This is fantastic! I also love that there is the QR code generator. It'll make connecting easier.
I hope moving forward we can have multiple usernames and profiles. This would greatly increase privacy since we may have different identities in different social groups. Even on HN a lot of us have multiple personas. I find one of the big challenges is actually handling these different identities as most software only assumes you have one. Though it seems to be common on social media like twitter or instagram. But bitwarden still doesn't know how to differentiate microsoft logins lol
Edit: I'd love in the future to also see things like self destructing or one time links. I don't think these should be hard to implement, especially if one can have multiple usernames. Certainly a limit like 3 would be fine with the numbers, right? Personally I wouldn't be upset if multiple names became a premium feature but I'd strongly prefer if it wasn't. I get that signal still needs money (https://news.ycombinator.com/item?id=39446053)
> But bitwarden still doesn't know how to differentiate microsoft logins
To be fair to Bitwarden even Microsoft doesn't know how to differentiate between multiple Microsoft logins. As of at least a year ago, you can technically have different logins with the same username/email identifier, and different login prompts will behave differently.
Also nice to mention that some of those are connected and some are not. For example I have a personal account (that I did not create but appeared magically at some point; it behaves as totally separate), a work account (main work tenant) and three guest work tenants that share the password, but don't share the 2fa. For some apps you chose the tenant, but not for all.
Oh yeah it was more a joke than anything. Microsoft is just creating such a shitty environment. I can be logging in from my company portal where they know the identifier yet I still have to add @company.com. I mean I got one for my job, for my university, for conferences (CMT), and I swear I'm forgetting 30 others that I only use once in a blue moon.
They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.
I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.
indeed, with an incoming Teams meeting invite, it should be determinable from the sender's context which account should work on the meeting. Instead there is 2 minutes of waiting, and what seems like pot luck with the account.
Telegram has had all of these features for a while… too bad it isn't as secure as signal or it'd be perfect, since it's also written in a real GUI toolkit and present in distribution repositories.
I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.
I wonder where signal is about keeping the servers up, since they hate federation so much.
Telegram and Signal solves very different types of privacy issues.
Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).
But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.
Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.
Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.
Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).
Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.
Don’t worry, telegram is now gatekeeping certain privacy settings behind the premium subscription like it’s 2003.
They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.
There was no confirmation prompt. Pretty sure this happened to me more than once.
Telegram isn't a messaging service. It's a social network with a messenger UI. Quite ingenious, if you'd ask me, but a social network and a private messenger can't really be reconciled into a single product.
I don't want to be too dismissive of Matrix, but I also see these types of comments as understanding what problem Signal is actually addressing: security for the masses. There's no way I'm getting my grandma on Matrix and you're delusional if you think she can setup a server. But it isn't hard to get my grandma on Signal and that's a much better security feature than federation or even not having phone numbers. If I want extreme security, you're right that there are better tools. But my threat model isn't trying to avoid nation state actors, it's mostly about avoiding mass surveillance, surveillance capitalism, and probably most importantly: sending a message to the gov to fuck off with all this spying. At the end of the day, there's no other app that's even close to fulfilling those needs.
I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.
And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?
> Note that even once these features reach everyone, both you and the people you are chatting with on Signal will need to be using the most updated version of the app to take advantage of them.
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
Which is also an example of a challenge for open ecosystems where everyone can create apps.
I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.
The apps and most of the backend are open source too, not just the protocol.
The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).
> My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
You are right about that.
There used to be an open source build called LibreSignal
Moxie Marlinspike made clear [1]: You may inspect the code. You are even allowed to compile it. You are not allowed to connect your self compiled client to our message servers. We are not interested in a federated protocol. Make sure your fork creates its own bubble that does not overlap with Open Wisper Systems. Stop using the name Signal.
It's not [attempting to be an open ecosystem]. Their ToS used to forbid using third party clients. I don't think this has changed. They haven't banned anyone for using third party clients (to the best of my knowledge), but they're openly against an open ecosystem.
It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.
I wish it were more obvious that Signal expires its apps every 90 days.
My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.
When I visited, I opened the signal app and was told I had to update.
I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.
It's patently unforgivable that a message would not be delivered because the client is out of date.
The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.
In the US, cellular is often expensive and slow.
In underdeveloped countries where software like Signal could be really important, all this is even more true.
We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?
This is a common, but terrible argument. Anyone can (mis)use, make, or weaponise technology given enough time and funding. Following this reasoning to its logical extreme, nobody should ever do anything.
The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.
I like the idea, but they should have called it something else instead of ‚usename‘. Maybe ‚connection string‘ or ‚discovery phrase‘. Right now they have to explain at length in what ways it’s different from regular usernames.
European quotation marks commonly have the left one down low and the right one up high. The same applies for single quotes. But using comma-backtick is deeply unorthodox.
To give a definite answer to the discussion below - it seems Czech, Slovak, German, Slovenian and Croatian sometimes use this format. Here an authoritative source: the EU publications office:
HellDivers 2 LFG rn is all about sharing Friendcodes... you can get a ton of them on discord or reddit... but then you end up haveing a "friendcode" cybermentally-distributed DNS system for them over time.
Six degrees will still exist.
(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?
---
OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...
So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2...
but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...
still - even with random friend codes - six degrees is still available, easily.??
---
I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....
But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...
But I'd really like to know more about the arch and overall traffic flows etc of this game.
Its beautiful see "problems" like this explode in like ~2 weeks.
What do internet traffic graphs look like since growth, per carrier?
My reaction to the article was that they're using a lot of words to explain this change. That suggested to me that maybe they aren't being completely candid.
I've never used Signal, because (a) I don't want to rely on a smartphone, and (b) I don't want to use my phone-number as my ID, because it's traceable. I can't work out from the TFA verbiage whether this change addresses my concerns or not. That in itself is concerning, to me.
They also missed the opportunity, like many times they have done over the years, to actually make it something rather like 'Hide My Number' in true sense, after spending years sitting on this feature. That would have been the true case of "caring for privacy". This is just a lazy (too lazy!) copy from Telegram (however, with one good thing -- getting rid of username vanity)
Unfortunately, spam exists and phone verification is one of the least-bad-way to ensure that the user is a real person (there are other options, but it really is one that has many advantages).
Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.
This reasoning doesn't make sense to me. A spammer can make an account, but how would they contact me if they don't know my account handle?
Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.
I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.
They're resilient to spam, but often impossible to recover.
I had a spare SIM card that friends and family use when visiting from abroad. It's been unused for 90 days and has been deactivated. The number is lost, and irrecoverable. A friend had created a (second) Signal account with this number and can no longer log into new devices.
As a more mundane example: If I accidentally drop my phone into a river, the SIM is gone forever, and so is that line.
Sure, you can have a contract line which allows recovery. Depending on where you live, these can be several times more expensive than a regular pre-paid line.
Apart from Spam, phone number is also one of the few unique identifiers, which is valuable to, among other things, to ID you cross-channel and show you ads.
It is easy to create a new email, but not so easy to create and keep a new phone-number.
I've been a Signal beta tester on iOS for as long as I remember, knowing that they were going to introduce usernames, and I wanted to get my (relatively common) name as my username. Now they finally introduced it, but they require it to end in at least 2 digits "a choice intended to help keep usernames egalitarian and minimize spoofing".
Edit: this is not actually a serious problem for me, don't worry! Rather, I think it's funny. And honestly I kind of like having the numbers required, it's a good idea. It does remove a lot of the vanity from usernames.
It's a brilliant design choice. At first I was like "What?" and now the more I think about it, the more I realize it is an absolute genius move.
People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.
> more or less completely eliminates “vanity names” and the “value”
With notable exceptions, i’m sure, being username69 and username420 and a few others (a similar phenomenon happened in magic the gathering, when they introduced limited edition 500 print runs of cards with the serial number stamped on them, and the only ones you can really sell or command a good price for are 1, 69, 420 and 500)
I can't wait to talk to elonmusk420! I'm sure it'll be the real Elon. His online antics are such anyone with that username will instantly trigger Poe's Law. Getting rid of phone numbers as identifiers is a good idea but I think it would be better to just assign user IDs or generate hashes based on user inputs or something.
> generate hashes based on user inputs or something.
Because friend codes were so popular on Nintendo.
Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.
Usernames are only used for the initial connection, so "getting" a username doesn't really gain you anything other than the "username" you give to people who don't already have you as a contact: "a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal"
I'd settle for full sync of chats between my own devices. If I can sync between my laptop and my phone, that's sufficient, since I already back up my laptop.
I don't want backups for IM. I don't want my counter-parties to have backups for e2e encrypted IM. I don't want IM to last. Why record every conversation on your permanent record? It's nuts.
For me, having a searchable record of everything said defeats the whole purpose if IM and e2e encryption. I'm sure the NSA like it.
The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.
Sadly, from what I’ve seen in similar threads online, it seems the devs are opposed to backups in principle (they believe that chats should be ephemeral and backing up is antithetical to this).
I‘ll take it. Even offline backups would be an improvement.
For people worried about having not consented to other peoples backup. They could implement ephemeral-only chats, or backup-excluded chats where both parties have to agree to changes.
If I understand correctly it’ll still not be possible to create an account without entering a phone number?
For me this is a requirement to call a service a private service because in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Here in Thailand it's the same but phone numbers get recycled and expire very aggressively. I just got a new phone number and I can login to many platforms of some 20 year old guy who really likes pc gaming.
Phone numbers should have NEVER became an ID. Incredibly hypocritical of Signal to claim "privacy focus" when the lowest layer of the system is literally the least secure identification method we have.
I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.
both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.
there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.
in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Personally, I am totally baffled by this.
Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation on so many areas, except for this one, which ends up turning into a massive backdoor in the whole edifice. Okay, we can't ask for a copy of your identification card... we'll just use a telephone number or SIM code or something trivially tied back to your IMSI (like an app store account or IMEI) instead. Because of the absurd 2017 law, these are equivalent to your government ID card.
I really don't understand why Germans put up with this while simultaneously pushing so hard for positive changes in every other aspect of online privacy. Especially when so many other developed Western countries do not tie SIM cards to identities: Netherlands, Denmark, Finland, Iceland, Ireland, US, UK, Canada, and many many others.
It's like a giant `sudo gimme-your-identity` backdoor in all the other data collection protections. And nobody seems to care about closing the backdoor.
It wasn't always like this - the requirement to give your ID to get a SIM card, as you noted, was only introduced in 2017 (though it certainly feels way longer ago for me).
Anyways - why does nobody care?
Simple: most don't feel this being an issue.
Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(
On the flip side, SMS fraud is almost nonexistent from German mobile numbers, which is why scammers just send from other countries to German mobile phone owners. Mostly from France.
This is a fundamentally different problem for a fundamentally different audience.
If we take privacy issue, it can be divided into 3 segments:
* Privacy of user data. The basic level. When you use Google or Apple, they collect data. Even if you minimize all settings — data is still collected. This data is used to train models and models is used to sell ads, target you or do anything else you have no clue about (like reselling it to hundred of “partners”).
* Privacy against undesired identification. Next layer of privacy. When you want to have some personal life online without sharing much about you. Like Reddit, anonymous forums, or Telegram (to some degree).
* Privacy against governments. The ultimate boss of privacy. When you want to hide from all governments in the world your identity.
Signal was perfect at first layer strong but not perfect at 3rd layer (e2e encryption, no data collection to share nothing with governments who seek for data, good privacy settings, always tell you if your peer logged to new device to protect from cases when government operates with telecom companies and use sms password to make a new login), and almost non present at 2nd because they have no public features except group chats where you share your number.
Now they in one move close gaps at 2nd layer — you can hide phone number and stay fully anonymous, and strength their positions in 3rd layer, leaving the last piece open: government still will know that you have some Signal account.
As for me, this setup solves 99,999% cases for regular people in democratic and semi-democratic countries and address the most fundamental one: privacy of data and actions online.
Yes it is not perfect but barrier for government to spy on me is that high that I reasonably can believe that in most cases you should never be worried about being spied, especially if you live in some places which are named not as Iran or Russia.
The only scenario, in my perspective, you can want to have a login without phone (with all sacrifices to spam accounts, quality of peers and usual troll fiesta in such places) is when you want to do something you don’t want ever be found in your current country.
But in this case, IMO, Signal is the last worry you usually have on your mind and there are a lot of specialized services and protocols to address your need.
1,2 and in part 3 were already fixed with the Signal FOSS fork back then, but Moxie and his army of lawyers decided to send out multiple cease and desist letters against those projects. Which, in return, makes Signal not open source, no matter what the claims are. If they don't hold up their end of the license and argue with their proprietary (and closed to use) infrastructure then I'd argue they are no better than Telegram or WhatsApp. Signal's backup problem is another story which might blow up my comment too much.
Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.
But it has huge potential as both a messenger and a federated and decentralized platform.
Just use Wire (wire.com). True end to end encrypted multi device messenger, open source, federated and based on MLS. All you need is an email address, no phone number required. And based in Europe. They allow building your own clients (with some stipulations) and seem to solve everyone’s issues with signal here
I think it is a holdover from the Text Secure days. And like others say, it's a different problem.
But for solutions, can't you just buy a voip number? You just need it for registration and then can dump it. I'm sure you can buy one with cash or zcash if you're really paranoid.
While in the US I don't have to show my gov ID to get a phone number, I don't know anyone who buys a phone with cash except international students. So practically everyone is identifiable anyways. But I'm not sure this is a deal breaker since all I'm leaking is that I have registered a Signal account. AFAIK Signal only has logs of an account existing and last online with 24hr resolution (which avoids many collision deanonymization methods). Even paying with cash is hard as I'm probably caught on camera (but these usually get flushed).
So I'm legitimately curious, why is this a dealbreaker? It doesn't seem like a concern for the vast majority of people, and the problem Signal is solving is secure communication for the masses, not the most secure method possible with unbounded complexity. It's being as secure as possible while being similar in complexity to the average messenger.
> But for solutions, can't you just buy a voip number?
No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.
Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.
So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?
> I don't know anyone who buys a phone with cash except international students.
Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.
Why do you need a German phone number? Many countries let anyone have a phone number, with no proof of address or other identifying information. Just use one of those numbers instead. One example service is https://jmp.chat/ but there are many others.
This is not correct. Go to a phone booth, get Signal, never need the phone number again. Any phone will do. Get a phone number from a different country online and without identity check, who cares, you will never need it again.
Partially off-topic: I've always found this German requirement baffling. In the Netherlands you can just buy a SIM card at a supermarket and pay cash. No identity, nothing.
This is the case in most countries these days. There are very few places left where you can get a mobile phone number without identifying yourself at some point.
> ... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.
The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).
Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.
The claim (which generally I'm inclined to believe) is that requiring a phone number drastically increases the cost to sending spam. That in turn drastically reduces the spam amount.
What they need it for is simply that it's the way the system has always worked, because Signal started life as an encrypted replacement for SMS. The point was that you could switch from the standard SMS app you were already using over to Signal (which was called "TextSecure" at the time) without having to change your habits, because sending messages to people's phone numbers was simply what people did then. There's nothing nefarious about it.
I could certainly point out the differences, but the fact that you yourself aren’t acknowledging them indicates to me that you’re throwing intellectual integrity out the window because this product doesn’t work in the way that you want it to work. Engineering is about tradeoffs, and not every company serves to build something that does exactly what YOU want it to. I prefer Signal the way it is. I understand the tradeoffs.
They are not usernames, so why do they call them that? They are more like disposable per-conversation identifiers.
"Usernames in Signal do not function like usernames on social media platforms. Signal usernames are not logins or handles that you’ll be known by on the app – they’re simply a quick way to connect without sharing a phone number."
Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
This new "feature" does very little to make signal more secure or private.
It does, because instead of having to share your phone number to Signal + all your contacts, you can share it with Signal only. It is an improvement. It doesn't address the case where you are not willing to share your phone number to Signal, but it addresses the case where you tolerate it but would like to discuss with someone with whom you'd rather not share your number.
I hope it will allow creating groups without forcing members to have their phone numbers shared with everyone.
That was my first thought too. It's stupidly confusing to call something that acts nothing like a username a username. They clearly know that given the number of times they clarify how they work. Here's another:
> Note that a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal. A username is simply a way to initiate contact on Signal without sharing your phone number.
It's absolutely a username. It can be changed arbitrarily whenever you like, and you'll probably in the future be able to have more than one name for the same underlying account, but it's still a username.
Other services do this too. For instance, you can sign up for some services with an email, and that's what you use to sign in, and you might be able to find other people by email if they let you, but you don't necessarily get shown someone's email on their profile, just the display name in their profile. And (in a well-designed service) you can change your email address at any time.
Because a regular person, being given not a number for something, is going to call it a username.
Later explaining "you can have multiple usernames" is easier then trying to undo that conception. People are familiar with it. Your username is how you identify yourself on the computer in every context when it's not obviously your phone number.
> Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
Agreed. I don't own a phone of any kind, and would love to use Signal, but alas I can't because you need a telephone number, or a level 65 Necromancer to do the magic to sign up without it.
Is it? On Twitter and discord people see a different name than my username. Username tends to be more for connection and display name for identification. While I get the argument I don't see why this is a big deal.
Doesn't seem "disposable per-conversation" in my reading of the announcement. Seems like a permanent username that just doesn't get featured in the conversation.
>Your profile name remains whatever you set it to.
It's not really permanent - you can change it as much as you want. Once someone has established a connection with you via your username once, that connection will still exist even if you change your username.
If I'm reading this correctly, this also means that a person that already has my phone number in their contacts will necessarily be able to link my number to my username after they have scanned my QR code.
First, it is a mistake to call these usernames. Second, it's a big mistake because this is a cool feature.
It's interesting to compare this feature to Session, where you also have randomized identifiers, but they identify you globally, and there's no way to give someone a handle to you that isn't linkable to other conversations. It sounds like Signal now offers that, which is actually the first time I've been intrigued by Signal.
Agreed. It’s ridiculous that they’re even calling this feature usernames, since you still need a phone number, thus completely defeating the purpose of a “username”.
For most services to sign up, you also need an email address. This is also to help you recover your account in case you lost your password. A phone number can be used for this purpose too. Now you can share your Signal account with someone without sharing your phone number. Like you can share your Facebook username without sharing your email address.
Heh, I donate monthly to the Signal foundation but still get the occasional notification in the app to do so. In some sense, I am paying them anonymously :D
Whatsapp added this recently and it is very convenient. You can link a companion device in the same manner you sign into WhatsApp web.
A kind of hacky workaround (that I used to use for both signal, WhatsApp and others) is to set up a server with matrix bridges running and bridge your signal, WhatsApp etc. so then you can install the one matrix client on all your devices.
But as most apps do support multiple devices these days, bar signal, it doesn't feel like it's worth the effort. And I seem to remember the signal bridge in particular being a little buggy.
I'm sure it will become possible soon. The code is already there on iOS, as the app also work on iPad, but hidden behind the internal feature flag [0]. Same with Android [1]. If your second device in an Android, you can already use it now with [Molly](https://github.com/mollyim/mollyim-android).
Also, WhatsApp recently added this feature, so the expectations from potential new users who switched is now there.
Would signing into Signal on a work device not negate most of the security benefits of using Signal? Genuine question; I am only vaguely familiar with Signal.
The interesting thing is that it is possible to share the account on multiple devices, as long as only one of those is a phone. You can sign in to and chat from that account just fine on the desktop app, even if your phone is off.
(I guess theoretically you could run something like PostmarketOS on a phone to run the desktop app, but you know what I mean.)
That's useful but not quite sufficient for this use case, though. The different devices currently have no way to sync chat history, so you'd lose all your old chats.
What I'd love to have is the ability to connect my phone and my laptop to the same Signal account, have them automatically sync chat history between each other, and then in the future if I add a new phone (e.g. because I've upgraded) my phone can sync from my laptop and get all of my message history.
My current work-around is just to use a group chat and have both work and personal accounts part of the chat. Fortunately, I only need to be able to chat with a few people (family) while off with the work phone so this isn't that big of a hassle, but it's something I wish I didn't have to do.
Yeah, this is still my top requested feature. I have two phones, one is data only sim. I just want to be able to signal from both of them just like how I can on my mac and PC.
I like the concept of Signal usernames not being public either, and that they’re only a means to tell others how to find and contact them. I can’t wait for this to be rolled out.
It’s not clear to me if it’d be possible to prevent the “contact joined Signal” messages if someone else has the phone number in one’s contacts. That would be a huge thing.
For a little more historical context, with this change Signal has now solved the problems that became widespread during the protests in Hong Kong in 2019 — someone else (authorities) adding random phone numbers to their contacts list, opening a chat app (such as Signal or Telegram) and finding if that person uses that app. Telegram solved this swiftly by adding more privacy controls, [1] while Signal had other priorities.
There's new phone number privacy settings for "Who can see my number?" and "Who can find me by number?", both having "Everyone" and "Nobody" settings. I assume disabling both should stop it from messaging people, although not sure if you can set it quickly enough after registering.
> People who have your number saved in their phone’s contacts will still see your phone number since they already know it.
I know this is great and groundbreaking seemingly. And that it was and more was already there in Telegram, for years.
This is just unfortunate if it has been implemented like Telegram and it seems it has.
I should be able to dictate that “if I initiated communication” to “username” or “from my username” my phone number should not be linked to it even though the other person has my phone number in their address book saved, because that doesn’t mean they are a friend or even if they are I might not want to know that or chat outside the username.
I will try to access the beta (pretty sure it’d be full by now) and test how it goes but I hope it has not been implemented like Telegram after taking all these years.
Though I like that they have essentially nuked vanity username rush and grab in the bud. Kudos.
> This is just unfortunate if it has been implemented like Telegram and it seems it has.
Yes, agreed. This doesn't stop an adversary who knows your phone number and identity (such as a surveillance state) from linking communications under your username with your real identity.
It just means that people don't need to give their phone number to someone just so they can communicate via Signal.
I think this can lead to people having a false sense of security.
Signal is one of the great undertakings of our time. And it's one of the last bastions of internet freedom.
A free-to-use global communications platform that doesn't censor, respects user privacy from the ground-up, and is run by a non-profit foundation that is faithfully dedicated to its mission. https://signal.org/bigbrother/.
We should support it. If you haven't already, then consider signing up for a recurring donation to the Signal Foundation. I try to give what I can afford, because I believe that digital freedom is essential for the progress of all humankind, https://signal.org/donate/
Without such projects, our civilization will stagnate and die in darkness.
Yeah, nah, it might be fashionable but I'm not 100% convinced that it's not an operation intended to be a lightening rod for "private" communication.
Given how tightly they control development, disallow third-party clients, disallow federation, disallow self-hosting servers, have a history if disallowing use without google play and have hid huge development features from the public (mobile-coin) despite being open source. etc;
The idea that it's a great undertaking of our time is so bombastic that it's guaranteed to be false even if you truly believe that they are completely altruistic (which I'm willing to believe but it's not coming easy to me based on the above).
"What's better"? Matrix. Which seeks to solve all of my points, the only thing lacking is market share which honestly is partially caused by these "easy to use" services which trade off everything else, which also consumes developer mind-share even if you're unwilling to acknowledge that. (devs are motivated to solve issues for friends, family and themselves if they are exposed more frequently to systems and services that are sub-par).
Easy to use is important and it's a shame that you're downplaying that. More accessible than PGP/OTR? Sure. But maybe by a hair's width of an alligator's back.
If I am working with a source who gets frustrated by the impenetrability of communicating with me because I insist they use matrix while they're not technical and likely impatient, then that person will be much more likely to use a fallback method such as SMS or email, and they'll do it without warning. It's legal risk, period. My job is to make sure that they can share information with me as easily as possible and during a particularly sensitive period of that person's life, usually. Matrix, as a sibling post highlighted well, is too difficult for this use-case. That is an enormous failure for a use-case of sensitive information sharing.
I really like the idea of federation, but I haven't seen it be successful in practice. I can't think of a federated service that isn't also highly centralized. This was a big problem for cryptocurrencies and it's not like email isn't almost all Microsoft or Google. Mastodon has been struggling as well.
While I think there are better services to be private and secure from a technical perspective, there's one killer security and privacy feature that Signal has that on one else does: usability. It's pretty hard to get my grandma onto Matrix, but it isn't hard to get her on Signal. The truth of the matter is that you can't have private and secure conversations if there is no one on the other side. So while I really do like Matrix and the like, I think of them as more alpha or beta type projects. I don't find that the bashing of Signal is helpful (like we also do with Firefox) because all it does is creates noise for people that don't understand the bashing is coming over a nuanced and biased point of view (we're mostly highly tech literate here on HN, it is a bubble. But people still read our comments that aren't). End of the day, if we aren't getting 1 click server installs (or literally everyone is a host), federated systems are going to become highly centralized at some point. PGP's always failed because the easiest way to hack a PGP email was to reply that you couldn't decrypt. It wasn't appropriate for the masses even when it wasn't difficult to use. Don't get me wrong, I love Matrix, but it's got a long way to go to get mass adaptation.
Fwiw, I remember a user awhile back offering a bounty for a decentralized pathway in Signal[0]. The idea was to create an AirDrop like system to help with things like local file sharing but then extend the project forward to create a mesh network. Seems like a reasonable idea to me. I think it may be more advantageous to try to push Signal in the right direction than rebuild from scratch. I'd highly encourage people with other opinions to participate in the Signal community because it is a crazy echo chamber in there and for some reason the devs treat it as a strong signal.
XMPP cries in a corner. I wish XMPP had more accessible (to the general public) desktop clients. Conversations is great, but speaking from experience, people aren't going to want to use Gajim because it looks like it's ten years old (even though that's a good thing ;). XMPP needs better clients in general. The last time I used Profanity it had very annoying bugs about sending and saving OMEMO encrypted files.
in a world where iOS users won't install another free app from the app store because they already use iMessage, matrix is like asking for your friends to perform calculus just to talk to you.
We really should convince Moxie Marlinespike to push the implementation of an out-of-the-box working bridge between the Signal client and the Matrix network. With e2e encryption, of course.
Signal has its problems, some of them sever. It's also buying "us" much needed time to build out federated and self-hosted chat platforms.
I truly believe they are altruistic, although it is unrealistic to expect that to last forever.
By the way, some of the claims you made about their "bad actions" are actually false. And Matrix is still incredibly annoying to work with for "normies" and only recently got first-class E2EE and retention policy, both things needed for a secure chat experience. And btw, those things aren't deeply supported in the ecosystem, and also it doesn't have client feature flag alerting (to allow good intentioned clients to de-facto report they don't support certain security features).
I do think Matrix (or something like it) is the future, but it's certainly not the present.
Matrix?! As someone who runs is own Matrix homeserver, oh, man, no way. Matrix is super fiddly, unreliable, and user-unfriendly (and I say this as someone who has at times agreed that Signal can be user-unfriendly).
Matrix also is just not particularly private. Servers control and know far too much about users, and pretty much no mainstream client enables E2E encryption by default. Matrix is an impressive piece of technology, but it has a long way to go before it's as usable for an average mobile phone user as Signal is.
Just because a project is open source doesn't mean everything the team works on or releases will be in the public eye, nor does it even imply that it has to be open source as well.
I agree about the passing utility of Signal [0] but Matrix (which I do use) is a barely adequate dumpster fire. They spent all this effort developing a generic synchronization protocol, but yet didn't include native encryption in 2014 and had to bolt it on as an afterthought? And the last time I tried to find a native client it seemed like they were all still using web engines for rendering (inherently slow and insecure), presumably because the markup is too complex to make straightforward native apps.
[0] I don't even use Signal. My tack is to isolate and contain my "mobile phone" device as much as possible (when I'm home it generally stays next to the door on a charger). Whereas Signal has been designed around that single device as a critical part of my life. When I can sign up using only a username, and use Signal from a native client or web browser without any sort of Android device in the picture, then I'll be interested.
> And it's one of the last bastions of internet freedom.
I don't want to be too negative on Signal since they do some good work and I do use it.
But freedom? No. It is another completely proprietary platform. A better one, but still proprietary, so the antithesis of internet freedom.
For example just earlier this month the Signal client overnight stopped working on my old Mac because they decided to no longer support older OSX releases. So I can longer use it on that machine, my primary desktop.
If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.
>If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.
Isn't the source code available? What's preventing you from compiling your own copy?
As far as I'm aware, everything is open[0]. Only issue I know of is that the server code isn't consistently up to date and you can't run your own. But you can compile the app and desktop clients yourself. I guess there's also the issue of reproducible builds but AFAIK this is a play store issue and doesn't seem that problematic since you can compile from source. I mean they even have a commit from 4 days ago for the Android app.
How old OSX are we talking? Is it older than current Xcode with Sonoma supports? If it's that, then you have your answer. If you want to daily drive and older machine Linux or even Windows should be fine, but this is not really the way with Apple hardware - if it was, Xcode would make this easier for the developer. For reference, you can still build for Windows Vista using current Windows 10 SDK - I haven't tried Windows 11 SDK, so not sure how things are there.
> We should support it. If you haven't already, then consider signing up for a recurring donation to the Signal Foundation.
I always like to remind people that you can also donate through your employer and many will match. This is a great way to multiply your donation and everybody wins. Your org is going to donate x amount a year anyways and so might as well "vote" on where some of this money goes.
It encrypts your metadata (the most important data) and doesn't use it to manipulate you. It's a non-profit. And now you can use it without exposing your phone number to other users.
Again: Metadata. WhatsApp records a timestamp of every message you send/receive, and who the other party is. Signal only records two pieces of metadata: timestamp of when you signed up, timestamp of the last time you sent a message.
Whatsapp only e2e encrypts message contents. The only thing Signal knows about you at any given time is the time of account creation and the date of your account’s last connection to Signal servers. That's tied to your phone number. They don't know who you chat with, the contents of those messages, your phone contacts, anything.
I'd get a chuckle out of comparing that with the privacy of Whatsapp.
My 2¢, as someone who tried using WhatsApp once and ran away screaming:
WhatsApp requires you to give it access to all your contacts (your entire address book) in order to use it at all. This information is uploaded straight to Facebook’s servers where they’ll inevitably use it to place your WhatsApp account in a social graph so they know who you are based on your contacts. I found this to be unacceptable so I uninstalled it.
Even if all the other things sibling posters mentioned didn't exist, the simple fact that Whatsapp is owned by Meta and Signal is not... well, that'd be enough for me.
1. Facebook owns WhatsApp and uses it to collect data about people, such as who they communicate with, how and when. They also know about many of the websites you visit and what you do there. They know everything you do on Facebook, Facebook Messenger and Instagram. They buy mountains of data about us from other sources. By analysing all of that data they can probably do a reasonable job at guessing the content of your WhatsApp messages.
2. WhatsApp tries to get every user to accept the option to backup messages and photos to Google Drive, where they sit unencrypted and accessible by Google. Even if you reject that option yourself, your correspondents are likely to have enabled it (if only just to stop WhatsApp from nagging about it) and so your messages are available for Google to read. Example of why this can be bad: https://www.vice.com/en/article/zm8q43/paul-manafort-icloud-...
3. Google Photos asks WhatsApp users if they'd like it to back up their WhatsApp photos. Even if you reject that option, your correspondents may have enabled it and so your photos are stored online unencrypted and accessible by Google.
4. Why should we limit what Google and Facebook know about us? Google and Facebook influence our behaviour for the benefit of their paying customers. Their computer systems are too powerful for our minds. They work against us, not for us. Companies like Facebook will come to be seen like tobacco companies, except that the harm is as from mind altering drugs. There is a documentary on Netflix called The Social Dilemma which explains this well. The polarisation of societies and the spread of conspiracy theories are some of the effects. The only defence is to disengage.
While I am thankful that Signal exists and is a considerate of privacy concerns I don't think their decisions are always right.
For instance, I would love to see picture sent to me by my spouse automatically saved to camera roll. Signal has no option for this because it could put the privacy of me and the sender in jeopardy.
I actually like it this way. Occasionally (not always, which is even more confusing), images from random Whatsapp conversations ends up in the Android equivalent of my camera roll, and it annoys me to no end.
My camera roll is for photos that I have taken. If I want to put something from someone else in there, that's a decision I will pro-actively make. Other apps shouldn't be doing that for me.
WhatsApp has this feature and it drives me nuts. My roll is full of crap people (especially chat groups) send me and I have to clean it up every now and then. I surely hope Signal doesn't do this and keeps the current approach of allowing users the option to download the images they want, when they want.
They have a community forum with a feature request system. Though I'll admit it's a big echo chamber there. But every new user adds a new voice and I can't see how that isn't a good thing.
Fwiw, I want this feature too. And others. I've submitted feature requests in the past. I even asked that usernames add QR codes and links. I'm not sure if I was heard, but hey, the feature is there and even some of the echo people were against it.
They need to actually listen to users. Signal needs to support SMS, they need to support backups, they need to support easily migrating to new devices. I don't care if it makes me slightly less secure, make it a checkbox in the client that I agree if I enable the features, I'm a moron because some nation state could abuse it.
Otherwise, it'll always be niche. I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging. When they say "users might not know they're sending insecure SMS messages" - fine, you own the client. Make the client bright red with a flashing "INSECURE MESSAGES" across it for all I care. It's not hard to inform a user in 2024 that they are sending a less secure message.
Signal has so many footguns that I stopped recommending it. I know more than one person who lost all their messages and pictures when they switched phones.
> I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging
Er, what? So no one you know uses Whatsapp, FB Messenger, Telegram, Google Talk, or anything else? I suppose it's possible that's true, but even if so, you and the people you know do not represent the common-case user.
That's correct, but so what? So does Tor. The US isn't a single unified entity. They get some funding from groups that promote encryption. Gov still wants encryption for their own people and for people in authoritarian countries (it's hard for normal people to overturn an authoritative government when all communications are watched. No need to discuss CIA). But also remember there's plenty of US gov groups that attack Signal too. Just saying "US funded" isn't strong enough on it's own. The gov has it's hands in everything so it's too noisy. You'd need to make an argument about it's dependency on that money, which they aren't. Records are public btw, they are a nonprofit.
I couldn't believe it when I first signed up for Signal and people who had my number were * sent notifications * that I had just signed up. This could've included people I had blocked on my phone.
Same. One included an unstable individual who I was happy had forgotten me. Suddenly he messages me out of nowhere -- "Oh hey, you still exist! And you just installed Signal.... hmm, given what day it is, I'm guessing you're at such-and-such event?"
I think the Signal devs hadn't thought this through at all and just blindly copied what Telegram was already doing thinking it must be cool and trendy with the masses, without understanding their core user base at all.
Same with prioritizing stories, stickers and crypto payments as core features of Signal when that's not what most of their users care for. Meanwhile there's still no official way to port your existing chat history on PC and iOS to your new device, or support for Android tablets. Obviously, stickers are more important.
I was all excited about Signal, but rarely use it because of this very feature. Once it started sending me notices about other users, I was extremely not happy. I was very hesitant since one of the first things it did was ask for access to contacts. I'm still pissed at myself for allowing it.
Hi there, engineer on the Signal Android app here. Just an FYI that the notifications are generated on the receiving client by detecting that one of their contacts newly showed up as a registered user -- they're not "sent out" by you when you register or anything. Also, these notifications have defaulted to being disabled for the last 1.5 years or so. So only people who go into their settings to manually turn them on should be seeing them at this point.
That said, the complaint around this is usually that people don't want others to know that they use Signal. And unfortunately there was no way to _really_ do that (until now), because if you open your chat list, you'll see all of your registered contacts. But in the 7.0 release, we added the ability to hide yourself from being discoverable by phone number at all. So for people who don't want anyone else to know that their phone number is registered with Signal, they now have that option.
How come it wasn't the default right from the start?
How can a privacy oriented company not see the privacy implication of this? Sometimes, you want to be forgotten by some people, and Signal is telling them you are still there and active on that number. I remember reading a story about someone getting into real trouble for that.
Without "usernames", the proper way to handle it would have been to not let anyone know you are on signal when they look up your number. To get into contact, send a message, then the recipient will receive a notification with the message and an option to rely. If the recipient doesn't respond, from the sender point of view, it should be as if the account didn't exist.
I personally don't have a problem with this feature, and it's actually how I discovered Signal use among many of my friends.
But I think it's inexcusable that these sorts of notifications could essentially allow someone to circumvent blocking done by one of their contacts. If I've blocked someone via my phone's default contact blocking mechanism, and then I join Signal, and that person is already on Signal, they should not suddenly be able to contact me... and even be explicitly invited to do so on their end!
I wouldn't be surprised, though, if neither Android nor iOS gives regular apps access to the blocked contacts list. So I'm not really sure how an app like Signal could solve this problem.
After I realized this happened to me, I uninstalled signal. But because of the way signal jumps in and replaces normal sms, I found out later that signal users were no longer sending/receiving plain text messages to/from me properly. I forget the details but it was really frustrating.. first it ate my contact list and contacted them, then after I uninstalled it held those contacts hostage, breaking comms with them because those users didn’t know they were still signaling me, not using a normal text message. I text, they reply with signal, I can’t ask them to uninstall their app, so now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.
>now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.
yeah, you need to authenticate to delete the account (aka deregister). How else would they verify that you are the owner of the account you want to delete?
> We've discussed at length why this is not possible, but if you have more thoughts then please visit the forums. Please try not to open duplicate issues in the future, even if you feel like something is important.
The list of phone numbers with signal accounts is basically public. It kind of has to be. When a new number gets added and it matches someone in your address book, your app will tell you that one of your contacts has joined. People have always had the ability to turn off that feature, but that's not what the feature request seems to be asking.
People seem to be asking for a way they can join Signal without their number showing up in the registry of Signal users. This is why it's "not possible".
edit: This may have changed today. I'm now seeing an option that lets me hide my number from the registry. This means that even someone with my phone number will not be able to message me on Signal, which seems like a good deal to me.
Yes, this drove at least two people I know/encouraged to use it off the platform. When people see this they also think that Signal snooped their contacts. Very bad.
This and the iPad "We'll remind you later" iPad notification nag are significant problems. I am a big supporter of Signal, but it's certainly hostile to those escaping an abusive situation. Usernames are a step in the right direction at least.
I know some people defend Signal out of ignorance or loyalty, but I suspect there are some paid shills for Signal now. I don’t see how anyone with a bit of security awareness (which is the reason to use Signal instead of whatsapp) can justify using a phone number as an ID in 2024..
> Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account.
The "no longer associated", I will need to get Signal word for that, right. (You cannot cryptographically prove something was deleted, right.)
You shouldn't need to cryptographically prove that an old username is unavailable. You should be able to simply send a request to Signal servers asking if it's available and receive "no" as a response.
You'd have to take their word that this wouldn't change, though.
I just donated the minimum amount to Signal through the app (~$3), I encourage all other users to do the same, because every time a Signal article is posted it’s a reminder how dystopian IM would be if there was no realistic, privacy respecting option for ”normal people”.
It’s probably the only piece of privacy friendly software I’ve recommended to older relatives that actually stuck. It’s not fancy, but it’s solid, simple and does what it’s supposed to.
> Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts. [Footnote: Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with.]
(emphasis mine)
Couldn't Signal just brute-force all possible usernames in order to connect them with their accounts?
All in all, it seems usernames are just as public as anywhere else and the encryption part sounds like snake oil. Ok, maybe once more they try to protect the username table (or its equivalent in the zero-knowledge proof algo) from getting probed too often by means of an Intel SGX enclave or something, but I wouldn't want to trust SGX either.
I don't agree with the 200-bit estimate. Usernames will typically not be random and will have much less entropy.
Either way, I was not talking about brute-forcing a single username. What I suggested was that Signal could loop over the space of all possible usernames. Every other name would be a hit (i.e. exist) and reveal the account ID, possibly even the phone number, of that user.
Hell, couldn't regular users do the same? The blog post at least doesn't mention anything about rate limits when probing usernames.
> A username on Signal (unlike a profile name) must be unique and must have two or more numbers at the end of it; a choice intended to help keep usernames egalitarian and minimize spoofing.
Interesting choice. I’m guessing most people might just use the last two digits from their birth year, to make it easy to remember.
When they announced usernames I thought I will be able to install Signal on my TV desktop (linux) and send / receive messages from to it (links, files, etc).
Now that I know it still needs phone number I assume it will need to be unique so my use case fails.
For the record, I am still a happy Signal user and a monthly supporter, thank you very much.
Just hair splitting obviously but I don’t think it’s really a contact, it’s just what the recipient shows as when you send something to your own number.
Most of the use-cases for requiring a phone number to sign up for a service e.g. Twitter, Signal seems to be to avoid spam. Atleast allegedly!
What alternatives can be used instead, something that is easily accessible/available to the general public but not easy to obtain to create mass users?
Instead of heavily limiting account creation, Discord for example limits the possibility to message users outside of your network by default. Only people you have added as friend or you share a server with are allowed to message you by default.
For signal that would be harder to implement since it's more focused on 1o1 chats instead of groups, maybe if spam gets out of hand they could use a grey-listing approach like Instagram does where users outside your network get moved to the "message requests" inbox by default.
Discord, while overall better than Telegram for privacy, will flag your ip / device / identity and require a phone number for new accounts if you do something like use a message archiver to back up conversations. Took me years to get the block removed (but not for my work account). It was a privacy nightmare for me and when I had to get an account for work I had to sign up for an additional cell phone service, which cost me thousands to this day.
I’m still nervous about making new accounts in case it triggers some process to lock me out of my one account that I don’t have a phone number for. I couldn’t join the baldurs gate 3 discord to find people to play the game with because it required a phone number on the account, which I was already forced to use for my work account.
On the other hand, I’m glad they actually do enforce their rules, unlike Telegram (which is a haven for scammers, pedos, radical communists, open market drug dealers, and terrorists, not to mention the soul-depleting interactions I’ve had overall with chat rooms there)
If anyone wants to help me add the thinnest layer of security possible to the signal desktop app please reach out to me. It needs the option to use a pin to unlock, like, yesterday.
As it stands, if you let someone use your computer and you have signal desktop, they can see all your E2E texts. Desktop computer sharing is much more common than the devs acknowledge. Also there have been several high profile cases of federal agents squatting on a confiscated laptop, keeping it awake and eavesdropping on signal group chats without the other participants’ knowledge. See the evidence in the FTX trial as a recent example.
I'm a python programmer, and I have zero experience changing the internals of an electron app, but this is a big deal to me.
If the feds have you device, they have everything, regardless of how hard you try to lock it down. Not worth even considering how to keep them out because you're simply not going to.
Also consider that, a sufficiently motivated private threat actor is likely going to break a pin, there's not enough entropy there, or they'll hit you with a $10 harbor freight pipe wrench until you tell them the pin.
For everything else, bitlocker, LUKS, or equivalent is more than sufficient and battle tested for those uses. Yes there are ways of breaking both, conditional on XYZ, etc, but, they're good enough. It does force you to multiboot, but that's good practice anyway, no reason someone using your computer should be using your root partition in 2024.
Ugh. I shouldn't have even mentioned the feds. This isn't threat actor level stuff. The thing that bothers me is that if I let a non-technical user onto my computer to do something like write an essay for school, they might stumble upon some messages that should have been private. There's zero protection. That's why I called adding a pin the thinnest possible level of security.
It might not please you to learn that Signal Desktop stores your messages in a trivially-read SQLite database. But it may prevent you from trying to lock the client with a pin.
There is a universal way of fixing this for all your desktop apps: locm your computer. It works similar to locking your phone: when it's locked, you have to first unlock it with a password or something, in order to start using the decide and it's apps again. As long as it's locked, all your data is protected.
Personal computers are big. They don't fit in your pocket. They don't lock when you hit a small button on the side. They are often shared. Your argument about locking down the whole computer is brought up every time someone wants this feature. The reality is, we want signal to be an application that anyone can use. Not everyone is a single male with enough income to have their own private computer.
So basically copying telegram way. That being said, why does Signal still require a phone number in the first place? Exactly, because when needed, it will be used to be linked back to your real identity, it has nothing to do with spam or anything, Signal isn’t a social media with public posts and what not, it is a messaging app.
> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. This is a critical step in helping to prevent spam accounts from signing up for the service and rendering it completely unusable—a non-trivial problem for any popular messaging app.
I'm not sure why you need to assume that it will be linked back to your real identity; I haven't seen anything that indicates any motivation to do something like that. I'm all for being cautious, but being overly cynical can lead to letting perfect being the enemy of the good.
For the spam part, I commented below how’s that doesn’t work and it doesn’t even make sense for a messaging app.
> I'm not sure why you need to assume that it will be linked back to your real identity;
I’m not assuming, only North America (edit: and some European countries) doesn’t require an ID for a phone number (1), and even in here, you would use it in other services that are linked to your real ID like banks or paying the phone bill online. The concept simply boils down to as soon as you find an account’s phone number, it’s a game over for that said privacy.
Neither Signal nor Telegram allow to pay a small amount in cryptocurrency to prove you are not a spammer. This shows that they are really interested in knowing who is their user.
Definitely not a copy of Telegram. I'm not actually sure what the draw is with Telegram but given it's origins I'll choose Signal over Telegram.
If you read the thread the linkage between a phone number and a Signal account cuts down on fake accounts significantly - which has nothing to do with "social media" but it does have a lot to do with SPAM as you've incorrectly stated. I understand why it's not ideal, but there are tradeoffs in both directions. It's unlikely that usernames are going to expose users more than they currently are if they're already using Signal. And it's also unlikely that this new feature changes much, but I welcome the ability to prevent users from associating my known number to my Signal account. In this way the security model has improved considerably.
Telegram has channels and groups that work in a weird but very useful way. That's mostly the draw for me, not really the private messaging. Though the UX is just amazing, even for private messages. Everything is just super neat and where you expect it to be. I'd still probably not use it if it wasn't for how channels work
It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).
It may decrease privacy philosophically, but it isn't nefarious.
If you want a private messaging platform with zero prerequisite identity, use Briar.
> It is a way to increase usability for casual users
You can keep it as an option.
> decrease spam by requiring some other source
Phone numbers never been a good way to counter spam, just look at social media, you can buy phone numbers in bulk these days, not to mention spam might work in social media because there’s the concept of “public space” where everyone shares and talk, so it does make sense for some bad actors to spam or even trying to influence others, that’s not the case in messaging app, because first I need to know your “unknown” username that I can’t see it elsewhere, and second, the efforts are worthy for such unsolicited message, which in case it was, you can get a burner to send it. The point is requiring a phone number to counter spam doesn’t work, and it doesn’t make sense either for messaging apps.
> If you want a private messaging platform with zero prerequisite identity, use Briar.
Well, personally I don’t use Signal, never will in its current state, but they always try to promote it as privacy messaging app while still relying on a broken system known as GSM.
> It may decrease privacy philosophically, but it isn't nefarious.
It doesn't decrease privacy. It decreases anonymity which is distinctly different.
> If you want a private messaging platform with zero prerequisite identity, use Briar.
Or Session which is a fork of Signal that runs it's own network using standard PKI instead of a phone number for identities and a decentralised message delivery/onion routing system.
> It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).
You either end up discriminating against users who have to use VOIP for whatever reasons (and there are legitimate reasons) by blocking VOIP numbers, or your barrier to entry for spammers is almost negligible. It's not a good system.
If you want to prove that users are humans, use a webcam and an id, or delegate the task to some bigcorp who already has a similar system. If that's too much for you in terms of privacy, you shouldn't be attempting to prove that users are humans in the first place. Maybe you should prevent spam via product driven solutions, e.g. whitelisted contacts.
Because the social graph sitting in people's phone address books isn't easily replicated, and using phone numbers is basically the only chance of overcoming the chicken-and-egg problem with network effect.
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
This sounds terrible. Are they saying that your phone number will still be visible to anyone running an unofficial app, even if they didn't have it before?
Is it enforced by the protocol or is the number just "hidden" by the official app?
Great start. Now can I have an account without using the Apple/Google duopoly mobile OSs (especially since Signal doesn’t support UnifiedPush to get some of the leaked metadata for notifications from Firebase, but at least the Molly fork supports this), or a desktop program that isn’t Electron, or allow decentralization? Why should I have to own a phone? Why do I need to run an entire browser for just a chat app when XMPP & Matrix do fine from web to native to TUI? When will I be able to run my own server?
I'd willingly provide a copy of an official ID to rid my Signal and Whatsapp accounts from the phone number. I mean, if it's good enough for the mobile company, why not just skip the middleman?
There is desktop electron app that works mostly OK (as far as electon apps go). Unfortunately, you need a mobile phone with the signal app to start using it.
Also, if you forget to open the desktop app for a few weeks, it breaks the link and you have to go get your phone anyway.
And it doesn't show any messages that came in on the phone during that time, so you're missing context and in practice you just have to use the phone for everything anyway.
I think (but don't quote me on this) that you don't need the Signal phone app to start using it. As long as you have a phone that can receive text messages, I think you can also enter the confirmation number into the desktop app.
> A username on Signal ... must be unique and must have two or more numbers at the end of it; a choice intended to help keep usernames egalitarian and minimize spoofing.
> you will still need a phone number to sign up for Signal
Guess I'm not signing up for Signal then.
Seriously though - this has always bothered me. They build the "most private" communications service ever, yet require one of the most identifying pieces of your information in order to use it.
If I didn't know any better I would swear it was a surveillance honeypot.
I hope someone corrects me if I am wrong, but around two years ago he backed out of any responsibilities (ceo) after he bundled mobilecoin into the app.
> If you select “Nobody,” the only people who will see your phone number in Signal are people who already have it saved to their phone’s contacts.
Can someone explain how this doesn’t leak information? If I add someone via username and I randomly guess their phone number, does Signal leak it after the fact?
I was wondering about that too, I think the wording is just a little confusing.
Further down it says:
Selecting “Nobody” means that if someone enters your phone number on Signal, they will not be able to message or call you, or even see that you’re on Signal. And anyone you’re chatting with on Signal will not see your phone number as part of your Profile Details page – this is true even if your number is saved in their phone’s contacts.
So I think what they mean is if you've been chatting with someone before this update and they have already linked your phone number and signal account then setting to nobody won't revoke that.
However if you initiate a chat with someone new using your signal handle, even if they have your phone number stored, they won't know it is you.
Otherwise it seems like it would be easy to brute force someone's phone number!
My favorite feature from Threema now available on Signal. Next up… please make it easier to transfer databases between mobile phone upgrades, I’m looking at you iOS version.
Still I would love that this feature generated QR codes without the unique disposable username in human readable form.
Has anyone figured out a way to copy your chats from android over to ios yet? I switched phones recently and don't want to lose my old messages, so I haven't moved signal over yet.
All I know is since they introduced this feature I received 4 spam messages about crypto, whereas in the past several years I received 0 such messages. Overall a net negative for me.
No, this happened over the past 2 months. I've received messages from accounts with female first names without any phone number (and obviously not in my address book). I suspect they were testing the username feature pre-release and bad actors already started taking advantage of it.
It's 2 swipes to block and delete but a problem I never had to deal with before on Signal.
Glad to see them using a name + some numbers scheme here. I immediately rushed to reserve my username but found out I didn't need to. Oh well now have the .01 suffix
Signal doesn't store anything about your account on the server except last login time and when you registered. It doesn't store a contacts list, so it used your own, assuming you granted it access to do so.
Contrast to MSN, which kept your contacts on the server, as well as information about your account, groups, your plaintext messages, etc.
Smart that they force users to add 2 numbers to the end of the username to avoid “high end” usernames. I wanted to grab my first name but ended up with firstname.01
Random aside: I saw the title and before reading it wanted to try and claim mine. I went on my phone, and this page was not even on my first google results page when I searched "how to use signal usernames", nor was anything remotely related to either topic.
I was tired of reading all the comments on here about how 'google search' is terrible, I now believe it and will be looking into all the suggestions here.
i didn't get why any phone number is involved when this software was released, and now it's gone. i safely avoided even bothering to learn of whatever false conundrum these San Fransisco, Twitter scene people had in mind.
LOL just install Session and SimpleX (and, for 'droid Chads: Briar). If P2P voice/video skeeves you then get mullvad or proton or something vpn. Why is it the normie will do all kinds of torturous steps like phone and identity verification to install instacoom...
... but they just refuse to install Session and copy/paste an identifier to add contacts (assuming non-locality, else there's QR), complaining it is "too hard whinemew!" Normies make dragnet surveillance so easy!
> Until now, someone needed to know your phone number to reach you on Signal. Now, you can connect on Signal without needing to hand out your phone number. (You will still need a phone number to register for Signal.) This is where usernames come in.
How about no phone numbers for registration at all?
That would welcome a world of spam. Sybil identities is currently an unsolved problem, the mitigation is the requirement of unique scarce resources (like phone number in this case)
My parents, in-laws, grandmother-in-law, and entire extended family is on Signal. It's the extended family group chat, video calls with grandparents/great grandparents, and the baby photo feed. That's mostly because you just install it and it works.
I have no idea how to get my extended family on a Matrix homeserver without extensive handholding. I can barely figure it out myself and I was a huge XMPP nerd that ran my own ejabberd server for years.
For users who want strong security in messaging, yet an easy way for anyone to use the platform Signal has a much better user experience. Over 95% of my messaging is on Signal. Almost none of those users will benefit in any way by switching to Matrix. While it's a great ecosystem, it's also too much work for people who don't want those features or flexibility.
Matrix doesn't have the same threat model as Signal, and isn't a 1:1 replacement for it. Matrix is great (maybe optimal) for things that would otherwise be Slack channels.
> New default: Your phone number will no longer be visible to everyone in Signal
I just laughed reading this. I never used Signal, for obvious reasons, so I wouldn't know, but was it really the default? And people were using it as supposedly private messenger? That's unbelievable.
Of course it matters. One extremely frequent complaint about Signal is that you have to give out your actual phone number to use it, and anyone with your number can determine if you use it. This cuts off both of those.
Signal is such a tragic story. They had it all during the great uprising against Whatsapp. Even my non-technical friends started switching to Signal. They were exploding, more than Telegram ever was. And then they added some crypto bs right at the height of their hype. Bummer, no second chances from me, and removed from all those friends phones as a direct effect. They blew it
I used Signal as my primary SMS app until that capability was stripped. It meant that so many of my conversations were Signal-by-default. But now, by attrition, most my conversations are back in SMS. I also find that simple things like programming the date and time of delivery - which Google Messages has - don't exist in Signal. (Or if they do, I have missed it because I'm no longer there unless I have to.
I have SMS, Whatsapp, Signal, and Threema installed, and it's a hot mess of disparate networks. I hate it.
We probably live in a different part of the world, but where I live no one who is not very techy knows about Signal, it was never close to Telegram or Whatsapp.
Germany. Lots of privacy-focused minds. It became a bit of a topic during that crucial time when Whatsapp had some kind of scandal going on. I don't even remember the details. It was a chance of a lifetime for them. Well, in the end these apps are really all the same. I don't mind any of them really
Thankfully, your experience is not universal. It's still the primary means of communication between me and the majority of my friends, technical and non-technical alike. I believe they've walked back (or, at least, not committed to) that crypto project - at least, I haven't heard anything about it in so long that I barely remembered what you were referring to.
I'm skeptical of crypto too, but this sounds like an over-reaction that is cutting off your own nose to spite your face.
I mean it's an incredibly over-saturated market. There are so many of these apps, they're all the same. There's little room for such errors IMO. But I'm willing to accept that it might have been an overreaction
Phone numbers are fast becoming a global, persistent, shared user identifier across applications, business, and government.
Think of how many systems innocently ask for phone numbers as a hard requirement for account creation (under the guise of DFA). Think of all the restaurants that innocently ask for it “so we can text you when your tables ready”, or when you buy a shirt at Banaba Republic, “can I get a phone number”. Like seriously, WTF?
In reality it’s now the defacto method to identify and reconcile your records across ecosystems.
Apple needs to create throw away phone numbers like they’ve successfully done with email addresses. I expect this to be their next iCloud+ offering.
Oh, please, stop already with this phone number nonsense. I want to use signal from my computer, without need for a mobile phone at all. (Also, to be able to easily synchronize history between different computers).
No idea about signal, but I haven't encountered any recent verification that worked on anything but a non-VoIP mobile number. My landline is useless for this and it isn't even VoIP.
I wish the regular HNers who have a beef with Signal would make a webpage or something with their points, some eli5 and their sources. They fuck up every Signal threads and are vocal but even if they are right their mannerisms and holier-than-thou attitude and "don't you know that ?" mantras is really getting old.
Took WAY too long. And you still need a phone number to sign up. Wire (that uses the Signal Protocol and also has video chat never needed your phone number AFAIK)
Also, Signal loves to claim how secure it is, but they will never dare to tell you that participating in the Android and mainstream mobile systems nobody is secure. Especially not on Google Play. If the government wants to spy on you, they WILL! It does not matter if they can't decrypt your messages because they will be sucking the data right off your phone with invisible screenshots and AI transcribing the text or by other means like key logging. There are people who claim Pegasus does not even need you to click on some link anymore, all they need is your phone number. And Pegasus is for sure not the only thing out there.
Signal and others create the illusion of privacy, there is no privacy on any smartphone with any kind of mainstream OS. Probably not even on the "hardened" de-googled Android forks.
The whole idea that anything on your phone is private is laughable. Private to who? To hackers? To the FSB? The NSA? Phones are all easily hackable for one. Real privacy cannot be achieved on the spy device in your pocket.
What this does is provide a casual level of privacy. It gets us parity with the phone number hiding in tools like telegram.
Please stop peddling this horrible experience as a form of a valid backup. A process that requires full manual interaction and requires you to know ahead of time when your phone will break or be stolen is not a useful backup process.
They're pretty bad. You can't specify where the backup goes, so if you are running low on storage space (eg if you have a lot of photos or videos to back up) and add an SD card, tough luck because you can't save there. The best you can do is manually export your media (also without any choice over where it goes) and then manually move it to the SD card to make space on your internal storage. They say this is for security but if an attacker is in a position to export your backup, they are already in your signal account.
Same story with the PIN signal requires if you haven't used it in a few hours. It's the same as your phone PIN and there isn't anywhere you can change it, so it's just security theater.
I see it, but it just looks like it uses internal storage. So far as I know, there's no Drive File Stream/Dropbox sync for Android, so you'd still lose your shit if you weren't manually backing them up somewhere.
I doubt that's a habit many people will develop for a setting they didn't even know existed.
My cousin comment [1] provides a bit more detail, but this is not available on iOS/iPadOS despite Apple allowing apps to save files to the filesystem and many other apps supporting this for years now.
There are no backups available on the iPhone/iPad app, only a device-to-device transfer while setting up a new device assuming your previous device and new device are both iPhones/iPads. This is despite support for apps storing files to the filesystem that was added some years ago now, and many other apps on those platforms supporting backups of custom file formats (or JSON, etc.).
Oh yeah, privacy oriented messaging app requires phone number for sign up. Telegram has this feature for years already? It seems to me that they are positioning themselves as privacy saviours just because they are non-profit organization and their app is open source.
Maybe in the US you don‘t need to mandatory register a phone number with a valid id, in most of the world you have to. If anyone can require the phone company to reveal your identity, it‘s the government.
Source code is open source doesn't mean squat for safety. Have you audited the code? Do you have the skills etc required to prove its not backdoored?
Because I know I don't have that skill set or time. I do have however some big fat red flags on using it because it was opted for by an entity whose entire existence is based around backdoors and spying.
Honestly i find it absurd that some folks say just because something is open source it's automatically safe. The vast majority of us whether the project is open source or not lack the skill or capacity to pick up on a well obfuscated hole. Hell even the best of us aren't that good.
This is fantastic! I also love that there is the QR code generator. It'll make connecting easier.
I hope moving forward we can have multiple usernames and profiles. This would greatly increase privacy since we may have different identities in different social groups. Even on HN a lot of us have multiple personas. I find one of the big challenges is actually handling these different identities as most software only assumes you have one. Though it seems to be common on social media like twitter or instagram. But bitwarden still doesn't know how to differentiate microsoft logins lol
Edit: I'd love in the future to also see things like self destructing or one time links. I don't think these should be hard to implement, especially if one can have multiple usernames. Certainly a limit like 3 would be fine with the numbers, right? Personally I wouldn't be upset if multiple names became a premium feature but I'd strongly prefer if it wasn't. I get that signal still needs money (https://news.ycombinator.com/item?id=39446053)
> But bitwarden still doesn't know how to differentiate microsoft logins
To be fair to Bitwarden even Microsoft doesn't know how to differentiate between multiple Microsoft logins. As of at least a year ago, you can technically have different logins with the same username/email identifier, and different login prompts will behave differently.
Also nice to mention that some of those are connected and some are not. For example I have a personal account (that I did not create but appeared magically at some point; it behaves as totally separate), a work account (main work tenant) and three guest work tenants that share the password, but don't share the 2fa. For some apps you chose the tenant, but not for all.
Oh yeah it was more a joke than anything. Microsoft is just creating such a shitty environment. I can be logging in from my company portal where they know the identifier yet I still have to add @company.com. I mean I got one for my job, for my university, for conferences (CMT), and I swear I'm forgetting 30 others that I only use once in a blue moon.
They also are real shady with yubikeys. You can't set them as default but you can set "security key." So the process ends up being it assuming you want to use Hello (which breaks my Outlook... wtf), clicking use another device, security key, clicking next, then finally typing in your credentials. The next part makes me real suspicious since all the other dialogues go to the next page without clicking next. Why just this page? It's some weird dark pattern bs.
I'd call it malicious, but I think maliciousness requires intent. A chicken running around with its head cut off isn't really malicious if it runs into you.
You can use these “features” to hijack accounts too ;)
I’d call them bugs, but they’ve been reported and didn’t get fixed.
indeed, with an incoming Teams meeting invite, it should be determinable from the sender's context which account should work on the meeting. Instead there is 2 minutes of waiting, and what seems like pot luck with the account.
Telegram has had all of these features for a while… too bad it isn't as secure as signal or it'd be perfect, since it's also written in a real GUI toolkit and present in distribution repositories.
I do wonder how telegram and signal are planning to finance it long term. Telegram is adding absurd paid features like exclusive animations, which won't earn nearly enough to cover the costs.
I wonder where signal is about keeping the servers up, since they hate federation so much.
Telegram and Signal solves very different types of privacy issues.
Telegram is good, as you mention, to be relatively private in groups/chats/channels without a need to expose neither your phone nor even a nickname (unless you live in autocratic countries — will come to this later).
But it comes with costs. First, their p2p communication is not e2e encrypted by default. Not to say that all comments/group chats are not encrypted too, unlike let’s say WA.
Second, Telegram API. It gives too much information. You can do a lot with it: read history, track changes of usernames, etc. For example, it is quite easy to obtain an internal user ID and there are black market services and databases where they promise to connect that ID with phone number if that account ever had privacy settings switched off in the past.
Claimed that they kind of scrape all accounts and pair ID for those where privacy settings set poorly. Even if you change it later — your internal ID and that scrape will state forever.
Third, Telegram was funded by Russian government since Durov had issues with SEC. He raised money from different Russian state-owned banks like VTB, issued bonds which are traded in Saint-Petersburg stock exchange, and even take some money directly from Russian government though a Qatar proxy-company. Not to say, that there are cases when TG was involved in criminal charges against people (the most famous one is story with Ryanair plane being forced to land in Minsk to arrest Lukashenko’s critique) and it was never directly addressed and explained by company how exactly those people was caught and how company protect against “SIM card replacement” cases (Signal at least inform me everytime my peer logged to new device).
Selecting between Signal with AFAIK no known cases of charges in dictatorship countries like Russia, funded by non-profitable charity, and TG without default e2e encryption, public API and Russian-state funding, is quite obvious for me.
10 replies →
Don’t worry, telegram is now gatekeeping certain privacy settings behind the premium subscription like it’s 2003.
They also make it difficult to hide your pseudo identity from your phone contacts. I’ve had all the “discover contacts” settings turned off, and simply reinstalling the app caused people to be given my username without my consent. Settings somehow magically switched themselves back on and I couldn’t turn them off until after the damage was done.
There was no confirmation prompt. Pretty sure this happened to me more than once.
Please don’t ever compare Telegram with Signal.
27 replies →
Telegram isn't a messaging service. It's a social network with a messenger UI. Quite ingenious, if you'd ask me, but a social network and a private messenger can't really be reconciled into a single product.
3 replies →
You're in luck because Signal had a whole blog post about long term financing a couple months ago.
https://signal.org/blog/signal-is-expensive/
2 replies →
Why do you say that Telegram isn't as secure as signal?
5 replies →
Matrix might interest you, but it doesnt solve telephone numbers (i think)
I don't want to be too dismissive of Matrix, but I also see these types of comments as understanding what problem Signal is actually addressing: security for the masses. There's no way I'm getting my grandma on Matrix and you're delusional if you think she can setup a server. But it isn't hard to get my grandma on Signal and that's a much better security feature than federation or even not having phone numbers. If I want extreme security, you're right that there are better tools. But my threat model isn't trying to avoid nation state actors, it's mostly about avoiding mass surveillance, surveillance capitalism, and probably most importantly: sending a message to the gov to fuck off with all this spying. At the end of the day, there's no other app that's even close to fulfilling those needs.
I didn't realize my comment rose to the top. When I had written this I had also written this comment[0] which was the grandchild of the top comment at the time. It has a bit more details on my thoughts/reservations of federation. tldr is mostly about avoiding centralization. This remains an open problem and I think it is far too easily dismissed. But federation isn't solving the problems people want it to if it's federated like email and web browsers. That's just mostly centralization with all the headaches of federation.
And to anyone complaining about lack of federation, what's stopping you from running your own Signal server? Sure, it won't connect to the official channel, but is that a roadblock? Even Matrix started with one server. This is a serious question, is there something preventing this? Because if the major problem with Signal is lack of federation, I don't see why this is not solvable building off of Signal and not needing to create a completely different program. Who knows, if it becomes successful why wouldn't Signal allow a bridge or why can't apps like Molly allow access to both the official and federated networks?
[0] https://news.ycombinator.com/item?id=39446183
5 replies →
> Note that even once these features reach everyone, both you and the people you are chatting with on Signal will need to be using the most updated version of the app to take advantage of them.
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
Which is also an example of a challenge for open ecosystems where everyone can create apps.
I understand that it doesn't outweigh the benefits to everyone, but it is a valid reason.
Is Signal considered to be (or attempting to be) an open ecosystem?
My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
The underlying protocol is open and could be used for an open ecosystem, but I didn't think Signal aspired to do that.
The apps and most of the backend are open source too, not just the protocol.
The important distinction is that it's not decentralized like XMPP or email, which is a conscious decision: it would become very difficult to change it to add new features and they'd be left behind by closed-source competitors (see: XMPP).
12 replies →
> My understanding is that Signal (the app) is private, not anonymous, centralized, and closed.
You are right about that. There used to be an open source build called LibreSignal
Moxie Marlinspike made clear [1]: You may inspect the code. You are even allowed to compile it. You are not allowed to connect your self compiled client to our message servers. We are not interested in a federated protocol. Make sure your fork creates its own bubble that does not overlap with Open Wisper Systems. Stop using the name Signal.
[1] https://github.com/LibreSignal/LibreSignal/issues/37#issueco...
Both the app and the server is open source
https://github.com/signalapp/Signal-Android https://github.com/signalapp/Signal-Server
There are forks like Session which doesn't require a phone number to sign up
https://github.com/oxen-io/session-android
10 replies →
They've described what they're attempting to be here: https://signal.org/blog/the-ecosystem-is-moving/
6 replies →
It's not [attempting to be an open ecosystem]. Their ToS used to forbid using third party clients. I don't think this has changed. They haven't banned anyone for using third party clients (to the best of my knowledge), but they're openly against an open ecosystem.
It's private, centralised and the network is closed (e.g.: non-federated), but the source code is public and open source. I think that for the server implementation they do code dumps every once in a while, rather than continuously keep it public.
I wish it were more obvious that Signal expires its apps every 90 days.
My mom couldn't receive signal calls on the backup phone I gave her. I had disabled auto-updates since apps break UI sometimes and she gets confused by things moving around.
When I visited, I opened the signal app and was told I had to update.
I have been bitten by this in the past. At least now they give warnings in-app that the app will expire soon. But if you don't use the app regularly, you wouldn't even know. Also, I'm not aware of any other apps that die in this way, so it's not like people are in the habit of periodically checking the app to make sure they're still on a version that can receive incoming messages.
1 reply →
It's patently unforgivable that a message would not be delivered because the client is out of date.
The Signal team is incredibly clueless and arrogant toward its userbase. It seems to simply not have occurred to them that many people rarely/never have wifi, may not be on AC power when they are on wifi which means the phone may not check for / apply updates, etc.
In the US, cellular is often expensive and slow.
In underdeveloped countries where software like Signal could be really important, all this is even more true.
We get shit crammed down our throats to protect the most obscure edge cases for the smallest percentage of the most vulnerable users - such as not being able to sync messages between devices - but then they pull shit like this which has a huge impact for people in rural areas and underdeveloped countries?
14 replies →
Protocol ratcheting, but 90 days would be quick if there’s a lot of apps.
Does this mean the protocol still exposes your phone number and it's hidden only by the client side?
The answer is almost certainly no. It means the old APIs that expose phone numbers will stop working in 90 days. And old clients along with them.
I have not investigated this at all, but I have enough faith in Signal/Whisper Systems to be optimistic.
8 replies →
Hackers can always create apps.
This is a common, but terrible argument. Anyone can (mis)use, make, or weaponise technology given enough time and funding. Following this reasoning to its logical extreme, nobody should ever do anything.
The problem something like this solves is to raise the bar somewhat and discourage a fraction of those who would.
Done right, that fraction will be significant.
2 replies →
I like the idea, but they should have called it something else instead of ‚usename‘. Maybe ‚connection string‘ or ‚discovery phrase‘. Right now they have to explain at length in what ways it’s different from regular usernames.
Is ,comma-backtick` some personal quirk of yours, or is it some standard I'm not aware of?
European quotation marks commonly have the left one down low and the right one up high. The same applies for single quotes. But using comma-backtick is deeply unorthodox.
11 replies →
To give a definite answer to the discussion below - it seems Czech, Slovak, German, Slovenian and Croatian sometimes use this format. Here an authoritative source: the EU publications office:
https://op.europa.eu/en/web/eu-vocabularies/formex/physical-...
It‘s what my phone made out of two presses of the same (single quote) button.
It's ‚comma-apostrophe‘, actually.
7 replies →
"friendcode" seems to be pretty standard in multiplayer video games
Maybe "contactcode" would be better in this situation, as it doesn't imply any specific relationship between participants.
1 reply →
HellDivers 2 LFG rn is all about sharing Friendcodes... you can get a ton of them on discord or reddit... but then you end up haveing a "friendcode" cybermentally-distributed DNS system for them over time.
Six degrees will still exist.
(funny weird thing is that with HD2's server issues due too demand, one way to harvest this would be to create a fake LFG host game and have tons and tons of accounts bang against your HellDiver-Pot - and get whatever you can scrape from that?
---
OK - I actually went down this hole the other daty... you look at the reddit thread on helldrivers for LFG - or the discord...
So on reddit, you just put .json at end of thread - DL the entire thread as json, now you have reddit id, location, play style, etc, details AND their friendcode on HD2... but since they can individually generate random friend codes on any game/system that allows such... you have a breadcrump (with enough attention span to just correlate all the shared info between these friend codes and data received...
still - even with random friend codes - six degrees is still available, easily.??
---
I deeply hope they do a Tech Talk on the post-mortem of this lauch success spiral - its fascinating....
But one thing I am really interested in, this is based on the Autodesk Engine, I know they co-dev-dog-fooded, but I hadnt really known of this engine at all... what little I do know, is that - its amazing...
But I'd really like to know more about the arch and overall traffic flows etc of this game.
Its beautiful see "problems" like this explode in like ~2 weeks.
What do internet traffic graphs look like since growth, per carrier?
6 replies →
Yeah that seems to be the standard and very descriptive.
Not everyone I connect to on signal is a friend. same for e.g. journalists or government people who use Signal.
Why not "invite code" like Discord does it? This is literally the same thing.
Its a code, inviting other people to speak to you.
> they have to explain at length
My reaction to the article was that they're using a lot of words to explain this change. That suggested to me that maybe they aren't being completely candid.
I've never used Signal, because (a) I don't want to rely on a smartphone, and (b) I don't want to use my phone-number as my ID, because it's traceable. I can't work out from the TFA verbiage whether this change addresses my concerns or not. That in itself is concerning, to me.
Regarding (a), apart from the inicial account setup, you can actually use the desktop client fully standalone.
Regarding (b), yeah that's still a bummer, though, depending on your country of residence, you can get throwaway SIM cards for free and use that.
"Connection string" already means something else. I'm partial to "Identifier", myself.
But identifier already means something else (i'm used to identifiers being unique, constant, and useful for actually identifying someone).
2 replies →
Indeed. And apparently you'll still log in with your phone number (not the username).
They also missed the opportunity, like many times they have done over the years, to actually make it something rather like 'Hide My Number' in true sense, after spending years sitting on this feature. That would have been the true case of "caring for privacy". This is just a lazy (too lazy!) copy from Telegram (however, with one good thing -- getting rid of username vanity)
There is old-now-unused "nickname".
I like “handle”. It’s short and conveys some mutability.
[dead]
> Now, you can connect on Signal without needing to hand out your phone number. (You will still need a phone number to register for Signal.)
Why is it so hard for Signal and Telegram to not require a phone number as an account identifier?
I don't need to verify anything by phone or even email. If I lose the password, the account is lost, so be it. I'll create a new one.
If I really want to, then I'll set up email/phone.
Unfortunately, spam exists and phone verification is one of the least-bad-way to ensure that the user is a real person (there are other options, but it really is one that has many advantages).
Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.
This reasoning doesn't make sense to me. A spammer can make an account, but how would they contact me if they don't know my account handle?
Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.
I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.
13 replies →
Because it’s resilient against spam, and extremely easy to recover.
They're resilient to spam, but often impossible to recover.
I had a spare SIM card that friends and family use when visiting from abroad. It's been unused for 90 days and has been deactivated. The number is lost, and irrecoverable. A friend had created a (second) Signal account with this number and can no longer log into new devices.
As a more mundane example: If I accidentally drop my phone into a river, the SIM is gone forever, and so is that line.
Sure, you can have a contract line which allows recovery. Depending on where you live, these can be several times more expensive than a regular pre-paid line.
5 replies →
Email is easier to recover and unlike a phone number you can actually own and control your email. There is no way of actually owning a phone number.
4 replies →
Apart from Spam, phone number is also one of the few unique identifiers, which is valuable to, among other things, to ID you cross-channel and show you ads.
It is easy to create a new email, but not so easy to create and keep a new phone-number.
I've been a Signal beta tester on iOS for as long as I remember, knowing that they were going to introduce usernames, and I wanted to get my (relatively common) name as my username. Now they finally introduced it, but they require it to end in at least 2 digits "a choice intended to help keep usernames egalitarian and minimize spoofing".
Edit: this is not actually a serious problem for me, don't worry! Rather, I think it's funny. And honestly I kind of like having the numbers required, it's a good idea. It does remove a lot of the vanity from usernames.
It’s an excellent design choice, it more or less completely eliminates “vanity names” and the “value” of shorter names.
It's a brilliant design choice. At first I was like "What?" and now the more I think about it, the more I realize it is an absolute genius move.
People need to get trained out of (even informally) assuming they can identify someone because their username looks familiar, and this is a great way to do it.
> more or less completely eliminates “vanity names” and the “value”
With notable exceptions, i’m sure, being username69 and username420 and a few others (a similar phenomenon happened in magic the gathering, when they introduced limited edition 500 print runs of cards with the serial number stamped on them, and the only ones you can really sell or command a good price for are 1, 69, 420 and 500)
I can't wait to talk to elonmusk420! I'm sure it'll be the real Elon. His online antics are such anyone with that username will instantly trigger Poe's Law. Getting rid of phone numbers as identifiers is a good idea but I think it would be better to just assign user IDs or generate hashes based on user inputs or something.
> generate hashes based on user inputs or something.
Because friend codes were so popular on Nintendo.
Hey add me real quick, my id is 12716472-83647281746-8172649! Or use the hash code, 0x28A56ED9! Super easy to remember, way better than giantrobot22 or vel0city66.
5 replies →
> Getting rid of phone numbers as identifiers
Unless I got the wrong end of the stick, that's exactly what they are not doing.
As you may already know, getting a commonly used username is also somewhat of a curse (do you like getting "forgot your password" emails every hour?)
Or tons of (mistaken) conversation requests?
Usernames are only used for the initial connection, so "getting" a username doesn't really gain you anything other than the "username" you give to people who don't already have you as a contact: "a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal"
I’m politely putting it away into the not-a-problem drawer.
Well, I got stavros.01, if anyone wants to chat.
Could have gotten stavr.05
1 reply →
At least 8675309 ends in two digits!
I don’t think this is necessarily something to lose sleep over.
> require it to end in at least 2 digits
... notes HN user jenny91
Nice. Now please finally give us iOS cloud backups before i break or loose my phone and years of conversations get evaporated.
I'd settle for full sync of chats between my own devices. If I can sync between my laptop and my phone, that's sufficient, since I already back up my laptop.
Counterpoint:
I don't want backups for IM. I don't want my counter-parties to have backups for e2e encrypted IM. I don't want IM to last. Why record every conversation on your permanent record? It's nuts.
For me, having a searchable record of everything said defeats the whole purpose if IM and e2e encryption. I'm sure the NSA like it.
Reasonable people may differ on it.
> I don't want my counter-parties to have backups for e2e encrypted IM.
That's not your choice to make.
3 replies →
Ok but I can already do it on desktop (and it's even easier on Android), it's only missing on iOS. So this point is kinda moot...
The encryption key is in cleartext on desktop and the SQLite db is right next to it: ~/Library/Application Support/Signal/config.json
The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.
Sadly, from what I’ve seen in similar threads online, it seems the devs are opposed to backups in principle (they believe that chats should be ephemeral and backing up is antithetical to this).
> The lack of any kind of backup/export for iOS is the main thing keeping me from recommending Signal.
"No one can read your chats, including you." — Signal
The devs are working on a cloud backup solution so not quite true, but it's also the one thing that's keeping me from recommending Signal https://signalupdateinfo.com/news/cloud-backups.html
Run a windows VM, install signal desktop, bob's your auntie.
1 reply →
Why iOS cloud backup? Why not a universal backup way, OS / cloud vendor independent?
I‘ll take it. Even offline backups would be an improvement.
For people worried about having not consented to other peoples backup. They could implement ephemeral-only chats, or backup-excluded chats where both parties have to agree to changes.
Just happened to me a couple of months ago. Cannot agree with you more.
You may be able to install something like https://github.com/mollyim/mollyim-android in the EU ... eventually.
If I understand correctly it’ll still not be possible to create an account without entering a phone number?
For me this is a requirement to call a service a private service because in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Here in Thailand it's the same but phone numbers get recycled and expire very aggressively. I just got a new phone number and I can login to many platforms of some 20 year old guy who really likes pc gaming.
Phone numbers should have NEVER became an ID. Incredibly hypocritical of Signal to claim "privacy focus" when the lowest layer of the system is literally the least secure identification method we have.
same in my country.
I had two SIM cards dedicated to online crap - one for important stuff like banking, another for social media and such.
both have expired after ≈ 3 months of inactivity, when my 2 week trip unexpectedly took 4 months. those SIM cards weren't physically inserted into my phone - I used to do that once a month to call someone and get billed a few cents so it would remain active, until that trip.
there's no way to get those phone numbers back and it's been an enormous pain the dick. I hate this fucking system, but I hate the fact that fucking everything requires a phone number even more.
in Germany at least every phone number is connected with a persons identity. To get a phone number you need to connect it to an identity using a identity card
Personally, I am totally baffled by this.
Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation on so many areas, except for this one, which ends up turning into a massive backdoor in the whole edifice. Okay, we can't ask for a copy of your identification card... we'll just use a telephone number or SIM code or something trivially tied back to your IMSI (like an app store account or IMEI) instead. Because of the absurd 2017 law, these are equivalent to your government ID card.
I really don't understand why Germans put up with this while simultaneously pushing so hard for positive changes in every other aspect of online privacy. Especially when so many other developed Western countries do not tie SIM cards to identities: Netherlands, Denmark, Finland, Iceland, Ireland, US, UK, Canada, and many many others.
It's like a giant `sudo gimme-your-identity` backdoor in all the other data collection protections. And nobody seems to care about closing the backdoor.
It wasn't always like this - the requirement to give your ID to get a SIM card, as you noted, was only introduced in 2017 (though it certainly feels way longer ago for me).
Anyways - why does nobody care?
Simple: most don't feel this being an issue.
Some may even say that they "don't have anything to hide" and there goes the erosion of privacy, bit by bit - by the time someone notices "ok, this may become a problem" - it'll be too late :(
1 reply →
On the flip side, SMS fraud is almost nonexistent from German mobile numbers, which is why scammers just send from other countries to German mobile phone owners. Mostly from France.
1 reply →
> Due in large part to C3's positive influence, Germany is at the forefront of privacy issues and legislation
That's the entirely wrong cause and effect.
The obvious root cause are a world war and the DDR.
1 reply →
This is a fundamentally different problem for a fundamentally different audience.
If we take privacy issue, it can be divided into 3 segments:
* Privacy of user data. The basic level. When you use Google or Apple, they collect data. Even if you minimize all settings — data is still collected. This data is used to train models and models is used to sell ads, target you or do anything else you have no clue about (like reselling it to hundred of “partners”).
* Privacy against undesired identification. Next layer of privacy. When you want to have some personal life online without sharing much about you. Like Reddit, anonymous forums, or Telegram (to some degree).
* Privacy against governments. The ultimate boss of privacy. When you want to hide from all governments in the world your identity.
Signal was perfect at first layer strong but not perfect at 3rd layer (e2e encryption, no data collection to share nothing with governments who seek for data, good privacy settings, always tell you if your peer logged to new device to protect from cases when government operates with telecom companies and use sms password to make a new login), and almost non present at 2nd because they have no public features except group chats where you share your number.
Now they in one move close gaps at 2nd layer — you can hide phone number and stay fully anonymous, and strength their positions in 3rd layer, leaving the last piece open: government still will know that you have some Signal account.
As for me, this setup solves 99,999% cases for regular people in democratic and semi-democratic countries and address the most fundamental one: privacy of data and actions online.
Yes it is not perfect but barrier for government to spy on me is that high that I reasonably can believe that in most cases you should never be worried about being spied, especially if you live in some places which are named not as Iran or Russia.
The only scenario, in my perspective, you can want to have a login without phone (with all sacrifices to spam accounts, quality of peers and usual troll fiesta in such places) is when you want to do something you don’t want ever be found in your current country.
But in this case, IMO, Signal is the last worry you usually have on your mind and there are a lot of specialized services and protocols to address your need.
1,2 and in part 3 were already fixed with the Signal FOSS fork back then, but Moxie and his army of lawyers decided to send out multiple cease and desist letters against those projects. Which, in return, makes Signal not open source, no matter what the claims are. If they don't hold up their end of the license and argue with their proprietary (and closed to use) infrastructure then I'd argue they are no better than Telegram or WhatsApp. Signal's backup problem is another story which might blow up my comment too much.
Because of your mentioned points I would never recommend Signal, and rather point to Briar as a messenger and group/broadcast platform. Currently, it's still a little painful to use and e.g. QR Codes would already help so much with easing up the connection and discovery/handshake process.
But it has huge potential as both a messenger and a federated and decentralized platform.
I just don't want my metadata (contact graph) hoovered because I send a (encrypted) message to someone that may be an over sharer on FB, etc.
I use Signal because I am a "nothing to hide and I like to own my privacy as much as possible" type online person.
Signal == more peace of mind just generally in this online world we have.
> no data collection to share nothing with governments who seek for data,
That isn't true anymore and hasn't been for years. Signal collects your data and keeps it forever in the cloud.
5 replies →
If we take privacy issue, it can be divided into 3 segments:
This sounds like a bunch of bullshit.
1 reply →
Just use Wire (wire.com). True end to end encrypted multi device messenger, open source, federated and based on MLS. All you need is an email address, no phone number required. And based in Europe. They allow building your own clients (with some stipulations) and seem to solve everyone’s issues with signal here
No, a for-profit corporation providing a free messaging service really isn't the solution.
I think it is a holdover from the Text Secure days. And like others say, it's a different problem.
But for solutions, can't you just buy a voip number? You just need it for registration and then can dump it. I'm sure you can buy one with cash or zcash if you're really paranoid.
While in the US I don't have to show my gov ID to get a phone number, I don't know anyone who buys a phone with cash except international students. So practically everyone is identifiable anyways. But I'm not sure this is a deal breaker since all I'm leaking is that I have registered a Signal account. AFAIK Signal only has logs of an account existing and last online with 24hr resolution (which avoids many collision deanonymization methods). Even paying with cash is hard as I'm probably caught on camera (but these usually get flushed).
So I'm legitimately curious, why is this a dealbreaker? It doesn't seem like a concern for the vast majority of people, and the problem Signal is solving is secure communication for the masses, not the most secure method possible with unbounded complexity. It's being as secure as possible while being similar in complexity to the average messenger.
> But for solutions, can't you just buy a voip number?
No, how would my uncle in the countryside of Vietnam do that? He doesn't have a credit card -- not many here do. He doesn't speak English -- can you find a website that sells voip numbers in Vietnamese? Buying a voip number from a provider in Vietnam has the same exact KYC requirements as buying a SIM, so it is still tied to your government ID and registered forever.
Also buying a VOIP for 1 month costs something like $10 from a quick Google. Average salaries are like $1.50/hour. Nobody is going to pay an entire day's salary to buy an VOIP number they throw for a month just so they can register anonymously for chat.
So, not you can't "just" buy a voip number unless you're a rich Westerner. But who needs privacy more? People in liberal democracies or people in places like Vietnam (literally an authoritarian country where people are routinely imprisoned for speaking against the government)?
> I don't know anyone who buys a phone with cash except international students.
Everyone buys a phone with cash here because few people have credit cards, since there is no such thing as "credit ratings" and it is easy for people to disappear from their debts. There are more people in Vietnam than any country in Europe. We all use smartphones and messenger apps here, too.
5 replies →
Why do you need a German phone number? Many countries let anyone have a phone number, with no proof of address or other identifying information. Just use one of those numbers instead. One example service is https://jmp.chat/ but there are many others.
It's a voip service isn't it? Those numbers will not work with many online services and even some more obscure normal providers.
1 reply →
This is not correct. Go to a phone booth, get Signal, never need the phone number again. Any phone will do. Get a phone number from a different country online and without identity check, who cares, you will never need it again.
I haven't seen a phone booth in Europe for the last 7 years.
7 replies →
> … never need the phone number again
What if I lose my phone and want to login again on a new one. Don't they send a verification code to the number again?
1 reply →
wouldn't the next bloke using the booth for same cause get the whole account?
3 replies →
Partially off-topic: I've always found this German requirement baffling. In the Netherlands you can just buy a SIM card at a supermarket and pay cash. No identity, nothing.
Same in Spain since 2004 Madrid train bombings IIRC.
This is the case in most countries these days. There are very few places left where you can get a mobile phone number without identifying yourself at some point.
4 replies →
It's still preferable to use a burner number for signal/telegram if you want privacy.
There are many countries where it's completely impossible to get a burner phone.
... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.
> ... but then Signal wouldn't have your phone number either. What they need it for is ... dubious if you ask me.
The reasons they need it aren't really that dubious to me: they want to create a service that actual people will actually use, not just weird privacy geeks who never gave up on PGP. Using phone numbers allows for the kind of user discovery that most people expect in 2024, and requiring them inserts a barrier to mass account creation that can keep spam accounts down to a manageable level (especially given the whole point is they can't do content-based spam-filtering in the way that makes email managable).
Personally, my understanding is they've always been trying to develop the maximally private usable chat app, which requires some compromises from the theoretically maximally private chat app.
42 replies →
The claim (which generally I'm inclined to believe) is that requiring a phone number drastically increases the cost to sending spam. That in turn drastically reduces the spam amount.
To me Signal is in the business of collecting metadata and nothing else (for whom, that is a good question: probably some three letter agency).
7 replies →
What they need it for is simply that it's the way the system has always worked, because Signal started life as an encrypted replacement for SMS. The point was that you could switch from the standard SMS app you were already using over to Signal (which was called "TextSecure" at the time) without having to change your habits, because sending messages to people's phone numbers was simply what people did then. There's nothing nefarious about it.
[dead]
Yes, this is just Apple level bullshit - trust us with your private data even though no law prevents us from exploiting it ...
Damn, people will never be satisfied, will they. It's not meant to be an anonymous messenger, because those have spam issues.
10 replies →
I could certainly point out the differences, but the fact that you yourself aren’t acknowledging them indicates to me that you’re throwing intellectual integrity out the window because this product doesn’t work in the way that you want it to work. Engineering is about tradeoffs, and not every company serves to build something that does exactly what YOU want it to. I prefer Signal the way it is. I understand the tradeoffs.
They are not usernames, so why do they call them that? They are more like disposable per-conversation identifiers.
"Usernames in Signal do not function like usernames on social media platforms. Signal usernames are not logins or handles that you’ll be known by on the app – they’re simply a quick way to connect without sharing a phone number."
Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
This new "feature" does very little to make signal more secure or private.
It does, because instead of having to share your phone number to Signal + all your contacts, you can share it with Signal only. It is an improvement. It doesn't address the case where you are not willing to share your phone number to Signal, but it addresses the case where you tolerate it but would like to discuss with someone with whom you'd rather not share your number.
I hope it will allow creating groups without forcing members to have their phone numbers shared with everyone.
That was my first thought too. It's stupidly confusing to call something that acts nothing like a username a username. They clearly know that given the number of times they clarify how they work. Here's another:
> Note that a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal. A username is simply a way to initiate contact on Signal without sharing your phone number.
It's absolutely a username. It can be changed arbitrarily whenever you like, and you'll probably in the future be able to have more than one name for the same underlying account, but it's still a username.
Other services do this too. For instance, you can sign up for some services with an email, and that's what you use to sign in, and you might be able to find other people by email if they let you, but you don't necessarily get shown someone's email on their profile, just the display name in their profile. And (in a well-designed service) you can change your email address at any time.
Because a regular person, being given not a number for something, is going to call it a username.
Later explaining "you can have multiple usernames" is easier then trying to undo that conception. People are familiar with it. Your username is how you identify yourself on the computer in every context when it's not obviously your phone number.
> Also, this is not finally the feature Signal users actually want - not having to sign up for Signal with a phone number and using a username instead.
Agreed. I don't own a phone of any kind, and would love to use Signal, but alas I can't because you need a telephone number, or a level 65 Necromancer to do the magic to sign up without it.
* Magic: https://www.techbout.com/use-signal-without-phone-number-sim...
Is it? On Twitter and discord people see a different name than my username. Username tends to be more for connection and display name for identification. While I get the argument I don't see why this is a big deal.
> They are more like disposable per-conversation identifiers.
Why are then not just random when you go to the share screen.
No real reason to let a person pick it
The point is to make it easier to verbally tell your friend "I'm vel0city23 on signal, add me" and have them actually remember.
Doesn't seem "disposable per-conversation" in my reading of the announcement. Seems like a permanent username that just doesn't get featured in the conversation.
>Your profile name remains whatever you set it to.
It's not really permanent - you can change it as much as you want. Once someone has established a connection with you via your username once, that connection will still exist even if you change your username.
How to you suggest to fight spam accounts without registering with a phone number?
Why is the defining feature of being human the property of having a phone number?
Spam is indeed a hard problem to solve, but the issuance of phone numbers is not designed to be used as human identification.
1 reply →
What’s a spam account anyway? If I create a new account per conversation does that count as spam? It puts exactly the same strain on Signal servers.
3 replies →
If I'm reading this correctly, this also means that a person that already has my phone number in their contacts will necessarily be able to link my number to my username after they have scanned my QR code.
Not if you've selected to hide your number, looks like.
But will the other person really have two distinct chats with me in their list then? One with my username and one with my phone# ?
10 replies →
Recent discussion: https://news.ycombinator.com/item?id=39413417
Thanks! Macroexpanded:
Signal v7.0.0 with phone number privacy - https://news.ycombinator.com/item?id=39413417 - Feb 2024 (107 comments)
First, it is a mistake to call these usernames. Second, it's a big mistake because this is a cool feature.
It's interesting to compare this feature to Session, where you also have randomized identifiers, but they identify you globally, and there's no way to give someone a handle to you that isn't linkable to other conversations. It sounds like Signal now offers that, which is actually the first time I've been intrigued by Signal.
Is there a way to keep your phone number private from Signal as well?
Agreed. It’s ridiculous that they’re even calling this feature usernames, since you still need a phone number, thus completely defeating the purpose of a “username”.
For most services to sign up, you also need an email address. This is also to help you recover your account in case you lost your password. A phone number can be used for this purpose too. Now you can share your Signal account with someone without sharing your phone number. Like you can share your Facebook username without sharing your email address.
1 reply →
This. And a way to pay signal anonymously? A workaround for some apps, is to have friends gift you support tokens.
> And a way to pay signal anonymously?
Heh, I donate monthly to the Signal foundation but still get the occasional notification in the app to do so. In some sense, I am paying them anonymously :D
Why do you want to pay them?
2 replies →
https://getsession.org/
I'm a huge fan of Signal, but I'm disappointed that this still means that I cannot have the same account on two phones (work and personal).
Yeah, would like this too.
Whatsapp added this recently and it is very convenient. You can link a companion device in the same manner you sign into WhatsApp web.
A kind of hacky workaround (that I used to use for both signal, WhatsApp and others) is to set up a server with matrix bridges running and bridge your signal, WhatsApp etc. so then you can install the one matrix client on all your devices.
But as most apps do support multiple devices these days, bar signal, it doesn't feel like it's worth the effort. And I seem to remember the signal bridge in particular being a little buggy.
I'm sure it will become possible soon. The code is already there on iOS, as the app also work on iPad, but hidden behind the internal feature flag [0]. Same with Android [1]. If your second device in an Android, you can already use it now with [Molly](https://github.com/mollyim/mollyim-android).
Also, WhatsApp recently added this feature, so the expectations from potential new users who switched is now there.
[0] https://community.signalusers.org/t/allow-android-ios-device... [1] https://community.signalusers.org/t/allow-android-ios-device...
Would signing into Signal on a work device not negate most of the security benefits of using Signal? Genuine question; I am only vaguely familiar with Signal.
I'm not a CIA operative, so, I'm willing to take that risk.
You should be able to choose your own threat model.
6 replies →
No.
The interesting thing is that it is possible to share the account on multiple devices, as long as only one of those is a phone. You can sign in to and chat from that account just fine on the desktop app, even if your phone is off.
(I guess theoretically you could run something like PostmarketOS on a phone to run the desktop app, but you know what I mean.)
That's useful but not quite sufficient for this use case, though. The different devices currently have no way to sync chat history, so you'd lose all your old chats.
What I'd love to have is the ability to connect my phone and my laptop to the same Signal account, have them automatically sync chat history between each other, and then in the future if I add a new phone (e.g. because I've upgraded) my phone can sync from my laptop and get all of my message history.
My current work-around is just to use a group chat and have both work and personal accounts part of the chat. Fortunately, I only need to be able to chat with a few people (family) while off with the work phone so this isn't that big of a hassle, but it's something I wish I didn't have to do.
> as long as only one of those is a phone
Do you know why this limitation?
1 reply →
Yeah, this is still my top requested feature. I have two phones, one is data only sim. I just want to be able to signal from both of them just like how I can on my mac and PC.
I like the concept of Signal usernames not being public either, and that they’re only a means to tell others how to find and contact them. I can’t wait for this to be rolled out.
It’s not clear to me if it’d be possible to prevent the “contact joined Signal” messages if someone else has the phone number in one’s contacts. That would be a huge thing.
For a little more historical context, with this change Signal has now solved the problems that became widespread during the protests in Hong Kong in 2019 — someone else (authorities) adding random phone numbers to their contacts list, opening a chat app (such as Signal or Telegram) and finding if that person uses that app. Telegram solved this swiftly by adding more privacy controls, [1] while Signal had other priorities.
[1]: https://www.reuters.com/article/idUSKCN1VK2NC/
There's new phone number privacy settings for "Who can see my number?" and "Who can find me by number?", both having "Everyone" and "Nobody" settings. I assume disabling both should stop it from messaging people, although not sure if you can set it quickly enough after registering.
> People who have your number saved in their phone’s contacts will still see your phone number since they already know it.
I know this is great and groundbreaking seemingly. And that it was and more was already there in Telegram, for years.
This is just unfortunate if it has been implemented like Telegram and it seems it has.
I should be able to dictate that “if I initiated communication” to “username” or “from my username” my phone number should not be linked to it even though the other person has my phone number in their address book saved, because that doesn’t mean they are a friend or even if they are I might not want to know that or chat outside the username.
I will try to access the beta (pretty sure it’d be full by now) and test how it goes but I hope it has not been implemented like Telegram after taking all these years.
Though I like that they have essentially nuked vanity username rush and grab in the bud. Kudos.
> This is just unfortunate if it has been implemented like Telegram and it seems it has.
Yes, agreed. This doesn't stop an adversary who knows your phone number and identity (such as a surveillance state) from linking communications under your username with your real identity.
It just means that people don't need to give their phone number to someone just so they can communicate via Signal.
I think this can lead to people having a false sense of security.
Signal is one of the great undertakings of our time. And it's one of the last bastions of internet freedom.
A free-to-use global communications platform that doesn't censor, respects user privacy from the ground-up, and is run by a non-profit foundation that is faithfully dedicated to its mission. https://signal.org/bigbrother/.
We should support it. If you haven't already, then consider signing up for a recurring donation to the Signal Foundation. I try to give what I can afford, because I believe that digital freedom is essential for the progress of all humankind, https://signal.org/donate/
Without such projects, our civilization will stagnate and die in darkness.
Yeah, nah, it might be fashionable but I'm not 100% convinced that it's not an operation intended to be a lightening rod for "private" communication.
Given how tightly they control development, disallow third-party clients, disallow federation, disallow self-hosting servers, have a history if disallowing use without google play and have hid huge development features from the public (mobile-coin) despite being open source. etc;
The idea that it's a great undertaking of our time is so bombastic that it's guaranteed to be false even if you truly believe that they are completely altruistic (which I'm willing to believe but it's not coming easy to me based on the above).
"What's better"? Matrix. Which seeks to solve all of my points, the only thing lacking is market share which honestly is partially caused by these "easy to use" services which trade off everything else, which also consumes developer mind-share even if you're unwilling to acknowledge that. (devs are motivated to solve issues for friends, family and themselves if they are exposed more frequently to systems and services that are sub-par).
The reason Signal is successful is because it at least somewhat reliably works, while Matrix is the worst of fiddleware.
https://blog.koehntopp.info/2024/02/13/the-matrix-trashfire.... explains why Matrix is lacking market share, and I think Signal's decision to be aggressively closed is due to a justified fear of becoming that.
10 replies →
Easy to use is important and it's a shame that you're downplaying that. More accessible than PGP/OTR? Sure. But maybe by a hair's width of an alligator's back.
If I am working with a source who gets frustrated by the impenetrability of communicating with me because I insist they use matrix while they're not technical and likely impatient, then that person will be much more likely to use a fallback method such as SMS or email, and they'll do it without warning. It's legal risk, period. My job is to make sure that they can share information with me as easily as possible and during a particularly sensitive period of that person's life, usually. Matrix, as a sibling post highlighted well, is too difficult for this use-case. That is an enormous failure for a use-case of sensitive information sharing.
I really like the idea of federation, but I haven't seen it be successful in practice. I can't think of a federated service that isn't also highly centralized. This was a big problem for cryptocurrencies and it's not like email isn't almost all Microsoft or Google. Mastodon has been struggling as well.
While I think there are better services to be private and secure from a technical perspective, there's one killer security and privacy feature that Signal has that on one else does: usability. It's pretty hard to get my grandma onto Matrix, but it isn't hard to get her on Signal. The truth of the matter is that you can't have private and secure conversations if there is no one on the other side. So while I really do like Matrix and the like, I think of them as more alpha or beta type projects. I don't find that the bashing of Signal is helpful (like we also do with Firefox) because all it does is creates noise for people that don't understand the bashing is coming over a nuanced and biased point of view (we're mostly highly tech literate here on HN, it is a bubble. But people still read our comments that aren't). End of the day, if we aren't getting 1 click server installs (or literally everyone is a host), federated systems are going to become highly centralized at some point. PGP's always failed because the easiest way to hack a PGP email was to reply that you couldn't decrypt. It wasn't appropriate for the masses even when it wasn't difficult to use. Don't get me wrong, I love Matrix, but it's got a long way to go to get mass adaptation.
Fwiw, I remember a user awhile back offering a bounty for a decentralized pathway in Signal[0]. The idea was to create an AirDrop like system to help with things like local file sharing but then extend the project forward to create a mesh network. Seems like a reasonable idea to me. I think it may be more advantageous to try to push Signal in the right direction than rebuild from scratch. I'd highly encourage people with other opinions to participate in the Signal community because it is a crazy echo chamber in there and for some reason the devs treat it as a strong signal.
[0] https://community.signalusers.org/t/signal-airdrop/
5 replies →
XMPP cries in a corner. I wish XMPP had more accessible (to the general public) desktop clients. Conversations is great, but speaking from experience, people aren't going to want to use Gajim because it looks like it's ten years old (even though that's a good thing ;). XMPP needs better clients in general. The last time I used Profanity it had very annoying bugs about sending and saving OMEMO encrypted files.
in a world where iOS users won't install another free app from the app store because they already use iMessage, matrix is like asking for your friends to perform calculus just to talk to you.
11 replies →
We really should convince Moxie Marlinespike to push the implementation of an out-of-the-box working bridge between the Signal client and the Matrix network. With e2e encryption, of course.
2 replies →
Signal has its problems, some of them sever. It's also buying "us" much needed time to build out federated and self-hosted chat platforms.
I truly believe they are altruistic, although it is unrealistic to expect that to last forever.
By the way, some of the claims you made about their "bad actions" are actually false. And Matrix is still incredibly annoying to work with for "normies" and only recently got first-class E2EE and retention policy, both things needed for a secure chat experience. And btw, those things aren't deeply supported in the ecosystem, and also it doesn't have client feature flag alerting (to allow good intentioned clients to de-facto report they don't support certain security features).
I do think Matrix (or something like it) is the future, but it's certainly not the present.
1 reply →
Matrix?! As someone who runs is own Matrix homeserver, oh, man, no way. Matrix is super fiddly, unreliable, and user-unfriendly (and I say this as someone who has at times agreed that Signal can be user-unfriendly).
Matrix also is just not particularly private. Servers control and know far too much about users, and pretty much no mainstream client enables E2E encryption by default. Matrix is an impressive piece of technology, but it has a long way to go before it's as usable for an average mobile phone user as Signal is.
Just because a project is open source doesn't mean everything the team works on or releases will be in the public eye, nor does it even imply that it has to be open source as well.
2 replies →
I agree about the passing utility of Signal [0] but Matrix (which I do use) is a barely adequate dumpster fire. They spent all this effort developing a generic synchronization protocol, but yet didn't include native encryption in 2014 and had to bolt it on as an afterthought? And the last time I tried to find a native client it seemed like they were all still using web engines for rendering (inherently slow and insecure), presumably because the markup is too complex to make straightforward native apps.
[0] I don't even use Signal. My tack is to isolate and contain my "mobile phone" device as much as possible (when I'm home it generally stays next to the door on a charger). Whereas Signal has been designed around that single device as a critical part of my life. When I can sign up using only a username, and use Signal from a native client or web browser without any sort of Android device in the picture, then I'll be interested.
They don’t and can’t disallow third party clients. The client is GPL.
5 replies →
> And it's one of the last bastions of internet freedom.
I don't want to be too negative on Signal since they do some good work and I do use it.
But freedom? No. It is another completely proprietary platform. A better one, but still proprietary, so the antithesis of internet freedom.
For example just earlier this month the Signal client overnight stopped working on my old Mac because they decided to no longer support older OSX releases. So I can longer use it on that machine, my primary desktop.
If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.
>If Signal was in any way open or free (as in freedom) I'd just compile my own client to speak an open protocol and be back in business. But no, Signal is just a proprietary service with a proprietary client.
Isn't the source code available? What's preventing you from compiling your own copy?
2 replies →
As far as I'm aware, everything is open[0]. Only issue I know of is that the server code isn't consistently up to date and you can't run your own. But you can compile the app and desktop clients yourself. I guess there's also the issue of reproducible builds but AFAIK this is a play store issue and doesn't seem that problematic since you can compile from source. I mean they even have a commit from 4 days ago for the Android app.
[0] https://github.com/signalapp
7 replies →
> old Mac
> older OSX
How old OSX are we talking? Is it older than current Xcode with Sonoma supports? If it's that, then you have your answer. If you want to daily drive and older machine Linux or even Windows should be fine, but this is not really the way with Apple hardware - if it was, Xcode would make this easier for the developer. For reference, you can still build for Windows Vista using current Windows 10 SDK - I haven't tried Windows 11 SDK, so not sure how things are there.
I believe signal is completely open source...
Here u go
https://github.com/signalapp/Signal-Desktop
> We should support it. If you haven't already, then consider signing up for a recurring donation to the Signal Foundation.
I always like to remind people that you can also donate through your employer and many will match. This is a great way to multiply your donation and everybody wins. Your org is going to donate x amount a year anyways and so might as well "vote" on where some of this money goes.
Requiring a phone number is like asking for an id. What does signal offer that whatsapp doesn‘t? Serious question.
Edit: Ok, ok, I was wrong, signal does have advantages over whatsapp.
It encrypts your metadata (the most important data) and doesn't use it to manipulate you. It's a non-profit. And now you can use it without exposing your phone number to other users.
Again: Metadata. WhatsApp records a timestamp of every message you send/receive, and who the other party is. Signal only records two pieces of metadata: timestamp of when you signed up, timestamp of the last time you sent a message.
Whatsapp only e2e encrypts message contents. The only thing Signal knows about you at any given time is the time of account creation and the date of your account’s last connection to Signal servers. That's tied to your phone number. They don't know who you chat with, the contents of those messages, your phone contacts, anything.
I'd get a chuckle out of comparing that with the privacy of Whatsapp.
My 2¢, as someone who tried using WhatsApp once and ran away screaming:
WhatsApp requires you to give it access to all your contacts (your entire address book) in order to use it at all. This information is uploaded straight to Facebook’s servers where they’ll inevitably use it to place your WhatsApp account in a social graph so they know who you are based on your contacts. I found this to be unacceptable so I uninstalled it.
Whatsapp message content can be pulled via a subpoena along with a lot of other private data. Signal's can not.
FBI doc on what messaging apps can provide via subpoena pulled by a FOIA request...
https://propertyofthepeople.org/document-detail/?doc-id=2111...
3 replies →
WhatsApp does not provide real encryption - all the metadata is unencrypted!
1 reply →
People who subpoena Whatsapp know who your friends are.
Even if all the other things sibling posters mentioned didn't exist, the simple fact that Whatsapp is owned by Meta and Signal is not... well, that'd be enough for me.
No data sharing with FB
1. Facebook owns WhatsApp and uses it to collect data about people, such as who they communicate with, how and when. They also know about many of the websites you visit and what you do there. They know everything you do on Facebook, Facebook Messenger and Instagram. They buy mountains of data about us from other sources. By analysing all of that data they can probably do a reasonable job at guessing the content of your WhatsApp messages.
2. WhatsApp tries to get every user to accept the option to backup messages and photos to Google Drive, where they sit unencrypted and accessible by Google. Even if you reject that option yourself, your correspondents are likely to have enabled it (if only just to stop WhatsApp from nagging about it) and so your messages are available for Google to read. Example of why this can be bad: https://www.vice.com/en/article/zm8q43/paul-manafort-icloud-...
3. Google Photos asks WhatsApp users if they'd like it to back up their WhatsApp photos. Even if you reject that option, your correspondents may have enabled it and so your photos are stored online unencrypted and accessible by Google.
4. Why should we limit what Google and Facebook know about us? Google and Facebook influence our behaviour for the benefit of their paying customers. Their computer systems are too powerful for our minds. They work against us, not for us. Companies like Facebook will come to be seen like tobacco companies, except that the harm is as from mind altering drugs. There is a documentary on Netflix called The Social Dilemma which explains this well. The polarisation of societies and the spread of conspiracy theories are some of the effects. The only defence is to disengage.
5. Read about Chinese-style social credit to understand why you want companies like Facebook and Google to know as little about you as possible. This is a good overview: https://nhglobalpartners.com/wp-content/uploads/2021/10/chin...
1 reply →
While I am thankful that Signal exists and is a considerate of privacy concerns I don't think their decisions are always right.
For instance, I would love to see picture sent to me by my spouse automatically saved to camera roll. Signal has no option for this because it could put the privacy of me and the sender in jeopardy.
I actually like it this way. Occasionally (not always, which is even more confusing), images from random Whatsapp conversations ends up in the Android equivalent of my camera roll, and it annoys me to no end.
My camera roll is for photos that I have taken. If I want to put something from someone else in there, that's a decision I will pro-actively make. Other apps shouldn't be doing that for me.
WhatsApp has this feature and it drives me nuts. My roll is full of crap people (especially chat groups) send me and I have to clean it up every now and then. I surely hope Signal doesn't do this and keeps the current approach of allowing users the option to download the images they want, when they want.
They have a community forum with a feature request system. Though I'll admit it's a big echo chamber there. But every new user adds a new voice and I can't see how that isn't a good thing.
Fwiw, I want this feature too. And others. I've submitted feature requests in the past. I even asked that usernames add QR codes and links. I'm not sure if I was heard, but hey, the feature is there and even some of the echo people were against it.
They need to actually listen to users. Signal needs to support SMS, they need to support backups, they need to support easily migrating to new devices. I don't care if it makes me slightly less secure, make it a checkbox in the client that I agree if I enable the features, I'm a moron because some nation state could abuse it.
Otherwise, it'll always be niche. I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging. When they say "users might not know they're sending insecure SMS messages" - fine, you own the client. Make the client bright red with a flashing "INSECURE MESSAGES" across it for all I care. It's not hard to inform a user in 2024 that they are sending a less secure message.
Signal has so many footguns that I stopped recommending it. I know more than one person who lost all their messages and pictures when they switched phones.
> I'm never getting non-technical friends and family to adopt a messaging app that isn't unified for SMS and secure messaging
Er, what? So no one you know uses Whatsapp, FB Messenger, Telegram, Google Talk, or anything else? I suppose it's possible that's true, but even if so, you and the people you know do not represent the common-case user.
I thought I read that Signal has some funding by the US government. Was that not correct?
That's correct, but so what? So does Tor. The US isn't a single unified entity. They get some funding from groups that promote encryption. Gov still wants encryption for their own people and for people in authoritarian countries (it's hard for normal people to overturn an authoritative government when all communications are watched. No need to discuss CIA). But also remember there's plenty of US gov groups that attack Signal too. Just saying "US funded" isn't strong enough on it's own. The gov has it's hands in everything so it's too noisy. You'd need to make an argument about it's dependency on that money, which they aren't. Records are public btw, they are a nonprofit.
[dead]
[dead]
[dead]
I couldn't believe it when I first signed up for Signal and people who had my number were * sent notifications * that I had just signed up. This could've included people I had blocked on my phone.
Same. One included an unstable individual who I was happy had forgotten me. Suddenly he messages me out of nowhere -- "Oh hey, you still exist! And you just installed Signal.... hmm, given what day it is, I'm guessing you're at such-and-such event?"
Absolutely unacceptable.
I think the Signal devs hadn't thought this through at all and just blindly copied what Telegram was already doing thinking it must be cool and trendy with the masses, without understanding their core user base at all.
Same with prioritizing stories, stickers and crypto payments as core features of Signal when that's not what most of their users care for. Meanwhile there's still no official way to port your existing chat history on PC and iOS to your new device, or support for Android tablets. Obviously, stickers are more important.
30 replies →
I was all excited about Signal, but rarely use it because of this very feature. Once it started sending me notices about other users, I was extremely not happy. I was very hesitant since one of the first things it did was ask for access to contacts. I'm still pissed at myself for allowing it.
Hi there, engineer on the Signal Android app here. Just an FYI that the notifications are generated on the receiving client by detecting that one of their contacts newly showed up as a registered user -- they're not "sent out" by you when you register or anything. Also, these notifications have defaulted to being disabled for the last 1.5 years or so. So only people who go into their settings to manually turn them on should be seeing them at this point.
That said, the complaint around this is usually that people don't want others to know that they use Signal. And unfortunately there was no way to _really_ do that (until now), because if you open your chat list, you'll see all of your registered contacts. But in the 7.0 release, we added the ability to hide yourself from being discoverable by phone number at all. So for people who don't want anyone else to know that their phone number is registered with Signal, they now have that option.
How come it wasn't the default right from the start?
How can a privacy oriented company not see the privacy implication of this? Sometimes, you want to be forgotten by some people, and Signal is telling them you are still there and active on that number. I remember reading a story about someone getting into real trouble for that.
Without "usernames", the proper way to handle it would have been to not let anyone know you are on signal when they look up your number. To get into contact, send a message, then the recipient will receive a notification with the message and an option to rely. If the recipient doesn't respond, from the sender point of view, it should be as if the account didn't exist.
I personally don't have a problem with this feature, and it's actually how I discovered Signal use among many of my friends.
But I think it's inexcusable that these sorts of notifications could essentially allow someone to circumvent blocking done by one of their contacts. If I've blocked someone via my phone's default contact blocking mechanism, and then I join Signal, and that person is already on Signal, they should not suddenly be able to contact me... and even be explicitly invited to do so on their end!
I wouldn't be surprised, though, if neither Android nor iOS gives regular apps access to the blocked contacts list. So I'm not really sure how an app like Signal could solve this problem.
> But in the 7.0 release, we added
great, but what about all of those people that installed before 7.0 and had it already happen to them? "oops" doesn't help. at. all.
After I realized this happened to me, I uninstalled signal. But because of the way signal jumps in and replaces normal sms, I found out later that signal users were no longer sending/receiving plain text messages to/from me properly. I forget the details but it was really frustrating.. first it ate my contact list and contacted them, then after I uninstalled it held those contacts hostage, breaking comms with them because those users didn’t know they were still signaling me, not using a normal text message. I text, they reply with signal, I can’t ask them to uninstall their app, so now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.
>now if I don’t reinstall the app myself or borrow a friends phone to try and reconfigure it then I guess we’re now out of touch forever? It’s not privacy-friendly to replace or hide built in functionality, it’s just an attempt to coerce people and to bolster your user numbers.
yeah, you need to authenticate to delete the account (aka deregister). How else would they verify that you are the owner of the account you want to delete?
1 reply →
Signal has not supported SMS for quite a while now.
1 reply →
https://github.com/signalapp/Signal-Android/issues/7409
> We've discussed at length why this is not possible, but if you have more thoughts then please visit the forums. Please try not to open duplicate issues in the future, even if you feel like something is important.
I wonder why this is "not possible"
The list of phone numbers with signal accounts is basically public. It kind of has to be. When a new number gets added and it matches someone in your address book, your app will tell you that one of your contacts has joined. People have always had the ability to turn off that feature, but that's not what the feature request seems to be asking.
People seem to be asking for a way they can join Signal without their number showing up in the registry of Signal users. This is why it's "not possible".
edit: This may have changed today. I'm now seeing an option that lets me hide my number from the registry. This means that even someone with my phone number will not be able to message me on Signal, which seems like a good deal to me.
One of the many reasons to never sign up for a service that requires your phone number, or have a special number just for this purpose.
Yes, this drove at least two people I know/encouraged to use it off the platform. When people see this they also think that Signal snooped their contacts. Very bad.
This and the iPad "We'll remind you later" iPad notification nag are significant problems. I am a big supporter of Signal, but it's certainly hostile to those escaping an abusive situation. Usernames are a step in the right direction at least.
I've seen this on Telegram but never on Signal. I use Signal on both iOS and Windows.
I uninstalled Signal and haven't looked back due to the constant `X from your address book has joined Signal` notifications that you can't disable.
3 replies →
I think you can turn that off with telegram, but I'm not sure if it's still the case.
The whole "your phone number is your user ID" was always the dumbest trend in instant messaging and I have no idea how it caught on.
This new feature was already discussed here on HN a few days ago if some of you want to read the previous discussion: https://news.ycombinator.com/item?id=39413417
Isn’t Signal just a honeypot?
https://www.kitklarenberg.com/p/signal-facing-collapse-after...
Ha! I didn’t even know that! case’s closed.
I know some people defend Signal out of ignorance or loyalty, but I suspect there are some paid shills for Signal now. I don’t see how anyone with a bit of security awareness (which is the reason to use Signal instead of whatsapp) can justify using a phone number as an ID in 2024..
This is the interesting part. For me.
> Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account.
The "no longer associated", I will need to get Signal word for that, right. (You cannot cryptographically prove something was deleted, right.)
But it's good enough I guess
You shouldn't need to cryptographically prove that an old username is unavailable. You should be able to simply send a request to Signal servers asking if it's available and receive "no" as a response.
You'd have to take their word that this wouldn't change, though.
Yeah but they can remember forever which real person had what username.
I just donated the minimum amount to Signal through the app (~$3), I encourage all other users to do the same, because every time a Signal article is posted it’s a reminder how dystopian IM would be if there was no realistic, privacy respecting option for ”normal people”.
It’s probably the only piece of privacy friendly software I’ve recommended to older relatives that actually stuck. It’s not fancy, but it’s solid, simple and does what it’s supposed to.
well, technically, you donated ~$3 - 30%, yeah?
what is your point?
2 replies →
> Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts. [Footnote: Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with.]
(emphasis mine)
Couldn't Signal just brute-force all possible usernames in order to connect them with their accounts?
All in all, it seems usernames are just as public as anywhere else and the encryption part sounds like snake oil. Ok, maybe once more they try to protect the username table (or its equivalent in the zero-knowledge proof algo) from getting probed too often by means of an Intel SGX enclave or something, but I wouldn't want to trust SGX either.
usernames are between 3 and 32 characters long with up to a 9 digit discriminator at the end. ~200 bits
aes starts at 128 bits
I don't agree with the 200-bit estimate. Usernames will typically not be random and will have much less entropy.
Either way, I was not talking about brute-forcing a single username. What I suggested was that Signal could loop over the space of all possible usernames. Every other name would be a hit (i.e. exist) and reveal the account ID, possibly even the phone number, of that user.
Hell, couldn't regular users do the same? The blog post at least doesn't mention anything about rate limits when probing usernames.
> A username on Signal (unlike a profile name) must be unique and must have two or more numbers at the end of it; a choice intended to help keep usernames egalitarian and minimize spoofing.
Interesting choice. I’m guessing most people might just use the last two digits from their birth year, to make it easy to remember.
When they announced usernames I thought I will be able to install Signal on my TV desktop (linux) and send / receive messages from to it (links, files, etc).
Now that I know it still needs phone number I assume it will need to be unique so my use case fails.
For the record, I am still a happy Signal user and a monthly supporter, thank you very much.
There's a contact in Signal called "Note to Self" that you can use for this.
I use Signal this way too. It's great for small messages and files. For larger files, you'd want SyncThing.
Just hair splitting obviously but I don’t think it’s really a contact, it’s just what the recipient shows as when you send something to your own number.
I guess I will be uninstalling Telegram, now.
It was great, then it focused on monetization at the cost of other things.
I still kept it because I could simply share an handle and talk with strangers over the internet on my phone/laptop. There won't be that need anymore.
I hope this feature puts pressure on Whatsapp to implement the same.
Telegram's biggest investor is Russia's sovereign fund.
So I'd argue monetization here is not a top issue
Honestly, TG was the most convenient messaging app that I had ever seen.
I used it for the convenience.
Until they focused all their energy, time to monetization features. The quality of rest of the app began to deteriorate.
2 replies →
Most of the use-cases for requiring a phone number to sign up for a service e.g. Twitter, Signal seems to be to avoid spam. Atleast allegedly!
What alternatives can be used instead, something that is easily accessible/available to the general public but not easy to obtain to create mass users?
Instead of heavily limiting account creation, Discord for example limits the possibility to message users outside of your network by default. Only people you have added as friend or you share a server with are allowed to message you by default.
For signal that would be harder to implement since it's more focused on 1o1 chats instead of groups, maybe if spam gets out of hand they could use a grey-listing approach like Instagram does where users outside your network get moved to the "message requests" inbox by default.
Discord, while overall better than Telegram for privacy, will flag your ip / device / identity and require a phone number for new accounts if you do something like use a message archiver to back up conversations. Took me years to get the block removed (but not for my work account). It was a privacy nightmare for me and when I had to get an account for work I had to sign up for an additional cell phone service, which cost me thousands to this day.
I’m still nervous about making new accounts in case it triggers some process to lock me out of my one account that I don’t have a phone number for. I couldn’t join the baldurs gate 3 discord to find people to play the game with because it required a phone number on the account, which I was already forced to use for my work account.
On the other hand, I’m glad they actually do enforce their rules, unlike Telegram (which is a haven for scammers, pedos, radical communists, open market drug dealers, and terrorists, not to mention the soul-depleting interactions I’ve had overall with chat rooms there)
3 replies →
[dead]
If anyone wants to help me add the thinnest layer of security possible to the signal desktop app please reach out to me. It needs the option to use a pin to unlock, like, yesterday.
As it stands, if you let someone use your computer and you have signal desktop, they can see all your E2E texts. Desktop computer sharing is much more common than the devs acknowledge. Also there have been several high profile cases of federal agents squatting on a confiscated laptop, keeping it awake and eavesdropping on signal group chats without the other participants’ knowledge. See the evidence in the FTX trial as a recent example.
I'm a python programmer, and I have zero experience changing the internals of an electron app, but this is a big deal to me.
If the feds have you device, they have everything, regardless of how hard you try to lock it down. Not worth even considering how to keep them out because you're simply not going to.
Also consider that, a sufficiently motivated private threat actor is likely going to break a pin, there's not enough entropy there, or they'll hit you with a $10 harbor freight pipe wrench until you tell them the pin.
For everything else, bitlocker, LUKS, or equivalent is more than sufficient and battle tested for those uses. Yes there are ways of breaking both, conditional on XYZ, etc, but, they're good enough. It does force you to multiboot, but that's good practice anyway, no reason someone using your computer should be using your root partition in 2024.
Ugh. I shouldn't have even mentioned the feds. This isn't threat actor level stuff. The thing that bothers me is that if I let a non-technical user onto my computer to do something like write an essay for school, they might stumble upon some messages that should have been private. There's zero protection. That's why I called adding a pin the thinnest possible level of security.
It might not please you to learn that Signal Desktop stores your messages in a trivially-read SQLite database. But it may prevent you from trying to lock the client with a pin.
https://www.alexbilz.com/post/2021-06-07-forensic-artifacts-...
Basically, Signal Desktop is a gaping security hole. That's why I said only the thinnest possible level of security.
There is a universal way of fixing this for all your desktop apps: locm your computer. It works similar to locking your phone: when it's locked, you have to first unlock it with a password or something, in order to start using the decide and it's apps again. As long as it's locked, all your data is protected.
Personal computers are big. They don't fit in your pocket. They don't lock when you hit a small button on the side. They are often shared. Your argument about locking down the whole computer is brought up every time someone wants this feature. The reality is, we want signal to be an application that anyone can use. Not everyone is a single male with enough income to have their own private computer.
4 replies →
So basically copying telegram way. That being said, why does Signal still require a phone number in the first place? Exactly, because when needed, it will be used to be linked back to your real identity, it has nothing to do with spam or anything, Signal isn’t a social media with public posts and what not, it is a messaging app.
> why does Signal still require a phone number in the first place?
From https://signal.org/blog/signal-is-expensive/
> We use third-party services to send a registration code via SMS or voice call in order to verify that the person in possession of a given phone number actually intended to sign up for a Signal account. This is a critical step in helping to prevent spam accounts from signing up for the service and rendering it completely unusable—a non-trivial problem for any popular messaging app.
I'm not sure why you need to assume that it will be linked back to your real identity; I haven't seen anything that indicates any motivation to do something like that. I'm all for being cautious, but being overly cynical can lead to letting perfect being the enemy of the good.
For the spam part, I commented below how’s that doesn’t work and it doesn’t even make sense for a messaging app.
> I'm not sure why you need to assume that it will be linked back to your real identity;
I’m not assuming, only North America (edit: and some European countries) doesn’t require an ID for a phone number (1), and even in here, you would use it in other services that are linked to your real ID like banks or paying the phone bill online. The concept simply boils down to as soon as you find an account’s phone number, it’s a game over for that said privacy.
(1) https://www.comparitech.com/blog/vpn-privacy/sim-card-regist...
26 replies →
Neither Signal nor Telegram allow to pay a small amount in cryptocurrency to prove you are not a spammer. This shows that they are really interested in knowing who is their user.
1 reply →
There are places where one's mobile phone is effectively one's identity. South Korea for example:
<https://www.nfcw.com/2022/10/20/379863/south-korea-to-roll-o...>
4 replies →
Definitely not a copy of Telegram. I'm not actually sure what the draw is with Telegram but given it's origins I'll choose Signal over Telegram.
If you read the thread the linkage between a phone number and a Signal account cuts down on fake accounts significantly - which has nothing to do with "social media" but it does have a lot to do with SPAM as you've incorrectly stated. I understand why it's not ideal, but there are tradeoffs in both directions. It's unlikely that usernames are going to expose users more than they currently are if they're already using Signal. And it's also unlikely that this new feature changes much, but I welcome the ability to prevent users from associating my known number to my Signal account. In this way the security model has improved considerably.
Telegram has channels and groups that work in a weird but very useful way. That's mostly the draw for me, not really the private messaging. Though the UX is just amazing, even for private messages. Everything is just super neat and where you expect it to be. I'd still probably not use it if it wasn't for how channels work
1 reply →
Telegram's privacy is questionable but its UI is absolutely outstanding.
1 reply →
Does Telegram still have a feature where you can see who nearby you is using Telegram? That to me is a reason alone to not install it.
3 replies →
> why does Signal still require a phone number in the first place?
Governments won't go on a crusade against Signal as long as they keep records of who is using their platform to commit crimes.
Signal won't commit to being an anonymous platform likely for that reason.
Yep, plus I (and many others) feel the US government is satisifed with the information that Signal provide to the government and it has to follow juristictions such as NSLs: https://dessalines.github.io/essays/why_not_signal.html#a-si...
It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).
It may decrease privacy philosophically, but it isn't nefarious.
If you want a private messaging platform with zero prerequisite identity, use Briar.
> It is a way to increase usability for casual users
You can keep it as an option.
> decrease spam by requiring some other source
Phone numbers never been a good way to counter spam, just look at social media, you can buy phone numbers in bulk these days, not to mention spam might work in social media because there’s the concept of “public space” where everyone shares and talk, so it does make sense for some bad actors to spam or even trying to influence others, that’s not the case in messaging app, because first I need to know your “unknown” username that I can’t see it elsewhere, and second, the efforts are worthy for such unsolicited message, which in case it was, you can get a burner to send it. The point is requiring a phone number to counter spam doesn’t work, and it doesn’t make sense either for messaging apps.
> If you want a private messaging platform with zero prerequisite identity, use Briar.
Well, personally I don’t use Signal, never will in its current state, but they always try to promote it as privacy messaging app while still relying on a broken system known as GSM.
1 reply →
> It may decrease privacy philosophically, but it isn't nefarious.
It doesn't decrease privacy. It decreases anonymity which is distinctly different.
> If you want a private messaging platform with zero prerequisite identity, use Briar.
Or Session which is a fork of Signal that runs it's own network using standard PKI instead of a phone number for identities and a decentralised message delivery/onion routing system.
> It is a way to increase usability for casual users, decrease spam by requiring some other source of identity tied to real existence (emails are easier to generate than throwaway phone numbers).
You either end up discriminating against users who have to use VOIP for whatever reasons (and there are legitimate reasons) by blocking VOIP numbers, or your barrier to entry for spammers is almost negligible. It's not a good system.
If you want to prove that users are humans, use a webcam and an id, or delegate the task to some bigcorp who already has a similar system. If that's too much for you in terms of privacy, you shouldn't be attempting to prove that users are humans in the first place. Maybe you should prevent spam via product driven solutions, e.g. whitelisted contacts.
For the people who really don't want a phone number, make them pay via mobilecoin. Lets them raise money and prevent spam.
You can use burner voip numbers, it doesn’t need to be a gsm sim in your phone or tied to your identity in any way.
>it has nothing to do with spam or anything
What experience do you have to have gained this confident knowledge?
Would they be able to resist a secret court order?
31 replies →
Telegram? Neither ICQ (1996), nor Skype (2003) required phone numbers. That's a later trend, part of general enshittification of internet.
How much spam did you get on ICQ? I remember getting a lot.
1 reply →
Because the social graph sitting in people's phone address books isn't easily replicated, and using phone numbers is basically the only chance of overcoming the chicken-and-egg problem with network effect.
> Each version of the Signal app expires after about 90 days, after which people on the older version will need to update to the latest version of Signal. This means that in about 90 days, your phone number privacy settings will be honored by everyone using an official Signal app.
This sounds terrible. Are they saying that your phone number will still be visible to anyone running an unofficial app, even if they didn't have it before?
Is it enforced by the protocol or is the number just "hidden" by the official app?
Great start. Now can I have an account without using the Apple/Google duopoly mobile OSs (especially since Signal doesn’t support UnifiedPush to get some of the leaked metadata for notifications from Firebase, but at least the Molly fork supports this), or a desktop program that isn’t Electron, or allow decentralization? Why should I have to own a phone? Why do I need to run an entire browser for just a chat app when XMPP & Matrix do fine from web to native to TUI? When will I be able to run my own server?
I'd willingly provide a copy of an official ID to rid my Signal and Whatsapp accounts from the phone number. I mean, if it's good enough for the mobile company, why not just skip the middleman?
I figure the verification process is pretty expensive.
Is there a usuable desktop app existing by now, or still mobile use only?
There is desktop electron app that works mostly OK (as far as electon apps go). Unfortunately, you need a mobile phone with the signal app to start using it.
Also, if you forget to open the desktop app for a few weeks, it breaks the link and you have to go get your phone anyway.
And it doesn't show any messages that came in on the phone during that time, so you're missing context and in practice you just have to use the phone for everything anyway.
I think (but don't quote me on this) that you don't need the Signal phone app to start using it. As long as you have a phone that can receive text messages, I think you can also enter the confirmation number into the desktop app.
5 replies →
Depends on your definition of usable. It sends and receives messages and has been for years now.
There's been a desktop option since 2015. And the Electron based app since 2017.
> A username on Signal ... must be unique and must have two or more numbers at the end of it; a choice intended to help keep usernames egalitarian and minimize spoofing.
Amen.
> you will still need a phone number to sign up for Signal
Guess I'm not signing up for Signal then.
Seriously though - this has always bothered me. They build the "most private" communications service ever, yet require one of the most identifying pieces of your information in order to use it.
If I didn't know any better I would swear it was a surveillance honeypot.
But now that you "do know better", what's holding you from signing up?
Now that moxie is no longer there how about getting rid of the requirement for personally identifying phone numbers as IDs at all?
Out of the loop: what happened to Moxie?
I hope someone corrects me if I am wrong, but around two years ago he backed out of any responsibilities (ceo) after he bundled mobilecoin into the app.
2 replies →
Moxie is currently completing New Year's resolutions that his friends have assigned him: https://moxie.org/stories/year-of-the-challenge/
> If you select “Nobody,” the only people who will see your phone number in Signal are people who already have it saved to their phone’s contacts.
Can someone explain how this doesn’t leak information? If I add someone via username and I randomly guess their phone number, does Signal leak it after the fact?
I was wondering about that too, I think the wording is just a little confusing.
Further down it says:
Selecting “Nobody” means that if someone enters your phone number on Signal, they will not be able to message or call you, or even see that you’re on Signal. And anyone you’re chatting with on Signal will not see your phone number as part of your Profile Details page – this is true even if your number is saved in their phone’s contacts.
So I think what they mean is if you've been chatting with someone before this update and they have already linked your phone number and signal account then setting to nobody won't revoke that.
However if you initiate a chat with someone new using your signal handle, even if they have your phone number stored, they won't know it is you.
Otherwise it seems like it would be easy to brute force someone's phone number!
My favorite feature from Threema now available on Signal. Next up… please make it easier to transfer databases between mobile phone upgrades, I’m looking at you iOS version.
Still I would love that this feature generated QR codes without the unique disposable username in human readable form.
Still I would love that this feature generated QR codes without the unique disposable username in human readable form.
No SNI:
https://web.archive.org/web/20240220182255if_/https://signal...
> People who have your number saved in their phone’s contacts will still see your phone number since they already know it.
Does it defeat the protections then to add a range of phone numbers in contacts and harvest username/phonenumber combinations?
Did this roll put? I have the latest version but no Phone number under privacy settings.
Only in the beta client for now.
Has anyone figured out a way to copy your chats from android over to ios yet? I switched phones recently and don't want to lose my old messages, so I haven't moved signal over yet.
Does this mean I can create an account without a phone number yet?
All I know is since they introduced this feature I received 4 spam messages about crypto, whereas in the past several years I received 0 such messages. Overall a net negative for me.
You mean in the hour and a half it's been released...?
No, this happened over the past 2 months. I've received messages from accounts with female first names without any phone number (and obviously not in my address book). I suspect they were testing the username feature pre-release and bad actors already started taking advantage of it.
It's 2 swipes to block and delete but a problem I never had to deal with before on Signal.
Glad to see them using a name + some numbers scheme here. I immediately rushed to reserve my username but found out I didn't need to. Oh well now have the .01 suffix
Ol' MSN Messenger, back in 4000 BC, had solved everything already.
All of the current messaging apps are spyware in one form or another.
Why can't they function without access to the entire contacts list?
Signal doesn't store anything about your account on the server except last login time and when you registered. It doesn't store a contacts list, so it used your own, assuming you granted it access to do so.
Contrast to MSN, which kept your contacts on the server, as well as information about your account, groups, your plaintext messages, etc.
Not sure if DeltaChat or Briar require access to contacts. Maybe those could be good for you?
Signal has never had access to my contacts and works perfectly without it.
Love what you guys are doing. Great jobs Signal!
I have always wished to integrate a similar method in our phone first booking solution to keep the number private beetween host and particpant.
Very inspiring!
Smart that they force users to add 2 numbers to the end of the username to avoid “high end” usernames. I wanted to grab my first name but ended up with firstname.01
Joe Rogan has no reason to complain about Signal now.
Do you still need to give your phone number to Signal to signup? Fucking ridiculous that you have to when it's not really needed.
Random aside: I saw the title and before reading it wanted to try and claim mine. I went on my phone, and this page was not even on my first google results page when I searched "how to use signal usernames", nor was anything remotely related to either topic.
I was tired of reading all the comments on here about how 'google search' is terrible, I now believe it and will be looking into all the suggestions here.
You still need a phone number to sign up.
Telegram has had this for a while no?
i didn't get why any phone number is involved when this software was released, and now it's gone. i safely avoided even bothering to learn of whatever false conundrum these San Fransisco, Twitter scene people had in mind.
>signal
>Hide-Your-Number(tm) option!
>still need a number
LOL just install Session and SimpleX (and, for 'droid Chads: Briar). If P2P voice/video skeeves you then get mullvad or proton or something vpn. Why is it the normie will do all kinds of torturous steps like phone and identity verification to install instacoom...
... but they just refuse to install Session and copy/paste an identifier to add contacts (assuming non-locality, else there's QR), complaining it is "too hard whine mew!" Normies make dragnet surveillance so easy!
I once did work for a UK politician and got a notification when they signed up.
Good choice on their part.
So?
Well I don't think I should be told what apps they use
> Until now, someone needed to know your phone number to reach you on Signal. Now, you can connect on Signal without needing to hand out your phone number. (You will still need a phone number to register for Signal.) This is where usernames come in.
How about no phone numbers for registration at all?
That would welcome a world of spam. Sybil identities is currently an unsolved problem, the mitigation is the requirement of unique scarce resources (like phone number in this case)
> Sybil identities is currently an unsolved problem, the mitigation is the requirement of unique scarce resources (like phone number in this case)
Then let your phone number receive the spam instead?
3 replies →
so one person can create 1000s of accounts?
[dead]
How about switching to Matrix? (I already did and am happy.)
My parents, in-laws, grandmother-in-law, and entire extended family is on Signal. It's the extended family group chat, video calls with grandparents/great grandparents, and the baby photo feed. That's mostly because you just install it and it works.
I have no idea how to get my extended family on a Matrix homeserver without extensive handholding. I can barely figure it out myself and I was a huge XMPP nerd that ran my own ejabberd server for years.
For users who want strong security in messaging, yet an easy way for anyone to use the platform Signal has a much better user experience. Over 95% of my messaging is on Signal. Almost none of those users will benefit in any way by switching to Matrix. While it's a great ecosystem, it's also too much work for people who don't want those features or flexibility.
6 replies →
Matrix doesn't have the same threat model as Signal, and isn't a 1:1 replacement for it. Matrix is great (maybe optimal) for things that would otherwise be Slack channels.
14 replies →
Don't you still have to give Signal your phone number to sign up?
The examples are iOS? My Android version looks like a totally different app?
> New default: Your phone number will no longer be visible to everyone in Signal
I just laughed reading this. I never used Signal, for obvious reasons, so I wouldn't know, but was it really the default? And people were using it as supposedly private messenger? That's unbelievable.
What's the point of Signak if they're still leaking metadata?
But why do I even need a phone number to use a chatting app?
This does not matter _at all_ until phone numbers aren't required.
Of course it matters. One extremely frequent complaint about Signal is that you have to give out your actual phone number to use it, and anyone with your number can determine if you use it. This cuts off both of those.
Nice. Still not going to be giving them my telephone number tho.
Signal is such a tragic story. They had it all during the great uprising against Whatsapp. Even my non-technical friends started switching to Signal. They were exploding, more than Telegram ever was. And then they added some crypto bs right at the height of their hype. Bummer, no second chances from me, and removed from all those friends phones as a direct effect. They blew it
Also, they removed SMS support way too soon. That it was also a good SMS app was one of their main appeal.
I used Signal as my primary SMS app until that capability was stripped. It meant that so many of my conversations were Signal-by-default. But now, by attrition, most my conversations are back in SMS. I also find that simple things like programming the date and time of delivery - which Google Messages has - don't exist in Signal. (Or if they do, I have missed it because I'm no longer there unless I have to.
I have SMS, Whatsapp, Signal, and Threema installed, and it's a hot mess of disparate networks. I hate it.
1 reply →
We probably live in a different part of the world, but where I live no one who is not very techy knows about Signal, it was never close to Telegram or Whatsapp.
Germany. Lots of privacy-focused minds. It became a bit of a topic during that crucial time when Whatsapp had some kind of scandal going on. I don't even remember the details. It was a chance of a lifetime for them. Well, in the end these apps are really all the same. I don't mind any of them really
That _is_ a tragic story!
Thankfully, your experience is not universal. It's still the primary means of communication between me and the majority of my friends, technical and non-technical alike. I believe they've walked back (or, at least, not committed to) that crypto project - at least, I haven't heard anything about it in so long that I barely remembered what you were referring to.
I'm skeptical of crypto too, but this sounds like an over-reaction that is cutting off your own nose to spite your face.
I mean it's an incredibly over-saturated market. There are so many of these apps, they're all the same. There's little room for such errors IMO. But I'm willing to accept that it might have been an overreaction
Wow why did this take so long, this should have been step 0
This is fantastic.
I've been waiting for this for so long
Phone numbers are fast becoming a global, persistent, shared user identifier across applications, business, and government.
Think of how many systems innocently ask for phone numbers as a hard requirement for account creation (under the guise of DFA). Think of all the restaurants that innocently ask for it “so we can text you when your tables ready”, or when you buy a shirt at Banaba Republic, “can I get a phone number”. Like seriously, WTF?
In reality it’s now the defacto method to identify and reconcile your records across ecosystems.
Apple needs to create throw away phone numbers like they’ve successfully done with email addresses. I expect this to be their next iCloud+ offering.
Oh, please, stop already with this phone number nonsense. I want to use signal from my computer, without need for a mobile phone at all. (Also, to be able to easily synchronize history between different computers).
I love signal but am just a tad disappointed, I was planning to finally sign my brother up via his PC (he refuses a smartphone).
I tried element, somehow that keeps kicking him out, or I need to validate new sessions or something.
Does he have a normal phone number? I thought you should also be able to receive a confirmation code there from the desktop app.
No idea about signal, but I haven't encountered any recent verification that worked on anything but a non-VoIP mobile number. My landline is useless for this and it isn't even VoIP.
Ask for support on Matrix forums or rooms. Worked for me.
What a revolutionary concept
I wish the regular HNers who have a beef with Signal would make a webpage or something with their points, some eli5 and their sources. They fuck up every Signal threads and are vocal but even if they are right their mannerisms and holier-than-thou attitude and "don't you know that ?" mantras is really getting old.
It’s privacy purists. Every service that exists on the internet has to put their goals and desires above all else.
So? Let us know when we can finally register and use an account without giving you our mobile phone numbers.
Took WAY too long. And you still need a phone number to sign up. Wire (that uses the Signal Protocol and also has video chat never needed your phone number AFAIK)
Also, Signal loves to claim how secure it is, but they will never dare to tell you that participating in the Android and mainstream mobile systems nobody is secure. Especially not on Google Play. If the government wants to spy on you, they WILL! It does not matter if they can't decrypt your messages because they will be sucking the data right off your phone with invisible screenshots and AI transcribing the text or by other means like key logging. There are people who claim Pegasus does not even need you to click on some link anymore, all they need is your phone number. And Pegasus is for sure not the only thing out there.
Signal and others create the illusion of privacy, there is no privacy on any smartphone with any kind of mainstream OS. Probably not even on the "hardened" de-googled Android forks.
You have a different threat model than most of us. Get an iPhone and turn locked down mode on or don’t is a phone at all.
Private from whom? I still need to give my phone number to create an account. So.. no.
MSN?
The only killer feature I really want is the ability to use Signal without it being tied to a phone.
Spammers want this, too.
Small step in the right direction but I want to be able to SIGN UP with a username and no phone number. Wake me up when that happens.
Ok, which alternative would you prefer? A government issued crypto birth certificate proving you are an actual human?
Or sama's crypto eyeball scanning thing? (WorldCoin?)
I am very excited about this
It's a terrible choice to use something that Discord has abandoned - this numerical suffic is disgusting!
Maybe with something like instant messaging vs community platform it's justified? Unclear myself tbh
Being anonymous and having a username don't mix well. A random alphanumeric ID would have been a better choice.
WTF is this crap. I am using old-fashioned mobile phone with keyboard. How do I sign up for Signal???
The whole idea that anything on your phone is private is laughable. Private to who? To hackers? To the FSB? The NSA? Phones are all easily hackable for one. Real privacy cannot be achieved on the spy device in your pocket.
What this does is provide a casual level of privacy. It gets us parity with the phone number hiding in tools like telegram.
over 200 comments and not one mention of Threema, come on!
...can we keep our phone numbers private by NOT HAVING THEM REQUIRED AT ALL, please?
will this let you recover your account if you no longer have a smartphone? bc that's some bs
Great! Now can we have backups so we don´t lose our messages if our phone gets stolen or breaks?
Backups have existing for quite some time: settings -> chats -> backups
update: only on android. turns out there are quite a few caveats for backup. See https://support.signal.org/hc/en-us/articles/360007059752-Ba...
Please stop peddling this horrible experience as a form of a valid backup. A process that requires full manual interaction and requires you to know ahead of time when your phone will break or be stolen is not a useful backup process.
9 replies →
They're pretty bad. You can't specify where the backup goes, so if you are running low on storage space (eg if you have a lot of photos or videos to back up) and add an SD card, tough luck because you can't save there. The best you can do is manually export your media (also without any choice over where it goes) and then manually move it to the SD card to make space on your internal storage. They say this is for security but if an attacker is in a position to export your backup, they are already in your signal account.
Same story with the PIN signal requires if you haven't used it in a few hours. It's the same as your phone PIN and there isn't anywhere you can change it, so it's just security theater.
2 replies →
I see it, but it just looks like it uses internal storage. So far as I know, there's no Drive File Stream/Dropbox sync for Android, so you'd still lose your shit if you weren't manually backing them up somewhere.
I doubt that's a habit many people will develop for a setting they didn't even know existed.
2 replies →
My cousin comment [1] provides a bit more detail, but this is not available on iOS/iPadOS despite Apple allowing apps to save files to the filesystem and many other apps supporting this for years now.
[1] https://news.ycombinator.com/item?id=39445286
I don't see that option in Settings > Chats on my iPhone. What device are you using?
Nope. Latest version.
2 replies →
But there are backups available in signal app
There are no backups available on the iPhone/iPad app, only a device-to-device transfer while setting up a new device assuming your previous device and new device are both iPhones/iPads. This is despite support for apps storing files to the filesystem that was added some years ago now, and many other apps on those platforms supporting backups of custom file formats (or JSON, etc.).
https://support.signal.org/hc/en-us/articles/360007059752-Ba...
1 reply →
[dead]
[dead]
[dead]
[dead]
So this Moochie Spike guy used to tell us how great for the users it was that Signal required a phone number. It's best this way because of X Y Z.
What happened to those arguments now? Were they bullshit this whole time?
The way this is implemented, has this changed his arguments?
Oh yeah, privacy oriented messaging app requires phone number for sign up. Telegram has this feature for years already? It seems to me that they are positioning themselves as privacy saviours just because they are non-profit organization and their app is open source.
It is privacy with respect to government surveillance and the like. Not the kind where you mistrust your contacts.
Not really the case with signal anymore. if you want privacy you should look elsewhere.
3 replies →
Maybe in the US you don‘t need to mandatory register a phone number with a valid id, in most of the world you have to. If anyone can require the phone company to reveal your identity, it‘s the government.
BTW I am probably getting downvotes from Signal's fanboys who refuse to do their research.
Went for IT job with Intel gov mob. Got asked to use signal for interviews. Can't trust signal anymore. Definitely backdoored.
The source code is open source. Please point to the lines of code where the backdoor exists.
Source code is open source doesn't mean squat for safety. Have you audited the code? Do you have the skills etc required to prove its not backdoored?
Because I know I don't have that skill set or time. I do have however some big fat red flags on using it because it was opted for by an entity whose entire existence is based around backdoors and spying.
Honestly i find it absurd that some folks say just because something is open source it's automatically safe. The vast majority of us whether the project is open source or not lack the skill or capacity to pick up on a well obfuscated hole. Hell even the best of us aren't that good.