I remember a time when visiting a website that opens a javacript dialog box asking for your name so the message “hi <name entered>” could be displayed was baulked at.
Why does signal want a phone number to register? Is there a better alternative?
Because they’re building a private, not anonymous, instant messenger. They’ve been very open about this.
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Nothing “derailing” us. Not everyone has the same threat model. The messages are private and that’s what’s most important. Signal can only provide phone number and last connection time to the feds. If that’s too much information for you, then you’re not the target group and have a different threat model.
The messages are private and that’s what’s most important.
No, that isn’t true. WhatsApp has the same lies. Law enforcement connect communication between users at key times and use it as credible evidence. Why would drug exporter 1 be communicating with drug buyer 1 at the exact time the delivery arrives in the country? Law enforcement doesn’t need to know what was written.
What are you talking about? Are you saying sealed sender is a lie? If so, I want some proof.
Signal fills an incredibly important spot in a spectrum of privacy and usability where it’s extremely usable without sacrificing very much privacy. Sure, to the most concerned privacy enthusits it’s not the best, but it’s a hell of a lot easier to convince friends and family to use Signal than something like Matrix.
I think it’s important to remember de difference between being private and being anonymous. Signal IS private. It’s not anonymous. The same is true for many other apps/services.
Personally I like to be private. I don’t really need to be anonymous.
-
Yes, and in that time you would visit a website with your own IP address likely, likely over HTTP without SSL/TLS, likely with your vulnerable browser fingerprint. Point?
-
Privacy, not anonymity. Two completely different things.
-
Because the way Signal is built hosting it requires a lot of resources (storage especially), so they want spam prevention and fewer accounts per person.
-
I haven’t seen a non-TLS website in years.
-
Your asserting “two completely different things” doesn’t make it true. Privacy and anonymity are not synonyms but they are overlapping areas. Also ISTM you are redefining terms to suit your purposes. Anonymity to me means the message recipient can’t tell who you are. If a THIRD PARTY (the server operator) can ALSO tell who you are, that’s a privacy failure, not just an anonymity one.
-
Why does it take so much storage per user? Does it have video uploads or anything like that? A user account should basically just be a row in a database.
From https://en.wikipedia.org/wiki/Signal_(software) :
In August 2022, Signal notified 1900 users that their data had been affected by the Twilio breach including user phone numbers and SMS verification codes.[105] At least one journalist had his account re-registered to a device he did not control as a result of the attack.[106] …
This mandatory connection to a telephone number (a feature Signal shares with WhatsApp, KakaoTalk, and others) has been criticized as a “major issue” for privacy-conscious users who are not comfortable with giving out their private number.[142] A workaround is to use a secondary phone number.[142] The ability to choose a public, changeable username instead of sharing one’s phone number was a widely-requested feature.[142][144][145] This feature was added to the beta version of Signal in February 2024.[146]
Using phone numbers as identifiers may also create security risks that arise from the possibility of an attacker taking over a phone number.[142] A similar vulnerability was used to attack at least one user in August 2022, though the attack was performed via the provider of Signal’s SMS services, not any user’s provider.[105] The threat of this attack can be mitigated by enabling Signal’s Registration Lock feature, a form of two-factor authentication that requires the user to enter a PIN to register the phone number on a new device.[147]
- When people would complain about JS on webpages, they were not.
- Completely different things overlap all the time.
- Because your status updates and messages are encrypted and stored (until retrieved, of course) once for every recipient, and that includes your other devices and their other devices.
Because your status updates and messages are encrypted and stored (until retrieved, of course) once for every recipient, and that includes your other devices and their other devices.
I’d like to see a numerical estimate of how much data this is. But, it sounds to me like more reason to want to self-host.
I don’t see any point to rehashing the other stuff. Non-TLS websites mostly went away once DNS spoofing at wifi hotspots became widespread.
But, it sounds to me like more reason to want to self-host.
So do that. You can do that with Signal.
I don’t see any point to rehashing the other stuff. Non-TLS websites mostly went away once DNS spoofing at wifi hotspots became widespread.
Maybe I wasn’t clear, someone said that back in the day registration on a website was a new and bad thing, connecting it with privacy and comparing to Signal asking for phone number. I answered with the idea that not much commonly thought from that time about privacy has aged well. You wouldn’t register on websites, but you would communicate with them over plaintext. I hope that makes it clearer.
So do that. You can do that with Signal.
Do you know of anyone doing it? Other people have said there are difficulties.
You wouldn’t register on websites, but you would communicate with them over plaintext. I hope that makes it clearer.
It is ok, in that era (dialup or wired internet) unencrypted http was basically as secure as unencrypted landlne phone calls. People still have unencrypted phone calls all the time. Typicalally sites would show public content (like product pages on an e-commerce site) by http, then switch to https for checkout to protect stuff like credit card numbers. Encrypting everything became important when wifi became widespread. Wifi hotspots would hijack DNS and spoof entire web sites to steal credentials. Also, LetsEncrypt made it possible to bypass the CA scam industry, making https-everywhere more popular. Public awareness also increased due to Snowden’s disclosures.
The RSA encryption patent also expired in 2000. Before that, US website operators were potentially exposed to hassle if they didn’t use a commercial server with an RSA license ($$$). But, it didn’t apply outside the US and FOSS SSL servers existed for those wanting them.
-
Our phone numbers are not private from them.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
- yawn, vpns are a thing and strawman argument. point?
- my number is private. point?
- bs. spam is easy to detect across a large number of accounts using simpleheuristics. point?
- they were talking of something like year 2003, when they were commonly not.
- no, PSTN is not private.
- for something end-to-end encrypted, including message metadata (not connection metadata), this statement seems amazingly stupid ; “simple heuristics” are usually used on something like plaintext e-mail.
- no they weren’t. no moving of goalposts
- what’s my number then?
- amazingly not stupid. dunning kruger and all that.
- People were complaining about JS existing when SSL and TLS were not omniscious. If we disagree on that fact, move on.
- A sequence of digits.
- OK, what are your “simple heuristics” for a bunch of pieces of ciphertext with unknown sender (except for IP addresses) in your storage to pick spammers from that?
-
If you want to be mainstream a) you can’t have spammers, scammers, and all the other scum of the earth and b) finding your contacts in the app HAVE TO be plug and play. Literally no normie will bother adding with usernames or whatever.
finding your contacts
Wrong, it is not optional, does not stop spam and the worst way to try.
Do not let this derail us. Escaping to libre software is the best return on investment.
Do not let this derail us.
Nothing is derailing you personally. Why are you repeating this to others?
To avoid any misunderstanding discouraging others from using Signal over apps like WhatsApp, while commenting on areas where it could improve. Privacy has never been single player.
Signal is not perfect but we control its app, libre software. See SimpleX Chat.
Escaping WhatsApp and Discord, anti-libre software, is more important.
Ignore the comment saying signal is “end to end encrypted” “private” etc They are simply stuck in a delusional state where they try to convince themselves that signal is the best option so they can continue using it. Nothing is private if it isn’t fully libre because you never know what the proprietary code is doing. The signal protocol itself has its source code released, and the encryption and security code is publicly available, but the signal Foundation has stated that it uses both free code and proprietary code. Their reason is UI, but it’s hard to make sure whatever proprietary code is being used for because you simply can’t see it. As GNU puts it: “You’re walking in a pitch black cave”. Jami is fully libre and is a GNU project. You don’t even need any phone number!
Jami, as much as I prefer it on various philosophical grounds, simply doesn’t work very well at the moment. :(
And we should report problems and fix them ourselves to make it better
Based
Yeah I’m on their Discourse forum, but the situation isn’t that great, and it’s unclear to me if the problems are fixable. Particularly when there are incompatibilities between version X and version Y, where both versions are already in the wild. You can’t travel backwards in time to fix those versions, and this (like email clients or telephones) is an application area where you can’t tell people to update their clients all the time. You have to keep things interoperable.
It’s also often inconvenient to reproduce bugs like that in order to diagnose them. If you try to talk to someone over Jami and it doesn’t work, you generally can’t borrow their phone to analyze the issue. If you’re one of the core developers, maybe you have access to a room full of different kinds of phones and OS versions to test with, but a typical user/contributor won’t have anything like that.
Yeah, this is just the reality of unpaid free software developers, they don’t have the recourses to work on every single bug as quick as a paid developer, but that doesn’t justify not reporting bugs and working with the developers to fix them. Like you said, Jami is grest ethically so why not make it great function? Also, don’t you have a computer and a phone? Test on those. I don’t own a phone, so I can’t test the phone, but I do gladly test on my laptop.
Those are nice generalities but I think they ignore reality. Jami seems like sort of a side project to its developers. Bug reports often are answered with a suggestion to make sure everyone is running the latest version of Jami, which is often useless advice. Like if you try to call your friend with your new phone and the call doesn’t complete, it’s unhelpful for your phone manufacturer to say your friend should get a new phone. You might be interested in helping fix the problem but your friend just wanted to have a phone conversation and doesn’t want to get dragged into a debugging project. It’s even worse if the other person is not your friend but rather is someone you just met and exchanged numbers with. If you try to follow up with a phone call and there is a problem, GAME OVER. You permanently lose contact with that person. You can’t possibly suggest Jami as a Skype replacement after that happens to you once or twice.
Another thing with comms programs in general is you really can’t debug them with just one computer. Their whole function is to let two computers talk to each other, so you need two computers where you control both ends and ideally control the network as well, so you can insert delays, network faults, etc. If the Android version has trouble talking to the Iphone version, you need both kinds of phones. I’m not sure if Jami’s devs really understand that. I’ve worked on telecom stuff in the past and it’s just the reality of that field.
Yet another (I’m not sure of this) is that Jami is a peer to peer program so I suspect some of the problems revolve around firewall traversal gotchas of various types. I don’t know if there is a cure for this while keeping the basic architectecture intact. I do like it in principle and I know that people get BitTorrent working reliably without too much trouble, so maybe Jami is just missing some trick.
Finally, Jami is pretty old and back in those days, people hadn’t really thought about the subtleties of encrypted group chats. Signal does a better job, and these days there is a standard (RFC 9420) for how to do it (I don’t know if Signal follows this standard). It would be good if Jami were revamped for that, but 1) that would break interoperability again, and 2) I don’t know if it’s workable at all with Jami’s architecture (serverless, using a distributed hash table for peer discovery).
For now I’ve sort of given up on Jami and am trying to figure out what to use instead. It’s unfortunate that the main devs don’t seem to have that much interest in making Jami reliable. Randos like me capable of making small contributions can’t really help much with more involvement from the experts.
You make amazing points, and I completely agree with you. I will continue to use Jami since it’s good enough for me to talk with my friends. I mean now the only replacement which is not a replacement just another thing I use to chat is GNU Emacs. I hope the development speed and motivation increases and please do inform me if you found an alternative
You should have visited Signal’s github page first, I dunno. Before talking. Made up a lot of stuff.
They do have proprietary code for that crypto wallet they have there, well hidden, and for, eh, phone number registration, but other than that module it’s all released, I think.
The server and the client applications are FOSS. You can host it for yourself, patching out the domain names and registration parts the way you like it more.
That’s not the full picture. That’s exactly the problem I was highlighting. The issue isn’t whether some of the code is “FOSS”, it’s about whether all of it is. If even small parts remain proprietary (as you mentioned), then we can’t verify what those parts are doing. And those parts could theoretically significantly affect the data collection. Also, I didn’t make up a lot of stuff. The Signal Foundation themselves have confirmed that certain UI and build components are not fully libre. As the GNU project puts it, if part of your system is closed, then you’re trusting a black box, no matter how well-lit the rest of it is.
Signal protocol guarantees that what’s on the server we can discard in your suspicions, it doesn’t matter, because you are not trusting it.
The client is fully open.
If it’s not fully free, I don’t trust it. I don’t understand how someone in a privacy community doesn’t understand how much a few lines of code can track someone so easily no matter how much of the program is free software.
Server code openness doesn’t matter other than functioning at all. For a system acceptable in a privacy community.
I didn’t actually know the server code was published. It’d be cool if the client allowed multiple servers so you could talk to people on the “normal” master while also thing a private instance
This is why escaping WhatsApp and Discord, anti-libre software, is most important part.
I think choosing a server, like in some ICQ clients, is not a complex modification.
Maybe I am being too simplistic here. But I have never received a spam message to my XMPP account and I don’t know how a spammer would find it.
In a phone-based system a spammer can spam a list of numbers, or use contact lists that are easily shared via phone permissions. There are several low-effort discovery processes.
For e-mail, you get spam when you you input your personal e-mail into forms, websites, or post it publicly.
But for something like XMPP… It seems rather difficult to discover accounts effectively to spam them. And, if it is an actual problem, why not implement some kind of ‘identity swap’ that automatically transmits a new identity to approved contacts? A chat username does not need to be as static as an e-mail or a phone number for most people.
I just don’t see ‘spam’ as such a difficult challenge in this context, and not enough in my view to balance out requesting a phone number. Perhaps a spammer can chip-in?
They implemented an alt method IIRC but you must go out of your way to search and find it. I just recall seeing a bunch of post headlines about using email or something like that a year or so back.
They send an initial SMS message that is a main expense and funded by some rich person and donations. I think that has some significance to encryption or something but I’m not sure of the details. I could be wrong on that one, it has been years since I read the details.
Tried session? Anyone have comments on it? Nice to be able to skip the phone and easily use vpn, though I haven’t spent enough time on that.
I think the people behind Session cares for their mission, and it might align with OP’s, so maybe. Although I personally am not too fond of about all their choices.
The omission of Forward Secrecy for instance doesn’t sit well with me. Each to their own though, and they do go into their reasoning on their blog: https://getsession.org/session-protocol-explained
Likewise their last audit from 2021, lists quite a handful of critical/moderate issues in their apps, hopefully they’ve fixet it. Afterall it’s been a while since 2021. https://getsession.org/faq#security-audit
Is there a quick explanation of what signal actually does? I don’t understand the need for a phone number either. Jami doesn’t ask for a phone number. It has other deficiencies that make me not want to use it, but those are technical rather than policy, more or less. Similarly, irc (I’m luddite enough to still be using it) doesn’t ask for a phone number either. So this is all suspicious. There are a bunch of other things like this too (Element, Matrix, etc.) that I haven’t looked into and tbh I don’t understand why they exist.
It’s not suspicious. It’s been talked about for years. People know exactly what the phone number is used for. Easy discoverability, quick and seamless onboarding of new users by providing a way to bootstrap their social graph, and it being very similar to the process of the other biggest player that people just understand. And spam prevention. The phones are not leaked or used for anything else. The other alternatives exist and you are welcome to onboard the people you want onto them if you think it’s simpler.
The code is open, if you don’t trust other people and can’t read the code to understand then hire someone you trust to validate the claims and assure you. But spreading FUD and saying it’s suspicious is not productive to anyone.
-
I don’t understand what you mean about discoverability: is my presence on the network advertised to strangers and spammers? That doesn’t sound good. What does the onboarding process look like?
-
You still haven’t said what Signal’s advantages are supposed to be over alternatives, though I can guess some (e.g. better/more crypto than irc has). Jami seems conceptually ok, but buggy in implementation. Nextcloud Talk works but is kind of clunky. Matrix is popular though I’ve never used it: is it the main alternative to Signal these days? I thought it was what all the hipsters had migrated to while luddites like me were still on irc. Jitsi Meet looks nice though again I haven’t explored it much. I’ve been puzzled for a long time that there is so much work in this area yet everything has deficiencies. Are there difficult problems to solve?
-
If Signal’s code is open then of course I’d want to self-host the server. Can I do that? Does that get in the way of the onboarding process you mention? Where does the phone number come in, in that case? If I to use Signal’s server, that doesn’t sound so open, and normally there’s no way for me to verify that it’s running the same code that they claim.
I don’t see where I’m spreading FUD. Ignoring a question and calling it FUD doesn’t invalidate the question.
-
Session is an alternative that does not require, or request, your phone number (or any other identifying information). Honestly, I have no idea why Signal got popular and Sessions did not. As soon as Signal asked for my phone number that set off alarm bells for me and I’ve never really trusted it since.
I think you can use a pay phone to sign up.
Is it possible to use a voip based SMS for registration?
Those are a little easier to get anonymously then physical sim cards.
Too many steps.
Despite this, escaping WhatsApp and Discord, anti-libre software, is more important.
Privacy: they know who you are but they don’t know what are you doing/when are you doing. Anonymity: they don’t know who you are.
