Privacy

37780 readers

287 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

189

Why does Signal want a phone number to register if it's supposedly privacy first? (self.privacy)

submitted 2 days ago by 0101100101 to c/[email protected]

270 comments fedilink hide all child comments

I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message "hi " could be displayed was baulked at.

Why does signal want a phone number to register? Is there a better alternative?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 6 points 1 day ago (1 children)

If you are even remotely involved in any activist type of things, you certainly don't want this US government honeypot have your phone-number and device id.

[–] [email protected] 1 points 1 hour ago* (last edited 58 minutes ago) (1 children)

At least in theory, this is mitigated. The signal activation server sees your phone number, yes. If you use Signal, the threat model doesn't protect you from someone with privileged network or server access learning that you use Signal (just like someone with privileged network access can learn you use tor, or a vpn, etc).

But the signal servers do not get to see the content of your group messages, nor the metadata about your groups and contacts. Sealed sender keeps that private: https://signal.org/blog/sealed-sender/

You would obviously want to join those groups with a user Id rather than your phone number, or a malicious member could out you. It's not the best truly anonymous chat platform, but protection from your specific threat model is thought through.

edit: be sure to go to Settings > Privacy > Phone Number. By default anyone who already has your phone number can see you use signal (used for contact discovery, this makes sense to me for all typical uses of Signal), and in a separate setting, contacts and groups can see your phone number. You will absolutely want to un-check that one if you follow my suggestion above.

[–] [email protected] 1 points 52 minutes ago

There are some mitigations in place, yes, but Sealed Sender on a centralized platform is snake-oil as someone with server access can easily do a timing attack and discover who communicated with whom.