Comment by upofadown
5 days ago
This make me curious about exactly what "signal.me" links were all about. The details appear to be available here:
* https://signal.miraheze.org/wiki/Signal.me_URLs
* https://signal.miraheze.org/wiki/Usernames#Username_links
Signal.me links are just a way to easily send either a phone number or user name to someone else. No cryptographic identity. No protection of the phone number or user name. So to get around the ban a Signal user could simply send their phone number or user name over Twitter/X.
It seems that the encrypted username form does provide some identity protection in that it can be cancelled, but for as long as it is active it appears that someone can just ask the Signal server what the associated user name is.
The people involved probably should not be using Twitter/X for this sort of thing in the first place. Mastodon comes to mind as an alternative, but really, anything else.
signal.me links are used to join (and advertise) Signal groups
No. Signal groups are advertised with signal.group URLs.
Which, it is worth noting, are not blocked. I checked.
OK, I couldn't find any specific documentation just floating around about group links. It appears that the base64 value is specific to the group and is only exposed through the link. I didn't see any way to munge the "signal.me" domain and fix it again. So for groups Twitter/X seems to have won.
> The people involved probably should not be using Twitter/X for this sort of thing in the first place.
Usernames don't necessarily link someone with their real identity, and phone numbers can be hidden.
This isn't the weirdest apology I've ever heard for the behavior of Elon Musk and X's censorship policies, but it's definitely in the top 5.
Phone numbers and usernames are sent in the clear in signal.me links. So in this particular case, they can't be hidden. Perhaps it is not a good idea to post such links on a hostile system.
GP isn't wrong - if you post a username link then you have not revealed your phone number.