Comment by cpa
2 years ago
Unfortunately, spam exists and phone verification is one of the least-bad-way to ensure that the user is a real person (there are other options, but it really is one that has many advantages).
Given that Signal does not have access (by design) to much information about their users when they use the service, they can't really fight spam once accounts are created. You could do spam detection on the client and privacy-preserving voting in order to ban spammers, but the UX would be very poor and that opens a whole new can of worms.
This reasoning doesn't make sense to me. A spammer can make an account, but how would they contact me if they don't know my account handle?
Even if that leaks, the handle should be changeable, and the spam issue could be completely mitigated by having a tab for first time "message requests" separate from the normal inbox.
I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.
> I can't take a private messenger seriously when they require an identifier that's linked to your government-issued ID in many parts of the world.
Well that's a whole separate rabbit hole.
Governments shouldn't be requiring something as simple as a SIM card and phone number to be directly linked to a government ID. The right to privacy is a hell of a thing and the only reason a government would require this is to be able to spy on or track everyone.
There is absolutely no way you can connect to the Internet in Switzerland without a chain of custody of your identity. And in Germany you need to show your ID card or passport to obtain a phone number. Your phone number is required for SMS verification even for free in-store wifi in shopping centers and grocery stores. There is no exception to this except for some rare routers managed by people who accidentally left their router unsecured.
1 reply →
It’s true that governments shouldn’t require ID to be linked to phone numbers, but in much of the world (likely most of the world’s population), they do.
3 replies →
You're right but it's Signal's mission to provide private messaging in the face of government overreach.
Even if they have a good reason for the paywall, it's so bizarre that they don't ask for $2-$5 donation via their own cryptocurrency MobileCoin as an alternative to providing a phone number.
2 replies →
By bulk messaging every possible phone number... and you can't detect that because signal can't read the messages to look for spam.
That's a self-imposed problem. If they used a semi-random account handle (e.g. chosen nickname + 4 digits) there would be nothing to enumerate, and remaining spam could be filtered out with a "message requests" feature.
I've received hundreds of spam messages on Facebook, but I only found out about them years later when I clicked on "message request" tab by accident, it's extremely effective.
That problem would be mostly solved if they didn’t use the phone number = account model. If you have public usernames that are sufficiently complex, spammers would spend the vast majority of their time shouting into the void. Presumably, seeing an account spamming messages to recipients that don’t exist would be a strong indicator of an account that should be closed.