Comment by godelski

Comment by godelski 20 hours ago

15 replies

View on Hacker News

  > the security problem
You're confusing privacy with security. Phone numbers are a privacy problem and NOT a security problem.

Think of it this way. There's a vault that's locked with secrets inside, but the door is transparent. This does not prevent privacy. But the vault provides security.

Signal is not a transparent door, but is opaque. You can't see inside the vault. But the phone number reveals that you have access to the vault. This is very different than a security problem. Anyone connecting the two can see that you have a vault (security)[0], but they cannot see inside (privacy) or even when you access it (privacy).

There is no security issue with phone numbers.

[0] or can see that at some point in time you had a vault or someone that previously had that number had a vault

willis936 20 hours ago

Is there not a security problem if your phone number is seized? I don't need excuses about the likelihood of the threat model.

Reply View 12 replies
  • godelski 20 hours ago

    If your number is seized then the new account holder has no chat history. i.e. the vault is cleared out. In that situation you will also be kicked out, clearly telling you that your account has been hijacked.

    You can also lock registration of your device.

    What is your security concern here?

    Reply View 10 replies
    • AnonC 17 hours ago

      > You can also lock registration of your device

      Registration lock expires in seven days or less. [1]

      [1]: https://support.signal.org/hc/en-us/articles/360007059792-Si...

      Reply View 4 replies
      • godelski 15 hours ago

        Please actually read

          > Registration Lock expires after 7 days *of inactivity*
        I don't know why you dropped "of inactivity" and changed it to "or less".

        If you use signal once a week you're fine. Maybe it should be longer but that's a different argument and there's no reason to be disingenuous about it

        Reply View 3 replies
    • beeflet 19 hours ago

      Impersonation, MITM attack

      Reply View 4 replies
      • mandevil 19 hours ago

        If you have done the out-of-band safety number verification, then impersonation attempts will give you a warning that their safety number has changed. I know this because I got that error when my wife replaced her cell phone.

        I believe (though I haven't verified it myself) that even if you haven't verified the numbers using an out-of-band exchange mechanism, you will get a warning if the safety number as observed by their server changes. I believe they would need to know your Signal PIN to restore from backup, which means that even if you've set that it will give an alert, presuming basic security competence from the people you are conversing with.

        Reply View 2 replies
      • godelski 18 hours ago

          > Impersonation
        Yes, but with a canary. Would you rather not have a canary? The other person also receives a warning that the verification number has changed. It's not like the existence of a phone number is what creates the ability to hijack an account. And again, you can do registration locking so that solves that problem.

        You can also do verification of your contacts. Best done in person where you can check the keys.

          > MITM attack
        I don't think that means what you think it means. Who is in the middle? This is E2EE
        Reply View 0 replies
  • bratwurst3000 9 hours ago

    for this reason there is the signal pin. they need pin and phonenumber to hijack the account. afaik

    Reply View 0 replies
zarzavat 8 hours ago

A lack of privacy is a security problem for messaging. A lack of privacy predisposes some people to rubber hose cryptanalysis by the authorities.

Reply View 1 reply
  • godelski 2 hours ago

    The privacy loss is "phone number has registered a signal account"

    It does not

      - conclude the user has or even has a signal account
  - who that person is talking to 
  - what that person is talking about
  - when those texts or messages are sent or received
    What can you infer here that becomes a security risk? I guess if signal is outlawed before you have installed or your number was ever associated with an account? But it still have plausible deniability there
    Reply View 0 replies