important part.

[–] rottingleaf@lemmy.world 2 points 17 hours ago (1 children)

I think choosing a server, like in some ICQ clients, is not a complex modification.

[–] rirus@feddit.org 1 points 5 hours ago (1 children)

They had it implemented but discarded it out of stupid centralization ideology. Moxie said it on a Chaos communication Congress presentation he held but which he didn't wanted to be recorded, as the stuff he said was stupid and wrong.

[–] rottingleaf@lemmy.world 1 points 3 hours ago

Well, some of the stuff they wrote, not said, wasn't stupid and wrong.