this post was submitted on 11 May 2025
113 points (84.7% liked)

Privacy

37745 readers
922 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
113
Why does Signal want a phone number to register if it's supposedly privacy first? (programming.dev)
submitted 19 hours ago by 0101100101@programming.dev to c/privacy@lemmy.ml
185 comments fedilink hide all child comments
 

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

top 50 comments
sorted by: hot top controversial new old
[–] irotsoma@lemmy.blahaj.zone 8 points 1 hour ago (1 children)

Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It's not designed to be an anonymous service, just a private one.

[–] Adderbox76@lemmy.ca 2 points 27 minutes ago

It’s not designed to be an anonymous service, just a private one.

I think this needs to be said a lot more often and a lot louder. Anonymous and private are NOT necessarily the same thing, nor should the expectation be that they are. Both have a purpose.

[–] kepix@lemmy.world 2 points 1 hour ago (1 children)

in the end of the day, the end user needs an id. this is perfect for the everyday user, but obviously if you are writing anti regime articles, you might want to look around for more anonim apps.

[–] 0101100101@programming.dev 0 points 47 minutes ago

perfect for the everyday user

...because of course, they don't need privacy, do they now. "Nothing to hide" and all that jazz.

[–] pwalker@discuss.tchncs.de 10 points 2 hours ago* (last edited 2 hours ago) (2 children)

The amount of trolls in this thread that either try to spew false information intentionally or just have no idea what they are talking about is insane.

If you are worried about what data (including your phone number) law enforcement can recieve (if they have your specific user ID, which is not equal to your phone number) from the Signal company check this: https://propertyofthepeople.org/document-detail/?doc-id=21114562 Tldr: It's the date of registration and last time user was seen online. No other information, Signal just doesn't have any other and this is by design.

If you want to know more about how they accomplish that feat you can check out the sealed sender feature: https://nerdschalk.com/what-is-sealed-sender-in-signal-and-should-you-enable-it/

or the private contact discovery system: https://signal.org/blog/private-contact-discovery/

Also as Signal only requires a valid phone number for registration you might try some of these methods (not sure if they still work): https://theintercept.com/2024/07/16/signal-app-privacy-phone-number/

[–] autonomoususer@lemmy.world 2 points 1 hour ago* (last edited 1 hour ago)

This shows they do not need our phone numbers but they still demand it.

Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.

[–] cypherpunks@lemmy.ml -1 points 2 hours ago* (last edited 1 hour ago) (2 children)

False.

edit: it's funny how people downvoting comments about signal's sealed sender being a farce never even attempt to explain what its threat model is supposed to be. (meaning: what attacks, with which adversary capabilities specifically, is it designed to prevent?)

[–] autonomoususer@lemmy.world 1 points 1 hour ago* (last edited 59 minutes ago) (1 children)

Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

[–] cypherpunks@lemmy.ml 1 points 46 minutes ago* (last edited 44 minutes ago)

Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

I don't know what you mean by "bait" here, but...

Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.

(fuck whatsapp and discord too, of course.)

[–] pwalker@discuss.tchncs.de 2 points 1 hour ago* (last edited 1 hour ago) (1 children)

it's being answered in the github thread you linked. Sorry that this is not enough for you but it's enough for most people: "For people who are concerned about this sort of thing, you can enable sealed sender indicators in the settings"

[–] cypherpunks@lemmy.ml 1 points 1 hour ago* (last edited 1 hour ago)

it’s being answered in the github thread you linked

The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to "unsealed sender".

That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does "enable sealed sender indicators").

This can be separated into two different questions:

  1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
  2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

The strongest possibly-true statement i can imagine about sealed sender's utility is something like this:

For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

This is a vastly weaker claim than saying that "by design" Signal has no possibility of collecting any information at all besides the famous "date of registration and last time user was seen online" which Signal proponents often tout.

[–] JackbyDev@programming.dev 25 points 6 hours ago

Signal fills an incredibly important spot in a spectrum of privacy and usability where it's extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it's not the best, but it's a hell of a lot easier to convince friends and family to use Signal than something like Matrix.

[–] Avenging5@sh.itjust.works 16 points 9 hours ago* (last edited 9 hours ago) (2 children)

https://jami.net/

Offers the same privacy but is not centralised. it's peer to peer

load more comments (2 replies)
[–] rottingleaf@lemmy.world 28 points 11 hours ago (8 children)

  1. Yes, and in that time you would visit a website with your own IP address likely, likely over HTTP without SSL/TLS, likely with your vulnerable browser fingerprint. Point?

  2. Privacy, not anonymity. Two completely different things.

  3. Because the way Signal is built hosting it requires a lot of resources (storage especially), so they want spam prevention and fewer accounts per person.

[–] autonomoususer@lemmy.world 1 points 49 minutes ago* (last edited 13 minutes ago)

Our phone numbers are not private from them.

Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.

load more comments (7 replies)
load more comments
view more: next ›