• @AgreeableLandscape
      link
      17
      edit-2
      2 years ago

      How else are they going to track you?

      No, seriously. Even if the messages are encrypted, the metadata including your account info and the account info of everyone you talk to are not. In a lot of these cases, they don’t have to have the actual contents of the messages to have a pretty clear picture of what you might be talking about!

      With a phone number that’s almost certainly registered to your real identity, it makes it trivial to track what you as a person is doing even without breaking the encryption! An encrypted messenger that requires anything related to your real identity to get an account is security theatre.

      For example: if you suddenly start messaging back and fourth with an account, and that account happens to have the same phone number as the one on the business card and website of an out of state abortion clinic worker, and your own phone number’s area code just so happens to fall in a state that banned abortions after Roe v Wade got trashed, it juuuust might imply a few things about you. They can’t definitively prove what the messages were, but if your state criminalizes any and all attempts to get an abortion anywhere, it’s probably enough to get a warrant against you.

      • ᗪᗩᗰᑎ
        link
        62 years ago

        What viable user-friendly (i.e. no account creation required) options are there? I just want my messages between friends and family to not be mined by greedy corporations.

        • @blkpws
          link
          7
          edit-2
          5 months ago

          deleted by creator

        • @poVoq
          link
          3
          edit-2
          1 year ago

          deleted by creator

          • @nachtigall@feddit.de
            link
            fedilink
            32 years ago

            The problem is not the account, but the mandatory phone number verification

            Yes, it is. At least from the perspective of normal users.

            The reason for WhatsApp (or Telegram or iMessage) becoming as big as it is was the convenience (later the network effect, of course, too) of just entering your phone number and then it just works™. No server selection, no password to remember, totally hassle free—that is the argument I get to hear very often.

            And honestly, I have no idea, how we could provide a similar conveniance that is fool proof and secure and private.

        • CritiGalDesist∞
          link
          fedilink
          12 years ago

          Session is a pretty good one in my opinion. Also matrix has some privacy related concerns with the amount of meta data being shared on every home server.

      • noodlejetski
        link
        4
        edit-2
        2 years ago

        luckily, from the warrants they’ve received in the past we know that they don’t store metadata, and the only information about the requested numbers that they’ve been able to provide to the court were the date of registering an account and the last time they were online, both in Unix epoch format: https://signal.org/bigbrother/

        • ☆ Yσɠƚԋσʂ ☆
          link
          82 years ago

          You have to keep the bigger context in mind here. Even if Signal only tracks your phone number, it can be easily correlated with other data that’s associated with you that’s aggregated from your online footprint.

        • @poVoq
          link
          5
          edit-2
          1 year ago

          deleted by creator

      • @ree
        link
        12 years ago

        What you wrote is simply wrong.

        Signal encrypt metadata to the best of their capacity. On the contrary matrix, xmpp, telegram, WhatsApp don’t (unless sth changed since last year)

        For example on my matrix server I could read the IP, username and time of each message.

        https://signal.org/blog/sealed-sender/

        • DessalinesOPA
          link
          -12 years ago

          This is what they tell you. Since signal isn’t self-hostable or federated, you can’t verify that.

          • @ree
            link
            22 years ago

            As far as i understand this is a client side implementation. So it’s verifiable.

    • @Akimoto
      link
      32 years ago

      They probably do it to prevents spam/abuse. It is supposed to be a better WhatsApp after all, not a completely federated software. So it gotta be somewhat user friendly.

      • @Democracy
        link
        7
        edit-2
        2 years ago

        What? It’s easier for spammers/scammers to enumerate phone numbers (because they follow a specific pattern) than usernames or random IDs.

        • @AgreeableLandscape
          link
          92 years ago

          Probably referring to that it’s harder for scammers to create scam accounts because they need to verify the phone number is actually theirs before the account can send messages. IMO, still not worth requiring a phone number for the 90% of legitimate users.

          • @thervingi
            link
            42 years ago

            There are websites online that offer 10 minute phone numbers.

            • @AgreeableLandscape
              link
              32 years ago

              Not sure if Signal does this, but most websites will automatically look up the phone number registration, see that it’s from one of those companies, and reject it.

      • @poVoq
        link
        3
        edit-2
        1 year ago

        deleted by creator

  • @snek_boi
    link
    172 years ago

    I tried finding the GitHub issue that asks for Signal to stop relying on phone numbers. I can’t find it. Do you [whoever is reading this] know where the issue is at?

  • WiνΛlem OrtΛνíz
    link
    fedilink
    10
    edit-2
    2 years ago

    Someone was talking about Session in another post, the open source app that uses signal code, but without the need to register a phone number.

    Can someone recommend it ? Has it been audited ? Because when it comes to cryptography, even if it’s supposedly the same code as Signal, it still needs to be independently audited to be trusted.

  • Dhadelis
    link
    22 years ago

    Who thought that requiring phone number and relying on third party services would reduce users privacy /s

  • Amicese
    link
    -1
    edit-2
    1 year ago

    deleted by creator

  • Amicese
    link
    -1
    edit-2
    1 year ago

    deleted by creator

  • @thervingi
    link
    -122 years ago

    You can care about privacy, or you can ask a phone number during sign up. Those things are mutually exclusive.

    Don’t use Signal you care about privacy.

    • @OsrsNeedsF2P
      link
      49
      edit-2
      2 years ago

      Don’t let perfection be the enemy of good. All my friends and family use Signal, it was a multi-year effort to pull that off. Signal will roll out usernames faster than the tide will turn, so let’s take our wins and learn to be better.

      • @ree
        link
        25
        edit-2
        2 years ago

        Yhea.

        I can almost exclusively chat with my social circle with signal now, been using it since 8-9 years.

        I’ve tried xmpp, matrix and some other. Signal is the only one that stuck, it’s not perfect but it’s fucking fine from my perspective.

          • @ree
            link
            22 years ago

            Element had a lot of issue last time i’ve tested it: push notification issue, convulated ui, e2e encryption disabled by default, slow server.

            I had my own server for a while for my SO and I and we often missed each other messages plus the client was draining my phone battery.

            I love the briding capacity of matrix, I woulf like to spend an evening setting that up in order to aggregate all those messaging apps but I’m afraid it’s not worth it.

              • @ree
                link
                22 years ago

                Yhea they’re improving quite a lot, it’s great to read. Do they encrypt metadata now?

            • @ree
              link
              42 years ago

              And yes signal is far from perfect and moxie view on some key point such as centralization are not mine. Still it’s solid software .

      • @thervingi
        link
        -32 years ago

        This is my argument for Telegram. It’s clients are open source and has good Linux support. And unlike Signal it’s actually nice to use. (non-tech people usually dislike using Signal, but the feedback from Telegram is very positive)

          • @thervingi
            link
            02 years ago

            That’s why I prefer Matrix. But it’s hard to convince people to use Matrix so Telegram it is.