Comment by viktorcode
4 months ago
So far the biggest weakness of Signal is identification via a phone number. It's not only hackers who can spoof the numbers, but an authoritarian governments too may take ownership of a number at any moment.
Addressing future threats is good, but priorities should be different.
In case anyone is not aware:
https://news.ycombinator.com/item?id=39444500 Keep your phone number private with Signal usernames (2024-02-20, 1422 points, 890 comments)
This is different though. PP is saying that you require a phone number to sign up, and phone numbers are being used to match your account to your user name.
"As a new default, your phone number will no longer be visible to everyone in Signal."
https://support.signal.org/hc/en-us/articles/6712070553754-P...
"Signal does not send your phone number to anyone unless you have enabled that others can see it and then you send them a message or make a call to them."
https://support.signal.org/hc/en-us/articles/360007061452-Do...
24 replies →
Agreed as far as governments tracking Signal sign-ups. For a long time though user names were not even supported between Signal users.
Many other secure IM software managed to work without phone numbers and they are also metadata resistant. Signal should start doing things that way.
In many countries your SIM card is tied to you, which is a huge deal-breaker.
Yup, in Poland, a mobile phone number (pre-paid or not, it doesn't matter) is tied to a PESEL number [1] at the time of purchase. The official justification, as usual, was combating crime, but the end result is a tighter grip on citizens' privacy by the government while spammers and others continue their business as usual.
[1] https://en.wikipedia.org/wiki/PESEL
Same or similar in Germany. Almost impossible to get a SIM card without showing up somewhere with your id. Or I don't know how to.
1 reply →
Its a difficult problem because you, ideally, want to curb spam. Requiring phone numbers is a somewhat easy and somewhat reliable way to do that.
If no one knows your user ID besides you and the people you share it with, why would spam be a big issue? If it's a random string, I don't know how anyone could get it, unless you share it publicly or with someone untrustworthy who shares it publicly. And even if it's a username users choose, as long as there's no directory it still shouldn't be a big problem.
That is - even if someone makes 1000 bot Signal accounts, what can they really do with that if they don't have a good way of enumerating other Signal users?
Replace "user ID" with "email address". Pretty much the same thing. But spam is a huge problem with email.
1 reply →
You can always brute force.
Btw, if you don't accept message requests from spammers they have no indication of if you have an account or not. Try sending a message to a friend who you haven't added on signal. You can just see you sent the message but not if it was received or rejected or anything. Not until they click accept
14 replies →
Bots join group chats to scrape user lists to spam. It's also desirable for users to be able to find their contacts already on Signal with phone numbers.
In signal you can change your username any time.
Sort of. There are now immense warehouses filled with racks of used cell phones to generate spam. Limiting by phone number helps, but it's FAR from being an adequate cure.
Yeah, if the telegram and whatsapp spam I get is any reading, limiting by phone number is not sufficient.
1 reply →
You don't need phonenumbers to deal with spam, just set the "allow messages only from contacts/friends" and a way to add new contacts when needed (via username, email, or even a phone number). It used to work without issues with protocols like MSN messenger, aim, icq etc.
Nowadays this is a premium feature and you have to pay for it
This, exactly this.
I don't want everyone who knows my number to be just able to reach me.
Whitelist instead of Blacklist!
Whitelisting solves spam. Phone numbers should be obsolete by now.
You can set a password in Signal, preventing movement of your account in case of SIM hijacking. Feature is called "Registration lock".
Identification of what? That you have a signal account?[0] I'll admit that that's not ideal but I'm unconvinced this is a big issue.
Suppose they did hijack the account. This would not give them the message history. You know that, right? It also kicks out the original owner, warning them they've been pwned.
Don't get me wrong, Signal has issues and we should be critical and hold them to high standards. BUT *they are only E2EE and low metadata Messenger that my grandma can use.* That's a big fucking deal. If we want secure communication to be common place we need to make sure it's usable. Sure, there's more secure and more private services, but none that my grandma could use.
I very much think signal should shift focus to privacy as they've got the security side pretty well handled (as this blog illustrates). But also these comments at the top of any signal thread feel a bit out of touch. Maybe I'm reading too much into it but there's a lot of people who confidently act like this compromises security or places harm on a user. The existence of a registered signal account means very little, especially as you note numbers can be spoofed. You need more than a number to hijack an account and hijacking only reveals messages moving forward while telling the compromised user they're compromised.
So can we focus on bigger issues? Can we critique while still recommending? I have no problem saying I have issues with signal and wish they did more while acknowledging that it is strongly my preferred means of contact and I try to convince others to talk to me that way. These things are not at odds. I've gone so far as donating to them several times because I use the service so much
[0] https://signal.org/bigbrother/
Having run some family through the Signal onboarding process lately I'm actually kind of disappointed though: the CAPTCHA requirements are a big turn off, and it was relatively difficult to get them to see "look I'm on Signal!" In their existing contacts.
To wit: phone numbers have to stay. That's how I even get people to use it with me, and that's enormously valuable.
But also: there really needs to be a way I can use my own account to vouch for a new user and skip that CAPTCHA (maybe there is? What happens if I do an in app invite?)
Yeah the onboarding process isn't the best but... is CAPTCHA requirements really that big of a deal? Where on the internet can you go where you don't face these? Maybe my grandma can't handle that, but my already retired parents can (and that's a pretty low bar if you know them). For my grandma, yeah, I'll set it up. For my parents and anyone under 70 I think CAPATCHA is not too high of a bar.
I think your threshold is too high. How high off the floor is a CAPATCHA? Because it looks like a bar rolling on the ground to me. You can trip over it but it is almost trivial to get over.
1 reply →
Except Captcha is to make it harder for spammers, if they just have to do Captcha once and then invite more accounts it kinda defeats the purpose.
Imagine being someone who would downvote this without a comment.
Is it:
"I disagree but am not literate enough to state why"
Or is it:
"This person is right, but I don't want people to know it (insert motive here), so I will try to make their comment invisible"
Either way they're cowards, and you are correct. Signal is the best intersection of genuine security and ease-of-use I've seen.
My points are positive now but the variance has been huge. I'm surprised how often a comment like mine swings or gets entirely downvoted without a reply. I do not know if it is zealots, bots, or people just feel like the issue is "so obvious" that it needs no addressing. But I'm not sure how that's different than the first item.
It is also crazy to see how on HN of all places there's still a lot of confusion between the difference of privacy and security. People are saying phone numbers are a security issue. That's flat out wrong. It is a privacy issue.
They can take ownership of the number but not the keys on the device, which would show up as safety codes changing.
This problem is honestly minor compared to teaching users to have opsec practices suitable against such a threat.
Most people take no notice of this stuff IMO. I see it regularly in WhatsApp groups when someone gets a new phone (presumably, or they are being impersonated!).
Right but thats my point: if you adversary is a nation-state, assuming any technical measure can casually protect users against targeted action is foolhardy.
Check molly, FOSS Implementation of signal protocol
https://molly.im/
That's a fork of signal.
Also annoying: You cannot use the same Signal account from 2 different phones (with different SIM).
It's pathetic, isn't it?