heavyset_go 12 hours ago

Neither of these are the issue, the issue is the required association of a phone number with a Signal account. You cannot register a Signal account without a phone number.

It's something you'd want to avoid if your life, liberty or well-being are at risk if you're de-anonymized.

beeflet 13 hours ago

This doesn't address the security problem

  • godelski 12 hours ago

      > the security problem
    
    You're confusing privacy with security. Phone numbers are a privacy problem and NOT a security problem.

    Think of it this way. There's a vault that's locked with secrets inside, but the door is transparent. This does not prevent privacy. But the vault provides security.

    Signal is not a transparent door, but is opaque. You can't see inside the vault. But the phone number reveals that you have access to the vault. This is very different than a security problem. Anyone connecting the two can see that you have a vault (security)[0], but they cannot see inside (privacy) or even when you access it (privacy).

    There is no security issue with phone numbers.

    [0] or can see that at some point in time you had a vault or someone that previously had that number had a vault

    • zarzavat 4 minutes ago

      A lack of privacy is a security problem for messaging. A lack of privacy predisposes some people to rubber hose cryptanalysis by the authorities.

    • willis936 12 hours ago

      Is there not a security problem if your phone number is seized? I don't need excuses about the likelihood of the threat model.

      • godelski 11 hours ago

        If your number is seized then the new account holder has no chat history. i.e. the vault is cleared out. In that situation you will also be kicked out, clearly telling you that your account has been hijacked.

        You can also lock registration of your device.

        What is your security concern here?

      • bratwurst3000 an hour ago

        for this reason there is the signal pin. they need pin and phonenumber to hijack the account. afaik