Comment by causalscience
1 day ago
I've been hearing for years people say "Signal requires phone number therefore I don't use it", and I've been hearing them mocked for years.
Turns out they were right.
1 day ago
I've been hearing for years people say "Signal requires phone number therefore I don't use it", and I've been hearing them mocked for years.
Turns out they were right.
They weren't though? Signal requires a phone number to sign up and it is linked to your account but your phone number is not used in the under the hood account or device identification, it is not shared by default, your number can be entirely removed from contact disovery if you wish, and even if they got a warrant or were tapping signal infra directly, it'd be extremely non trivial to extract user phone numbers.
https://signal.org/blog/phone-number-privacy-usernames/
https://signal.org/blog/sealed-sender/
https://signal.org/blog/private-contact-discovery/
https://signal.org/blog/building-faster-oram/
https://signal.org/blog/signal-private-group-system/
In past instances where Signal has complied with warrants, such as the 2021 and 2024 Santa Clara County cases, the records they provided included phone numbers to identify the specific accounts for which data was available. This was necessary to specify which requested accounts (identified by phone numbers in the warrants) had associated metadata, such as account creation timestamps and last connection dates.
Yep however that only exposes a value of "last time the user registered/verified their account via phone number activation" and "last day the app connected to the signal servers".
There isn't really anything you can do with that information. The first value is already accessible via other methods (since the phone companies carry those records and will comply with warrants). And for pretty much anyone with signal installed that second value is going to essentially always be the day the search occurred.
And like another user mentioned, the most recent of those warrants is from the day before they moved to username based identification so it is unclear whether the same amount of data is still extractable.
2 replies →
This was before Signal switched to a username system.
2 replies →
Which of those links actually say that your phone number is private from Signal? If anything, this passage makes it sound like it's the reverse, because they specifically call out usernames not being stored in plaintext, but not phone numbers.
>We have also worked to ensure that keeping your phone number private from the people you speak with doesn’t necessitate giving more personal information to Signal. Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts.
> it'd be extremely non trivial
Extremely non trivial. What I'm hearing is "security by obfuscation".
Absolutely nothing in this article is related to feds using conversation metadata to map participants, so, no they weren’t.
If you follow the X chatter on this, some folks got into the groups and tracked all the numbers, their contributions, and when they went "on shift" or "off".
I don't really think Signal tech has anything to do with this.
Yeah. It's notable they didn't crack the crypto. In the 90s when I was a young cypherpunk, I had this idea that when strong crypto was ubiquitous, certainly people would be smart enough to understand its role was only to force bad guys to attack the "higher levels" like attacking human expectations of privacy on a public channel. It was probably unrealistic to assume everyone would automatically understand subtle details of technology.
As a reminder... if you don't know all the people in your encrypted group chat, you could be talking to the man.
That’s really interesting extra context, thanks!
1 reply →
My Session and Briar chats don't give out the phone numbers of other users.
5 replies →
[flagged]
We don't do the "duct-tape an insult to the end to drive your point harder" gimmick here. It will lead to loss of your account.
3 replies →
Signal's use of phone numbers is the least of your issues if you've reached this level of inspection. Signal could be the most pristine perfect thing in the world, and the traffic from the rest of your phone is exactly as exposing as your phone number is when your enemy is the US government who can force cooperation from the infrastructure providers.
Your point is correct but irrelevant to this conversation.
The question here is NOT "if Signal didn't leak your phone number could you still get screwed?" Of course you could, no one is disputing that.
The question is "if you did everything else perfect, but use Signal could the phone number be used to screw you?" The answer is ALSO of course, but the reason why we're talking about it is that this point was made to the creator of Signal many many times over the years, and he dismissed it and his fanboys ridiculed it.
I talked to Moxie about this 20 years ago at DefCon and he shrugged his shoulders and said "well... it's better than the alternative." He has a point. Signal is probably better than Facebook Messenger or SMS. Maybe there's a market for something better.
Is there any reason they didn't use email? It seems like something that would have been easier to keep some anonymity., while still allowing the person to authenticate.
email is notoriously insecure and goes through servers that allow it to be archived. also, email UIs tend not to be optimized for instantaneous delivery of messages.
I have no idea if that was true 20 years ago, but it's not true now. XMPP doesn't have this problem; your host instance knows your IP but you can connect via Tor.
Tor has the problem that you frequently don't know who's running all the nodes in the network. For a while the FBI was running Tor exit nodes in an attempt to see who messages were being sent to. maybe they still are.
OTR has been on XMPP for so long now
11 replies →
[dead]
Briar and Session are the better encrypted messengers.
Session lacks forward secrecy, which isn't ideal.
I remember listening to his talks and had some respect for him. He could defeat any argument about any perceived security regarding any facet of tech. Not so much any more. He knows as well as I do anything on a phone can never be secure. I get why he did it. That little boat needed an upgrade and I would do it too. Of course this topic evokes some serious psychological responses in most people. Wait for it.
> He knows as well as I do anything on a phone can never be secure
I assume because of the baseband stuff to be FCC compliant? Last I checked that meant DMA channels, etc. to access the real phone processor. All easily activated over the air.
7 replies →
I could have sworn Signal adopted usernames sometime back, but in my eyes its a little too late.
Suppose they didn't require that. Wouldn't that open themselves up to DDoS? An angry nation or ransom-seeker could direct bots to create accounts and stuff them with noise.
I think the deal is you marry the strong crypto with a human mediated security process which provides high confidence the message sender maps to the human you think they are. And even if they are, they could be a narc. Nothing in strong crypto prevents narcs in whom ill-advised trust has been granted from copying messages they're getting over the encrypted channel and forwarding them to the man.
And even then, a trusted participant could not understand they're not supposed to give their private keys out or could be rubber-hosed into revealing their key pin. All sorts of ways to subvert "secure" messaging besides breaking the crypto.
I guess what I'm saying is "Strong cryptography is required, but not sufficient to ensure secure messaging."
Yes. Cheap–identity systems such as Session and SimpleX are trivially vulnerable to this, and your only defence is to not give out your address as they are unguessable. If you have someone's address, you can spam them, and they can't stop it except by deleting the app or resetting to a new address and losing all their contacts.
SimpleX does better than Session because the address used to add new contacts is different from the address used with any existing contact and is independently revocable. But if that address is out there, you can receive a full queue of spam contacts before you next open the SimpleX app.
Both Session and SimpleX are trivially vulnerable to storage DoS as well.
There are a lot of solutions to denial of service attacks than to collect personal information. Plus, you know, you can always delete an account later? If what Signal says is true, then this amounts to a few records in their database which isn't cause for concern IMO