Privacy

37745 readers

1153 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

156

Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)

submitted 1 day ago by 0101100101@programming.dev to c/privacy@lemmy.ml

243 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments

[–] Maverick604@lemmy.ca 3 points 1 day ago (2 children)

Session is an alternative that does not require, or request, your phone number (or any other identifying information). Honestly, I have no idea why Signal got popular and Sessions did not. As soon as Signal asked for my phone number that set off alarm bells for me and I’ve never really trusted it since.

[–] throwawayacc0430@sh.itjust.works 14 points 1 day ago* (last edited 1 day ago) (2 children)

According to privacyguides.org, Session is listed under this message:

These messengers do not have forward secrecy, and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of all past communications.

Link: https://www.privacyguides.org/en/real-time-communication/#additional-options

[–] MoonlightFox@lemmy.world 9 points 1 day ago

This is incredibly important. Signal is considered the "gold standard" of encrypted and private communication for a reason.

[–] Maverick604@lemmy.ca -1 points 20 hours ago (1 children)

Thanks for this link but your username also makes this pretty sus. 😜

[–] throwawayacc0430@sh.itjust.works 1 points 12 hours ago* (last edited 12 hours ago) (1 children)

This is a privacy community lol, I think you know why people use throwaways.

privacyguides.org have been a reputable source of information, also you aren't suppose to just click hyperlinks without hovering over it and verifying that it is a trustwothy link anyways.

[–] Maverick604@lemmy.ca 1 points 21 minutes ago

Ya. It was a joke.

[–] guy@piefed.social 2 points 1 day ago (2 children)

Isn't Session the one with insane username strings?

[–] Maverick604@lemmy.ca 1 points 20 hours ago (1 children)

Yes. That was how they avoided using identifying information from their users.

[–] guy@piefed.social 1 points 19 hours ago (1 children)

So the reason Session never took off is probably because exchanging contact information is a big hassle, effectively barring users looking for convenience?

[–] rirus@feddit.org 1 points 9 hours ago

No, it had and has other problems

[–] devfuuu@lemmy.world 2 points 1 day ago (1 children)

Session is the one with broken security.

[–] Maverick604@lemmy.ca 0 points 19 hours ago

I don’t know that their security is “broken”. It may be, I don’t know. But also without anything that connects you to any particular message, it seems that – in itself – is a pretty good form of security.

I just don’t get why people accept Signal’s justification for requiring a phone number. They absolutely don’t need to (session proves that). It is certainly possible for them to say, “If you register without a phone number and access to your phone book then you will lose automatic discoverability by other users of Signal — meaning that you need to find another (physical) way to exchange your Signal username with your contacts”. They CAN do this. I think many users, like myself, would be fine with this tradeoff for greater anonymity. For some reason, they have steadfastly refused. The reasoning behind this refusal is what bothers me.