Comment by ddtaylor
1 day ago
In past instances where Signal has complied with warrants, such as the 2021 and 2024 Santa Clara County cases, the records they provided included phone numbers to identify the specific accounts for which data was available. This was necessary to specify which requested accounts (identified by phone numbers in the warrants) had associated metadata, such as account creation timestamps and last connection dates.
Yep however that only exposes a value of "last time the user registered/verified their account via phone number activation" and "last day the app connected to the signal servers".
There isn't really anything you can do with that information. The first value is already accessible via other methods (since the phone companies carry those records and will comply with warrants). And for pretty much anyone with signal installed that second value is going to essentially always be the day the search occurred.
And like another user mentioned, the most recent of those warrants is from the day before they moved to username based identification so it is unclear whether the same amount of data is still extractable.
I would think being able to subpoena records for all active signal users would be a cause for concern.
Ironically enough Reddit seems to have a pretty good take on this: https://www.reddit.com/r/law/comments/1qogc2g/comment/o21aeh...
I was genuinely surprised when I went to Reddit and saw that as the most voted comment on the story.
I think that's a fair assessment on their part however it's worth noting that your phone number does not serve as your account ID. It can be used to look up an account but there are caveats to that.
The lookups go through a secure enclave, the system is architected to limit the number of lookups that can be done, and the system has some fairly extensive anti-exfiltration cryptographic fuckery running inside the secure enclave to further limit the extent to which accounts can be efficiently looked up.
And of course you can also remove your phone number from contact discovery (but not from the acct entirely) but I'm not sure how that interacts with lookup for subpoenas. If they use the same system that contact discovery uses, it may be an undocumented way to exclude your account from subpoena responses.
The rest of what they say however is pretty spot on. The priority for signal is privacy, not anonymity. They try to optimise anonymity when they can but they do give up a little anonymity in exchange for anti-spam and user-friendliness.
So of course the ending notes of "use a VPN, configure the settings to maximise anonymity, and maybe even get a secondary phone number to use with it" are all perfectly reasonable suggestions.
This was before Signal switched to a username system.
Others mention you must still register with a phone, although you can remove it from your account after you go through the username stuff? Usually HN is pretty good about identifying that the default path is the path and that opt-out like behavior of this means very little for mass usage.
It's not that you can remove it from your account entirely. Your account is still linked to that number. It's that you can remove the number from contact discovery.
And re: defaults the default behavior on signal is that your phone number is hidden from other users but it can be used to do contact discovery. Notably though you can turn contact discovery off (albeit few people do).