Comment by aspect0545
Comment by aspect0545 16 hours ago
This is different though. PP is saying that you require a phone number to sign up, and phone numbers are being used to match your account to your user name.
Comment by aspect0545 16 hours ago
This is different though. PP is saying that you require a phone number to sign up, and phone numbers are being used to match your account to your user name.
Neither of these are the issue, the issue is the required association of a phone number with a Signal account. You cannot register a Signal account without a phone number.
It's something you'd want to avoid if your life, liberty or well-being are at risk if you're de-anonymized.
> the security problem
Think of it this way. There's a vault that's locked with secrets inside, but the door is transparent. This does not prevent privacy. But the vault provides security.
Signal is not a transparent door, but is opaque. You can't see inside the vault. But the phone number reveals that you have access to the vault. This is very different than a security problem. Anyone connecting the two can see that you have a vault (security)[0], but they cannot see inside (privacy) or even when you access it (privacy).
There is no security issue with phone numbers.
[0] or can see that at some point in time you had a vault or someone that previously had that number had a vault
Is there not a security problem if your phone number is seized? I don't need excuses about the likelihood of the threat model.
Agreed as far as governments tracking Signal sign-ups. For a long time though user names were not even supported between Signal users.
"As a new default, your phone number will no longer be visible to everyone in Signal."
https://support.signal.org/hc/en-us/articles/6712070553754-P...
"Signal does not send your phone number to anyone unless you have enabled that others can see it and then you send them a message or make a call to them."
https://support.signal.org/hc/en-us/articles/360007061452-Do...