I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
as I see it, Signal tried to fit that privacy gap for a standard centralised messenger, if you think about it, that might have made it easier to non-tech-savvy people to adopt it (even if it was as a request from a contact), decentralisation is not remotely appealing to them
Wrong, they care what it does, not how it works.
It’s focused on ensuring there is no middleman between you and the other party, but it does not have a goal to provide anonymous messaging. Sadly.
THATS WRONG! Signal Server can just do a man in the middle as you try connecting to your contact for the first time. You need to verify the fingerprint manually which is not very obvious and present in the UI. In SimpleX.chat you automatically verify the fingerprint, as its the way to establish the chat to your contact and is included in the way you distribute the contact to you.
no middleman
Signal is not P2P
Of course. Sorry, but I meant no middleman as in minifying the role of the server in your messahing. Signal’s goal is to ensure the server cannot have access to your messages and its only role is to receive and send data.
No but it’s e2ee.
deleted by creator
End-to-end encryption have been designed so that a “middleman” such as Signal can’t read your conversation. Signal goes even further by encrypting metadata protecting other information such as who you’re talking too and at what time (some technical and targeted attack could however determined these).
In asymetrical cryptography we tend to assume that what we call middleman is a third-party placed between the two peers during the public key exchanges (such as handshake). Signal is indeed a middleman on the infrastructure level but the software has been designed to protect you from middlemen having access to the raw, unencrypted data.
That say if you don’t verify your peer’s public key it’s not impossible that someone has done a man-in-the-middle attack and that you’re sending message to him and he’s rerouting them to your peer, etc… However this is unrealistic for the average person.
So even if it’s not a p2p infrastructure but some centralized servers we can assume that there is no middleman thanks to e2ee.
You can’t just write three paragraphs (that contain half-truth, half-misinformation) about how Signal is the middleman and then conclude “you can assume there’s no middleman”. You can’t assume that. Signal is the middleman. There’s no arguments to be made against this. Signal doesn’t claim they aren’t the middleman either.
Do you know that using most P2P messenger you still rely on multiple ISP and big tech owned communication wire in order for your message to get delivered, even if there is no central server ?
What’s your point?
I am referring at man-in-the-middle attacks
Signal IS the middleman.
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
Do not let this derail us.
Nothing is derailing you personally. Why are you repeating this to others?
To avoid any misunderstanding discouraging others from using Signal over apps like WhatsApp, while commenting on areas where it could improve. Privacy has never been single player.
Everything is a balancing act. Privacy, anonymity, and security aren’t the same things. They’re sometimes, and in some aspects always, difficult to achieve without compromising one of the other two.
When you add in the goal of quick, easy setup to make the service useful in the first place. Doesn’t matter how good the service is at the trinity if nobody is willing to use it. Signal just errs on security first, privacy second, anonymity third.
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
They are referring to message metadata.
Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.
For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.
They store metadata, which is distinct from encrypted data.
Are you saying sealed sender is a lie?
https://signal.org/blog/sealed-sender/
When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.
They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.
Did… Did you just read the problem they were trying to solve, and just, skip the solution?
No.
We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.
They haven’t hidden it yet. It’s a goal.
The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.
You can see this for yourself at signal.org/bigbrother
I am really frustrated when this is brought up, since it only shows what they have been collecting so far, not what they’re capable of collecting. The government agencies can force them to do whatever modifications to the server AND to keep completely silent about it. I am still trying to understand whether Sealed Sender would protect from a server collecting and recording ALL the data it possibly can.
thousands of threads on this topic since decades ago.
it’s an eternal debate (since signal has no plans to change)
just read the history and join the rest of us waiting for them to change. using signal before that change is completely optional. go ahead and don’t use it. no problem.
opening the discussion again is just tiring.
read the history
Is there a url for the history? Or for a good answer about the phone numbers? If the topic keeps recurring and the answers don’t satisfy people, that suggests that there is no good answer, and that there are possibly misaligned interests between Signal and its users.
don’t be like one of the now!now!now! types (i.e. OP) and treat every new discovery (personal first encounters with existing tech, situations) as the final nail in the coffin. there are other messengers available while waiting for signal to change.
just saying, acknowledge that many others have arrived at the same problem years before you and they are not your enemy. so yelling at the choir is counter productive.
opening the discussion again is just tiring.
so tiring that i opened it and read it, then typed a long response.
Fuck haterz, these are valid questions and there no answers.
Signal did its job. I am waiting for simplex to mature.
Signal fills an incredibly important spot in a spectrum of privacy and usability where it’s extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it’s not the best, but it’s a hell of a lot easier to convince friends and family to use Signal than something like Matrix.
They implemented an alt method IIRC but you must go out of your way to search and find it. I just recall seeing a bunch of post headlines about using email or something like that a year or so back.
They send an initial SMS message that is a main expense and funded by some rich person and donations. I think that has some significance to encryption or something but I’m not sure of the details. I could be wrong on that one, it has been years since I read the details.
Your wrong, except the rich person part. That rich guy is the WhatsApp founder, who got the money by selling their users to Facebook.
Is there a quick explanation of what signal actually does? I don’t understand the need for a phone number either. Jami doesn’t ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I’m luddite enough to still be using it) doesn’t ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven’t looked into and tbh I don’t understand why they exist.
Signal is a messenger service. You can expire messages after a certain amount of time.
They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.
I get that Signal is a messaging system (not sure if “messenger service” has a specific meaning). What I don’t understand is why I’d want to use it instead of any of the million others that are out there. I’ve never used Signal and don’t have the slightest clue about how it operates, but apparently it tries to mess with the contact list on your phone? That sounds bad. I use Nextcloud Chat sometimes and its web design is ugly, but it works ok and you can self-host it fairly easily. It doesn’t do anything with your phone contacts. Jami is distributed but (maybe unrelated) I often have trouble getting it to work at all.
It doesn’t “mess with your contacts”. You can choose to give contacts access if you wish to have secure contact discovery. Contacts are not uploaded.
It’s robustly encrypted and quantum secure, without metadata leaks like the sender of a message.
It’s recommended by Edward Snowden.
If you want to message someone, have the ability to verify there is no man in the middle attack, have perfect forward secrecy, very strong crypto, use open source software and still have all the conveniences of a modern message app, use signal.
Do you mean the client side is open source? What about the server? If you’re required to use Signal’s server, how do you know it’s not disclosing metadata? If you can self-host it, why the phone number?
The idea is you don’t need to trust the server
Messages sent don’t contain a readable sender field
Mobile numbers may not be necessary long term, architecture depends on accounts being created Witt phone numbers. Usernames were very recently introduced. Soon we may see requirement for phone number dropped, unless related to spam control
The wikipedia article looks informative and I will read through it: https://en.wikipedia.org/wiki/Signal_(software)
Is spam a serious problem on other messaging systems?
I have received maybe 3 spam messages in many years of use
Spam is a huge problem on other messaging apps I have tried
You trust the server if you don’t verify fingerprints. Signal makes that too difficult.
Sealed sender is a theater that you can enable but still have to trust Intel, aws and the signal server.
CONTACTS ARE UPLOADED
Robust encryption isn’t useful if you don’t verify the fingerprint and signal makes that not intuitively.
SIGNAL CLIENT HAS UNFREE SOFTWARE INCLUDED
Contacts are never uploaded
Hashes of some numbers are if you enable contact discovery
Verifying keys is easy, what are you talking about?
It’s not suspicious. It’s been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it’s simpler.
The code is open, if you don’t trust other people and can’t read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it’s suspicious is not productive to anyone.
-
I don’t understand what you mean about discoverability: is my presence on the network advertised to strangers and spammers? That doesn’t sound good. What does the onboarding process look like?
-
You still haven’t said what Signal’s advantages are supposed to be over alternatives, though I can guess some (e.g. better/more crypto than irc has). Jami seems conceptually ok, but buggy in implementation. Nextcloud Talk works but is kind of clunky. Matrix is popular though I’ve never used it: is it the main alternative to Signal these days? I thought it was what all the hipsters had migrated to while luddites like me were still on irc. Jitsi Meet looks nice though again I haven’t explored it much. I’ve been puzzled for a long time that there is so much work in this area yet everything has deficiencies. Are there difficult problems to solve?
-
If Signal’s code is open then of course I’d want to self-host the server. Can I do that? Does that get in the way of the onboarding process you mention? Where does the phone number come in, in that case? If I to use Signal’s server, that doesn’t sound so open, and normally there’s no way for me to verify that it’s running the same code that they claim.
I don’t see where I’m spreading FUD. Ignoring a question and calling it FUD doesn’t invalidate the question.
You can’t easily selfhost Signal. They engineered it purposefully to only run on Big Tech Clouds with specific Intel CPUs they put (too much) trust in.
Very interesting, thanks. Do you mean they use SGX (Intel’s buggy secure enclave feature)? Any idea what they use it for? If not SGX, do you know what the issue is? AMD Epyc processors have something similar but different, fwiw. If there is such highly secret info on the server though, that makes self-hosting even more important. It also makes the architecture suspect.
Yes SGX, they use it for sealed Sender, contact discovery and mobilecoin.
- You can easily migrate everyone from WhatsApp to Signal and they don’t have to exchange usernames as most people have the phonenumbers in their contacts. (This has massive drawbacks addressed somewhere else, one lesser known fact is that they would have to verify fingerprints anyway to be sure they are speaking to the right person an not a proxy. Instead of that they could also exchange username+fingerprint initially, like Simplex does it.)
- Yes, kinda, if they have you in their contact books, they get a notification you joined.
Thanks. The more I think about it, the more this seems like outright evil behaviour on Signal’s part to pursue user growth, similar to Facebook etc. Imagine that you and your boss are in each other’s contacts for obvious work-related reasons. Do you really want Signal notifying your boss that you registered for Signal? For some of us it’s fine, but in general it seems like a terrible idea.
-
in the end of the day, the end user needs an id. this is perfect for the everyday user, but obviously if you are writing anti regime articles, you might want to look around for more anonim apps.
We have to assume we are all writing anti regime articles … In the future
perfect for the everyday user
…because of course, they don’t need privacy, do they now. “Nothing to hide” and all that jazz.
Signal is not perfect but we control its app, libre software. See SimpleX Chat.
Escaping WhatsApp and Discord, anti-libre software, is more important.
Why we need to defeat those first? We can go straight to SimpleX?
You can go to Simplex (for sure a lot of people here already done it) but if only privacy nerds get to this place this is not a great solution. We (I’m talking about us using Lemmy and chatting on SimpleX) must convince people, starting by friends and family to stop using these fucking socials then at this point SimpleX will be considered as a viable alternative
Removed
What SimpleX, Signal, or any app like this need first and foremost is traction, as new users generate more new users. One of Signal’s goals is usability (usually achieved by being simple, as in no complexity for the end user). In my opinion SimpleX lacks that. This is the same reason Signal needs a phone number: populating your contact list with users already on the platform
reason Signal needs a phone number: populating your contact list
Wrong, it is not optional.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Because the entire point of using communication programs is to communicate with people other than yourself.
Escaping WhatsApp and Discord, anti-libre software, is more important.
Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It’s not designed to be an anonymous service, just a private one.
It’s not designed to be an anonymous service, just a private one.
I think this needs to be said a lot more often and a lot louder. Anonymous and private are NOT necessarily the same thing, nor should the expectation be that they are. Both have a purpose.
Is it possible to use a voip based SMS for registration?
Those are a little easier to get anonymously then physical sim cards.
Too many steps.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Privacy ≠ anonymity
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
It’s libre software. Go host the server and change the clients to connect to your custom server and distribute the the users you need.
How? i wanted to do that but the client doesn’t let you use another server? Host file ?
edit: nvm i re-read what you wrote
i agree it does mostly fulfill the criteria for libre software. perhaps not in every way to the same spirit as other projects, but that is indeed a separate discussion.
h̶o̶w̶ ̶m̶a̶n̶y̶ ̶c̶o̶m̶m̶u̶n̶i̶t̶i̶e̶s̶ ̶a̶r̶e̶ ̶d̶o̶i̶n̶g̶ ̶t̶h̶a̶t̶ ̶r̶i̶g̶h̶t̶ ̶n̶o̶w̶?̶ ̶i̶ ̶s̶u̶s̶p̶e̶c̶t̶ ̶y̶o̶u̶ ̶m̶a̶y̶ ̶b̶e̶ ̶d̶r̶a̶s̶t̶i̶c̶a̶l̶l̶y̶ ̶u̶n̶d̶e̶r̶s̶t̶a̶t̶i̶n̶g̶ ̶t̶h̶e̶ ̶b̶a̶r̶r̶i̶e̶r̶s̶ ̶f̶o̶r̶ ̶t̶h̶a̶t̶.̶ ̶b̶u̶t̶ ̶w̶o̶u̶l̶d̶ ̶b̶e̶ ̶d̶e̶l̶i̶g̶h̶t̶e̶d̶ ̶t̶o̶ ̶b̶e̶ ̶p̶r̶o̶v̶e̶n̶ ̶w̶r̶o̶n̶g̶.̶.̶.̶
The barrier is that only you and your friends would be using that Fignal or Xignal or whatever home installation, and for that practically, for ease of use, it’s simpler to host Matrix which even a complete idiot can do.
You could change it to use multiple servers but changing app is faster.
So, escaping WhatsApp and Discord, anti-libre software, is the most important part.
deleted by creator
Agreed, escaping WhatsApp and Discord is the most important part.
Are you saying I have to literally rebuild and distribute my own client APK if I want to use my own server? There’s no “settings” in the existing client where you say what server you want to use, like every email client has? That sounds obnoxious.
If you don’t trust Signal to run an unmodified server without malicious modifications, then why would you trust their build of the APK?
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Personally I have no problem using Signal’s servers
To truly be safe from Signal’s influence you would need to audit the source code and build it yourself.
Usually I only install APK’s from F-Droid, which always builds its apps from source, rather than using the developer’s APK. I’m uncomfortable that Signal doesn’t seem to be on F-droid, and I’m in fact hesitant to install it from anywhere else. I’m not currently set up to build Android apps myself. I’m a fairly unsophisticated Android user.
Signal on Android has had reproducible builds for years now.
Sources: Github Readme, Official blog post
Thanks. I’m not a sophisticated Android user and so far have just stayed with installing stuff from F-droid. If the official build matches the F-droid build, that’s great. At some point I want to spend some time bringing up Android build tools, but I have too much other stuff going on right now.
I just checked and I installed Signal from F-Droid.
It says Repository: Guardian Project on the app page.
Interesting, I wonder why it’s not in the main F-droid repo. Thanks.
You can use Obtainium and get it straight from Github.
I think it’s important to remember de difference between being private and being anonymous. Signal IS private. It’s not anonymous. The same is true for many other apps/services.
Personally I like to be private. I don’t really need to be anonymous.
