I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

  • mikael@lemmy.ml
    link
    fedilink
    arrow-up
    132
    arrow-down
    7
    ·
    6 months ago

    Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.

    • Autonomous User@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      60
      ·
      edit-2
      6 months ago

      Our phone numbers are not private from them.

      Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.

      • onlinepersona@programming.dev
        link
        fedilink
        arrow-up
        29
        arrow-down
        2
        ·
        6 months ago

        Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.

        Anti Commercial-AI license

        • 0101100101@programming.devOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          20
          ·
          6 months ago

          The messages are private and that’s what’s most important.

          No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.

            • frazorth@feddit.uk
              link
              fedilink
              arrow-up
              4
              arrow-down
              1
              ·
              6 months ago

              They are referring to message metadata.

              Even if they don’t show the content of messages, if they can show that phone number A is sending messages and getting replies to number B then that’s all the government needs.

              https://signal.org/legal/

              For the purpose of operating our Services, you agree to our data practices as described in our Privacy Policy, as well as the transfer of your encrypted information and metadata to the United States and other countries where we have or use facilities, service providers or partners.

              They store metadata, which is distinct from encrypted data.

              Are you saying sealed sender is a lie?

              https://signal.org/blog/sealed-sender/

              When you send a traditional piece of physical mail, the outside of the package typically includes the address of both the sender and the recipient. The same basic components are present in a Signal message. The service can’t “see into” the encrypted package contents, but it uses the information written on the outside of the package to facilitate asynchronous message delivery between users.

              They have a list of encrypted messages, who it’s from and who it’s to, based upon the sealed sender description. If you are using phone numbers then you are not anonymous, and a TLA agency can search known bad numbers even if Signal does not try to build that graph.

              • Star@sopuli.xyz
                link
                fedilink
                arrow-up
                4
                arrow-down
                2
                ·
                6 months ago

                The ONLY data Signal stores about you is your phone number, most recent registration time/date and most recent login time/date. They don’t know who you’re messaging or when you’re messaging them AFAIK.

                You can see this for yourself at signal.org/bigbrother

                • EngineerGaming@feddit.nl
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  5 months ago

                  I am really frustrated when this is brought up, since it only shows what they have been collecting so far, not what they’re capable of collecting. The government agencies can force them to do whatever modifications to the server AND to keep completely silent about it. I am still trying to understand whether Sealed Sender would protect from a server collecting and recording ALL the data it possibly can.

                  • frazorth@feddit.uk
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    5 months ago

                    Also if anyone else wrote it, there would be so much savaging of weasel words.

                    They brag that they don’t retain this data, so when governments request historical data they don’t have it.

                    They don’t say that they don’t provide it for anyone else to retain, so if they are given the to and from to process the message, and provide this to the CIA to retain then all of this security would be useless but would also fulfill all of the claims here.

                • frazorth@feddit.uk
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  5 months ago

                  No.

                  We have been exploring techniques to further reduce the amount of information that is accessible to the service, and the latest beta release includes changes designed to move Signal incrementally closer to the goal of hiding another piece of metadata: who is messaging whom.

                  They haven’t hidden it yet. It’s a goal.

                  • fmstrat@lemmy.nowsci.com
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    edit-2
                    5 months ago

                    What?

                    1. That blog entry is almost 7 years old. Sealed Sender came a long time ago.

                    2. The literal quote you provide has a link on “exploring techniques” that you didn’t click. It takes you to another blog post for the launch of Private Contact Discovery, which takes you to a repo of the service, but because your cutting and pasting such old stuff even that’s been replaced by a V2.

                    Please take a step back and read the technical docs, or at least more recent info.

                    As ratcheting and chaining are used, messages are sent with rotating keys on ebery message as the sender/recipient identifiers for the messages, not the phone number. It would be way easier to tap Google for Firebase notifications to get to what you are talking about.

                    And the capability argument is moot if it’s been proven in court to not be done today. You could say that about any service that uses push notifications that go through cloud providers.

                    Tagging @onlinepersona@programming.dev