Comment by OneDeuxTriSeiGo
1 day ago
They weren't though? Signal requires a phone number to sign up and it is linked to your account but your phone number is not used in the under the hood account or device identification, it is not shared by default, your number can be entirely removed from contact disovery if you wish, and even if they got a warrant or were tapping signal infra directly, it'd be extremely non trivial to extract user phone numbers.
https://signal.org/blog/phone-number-privacy-usernames/
https://signal.org/blog/sealed-sender/
https://signal.org/blog/private-contact-discovery/
In past instances where Signal has complied with warrants, such as the 2021 and 2024 Santa Clara County cases, the records they provided included phone numbers to identify the specific accounts for which data was available. This was necessary to specify which requested accounts (identified by phone numbers in the warrants) had associated metadata, such as account creation timestamps and last connection dates.
Yep however that only exposes a value of "last time the user registered/verified their account via phone number activation" and "last day the app connected to the signal servers".
There isn't really anything you can do with that information. The first value is already accessible via other methods (since the phone companies carry those records and will comply with warrants). And for pretty much anyone with signal installed that second value is going to essentially always be the day the search occurred.
And like another user mentioned, the most recent of those warrants is from the day before they moved to username based identification so it is unclear whether the same amount of data is still extractable.
I would think being able to subpoena records for all active signal users would be a cause for concern.
Ironically enough Reddit seems to have a pretty good take on this: https://www.reddit.com/r/law/comments/1qogc2g/comment/o21aeh...
I was genuinely surprised when I went to Reddit and saw that as the most voted comment on the story.
1 reply →
This was before Signal switched to a username system.
Others mention you must still register with a phone, although you can remove it from your account after you go through the username stuff? Usually HN is pretty good about identifying that the default path is the path and that opt-out like behavior of this means very little for mass usage.
1 reply →
Which of those links actually say that your phone number is private from Signal? If anything, this passage makes it sound like it's the reverse, because they specifically call out usernames not being stored in plaintext, but not phone numbers.
>We have also worked to ensure that keeping your phone number private from the people you speak with doesn’t necessitate giving more personal information to Signal. Your username is not stored in plaintext, meaning that Signal cannot easily see or produce the usernames of given accounts.
> it'd be extremely non trivial
Extremely non trivial. What I'm hearing is "security by obfuscation".